projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Sanity check EVP_CTRL_AEAD_TLS_AAD
[openssl.git]
/
ssl
/
record
/
ssl3_record.c
diff --git
a/ssl/record/ssl3_record.c
b/ssl/record/ssl3_record.c
index 74343229ccf5c3d3f6c367eb349c71a96530c2a1..33d0b302f0cdd7cd618ac049e138f41fa469b95d 100644
(file)
--- a/
ssl/record/ssl3_record.c
+++ b/
ssl/record/ssl3_record.c
@@
-112,6
+112,7
@@
#include "../ssl_locl.h"
#include "../../crypto/constant_time_locl.h"
#include <openssl/rand.h>
#include "../ssl_locl.h"
#include "../../crypto/constant_time_locl.h"
#include <openssl/rand.h>
+#include "record_locl.h"
static const unsigned char ssl3_pad_1[48] = {
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
static const unsigned char ssl3_pad_1[48] = {
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
@@
-155,7
+156,7
@@
int SSL3_RECORD_setup(SSL3_RECORD *r)
void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
{
void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
{
- memcpy(r->seq_num, seq_num,
8
);
+ memcpy(r->seq_num, seq_num,
SEQ_NUM_SIZE
);
}
/*
}
/*
@@
-207,13
+208,13
@@
int ssl3_get_record(SSL *s)
again:
/* check if we have the header */
again:
/* check if we have the header */
- if ((
s->rstate
!= SSL_ST_READ_BODY) ||
+ if ((
RECORD_LAYER_get_rstate(&s->rlayer)
!= SSL_ST_READ_BODY) ||
(RECORD_LAYER_get_packet_length(&s->rlayer) < SSL3_RT_HEADER_LENGTH)) {
n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0);
if (n <= 0)
return (n); /* error or non-blocking */
(RECORD_LAYER_get_packet_length(&s->rlayer) < SSL3_RT_HEADER_LENGTH)) {
n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0);
if (n <= 0)
return (n); /* error or non-blocking */
-
s->rstate = SSL_ST_READ_BODY
;
+
RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY)
;
p = RECORD_LAYER_get_packet(&s->rlayer);
if (s->msg_callback)
p = RECORD_LAYER_get_packet(&s->rlayer);
if (s->msg_callback)
@@
-255,10
+256,10
@@
int ssl3_get_record(SSL *s)
goto f_err;
}
goto f_err;
}
- /* now s->rstate == SSL_ST_READ_BODY */
+ /* now s->r
layer.r
state == SSL_ST_READ_BODY */
}
}
- /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
+ /* s->r
layer.r
state == SSL_ST_READ_BODY, get and decode the data */
if (rr->length >
RECORD_LAYER_get_packet_length(&s->rlayer) - SSL3_RT_HEADER_LENGTH) {
if (rr->length >
RECORD_LAYER_get_packet_length(&s->rlayer) - SSL3_RT_HEADER_LENGTH) {
@@
-273,7
+274,8
@@
int ssl3_get_record(SSL *s)
*/
}
*/
}
- s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
+ /* set state for later operations */
+ RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
/*
* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
/*
* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
@@
-656,14
+658,16
@@
int tls1_enc(SSL *s, int send)
bs = EVP_CIPHER_block_size(ds->cipher);
if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
bs = EVP_CIPHER_block_size(ds->cipher);
if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
- unsigned char buf[
13
], *seq;
+ unsigned char buf[
EVP_AEAD_TLS1_AAD_LEN
], *seq;
- seq = send ? s->s3->write_sequence : s->s3->read_sequence;
+ seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer)
+ : RECORD_LAYER_get_read_sequence(&s->rlayer);
if (SSL_IS_DTLS(s)) {
unsigned char dtlsseq[9], *p = dtlsseq;
if (SSL_IS_DTLS(s)) {
unsigned char dtlsseq[9], *p = dtlsseq;
- s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
+ s2n(send ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
+ DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);
memcpy(p, &seq[2], 6);
memcpy(buf, dtlsseq, 8);
} else {
memcpy(p, &seq[2], 6);
memcpy(buf, dtlsseq, 8);
} else {
@@
-680,7
+684,10
@@
int tls1_enc(SSL *s, int send)
buf[10] = (unsigned char)(s->version);
buf[11] = rec->length >> 8;
buf[12] = rec->length & 0xff;
buf[10] = (unsigned char)(s->version);
buf[11] = rec->length >> 8;
buf[12] = rec->length & 0xff;
- pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, 13, buf);
+ pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,
+ EVP_AEAD_TLS1_AAD_LEN, buf);
+ if (pad <= 0)
+ return -1;
if (send) {
l += pad;
rec->length += pad;
if (send) {
l += pad;
rec->length += pad;
@@
-772,12
+779,12
@@
int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
if (send) {
rec = RECORD_LAYER_get_wrec(&ssl->rlayer);
mac_sec = &(ssl->s3->write_mac_secret[0]);
if (send) {
rec = RECORD_LAYER_get_wrec(&ssl->rlayer);
mac_sec = &(ssl->s3->write_mac_secret[0]);
- seq =
&(ssl->s3->write_sequence[0]
);
+ seq =
RECORD_LAYER_get_write_sequence(&ssl->rlayer
);
hash = ssl->write_hash;
} else {
rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
mac_sec = &(ssl->s3->read_mac_secret[0]);
hash = ssl->write_hash;
} else {
rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
mac_sec = &(ssl->s3->read_mac_secret[0]);
- seq =
&(ssl->s3->read_sequence[0]
);
+ seq =
RECORD_LAYER_get_read_sequence(&ssl->rlayer
);
hash = ssl->read_hash;
}
hash = ssl->read_hash;
}
@@
-868,11
+875,11
@@
int tls1_mac(SSL *ssl, unsigned char *md, int send)
if (send) {
rec = RECORD_LAYER_get_wrec(&ssl->rlayer);
if (send) {
rec = RECORD_LAYER_get_wrec(&ssl->rlayer);
- seq =
&(ssl->s3->write_sequence[0]
);
+ seq =
RECORD_LAYER_get_write_sequence(&ssl->rlayer
);
hash = ssl->write_hash;
} else {
rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
hash = ssl->write_hash;
} else {
rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
- seq =
&(ssl->s3->read_sequence[0]
);
+ seq =
RECORD_LAYER_get_read_sequence(&ssl->rlayer
);
hash = ssl->read_hash;
}
hash = ssl->read_hash;
}
@@
-892,7
+899,8
@@
int tls1_mac(SSL *ssl, unsigned char *md, int send)
if (SSL_IS_DTLS(ssl)) {
unsigned char dtlsseq[8], *p = dtlsseq;
if (SSL_IS_DTLS(ssl)) {
unsigned char dtlsseq[8], *p = dtlsseq;
- s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
+ s2n(send ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :
+ DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p);
memcpy(p, &seq[2], 6);
memcpy(header, dtlsseq, 8);
memcpy(p, &seq[2], 6);
memcpy(header, dtlsseq, 8);
@@
-1044,7
+1052,8
@@
int tls1_cbc_remove_padding(const SSL *s,
*/
if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
/* First packet is even in size, so check */
*/
if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
/* First packet is even in size, so check */
- if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
+ if ((memcmp(RECORD_LAYER_get_read_sequence(&s->rlayer),
+ "\0\0\0\0\0\0\0\0", 8) == 0) &&
!(padding_length & 1)) {
s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG;
}
!(padding_length & 1)) {
s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG;
}
@@
-1361,7
+1370,7
@@
int dtls1_process_record(SSL *s)
*/
#define dtls1_get_processed_record(s) \
dtls1_retrieve_buffered_record((s), \
*/
#define dtls1_get_processed_record(s) \
dtls1_retrieve_buffered_record((s), \
- &(
(s)->d1->processed_rcds
))
+ &(
DTLS_RECORD_LAYER_get_processed_rcds(&s->rlayer)
))
/*-
* Call this to get a new input record.
/*-
* Call this to get a new input record.
@@
-1399,7
+1408,7
@@
int dtls1_get_record(SSL *s)
/* get something from the wire */
again:
/* check if we have the header */
/* get something from the wire */
again:
/* check if we have the header */
- if ((
s->rstate
!= SSL_ST_READ_BODY) ||
+ if ((
RECORD_LAYER_get_rstate(&s->rlayer)
!= SSL_ST_READ_BODY) ||
(RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) {
n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0);
(RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) {
n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0);
@@
-1413,7
+1422,7
@@
int dtls1_get_record(SSL *s)
goto again;
}
goto again;
}
-
s->rstate = SSL_ST_READ_BODY
;
+
RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY)
;
p = RECORD_LAYER_get_packet(&s->rlayer);
p = RECORD_LAYER_get_packet(&s->rlayer);
@@
-1430,7
+1439,7
@@
int dtls1_get_record(SSL *s)
/* sequence number is 64 bits, with top 2 bytes = epoch */
n2s(p, rr->epoch);
/* sequence number is 64 bits, with top 2 bytes = epoch */
n2s(p, rr->epoch);
- memcpy(&(
s->s3->read_sequence
[2]), p, 6);
+ memcpy(&(
RECORD_LAYER_get_read_sequence(&s->rlayer)
[2]), p, 6);
p += 6;
n2s(p, rr->length);
p += 6;
n2s(p, rr->length);
@@
-1459,10
+1468,10
@@
int dtls1_get_record(SSL *s)
goto again;
}
goto again;
}
- /* now s->rstate == SSL_ST_READ_BODY */
+ /* now s->r
layer.r
state == SSL_ST_READ_BODY */
}
}
- /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
+ /* s->r
layer.r
state == SSL_ST_READ_BODY, get and decode the data */
if (rr->length >
RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
if (rr->length >
RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
@@
-1481,7
+1490,8
@@
int dtls1_get_record(SSL *s)
* DTLS1_RT_HEADER_LENGTH + rr->length
*/
}
* DTLS1_RT_HEADER_LENGTH + rr->length
*/
}
- s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
+ /* set state for later operations */
+ RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
/* match epochs. NULL means the packet is dropped on the floor */
bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
/* match epochs. NULL means the packet is dropped on the floor */
bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
@@
-1527,7
+1537,8
@@
int dtls1_get_record(SSL *s)
if (is_next_epoch) {
if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
if (dtls1_buffer_record
if (is_next_epoch) {
if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
if (dtls1_buffer_record
- (s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0)
+ (s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),
+ rr->seq_num) < 0)
return -1;
/* Mark receipt of record. */
dtls1_record_bitmap_update(s, bitmap);
return -1;
/* Mark receipt of record. */
dtls1_record_bitmap_update(s, bitmap);