Skip to content

Commit

Permalink
fixup! Add support for integrity-only cipher suites for TLS v1.3
Browse files Browse the repository at this point in the history
  • Loading branch information
rajeev-0 committed May 3, 2024
1 parent 64d92e5 commit bd1101b
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 18 deletions.
2 changes: 1 addition & 1 deletion ssl/record/methods/tls13_meth.c
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ static int tls13_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
int mode;
int enc = (rl->direction == OSSL_RECORD_DIRECTION_WRITE) ? 1 : 0;

rl->iv = OPENSSL_zalloc(ivlen);
rl->iv = OPENSSL_malloc(ivlen);
if (rl->iv == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return OSSL_RECORD_RETURN_FATAL;
Expand Down
31 changes: 16 additions & 15 deletions ssl/tls13_enc.c
Original file line number Diff line number Diff line change
Expand Up @@ -475,14 +475,14 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
int mac_pkey_type = NID_undef;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
size_t keylen, ivlen = EVP_MAX_IV_LENGTH, taglen;
EVP_MD_CTX *mdctx = NULL;
int level;
int direction = (which & SSL3_CC_READ) != 0 ? OSSL_RECORD_DIRECTION_READ
: OSSL_RECORD_DIRECTION_WRITE;

if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE))
|| ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) {
if (which & SSL3_CC_EARLY) {
EVP_MD_CTX *mdctx = NULL;
long handlen;
void *hdata;
unsigned int hashlenui;
Expand Down Expand Up @@ -520,17 +520,6 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
goto err;
}

/*
* We need to calculate the handshake digest using the digest from
* the session. We haven't yet selected our ciphersuite so we can't
* use ssl_handshake_md().
*/
mdctx = EVP_MD_CTX_new();
if (mdctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err;
}

/*
* This ups the ref count on cipher so we better make sure we free
* it again
Expand All @@ -548,14 +537,27 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
goto err;
}

/*
* We need to calculate the handshake digest using the digest from
* the session. We haven't yet selected our ciphersuite so we can't
* use ssl_handshake_md().
*/
mdctx = EVP_MD_CTX_new();
if (mdctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err;
}

md = ssl_md(sctx, sslcipher->algorithm2);
if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL)
|| !EVP_DigestUpdate(mdctx, hdata, handlen)
|| !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
EVP_MD_CTX_free(mdctx);
goto err;
}
hashlen = hashlenui;
EVP_MD_CTX_free(mdctx);

if (!tls13_hkdf_expand(s, md, insecret,
early_exporter_master_secret,
Expand Down Expand Up @@ -727,12 +729,11 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
/* We up-refed this so now we need to down ref */
if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
ssl_evp_md_free(mac_md);
EVP_MD_CTX_free(mdctx);
ssl_evp_cipher_free(cipher);
}
OPENSSL_cleanse(key, sizeof(key));
OPENSSL_cleanse(secret, sizeof(secret));
if (ivlen > EVP_MAX_IV_LENGTH)
if (iv != iv_intern)
OPENSSL_free(iv);
return ret;
}
Expand Down Expand Up @@ -798,7 +799,7 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
err:
OPENSSL_cleanse(key, sizeof(key));
OPENSSL_cleanse(secret, sizeof(secret));
if (ivlen > EVP_MAX_IV_LENGTH)
if (iv != iv_intern)
OPENSSL_free(iv);
return ret;
}
Expand Down
4 changes: 2 additions & 2 deletions test/sslapitest.c
Original file line number Diff line number Diff line change
Expand Up @@ -3909,7 +3909,7 @@ static int early_data_skip_helper(int testtype, int cipher, int idx)
return 1;

if (ciphersuites[cipher] == NULL)
return 1;
return TEST_skip("Cipher not supported");

if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
Expand All @@ -3928,7 +3928,7 @@ static int early_data_skip_helper(int testtype, int cipher, int idx)

if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
&serverssl, &sess, idx,
cipher == 2 || cipher == 6
(cipher == 2 || cipher == 6)
? SHA384_DIGEST_LENGTH
: SHA256_DIGEST_LENGTH)))
goto end;
Expand Down

0 comments on commit bd1101b

Please sign in to comment.