Some minor formatting cleanups and other minor tweaks.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
* have already processed all of the unprocessed records from the last
* epoch
*/
- else if (rr->epoch == (unsigned long)(rl->epoch + 1) &&
- rl->unprocessed_rcds.epoch != rl->epoch &&
- (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
+ else if (rr->epoch == (unsigned long)(rl->epoch + 1)
+ && rl->unprocessed_rcds.epoch != rl->epoch
+ && (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
*is_next_epoch = 1;
return &rl->next_bitmap;
}
rr = &rl->rrec[0];
/*
- * At this point, rl->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
+ * At this point, rl->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length,
* and we have that many bytes in rl->packet
*/
rr->input = &(rl->packet[DTLS1_RT_HEADER_LENGTH]);
if (tmpmd != NULL) {
imac_size = EVP_MD_get_size(tmpmd);
if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
- return 0;
+ RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
+ return 0;
}
mac_size = (size_t)imac_size;
}
}
- if (rl->use_etm && rl->md_ctx) {
+ if (rl->use_etm && rl->md_ctx != NULL) {
unsigned char *mac;
if (rr->orig_len < mac_size) {
&& (EVP_MD_CTX_get0_md(rl->md_ctx) != NULL)) {
/* rl->md_ctx != NULL => mac_size != -1 */
- i = rl->funcs->mac(rl, rr, md, 0 /* not send */ );
+ i = rl->funcs->mac(rl, rr, md, 0 /* not send */);
if (i == 0 || macbuf.mac == NULL
|| CRYPTO_memcmp(md, macbuf.mac, mac_size) != 0)
enc_err = 0;
goto end;
}
-
rr->off = 0;
/*-
* So at this point the following is true
SSL3_BUFFER_get_len(&rl->rbuf), 0, 1, &n);
/* read timeout is handled by dtls1_read_bytes */
if (rret < OSSL_RECORD_RETURN_SUCCESS) {
- /* SSLfatal() already called if appropriate */
+ /* RLAYERfatal() already called if appropriate */
return rret; /* error or non-blocking */
}
}
}
-
if (ssl_major !=
(rl->version == DTLS_ANY_VERSION ? DTLS1_VERSION_MAJOR
- : rl->version >> 8)) {
+ : rl->version >> 8)) {
/* wrong version, silently discard record */
rr->length = 0;
rl->packet_length = 0;
goto again;
}
-
/*
* If received packet overflows maximum possible fragment length then
* silently discard it
/* rl->rstate == SSL_ST_READ_BODY, get and decode the data */
- if (rr->length >
- rl->packet_length - DTLS1_RT_HEADER_LENGTH) {
+ if (rr->length > rl->packet_length - DTLS1_RT_HEADER_LENGTH) {
/* now rl->packet_length == DTLS1_RT_HEADER_LENGTH */
more = rr->length;
rret = rl->funcs->read_n(rl, more, more, 1, 1, &n);
*/
if (is_next_epoch) {
if (rl->in_init) {
- if (dtls_rlayer_buffer_record(rl,
- &(rl->unprocessed_rcds),
- rr->seq_num) < 0) {
- /* SSLfatal() already called */
+ if (dtls_rlayer_buffer_record(rl, &(rl->unprocessed_rcds),
+ rr->seq_num) < 0) {
+ /* RLAYERfatal() already called */
return OSSL_RECORD_RETURN_FATAL;
}
}
rl->num_recs = 1;
return OSSL_RECORD_RETURN_SUCCESS;
-
}
static int dtls_free(OSSL_RECORD_LAYER *rl)
{
int ret;
-
ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
key, keylen, iv, ivlen, mackey, mackeylen,
ciph, taglen, mactype, md, comp, prev,
(*retrl)->unprocessed_rcds.q = pqueue_new();
(*retrl)->processed_rcds.q = pqueue_new();
- if ((*retrl)->unprocessed_rcds.q == NULL || (*retrl)->processed_rcds.q == NULL) {
+ if ((*retrl)->unprocessed_rcds.q == NULL
+ || (*retrl)->processed_rcds.q == NULL) {
dtls_free(*retrl);
*retrl = NULL;
RLAYERfatal(*retrl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
}
ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
- ivlen, mackey, mackeylen, ciph,
- taglen, mactype, md, comp);
+ ivlen, mackey, mackeylen, ciph,
+ taglen, mactype, md, comp);
err:
if (ret != OSSL_RECORD_RETURN_SUCCESS) {
}
if (EVP_CIPHER_is_a(c, "AES-128-GCM")
- || EVP_CIPHER_is_a(c, "AES-256-GCM")
+ || EVP_CIPHER_is_a(c, "AES-256-GCM")
# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
- || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
+ || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
# endif
)
- return 1;
+ return 1;
if (!EVP_CIPHER_is_a(c, "AES-128-CBC")
&& !EVP_CIPHER_is_a(c, "AES-256-CBC"))
}
if (EVP_CIPHER_is_a(c, "AES-128-GCM")
- || EVP_CIPHER_is_a(c, "AES-256-GCM")
+ || EVP_CIPHER_is_a(c, "AES-256-GCM")
# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
- || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
+ || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305")
# endif
)
- return 1;
+ return 1;
if (!EVP_CIPHER_is_a(c, "AES-128-CBC")
&& !EVP_CIPHER_is_a(c, "AES-256-CBC"))
if (rl->use_etm)
return 0;
- if (md == NULL
- || EVP_MD_is_a(md, "SHA1")
+ if (md == NULL)
+ return 0;
+
+ if (EVP_MD_is_a(md, "SHA1")
|| EVP_MD_is_a(md, "SHA2-256")
|| EVP_MD_is_a(md, "SHA2-384"))
return 1;
} else
# endif
if (EVP_CIPHER_is_a(c, "AES-128-CBC") || EVP_CIPHER_is_a(c, "AES-256-CBC")) {
+ if (md == NULL)
+ return 0;
if (EVP_MD_is_a(md, "SHA1"))
crypto_info->auth_algorithm = CRYPTO_SHA1_HMAC;
else if (EVP_MD_is_a(md, "SHA2-256")) {
return 0;
}
- /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
+ /*
+ * Check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
* or Chacha20-Poly1305
*/
# ifdef OPENSSL_KTLS_AES_CCM_128
return 0;
}
- /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
+ /*
+ * Check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
* or Chacha20-Poly1305
*/
# ifdef OPENSSL_KTLS_AES_CCM_128
}
memset(crypto_info, 0, sizeof(*crypto_info));
- switch (EVP_CIPHER_get_nid(c))
- {
+ switch (EVP_CIPHER_get_nid(c)) {
# ifdef OPENSSL_KTLS_AES_GCM_128
case NID_aes_128_gcm:
- if (!ossl_assert(TLS_CIPHER_AES_GCM_128_SALT_SIZE == EVP_GCM_TLS_FIXED_IV_LEN)
- || !ossl_assert(TLS_CIPHER_AES_GCM_128_IV_SIZE == EVP_GCM_TLS_EXPLICIT_IV_LEN))
+ if (!ossl_assert(TLS_CIPHER_AES_GCM_128_SALT_SIZE
+ == EVP_GCM_TLS_FIXED_IV_LEN)
+ || !ossl_assert(TLS_CIPHER_AES_GCM_128_IV_SIZE
+ == EVP_GCM_TLS_EXPLICIT_IV_LEN))
return 0;
crypto_info->gcm128.info.cipher_type = TLS_CIPHER_AES_GCM_128;
crypto_info->gcm128.info.version = version;
# endif
# ifdef OPENSSL_KTLS_AES_GCM_256
case NID_aes_256_gcm:
- if (!ossl_assert(TLS_CIPHER_AES_GCM_256_SALT_SIZE == EVP_GCM_TLS_FIXED_IV_LEN)
- || !ossl_assert(TLS_CIPHER_AES_GCM_256_IV_SIZE == EVP_GCM_TLS_EXPLICIT_IV_LEN))
+ if (!ossl_assert(TLS_CIPHER_AES_GCM_256_SALT_SIZE
+ == EVP_GCM_TLS_FIXED_IV_LEN)
+ || !ossl_assert(TLS_CIPHER_AES_GCM_256_IV_SIZE
+ == EVP_GCM_TLS_EXPLICIT_IV_LEN))
return 0;
crypto_info->gcm256.info.cipher_type = TLS_CIPHER_AES_GCM_256;
crypto_info->gcm256.info.version = version;
# endif
# ifdef OPENSSL_KTLS_AES_CCM_128
case NID_aes_128_ccm:
- if (!ossl_assert(TLS_CIPHER_AES_CCM_128_SALT_SIZE == EVP_CCM_TLS_FIXED_IV_LEN)
- || !ossl_assert(TLS_CIPHER_AES_CCM_128_IV_SIZE == EVP_CCM_TLS_EXPLICIT_IV_LEN))
+ if (!ossl_assert(TLS_CIPHER_AES_CCM_128_SALT_SIZE
+ == EVP_CCM_TLS_FIXED_IV_LEN)
+ || !ossl_assert(TLS_CIPHER_AES_CCM_128_IV_SIZE
+ == EVP_CCM_TLS_EXPLICIT_IV_LEN))
return 0;
crypto_info->ccm128.info.cipher_type = TLS_CIPHER_AES_CCM_128;
crypto_info->ccm128.info.version = version;
case NID_chacha20_poly1305:
if (!ossl_assert(ivlen == TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE))
return 0;
- crypto_info->chacha20poly1305.info.cipher_type = TLS_CIPHER_CHACHA20_POLY1305;
+ crypto_info->chacha20poly1305.info.cipher_type
+ = TLS_CIPHER_CHACHA20_POLY1305;
crypto_info->chacha20poly1305.info.version = version;
crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305);
memcpy(crypto_info->chacha20poly1305.iv, iv, ivlen);
void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
const char *fmt, ...);
-# define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL)
-# define RLAYERfatal_data \
+#define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL)
+#define RLAYERfatal_data \
(ERR_new(), \
ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
ossl_rlayer_fatal)
-# define RLAYER_USE_EXPLICIT_IV(rl) ((rl)->version == TLS1_1_VERSION \
- || (rl)->version == TLS1_2_VERSION \
- || (rl)->isdtls)
+#define RLAYER_USE_EXPLICIT_IV(rl) ((rl)->version == TLS1_1_VERSION \
+ || (rl)->version == TLS1_2_VERSION \
+ || (rl)->isdtls)
int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
EVP_CIPHER_CTX *ctx,
size_t *sent);
int tls_get_alert_code(OSSL_RECORD_LAYER *rl);
int tls_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio);
-int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
+int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
int *type, unsigned char **data, size_t *datalen,
uint16_t *epoch, unsigned char *seq_num);
int tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle);
* moved out of libssl.
*/
-
/*
* MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for
* internal use.
* little-endian order. The value of p is advanced by four.
*/
# define u32toLE(n, p) \
- (*((p)++)=(unsigned char)(n), \
- *((p)++)=(unsigned char)(n>>8), \
- *((p)++)=(unsigned char)(n>>16), \
- *((p)++)=(unsigned char)(n>>24))
+ (*((p)++) = (unsigned char)(n ), \
+ *((p)++) = (unsigned char)(n >> 8), \
+ *((p)++) = (unsigned char)(n >> 16), \
+ *((p)++) = (unsigned char)(n >> 24))
/*
* These functions serialize the state of a hash and thus perform the
static void tls1_md5_final_raw(void *ctx, unsigned char *md_out)
{
MD5_CTX *md5 = ctx;
+
u32toLE(md5->A, md_out);
u32toLE(md5->B, md_out);
u32toLE(md5->C, md_out);
static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
{
SHA_CTX *sha1 = ctx;
+
l2n(sha1->h0, md_out);
l2n(sha1->h1, md_out);
l2n(sha1->h2, md_out);
SHA256_CTX *sha256 = ctx;
unsigned i;
- for (i = 0; i < 8; i++) {
+ for (i = 0; i < 8; i++)
l2n(sha256->h[i], md_out);
- }
}
static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
SHA512_CTX *sha512 = ctx;
unsigned i;
- for (i = 0; i < 8; i++) {
+ for (i = 0; i < 8; i++)
l2n8(sha512->h[i], md_out);
- }
}
#undef LARGEST_DIGEST_CTX
md_transform =
(void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
md_size = 224 / 8;
- } else if (EVP_MD_is_a(md, "SHA2-256")) {
+ } else if (EVP_MD_is_a(md, "SHA2-256")) {
if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha256_final_raw;
md_transform =
(void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
md_size = 32;
- } else if (EVP_MD_is_a(md, "SHA2-384")) {
+ } else if (EVP_MD_is_a(md, "SHA2-384")) {
if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
return 0;
md_final_raw = tls1_sha512_final_raw;
header_length = 13;
if (is_sslv3) {
- header_length = mac_secret_length + sslv3_pad_length + 8 /* sequence
- * number */ +
- 1 /* record type */ +
- 2 /* record length */ ;
+ header_length = mac_secret_length
+ + sslv3_pad_length
+ + 8 /* sequence number */
+ + 1 /* record type */
+ + 2; /* record length */
}
/*
* short and there obviously cannot be this many blocks then
* variance_blocks can be reduced.
*/
- variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1);
+ variance_blocks = is_sslv3 ? 2
+ : (((255 + 1 + md_size + md_block_size - 1)
+ / md_block_size) + 1);
/*
* From now on we're dealing with the MAC, which conceptually has 13
* bytes of `header' before the start of the data (TLS) or 71/75 bytes
unsigned char block[MAX_HASH_BLOCK_SIZE];
unsigned char is_block_a = constant_time_eq_8_s(i, index_a);
unsigned char is_block_b = constant_time_eq_8_s(i, index_b);
+
for (j = 0; j < md_block_size; j++) {
unsigned char b = 0, is_past_c, is_past_cp1;
+
if (k < header_length)
b = header[k];
else if (k < data_plus_mac_plus_padding_size + header_length)
if (md_ctx == NULL)
goto err;
- if (EVP_DigestInit_ex(md_ctx, md, NULL /* engine */ ) <= 0)
+ if (EVP_DigestInit_ex(md_ctx, md, NULL /* engine */) <= 0)
goto err;
if (is_sslv3) {
/* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
if (EVP_CIPHER_get0_provider(ciph) != NULL
&& !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) {
+ /* ERR_raise already called */
return OSSL_RECORD_RETURN_FATAL;
}
if ((bs != 1) && sending && !provided) {
/*
- * We only do this for legacy ciphers. Provided ciphers add the
- * padding on the provider side.
- */
+ * We only do this for legacy ciphers. Provided ciphers add the
+ * padding on the provider side.
+ */
i = bs - (l % bs);
/* we need to add 'i-1' padding bytes */
l += i;
/*
- * the last of these zero bytes will be overwritten with the
- * padding length.
- */
+ * the last of these zero bytes will be overwritten with the
+ * padding length.
+ */
memset(&rec->input[rec->length], 0, i);
rec->length += i;
rec->input[l - 1] = (unsigned char)(i - 1);
int outlen;
if (!EVP_CipherUpdate(ds, rec->data, &outlen, rec->input,
- (unsigned int)l))
+ (unsigned int)l))
return 0;
rec->length = outlen;
mac->alloced = 0;
*p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC,
- (void **)&mac->mac,
- macsize);
+ (void **)&mac->mac,
+ macsize);
*p = OSSL_PARAM_construct_end();
if (!EVP_CIPHER_CTX_get_params(ds, params)) {
mode = EVP_CIPHER_get_mode(ciph);
if (EVP_DecryptInit_ex(ciph_ctx, ciph, NULL, NULL, NULL) <= 0
- || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) <= 0
+ || EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen,
+ NULL) <= 0
|| (mode == EVP_CIPH_CCM_MODE
- && EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0)
+ && EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
+ NULL) <= 0)
|| EVP_DecryptInit_ex(ciph_ctx, NULL, NULL, key, NULL) <= 0) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
/* Strip trailing padding */
- for (end = rec->length - 1; end > 0 && rec->data[end] == 0;
- end--)
+ for (end = rec->length - 1; end > 0 && rec->data[end] == 0; end--)
continue;
rec->length = end;
* If we have an AEAD Cipher, then there is no separate MAC, so we can skip
* setting up the MAC key.
*/
- if (!(EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
+ if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0) {
if (mactype == EVP_PKEY_HMAC) {
mac_key = EVP_PKEY_new_raw_private_key_ex(rl->libctx, "HMAC",
rl->propq, mackey,
#define MAX_PADDING 256
/*-
- * tls1_cipher encrypts/decrypts |n_recs| in |recs|. Calls SSLfatal on internal
- * error, but not otherwise. It is the responsibility of the caller to report
- * a bad_record_mac - if appropriate (DTLS just drops the record).
+ * tls1_cipher encrypts/decrypts |n_recs| in |recs|. Calls RLAYERfatal on
+ * internal error, but not otherwise. It is the responsibility of the caller to
+ * report a bad_record_mac - if appropriate (DTLS just drops the record).
*
* Returns:
* 0: if the record is publicly invalid, or an internal error, or AEAD
if (EVP_MD_CTX_get0_md(rl->md_ctx)) {
int n = EVP_MD_CTX_get_size(rl->md_ctx);
+
if (!ossl_assert(n >= 0)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
ds = rl->enc_ctx;
- if (!ossl_assert(rl->enc_ctx)) {
+ if (!ossl_assert(rl->enc_ctx != NULL)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
} else if (RAND_bytes_ex(rl->libctx, recs[ctr].input,
- ivlen, 0) <= 0) {
+ ivlen, 0) <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
if (n_recs > 1) {
if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds))
- & EVP_CIPH_FLAG_PIPELINE) == 0) {
+ & EVP_CIPH_FLAG_PIPELINE) == 0) {
/*
* We shouldn't have been called with pipeline data if the
* cipher doesn't support pipelining
reclen[ctr] = recs[ctr].length;
if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds))
- & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
+ & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
unsigned char *seq;
seq = rl->sequence;
buf[ctr][11] = (unsigned char)(recs[ctr].length >> 8);
buf[ctr][12] = (unsigned char)(recs[ctr].length & 0xff);
pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,
- EVP_AEAD_TLS1_AAD_LEN, buf[ctr]);
+ EVP_AEAD_TLS1_AAD_LEN, buf[ctr]);
if (pad <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
reclen[ctr] += pad;
recs[ctr].length += pad;
}
-
} else if ((bs != 1) && sending && !provided) {
/*
* We only do this for legacy ciphers. Provided ciphers add the
unsigned char *data[SSL_MAX_PIPELINES];
/* Set the output buffers */
- for (ctr = 0; ctr < n_recs; ctr++) {
+ for (ctr = 0; ctr < n_recs; ctr++)
data[ctr] = recs[ctr].data;
- }
+
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
(int)n_recs, data) <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_PIPELINE_FAILURE);
return 0;
}
/* Set the input buffers */
- for (ctr = 0; ctr < n_recs; ctr++) {
+ for (ctr = 0; ctr < n_recs; ctr++)
data[ctr] = recs[ctr].input;
- }
+
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
(int)n_recs, data) <= 0
|| EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS,
- (int)n_recs, reclen) <= 0) {
+ (int)n_recs, reclen) <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_PIPELINE_FAILURE);
return 0;
}
int outlen;
/* Provided cipher - we do not support pipelining on this path */
- if (n_recs > 1) {
+ if (n_recs > 1) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
if (!EVP_CipherUpdate(ds, recs[0].data, &outlen, recs[0].input,
- (unsigned int)reclen[0]))
+ (unsigned int)reclen[0]))
return 0;
recs[0].length = outlen;
*/
if (!sending) {
if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) {
- recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
- recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
} else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) {
- recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
- recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
} else if (bs != 1 && RLAYER_USE_EXPLICIT_IV(rl)) {
recs[0].data += bs;
recs[0].input += bs;
macs[0].alloced = 0;
*p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC,
- (void **)&macs[0].mac,
- macsize);
+ (void **)&macs[0].mac,
+ macsize);
*p = OSSL_PARAM_construct_end();
if (!EVP_CIPHER_CTX_get_params(ds, params)) {
/* Legacy cipher */
tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input,
- (unsigned int)reclen[0]);
+ (unsigned int)reclen[0]);
if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds))
- & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0
+ & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0
? (tmpr < 0)
: (tmpr == 0)) {
/* AEAD can fail to verify MAC */
recs[ctr].data,
(macs != NULL) ? &macs[ctr].mac : NULL,
(macs != NULL) ? &macs[ctr].alloced
- : NULL,
+ : NULL,
bs,
pad ? (size_t)pad : macsize,
(EVP_CIPHER_get_flags(enc)
if (!rl->isdtls
&& rl->tlstree
- && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) {
+ && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0)
goto end;
- }
if (rl->isdtls) {
unsigned char dtlsseq[8], *p = dtlsseq;
memcpy(p, &seq[2], 6);
memcpy(header, dtlsseq, 8);
- } else
+ } else {
memcpy(header, seq, 8);
+ }
header[8] = rec->type;
header[9] = (unsigned char)(rl->version >> 8);
*p++ = OSSL_PARAM_construct_end();
if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_get_pkey_ctx(mac_ctx),
- tls_hmac_params)) {
+ tls_hmac_params))
goto end;
- }
}
if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
- || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
+ || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0)
goto end;
- }
OSSL_TRACE_BEGIN(TLS) {
BIO_printf(trc_out, "seq:\n");
else
headerlen = SSL3_RT_HEADER_LENGTH;
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
#endif
SSL3_BUFFER *b;
b = &rl->rbuf;
- if (rl->options & SSL_OP_CLEANSE_PLAINTEXT)
+ if ((rl->options & SSL_OP_CLEANSE_PLAINTEXT) != 0)
OPENSSL_cleanse(b->buf, b->len);
OPENSSL_free(b->buf);
b->buf = NULL;
BIO *bio = rl->prev != NULL ? rl->prev : rl->bio;
/*
- * Now we have len+left bytes at the front of s->s3.rbuf.buf and
- * need to read in more until we have len+n (up to len+max if
+ * Now we have len+left bytes at the front of rl->rbuf.buf and
+ * need to read in more until we have len + n (up to len + max if
* possible)
*/
if (max_early_data == 0) {
RLAYERfatal(rl, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
- SSL_R_TOO_MUCH_EARLY_DATA);
+ SSL_R_TOO_MUCH_EARLY_DATA);
return 0;
}
if (rl->early_data_count + length > max_early_data) {
RLAYERfatal(rl, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
- SSL_R_TOO_MUCH_EARLY_DATA);
+ SSL_R_TOO_MUCH_EARLY_DATA);
return 0;
}
rl->early_data_count += length;
/*
* MAX_EMPTY_RECORDS defines the number of consecutive, empty records that
- * will be processed per call to ssl3_get_record. Without this limit an
+ * will be processed per call to tls_get_more_records. Without this limit an
* attacker could send empty records at a faster rate than we can process and
- * cause ssl3_get_record to loop forever.
+ * cause tls_get_more_records to loop forever.
*/
#define MAX_EMPTY_RECORDS 32
thisrr->length = sslv2len & 0x7fff;
if (thisrr->length > SSL3_BUFFER_get_len(rbuf)
- - SSL2_RT_HEADER_LENGTH) {
+ - SSL2_RT_HEADER_LENGTH) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
SSL_R_PACKET_LENGTH_TOO_LONG);
return OSSL_RECORD_RETURN_FATAL;
*/
if (thisrr->rec_version == SSL2_VERSION) {
more = thisrr->length + SSL2_RT_HEADER_LENGTH
- - SSL3_RT_HEADER_LENGTH;
+ - SSL3_RT_HEADER_LENGTH;
} else {
more = thisrr->length;
}
if (tmpmd != NULL) {
imac_size = EVP_MD_get_size(tmpmd);
if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
- return OSSL_RECORD_RETURN_FATAL;
+ RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
+ return OSSL_RECORD_RETURN_FATAL;
}
mac_size = (size_t)imac_size;
}
for (j = 0; j < num_recs; j++) {
SSL_MAC_BUF *thismb = &macbufs[j];
+
thisrr = &rr[j];
i = rl->funcs->mac(rl, thisrr, md, 0 /* not send */);
/* just read a 0 length packet */
if (thisrr->length == 0) {
if (++(rl->empty_record_count) > MAX_EMPTY_RECORDS) {
- RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_RECORD_TOO_SMALL);
+ RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_R_RECORD_TOO_SMALL);
goto end;
}
} else {
#ifndef OPENSSL_NO_COMP
/*
- * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH
- * does not include the compression overhead anyway.
- */
+ * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH
+ * does not include the compression overhead anyway.
+ */
if (rl->expand == NULL)
len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
if (rec->comp == NULL)
return 0;
- i = COMP_expand_block(rl->expand, rec->comp,
- SSL3_RT_MAX_PLAIN_LENGTH, rec->data, (int)rec->length);
+ i = COMP_expand_block(rl->expand, rec->comp, SSL3_RT_MAX_PLAIN_LENGTH,
+ rec->data, (int)rec->length);
if (i < 0)
return 0;
else
}
rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &rec->type,
- 1, rl->cbarg);
+ 1, rl->cbarg);
/*
* TLSv1.3 alert and handshake records are required to be non-zero in
* length.
*/
- if ((rec->type == SSL3_RT_HANDSHAKE
- || rec->type == SSL3_RT_ALERT)
+ if ((rec->type == SSL3_RT_HANDSHAKE || rec->type == SSL3_RT_ALERT)
&& rec->length == 0) {
RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_LENGTH);
return 0;
return 1;
}
-int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
+int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
int *type, unsigned char **data, size_t *datalen,
uint16_t *epoch, unsigned char *seq_num)
{
SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
- } else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE) == 0) {
+ } else if (strcmp(p->key,
+ OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->tlstree)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_FAILED_TO_GET_PARAMETER);
size_t ivlen, unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
- const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
+ const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
const OSSL_DISPATCH *fns, void *cbarg,
OSSL_RECORD_LAYER **retrl)
{
int ret;
-
+
ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
key, keylen, iv, ivlen, mackey, mackeylen,
ciph, taglen, mactype, md, comp, prev,
}
ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
- ivlen, mackey, mackeylen, ciph,
- taglen, mactype, md, comp);
+ ivlen, mackey, mackeylen, ciph,
+ taglen, mactype, md, comp);
err:
if (ret != OSSL_RECORD_RETURN_SUCCESS) {
return ret;
}
-
int tls_reset(OSSL_RECORD_LAYER *rl)
{
memset(rl, 0, sizeof(*rl));
size_t i;
size_t num = 0;
- for (i = rl->curr_rec; i <rl->num_recs; i++) {
+ for (i = rl->curr_rec; i < rl->num_recs; i++) {
if (rl->rrec[i].type != SSL3_RT_APPLICATION_DATA)
return num;
num += rl->rrec[i].length;
return 0;
}
-
int tls_get_alert_code(OSSL_RECORD_LAYER *rl)
{
return rl->alert;
const char **longstr)
{
const char *shrt, *lng;
+
switch (rl->rstate) {
case SSL_ST_READ_HEADER:
shrt = "RH";
* refer to both contexts.
*/
-
-/*
- * Types of QUIC record layer;
- *
- * QUIC reuses the TLS handshake for agreeing secrets. An SSL object representing
- * a QUIC connection will have an additional SSL object internally representing
- * the TLS state of the QUIC handshake. This internal TLS is referred to as
- * QUIC-TLS in this file.
- * "Records" output from QUIC-TLS contains standard TLS handshake messages and
- * are *not* encrypted directly but are instead wrapped up in plaintext
- * CRYPTO frames. These CRYPTO frames could be collected together with other
- * QUIC frames into a single QUIC packet. The QUIC record layer will then
- * encrypt the whole packet.
- *
- * So we have:
- * QUIC-TLS record layer: outputs plaintext CRYPTO frames containing TLS
- * handshake messages only.
- * QUIC record layer: outputs encrypted packets which may contain CRYPTO frames
- * or any other type of QUIC frame.
- */
-
/*
* An OSSL_RECORD_METHOD is a protcol specific method which provides the
* functions for reading and writing records for that protocol. Which
# define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE 2
# define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3
-
# define OSSL_RECORD_RETURN_SUCCESS 1
# define OSSL_RECORD_RETURN_RETRY 0
# define OSSL_RECORD_RETURN_NON_FATAL_ERR -1
/* Returns 1 if we have unprocessed data buffered or 0 otherwise */
int (*unprocessed_read_pending)(OSSL_RECORD_LAYER *rl);
+
/*
* Returns 1 if we have processed data buffered that can be read or 0 otherwise
* - not necessarily app data
int (*write_pending)(OSSL_RECORD_LAYER *rl);
-
/*
* Find out the maximum amount of plaintext data that the record layer is
* prepared to write in a single record. When calling write_records it is