Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 9490428

Browse files
authoredJun 11, 2025··
Merge pull request #2796 from testssl/plaintext_len_AKA_openssl2conf_problem
Fix OPENSSL_CONF problem for OPENSSL2
2 parents 735cc66 + 235a6a0 commit 9490428

File tree

1 file changed

+73
-44
lines changed

1 file changed

+73
-44
lines changed
 

‎testssl.sh

Lines changed: 73 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -13215,6 +13215,7 @@ chacha20_block() {
1321513215
}
1321613216

1321713217
# See RFC 8439, Section 2.4
13218+
#
1321813219
chacha20() {
1321913220
local key="$1"
1322013221
local -i counter=1
@@ -13223,15 +13224,18 @@ chacha20() {
1322313224
local -i i ciphertext_len num_blocks mod_check
1322413225
local -i i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 i16
1322513226
local keystream plaintext=""
13227+
local enc_chacha_used=false
1322613228

1322713229
if "$HAS_CHACHA20"; then
13228-
plaintext="$(hex2binary "$ciphertext" | \
13229-
$OPENSSL enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13230-
tm_out "$(strip_spaces "$plaintext")"
13231-
return 0
13230+
plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13231+
enc_chacha_used=true
1323213232
elif "$OPENSSL2_HAS_CHACHA20"; then
13233-
plaintext="$(hex2binary "$ciphertext" | \
13234-
$OPENSSL2 enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13233+
# empty OPENSSL_CONF temporarily as it might cause problems, see #2780
13234+
plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -chacha20 -K "$key" -iv "01000000$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13235+
enc_chacha_used=true
13236+
fi
13237+
13238+
if [[ -n "$plaintext" ]] && "$enc_chacha_used"; then
1323513239
tm_out "$(strip_spaces "$plaintext")"
1323613240
return 0
1323713241
fi
@@ -13913,31 +13917,36 @@ gcm() {
1391313917
# arg5: aad
1391413918
# arg6: expected tag
1391513919
# arg7: true if authentication tag should be checked. false otherwise.
13920+
#
1391613921
gcm-decrypt() {
1391713922
local cipher="$1" key="$2" nonce="$3" ciphertext="$4" aad="$5" expected_tag="$(toupper "$6")"
1391813923
local compute_tag="$7"
13919-
local plaintext computed_tag tmp
13924+
local plaintext="" computed_tag tmp
13925+
local enc_aesgcm_used=false
1392013926

1392113927
[[ ${#nonce} -ne 24 ]] && return 7
1392213928

13923-
if [[ "$cipher" == TLS_AES_128_GCM_SHA256 ]] && "$HAS_AES128_GCM" && ! "$compute_tag"; then
13924-
plaintext="$(hex2binary "$ciphertext" | \
13925-
$OPENSSL enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13926-
tm_out "$(strip_spaces "$plaintext")"
13927-
return 0
13928-
elif [[ "$cipher" == TLS_AES_128_GCM_SHA256 ]] && "$OPENSSL2_HAS_AES128_GCM" && ! "$compute_tag"; then
13929-
plaintext="$(hex2binary "$ciphertext" | \
13930-
$OPENSSL2 enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13931-
tm_out "$(strip_spaces "$plaintext")"
13932-
return 0
13933-
elif [[ "$cipher" == TLS_AES_256_GCM_SHA384 ]] && "$HAS_AES256_GCM" && ! "$compute_tag"; then
13934-
plaintext="$(hex2binary "$ciphertext" | \
13935-
$OPENSSL enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13936-
tm_out "$(strip_spaces "$plaintext")"
13937-
return 0
13938-
elif [[ "$cipher" == TLS_AES_256_GCM_SHA384 ]] && "$OPENSSL2_HAS_AES256_GCM" && ! "$compute_tag"; then
13939-
plaintext="$(hex2binary "$ciphertext" | \
13940-
$OPENSSL2 enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13929+
if [[ "$cipher" == TLS_AES_128_GCM_SHA256 ]] && ! "$compute_tag"; then
13930+
if "$HAS_AES128_GCM"; then
13931+
plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13932+
enc_aesgcm_used=true
13933+
elif "$OPENSSL2_HAS_AES128_GCM"; then
13934+
# empty OPENSSL_CONF temporarily as it might cause problems, see #2780
13935+
plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -aes-128-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13936+
enc_aesgcm_used=true
13937+
fi
13938+
elif [[ "$cipher" == TLS_AES_256_GCM_SHA384 ]] && ! "$compute_tag"; then
13939+
if "$HAS_AES256_GCM"; then
13940+
plaintext="$(hex2binary "$ciphertext" | $OPENSSL enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13941+
aesgcm_used=true
13942+
elif "$OPENSSL2_HAS_AES256_GCM"; then
13943+
# empty OPENSSL_CONF temporarily as it might cause problems, see #2780
13944+
plaintext="$(hex2binary "$ciphertext" | OPENSSL_CONF='' $OPENSSL2 enc -aes-256-gcm -K "$key" -iv "$nonce" 2>/dev/null | hexdump -v -e '16/1 "%02X"')"
13945+
enc_aesgcm_used=true
13946+
fi
13947+
fi
13948+
13949+
if [[ -n "$plaintext" ]] && "$enc_aesgcm_used"; then
1394113950
tm_out "$(strip_spaces "$plaintext")"
1394213951
return 0
1394313952
fi
@@ -13954,8 +13963,12 @@ gcm-decrypt() {
1395413963
plaintext="${tmp% $computed_tag}"
1395513964

1395613965
if ! "$compute_tag" || [[ "$computed_tag" == $expected_tag ]]; then
13957-
tm_out "$plaintext"
13958-
return 0
13966+
if [[ -n "$plaintext" ]]; then
13967+
tm_out "$plaintext"
13968+
return 0
13969+
else
13970+
return 7
13971+
fi
1395913972
else
1396013973
return 7
1396113974
fi
@@ -13967,6 +13980,7 @@ gcm-decrypt() {
1396713980
# arg4: plaintext
1396813981
# arg5: aad
1396913982
# See Section 7.2 of SP 800-38D
13983+
#
1397013984
gcm-encrypt() {
1397113985
local cipher
1397213986

@@ -13988,6 +14002,7 @@ gcm-encrypt() {
1398814002
# arg5: aad
1398914003
# arg6: expected tag
1399014004
# arg7: true if authentication tag should be checked. false otherwise.
14005+
#
1399114006
integrity_only_decrypt()
1399214007
{
1399314008
local cipher="$1" key="$2" nonce="$3" ciphertext="$4" aad="$5" expected_tag="$(toupper "$6")"
@@ -14015,6 +14030,7 @@ integrity_only_decrypt()
1401514030
# arg3: nonce
1401614031
# arg4: plaintext
1401714032
# arg5: additional authenticated data
14033+
#
1401814034
integrity_only_encrypt() {
1401914035
local cipher="$1" key="$2" nonce="$3" plaintext="$4" aad="$5"
1402014036
local hash_fn
@@ -14033,6 +14049,7 @@ integrity_only_encrypt() {
1403314049
# arg3: nonce (must be 96 bits in length)
1403414050
# arg4: ciphertext
1403514051
# arg5: additional authenticated data
14052+
#
1403614053
sym-decrypt() {
1403714054
local cipher="$1"
1403814055
local key="$2" nonce="$3"
@@ -14087,11 +14104,11 @@ sym-decrypt() {
1408714104
# arg3: nonce (must be 96 bits in length)
1408814105
# arg4: plaintext
1408914106
# arg5: additional authenticated data
14107+
#
1409014108
sym-encrypt() {
1409114109
local cipher="$1" key="$2" nonce="$3" plaintext="$4" additional_data="$5"
1409214110
local ciphertext=""
1409314111

14094-
1409514112
if [[ "$cipher" =~ CCM ]]; then
1409614113
ciphertext=$(ccm-encrypt "$cipher" "$key" "$nonce" "$plaintext" "$additional_data")
1409714114
elif [[ "$cipher" =~ GCM ]]; then
@@ -14104,13 +14121,15 @@ sym-encrypt() {
1410414121
return 7
1410514122
fi
1410614123
[[ $? -ne 0 ]] && return 7
14124+
[[ -n "$ciphertext" ]] && return 7
1410714125

1410814126
tm_out "$(strip_spaces "$ciphertext")"
1410914127
return 0
1411014128
}
1411114129

1411214130
# arg1: iv
1411314131
# arg2: sequence number
14132+
#
1411414133
get-nonce() {
1411514134
local iv="$1"
1411614135
local -i seq_num="$2"
@@ -14140,6 +14159,7 @@ get-nonce() {
1414014159
# arg3: TLS cipher for decrypting TLSv1.3 response
1414114160
# arg4: handshake secret
1414214161
# arg5: message transcript (up through ServerHello)
14162+
#
1414314163
check_tls_serverhellodone() {
1414414164
local tls_hello_ascii="$1"
1414514165
local process_full="$2"
@@ -20922,26 +20942,28 @@ find_openssl_binary() {
2092220942

2092320943
grep -qe '-enable_pha' $s_client_has && HAS_ENABLE_PHA=true
2092420944

20925-
$OPENSSL enc -chacha20 -K 12345678901234567890123456789012 -iv 01000000123456789012345678901234 > /dev/null 2> /dev/null <<< "test"
20945+
$OPENSSL enc -chacha20 -K 12345678901234567890123456789012 -iv 01000000123456789012345678901234 >/dev/null 2>/dev/null <<< "test"
2092620946
[[ $? -eq 0 ]] && HAS_CHACHA20=true
2092720947

20928-
$OPENSSL enc -aes-128-gcm -K 0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2> /dev/null <<< "test"
20948+
$OPENSSL enc -aes-128-gcm -K 0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 >/dev/null 2>/dev/null <<< "test"
2092920949
[[ $? -eq 0 ]] && HAS_AES128_GCM=true
2093020950

20931-
$OPENSSL enc -aes-256-gcm -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2> /dev/null <<< "test"
20951+
$OPENSSL enc -aes-256-gcm -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 >/dev/null 2>/dev/null <<< "test"
2093220952
[[ $? -eq 0 ]] && HAS_AES256_GCM=true
2093320953

20954+
# Although we didn't spot a problem here yet, we're resetting for each call OPENSSL_CONF, so that it doesn't point to the supplied file which
20955+
# works for old OpenSSL versions only. See #2780
2093420956
if [[ $OPENSSL2 != $OPENSSL ]] && [[ -x $OPENSSL2 ]]; then
2093520957
if ! "$HAS_CHACHA20"; then
20936-
$OPENSSL2 enc -chacha20 -K 12345678901234567890123456789012 -iv 01000000123456789012345678901234 > /dev/null 2> /dev/null <<< "test"
20958+
OPENSSL_CONF='' $OPENSSL2 enc -chacha20 -K 12345678901234567890123456789012 -iv 01000000123456789012345678901234 >/dev/null 2>/dev/null <<< "test"
2093720959
[[ $? -eq 0 ]] && OPENSSL2_HAS_CHACHA20=true
2093820960
fi
2093920961
if ! "$HAS_AES128_GCM"; then
20940-
$OPENSSL2 enc -aes-128-gcm -K 0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2> /dev/null <<< "test"
20962+
OPENSSL_CONF='' $OPENSSL2 enc -aes-128-gcm -K 0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 >/dev/null 2>/dev/null <<< "test"
2094120963
[[ $? -eq 0 ]] && OPENSSL2_HAS_AES128_GCM=true
2094220964
fi
2094320965
if ! "$HAS_AES256_GCM"; then
20944-
$OPENSSL2 enc -aes-256-gcm -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 > /dev/null 2> /dev/null <<< "test"
20966+
OPENSSL_CONF='' $OPENSSL2 enc -aes-256-gcm -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 0123456789abcdef01234567 >/dev/null 2>/dev/null <<< "test"
2094520967
[[ $? -eq 0 ]] && OPENSSL2_HAS_AES256_GCM=true
2094620968
fi
2094720969

@@ -20950,13 +20972,13 @@ find_openssl_binary() {
2095020972
# every openssl feature. At some point we need to decide which with openssl version we go.
2095120973
# We also check, whether there's $OPENSSL2 which has TLS 1.3
2095220974
if [[ ! "$OSSL_NAME" =~ LibreSSL ]] && [[ ! $OSSL_VER =~ 1.1.1 ]] && [[ $OSSL_VER_MAJOR -lt 3 ]]; then
20953-
$OPENSSL2 s_client -help 2>$s_client_has2
20954-
$OPENSSL2 s_client -starttls foo 2>$s_client_starttls_has2
20975+
OPENSSL_CONF='' $OPENSSL2 s_client -help 2>$s_client_has2
20976+
OPENSSL_CONF='' $OPENSSL2 s_client -starttls foo 2>$s_client_starttls_has2
2095520977
grep -q 'Unix-domain socket' $s_client_has2 && HAS_UDS2=true
2095620978
grep -q 'xmpp-server' $s_client_starttls_has2 && HAS_XMPP_SERVER2=true
2095720979
# Likely we don't need the following second check here, see 6 lines above
2095820980
if grep -wq 'tls1_3' $s_client_has2; then
20959-
OPENSSL2_HAS_TLS_1_3=true
20981+
OPENSSL_CONF='' OPENSSL2_HAS_TLS_1_3=true
2096020982
fi
2096120983
fi
2096220984
fi
@@ -20998,15 +21020,16 @@ find_openssl_binary() {
2099821020
find_socat() {
2099921021
local result""
2100021022

21023+
if [[ -x $SOCAT ]] && $SOCAT -V 2>&1 | grep -iaq 'socat version' ; then
21024+
# set by ENV
21025+
return 0
21026+
fi
2100121027
result=$(type -p socat)
21002-
if [[ $? -ne 0 ]]; then
21003-
return 1
21004-
else
21005-
if [[ -x $result ]] && $result -V 2>&1 | grep -iaq 'socat version' ; then
21006-
SOCAT=$result
21007-
return 0
21008-
fi
21028+
if [[ -x $result ]] && $result -V 2>&1 | grep -iaq 'socat version' ; then
21029+
SOCAT=$result
21030+
return 0
2100921031
fi
21032+
return 1
2101021033
}
2101121034

2101221035

@@ -21295,6 +21318,12 @@ OPENSSL_CONF: $OPENSSL_CONF
2129521318
HAS_CURVES: $HAS_CURVES
2129621319
OSSL_SUPPORTED_CURVES: $OSSL_SUPPORTED_CURVES
2129721320

21321+
OPENSSL2: $OPENSSL2 ($($OPENSSL2 version -v 2>/dev/null))
21322+
OPENSSL2_HAS_TLS_1_3: $OPENSSL2_HAS_TLS_1_3
21323+
OPENSSL2_HAS_CHACHA20: $OPENSSL2_HAS_CHACHA20
21324+
OPENSSL2_HAS_AES128_GCM: $OPENSSL2_HAS_AES128_GCM
21325+
OPENSSL2_HAS_AES256_GCM: $OPENSSL2_HAS_AES256_GCM
21326+
2129821327
HAS_IPv6: $HAS_IPv6
2129921328
HAS_SSL2: $HAS_SSL2
2130021329
HAS_SSL3: $HAS_SSL3

0 commit comments

Comments
 (0)
Please sign in to comment.