From eb67a850e980864f720bbc919ebc239ae0ab92d9 Mon Sep 17 00:00:00 2001 From: jsing Date: Tue, 16 Jul 2024 14:38:04 +0000 Subject: [PATCH] Clean up SSL_HANDSHAKE_MAC_DEFAULT. The handshake MAC needs to be upgraded when TLSv1.0 and TLSv1.1 ciphersuites are used with TLSv1.2. Since we no longer support TLSv1.0 and TLSv1.1, we can simply upgrade the handshake MAC in the ciphersuite table and remove the various defines/macros/code that existed to handle the upgrade. ok tb@ --- lib/libssl/s3_lib.c | 72 +++++++++++++++++++++--------------------- lib/libssl/ssl_ciph.c | 17 ++-------- lib/libssl/ssl_local.h | 13 +------- 3 files changed, 39 insertions(+), 63 deletions(-) diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 1c1906d9e78..5fc42ca200b 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.253 2024/07/15 14:45:15 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.254 2024/07/16 14:38:04 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -183,7 +183,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_MD5, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 0, .alg_bits = 0, }, @@ -199,7 +199,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 0, .alg_bits = 0, }, @@ -215,7 +215,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_MD5, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -231,7 +231,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -247,7 +247,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -267,7 +267,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -283,7 +283,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_MD5, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -299,7 +299,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -319,7 +319,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -335,7 +335,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -351,7 +351,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -367,7 +367,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -383,7 +383,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -399,7 +399,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -467,7 +467,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -483,7 +483,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -499,7 +499,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -584,7 +584,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -600,7 +600,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -616,7 +616,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -887,7 +887,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 0, .alg_bits = 0, }, @@ -903,7 +903,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -919,7 +919,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -935,7 +935,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -951,7 +951,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -967,7 +967,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 0, .alg_bits = 0, }, @@ -983,7 +983,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -999,7 +999,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -1015,7 +1015,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -1031,7 +1031,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, @@ -1047,7 +1047,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 0, .alg_bits = 0, }, @@ -1063,7 +1063,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_LOW, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -1079,7 +1079,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_MEDIUM, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 112, .alg_bits = 168, }, @@ -1095,7 +1095,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 128, .alg_bits = 128, }, @@ -1111,7 +1111,7 @@ const SSL_CIPHER ssl3_ciphers[] = { .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, .strength_bits = 256, .alg_bits = 256, }, diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 13790c56be1..246d64e7d51 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.143 2024/07/14 15:39:36 tb Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.144 2024/07/16 14:38:04 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -515,24 +515,12 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *ss, const EVP_AEAD **aead) int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) { - unsigned long handshake_mac; - *md = NULL; if (s->s3->hs.cipher == NULL) return 0; - handshake_mac = s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_MASK; - - /* XXX - can we simplify this now that TLSv1.0 and TLSv1.1 are gone? */ - /* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */ - if (SSL_USE_SHA256_PRF(s) && handshake_mac == SSL_HANDSHAKE_MAC_DEFAULT) - handshake_mac = SSL_HANDSHAKE_MAC_SHA256; - - switch (handshake_mac) { - case SSL_HANDSHAKE_MAC_DEFAULT: - *md = EVP_md5_sha1(); - return 1; + switch (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_MASK) { case SSL_HANDSHAKE_MAC_SHA256: *md = EVP_sha256(); return 1; @@ -1629,7 +1617,6 @@ const EVP_MD * SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c) { switch (c->algorithm2 & SSL_HANDSHAKE_MAC_MASK) { - case SSL_HANDSHAKE_MAC_DEFAULT: case SSL_HANDSHAKE_MAC_SHA256: return EVP_sha256(); case SSL_HANDSHAKE_MAC_SHA384: diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h index 74c6ad33ee4..c002c9b34f0 100644 --- a/lib/libssl/ssl_local.h +++ b/lib/libssl/ssl_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_local.h,v 1.18 2024/07/15 14:45:15 jsing Exp $ */ +/* $OpenBSD: ssl_local.h,v 1.19 2024/07/16 14:38:04 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -246,11 +246,8 @@ __BEGIN_HIDDEN_DECLS /* Bits for algorithm2 (handshake digests and other extra flags) */ #define SSL_HANDSHAKE_MAC_MASK 0xff0 -#define SSL_HANDSHAKE_MAC_MD5 0x010 -#define SSL_HANDSHAKE_MAC_SHA 0x020 #define SSL_HANDSHAKE_MAC_SHA256 0x080 #define SSL_HANDSHAKE_MAC_SHA384 0x100 -#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) #define SSL3_CK_ID 0x03000000 #define SSL3_CK_VALUE_MASK 0x0000ffff @@ -274,10 +271,6 @@ __BEGIN_HIDDEN_DECLS #define SSL_USE_SIGALGS(s) \ (s->method->enc_flags & SSL_ENC_FLAG_SIGALGS) -/* See if we use SHA256 default PRF. */ -#define SSL_USE_SHA256_PRF(s) \ - (s->method->enc_flags & SSL_ENC_FLAG_SHA256_PRF) - /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ #define SSL_USE_TLS1_2_CIPHERS(s) \ (s->method->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) @@ -1188,9 +1181,6 @@ typedef struct ssl3_state_st { /* Uses signature algorithms extension. */ #define SSL_ENC_FLAG_SIGALGS (1 << 1) -/* Uses SHA256 default PRF. */ -#define SSL_ENC_FLAG_SHA256_PRF (1 << 2) - /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ #define SSL_ENC_FLAG_TLS1_2_CIPHERS (1 << 4) @@ -1200,7 +1190,6 @@ typedef struct ssl3_state_st { #define TLSV1_ENC_FLAGS 0 #define TLSV1_1_ENC_FLAGS 0 #define TLSV1_2_ENC_FLAGS (SSL_ENC_FLAG_SIGALGS | \ - SSL_ENC_FLAG_SHA256_PRF | \ SSL_ENC_FLAG_TLS1_2_CIPHERS) #define TLSV1_3_ENC_FLAGS (SSL_ENC_FLAG_SIGALGS | \ SSL_ENC_FLAG_TLS1_3_CIPHERS) -- 2.20.1