Skip to content

ChaCha20 decryption #2727

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 4, 2025
Merged

ChaCha20 decryption #2727

merged 1 commit into from
Apr 4, 2025

Conversation

dcooper16
Copy link
Collaborator

Describe your changes

Decryption of TLS 1.3 handshakes is very slow if the response is encrypted using ChaCha20 and the $OPENSSL enc command does not support ChaCha20. This commit mitigates that problem by using $OPENSSL2 for ChaCha20 decryption if such decryption is needed and $OPENSSL does not support it.

This PR also changes testssl.sh to make use of $OPENSSL2 for AES-GCM decryption, when $OPENSSL2 supports it, but $OPENSSL does not. However, this change is not as important. Implementing AES-GCM in Bash using $OPENSSL for AES ECB operations isn't nearly as slow as fully implementing ChaCha20 in Bash.

What is your pull request about?

  • Bug fix
  • Improvement
  • New feature (adds functionality)
  • Breaking change (bug fix, feature or improvement that would cause existing functionality to not work as expected)
  • Typo fix
  • Documentation update
  • Update of other files

If it's a code change please check the boxes which are applicable

  • For the main program: My edits contain no tabs, indentation is five spaces and any line endings do not contain any blank chars
  • I've read CONTRIBUTING.md and Coding_Convention.md
  • I have tested this fix or improvement against >=2 hosts and I couldn't spot a problem
  • I have tested this new feature against >=2 hosts which show this feature and >=2 host which does not (in order to avoid side effects) . I couldn't spot a problem
  • For the new feature I have made corresponding changes to the documentation and / or to help()
  • If it's a bigger change: I added myself to CREDITS.md (alphabetical order) and the change to CHANGELOG.md

ChaCha20 decryption
e2accb6 
Decryption is TLS 1.3 handshakes is very slow if the response is encrypted using ChaCha20 and the $OPENSSL enc command does not support ChaCha20. This commit mitigates that problem by using $OPENSSL2 for ChaCha20 decryption if such decryption is needed and $OPENSSL does not support it.

This commit also changes testssl.sh to make use of $OPENSSL2 for AES-GCM decryption, when $OPENSSL2 supports it, but $OPENSSL does not. However, this change is not as important. Implementing AES-GCM in Bash using $OPENSSL for AES ECB operations isn't nearly as slow as fully implementing ChaCha20 in Bash.
@drwetter drwetter merged commit b7f9ff1 into testssl:3.2 Apr 4, 2025
2 checks passed
@drwetter
Copy link
Collaborator

drwetter commented Apr 4, 2025

Excellent, thanks!

@drwetter
Copy link
Collaborator

drwetter commented Apr 4, 2025

Looking a bit forward into the future, David: Do you happen to know when (version) the enc functions with those algorithms were implemented?

@dcooper16 dcooper16 deleted the chacha20 branch April 4, 2025 18:09
@dcooper16
Copy link
Collaborator Author

Looking a bit forward into the future, David: Do you happen to know when (version) the enc functions with those algorithms were implemented?

It seems that enc -chacha20 has been supported by OpenSSL since 1.1.0 and by LibreSSL since 3.9.0.

enc -aes-128-gcm and enc -aes-256-gcm was supported in OpenSSL 1.0.1 and in versions of LibreSSL up through 3.6.X, but are no longer supported by either.

@drwetter drwetter mentioned this pull request Jun 11, 2025
Closed
drwetter added a commit that referenced this pull request Jun 11, 2025
@drwetter
Fix OPENSSL_CONF problem for OPENSSL2
91a3502 
In #2727 there were workarounds introduced which sped up processing decryption of
ChaCha20 and and AES-GCM by using OPENSSL2 when it is supporting such functions.

However when OPENSSL2 is called and OPENSSL_CONF still points to the autogenerated
file which works for `~/bin/openssl.$(uname -s).$(uname -m)` the decryption `$plaintext`
will be empty which later on caused a negative value, see #2780 .

This fixes #2780 by prepending `OPENSSL_CONF=''` to each OPENSSL2 instance. Also it
makes `chacha20()` and `gcm-decrypt()` more robust. It is now more readable now.

At other places $OPENSSL2 were prepended by `OPENSSL_CONF=''` also if there weren't
any obvious errors noticed.

Also now all OPENSSL2 vars will appear in /tmp/testssl.XXXXXX/environment.txt when
debugging.

It was also noticed that the `find_socat()` function had room for improvements, it was
not set in any case when `socat was in $PATH or supplied via env SOCAT.
@drwetter drwetter mentioned this pull request Jun 11, 2025
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dcooper16 @drwetter