[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Jul 13 17:19:20 UTC 2018
The branch master has been updated
via 1e839545803107b230a8177875de5994f85984de (commit)
via baa45c3e74e1202eb963d22821ed87c097506b05 (commit)
via 4fd12788ebd352308e3f3c5f0f9bc607ababc867 (commit)
via 871980a9ada476fa54cec2e5174aa916d09efd11 (commit)
from 1f4add418d3ef07da80be87bc4e696197c84468f (commit)
- Log -----------------------------------------------------------------
commit 1e839545803107b230a8177875de5994f85984de
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jul 13 16:11:46 2018 +0100
Add a GOST test
Test that we never negotiate TLSv1.3 using GOST
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6650)
commit baa45c3e74e1202eb963d22821ed87c097506b05
Author: Matt Caswell <matt at openssl.org>
Date: Wed Jul 4 16:48:56 2018 +0100
As a server don't select TLSv1.3 if we're not capable of it
Check that we are either configured for PSK, or that we have a TLSv1.3
capable certificate type. DSA certs can't be used in TLSv1.3 and we
don't (currently) allow GOST ones either (owing to the lack of standard
sig algs).
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6650)
commit 4fd12788ebd352308e3f3c5f0f9bc607ababc867
Author: Matt Caswell <matt at openssl.org>
Date: Wed Jul 4 16:02:20 2018 +0100
Use ssl_version_supported() when choosing server version
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6650)
commit 871980a9ada476fa54cec2e5174aa916d09efd11
Author: Matt Caswell <matt at openssl.org>
Date: Tue Jul 3 17:45:35 2018 +0100
Do not use GOST sig algs in TLSv1.3 where possible
Fixes #6513
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6650)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_locl.h | 3 +-
ssl/statem/statem_clnt.c | 2 +-
ssl/statem/statem_lib.c | 63 ++++++++++-----
ssl/t1_lib.c | 41 ++++++++++
test/build.info | 6 +-
test/gosttest.c | 91 ++++++++++++++++++++++
test/recipes/90-test_gost.t | 37 +++++++++
test/recipes/90-test_gost_data/gost.conf | 13 ++++
test/recipes/90-test_gost_data/server-cert2001.pem | 13 ++++
test/recipes/90-test_gost_data/server-cert2012.pem | 13 ++++
test/recipes/90-test_gost_data/server-key2001.pem | 4 +
test/recipes/90-test_gost_data/server-key2012.pem | 4 +
12 files changed, 267 insertions(+), 23 deletions(-)
create mode 100644 test/gosttest.c
create mode 100644 test/recipes/90-test_gost.t
create mode 100644 test/recipes/90-test_gost_data/gost.conf
create mode 100644 test/recipes/90-test_gost_data/server-cert2001.pem
create mode 100644 test/recipes/90-test_gost_data/server-cert2012.pem
create mode 100644 test/recipes/90-test_gost_data/server-key2001.pem
create mode 100644 test/recipes/90-test_gost_data/server-key2012.pem
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 0bf3f16..b38052f 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2368,7 +2368,8 @@ __owur int ssl3_handshake_write(SSL *s);
__owur int ssl_allow_compression(SSL *s);
-__owur int ssl_version_supported(const SSL *s, int version);
+__owur int ssl_version_supported(const SSL *s, int version,
+ const SSL_METHOD **meth);
__owur int ssl_set_client_hello_version(SSL *s);
__owur int ssl_check_version_downgrade(SSL *s);
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 88c3437..ad79fef 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1119,7 +1119,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
}
if (sess == NULL
- || !ssl_version_supported(s, sess->ssl_version)
+ || !ssl_version_supported(s, sess->ssl_version, NULL)
|| !SSL_SESSION_is_resumable(sess)) {
if (s->hello_retry_request == SSL_HRR_NONE
&& !ssl_get_new_session(s, 0)) {
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 61fc3ca..0d8fe5d 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1486,6 +1486,35 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
}
/*
+ * Only called by servers. Returns 1 if the server has a TLSv1.3 capable
+ * certificate type, or has PSK configured. Otherwise returns 0.
+ */
+static int is_tls13_capable(const SSL *s)
+{
+ int i;
+
+ if (s->psk_server_callback != NULL || s->psk_find_session_cb != NULL)
+ return 1;
+
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+ /* Skip over certs disallowed for TLSv1.3 */
+ switch (i) {
+ case SSL_PKEY_DSA_SIGN:
+ case SSL_PKEY_GOST01:
+ case SSL_PKEY_GOST12_256:
+ case SSL_PKEY_GOST12_512:
+ continue;
+ default:
+ break;
+ }
+ if (ssl_has_cert(s, i))
+ return 1;
+ }
+
+ return 0;
+}
+
+/*
* ssl_version_supported - Check that the specified `version` is supported by
* `SSL *` instance
*
@@ -1494,7 +1523,7 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
*
* Returns 1 when supported, otherwise 0
*/
-int ssl_version_supported(const SSL *s, int version)
+int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth)
{
const version_info *vent;
const version_info *table;
@@ -1514,9 +1543,14 @@ int ssl_version_supported(const SSL *s, int version)
for (vent = table;
vent->version != 0 && version_cmp(s, version, vent->version) <= 0;
++vent) {
- if (vent->cmeth != NULL &&
- version_cmp(s, version, vent->version) == 0 &&
- ssl_method_error(s, vent->cmeth()) == 0) {
+ if (vent->cmeth != NULL
+ && version_cmp(s, version, vent->version) == 0
+ && ssl_method_error(s, vent->cmeth()) == 0
+ && (!s->server
+ || version != TLS1_3_VERSION
+ || is_tls13_capable(s))) {
+ if (meth != NULL)
+ *meth = vent->cmeth();
return 1;
}
}
@@ -1625,11 +1659,11 @@ int ssl_set_version_bound(int method_version, int version, int *bound)
static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd)
{
if (vers == TLS1_2_VERSION
- && ssl_version_supported(s, TLS1_3_VERSION)) {
+ && ssl_version_supported(s, TLS1_3_VERSION, NULL)) {
*dgrd = DOWNGRADE_TO_1_2;
} else if (!SSL_IS_DTLS(s) && vers < TLS1_2_VERSION
- && (ssl_version_supported(s, TLS1_2_VERSION)
- || ssl_version_supported(s, TLS1_3_VERSION))) {
+ && (ssl_version_supported(s, TLS1_2_VERSION, NULL)
+ || ssl_version_supported(s, TLS1_3_VERSION, NULL))) {
*dgrd = DOWNGRADE_TO_1_1;
} else {
*dgrd = DOWNGRADE_NONE;
@@ -1735,19 +1769,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
*/
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
- for (vent = table;
- vent->version != 0 && vent->version != (int)candidate_vers;
- ++vent)
- continue;
- if (vent->version != 0 && vent->smeth != NULL) {
- const SSL_METHOD *method;
-
- method = vent->smeth();
- if (ssl_method_error(s, method) == 0) {
- best_vers = candidate_vers;
- best_method = method;
- }
- }
+ if (ssl_version_supported(s, candidate_vers, &best_method))
+ best_vers = candidate_vers;
}
if (PACKET_remaining(&versionslist) != 0) {
/* Trailing data? */
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index abf523e..3c7590c 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1519,9 +1519,50 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
|| lu->hash_idx == SSL_MD_MD5_IDX
|| lu->hash_idx == SSL_MD_SHA224_IDX))
return 0;
+
/* See if public key algorithm allowed */
if (ssl_cert_is_disabled(lu->sig_idx))
return 0;
+
+ if (lu->sig == NID_id_GostR3410_2012_256
+ || lu->sig == NID_id_GostR3410_2012_512
+ || lu->sig == NID_id_GostR3410_2001) {
+ /* We never allow GOST sig algs on the server with TLSv1.3 */
+ if (s->server && SSL_IS_TLS13(s))
+ return 0;
+ if (!s->server
+ && s->method->version == TLS_ANY_VERSION
+ && s->s3->tmp.max_ver >= TLS1_3_VERSION) {
+ int i, num;
+ STACK_OF(SSL_CIPHER) *sk;
+
+ /*
+ * We're a client that could negotiate TLSv1.3. We only allow GOST
+ * sig algs if we could negotiate TLSv1.2 or below and we have GOST
+ * ciphersuites enabled.
+ */
+
+ if (s->s3->tmp.min_ver >= TLS1_3_VERSION)
+ return 0;
+
+ sk = SSL_get_ciphers(s);
+ num = sk != NULL ? sk_SSL_CIPHER_num(sk) : 0;
+ for (i = 0; i < num; i++) {
+ const SSL_CIPHER *c;
+
+ c = sk_SSL_CIPHER_value(sk, i);
+ /* Skip disabled ciphers */
+ if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0))
+ continue;
+
+ if ((c->algorithm_mkey & SSL_kGOST) != 0)
+ break;
+ }
+ if (i == num)
+ return 0;
+ }
+ }
+
if (lu->hash == NID_undef)
return 1;
/* Security bits: half digest bits */
diff --git a/test/build.info b/test/build.info
index 9fe511a..8dbe0c2 100644
--- a/test/build.info
+++ b/test/build.info
@@ -50,7 +50,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
recordlentest drbgtest drbg_cavs_test sslbuffertest \
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \
- sysdefaulttest errtest
+ sysdefaulttest errtest gosttest
SOURCE[versions]=versions.c
INCLUDE[versions]=../include
@@ -537,6 +537,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
SOURCE[errtest]=errtest.c
INCLUDE[errtest]=../include
DEPEND[errtest]=../libcrypto libtestutil.a
+
+ SOURCE[gosttest]=gosttest.c ssltestlib.c
+ INCLUDE[gosttest]=../include ..
+ DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a
ENDIF
{-
diff --git a/test/gosttest.c b/test/gosttest.c
new file mode 100644
index 0000000..1a31a33
--- /dev/null
+++ b/test/gosttest.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssltestlib.h"
+#include "testutil.h"
+#include "internal/nelem.h"
+
+static char *cert1 = NULL;
+static char *privkey1 = NULL;
+static char *cert2 = NULL;
+static char *privkey2 = NULL;
+
+static struct {
+ char *cipher;
+ int expected_prot;
+ int certnum;
+} ciphers[] = {
+ /* Server doesn't have a cert with appropriate sig algs - should fail */
+ {"AES128-SHA", 0, 0},
+ /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
+ {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
+ /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
+ {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
+ /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
+ {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
+};
+
+/* Test that we never negotiate TLSv1.3 if using GOST */
+static int test_tls13(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ TLS_MAX_VERSION,
+ &sctx, &cctx,
+ ciphers[idx].certnum == 0 ? cert1
+ : cert2,
+ ciphers[idx].certnum == 0 ? privkey1
+ : privkey2)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
+ || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ if (ciphers[idx].expected_prot == 0) {
+ if (!TEST_false(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+ } else {
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE))
+ || !TEST_int_eq(SSL_version(clientssl),
+ ciphers[idx].expected_prot))
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+int setup_tests(void)
+{
+ if (!TEST_ptr(cert1 = test_get_argument(0))
+ || !TEST_ptr(privkey1 = test_get_argument(1))
+ || !TEST_ptr(cert2 = test_get_argument(2))
+ || !TEST_ptr(privkey2 = test_get_argument(3)))
+ return 0;
+
+ ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
+ return 1;
+}
diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t
new file mode 100644
index 0000000..00f95af
--- /dev/null
+++ b/test/recipes/90-test_gost.t
@@ -0,0 +1,37 @@
+#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_gost");
+
+plan skip_all => "GOST support is disabled in this OpenSSL build"
+ if disabled("gost");
+
+plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build"
+ if disabled("tls1_3") || disabled("tls1_2");
+
+plan skip_all => "No test GOST engine found"
+ if !$ENV{OPENSSL_GOST_ENGINE_SO};
+
+plan tests => 1;
+
+$ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data",
+ "gost.conf");
+
+ok(run(test(["gosttest",
+ srctop_file("test", "recipes", "90-test_gost_data",
+ "server-cert2001.pem"),
+ srctop_file("test", "recipes", "90-test_gost_data",
+ "server-key2001.pem"),
+ srctop_file("test", "recipes", "90-test_gost_data",
+ "server-cert2012.pem"),
+ srctop_file("test", "recipes", "90-test_gost_data",
+ "server-key2012.pem")])),
+ "running gosttest");
diff --git a/test/recipes/90-test_gost_data/gost.conf b/test/recipes/90-test_gost_data/gost.conf
new file mode 100644
index 0000000..1f42b9d
--- /dev/null
+++ b/test/recipes/90-test_gost_data/gost.conf
@@ -0,0 +1,13 @@
+openssl_conf = openssl_def
+[openssl_def]
+engines = engine_section
+
+[engine_section]
+gost = gost_section
+
+[gost_section]
+engine_id = gost
+dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO
+default_algorithms = ALL
+CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
+
diff --git a/test/recipes/90-test_gost_data/server-cert2001.pem b/test/recipes/90-test_gost_data/server-cert2001.pem
new file mode 100644
index 0000000..e287821
--- /dev/null
+++ b/test/recipes/90-test_gost_data/server-cert2001.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4jCCAY+gAwIBAgIUNKO10+LkPoYGkOqNJ2wv1YI8RpQwCgYGKoUDAgIDBQAw
+RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xODA3MTMxNTAzMDFaFw0yODA3MTAx
+NTAzMDFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD
+VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwYzAcBgYqhQMCAhMwEgYHKoUD
+AgIjAQYHKoUDAgIeAQNDAARAyDUhXsZP1JSLkvZ3xaU4aHXxAGKDwpawJ89+3B+N
+lD7FS48QUIeoQrv9hn1B/kVuVxJwU4CeZRQohLvc5IkzJ6NTMFEwHQYDVR0OBBYE
+FEz6BbScOOWYqklNGMTbyikZG/cRMB8GA1UdIwQYMBaAFEz6BbScOOWYqklNGMTb
+yikZG/cRMA8GA1UdEwEB/wQFMAMBAf8wCgYGKoUDAgIDBQADQQAbkdWo441FqSbB
+13JTW498NOzHZn69wnjYsOmMHLCdEHBTHVCa/g1wHPc4CyYk4UfMRWz5awzb6zNB
+TncjMl2a
+-----END CERTIFICATE-----
diff --git a/test/recipes/90-test_gost_data/server-cert2012.pem b/test/recipes/90-test_gost_data/server-cert2012.pem
new file mode 100644
index 0000000..85d13c6
--- /dev/null
+++ b/test/recipes/90-test_gost_data/server-cert2012.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAZSgAwIBAgIUVF/ajykAyHqQm1n6K1JdMFX/O6owDAYIKoUDBwEBAwIF
+ADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwY
+SW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE4MDcxMzE0MzcxNVoXDTI4MDcx
+MDE0MzcxNVowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAf
+BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBmMB8GCCqFAwcBAQEBMBMG
+ByqFAwICIwEGCCqFAwcBAQICA0MABEDIj2JgFybRexBIdkG7bI//Z8woXbpC/hpg
+62qflBE/dHnWVnbzpJUVeSd5sAkP7Ta0qrrs5YdW4MBIM/VPbDVOo1MwUTAdBgNV
+HQ4EFgQUFZtRh6plQ3nHf1A+7ayjYw9B1X0wHwYDVR0jBBgwFoAUFZtRh6plQ3nH
+f1A+7ayjYw9B1X0wDwYDVR0TAQH/BAUwAwEB/zAMBggqhQMHAQEDAgUAA0EAMttA
+fMPa3YFO9db/xIS9wMB7ntbtibeZEJlngaPu5gvfdNmCY0uzjY2c3yPr9dDq84j7
+gSqY1VwVBLuKrpLC+w==
+-----END CERTIFICATE-----
diff --git a/test/recipes/90-test_gost_data/server-key2001.pem b/test/recipes/90-test_gost_data/server-key2001.pem
new file mode 100644
index 0000000..92a59d8
--- /dev/null
+++ b/test/recipes/90-test_gost_data/server-key2001.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEMCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIJgoLqJR/05zND0f
+8Wnma1MFMxE7ezisZhkS/DL4DXb6
+-----END PRIVATE KEY-----
diff --git a/test/recipes/90-test_gost_data/server-key2012.pem b/test/recipes/90-test_gost_data/server-key2012.pem
new file mode 100644
index 0000000..e932f0d
--- /dev/null
+++ b/test/recipes/90-test_gost_data/server-key2012.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEYCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEILemtIak5CeX
+Jd75HfVqAMi1MfhxW7kGvGDj8l1/nF45
+-----END PRIVATE KEY-----
More information about the openssl-commits
mailing list