From f8565a655eacc53319962c002a38cfd0340d0b81 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Fri, 28 Oct 2022 11:06:26 +0100 Subject: [tls] Remove support for TLSv1.0 The TLSv1.0 protocol was deprecated by RFC 8996 (along with TLSv1.1), and has been disabled by default in iPXE since commit dc785b0fb ("[tls] Default to supporting only TLSv1.1 or above") in June 2020. While there is value in continuing to support older protocols for interoperability with older server appliances, the additional complexity of supporting the implicit initialisation vector for TLSv1.0 is not worth the cost. Remove support for the obsolete TLSv1.0 protocol, to reduce complexity of the implementation and simplify ongoing maintenance. Signed-off-by: Michael Brown --- src/include/ipxe/tls.h | 5 ----- src/net/tls.c | 37 ++++++------------------------------- 2 files changed, 6 insertions(+), 36 deletions(-) diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index 879e1be..0b34dee 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -41,9 +41,6 @@ struct tls_header { uint16_t length; } __attribute__ (( packed )); -/** TLS version 1.0 */ -#define TLS_VERSION_TLS_1_0 0x0301 - /** TLS version 1.1 */ #define TLS_VERSION_TLS_1_1 0x0302 @@ -196,8 +193,6 @@ struct tls_cipherspec { void *pubkey_ctx; /** Bulk encryption cipher context */ void *cipher_ctx; - /** Next bulk encryption cipher context (TX only) */ - void *cipher_next_ctx; /** MAC secret */ void *mac_secret; }; diff --git a/src/net/tls.c b/src/net/tls.c index 3545f12..9ad8448 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -664,8 +664,7 @@ static int tls_generate_keys ( struct tls_connection *tls ) { struct tls_cipherspec *rx_cipherspec = &tls->rx_cipherspec_pending; size_t hash_size = tx_cipherspec->suite->digest->digestsize; size_t key_size = tx_cipherspec->suite->key_len; - size_t iv_size = tx_cipherspec->suite->cipher->blocksize; - size_t total = ( 2 * ( hash_size + key_size + iv_size ) ); + size_t total = ( 2 * ( hash_size + key_size ) ); uint8_t key_block[total]; uint8_t *key; int rc; @@ -715,20 +714,6 @@ static int tls_generate_keys ( struct tls_connection *tls ) { DBGC_HD ( tls, key, key_size ); key += key_size; - /* TX initialisation vector */ - cipher_setiv ( tx_cipherspec->suite->cipher, - tx_cipherspec->cipher_ctx, key, iv_size ); - DBGC ( tls, "TLS %p TX IV:\n", tls ); - DBGC_HD ( tls, key, iv_size ); - key += iv_size; - - /* RX initialisation vector */ - cipher_setiv ( rx_cipherspec->suite->cipher, - rx_cipherspec->cipher_ctx, key, iv_size ); - DBGC ( tls, "TLS %p RX IV:\n", tls ); - DBGC_HD ( tls, key, iv_size ); - key += iv_size; - assert ( ( key_block + total ) == key ); return 0; @@ -809,7 +794,7 @@ static int tls_set_cipher ( struct tls_connection *tls, tls_clear_cipher ( tls, cipherspec ); /* Allocate dynamic storage */ - total = ( pubkey->ctxsize + 2 * cipher->ctxsize + digest->digestsize ); + total = ( pubkey->ctxsize + cipher->ctxsize + digest->digestsize ); dynamic = zalloc ( total ); if ( ! dynamic ) { DBGC ( tls, "TLS %p could not allocate %zd bytes for crypto " @@ -821,7 +806,6 @@ static int tls_set_cipher ( struct tls_connection *tls, cipherspec->dynamic = dynamic; cipherspec->pubkey_ctx = dynamic; dynamic += pubkey->ctxsize; cipherspec->cipher_ctx = dynamic; dynamic += cipher->ctxsize; - cipherspec->cipher_next_ctx = dynamic; dynamic += cipher->ctxsize; cipherspec->mac_secret = dynamic; dynamic += digest->digestsize; assert ( ( cipherspec->dynamic + total ) == dynamic ); @@ -2635,7 +2619,7 @@ static void * tls_assemble_block ( struct tls_connection *tls, void *digest, size_t *plaintext_len ) { size_t blocksize = tls->tx_cipherspec.suite->cipher->blocksize; size_t mac_len = tls->tx_cipherspec.suite->digest->digestsize; - size_t iv_len; + size_t iv_len = blocksize; size_t padding_len; void *plaintext; void *iv; @@ -2643,9 +2627,6 @@ static void * tls_assemble_block ( struct tls_connection *tls, void *mac; void *padding; - /* TLSv1.1 and later use an explicit IV */ - iv_len = ( tls_version ( tls, TLS_VERSION_TLS_1_1 ) ? blocksize : 0 ); - /* Calculate block-ciphered struct length */ padding_len = ( ( blocksize - 1 ) & -( iv_len + len + mac_len + 1 ) ); *plaintext_len = ( iv_len + len + mac_len + padding_len + 1 ); @@ -2732,9 +2713,7 @@ static int tls_send_plaintext ( struct tls_connection *tls, unsigned int type, tlshdr->type = type; tlshdr->version = htons ( tls->version ); tlshdr->length = htons ( plaintext_len ); - memcpy ( cipherspec->cipher_next_ctx, cipherspec->cipher_ctx, - cipher->ctxsize ); - cipher_encrypt ( cipher, cipherspec->cipher_next_ctx, plaintext, + cipher_encrypt ( cipher, cipherspec->cipher_ctx, plaintext, iob_put ( ciphertext, plaintext_len ), plaintext_len ); /* Free plaintext as soon as possible to conserve memory */ @@ -2751,8 +2730,6 @@ static int tls_send_plaintext ( struct tls_connection *tls, unsigned int type, /* Update TX state machine to next record */ tls->tx_seq += 1; - memcpy ( tls->tx_cipherspec.cipher_ctx, - tls->tx_cipherspec.cipher_next_ctx, cipher->ctxsize ); done: free ( plaintext ); @@ -2798,16 +2775,14 @@ static int tls_split_stream ( struct tls_connection *tls, static int tls_split_block ( struct tls_connection *tls, struct list_head *rx_data, void **mac ) { size_t mac_len = tls->rx_cipherspec.suite->digest->digestsize; + size_t iv_len = tls->rx_cipherspec.suite->cipher->blocksize; struct io_buffer *iobuf; - size_t iv_len; uint8_t *padding_final; uint8_t *padding; size_t padding_len; - /* TLSv1.1 and later use an explicit IV */ + /* Extract initialisation vector */ iobuf = list_first_entry ( rx_data, struct io_buffer, list ); - iv_len = ( tls_version ( tls, TLS_VERSION_TLS_1_1 ) ? - tls->rx_cipherspec.suite->cipher->blocksize : 0 ); if ( iob_len ( iobuf ) < iv_len ) { DBGC ( tls, "TLS %p received underlength IV\n", tls ); DBGC_HD ( tls, iobuf->data, iob_len ( iobuf ) ); -- cgit v1.1