root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Split configuration of TLSv1.3 ciphers from older ciphers 

With the current mechanism, old cipher strings that used to work in 1.1.0,
may inadvertently disable all TLSv1.3 ciphersuites causing connections to
fail. This is confusing for users.

In reality TLSv1.3 are quite different to older ciphers. They are much
simpler and there are only a small number of them so, arguably, they don't
need the same level of control that the older ciphers have.

This change splits the configuration of TLSv1.3 ciphers from older ones.
By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable
them through your existing config.

Fixes #5359

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)
This commit is contained in:
Matt Caswell 2018-02-16 11:26:02 +00:00
parent 5b68d17920
commit f865b08143
26 changed files with 383 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/apps.h
View File

@ -229,7 +229,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
OPT_S_PRIORITIZE_CHACHA, \ OPT_S_PRIORITIZE_CHACHA, \
OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \ OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \ OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \ OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
@ -272,7 +272,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
"Groups to advertise (colon-separated list)" }, \ "Groups to advertise (colon-separated list)" }, \
{"named_curve", OPT_S_NAMEDCURVE, 's', \ {"named_curve", OPT_S_NAMEDCURVE, 's', \
"Elliptic curve used for ECDHE (server-side only)" }, \ "Elliptic curve used for ECDHE (server-side only)" }, \
{"cipher", OPT_S_CIPHER, 's', "Specify cipher list to be used"}, \ {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
{"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
{"record_padding", OPT_S_RECORD_PADDING, 's', \ {"record_padding", OPT_S_RECORD_PADDING, 's', \
"Block size to pad TLS 1.3 records to."}, \ "Block size to pad TLS 1.3 records to."}, \
{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
@ -305,6 +306,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
case OPT_S_CURVES: \ case OPT_S_CURVES: \
case OPT_S_NAMEDCURVE: \ case OPT_S_NAMEDCURVE: \
case OPT_S_CIPHER: \ case OPT_S_CIPHER: \
case OPT_S_CIPHERSUITES: \
case OPT_S_RECORD_PADDING: \ case OPT_S_RECORD_PADDING: \
case OPT_S_NO_RENEGOTIATION: \ case OPT_S_NO_RENEGOTIATION: \
case OPT_S_DEBUGBROKE: \ case OPT_S_DEBUGBROKE: \

14
apps/ciphers.c
View File

@ -26,6 +26,7 @@ typedef enum OPTION_choice {
OPT_TLS1_3, OPT_TLS1_3,
OPT_PSK, OPT_PSK,
OPT_SRP, OPT_SRP,
OPT_CIPHERSUITES,
OPT_V, OPT_UPPER_V, OPT_S OPT_V, OPT_UPPER_V, OPT_S
} OPTION_CHOICE; } OPTION_CHOICE;
@ -57,6 +58,8 @@ const OPTIONS ciphers_options[] = {
{"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"}, {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
#endif #endif
{"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"}, {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
{"ciphersuites", OPT_CIPHERSUITES, 's',
"Configure the TLSv1.3 ciphersuites to use"},
{NULL} {NULL}
}; };
@ -91,7 +94,7 @@ int ciphers_main(int argc, char **argv)
int srp = 0; int srp = 0;
#endif #endif
const char *p; const char *p;
char *ciphers = NULL, *prog, *convert = NULL; char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;
char buf[512]; char buf[512];
OPTION_CHOICE o; OPTION_CHOICE o;
int min_version = 0, max_version = 0; int min_version = 0, max_version = 0;
@ -153,6 +156,9 @@ int ciphers_main(int argc, char **argv)
srp = 1; srp = 1;
#endif #endif
break; break;
case OPT_CIPHERSUITES:
ciphersuites = opt_arg();
break;
} }
} }
argv = opt_rest(); argv = opt_rest();
@ -185,6 +191,12 @@ int ciphers_main(int argc, char **argv)
if (srp) if (srp)
SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
#endif #endif
if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");
goto err;
}
if (ciphers != NULL) { if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n"); BIO_printf(bio_err, "Error in cipher list\n");

1
crypto/err/openssl.txt
View File

@ -986,6 +986,7 @@ SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
SSL_F_ADD_KEY_SHARE:512:add_key_share SSL_F_ADD_KEY_SHARE:512:add_key_share
SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
SSL_F_CHECK_SUITEB_CIPHER_LIST:331:check_suiteb_cipher_list SSL_F_CHECK_SUITEB_CIPHER_LIST:331:check_suiteb_cipher_list
SSL_F_CIPHERSUITE_CB:621:ciphersuite_cb
SSL_F_CONSTRUCT_CA_NAMES:552:construct_ca_names SSL_F_CONSTRUCT_CA_NAMES:552:construct_ca_names
SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS:553:construct_key_exchange_tbs SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS:553:construct_key_exchange_tbs
SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH:539:create_synthetic_message_hash SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH:539:create_synthetic_message_hash

2
include/openssl/ssl.h
View File

@ -1500,6 +1500,8 @@ void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
__owur BIO *SSL_get_rbio(const SSL *s); __owur BIO *SSL_get_rbio(const SSL *s);
__owur BIO *SSL_get_wbio(const SSL *s); __owur BIO *SSL_get_wbio(const SSL *s);
__owur int SSL_set_cipher_list(SSL *s, const char *str); __owur int SSL_set_cipher_list(SSL *s, const char *str);
__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
__owur int SSL_set_ciphersuites(SSL *s, const char *str);
void SSL_set_read_ahead(SSL *s, int yes); void SSL_set_read_ahead(SSL *s, int yes);
__owur int SSL_get_verify_mode(const SSL *s); __owur int SSL_get_verify_mode(const SSL *s);
__owur int SSL_get_verify_depth(const SSL *s); __owur int SSL_get_verify_depth(const SSL *s);

1
include/openssl/sslerr.h
View File

@ -23,6 +23,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_ADD_KEY_SHARE 512 # define SSL_F_ADD_KEY_SHARE 512
# define SSL_F_BYTES_TO_CIPHER_LIST 519 # define SSL_F_BYTES_TO_CIPHER_LIST 519
# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 # define SSL_F_CHECK_SUITEB_CIPHER_LIST 331
# define SSL_F_CIPHERSUITE_CB 621
# define SSL_F_CONSTRUCT_CA_NAMES 552 # define SSL_F_CONSTRUCT_CA_NAMES 552
# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553 # define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553
# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539 # define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539

12
include/openssl/tls1.h
View File

@ -1131,18 +1131,6 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" # define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256"
# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" # define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384"
/* TLSv1.3 ciphersuites */
/*
* TODO(TLS1.3): Review the naming scheme for TLSv1.3 ciphers and also the
* cipherstring selection process for these ciphers
*/
# define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256"
# define TLS1_3_TXT_AES_256_GCM_SHA384 "TLS13-AES-256-GCM-SHA384"
# define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "TLS13-CHACHA20-POLY1305-SHA256"
# define TLS1_3_TXT_AES_128_CCM_SHA256 "TLS13-AES-128-CCM-SHA256"
# define TLS1_3_TXT_AES_128_CCM_8_SHA256 "TLS13-AES-128-CCM-8-SHA256"
# define TLS_CT_RSA_SIGN 1 # define TLS_CT_RSA_SIGN 1
# define TLS_CT_DSS_SIGN 2 # define TLS_CT_DSS_SIGN 2
# define TLS_CT_RSA_FIXED_DH 3 # define TLS_CT_RSA_FIXED_DH 3

182
ssl/s3_lib.c
View File

@ -18,6 +18,7 @@
#include <openssl/rand.h> #include <openssl/rand.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs) #define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
@ -29,6 +30,90 @@ const unsigned char tls12downgrade[] = {
0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
}; };
/* The list of available TLSv1.3 ciphers */
static SSL_CIPHER tls13_ciphers[] = {
{
1,
TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_CK_AES_128_GCM_SHA256,
0, 0,
SSL_AES128GCM,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
SSL_kANY,
SSL_aANY,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256,
128,
128,
}, {
1,
TLS1_3_RFC_AES_256_GCM_SHA384,
TLS1_3_RFC_AES_256_GCM_SHA384,
TLS1_3_CK_AES_256_GCM_SHA384,
SSL_kANY,
SSL_aANY,
SSL_AES256GCM,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
0, 0,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384,
256,
256,
},
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
1,
TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
TLS1_3_CK_CHACHA20_POLY1305_SHA256,
SSL_kANY,
SSL_aANY,
SSL_CHACHA20POLY1305,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
0, 0,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256,
256,
256,
},
#endif
{
1,
TLS1_3_RFC_AES_128_CCM_SHA256,
TLS1_3_RFC_AES_128_CCM_SHA256,
TLS1_3_CK_AES_128_CCM_SHA256,
SSL_kANY,
SSL_aANY,
SSL_AES128CCM,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256,
128,
128,
}, {
1,
TLS1_3_RFC_AES_128_CCM_8_SHA256,
TLS1_3_RFC_AES_128_CCM_8_SHA256,
TLS1_3_CK_AES_128_CCM_8_SHA256,
SSL_kANY,
SSL_aANY,
SSL_AES128CCM8,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256,
128,
128,
}
};
/* /*
* The list of available ciphers, mostly organized into the following * The list of available ciphers, mostly organized into the following
* groups: * groups:
@ -858,88 +943,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
256, 256,
256, 256,
}, },
{
1,
TLS1_3_TXT_AES_128_GCM_SHA256,
TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_CK_AES_128_GCM_SHA256,
0, 0,
SSL_AES128GCM,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
SSL_kANY,
SSL_aANY,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256,
128,
128,
},
{
1,
TLS1_3_TXT_AES_256_GCM_SHA384,
TLS1_3_RFC_AES_256_GCM_SHA384,
TLS1_3_CK_AES_256_GCM_SHA384,
SSL_kANY,
SSL_aANY,
SSL_AES256GCM,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
0, 0,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384,
256,
256,
},
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
1,
TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
TLS1_3_CK_CHACHA20_POLY1305_SHA256,
SSL_kANY,
SSL_aANY,
SSL_CHACHA20POLY1305,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
0, 0,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256,
256,
256,
},
#endif
{
1,
TLS1_3_TXT_AES_128_CCM_SHA256,
TLS1_3_RFC_AES_128_CCM_SHA256,
TLS1_3_CK_AES_128_CCM_SHA256,
SSL_kANY,
SSL_aANY,
SSL_AES128CCM,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256,
128,
128,
},
{
1,
TLS1_3_TXT_AES_128_CCM_8_SHA256,
TLS1_3_RFC_AES_128_CCM_8_SHA256,
TLS1_3_CK_AES_128_CCM_8_SHA256,
SSL_kANY,
SSL_aANY,
SSL_AES128CCM8,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256,
128,
128,
},
{ {
1, 1,
TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
@ -3207,6 +3210,8 @@ static int cipher_compare(const void *a, const void *b)
void ssl_sort_cipher_list(void) void ssl_sort_cipher_list(void)
{ {
qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
cipher_compare);
qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]), qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
cipher_compare); cipher_compare);
qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare); qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
@ -4027,6 +4032,9 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
const SSL_CIPHER *cp; const SSL_CIPHER *cp;
c.id = id; c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
if (cp != NULL)
return cp;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
if (cp != NULL) if (cp != NULL)
return cp; return cp;
@ -4035,12 +4043,13 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname) const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
{ {
SSL_CIPHER *c = NULL; SSL_CIPHER *c = NULL, *tbl;
SSL_CIPHER *tbl = ssl3_ciphers; SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
size_t i; size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
/* this is not efficient, necessary to optimize this? */ /* this is not efficient, necessary to optimize this? */
for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) { for (j = 0; j < OSSL_NELEM(alltabs); j++) {
for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
if (tbl->stdname == NULL) if (tbl->stdname == NULL)
continue; continue;
if (strcmp(stdname, tbl->stdname) == 0) { if (strcmp(stdname, tbl->stdname) == 0) {
@ -4048,6 +4057,7 @@ const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
break; break;
} }
} }
}
if (c == NULL) { if (c == NULL) {
tbl = ssl3_scsvs; tbl = ssl3_scsvs;
for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) { for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {

21
ssl/ssl_ciph.c
View File

@ -1274,12 +1274,14 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
} }
#endif #endif
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
**cipher_list, STACK_OF(SSL_CIPHER) STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
**cipher_list_by_id, STACK_OF(SSL_CIPHER) **cipher_list,
const char *rule_str, CERT *c) STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str,
CERT *c)
{ {
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i;
uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac; uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p; const char *rule_p;
@ -1469,6 +1471,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
return NULL; return NULL;
} }
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
if (!sk_SSL_CIPHER_push(cipherstack,
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
sk_SSL_CIPHER_free(cipherstack);
return NULL;
}
}
/* /*
* The cipher selection for the list is done. The ciphers are added * The cipher selection for the list is done. The ciphers are added
* to the resulting precedence to the STACK_OF(SSL_CIPHER). * to the resulting precedence to the STACK_OF(SSL_CIPHER).

13
ssl/ssl_conf.c
View File

@ -256,6 +256,7 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value) static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value)
{ {
int rv = 1; int rv = 1;
if (cctx->ctx) if (cctx->ctx)
rv = SSL_CTX_set_cipher_list(cctx->ctx, value); rv = SSL_CTX_set_cipher_list(cctx->ctx, value);
if (cctx->ssl) if (cctx->ssl)
@ -263,6 +264,17 @@ static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value)
return rv > 0; return rv > 0;
} }
static int cmd_Ciphersuites(SSL_CONF_CTX *cctx, const char *value)
{
int rv = 1;
if (cctx->ctx)
rv = SSL_CTX_set_ciphersuites(cctx->ctx, value);
if (cctx->ssl)
rv = SSL_set_ciphersuites(cctx->ssl, value);
return rv > 0;
}
static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value) static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
{ {
static const ssl_flag_tbl ssl_protocol_list[] = { static const ssl_flag_tbl ssl_protocol_list[] = {
@ -606,6 +618,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER),
#endif #endif
SSL_CONF_CMD_STRING(CipherString, "cipher", 0), SSL_CONF_CMD_STRING(CipherString, "cipher", 0),
SSL_CONF_CMD_STRING(Ciphersuites, "ciphersuites", 0),
SSL_CONF_CMD_STRING(Protocol, NULL, 0), SSL_CONF_CMD_STRING(Protocol, NULL, 0),
SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", 0), SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", 0),
SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", 0), SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", 0),

1
ssl/ssl_err.c
View File

@ -20,6 +20,7 @@ static const ERR_STRING_DATA SSL_str_functs[] = {
"bytes_to_cipher_list"}, "bytes_to_cipher_list"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_CHECK_SUITEB_CIPHER_LIST, 0), {ERR_PACK(ERR_LIB_SSL, SSL_F_CHECK_SUITEB_CIPHER_LIST, 0),
"check_suiteb_cipher_list"}, "check_suiteb_cipher_list"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_CIPHERSUITE_CB, 0), "ciphersuite_cb"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_CA_NAMES, 0), "construct_ca_names"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_CA_NAMES, 0), "construct_ca_names"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, 0), {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, 0),
"construct_key_exchange_tbs"}, "construct_key_exchange_tbs"},

122
ssl/ssl_lib.c
View File

@ -653,7 +653,9 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
ctx->method = meth; ctx->method = meth;
sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), sk = ssl_create_cipher_list(ctx->method,
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
&(ctx->cipher_list_by_id), &(ctx->cipher_list_by_id),
SSL_DEFAULT_CIPHER_LIST, ctx->cert); SSL_DEFAULT_CIPHER_LIST, ctx->cert);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
@ -712,6 +714,11 @@ SSL *SSL_new(SSL_CTX *ctx)
s->max_cert_list = ctx->max_cert_list; s->max_cert_list = ctx->max_cert_list;
s->max_early_data = ctx->max_early_data; s->max_early_data = ctx->max_early_data;
/* Shallow copy of the ciphersuites stack */
s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
if (s->tls13_ciphersuites == NULL)
goto err;
/* /*
* Earlier library versions used to copy the pointer to the CERT, not * Earlier library versions used to copy the pointer to the CERT, not
* its contents; only when setting new parameters for the per-SSL * its contents; only when setting new parameters for the per-SSL
@ -1156,6 +1163,7 @@ void SSL_free(SSL *s)
/* add extra stuff */ /* add extra stuff */
sk_SSL_CIPHER_free(s->cipher_list); sk_SSL_CIPHER_free(s->cipher_list);
sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->cipher_list_by_id);
sk_SSL_CIPHER_free(s->tls13_ciphersuites);
/* Make the next call work :-) */ /* Make the next call work :-) */
if (s->session != NULL) { if (s->session != NULL) {
@ -2520,8 +2528,9 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
{ {
STACK_OF(SSL_CIPHER) *sk; STACK_OF(SSL_CIPHER) *sk;
sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites,
&ctx->cipher_list_by_id, str, ctx->cert); &ctx->cipher_list, &ctx->cipher_list_by_id, str,
ctx->cert);
/* /*
* ssl_create_cipher_list may return an empty stack if it was unable to * ssl_create_cipher_list may return an empty stack if it was unable to
* find a cipher matching the given rule string (for example if the rule * find a cipher matching the given rule string (for example if the rule
@ -2543,8 +2552,9 @@ int SSL_set_cipher_list(SSL *s, const char *str)
{ {
STACK_OF(SSL_CIPHER) *sk; STACK_OF(SSL_CIPHER) *sk;
sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites,
&s->cipher_list_by_id, str, s->cert); &s->cipher_list, &s->cipher_list_by_id, str,
s->cert);
/* see comment in SSL_CTX_set_cipher_list */ /* see comment in SSL_CTX_set_cipher_list */
if (sk == NULL) if (sk == NULL)
return 0; return 0;
@ -2555,6 +2565,99 @@ int SSL_set_cipher_list(SSL *s, const char *str)
return 1; return 1;
} }
static int ciphersuite_cb(const char *elem, int len, void *arg)
{
STACK_OF(SSL_CIPHER) *ciphersuites = (STACK_OF(SSL_CIPHER) *)arg;
const SSL_CIPHER *cipher;
/* Arbitrary sized temp buffer for the cipher name. Should be big enough */
char name[80];
if (len > (int)(sizeof(name) - 1)) {
SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
return 0;
}
memcpy(name, elem, len);
name[len] = '\0';
cipher = ssl3_get_cipher_by_std_name(name);
if (cipher == NULL) {
SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
return 0;
}
if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) {
SSLerr(SSL_F_CIPHERSUITE_CB, ERR_R_INTERNAL_ERROR);
return 0;
}
return 1;
}
static int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
{
STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null();
if (newciphers == NULL)
return 0;
/* Parse the list. We explicitly allow an empty list */
if (*str != '\0'
&& !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) {
sk_SSL_CIPHER_free(newciphers);
return 0;
}
sk_SSL_CIPHER_free(*currciphers);
*currciphers = newciphers;
return 1;
}
static int update_cipher_list(STACK_OF(SSL_CIPHER) *cipher_list,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites)
{
int i;
/*
* Delete any existing TLSv1.3 ciphersuites. These are always first in the
* list.
*/
while (sk_SSL_CIPHER_num(cipher_list) > 0
&& sk_SSL_CIPHER_value(cipher_list, 0)->min_tls == TLS1_3_VERSION)
sk_SSL_CIPHER_delete(cipher_list, 0);
/* Insert the new TLSv1.3 ciphersuites */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++)
sk_SSL_CIPHER_insert(cipher_list,
sk_SSL_CIPHER_value(tls13_ciphersuites, i), i);
return 1;
}
int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
{
int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str);
if (ret && ctx->cipher_list != NULL) {
/* We already have a cipher_list, so we need to update it */
return update_cipher_list(ctx->cipher_list, ctx->tls13_ciphersuites);
}
return ret;
}
int SSL_set_ciphersuites(SSL *s, const char *str)
{
int ret = set_ciphersuites(&(s->tls13_ciphersuites), str);
if (ret && s->cipher_list != NULL) {
/* We already have a cipher_list, so we need to update it */
return update_cipher_list(s->cipher_list, s->tls13_ciphersuites);
}
return ret;
}
char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
{ {
char *p; char *p;
@ -2915,7 +3018,15 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
if (ret->ctlog_store == NULL) if (ret->ctlog_store == NULL)
goto err; goto err;
#endif #endif
if (!SSL_CTX_set_ciphersuites(ret,
"TLS_AES_256_GCM_SHA384:"
"TLS_CHACHA20_POLY1305_SHA256:"
"TLS_AES_128_GCM_SHA256"))
goto err;
if (!ssl_create_cipher_list(ret->method, if (!ssl_create_cipher_list(ret->method,
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id, &ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert) SSL_DEFAULT_CIPHER_LIST, ret->cert)
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
@ -3075,6 +3186,7 @@ void SSL_CTX_free(SSL_CTX *a)
#endif #endif
sk_SSL_CIPHER_free(a->cipher_list); sk_SSL_CIPHER_free(a->cipher_list);
sk_SSL_CIPHER_free(a->cipher_list_by_id); sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert); ssl_cert_free(a->cert);
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free); sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
sk_X509_pop_free(a->extra_certs, X509_free); sk_X509_pop_free(a->extra_certs, X509_free);

12
ssl/ssl_locl.h
View File

@ -740,6 +740,8 @@ struct ssl_ctx_st {
STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list;
/* same as above but sorted for lookup */ /* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id; STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
struct x509_store_st /* X509_STORE */ *cert_store; struct x509_store_st /* X509_STORE */ *cert_store;
LHASH_OF(SSL_SESSION) *sessions; LHASH_OF(SSL_SESSION) *sessions;
/* /*
@ -1108,6 +1110,8 @@ struct ssl_st {
/* crypto */ /* crypto */
STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id; STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
/* /*
* These are the ones being used, the ones in SSL_SESSION are the ones to * These are the ones being used, the ones in SSL_SESSION are the ones to
* be 'copied' into these ones * be 'copied' into these ones
@ -2198,10 +2202,10 @@ __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp); const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) STACK_OF(SSL_CIPHER) **cipher_list,
**sorted, STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str, const char *rule_str,
CERT *c); CERT *c);
__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format); __owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format);

14
test/cipherlist_test.c
View File

@ -63,6 +63,13 @@ static CIPHERLIST_TEST_FIXTURE *set_up(const char *const test_case_name)
* are currently broken and should be considered mission impossible in libssl. * are currently broken and should be considered mission impossible in libssl.
*/ */
static const uint32_t default_ciphers_in_order[] = { static const uint32_t default_ciphers_in_order[] = {
#ifndef OPENSSL_NO_TLS1_3
TLS1_3_CK_AES_256_GCM_SHA384,
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
TLS1_3_CK_CHACHA20_POLY1305_SHA256,
# endif
TLS1_3_CK_AES_128_GCM_SHA256,
#endif
#ifndef OPENSSL_NO_TLS1_2 #ifndef OPENSSL_NO_TLS1_2
# ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_EC
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@ -127,13 +134,6 @@ static const uint32_t default_ciphers_in_order[] = {
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
#endif #endif
#ifndef OPENSSL_NO_TLS1_3
TLS1_3_CK_AES_256_GCM_SHA384,
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
TLS1_3_CK_CHACHA20_POLY1305_SHA256,
# endif
TLS1_3_CK_AES_128_GCM_SHA256,
#endif
#ifndef OPENSSL_NO_TLS1_2 #ifndef OPENSSL_NO_TLS1_2
TLS1_CK_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256,
TLS1_CK_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256,

3
test/clienthellotest.c
View File

@ -97,8 +97,7 @@ static int test_client_hello(int currtest)
* ClientHello is already going to be quite long. To avoid getting one * ClientHello is already going to be quite long. To avoid getting one
* that is too long for this test we use a restricted ciphersuite list * that is too long for this test we use a restricted ciphersuite list
*/ */
if (!TEST_true(SSL_CTX_set_cipher_list(ctx, if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "")))
"TLS13-AES-128-GCM-SHA256")))
goto end; goto end;
/* Fall through */ /* Fall through */
case TEST_ADD_PADDING: case TEST_ADD_PADDING:

4
test/fatalerrtest.c
View File

@ -38,6 +38,10 @@ static int test_fatalerr(void)
*/ */
if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA")) if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA"))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) || !TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-SHA"))
|| !TEST_true(SSL_CTX_set_ciphersuites(sctx,
"TLS_AES_128_GCM_SHA256"))
|| !TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_AES_256_GCM_SHA384"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, || !TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL,
NULL))) NULL)))
goto err; goto err;

18
test/recipes/70-test_sslsigalgs.t
View File

@ -116,7 +116,7 @@ SKIP: {
# should succeed # should succeed
$proxy->clear(); $proxy->clear();
$proxy->serverflags("-no_tls1_3"); $proxy->serverflags("-no_tls1_3");
$proxy->ciphers("ECDHE-RSA-AES128-SHA:TLS13-AES-128-GCM-SHA256"); $proxy->ciphers("ECDHE-RSA-AES128-SHA");
$proxy->filter(undef); $proxy->filter(undef);
$proxy->start(); $proxy->start();
ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server"); ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server");
@ -131,7 +131,7 @@ SKIP: {
$proxy->clear(); $proxy->clear();
$testtype = NO_SIG_ALGS_EXT; $testtype = NO_SIG_ALGS_EXT;
$proxy->clientflags("-no_tls1_3"); $proxy->clientflags("-no_tls1_3");
$proxy->ciphers("ECDHE-RSA-AES128-SHA:TLS13-AES-128-GCM-SHA256"); $proxy->ciphers("ECDHE-RSA-AES128-SHA");
$proxy->start(); $proxy->start();
ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs"); ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs");
@ -139,7 +139,7 @@ SKIP: {
$proxy->clear(); $proxy->clear();
$testtype = EMPTY_SIG_ALGS_EXT; $testtype = EMPTY_SIG_ALGS_EXT;
$proxy->clientflags("-no_tls1_3"); $proxy->clientflags("-no_tls1_3");
$proxy->ciphers("ECDHE-RSA-AES128-SHA:TLS13-AES-128-GCM-SHA256"); $proxy->ciphers("ECDHE-RSA-AES128-SHA");
$proxy->start(); $proxy->start();
ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs"); ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs");
@ -147,7 +147,7 @@ SKIP: {
$proxy->clear(); $proxy->clear();
$testtype = NO_KNOWN_SIG_ALGS; $testtype = NO_KNOWN_SIG_ALGS;
$proxy->clientflags("-no_tls1_3"); $proxy->clientflags("-no_tls1_3");
$proxy->ciphers("ECDHE-RSA-AES128-SHA:TLS13-AES-128-GCM-SHA256"); $proxy->ciphers("ECDHE-RSA-AES128-SHA");
$proxy->start(); $proxy->start();
ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs"); ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs");
@ -156,7 +156,7 @@ SKIP: {
$proxy->clear(); $proxy->clear();
$testtype = NO_PSS_SIG_ALGS; $testtype = NO_PSS_SIG_ALGS;
$proxy->clientflags("-no_tls1_3"); $proxy->clientflags("-no_tls1_3");
$proxy->ciphers("ECDHE-RSA-AES128-SHA:TLS13-AES-128-GCM-SHA256"); $proxy->ciphers("ECDHE-RSA-AES128-SHA");
$proxy->start(); $proxy->start();
ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs"); ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs");
@ -164,7 +164,7 @@ SKIP: {
$proxy->clear(); $proxy->clear();
$testtype = PSS_ONLY_SIG_ALGS; $testtype = PSS_ONLY_SIG_ALGS;
$proxy->serverflags("-no_tls1_3"); $proxy->serverflags("-no_tls1_3");
$proxy->ciphers("ECDHE-RSA-AES128-SHA:TLS13-AES-128-GCM-SHA256"); $proxy->ciphers("ECDHE-RSA-AES128-SHA");
$proxy->start(); $proxy->start();
ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2"); ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2");
@ -175,7 +175,7 @@ SKIP: {
$proxy->clear(); $proxy->clear();
$testtype = PSS_ONLY_SIG_ALGS; $testtype = PSS_ONLY_SIG_ALGS;
$proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256"); $proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256");
$proxy->ciphers("ECDHE-RSA-AES128-SHA:TLS13-AES-128-GCM-SHA256"); $proxy->ciphers("ECDHE-RSA-AES128-SHA");
$proxy->start(); $proxy->start();
ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2"); ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2");
@ -183,7 +183,7 @@ SKIP: {
# matches the certificate should fail in TLSv1.2 # matches the certificate should fail in TLSv1.2
$proxy->clear(); $proxy->clear();
$proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256"); $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256");
$proxy->ciphers("ECDHE-RSA-AES128-SHA:TLS13-AES-128-GCM-SHA256"); $proxy->ciphers("ECDHE-RSA-AES128-SHA");
$proxy->filter(undef); $proxy->filter(undef);
$proxy->start(); $proxy->start();
ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs"); ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs");
@ -197,7 +197,7 @@ SKIP: {
"server-ecdsa-cert.pem") . "server-ecdsa-cert.pem") .
" -key " . srctop_file("test", "certs", " -key " . srctop_file("test", "certs",
"server-ecdsa-key.pem")), "server-ecdsa-key.pem")),
$proxy->ciphers("ECDHE-ECDSA-AES128-SHA:TLS13-AES-128-GCM-SHA256"); $proxy->ciphers("ECDHE-ECDSA-AES128-SHA");
$proxy->start(); $proxy->start();
ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA"); ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA");
} }

5
test/recipes/70-test_tls13hrr.t
View File

@ -53,7 +53,7 @@ ok(TLSProxy::Message->fail(), "Server ciphersuite changes");
# we end up selecting a different ciphersuite between HRR and the SH # we end up selecting a different ciphersuite between HRR and the SH
$proxy->clear(); $proxy->clear();
$proxy->serverflags("-curves P-256"); $proxy->serverflags("-curves P-256");
$proxy->ciphers("TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384"); $proxy->ciphersuitess("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384");
$testtype = CHANGE_CH1_CIPHERSUITE; $testtype = CHANGE_CH1_CIPHERSUITE;
$proxy->start(); $proxy->start();
ok(TLSProxy::Message->fail(), "Client ciphersuite changes"); ok(TLSProxy::Message->fail(), "Client ciphersuite changes");
@ -85,8 +85,7 @@ sub hrr_filter
my $ch1 = ${$proxy->message_list}[0]; my $ch1 = ${$proxy->message_list}[0];
# The server prefers TLS13-AES-256-GCM-SHA384 so it will pick that next # The server will always pick TLS_AES_256_GCM_SHA384
# time around
my @ciphersuites = (TLSProxy::Message::CIPHER_TLS13_AES_128_GCM_SHA256); my @ciphersuites = (TLSProxy::Message::CIPHER_TLS13_AES_128_GCM_SHA256);
$ch1->ciphersuite_len(2 * scalar @ciphersuites); $ch1->ciphersuite_len(2 * scalar @ciphersuites);
$ch1->ciphersuites(\@ciphersuites); $ch1->ciphersuites(\@ciphersuites);

6
test/recipes/70-test_tls13psk.t
View File

@ -82,10 +82,10 @@ $proxy->clear();
$proxy->clientflags("-sess_in ".$session); $proxy->clientflags("-sess_in ".$session);
$proxy->filter(\&modify_psk_filter); $proxy->filter(\&modify_psk_filter);
$proxy->serverflags("-curves P-256"); $proxy->serverflags("-curves P-256");
$proxy->cipherc("TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384"); $proxy->ciphersuitesc("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384");
$proxy->ciphers("TLS13-AES-256-GCM-SHA384"); $proxy->ciphersuitess("TLS_AES_256_GCM_SHA384");
#We force an early failure because TLS Proxy doesn't actually support #We force an early failure because TLS Proxy doesn't actually support
#TLS13-AES-256-GCM-SHA384. That doesn't matter for this test though. #TLS_AES_256_GCM_SHA384. That doesn't matter for this test though.
$testtype = ILLEGAL_EXT_SECOND_CH; $testtype = ILLEGAL_EXT_SECOND_CH;
$proxy->start(); $proxy->start();
#Check if the PSK is present in the second ClientHello #Check if the PSK is present in the second ClientHello

17
test/recipes/80-test_ssl_old.t
View File

@ -432,9 +432,12 @@ sub testssl {
if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0; if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0;
# The count of protocols is because in addition to the ciphersuites # The count of protocols is because in addition to the ciphersuites
# we got above, we're running a weak DH test for each protocol # we got above, we're running a weak DH test for each protocol (except
plan tests => scalar(@protocols) + $protocolciphersuitecount # TLSv1.3)
my $testcount = scalar(@protocols) + $protocolciphersuitecount
+ scalar(keys %ciphersuites); + scalar(keys %ciphersuites);
$testcount-- unless $no_tls1_3;
plan tests => $testcount;
foreach my $protocol (@protocols) { foreach my $protocol (@protocols) {
ok($ciphersstatus{$protocol}, "Getting ciphers for $protocol"); ok($ciphersstatus{$protocol}, "Getting ciphers for $protocol");
@ -445,21 +448,27 @@ sub testssl {
# ssltest_old doesn't know -tls1_3, but that's fine, since that's # ssltest_old doesn't know -tls1_3, but that's fine, since that's
# the default choice if TLSv1.3 enabled # the default choice if TLSv1.3 enabled
my $flag = $protocol eq "-tls1_3" ? "" : $protocol; my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
my $ciphersuites = "";
foreach my $cipher (@{$ciphersuites{$protocol}}) { foreach my $cipher (@{$ciphersuites{$protocol}}) {
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
note "*****SKIPPING $protocol $cipher"; note "*****SKIPPING $protocol $cipher";
ok(1); ok(1);
} else { } else {
if ($protocol eq "-tls1_3") {
$ciphersuites = $cipher;
$cipher = "";
}
ok(run(test([@ssltest, @exkeys, "-cipher", $cipher, ok(run(test([@ssltest, @exkeys, "-cipher", $cipher,
$flag || ()])), "-ciphersuites", $ciphersuites, $flag || ()])),
"Testing $cipher"); "Testing $cipher");
} }
} }
next if $protocol eq "-tls1_3";
is(run(test([@ssltest, is(run(test([@ssltest,
"-s_cipher", "EDH", "-s_cipher", "EDH",
"-c_cipher", 'EDH:@SECLEVEL=1', "-c_cipher", 'EDH:@SECLEVEL=1',
"-dhe512", "-dhe512",
$protocol eq "SSLv3" ? ("-ssl3") : ()])), 0, $protocol])), 0,
"testing connection with weak DH, expecting failure"); "testing connection with weak DH, expecting failure");
} }
}; };

2
test/ssl-tests/02-protocol-version.conf
View File

@ -18787,6 +18787,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[676-ciphersuite-sanity-check-client-client] [676-ciphersuite-sanity-check-client-client]
CipherString = AES128-SHA CipherString = AES128-SHA
Ciphersuites =
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer VerifyMode = Peer
@ -18806,6 +18807,7 @@ client = 677-ciphersuite-sanity-check-server-client
[677-ciphersuite-sanity-check-server-server] [677-ciphersuite-sanity-check-server-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = AES128-SHA CipherString = AES128-SHA
Ciphersuites =
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[677-ciphersuite-sanity-check-server-client] [677-ciphersuite-sanity-check-server-client]

2
test/ssl-tests/protocol_version.pm
View File

@ -137,6 +137,7 @@ sub generate_version_tests {
"client" => { "client" => {
#Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
"CipherString" => "AES128-SHA", "CipherString" => "AES128-SHA",
"Ciphersuites" => "",
}, },
"server" => { "server" => {
"MaxProtocol" => "TLSv1.2" "MaxProtocol" => "TLSv1.2"
@ -154,6 +155,7 @@ sub generate_version_tests {
"server" => { "server" => {
#Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
"CipherString" => "AES128-SHA", "CipherString" => "AES128-SHA",
"Ciphersuites" => "",
}, },
"test" => { "test" => {
"ExpectedResult" => "ServerFail", "ExpectedResult" => "ServerFail",

22
test/sslapitest.c
View File

@ -2381,8 +2381,8 @@ static int test_ciphersuite_change(void)
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(), &sctx, TLS_client_method(), &sctx,
&cctx, cert, privkey)) &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx, || !TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS13-AES-128-GCM-SHA256")) "TLS_AES_128_GCM_SHA256"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL)) &clientssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl, || !TEST_true(create_ssl_connection(serverssl, clientssl,
@ -2400,8 +2400,8 @@ static int test_ciphersuite_change(void)
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
/* Check we can resume a session with a different SHA-256 ciphersuite */ /* Check we can resume a session with a different SHA-256 ciphersuite */
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS13-CHACHA20-POLY1305-SHA256")) "TLS_CHACHA20_POLY1305_SHA256"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)) NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, clntsess)) || !TEST_true(SSL_set_session(clientssl, clntsess))
@ -2423,7 +2423,7 @@ static int test_ciphersuite_change(void)
* Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
* succeeds but does not resume. * succeeds but does not resume.
*/ */
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384")) if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)) NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, clntsess)) || !TEST_true(SSL_set_session(clientssl, clntsess))
@ -2441,7 +2441,7 @@ static int test_ciphersuite_change(void)
serverssl = clientssl = NULL; serverssl = clientssl = NULL;
/* Create a session based on SHA384 */ /* Create a session based on SHA384 */
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-256-GCM-SHA384")) if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL)) &clientssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl, || !TEST_true(create_ssl_connection(serverssl, clientssl,
@ -2455,10 +2455,10 @@ static int test_ciphersuite_change(void)
SSL_free(clientssl); SSL_free(clientssl);
serverssl = clientssl = NULL; serverssl = clientssl = NULL;
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384")) "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"))
|| !TEST_true(SSL_CTX_set_cipher_list(sctx, || !TEST_true(SSL_CTX_set_ciphersuites(sctx,
"TLS13-AES-256-GCM-SHA384")) "TLS_AES_256_GCM_SHA384"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)) NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, clntsess)) || !TEST_true(SSL_set_session(clientssl, clntsess))
@ -2520,7 +2520,7 @@ static int test_tls13_psk(int idx)
* We use a ciphersuite with SHA256 to ease testing old style PSK callbacks * We use a ciphersuite with SHA256 to ease testing old style PSK callbacks
* which will always default to SHA256 * which will always default to SHA256
*/ */
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "TLS13-AES-128-GCM-SHA256"))) if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
goto end; goto end;
/* /*

8
test/sslcorrupttest.c
View File

@ -202,19 +202,17 @@ static int test_ssl_corrupt(int testidx)
goto end; goto end;
if (!TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx)) if (!TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx))
|| !TEST_true(SSL_CTX_set_ciphersuites(cctx, ""))
|| !TEST_int_eq(sk_SSL_CIPHER_num(ciphers), 1) || !TEST_int_eq(sk_SSL_CIPHER_num(ciphers), 1)
|| !TEST_ptr(currcipher = sk_SSL_CIPHER_value(ciphers, 0))) || !TEST_ptr(currcipher = sk_SSL_CIPHER_value(ciphers, 0)))
goto end; goto end;
/* /*
* If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use * No ciphers we are using are TLSv1.3 compatible so we should not attempt
* TLSv1.3. Version negotiation happens before cipher selection, so we will * to negotiate TLSv1.3
* get a "no shared cipher" error.
*/ */
if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) {
if (!TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION))) if (!TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)))
goto end; goto end;
}
if (!TEST_ptr(c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter()))) if (!TEST_ptr(c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter())))
goto end; goto end;

17
test/ssltest_old.c
View File

@ -612,6 +612,7 @@ static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
} }
static char *cipher = NULL; static char *cipher = NULL;
static char *ciphersuites = NULL;
static int verbose = 0; static int verbose = 0;
static int debug = 0; static int debug = 0;
@ -671,7 +672,8 @@ static void sv_usage(void)
fprintf(stderr, " -c_cert arg - Client certificate file\n"); fprintf(stderr, " -c_cert arg - Client certificate file\n");
fprintf(stderr, fprintf(stderr,
" -c_key arg - Client key file (default: same as -c_cert)\n"); " -c_key arg - Client key file (default: same as -c_cert)\n");
fprintf(stderr, " -cipher arg - The cipher list\n"); fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n");
fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n");
fprintf(stderr, " -bio_pair - Use BIO pairs\n"); fprintf(stderr, " -bio_pair - Use BIO pairs\n");
fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n"); fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n"); fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
@ -918,7 +920,6 @@ int main(int argc, char *argv[])
verbose = 0; verbose = 0;
debug = 0; debug = 0;
cipher = 0;
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
@ -1046,6 +1047,10 @@ int main(int argc, char *argv[])
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
cipher = *(++argv); cipher = *(++argv);
} else if (strcmp(*argv, "-ciphersuites") == 0) {
if (--argc < 1)
goto bad;
ciphersuites = *(++argv);
} else if (strcmp(*argv, "-CApath") == 0) { } else if (strcmp(*argv, "-CApath") == 0) {
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
@ -1377,6 +1382,14 @@ int main(int argc, char *argv[])
goto end; goto end;
} }
} }
if (ciphersuites != NULL) {
if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites)
|| !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites)
|| !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) {
ERR_print_errors(bio_err);
goto end;
}
}
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
if (ct_validation && if (ct_validation &&

2
util/libssl.num
View File

@ -484,3 +484,5 @@ SSL_SESSION_set1_ticket_appdata 484 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_session_ticket_cb 485 1_1_1 EXIST::FUNCTION: SSL_CTX_set_session_ticket_cb 485 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_stateless_cookie_generate_cb 486 1_1_1 EXIST::FUNCTION: SSL_CTX_set_stateless_cookie_generate_cb 486 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_stateless_cookie_verify_cb 487 1_1_1 EXIST::FUNCTION: SSL_CTX_set_stateless_cookie_verify_cb 487 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_ciphersuites 488 1_1_1 EXIST::FUNCTION:
SSL_set_ciphersuites 489 1_1_1 EXIST::FUNCTION:

30
util/perl/TLSProxy/Proxy.pm
View File

@ -58,7 +58,9 @@ sub new
cert => $cert, cert => $cert,
debug => $debug, debug => $debug,
cipherc => "", cipherc => "",
ciphers => "AES128-SHA:TLS13-AES-128-GCM-SHA256", ciphersuitesc => "",
ciphers => "AES128-SHA",
ciphersuitess => "TLS_AES_128_GCM_SHA256",
flight => 0, flight => 0,
record_list => [], record_list => [],
message_list => [], message_list => [],
@ -135,6 +137,7 @@ sub clearClient
my $self = shift; my $self = shift;
$self->{cipherc} = ""; $self->{cipherc} = "";
$self->{ciphersuitec} = "";
$self->{flight} = 0; $self->{flight} = 0;
$self->{record_list} = []; $self->{record_list} = [];
$self->{message_list} = []; $self->{message_list} = [];
@ -153,7 +156,8 @@ sub clear
my $self = shift; my $self = shift;
$self->clearClient; $self->clearClient;
$self->{ciphers} = "AES128-SHA:TLS13-AES-128-GCM-SHA256"; $self->{ciphers} = "AES128-SHA";
$self->{ciphersuitess} = "TLS_AES_128_GCM_SHA256";
$self->{serverflags} = ""; $self->{serverflags} = "";
$self->{serverconnects} = 1; $self->{serverconnects} = 1;
$self->{serverpid} = 0; $self->{serverpid} = 0;
@ -198,6 +202,9 @@ sub start
if ($self->ciphers ne "") { if ($self->ciphers ne "") {
$execcmd .= " -cipher ".$self->ciphers; $execcmd .= " -cipher ".$self->ciphers;
} }
if ($self->ciphersuitess ne "") {
$execcmd .= " -ciphersuites ".$self->ciphersuitess;
}
if ($self->serverflags ne "") { if ($self->serverflags ne "") {
$execcmd .= " ".$self->serverflags; $execcmd .= " ".$self->serverflags;
} }
@ -234,6 +241,9 @@ sub clientstart
if ($self->cipherc ne "") { if ($self->cipherc ne "") {
$execcmd .= " -cipher ".$self->cipherc; $execcmd .= " -cipher ".$self->cipherc;
} }
if ($self->ciphersuitesc ne "") {
$execcmd .= " -ciphersuites ".$self->ciphersuitesc;
}
if ($self->clientflags ne "") { if ($self->clientflags ne "") {
$execcmd .= " ".$self->clientflags; $execcmd .= " ".$self->clientflags;
} }
@ -487,6 +497,14 @@ sub cipherc
} }
return $self->{cipherc}; return $self->{cipherc};
} }
sub ciphersuitesc
{
my $self = shift;
if (@_) {
$self->{ciphersuitesc} = shift;
}
return $self->{ciphersuitesc};
}
sub ciphers sub ciphers
{ {
my $self = shift; my $self = shift;
@ -495,6 +513,14 @@ sub ciphers
} }
return $self->{ciphers}; return $self->{ciphers};
} }
sub ciphersuitess
{
my $self = shift;
if (@_) {
$self->{ciphersuitess} = shift;
}
return $self->{ciphersuitess};
}
sub serverflags sub serverflags
{ {
my $self = shift; my $self = shift;