[openssl] master update
Matt Caswell
matt at openssl.org
Wed May 6 10:57:16 UTC 2020
The branch master has been updated
via a96e6c347bc1da9964ffe941608b11cf030320ef (commit)
via 4264ecd4cebf7cee4bd437f1739e9f4297ae5b70 (commit)
from 15dd075f708c58bbbbd18f98608fecfcb97f693a (commit)
- Log -----------------------------------------------------------------
commit a96e6c347bc1da9964ffe941608b11cf030320ef
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 1 12:24:57 2020 +0100
Extend test_ssl_get_shared_ciphers
Ensure we test scenarios where a FIPS peer is communication with a
non-FIPS peer. Check that a FIPS client doesn't offer ciphersuites it
doesn't have, and that a FIPS server only chooses ciphersuites it can
support.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11700)
commit 4264ecd4cebf7cee4bd437f1739e9f4297ae5b70
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 1 09:17:40 2020 +0100
Don't offer or accept ciphersuites that we can't support
We were not correctly detecting whether TLSv1.3 ciphersuites could
actually be supported by the available provider implementations. For
example a FIPS client would still offer CHACHA20-POLY1305 based
ciphersuites even though it couldn't actually use them. Similarly on
the server would try to use CHACHA20-POLY1305 and then fail the
handshake.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11700)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_ciph.c | 12 ++++++++++--
test/sslapitest.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 65 insertions(+), 5 deletions(-)
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 9ee1fc7fa9..7b3a5e7c89 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1596,8 +1596,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
- if (!sk_SSL_CIPHER_push(cipherstack,
- sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
+ const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
+
+ /* Don't include any TLSv1.3 ciphers that are disabled */
+ if ((sslc->algorithm_enc & disabled_enc) != 0
+ || (ssl_cipher_table_mac[sslc->algorithm2
+ & SSL_HANDSHAKE_MAC_MASK].mask
+ & disabled_mac_mask) != 0)
+ continue;
+
+ if (!sk_SSL_CIPHER_push(cipherstack, sslc)) {
sk_SSL_CIPHER_free(cipherstack);
return NULL;
}
diff --git a/test/sslapitest.c b/test/sslapitest.c
index b8bad61fd2..6889607662 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -6208,6 +6208,7 @@ static struct {
const char *srvrciphers;
const char *srvrtls13ciphers;
const char *shared;
+ const char *fipsshared;
} shared_ciphers_data[] = {
/*
* We can't establish a connection (even in TLSv1.1) with these ciphersuites if
@@ -6220,14 +6221,29 @@ static struct {
NULL,
"AES256-SHA:DHE-RSA-AES128-SHA",
NULL,
+ "AES256-SHA",
"AES256-SHA"
},
+# if !defined(OPENSSL_NO_CHACHA) \
+ && !defined(OPENSSL_NO_POLY1305) \
+ && !defined(OPENSSL_NO_EC)
+ {
+ TLS1_2_VERSION,
+ "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
+ NULL,
+ "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
+ NULL,
+ "AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305",
+ "AES128-SHA"
+ },
+# endif
{
TLS1_2_VERSION,
"AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA",
NULL,
"AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA",
NULL,
+ "AES128-SHA:AES256-SHA",
"AES128-SHA:AES256-SHA"
},
{
@@ -6236,6 +6252,7 @@ static struct {
NULL,
"AES128-SHA:DHE-RSA-AES128-SHA",
NULL,
+ "AES128-SHA",
"AES128-SHA"
},
#endif
@@ -6252,7 +6269,8 @@ static struct {
"AES256-SHA:AES128-SHA256",
NULL,
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:"
- "TLS_AES_128_GCM_SHA256:AES256-SHA"
+ "TLS_AES_128_GCM_SHA256:AES256-SHA",
+ "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:AES256-SHA"
},
#endif
#ifndef OPENSSL_NO_TLS1_3
@@ -6262,17 +6280,39 @@ static struct {
"TLS_AES_256_GCM_SHA384",
"AES256-SHA",
"TLS_AES_256_GCM_SHA384",
+ "TLS_AES_256_GCM_SHA384",
"TLS_AES_256_GCM_SHA384"
},
#endif
};
-static int test_ssl_get_shared_ciphers(int tst)
+static int int_test_ssl_get_shared_ciphers(int tst, int clnt)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
char buf[1024];
+ OPENSSL_CTX *tmplibctx = OPENSSL_CTX_new();
+
+ if (!TEST_ptr(tmplibctx))
+ goto end;
+
+ /*
+ * Regardless of whether we're testing with the FIPS provider loaded into
+ * libctx, we want one peer to always use the full set of ciphersuites
+ * available. Therefore we use a separate libctx with the default provider
+ * loaded into it. We run the same tests twice - once with the client side
+ * having the full set of ciphersuites and once with the server side.
+ */
+ if (clnt) {
+ cctx = SSL_CTX_new_with_libctx(tmplibctx, NULL, TLS_client_method());
+ if (!TEST_ptr(cctx))
+ goto end;
+ } else {
+ sctx = SSL_CTX_new_with_libctx(tmplibctx, NULL, TLS_server_method());
+ if (!TEST_ptr(sctx))
+ goto end;
+ }
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
@@ -6301,7 +6341,11 @@ static int test_ssl_get_shared_ciphers(int tst)
goto end;
if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf)))
- || !TEST_int_eq(strcmp(buf, shared_ciphers_data[tst].shared), 0)) {
+ || !TEST_int_eq(strcmp(buf,
+ is_fips
+ ? shared_ciphers_data[tst].fipsshared
+ : shared_ciphers_data[tst].shared),
+ 0)) {
TEST_info("Shared ciphers are: %s\n", buf);
goto end;
}
@@ -6313,10 +6357,18 @@ static int test_ssl_get_shared_ciphers(int tst)
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
+ OPENSSL_CTX_free(tmplibctx);
return testresult;
}
+static int test_ssl_get_shared_ciphers(int tst)
+{
+ return int_test_ssl_get_shared_ciphers(tst, 0)
+ && int_test_ssl_get_shared_ciphers(tst, 1);
+}
+
+
static const char *appdata = "Hello World";
static int gen_tick_called, dec_tick_called, tick_key_cb_called;
static int tick_key_renew = 0;
More information about the openssl-commits
mailing list