[openssl] master update
kaduk at mit.edu
kaduk at mit.edu
Mon Nov 2 19:46:29 UTC 2020
The branch master has been updated
via e7a8fecd0b1138b156bee71d92372abda956f1a8 (commit)
via 467dc325243d7fcbd74cc30a223ea5741f1f9473 (commit)
via a92c9648cd96d293cf198652cda8f29cc84a9828 (commit)
from 3d7e7e7c48210b515ef5e05f4acf6dc58377331c (commit)
- Log -----------------------------------------------------------------
commit e7a8fecd0b1138b156bee71d92372abda956f1a8
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Mon Oct 26 12:20:31 2020 -0700
Add more diagnostics to ossl_shim
We had several cases where the connection failed but we did not
have an error message to differentiate which failure condition had
been triggered. Add some more messages to help clarify what is
going wrong.
[extended tests]
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13251)
commit 467dc325243d7fcbd74cc30a223ea5741f1f9473
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Mon Oct 26 12:35:55 2020 -0700
Adjust error reason for ssl_get_min_max_version() failure
Use SSL_R_NO_PROTOCOLS_AVAILABLE instead of ERR_R_INTERNAL_ERROR,
to match what the BoringSSL tests expect for this case.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13251)
commit a92c9648cd96d293cf198652cda8f29cc84a9828
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Mon Oct 26 12:30:16 2020 -0700
Clear error queue entries from bad DLTS records
DTLS by design ignores records/packets with bad MAC or failed AEAD tag
validation. However, recent changes to have provided cipher
implementations caused tls1_enc() to leave an entry on the error queue
for invalid GCM tags, e.g.:
800BEAEF487F0000:error::Provider routines:gcm_stream_update:cipher operation failed:providers/implementations/ciphers/ciphercommon_gcm.c:306
The BoringSSL tests check for entries on the error queue with
SSL_get_error() and so we were seeing spurious test failures
due to the additional item on the error queue. To avoid leaving
such spurious entries on the error queue, set a mark before calling
the ssl3_enc 'enc' method, and pop to that mark before ignoring
invalid packets.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13251)
-----------------------------------------------------------------------
Summary of changes:
ssl/record/ssl3_record.c | 8 ++++++++
ssl/statem/statem_lib.c | 4 ++--
test/ossl_shim/ossl_shim.cc | 5 +++++
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 046d6f2054..52a8986aca 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1615,6 +1615,12 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
mac_size = 0;
}
+ /*
+ * Set a mark around the packet decryption attempt. This is DTLS, so
+ * bad packets are just ignored, and we don't want to leave stray
+ * errors in the queue from processing bogus junk that we ignored.
+ */
+ ERR_set_mark();
enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0, &macbuf, mac_size);
/*-
@@ -1624,6 +1630,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
* 1: Success or MTE decryption failed (MAC will be randomised)
*/
if (enc_err == 0) {
+ ERR_pop_to_mark();
if (ossl_statem_in_error(s)) {
/* SSLfatal() got called */
goto end;
@@ -1633,6 +1640,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto end;
}
+ ERR_clear_last_mark();
OSSL_TRACE_BEGIN(TLS) {
BIO_printf(trc_out, "dec %zd\n", rr->length);
BIO_dump_indent(trc_out, rr->data, rr->length, 4);
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index ef4067a749..422c631838 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -101,8 +101,8 @@ int tls_setup_handshake(SSL *s)
memset(s->ext.extflags, 0, sizeof(s->ext.extflags));
if (ssl_get_min_max_version(s, &ver_min, &ver_max, NULL) != 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_SETUP_HANDSHAKE,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_TLS_SETUP_HANDSHAKE,
+ SSL_R_NO_PROTOCOLS_AVAILABLE);
return 0;
}
diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
index 1d32073f84..380e6853c6 100644
--- a/test/ossl_shim/ossl_shim.cc
+++ b/test/ossl_shim/ossl_shim.cc
@@ -1085,6 +1085,7 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
} while (config->async && RetryAsync(ssl.get(), ret));
if (ret != 1 ||
!CheckHandshakeProperties(ssl.get(), is_resume)) {
+ fprintf(stderr, "resumption check failed\n");
return false;
}
@@ -1105,6 +1106,7 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
return false;
}
if (WriteAll(ssl.get(), result.data(), result.size()) < 0) {
+ fprintf(stderr, "writing exported key material failed\n");
return false;
}
}
@@ -1135,6 +1137,7 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
if (config->shim_writes_first) {
if (WriteAll(ssl.get(), reinterpret_cast<const uint8_t *>("hello"),
5) < 0) {
+ fprintf(stderr, "shim_writes_first write failed\n");
return false;
}
}
@@ -1160,6 +1163,7 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
fprintf(stderr, "Invalid SSL_get_error output\n");
return false;
}
+ fprintf(stderr, "Unexpected entry in error queue\n");
return false;
}
// Successfully read data.
@@ -1179,6 +1183,7 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
buf[i] ^= 0xff;
}
if (WriteAll(ssl.get(), buf.get(), n) < 0) {
+ fprintf(stderr, "write of inverted bitstream failed\n");
return false;
}
}
More information about the openssl-commits
mailing list