Skip to content

Commit

Permalink
fixup! Add support for integrity-only cipher suites for TLS v1.3
Browse files Browse the repository at this point in the history
  • Loading branch information
rajeev-0 committed May 12, 2024
1 parent 5189582 commit a1922d6
Show file tree
Hide file tree
Showing 9 changed files with 41 additions and 20 deletions.
1 change: 1 addition & 0 deletions .github/workflows/run-checker-merge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ jobs:
no-ts,
enable-weak-ssl-ciphers,
enable-zlib,
no-integrity-only-ciphers
]
runs-on: ubuntu-latest
steps:
Expand Down
4 changes: 2 additions & 2 deletions CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ OpenSSL 3.4

*Tim Perry*

* Added to TLS v1.3 support for integrity-only cipher suites
TLS_SHA256_SHA256 and TLS_SHA384_SHA384, as defined in RFC 9150.
* Added support for integrity-only cipher suites TLS_SHA256_SHA256 and
TLS_SHA384_SHA384 in TLS 1.3, as defined in RFC 9150.

This work was sponsored by Siemens AG.

Expand Down
2 changes: 1 addition & 1 deletion Configure
Original file line number Diff line number Diff line change
Expand Up @@ -528,7 +528,7 @@ my @disablables = (
"thread-pool",
"threads",
"tls",
"tls1_3-integrity-only_ciphers",
"integrity-only-ciphers",
"trace",
"ts",
"ubsan",
Expand Down
4 changes: 2 additions & 2 deletions doc/man1/openssl-ciphers.pod.in
Original file line number Diff line number Diff line change
Expand Up @@ -745,7 +745,7 @@ Note: the CBC modes mentioned in this RFC are not supported.

Note: these ciphers are purely HMAC based and do not provide any confidentiality
and thus are disabled by default.
These ciphers are available at security level 0.
These ciphers are only available at security level 0.

=head2 Older names used by OpenSSL

Expand Down Expand Up @@ -811,7 +811,7 @@ The B<-convert> option was added in OpenSSL 1.1.1.
Support for standard IANA names in cipher lists was added in
OpenSSL 3.2.0.

The support for TLS v1.3 integrity-only cipher suites was added in OpenSSL 3.3.
The support for TLS v1.3 integrity-only cipher suites was added in OpenSSL 3.4.

=head1 COPYRIGHT

Expand Down
4 changes: 2 additions & 2 deletions doc/man3/SSL_CTX_set_cipher_list.pod
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,9 @@ ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are:

=item TLS_AES_128_CCM_8_SHA256

=item TLS_SHA384_SHA384 - integrity-only!
=item TLS_SHA384_SHA384 - integrity-only

=item TLS_SHA256_SHA256 - integrity-only!
=item TLS_SHA256_SHA256 - integrity-only

=back

Expand Down
9 changes: 3 additions & 6 deletions ssl/record/methods/tls13_meth.c
Original file line number Diff line number Diff line change
Expand Up @@ -31,16 +31,13 @@ static int tls13_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
int enc = (rl->direction == OSSL_RECORD_DIRECTION_WRITE) ? 1 : 0;

rl->iv = OPENSSL_malloc(ivlen);
if (rl->iv == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
if (rl->iv == NULL)
return OSSL_RECORD_RETURN_FATAL;
}

rl->nonce = OPENSSL_malloc(ivlen);
if (rl->nonce == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
if (rl->nonce == NULL)
return OSSL_RECORD_RETURN_FATAL;
}

memcpy(rl->iv, iv, ivlen);

/* Integrity only */
Expand Down
27 changes: 25 additions & 2 deletions ssl/s3_lib.c
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ static SSL_CIPHER tls13_ciphers[] = {
64, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
#ifndef OPENSSL_NO_TLS1_3_INTEGRITY_ONLY_CIPHERS
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
TLS1_3_RFC_SHA256_SHA256,
Expand Down Expand Up @@ -159,6 +159,7 @@ static SSL_CIPHER tls13_ciphers[] = {
* Weak ciphers
*/
static SSL_CIPHER ssl3_ciphers[] = {
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
SSL3_TXT_RSA_NULL_MD5,
Expand Down Expand Up @@ -191,6 +192,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
#endif
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
Expand Down Expand Up @@ -385,6 +387,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
TLS1_TXT_RSA_WITH_NULL_SHA256,
Expand All @@ -401,6 +404,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
#endif
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA256,
Expand Down Expand Up @@ -977,6 +981,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
64, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
Expand All @@ -993,6 +998,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
#endif
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
Expand Down Expand Up @@ -1043,6 +1049,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
Expand All @@ -1059,6 +1066,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
#endif
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
Expand Down Expand Up @@ -1109,6 +1117,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
Expand All @@ -1125,6 +1134,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
#endif
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
Expand Down Expand Up @@ -1303,6 +1313,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA,
Expand Down Expand Up @@ -1351,6 +1362,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
#endif
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
Expand Down Expand Up @@ -1629,6 +1641,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA256,
Expand Down Expand Up @@ -1661,6 +1674,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
#endif
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
Expand Down Expand Up @@ -1693,6 +1707,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
Expand Down Expand Up @@ -1725,6 +1740,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
#endif
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
Expand Down Expand Up @@ -1757,6 +1773,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
Expand Down Expand Up @@ -1789,6 +1806,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
#endif
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
Expand Down Expand Up @@ -1871,6 +1889,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
Expand Down Expand Up @@ -1919,7 +1938,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},

#endif
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
Expand Down Expand Up @@ -2646,6 +2665,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
# ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
"GOST2001-NULL-GOST94",
Expand All @@ -2662,6 +2682,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
# endif
{
1,
"IANA-GOST2012-GOST8912-GOST8912",
Expand Down Expand Up @@ -2694,6 +2715,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
# ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
{
1,
"GOST2012-NULL-GOST12",
Expand All @@ -2710,6 +2732,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
0,
0,
},
# endif
{
1,
"GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
Expand Down
2 changes: 1 addition & 1 deletion test/quicapitest.c
Original file line number Diff line number Diff line change
Expand Up @@ -343,7 +343,7 @@ static int test_cipher_find(void)
{ TLS13_CHACHA20_POLY1305_SHA256_BYTES, 1 },
{ TLS13_AES_128_CCM_SHA256_BYTES, 0 },
{ TLS13_AES_128_CCM_8_SHA256_BYTES, 0 },
#if !defined(OPENSSL_NO_TLS1_3_INTEGRITY_ONLY_CIPHERS)
#if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
{ TLS13_SHA256_SHA256_BYTES, 0 },
{ TLS13_SHA384_SHA384_BYTES, 0 }
#endif
Expand Down
8 changes: 4 additions & 4 deletions test/sslapitest.c
Original file line number Diff line number Diff line change
Expand Up @@ -3919,7 +3919,7 @@ static const char *ciphersuites[] = {
#else
NULL,
#endif
#if !defined(OPENSSL_NO_TLS1_3_INTEGRITY_ONLY_CIPHERS)
#if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
"TLS_SHA256_SHA256",
"TLS_SHA384_SHA384"
#endif
Expand Down Expand Up @@ -4453,7 +4453,7 @@ static int test_early_data_psk_with_all_ciphers(int idx)
# endif
TLS1_3_RFC_AES_128_CCM_SHA256,
TLS1_3_RFC_AES_128_CCM_8_SHA256,
# if !defined(OPENSSL_NO_TLS1_3_INTEGRITY_ONLY_CIPHERS)
# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
TLS1_3_RFC_SHA256_SHA256,
TLS1_3_RFC_SHA384_SHA384
#else
Expand All @@ -4471,7 +4471,7 @@ static int test_early_data_psk_with_all_ciphers(int idx)
# endif
TLS13_AES_128_CCM_SHA256_BYTES,
TLS13_AES_128_CCM_8_SHA256_BYTES,
# if !defined(OPENSSL_NO_TLS1_3_INTEGRITY_ONLY_CIPHERS)
# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
TLS13_SHA256_SHA256_BYTES,
TLS13_SHA384_SHA384_BYTES
#else
Expand Down Expand Up @@ -5351,7 +5351,7 @@ static int test_tls13_ciphersuite(int idx)
/* CCM8 ciphers are considered low security due to their short tag */
{ TLS1_3_RFC_AES_128_CCM_8_SHA256
":" TLS1_3_RFC_AES_128_CCM_SHA256, 1, 1 },
# if !defined(OPENSSL_NO_TLS1_3_INTEGRITY_ONLY_CIPHERS)
# if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
/* Integrity-only cipher do not provide any confidentiality */
{ TLS1_3_RFC_SHA256_SHA256, 0, 1 },
{ TLS1_3_RFC_SHA384_SHA384, 0, 1 }
Expand Down

0 comments on commit a1922d6

Please sign in to comment.