@@ -13215,6 +13215,7 @@ chacha20_block() {
13215
13215
}
13216
13216
13217
13217
# See RFC 8439, Section 2.4
13218
+ #
13218
13219
chacha20() {
13219
13220
local key="$1"
13220
13221
local -i counter=1
@@ -13223,15 +13224,18 @@ chacha20() {
13223
13224
local -i i ciphertext_len num_blocks mod_check
13224
13225
local -i i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16
13225
13226
local keystream plaintext=""
13227
+ local enc_chacha_used=false
13226
13228
13227
13229
if "$HAS_CHACHA20"; then
13228
- plaintext="$(hex2binary "$ciphertext" | \
13229
- $OPENSSL enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13230
- tm_out "$(strip_spaces "$plaintext")"
13231
- return 0
13230
+ plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13231
+ enc_chacha_used=true
13232
13232
elif "$OPENSSL2_HAS_CHACHA20"; then
13233
- plaintext="$(hex2binary "$ciphertext" | \
13234
- $OPENSSL2 enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13233
+ # empty OPENSSL_CONF temporarily as it might cause problems, see #2780
13234
+ plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13235
+ enc_chacha_used=true
13236
+ fi
13237
+
13238
+ if [[ -n "$plaintext" ]] && "$enc_chacha_used"; then
13235
13239
tm_out "$(strip_spaces "$plaintext")"
13236
13240
return 0
13237
13241
fi
@@ -13913,31 +13917,36 @@ gcm() {
13913
13917
# arg5: aad
13914
13918
# arg6: expected tag
13915
13919
# arg7: true if authentication tag should be checked. false otherwise.
13920
+ #
13916
13921
gcm-decrypt() {
13917
13922
local cipher="$1" key="$2" nonce="$3" ciphertext="$4" aad="$5" expected_tag="$(toupper "$6")"
13918
13923
local compute_tag="$7"
13919
- local plaintext computed_tag tmp
13924
+ local plaintext="" computed_tag tmp
13925
+ local enc_aesgcm_used=false
13920
13926
13921
13927
[[ ${#nonce} -ne 24 ]] && return 7
13922
13928
13923
- if [[ "$cipher" == TLS_AES_128_GCM_SHA256 ]] && "$HAS_AES128_GCM" && ! "$compute_tag"; then
13924
- plaintext="$(hex2binary "$ciphertext" | \
13925
- $OPENSSL enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13926
- tm_out "$(strip_spaces "$plaintext")"
13927
- return 0
13928
- elif [[ "$cipher" == TLS_AES_128_GCM_SHA256 ]] && "$OPENSSL2_HAS_AES128_GCM" && ! "$compute_tag"; then
13929
- plaintext="$(hex2binary "$ciphertext" | \
13930
- $OPENSSL2 enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13931
- tm_out "$(strip_spaces "$plaintext")"
13932
- return 0
13933
- elif [[ "$cipher" == TLS_AES_256_GCM_SHA384 ]] && "$HAS_AES256_GCM" && ! "$compute_tag"; then
13934
- plaintext="$(hex2binary "$ciphertext" | \
13935
- $OPENSSL enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13936
- tm_out "$(strip_spaces "$plaintext")"
13937
- return 0
13938
- elif [[ "$cipher" == TLS_AES_256_GCM_SHA384 ]] && "$OPENSSL2_HAS_AES256_GCM" && ! "$compute_tag"; then
13939
- plaintext="$(hex2binary "$ciphertext" | \
13940
- $OPENSSL2 enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13929
+ if [[ "$cipher" == TLS_AES_128_GCM_SHA256 ]] && ! "$compute_tag"; then
13930
+ if "$HAS_AES128_GCM"; then
13931
+ plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13932
+ enc_aesgcm_used=true
13933
+ elif "$OPENSSL2_HAS_AES128_GCM"; then
13934
+ # empty OPENSSL_CONF temporarily as it might cause problems, see #2780
13935
+ plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13936
+ enc_aesgcm_used=true
13937
+ fi
13938
+ elif [[ "$cipher" == TLS_AES_256_GCM_SHA384 ]] && ! "$compute_tag"; then
13939
+ if "$HAS_AES256_GCM"; then
13940
+ plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13941
+ aesgcm_used=true
13942
+ elif "$OPENSSL2_HAS_AES256_GCM"; then
13943
+ # empty OPENSSL_CONF temporarily as it might cause problems, see #2780
13944
+ plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13945
+ enc_aesgcm_used=true
13946
+ fi
13947
+ fi
13948
+
13949
+ if [[ -n "$plaintext" ]] && "$enc_aesgcm_used"; then
13941
13950
tm_out "$(strip_spaces "$plaintext")"
13942
13951
return 0
13943
13952
fi
@@ -13954,8 +13963,12 @@ gcm-decrypt() {
13954
13963
plaintext="${tmp% $computed_tag}"
13955
13964
13956
13965
if ! "$compute_tag" || [[ "$computed_tag" == $expected_tag ]]; then
13957
- tm_out "$plaintext"
13958
- return 0
13966
+ if [[ -n "$plaintext" ]]; then
13967
+ tm_out "$plaintext"
13968
+ return 0
13969
+ else
13970
+ return 7
13971
+ fi
13959
13972
else
13960
13973
return 7
13961
13974
fi
@@ -13967,6 +13980,7 @@ gcm-decrypt() {
13967
13980
# arg4: plaintext
13968
13981
# arg5: aad
13969
13982
# See Section 7.2 of SP 800-38D
13983
+ #
13970
13984
gcm-encrypt() {
13971
13985
local cipher
13972
13986
@@ -13988,6 +14002,7 @@ gcm-encrypt() {
13988
14002
# arg5: aad
13989
14003
# arg6: expected tag
13990
14004
# arg7: true if authentication tag should be checked. false otherwise.
14005
+ #
13991
14006
integrity_only_decrypt()
13992
14007
{
13993
14008
local cipher="$1" key="$2" nonce="$3" ciphertext="$4" aad="$5" expected_tag="$(toupper "$6")"
@@ -14015,6 +14030,7 @@ integrity_only_decrypt()
14015
14030
# arg3: nonce
14016
14031
# arg4: plaintext
14017
14032
# arg5: additional authenticated data
14033
+ #
14018
14034
integrity_only_encrypt() {
14019
14035
local cipher="$1" key="$2" nonce="$3" plaintext="$4" aad="$5"
14020
14036
local hash_fn
@@ -14033,6 +14049,7 @@ integrity_only_encrypt() {
14033
14049
# arg3: nonce (must be 96 bits in length)
14034
14050
# arg4: ciphertext
14035
14051
# arg5: additional authenticated data
14052
+ #
14036
14053
sym-decrypt() {
14037
14054
local cipher="$1"
14038
14055
local key="$2" nonce="$3"
@@ -14087,11 +14104,11 @@ sym-decrypt() {
14087
14104
# arg3: nonce (must be 96 bits in length)
14088
14105
# arg4: plaintext
14089
14106
# arg5: additional authenticated data
14107
+ #
14090
14108
sym-encrypt() {
14091
14109
local cipher="$1" key="$2" nonce="$3" plaintext="$4" additional_data="$5"
14092
14110
local ciphertext=""
14093
14111
14094
-
14095
14112
if [[ "$cipher" =~ CCM ]]; then
14096
14113
ciphertext=$(ccm-encrypt "$cipher" "$key" "$nonce" "$plaintext" "$additional_data")
14097
14114
elif [[ "$cipher" =~ GCM ]]; then
@@ -14104,13 +14121,15 @@ sym-encrypt() {
14104
14121
return 7
14105
14122
fi
14106
14123
[[ $? -ne 0 ]] && return 7
14124
+ [[ -n "$ciphertext" ]] && return 7
14107
14125
14108
14126
tm_out "$(strip_spaces "$ciphertext")"
14109
14127
return 0
14110
14128
}
14111
14129
14112
14130
# arg1: iv
14113
14131
# arg2: sequence number
14132
+ #
14114
14133
get-nonce() {
14115
14134
local iv="$1"
14116
14135
local -i seq_num="$2"
@@ -14140,6 +14159,7 @@ get-nonce() {
14140
14159
# arg3: TLS cipher for decrypting TLSv1.3 response
14141
14160
# arg4: handshake secret
14142
14161
# arg5: message transcript (up through ServerHello)
14162
+ #
14143
14163
check_tls_serverhellodone() {
14144
14164
local tls_hello_ascii="$1"
14145
14165
local process_full="$2"
@@ -20922,26 +20942,28 @@ find_openssl_binary() {
20922
20942
20923
20943
grep -qe '-enable_pha' $s_client_has && HAS_ENABLE_PHA=true
20924
20944
20925
- $OPENSSL enc -chacha20 -K 12345678901234567890123456789012 -iv 01000000123456789012345678901234 > /dev/null 2> /dev/null <<< "test"
20945
+ $OPENSSL enc -chacha20 -K 12345678901234567890123456789012 -iv 01000000123456789012345678901234 >/dev/null 2>/dev/null <<< "test"
20926
20946
[[ $? -eq 0 ]] && HAS_CHACHA20=true
20927
20947
20928
- $OPENSSL enc -aes-128-gcm -K 0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2> /dev/null <<< "test"
20948
+ $OPENSSL enc -aes-128-gcm -K 0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2>/dev/null <<< "test"
20929
20949
[[ $? -eq 0 ]] && HAS_AES128_GCM=true
20930
20950
20931
- $OPENSSL enc -aes-256-gcm -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2> /dev/null <<< "test"
20951
+ $OPENSSL enc -aes-256-gcm -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2>/dev/null <<< "test"
20932
20952
[[ $? -eq 0 ]] && HAS_AES256_GCM=true
20933
20953
20954
+ # Although we didn't spot a problem here yet, we're resetting for each call OPENSSL_CONF, so that it doesn't point to the supplied file which
20955
+ # works for old OpenSSL versions only. See #2780
20934
20956
if [[ $OPENSSL2 != $OPENSSL ]] && [[ -x $OPENSSL2 ]]; then
20935
20957
if ! "$HAS_CHACHA20"; then
20936
- $OPENSSL2 enc -chacha20 -K 12345678901234567890123456789012 -iv 01000000123456789012345678901234 > /dev/null 2> /dev/null <<< "test"
20958
+ OPENSSL_CONF='' $OPENSSL2 enc -chacha20 -K 12345678901234567890123456789012 -iv 01000000123456789012345678901234 >/dev/null 2>/dev/null <<< "test"
20937
20959
[[ $? -eq 0 ]] && OPENSSL2_HAS_CHACHA20=true
20938
20960
fi
20939
20961
if ! "$HAS_AES128_GCM"; then
20940
- $OPENSSL2 enc -aes-128-gcm -K 0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2> /dev/null <<< "test"
20962
+ OPENSSL_CONF='' $OPENSSL2 enc -aes-128-gcm -K 0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2>/dev/null <<< "test"
20941
20963
[[ $? -eq 0 ]] && OPENSSL2_HAS_AES128_GCM=true
20942
20964
fi
20943
20965
if ! "$HAS_AES256_GCM"; then
20944
- $OPENSSL2 enc -aes-256-gcm -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2> /dev/null <<< "test"
20966
+ OPENSSL_CONF='' $OPENSSL2 enc -aes-256-gcm -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2>/dev/null <<< "test"
20945
20967
[[ $? -eq 0 ]] && OPENSSL2_HAS_AES256_GCM=true
20946
20968
fi
20947
20969
@@ -20950,13 +20972,13 @@ find_openssl_binary() {
20950
20972
# every openssl feature. At some point we need to decide which with openssl version we go.
20951
20973
# We also check, whether there's $OPENSSL2 which has TLS 1.3
20952
20974
if [[ ! "$OSSL_NAME" =~ LibreSSL ]] && [[ ! $OSSL_VER =~ 1.1.1 ]] && [[ $OSSL_VER_MAJOR -lt 3 ]]; then
20953
- $OPENSSL2 s_client -help 2>$s_client_has2
20954
- $OPENSSL2 s_client -starttls foo 2>$s_client_starttls_has2
20975
+ OPENSSL_CONF='' $OPENSSL2 s_client -help 2>$s_client_has2
20976
+ OPENSSL_CONF='' $OPENSSL2 s_client -starttls foo 2>$s_client_starttls_has2
20955
20977
grep -q 'Unix-domain socket' $s_client_has2 && HAS_UDS2=true
20956
20978
grep -q 'xmpp-server' $s_client_starttls_has2 && HAS_XMPP_SERVER2=true
20957
20979
# Likely we don't need the following second check here, see 6 lines above
20958
20980
if grep -wq 'tls1_3' $s_client_has2; then
20959
- OPENSSL2_HAS_TLS_1_3=true
20981
+ OPENSSL_CONF='' OPENSSL2_HAS_TLS_1_3=true
20960
20982
fi
20961
20983
fi
20962
20984
fi
@@ -20998,15 +21020,16 @@ find_openssl_binary() {
20998
21020
find_socat() {
20999
21021
local result""
21000
21022
21023
+ if [[ -x $SOCAT ]] && $SOCAT -V 2>&1 | grep -iaq 'socat version' ; then
21024
+ # set by ENV
21025
+ return 0
21026
+ fi
21001
21027
result=$(type -p socat)
21002
- if [[ $? -ne 0 ]]; then
21003
- return 1
21004
- else
21005
- if [[ -x $result ]] && $result -V 2>&1 | grep -iaq 'socat version' ; then
21006
- SOCAT=$result
21007
- return 0
21008
- fi
21028
+ if [[ -x $result ]] && $result -V 2>&1 | grep -iaq 'socat version' ; then
21029
+ SOCAT=$result
21030
+ return 0
21009
21031
fi
21032
+ return 1
21010
21033
}
21011
21034
21012
21035
@@ -21295,6 +21318,12 @@ OPENSSL_CONF: $OPENSSL_CONF
21295
21318
HAS_CURVES: $HAS_CURVES
21296
21319
OSSL_SUPPORTED_CURVES: $OSSL_SUPPORTED_CURVES
21297
21320
21321
+ OPENSSL2: $OPENSSL2 ($($OPENSSL2 version -v 2>/dev/null))
21322
+ OPENSSL2_HAS_TLS_1_3: $OPENSSL2_HAS_TLS_1_3
21323
+ OPENSSL2_HAS_CHACHA20: $OPENSSL2_HAS_CHACHA20
21324
+ OPENSSL2_HAS_AES128_GCM: $OPENSSL2_HAS_AES128_GCM
21325
+ OPENSSL2_HAS_AES256_GCM: $OPENSSL2_HAS_AES256_GCM
21326
+
21298
21327
HAS_IPv6: $HAS_IPv6
21299
21328
HAS_SSL2: $HAS_SSL2
21300
21329
HAS_SSL3: $HAS_SSL3
0 commit comments