[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Nov 2 13:48:58 UTC 2016
The branch master has been updated
via ca0b75ade0e89d1d3782ed6b1a4ae0fab72251ec (commit)
via 837e591d42ae499c89930a7277005c5034a12b04 (commit)
via aad22ba2c6172508f70263bcf53f6af6257c8b14 (commit)
from 2abacef13ab19b842a9217d6c464b4001980c0f6 (commit)
- Log -----------------------------------------------------------------
commit ca0b75ade0e89d1d3782ed6b1a4ae0fab72251ec
Author: Matt Caswell <matt at openssl.org>
Date: Tue Nov 1 18:28:19 2016 +0000
Fix some style issues in ossltest
Based on feedback received
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 837e591d42ae499c89930a7277005c5034a12b04
Author: Matt Caswell <matt at openssl.org>
Date: Fri Oct 28 15:57:12 2016 +0100
Enable TLSProxy to talk TLS1.3
Now that ossltest knows about a TLS1.3 cipher we can now do TLS1.3 in
TLSProxy
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit aad22ba2c6172508f70263bcf53f6af6257c8b14
Author: Matt Caswell <matt at openssl.org>
Date: Thu Oct 27 18:32:36 2016 +0100
Make sure ossltest engine works with TLS1.3
This might need more changes once we do a "real" TLS1.3 ciphersuite. But it
should do for now.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
engines/e_ossltest.c | 83 +++++++++++++++++++++++++++++++++++-
test/recipes/70-test_sslcbcpadding.t | 1 +
test/recipes/70-test_sslrecords.t | 9 ++++
util/TLSProxy/Proxy.pm | 8 ++--
util/TLSProxy/Record.pm | 27 +++++++-----
5 files changed, 111 insertions(+), 17 deletions(-)
diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c
index b4c83cb..afa5edf 100644
--- a/engines/e_ossltest.c
+++ b/engines/e_ossltest.c
@@ -226,7 +226,7 @@ static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **,
const int **, int);
static int ossltest_cipher_nids[] = {
- NID_aes_128_cbc, 0
+ NID_aes_128_cbc, NID_aes_128_gcm, 0
};
/* AES128 */
@@ -235,6 +235,12 @@ int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
+int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl);
+static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ void *ptr);
static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
static const EVP_CIPHER *ossltest_aes_128_cbc(void)
@@ -258,9 +264,40 @@ static const EVP_CIPHER *ossltest_aes_128_cbc(void)
}
return _hidden_aes_128_cbc;
}
+static EVP_CIPHER *_hidden_aes_128_gcm = NULL;
+
+#define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+ | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \
+ | EVP_CIPH_GCM_MODE)
+
+static const EVP_CIPHER *ossltest_aes_128_gcm(void)
+{
+ if (_hidden_aes_128_gcm == NULL
+ && ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm,
+ 1 /* block size */,
+ 16 /* key len */)) == NULL
+ || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12)
+ || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS)
+ || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm,
+ ossltest_aes128_gcm_init_key)
+ || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm,
+ ossltest_aes128_gcm_cipher)
+ || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm,
+ ossltest_aes128_gcm_ctrl)
+ || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm,
+ EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) {
+ EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
+ _hidden_aes_128_gcm = NULL;
+ }
+ return _hidden_aes_128_gcm;
+}
+
static void destroy_ciphers(void)
{
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
+ EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
_hidden_aes_128_cbc = NULL;
}
@@ -389,6 +426,9 @@ static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
case NID_aes_128_cbc:
*cipher = ossltest_aes_128_cbc();
break;
+ case NID_aes_128_gcm:
+ *cipher = ossltest_aes_128_gcm();
+ break;
default:
ok = 0;
*cipher = NULL;
@@ -566,3 +606,44 @@ int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return ret;
}
+
+int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc);
+}
+
+
+int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+{
+ const size_t datalen = inl - EVP_GCM_TLS_EXPLICIT_IV_LEN
+ - EVP_GCM_TLS_TAG_LEN;
+ unsigned char *tmpbuf = OPENSSL_malloc(datalen);
+
+ if (tmpbuf == NULL)
+ return -1;
+
+ /* Remember what we were asked to encrypt */
+ memcpy(tmpbuf, in + EVP_GCM_TLS_EXPLICIT_IV_LEN, datalen);
+
+ /* Go through the motions of encrypting it */
+ EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl);
+
+ /*
+ * Throw it all away and just use the plaintext as the output with empty
+ * IV and tag
+ */
+ memset(out, 0, inl);
+ memcpy(out + EVP_GCM_TLS_EXPLICIT_IV_LEN, tmpbuf, datalen);
+ OPENSSL_free(tmpbuf);
+
+ return 1;
+}
+
+static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ void *ptr)
+{
+ /* Pass the ctrl down */
+ return EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr);
+}
diff --git a/test/recipes/70-test_sslcbcpadding.t b/test/recipes/70-test_sslcbcpadding.t
index fdaa466..22825a0 100644
--- a/test/recipes/70-test_sslcbcpadding.t
+++ b/test/recipes/70-test_sslcbcpadding.t
@@ -40,6 +40,7 @@ my @test_offsets = (0, 128, 254, 255);
# Test that maximally-padded records are accepted.
my $bad_padding_offset = -1;
+$proxy->serverflags("-tls1_2");
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 1 + scalar(@test_offsets);
ok(TLSProxy::Message->success(), "Maximally-padded record test");
diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t
index d1c8d3a..fc9b59f 100644
--- a/test/recipes/70-test_sslrecords.t
+++ b/test/recipes/70-test_sslrecords.t
@@ -37,6 +37,7 @@ my $proxy = TLSProxy::Proxy->new(
#Test 1: Injecting out of context empty records should fail
my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
my $inject_recs_num = 1;
+$proxy->serverflags("-tls1_2");
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 9;
ok(TLSProxy::Message->fail(), "Out of context empty records test");
@@ -44,6 +45,7 @@ ok(TLSProxy::Message->fail(), "Out of context empty records test");
#Test 2: Injecting in context empty records should succeed
$proxy->clear();
$content_type = TLSProxy::Record::RT_HANDSHAKE;
+$proxy->serverflags("-tls1_2");
$proxy->start();
ok(TLSProxy::Message->success(), "In context empty records test");
@@ -51,6 +53,7 @@ ok(TLSProxy::Message->success(), "In context empty records test");
$proxy->clear();
#We allow 32 consecutive in context empty records
$inject_recs_num = 33;
+$proxy->serverflags("-tls1_2");
$proxy->start();
ok(TLSProxy::Message->fail(), "Too many in context empty records test");
@@ -59,6 +62,7 @@ ok(TLSProxy::Message->fail(), "Too many in context empty records test");
# alert, i.e. this will look like a disorderly close
$proxy->clear();
$proxy->filter(\&add_frag_alert_filter);
+$proxy->serverflags("-tls1_2");
$proxy->start();
ok(!TLSProxy::Message->end(), "Fragmented alert records test");
@@ -75,6 +79,7 @@ use constant {
my $sslv2testtype = TLSV1_2_IN_SSLV2;
$proxy->clear();
$proxy->filter(\&add_sslv2_filter);
+$proxy->serverflags("-tls1_2");
$proxy->start();
ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test");
@@ -83,6 +88,7 @@ ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test");
# protocol so we don't even send an alert in this case.
$sslv2testtype = SSLV2_IN_SSLV2;
$proxy->clear();
+$proxy->serverflags("-tls1_2");
$proxy->start();
ok(!TLSProxy::Message->end(), "SSLv2 in SSLv2 ClientHello test");
@@ -91,6 +97,7 @@ ok(!TLSProxy::Message->end(), "SSLv2 in SSLv2 ClientHello test");
# reasons
$sslv2testtype = FRAGMENTED_IN_TLSV1_2;
$proxy->clear();
+$proxy->serverflags("-tls1_2");
$proxy->start();
ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test");
@@ -98,6 +105,7 @@ ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test");
# record; and another TLS1.2 record. This isn't allowed so should fail
$sslv2testtype = FRAGMENTED_IN_SSLV2;
$proxy->clear();
+$proxy->serverflags("-tls1_2");
$proxy->start();
ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test");
@@ -105,6 +113,7 @@ ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test");
# fail because an SSLv2 ClientHello must be the first record.
$sslv2testtype = ALERT_BEFORE_SSLV2;
$proxy->clear();
+$proxy->serverflags("-tls1_2");
$proxy->start();
ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test");
sub add_empty_recs_filter
diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
index c15019d..16fd094 100644
--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -48,7 +48,7 @@ sub new
cert => $cert,
debug => $debug,
cipherc => "",
- ciphers => "AES128-SHA",
+ ciphers => "AES128-SHA:TLS13-AES-128-GCM-SHA256",
flight => 0,
record_list => [],
message_list => [],
@@ -113,7 +113,7 @@ sub clear
my $self = shift;
$self->clearClient;
- $self->{ciphers} = "AES128-SHA";
+ $self->{ciphers} = "AES128-SHA:TLS13-AES-128-GCM-SHA256";
$self->{serverflags} = "";
$self->{serverconnects} = 1;
$self->{serverpid} = 0;
@@ -147,10 +147,8 @@ sub start
or die "Failed to redirect stdout: $!";
open(STDERR, ">&STDOUT");
}
- # TODO(TLS1.3): Temporarily disabled for TLS1.3...no shared cipher
- # because the TLS1.3 ciphersuites are not compatible with ossltest
my $execcmd = $self->execute
- ." s_server -no_tls1_3 -no_comp -rev -engine ossltest -accept "
+ ." s_server -no_comp -rev -engine ossltest -accept "
.($self->server_port)
." -cert ".$self->cert." -naccept ".$self->serverconnects;
if ($self->ciphers ne "") {
diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm
index 423bad3..93a3a4b 100644
--- a/util/TLSProxy/Record.pm
+++ b/util/TLSProxy/Record.pm
@@ -107,7 +107,7 @@ sub get_records
if (($server && $server_ccs_seen)
|| (!$server && $client_ccs_seen)) {
- if ($etm) {
+ if ($version != VERS_TLS_1_3() && $etm) {
$record->decryptETM();
} else {
$record->decrypt();
@@ -221,22 +221,27 @@ sub decryptETM
sub decrypt()
{
my ($self) = shift;
-
+ my $mactaglen = 20;
my $data = $self->data;
- if($self->version >= VERS_TLS_1_1()) {
- #TLS1.1+ has an explicit IV. Throw it away
+ #Throw away any IVs
+ if ($self->version >= VERS_TLS_1_3()) {
+ #8 bytes for a GCM IV
+ $data = substr($data, 8);
+ $mactaglen = 16;
+ } elsif ($self->version >= VERS_TLS_1_1()) {
+ #16 bytes for a standard IV
$data = substr($data, 16);
- }
- #Find out what the padding byte is
- my $padval = unpack("C", substr($data, length($data) - 1));
+ #Find out what the padding byte is
+ my $padval = unpack("C", substr($data, length($data) - 1));
- #Throw away the padding
- $data = substr($data, 0, length($data) - ($padval + 1));
+ #Throw away the padding
+ $data = substr($data, 0, length($data) - ($padval + 1));
+ }
- #Throw away the MAC (assumes MAC is 20 bytes for now. FIXME)
- $data = substr($data, 0, length($data) - 20);
+ #Throw away the MAC or TAG
+ $data = substr($data, 0, length($data) - $mactaglen);
$self->decrypt_data($data);
$self->decrypt_len(length($data));
More information about the openssl-commits
mailing list