Add a post encryption processing step

For example in this we add the MAC if we are doing encrypt-then-mac.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)

diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c
index bd694a894864f943c399aba53d8edd8caa7d9ae4..6715e1c65d7f5ae7a539afe360f1fc8c2197d5d2 100644 (file)
--- a/ssl/record/methods/ktls_meth.c
+++ b/ssl/record/methods/ktls_meth.c
@@ -501,6 +501,16 @@ static int ktls_prepare_for_encryption(OSSL_RECORD_LAYER *rl,
     return 1;
 }
 
+static int ktls_post_encryption_processing(OSSL_RECORD_LAYER *rl,
+                                           size_t mac_size,
+                                           OSSL_RECORD_TEMPLATE *templ,
+                                           WPACKET *thispkt,
+                                           SSL3_RECORD *thiswr)
+{
+    /* The kernel does anything that is needed, so nothing to do here */
+    return 1;
+}
+
 static struct record_functions_st ossl_ktls_funcs = {
     ktls_set_crypto_state,
     ktls_cipher,
@@ -517,7 +527,8 @@ static struct record_functions_st ossl_ktls_funcs = {
     NULL,
     ktls_prepare_record_header,
     NULL,
-    ktls_prepare_for_encryption
+    ktls_prepare_for_encryption,
+    ktls_post_encryption_processing
 };
 
 const OSSL_RECORD_METHOD ossl_ktls_record_method = {

diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h
index 2e30d2f13323beb4f348ff6c75c88306a8ce6220..7f4ede9f4d024aa22e5b426d8a1be82c86ca3cb7 100644 (file)
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -120,6 +120,16 @@ struct record_functions_st
                                   size_t mac_size,
                                   WPACKET *thispkt,
                                   SSL3_RECORD *thiswr);
+
+    /*
+     * Any updates required to the record after encryption has been applied. For
+     * example, adding a MAC if using encrypt-then-mac
+     */
+    int (*post_encryption_processing)(OSSL_RECORD_LAYER *rl,
+                                      size_t mac_size,
+                                      OSSL_RECORD_TEMPLATE *thistempl,
+                                      WPACKET *thispkt,
+                                      SSL3_RECORD *thiswr);
 };
 
 struct ossl_record_layer_st
@@ -421,6 +431,11 @@ int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
                                        size_t mac_size,
                                        WPACKET *thispkt,
                                        SSL3_RECORD *thiswr);
+int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
+                                           size_t mac_size,
+                                           OSSL_RECORD_TEMPLATE *thistempl,
+                                           WPACKET *thispkt,
+                                           SSL3_RECORD *thiswr);
 int tls_write_records_default(OSSL_RECORD_LAYER *rl,
                               OSSL_RECORD_TEMPLATE *templates,
                               size_t numtempl);

diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c
index ef9a6ae49979878d14a0c6d3adfea216a3ae155d..9b2d63e9b8b308049aa61e24bf9992e0e9f3ae8f 100644 (file)
--- a/ssl/record/methods/ssl3_meth.c
+++ b/ssl/record/methods/ssl3_meth.c
@@ -317,5 +317,6 @@ struct record_functions_st ssl_3_0_funcs = {
     NULL,
     tls_prepare_record_header_default,
     NULL,
-    tls_prepare_for_encryption_default
+    tls_prepare_for_encryption_default,
+    tls_post_encryption_processing_default
 };

diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c
index a9d90f6577e0edffaf267146a62d6ad2381248e1..8a3bdb254feae201e869a66f8b1a29a04b5798a9 100644 (file)
--- a/ssl/record/methods/tls13_meth.c
+++ b/ssl/record/methods/tls13_meth.c
@@ -325,5 +325,6 @@ struct record_functions_st tls_1_3_funcs = {
     tls13_get_record_type,
     tls_prepare_record_header_default,
     tls13_add_record_padding,
-    tls_prepare_for_encryption_default
+    tls_prepare_for_encryption_default,
+    tls_post_encryption_processing_default
 };

diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c
index 71138abc28a98e7c25ef77c276fae46ae7d696cc..bd3c32832bc9ff0ed1d7c38711d77c8441ea36bc 100644 (file)
--- a/ssl/record/methods/tls1_meth.c
+++ b/ssl/record/methods/tls1_meth.c
@@ -658,7 +658,8 @@ struct record_functions_st tls_1_funcs = {
     NULL,
     tls_prepare_record_header_default,
     NULL,
-    tls_prepare_for_encryption_default
+    tls_prepare_for_encryption_default,
+    tls_post_encryption_processing_default
 };
 
 struct record_functions_st dtls_1_funcs = {
@@ -676,5 +677,6 @@ struct record_functions_st dtls_1_funcs = {
     NULL,
     NULL,
     NULL,
+    NULL,
     NULL
 };

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 97e2714042b5036348c77c2c70c4495b39fa5905..9e157898b52d656f3bb6d6b6718b073f4b74af2a 100644 (file)
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1612,6 +1612,68 @@ int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
     return 1;
 }
 
+int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
+                                           size_t mac_size,
+                                           OSSL_RECORD_TEMPLATE *thistempl,
+                                           WPACKET *thispkt,
+                                           SSL3_RECORD *thiswr)
+{
+    size_t origlen, len;
+
+    /* Allocate bytes for the encryption overhead */
+    if (!WPACKET_get_length(thispkt, &origlen)
+            /* Encryption should never shrink the data! */
+            || origlen > thiswr->length
+            || (thiswr->length > origlen
+                && !WPACKET_allocate_bytes(thispkt,
+                                           thiswr->length - origlen,
+                                           NULL))) {
+        RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (rl->use_etm && mac_size != 0) {
+        unsigned char *mac;
+
+        if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
+                || !rl->funcs->mac(rl, thiswr, mac, 1)) {
+            RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        SSL3_RECORD_add_length(thiswr, mac_size);
+    }
+
+    if (!WPACKET_get_length(thispkt, &len)
+            || !WPACKET_close(thispkt)) {
+        RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (rl->msg_callback != NULL) {
+        unsigned char *recordstart;
+
+        recordstart = WPACKET_get_curr(thispkt) - len - SSL3_RT_HEADER_LENGTH;
+        rl->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart,
+                         SSL3_RT_HEADER_LENGTH, rl->cbarg);
+
+        if (rl->version == TLS1_3_VERSION && rl->enc_ctx != NULL) {
+            unsigned char ctype = thistempl->type;
+
+            rl->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE,
+                             &ctype, 1, rl->cbarg);
+        }
+    }
+
+    if (!WPACKET_finish(thispkt)) {
+        RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    SSL3_RECORD_add_length(thiswr, SSL3_RT_HEADER_LENGTH);
+
+    return 1;
+}
+
 int tls_write_records_default(OSSL_RECORD_LAYER *rl,
                               OSSL_RECORD_TEMPLATE *templates,
                               size_t numtempl)
@@ -1620,11 +1682,9 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
     SSL3_RECORD wr[SSL_MAX_PIPELINES + 1];
     WPACKET *thispkt;
     SSL3_RECORD *thiswr;
-    unsigned char *recordstart;
     int mac_size = 0, ret = 0;
-    size_t len, wpinited = 0;
+    size_t wpinited = 0;
     size_t j, prefix = 0;
-    int using_ktls;
     OSSL_RECORD_TEMPLATE prefixtempl;
     OSSL_RECORD_TEMPLATE *thistempl;
 
@@ -1648,12 +1708,6 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
         goto err;
     }
 
-    using_ktls = BIO_get_ktls_send(rl->bio);
-    if (!ossl_assert(!using_ktls || !prefix)) {
-        RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-
     /* Clear our SSL3_RECORD structures */
     memset(wr, 0, sizeof(wr));
     for (j = 0; j < numtempl + prefix; j++) {
@@ -1738,67 +1792,16 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
     }
 
     for (j = 0; j < numtempl + prefix; j++) {
-        size_t origlen;
-
         thispkt = &pkt[j];
         thiswr = &wr[j];
         thistempl = (j < prefix) ? &prefixtempl : &templates[j - prefix];
 
-        if (using_ktls)
-            goto mac_done;
-
-        /* Allocate bytes for the encryption overhead */
-        if (!WPACKET_get_length(thispkt, &origlen)
-                   /* Encryption should never shrink the data! */
-                || origlen > thiswr->length
-                || (thiswr->length > origlen
-                    && !WPACKET_allocate_bytes(thispkt,
-                                               thiswr->length - origlen,
-                                               NULL))) {
-            RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-        if (rl->use_etm && mac_size != 0) {
-            unsigned char *mac;
-
-            if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
-                    || !rl->funcs->mac(rl, thiswr, mac, 1)) {
-                RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            SSL3_RECORD_add_length(thiswr, mac_size);
-        }
-
-        if (!WPACKET_get_length(thispkt, &len)
-                || !WPACKET_close(thispkt)) {
-            RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-
-        if (rl->msg_callback) {
-            recordstart = WPACKET_get_curr(thispkt) - len
-                          - SSL3_RT_HEADER_LENGTH;
-            rl->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart,
-                             SSL3_RT_HEADER_LENGTH, rl->cbarg);
-
-            if (rl->version == TLS1_3_VERSION && rl->enc_ctx != NULL) {
-                unsigned char ctype = thistempl->type;
-
-                rl->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE,
-                                 &ctype, 1, rl->cbarg);
-            }
-        }
-
-        if (!WPACKET_finish(thispkt)) {
-            RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        if (!rl->funcs->post_encryption_processing(rl, mac_size, thistempl,
+                                                   thispkt, thiswr)) {
+            /* RLAYERfatal() already called */
             goto err;
         }
 
-        /* header is added by the kernel when using offload */
-        SSL3_RECORD_add_length(thiswr, SSL3_RT_HEADER_LENGTH);
-
- mac_done:
         /*
          * we should now have thiswr->data pointing to the encrypted data, which
          * is thiswr->length long.

diff --git a/ssl/record/methods/tlsany_meth.c b/ssl/record/methods/tlsany_meth.c
index bf4fe6a31c9131f9e60264ceda3034cd80236508..b18c475ed2d571e2eb31578fa92795aa758dcab3 100644 (file)
--- a/ssl/record/methods/tlsany_meth.c
+++ b/ssl/record/methods/tlsany_meth.c
@@ -159,7 +159,8 @@ struct record_functions_st tls_any_funcs = {
     NULL,
     tls_prepare_record_header_default,
     NULL,
-    tls_any_prepare_for_encryption
+    tls_any_prepare_for_encryption,
+    tls_post_encryption_processing_default
 };
 
 static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
@@ -187,5 +188,6 @@ struct record_functions_st dtls_any_funcs = {
     NULL,
     NULL,
     NULL,
+    NULL,
     NULL
 };