[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Richard Levitte
levitte at openssl.org
Thu Oct 5 07:42:15 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via c5e8bd1d8aa9dafdb515b6c055f1ac95c12f138d (commit)
via 619c589bdb2fc52e4f180db548222e2b7ab169d8 (commit)
from 6717d1cf7db731e1087d84aa5195c3d0e71c4d30 (commit)
- Log -----------------------------------------------------------------
commit c5e8bd1d8aa9dafdb515b6c055f1ac95c12f138d
Author: Emilia Kasper <emilia at openssl.org>
Date: Fri Nov 25 17:05:30 2016 +0100
Test mac-then-encrypt
Verify that the encrypt-then-mac negotiation is handled
correctly. Additionally, when compiled with no-asm, this test ensures
coverage for the constant-time MAC copying code in
ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as
well but it's nevertheless better to have an explicit handshake test
for mac-then-encrypt.
Reviewed-by: Andy Polyakov <appro at openssl.org>
(cherry picked from commit b3618f44a7b8504bfb0a64e8a33e6b8e56d4d516)
commit 619c589bdb2fc52e4f180db548222e2b7ab169d8
Author: David Woodhouse <David.Woodhouse at intel.com>
Date: Fri Oct 14 00:26:38 2016 +0100
Add SSL_OP_NO_ENCRYPT_THEN_MAC
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit cde6145ba19a2fce039cf054a89e49f67c623c59)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 2 +
doc/ssl/SSL_CTX_set_options.pod | 8 ++
include/openssl/ssl.h | 2 +
ssl/ssl_conf.c | 1 +
ssl/t1_lib.c | 9 +-
test/recipes/80-test_ssl_new.t | 2 +-
test/ssl-tests/19-mac-then-encrypt.conf | 156 +++++++++++++++++++++++++++++
test/ssl-tests/19-mac-then-encrypt.conf.in | 89 ++++++++++++++++
8 files changed, 265 insertions(+), 4 deletions(-)
create mode 100644 test/ssl-tests/19-mac-then-encrypt.conf
create mode 100644 test/ssl-tests/19-mac-then-encrypt.conf.in
diff --git a/CHANGES b/CHANGES
index f13c6d1..b237273 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,8 @@
*) Ignore the '-named_curve auto' value for compatibility of applications
with OpenSSL 1.0.2.
[Tomas Mraz <tmraz at fedoraproject.org>]
+ *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
+ [Emilia Käsper]
Changes between 1.1.0e and 1.1.0f [25 May 2017]
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index 635b470..63609f3 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -189,6 +189,14 @@ Allow legacy insecure renegotiation between OpenSSL and unpatched servers
B<only>: this option is currently set by default. See the
B<SECURE RENEGOTIATION> section for more details.
+=item SSL_OP_NO_ENCRYPT_THEN_MAC
+
+Normally clients and servers will transparently attempt to negotiate the
+RFC7366 Encrypt-then-MAC option on TLS and DTLS connection.
+
+If this option is set, Encrypt-then-MAC is disabled. Clients will not
+propose, and servers will not accept the extension.
+
=back
=head1 SECURE RENEGOTIATION
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 940a5f0..4e7f82f 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -297,6 +297,8 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
# define SSL_OP_NO_COMPRESSION 0x00020000U
/* Permit unsafe legacy renegotiation */
# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U
+/* Disable encrypt-then-mac */
+# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U
/*
* Set on servers to choose the cipher according to the server's preferences
*/
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 88e4103..8b7c6fe 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -357,6 +357,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
SSL_FLAG_TBL("UnsafeLegacyRenegotiation",
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
+ SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
};
if (value == NULL)
return -3;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 55abba9..b2cfff5 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1356,8 +1356,9 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
* silently failed to actually do it. It is fixed in 1.1.1 but to
* ease the transition especially from 1.1.0b to 1.1.0c, we just
* disable it in 1.1.0.
+ * Also skip if SSL_OP_NO_ENCRYPT_THEN_MAC is set.
*/
- if (!SSL_IS_DTLS(s)) {
+ if (!SSL_IS_DTLS(s) && !(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) {
/*-
* check for enough space.
* 4 bytes for the ETM type and extension length
@@ -2285,7 +2286,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
return 0;
}
#endif
- else if (type == TLSEXT_TYPE_encrypt_then_mac)
+ else if (type == TLSEXT_TYPE_encrypt_then_mac &&
+ !(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))
s->tlsext_use_etm = 1;
/*
* Note: extended master secret extension handled in
@@ -2605,7 +2607,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
#endif
else if (type == TLSEXT_TYPE_encrypt_then_mac) {
/* Ignore if inappropriate ciphersuite */
- if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
+ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) &&
+ s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
&& s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
s->tlsext_use_etm = 1;
} else if (type == TLSEXT_TYPE_extended_master_secret) {
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 2f6a69a..e986c76 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -29,7 +29,7 @@ map { s/\^// } @conf_files if $^O eq "VMS";
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
-plan tests => 18; # = scalar @conf_srcs
+plan tests => 19; # = scalar @conf_srcs
# Some test results depend on the configuration of enabled protocols. We only
# verify generated sources in the default configuration.
diff --git a/test/ssl-tests/19-mac-then-encrypt.conf b/test/ssl-tests/19-mac-then-encrypt.conf
new file mode 100644
index 0000000..40480ed
--- /dev/null
+++ b/test/ssl-tests/19-mac-then-encrypt.conf
@@ -0,0 +1,156 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 6
+
+test-0 = 0-disable-encrypt-then-mac-server-sha
+test-1 = 1-disable-encrypt-then-mac-client-sha
+test-2 = 2-disable-encrypt-then-mac-both-sha
+test-3 = 3-disable-encrypt-then-mac-server-sha2
+test-4 = 4-disable-encrypt-then-mac-client-sha2
+test-5 = 5-disable-encrypt-then-mac-both-sha2
+# ===========================================================
+
+[0-disable-encrypt-then-mac-server-sha]
+ssl_conf = 0-disable-encrypt-then-mac-server-sha-ssl
+
+[0-disable-encrypt-then-mac-server-sha-ssl]
+server = 0-disable-encrypt-then-mac-server-sha-server
+client = 0-disable-encrypt-then-mac-server-sha-client
+
+[0-disable-encrypt-then-mac-server-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-disable-encrypt-then-mac-server-sha-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-disable-encrypt-then-mac-client-sha]
+ssl_conf = 1-disable-encrypt-then-mac-client-sha-ssl
+
+[1-disable-encrypt-then-mac-client-sha-ssl]
+server = 1-disable-encrypt-then-mac-client-sha-server
+client = 1-disable-encrypt-then-mac-client-sha-client
+
+[1-disable-encrypt-then-mac-client-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-disable-encrypt-then-mac-client-sha-client]
+CipherString = AES128-SHA
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-disable-encrypt-then-mac-both-sha]
+ssl_conf = 2-disable-encrypt-then-mac-both-sha-ssl
+
+[2-disable-encrypt-then-mac-both-sha-ssl]
+server = 2-disable-encrypt-then-mac-both-sha-server
+client = 2-disable-encrypt-then-mac-both-sha-client
+
+[2-disable-encrypt-then-mac-both-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-disable-encrypt-then-mac-both-sha-client]
+CipherString = AES128-SHA
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[3-disable-encrypt-then-mac-server-sha2]
+ssl_conf = 3-disable-encrypt-then-mac-server-sha2-ssl
+
+[3-disable-encrypt-then-mac-server-sha2-ssl]
+server = 3-disable-encrypt-then-mac-server-sha2-server
+client = 3-disable-encrypt-then-mac-server-sha2-client
+
+[3-disable-encrypt-then-mac-server-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-disable-encrypt-then-mac-server-sha2-client]
+CipherString = AES128-SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-disable-encrypt-then-mac-client-sha2]
+ssl_conf = 4-disable-encrypt-then-mac-client-sha2-ssl
+
+[4-disable-encrypt-then-mac-client-sha2-ssl]
+server = 4-disable-encrypt-then-mac-client-sha2-server
+client = 4-disable-encrypt-then-mac-client-sha2-client
+
+[4-disable-encrypt-then-mac-client-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-disable-encrypt-then-mac-client-sha2-client]
+CipherString = AES128-SHA256
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[5-disable-encrypt-then-mac-both-sha2]
+ssl_conf = 5-disable-encrypt-then-mac-both-sha2-ssl
+
+[5-disable-encrypt-then-mac-both-sha2-ssl]
+server = 5-disable-encrypt-then-mac-both-sha2-server
+client = 5-disable-encrypt-then-mac-both-sha2-client
+
+[5-disable-encrypt-then-mac-both-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-disable-encrypt-then-mac-both-sha2-client]
+CipherString = AES128-SHA256
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+
+
diff --git a/test/ssl-tests/19-mac-then-encrypt.conf.in b/test/ssl-tests/19-mac-then-encrypt.conf.in
new file mode 100644
index 0000000..01afe25
--- /dev/null
+++ b/test/ssl-tests/19-mac-then-encrypt.conf.in
@@ -0,0 +1,89 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+
+our @tests = (
+ {
+ name => "disable-encrypt-then-mac-server-sha",
+ server => {
+ "Options" => "-EncryptThenMac",
+ },
+ client => {
+ "CipherString" => "AES128-SHA",
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
+ name => "disable-encrypt-then-mac-client-sha",
+ server => {
+ },
+ client => {
+ "CipherString" => "AES128-SHA",
+ "Options" => "-EncryptThenMac",
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
+ name => "disable-encrypt-then-mac-both-sha",
+ server => {
+ "Options" => "-EncryptThenMac",
+ },
+ client => {
+ "CipherString" => "AES128-SHA",
+ "Options" => "-EncryptThenMac",
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
+ name => "disable-encrypt-then-mac-server-sha2",
+ server => {
+ "Options" => "-EncryptThenMac",
+ },
+ client => {
+ "CipherString" => "AES128-SHA256",
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
+ name => "disable-encrypt-then-mac-client-sha2",
+ server => {
+ },
+ client => {
+ "CipherString" => "AES128-SHA256",
+ "Options" => "-EncryptThenMac",
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
+ name => "disable-encrypt-then-mac-both-sha2",
+ server => {
+ "Options" => "-EncryptThenMac",
+ },
+ client => {
+ "CipherString" => "AES128-SHA256",
+ "Options" => "-EncryptThenMac",
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+);
More information about the openssl-commits
mailing list