From owner-dev-commits-src-branches@freebsd.org Tue Aug 24 01:01:48 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 969F467523D; Tue, 24 Aug 2021 01:01:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GtrRJ3FJFz4rF9; Tue, 24 Aug 2021 01:01:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4C51D1E45C; Tue, 24 Aug 2021 01:01:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 17O11maB026274; Tue, 24 Aug 2021 01:01:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 17O11mru026273; Tue, 24 Aug 2021 01:01:48 GMT (envelope-from git) Date: Tue, 24 Aug 2021 01:01:48 GMT Message-Id: <202108240101.17O11mru026273@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 622809b0868f - stable/13 - OpenSSL: Only enable KTLS if it is explicitly configured MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 622809b0868f502550080dc2e3759fc645443744 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2021 01:01:48 -0000 The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=622809b0868f502550080dc2e3759fc645443744 commit 622809b0868f502550080dc2e3759fc645443744 Author: John Baldwin AuthorDate: 2021-08-17 21:39:03 +0000 Commit: John Baldwin CommitDate: 2021-08-24 00:59:35 +0000 OpenSSL: Only enable KTLS if it is explicitly configured It has always been the case that KTLS is not compiled by default. However if it is compiled then it was automatically used unless specifically configured not to. This is problematic because it avoids any crypto implementations from providers. A user who configures all crypto to use the FIPS provider may unexpectedly find that TLS related crypto is actually being performed outside of the FIPS boundary. Instead we change KTLS so that it is disabled by default. We also swap to using a single "option" (i.e. SSL_OP_ENABLE_KTLS) rather than two separate "modes", (i.e. SSL_MODE_NO_KTLS_RX and SSL_MODE_NO_KTLS_TX). Reviewed by: jkim Obtained from: OpenSSL (a3a54179b6754fbed6d88e434baac710a83aaf80) Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D31440 (cherry picked from commit 62ca9fc1ad569eb3fafd281e03812a598b9856ee) --- crypto/openssl/include/openssl/ssl.h | 12 +++--------- crypto/openssl/ssl/ktls.c | 1 + crypto/openssl/ssl/ssl_conf.c | 3 ++- crypto/openssl/ssl/t1_enc.c | 6 +----- crypto/openssl/ssl/tls13_enc.c | 5 +++-- 5 files changed, 10 insertions(+), 17 deletions(-) diff --git a/crypto/openssl/include/openssl/ssl.h b/crypto/openssl/include/openssl/ssl.h index 09620489bc20..cfb87e63226e 100644 --- a/crypto/openssl/include/openssl/ssl.h +++ b/crypto/openssl/include/openssl/ssl.h @@ -303,7 +303,9 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); /* Allow initial connection to servers that don't support RI */ # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U -/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */ +/* Enable support for Kernel TLS */ +# define SSL_OP_ENABLE_KTLS 0x00000008U + # define SSL_OP_TLSEXT_PADDING 0x00000010U /* Reserved value (until OpenSSL 1.2.0) 0x00000020U */ # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U @@ -493,10 +495,6 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); * Support Asynchronous operation */ # define SSL_MODE_ASYNC 0x00000100U -/* - * Don't use the kernel TLS data-path for sending. - */ -# define SSL_MODE_NO_KTLS_TX 0x00000200U /* * When using DTLS/SCTP, include the terminating zero in the label @@ -510,10 +508,6 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); * - OpenSSL 1.1.1 and 1.1.1a */ # define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U -/* - * Don't use the kernel TLS data-path for receiving. - */ -# define SSL_MODE_NO_KTLS_RX 0x00000800U /* Cert related flags */ /* diff --git a/crypto/openssl/ssl/ktls.c b/crypto/openssl/ssl/ktls.c index f82946b260ab..47328a7c7c73 100644 --- a/crypto/openssl/ssl/ktls.c +++ b/crypto/openssl/ssl/ktls.c @@ -137,6 +137,7 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, return 0; # endif # ifdef OPENSSL_KTLS_AES_GCM_128 + /* Fall through */ case NID_aes_128_gcm: # endif # ifdef OPENSSL_KTLS_AES_GCM_256 diff --git a/crypto/openssl/ssl/ssl_conf.c b/crypto/openssl/ssl/ssl_conf.c index 0a3fef7c8c14..8013c62f0770 100644 --- a/crypto/openssl/ssl/ssl_conf.c +++ b/crypto/openssl/ssl/ssl_conf.c @@ -391,7 +391,8 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX), SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA), SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT), - SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY) + SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY), + SSL_FLAG_TBL("KTLS", SSL_OP_ENABLE_KTLS) }; if (value == NULL) return -3; diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c index d4614210685a..7d2eb381af1a 100644 --- a/crypto/openssl/ssl/t1_enc.c +++ b/crypto/openssl/ssl/t1_enc.c @@ -362,11 +362,7 @@ int tls1_change_cipher_state(SSL *s, int which) goto err; } #ifndef OPENSSL_NO_KTLS - if (s->compress) - goto skip_ktls; - - if (((which & SSL3_CC_READ) && (s->mode & SSL_MODE_NO_KTLS_RX)) - || ((which & SSL3_CC_WRITE) && (s->mode & SSL_MODE_NO_KTLS_TX))) + if (s->compress || (s->options & SSL_OP_ENABLE_KTLS) == 0) goto skip_ktls; /* ktls supports only the maximum fragment size */ diff --git a/crypto/openssl/ssl/tls13_enc.c b/crypto/openssl/ssl/tls13_enc.c index d9f050ee346d..39530237d897 100644 --- a/crypto/openssl/ssl/tls13_enc.c +++ b/crypto/openssl/ssl/tls13_enc.c @@ -724,8 +724,9 @@ int tls13_change_cipher_state(SSL *s, int which) s->statem.enc_write_state = ENC_WRITE_STATE_VALID; #ifndef OPENSSL_NO_KTLS # if defined(OPENSSL_KTLS_TLS13) - if (!(which & SSL3_CC_WRITE) || !(which & SSL3_CC_APPLICATION) - || ((which & SSL3_CC_WRITE) && (s->mode & SSL_MODE_NO_KTLS_TX))) + if (!(which & SSL3_CC_WRITE) + || !(which & SSL3_CC_APPLICATION) + || (s->options & SSL_OP_ENABLE_KTLS) == 0) goto skip_ktls; /* ktls supports only the maximum fragment size */