SSL_R_UNKNOWN_COMMAND:139:unknown command
SSL_R_UNKNOWN_DIGEST:368:unknown digest
SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE:250:unknown key exchange type
+SSL_R_UNKNOWN_MANDATORY_PARAMETER:323:unknown mandatory parameter
SSL_R_UNKNOWN_PKEY_TYPE:251:unknown pkey type
SSL_R_UNKNOWN_PROTOCOL:252:unknown protocol
SSL_R_UNKNOWN_SSL_VERSION:254:unknown ssl version
#define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options"
#define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode"
#define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead"
+#define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm"
# ifdef __cplusplus
}
# define SSL_R_UNKNOWN_COMMAND 139
# define SSL_R_UNKNOWN_DIGEST 368
# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
+# define SSL_R_UNKNOWN_MANDATORY_PARAMETER 323
# define SSL_R_UNKNOWN_PKEY_TYPE 251
# define SSL_R_UNKNOWN_PROTOCOL 252
# define SSL_R_UNKNOWN_SSL_VERSION 254
#if defined(__FreeBSD__)
# include "crypto/cryptodev.h"
-/*-
- * Check if a given cipher is supported by the KTLS interface.
- * The kernel might still fail the setsockopt() if no suitable
- * provider is found, but this checks if the socket option
- * supports the cipher suite used at all.
+/*
+ * TODO(RECLAYER): This is essentially a copy of ktls_int_check_supported_cipher
+ * but using an SSL object instead of an OSSL_RECORD_LAYER object. Once
+ * everything has been moved to the reocrd layer this can be deleted
*/
int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c,
- size_t taglen)
+ const EVP_MD *md, size_t taglen)
{
switch (s->version) {
return 0;
}
- switch (s->s3.tmp.new_cipher->algorithm_enc) {
- case SSL_AES128GCM:
- case SSL_AES256GCM:
- return 1;
+ if (EVP_CIPHER_is_a(c, "AES-128-GCM")
+ || EVP_CIPHER_is_a(c, "AES-256-GCM")
# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
- case SSL_CHACHA20POLY1305:
- return 1;
+ || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
# endif
- case SSL_AES128:
- case SSL_AES256:
- if (s->ext.use_etm)
- return 0;
- switch (s->s3.tmp.new_cipher->algorithm_mac) {
- case SSL_SHA1:
- case SSL_SHA256:
- case SSL_SHA384:
- return 1;
- default:
- return 0;
- }
+ )
+ return 1;
+
+ if (!EVP_CIPHER_is_a(c, "AES-128-CBC")
+ && !EVP_CIPHER_is_a(c, "AES-256-CBC"))
+ return 0;
+
+ if (s->ext.use_etm)
+ return 0;
+
+ if (md == NULL
+ || EVP_MD_is_a(md, "SHA1")
+ || EVP_MD_is_a(md, "SHA2-256")
+ || EVP_MD_is_a(md, "SHA2-384"))
+ return 1;
+
+ return 0;
+}
+
+/*-
+ * Check if a given cipher is supported by the KTLS interface.
+ * The kernel might still fail the setsockopt() if no suitable
+ * provider is found, but this checks if the socket option
+ * supports the cipher suite used at all.
+ */
+static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
+ const EVP_CIPHER *c,
+ const EVP_MD *md,
+ size_t taglen)
+{
+ switch (rl->version) {
+ case TLS1_VERSION:
+ case TLS1_1_VERSION:
+ case TLS1_2_VERSION:
+ case TLS1_3_VERSION:
+ break;
default:
return 0;
}
+
+ if (EVP_CIPHER_is_a(c, "AES-128-GCM")
+ || EVP_CIPHER_is_a(c, "AES-256-GCM")
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+ || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
+# endif
+ )
+ return 1;
+
+ if (!EVP_CIPHER_is_a(c, "AES-128-CBC")
+ && !EVP_CIPHER_is_a(c, "AES-256-CBC"))
+ return 0;
+
+ if (rl->use_etm)
+ return 0;
+
+ if (md == NULL
+ || EVP_MD_is_a(md, "SHA1")
+ || EVP_MD_is_a(md, "SHA2-256")
+ || EVP_MD_is_a(md, "SHA2-384"))
+ return 1;
+
+ return 0;
}
/* Function to configure kernel TLS structure */
#if defined(OPENSSL_SYS_LINUX)
-/* Function to check supported ciphers in Linux */
+/*
+ * TODO(RECLAYER): This is essentially a copy of ktls_int_check_supported_cipher
+ * but using an SSL object instead of an OSSL_RECORD_LAYER object. Once
+ * everything has been moved to the reocrd layer this can be deleted
+ */
int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c,
- size_t taglen)
+ const EVP_MD *md, size_t taglen)
{
switch (s->version) {
case TLS1_2_VERSION:
return 0;
}
+/* Function to check supported ciphers in Linux */
+static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl,
+ const EVP_CIPHER *c,
+ const EVP_MD *md,
+ size_t taglen)
+{
+ switch (rl->version) {
+ case TLS1_2_VERSION:
+ case TLS1_3_VERSION:
+ break;
+ default:
+ return 0;
+ }
+
+ /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
+ * or Chacha20-Poly1305
+ */
+# ifdef OPENSSL_KTLS_AES_CCM_128
+ if (EVP_CIPHER_is_a(c, "AES-128-CCM")) {
+ if (rl->version == TLS_1_3_VERSION /* broken on 5.x kernels */
+ || taglen != EVP_CCM_TLS_TAG_LEN)
+ return 0;
+ return 1;
+ } else
+# endif
+ if (0
+# ifdef OPENSSL_KTLS_AES_GCM_128
+ || EVP_CIPHER_is_a(c, "AES-128-GCM")
+# endif
+# ifdef OPENSSL_KTLS_AES_GCM_256
+ || EVP_CIPHER_is_a(c, "AES-256-GCM")
+# endif
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+ || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305")
+# endif
+ ) {
+ return 1;
+ }
+ return 0;
+}
+
/* Function to configure kernel TLS structure */
int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c,
void *rl_sequence, ktls_crypto_info_t *crypto_info,
return OSSL_RECORD_RETURN_NON_FATAL_ERR;
/* check that cipher is supported */
- if (!ktls_check_supported_cipher(s, ciph, taglen))
+ if (!ktls_int_check_supported_cipher(rl, ciph, md, taglen))
return OSSL_RECORD_RETURN_NON_FATAL_ERR;
/*
/* Only used by SSLv3 */
unsigned char mac_secret[EVP_MAX_MD_SIZE];
+ /* TLSv1.0/TLSv1.1/TLSv1.2 */
+ int use_etm;
+
/* TLSv1.3 fields */
/* static IV */
unsigned char iv[EVP_MAX_IV_LENGTH];
int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *ciph,
- const EVP_MD *md,
- SSL_CONNECTION *s);
+ const EVP_MD *md);
/* ssl3_cbc.c */
__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
__owur int ssl3_cbc_digest_record(const EVP_MD *md,
}
if (EVP_CIPHER_get0_provider(ciph) != NULL
- && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md, s)) {
+ && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) {
return OSSL_RECORD_RETURN_FATAL;
}
if (level != OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)
return OSSL_RECORD_RETURN_FATAL;
- if (s->ext.use_etm)
- s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
- else
- s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
-
- if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
- s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
- else
- s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
-
- if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE)
- s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE;
- else
- s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE;
-
if ((rl->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return OSSL_RECORD_RETURN_FATAL;
return OSSL_RECORD_RETURN_FATAL;
}
if (EVP_CIPHER_get0_provider(ciph) != NULL
- && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md, s))
+ && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md))
return OSSL_RECORD_RETURN_FATAL;
return OSSL_RECORD_RETURN_SUCCESS;
* So if we are in ETM mode, we use seq 'as is' in the ctrl-function.
* Otherwise we have to decrease it in the implementation
*/
- if (sending && !SSL_WRITE_ETM(s))
+ if (sending && !rl->use_etm)
decrement_seq = 1;
seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
header[11] = (unsigned char)(rec->length >> 8);
header[12] = (unsigned char)(rec->length & 0xff);
- if (!sending && !SSL_READ_ETM(ssl)
+ if (!sending && !rl->use_etm
&& EVP_CIPHER_CTX_get_mode(rl->enc_read_ctx) == EVP_CIPH_CBC_MODE
&& ssl3_cbc_record_digest_supported(mac_ctx)) {
OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params;
int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *ciph,
- const EVP_MD *md,
- SSL_CONNECTION *s)
+ const EVP_MD *md)
{
/*
* Provided cipher, the TLS padding/MAC removal is performed provider
int imacsize = -1;
if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0
- /*
- * We look at s->ext.use_etm instead of SSL_READ_ETM() or
- * SSL_WRITE_ETM() because this test applies to both reading
- * and writing.
- */
- && !s->ext.use_etm)
+ && !rl->use_etm)
imacsize = EVP_MD_get_size(md);
if (imacsize >= 0)
macsize = (size_t)imacsize;
* If in encrypt-then-mac mode calculate mac from encrypted record. All
* the details below are public so no timing details can leak.
*/
- if (SSL_READ_ETM(s) && rl->read_hash) {
+ if (rl->use_etm && rl->read_hash) {
unsigned char *mac;
for (j = 0; j < num_recs; j++) {
/* r->length is now the compressed data plus mac */
if ((sess != NULL)
&& (rl->enc_read_ctx != NULL)
- && (!SSL_READ_ETM(s) && EVP_MD_CTX_get0_md(rl->read_hash) != NULL)) {
+ && (!rl->use_etm && EVP_MD_CTX_get0_md(rl->read_hash) != NULL)) {
/* rl->read_hash != NULL => mac_size != -1 */
for (j = 0; j < num_recs; j++) {
goto err;
}
+ /* Loop through all the settings since they must all be understood */
+ for (p = settings; p->key != NULL; p++) {
+ if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM) == 0) {
+ if (!OSSL_PARAM_get_int(p, &rl->use_etm)) {
+ RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
+ goto err;
+ }
+ break;
+ } else {
+ RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_MANDATORY_PARAMETER);
+ goto err;
+ }
+ }
+
+
if (level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) {
/*
* We ignore any read_ahead setting prior to the application protection
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include <openssl/core_names.h>
-#include <openssl/param_build.h>
#include "record_local.h"
#include "internal/packet.h"
int mactype, const EVP_MD *md,
const SSL_COMP *comp)
{
- OSSL_PARAM_BLD *tmpl = NULL;
- OSSL_PARAM *options = NULL;
+ OSSL_PARAM options[4], *opts = options;
+ OSSL_PARAM settings[2], *set = settings;
const OSSL_RECORD_METHOD *origmeth = s->rrlmethod;
- int ret = 0;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
const OSSL_RECORD_METHOD *meth;
+ int use_etm;
meth = ssl_select_next_record_layer(s, level);
if (s->rrlmethod != NULL && !s->rrlmethod->free(s->rrl)) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
- goto err;
+ return 0;
}
if (meth != NULL)
return 0;
}
- if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
- || !OSSL_PARAM_BLD_push_uint64(tmpl,
- OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS,
- s->options)
- || !OSSL_PARAM_BLD_push_uint32(tmpl,
- OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE,
- s->mode)
- || !OSSL_PARAM_BLD_push_int(tmpl,
- OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD,
- s->rlayer.read_ahead)
- || (options = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
- goto err;
- }
+ /* Parameters that *may* be supported by a record layer if passed */
+ *opts++ = OSSL_PARAM_construct_uint64(OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS,
+ &s->options);
+ *opts++ = OSSL_PARAM_construct_uint32(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE,
+ &s->mode);
+ *opts++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE,
+ &s->rlayer.read_ahead);
+ *opts = OSSL_PARAM_construct_end();
+
+ /* Parameters that *must* be supported by a record layer if passed */
+ if (direction == OSSL_RECORD_DIRECTION_READ)
+ use_etm = SSL_READ_ETM(s) ? 1 : 0;
+ else
+ use_etm = SSL_WRITE_ETM(s) ? 1 : 0;
+
+ if (use_etm)
+ *set++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM,
+ &use_etm);
+ *set = OSSL_PARAM_construct_end();
for (;;) {
int rlret;
if (s->rrlnext == NULL) {
BIO_free(prev);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- goto err;
+ return 0;
}
rlret = s->rrlmethod->new_record_layer(sctx->libctx, sctx->propq,
level, key, keylen, iv, ivlen,
mackey, mackeylen, ciph, taglen,
mactype, md, comp, prev, s->rbio,
- s->rrlnext, NULL, NULL, NULL,
+ s->rrlnext, NULL, NULL, settings,
options, &s->rrl, s);
BIO_free(prev);
switch (rlret) {
case OSSL_RECORD_RETURN_FATAL:
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_RECORD_LAYER_FAILURE);
- goto err;
+ return 0;
case OSSL_RECORD_RETURN_NON_FATAL_ERR:
if (s->rrlmethod != origmeth && origmeth != NULL) {
continue;
}
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_RECORD_LAYER);
- goto err;
+ return 0;
case OSSL_RECORD_RETURN_SUCCESS:
break;
default:
/* Should not happen */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- goto err;
+ return 0;
}
break;
}
- ret = ssl_post_record_layer_select(s);
- err:
- OSSL_PARAM_free(options);
- OSSL_PARAM_BLD_free(tmpl);
-
- return ret;
+ return ssl_post_record_layer_select(s);
}
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_DIGEST), "unknown digest"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
"unknown key exchange type"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_MANDATORY_PARAMETER),
+ "unknown mandatory parameter"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SSL_VERSION),
# ifndef OPENSSL_NO_KTLS
/* ktls.c */
int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c,
- size_t taglen);
-int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c,
- void *rl_sequence, ktls_crypto_info_t *crypto_info,
- int is_tx, unsigned char *iv, size_t ivlen,
- unsigned char *key, size_t keylen,
- unsigned char *mac_key, size_t mac_secret_size);
+ const EVP_MD *md, size_t taglen);
+int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c, void *rl_sequence,
+ ktls_crypto_info_t *crypto_info, int is_tx,
+ unsigned char *iv, size_t ivlen, unsigned char *key,
+ size_t keylen, unsigned char *mac_key,
+ size_t mac_secret_size);
# endif
__owur int srp_generate_server_master_secret(SSL_CONNECTION *s);
}
if (which & SSL3_CC_READ) {
- if (SSL_CONNECTION_IS_DTLS(s)) {
- if (s->ext.use_etm)
- s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
- else
- s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+ if (s->ext.use_etm)
+ s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+ else
+ s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
- if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
- s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
- else
- s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
+ if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+ s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
+ else
+ s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
- if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE)
- s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE;
- else
- s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE;
+ if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE)
+ s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE;
+ else
+ s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE;
+ if (SSL_CONNECTION_IS_DTLS(s)) {
if (s->enc_read_ctx != NULL) {
reuse_dd = 1;
} else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
goto skip_ktls;
/* check that cipher is supported */
- if (!ktls_check_supported_cipher(s, c, taglen))
+ if (!ktls_check_supported_cipher(s, c, m, taglen))
goto skip_ktls;
if (which & SSL3_CC_WRITE)
goto skip_ktls;
/* check that cipher is supported */
- if (!ktls_check_supported_cipher(s, cipher, taglen))
+ if (!ktls_check_supported_cipher(s, cipher, NULL, taglen))
goto skip_ktls;
if (which & SSL3_CC_WRITE)
die "Cannot mix -internal and -static\n" if $static;
die "Extra parameters given.\n" if @ARGV;
@source = ( glob('crypto/*.c'), glob('crypto/*/*.c'),
- glob('ssl/*.c'), glob('ssl/*/*.c'), glob('providers/*.c'),
- glob('providers/*/*.c'), glob('providers/*/*/*.c') );
+ glob('ssl/*.c'), glob('ssl/*/*.c'), glob('ssl/*/*/*.c'),
+ glob('providers/*.c'), glob('providers/*/*.c'),
+ glob('providers/*/*/*.c') );
} else {
die "-module isn't useful without -internal\n" if scalar keys %modules > 0;
@source = @ARGV;
projects / openssl.git / commitdiff