generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Experimental encrypt-then-mac support.

Browse Source 
Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt

To enable it set the appropriate extension number (0x10 for the test server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10

For non-compliant peers (i.e. just about everything) this should have no
effect.
This commit is contained in:
Dr. Stephen Henson
2013-03-22 17:12:33 +00:00
parent 226751ae4a
commit 5e3ff62c34
13 changed files with 113 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
ssl/t1_lib.c
View File

@@ -1465,6 +1465,10 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
ret += outlen;
}
}
#ifdef TLSEXT_TYPE_encrypt_then_mac
s2n(TLSEXT_TYPE_encrypt_then_mac,ret);
s2n(0,ret);
#endif
if ((extdatalen = ret-p-2) == 0)
return p;
@@ -1700,6 +1704,21 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
}
}
}
#ifdef TLSEXT_TYPE_encrypt_then_mac
if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
{
/* Don't use encrypt_then_mac if AEAD: might want
* to disable for other ciphersuites too.
*/
if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD)
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
else
{
s2n(TLSEXT_TYPE_encrypt_then_mac,ret);
s2n(0,ret);
}
}
#endif
if (s->s3->alpn_selected)
{
@@ -1934,6 +1953,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
s->cert->pkeys[i].valid_flags = 0;
}
#ifdef TLSEXT_TYPE_encrypt_then_mac
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
#endif
if (data >= (d+n-2))
goto ri_check;
n2s(data,len);
@@ -2452,6 +2475,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
}
}
}
#ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
#endif
data+=size;
}
@@ -2538,6 +2565,10 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
#endif
#ifdef TLSEXT_TYPE_encrypt_then_mac
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
#endif
if (data >= (d+n-2))
goto ri_check;
@@ -2789,6 +2820,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
}
}
}
#ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac)
{
/* Ignore if inappropriate ciphersuite */
if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
}
#endif
data += size;
}