Fix RC4 based ciphersuites #13378
Closed
Fix RC4 based ciphersuites #13378
Conversation
|
LGTM. Approved if CI passes. |
|
Travis is relevant. |
|
Fixup pushed to address Travis failure |
|
This pull request is ready to merge |
We previously updated the block ciphers to know how to remove a TLS MAC when using Encrypt-then-MAC. We also need to do the same for stream ciphers. Fixes #13363
The RC4-MD5 ciphersuites were not removing the length of the MAC when calculating the length of decrypted TLS data. Since RC4 is a streamed cipher that doesn't use padding we separate out the concepts of fixed length TLS data to be removed, and TLS padding.
Commit be9d82b inadvertently disabled ciphersuite testing. This masked some issues. Therefore we fix this testing.
|
Unfortunately #13368 was merged which touched the same ssltest_old.c code as this PR. Therefore I had to rewrite some of that code. @paulidale - please can you reconfirm your approval? |
|
Travis failures are not relevant. Ping @paulidale. |
|
This pull request is ready to merge |
|
Pushed. Thanks. |
openssl-machine
pushed a commit
that referenced
this pull request
Nov 25, 2020
The RC4-MD5 ciphersuites were not removing the length of the MAC when calculating the length of decrypted TLS data. Since RC4 is a streamed cipher that doesn't use padding we separate out the concepts of fixed length TLS data to be removed, and TLS padding. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from #13378)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Commit be9d82b inadvertently disabled ciphersuite testing. This masked two separate issues in the RC4 ciphersuites.
In 1 issue RC4 based ciphersuites fail the properly extract the MAC from decrypted TLS data.
In the 2nd issue the RC4-MD5 stitched ciphersuites fails to adjust the length of the decrypted data appropriately to account for the MAC.
This PR fixes both of those issues, as well as fixing the ciphersuite testing. Note that in fixing the testing I had to make some adjustments to take account of the FIPS module. This required some changes to the DH handling in the test. Currently that test uses the old "low-level" DH object instead of an EVP_PKEY - therefore this PR does the same in order to play nicely with the existing code. That issue is fixed by another PR (#13368). Whichever PR goes in second (this one or #13368) will have to be adjusted to use EVP_PKEY instead of DH.
Fixes #13363