Remove dtls1_enc().

Like much of the original DTLS code, dtls1_enc() is effectively a renamed copy of tls1_enc(). Since then tls1_enc() has been modified, however the non-AEAD code remains largely the same. As such, remove dtls1_enc() and instead call tls1_enc() from the DTLS code. The tls1_enc() AEAD code does not currently work correctly with DTLS, however this is a non-issue since we do not support AEAD cipher suites with DTLS currently. ok tb@
author: jsing <> 2020-03-13 16:40:42 +0000
committer: jsing <> 2020-03-13 16:40:42 +0000
commit: 392ee6d491e597c1f18e21334e3cb7998133074e (patch)
tree: 58f87656681e6786b7b16935eb8b009442a64c49
parent: e4aa84e84fe680f7d36c8937f3d398c2e44b9d6e (diff)
download: openbsd-392ee6d491e597c1f18e21334e3cb7998133074e.tar.gz
openbsd-392ee6d491e597c1f18e21334e3cb7998133074e.tar.bz2
openbsd-392ee6d491e597c1f18e21334e3cb7998133074e.zip
5 files changed, 11 insertions, 222 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index 22209d574b..7631dd4cd4 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.63 2020/02/15 14:40:38 jsing Exp $
+# $OpenBSD: Makefile,v 1.64 2020/03/13 16:40:42 jsing Exp $
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -34,7 +34,6 @@ SRCS= \
        bs_cbs.c \
        d1_both.c \
        d1_clnt.c \
-        d1_enc.c \
        d1_lib.c \
        d1_pkt.c \
        d1_srtp.c \
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
deleted file mode 100644
index 3927fbfe0d..0000000000
--- a/src/lib/libssl/d1_enc.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/* $OpenBSD: d1_enc.c,v 1.15 2020/03/12 17:01:53 jsing Exp $ */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
- *       short etc).
- *   1: if the record's padding is valid / the encryption was successful.
- *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- *       an internal error occured. */
-int
-dtls1_enc(SSL *s, int send)
-{
-        SSL3_RECORD_INTERNAL *rec;
-        EVP_CIPHER_CTX *ds;
-        unsigned long l;
-        int bs, i, j, k, mac_size = 0;
-        const EVP_CIPHER *enc;
-        if (send) {
-                if (EVP_MD_CTX_md(s->internal->write_hash)) {
-                        mac_size = EVP_MD_CTX_size(s->internal->write_hash);
-                        if (mac_size < 0)
-                                return -1;
-                }
-                ds = s->internal->enc_write_ctx;
-                rec = &(S3I(s)->wrec);
-                if (s->internal->enc_write_ctx == NULL)
-                        enc = NULL;
-                else {
-                        enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx);
-                        if (rec->data != rec->input) {
-#ifdef DEBUG
-                                /* we can't write into the input stream */
-                                fprintf(stderr, "%s:%d: rec->data != rec->input\n",
-                                    __FILE__, __LINE__);
-#endif
-                        } else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
-                                arc4random_buf(rec->input,
-                                    EVP_CIPHER_block_size(ds->cipher));
-                        }
-                }
-        } else {
-                if (EVP_MD_CTX_md(s->read_hash)) {
-                        mac_size = EVP_MD_CTX_size(s->read_hash);
-                        OPENSSL_assert(mac_size >= 0);
-                }
-                ds = s->enc_read_ctx;
-                rec = &(S3I(s)->rrec);
-                if (s->enc_read_ctx == NULL)
-                        enc = NULL;
-                else
-                        enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-        }
-        if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
-                memmove(rec->data, rec->input, rec->length);
-                rec->input = rec->data;
-        } else {
-                l = rec->length;
-                bs = EVP_CIPHER_block_size(ds->cipher);
-                if ((bs != 1) && send) {
-                        i = bs - ((int)l % bs);
-                        /* Add weird padding of upto 256 bytes */
-                        /* we need to add 'i' padding bytes of value j */
-                        j = i - 1;
-                        for (k = (int)l; k < (int)(l + i); k++)
-                                rec->input[k] = j;
-                        l += i;
-                        rec->length += i;
-                }
-                if (!send) {
-                        if (l == 0 || l % bs != 0)
-                                return 0;
-                }
-                EVP_Cipher(ds, rec->data, rec->input, l);
-                if ((bs != 1) && !send)
-                        return tls1_cbc_remove_padding(s, rec, bs, mac_size);
-        }
-        return (1);
-}
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 524cfc3351..36090533aa 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.72 2020/03/12 17:09:02 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.73 2020/03/13 16:40:42 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -364,7 +364,7 @@ dtls1_process_record(SSL *s)
         *    0: (in non-constant time) if the record is publically invalid.
         *    1: if the padding is valid
         *    -1: if the padding is invalid */
-        if ((enc_err = dtls1_enc(s, 0)) == 0) {
+        if ((enc_err = tls1_enc(s, 0)) == 0) {
                /* For DTLS we simply ignore bad packets. */
                rr->length = 0;
                s->internal->packet_length = 0;
@@ -1282,8 +1282,8 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
                wr->length += bs;
        }
-        /* dtls1_enc can only have an error on read */
+        /* tls1_enc can only have an error on read */
-        dtls1_enc(s, 1);
+        tls1_enc(s, 1);
        if (!CBB_add_u16(&cbb, wr->length))
                goto err;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6604768485..f7b3868cd6 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.269 2020/03/12 17:09:02 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.270 2020/03/13 16:40:42 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1306,7 +1306,6 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int dtls1_get_record(SSL *s);
 int dtls1_dispatch_alert(SSL *s);
-int dtls1_enc(SSL *s, int snd);
 int ssl_init_wbio_buffer(SSL *s, int push);
 void ssl_free_wbio_buffer(SSL *s);
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 347d34d455..177ee061ed 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.120 2020/03/12 17:09:02 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.121 2020/03/13 16:40:42 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -341,13 +341,16 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
        const EVP_AEAD *aead = S3I(s)->tmp.new_aead;
        SSL_AEAD_CTX *aead_ctx;
+        /* XXX - Need to avoid clearing write state for DTLS. */
+        if (SSL_IS_DTLS(s))
+                return 0;
        if (is_read) {
                ssl_clear_cipher_read_state(s);
                if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx))
                        return 0;
                aead_ctx = s->internal->aead_read_ctx;
        } else {
-                /* XXX - Need to correctly handle DTLS. */
                ssl_clear_cipher_write_state(s);
                if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx))
                        return 0;
author	jsing <>	2020-03-13 16:40:42 +0000
committer	jsing <>	2020-03-13 16:40:42 +0000
commit	392ee6d491e597c1f18e21334e3cb7998133074e (patch)
tree	58f87656681e6786b7b16935eb8b009442a64c49
parent	e4aa84e84fe680f7d36c8937f3d398c2e44b9d6e (diff)
download	openbsd-392ee6d491e597c1f18e21334e3cb7998133074e.tar.gz openbsd-392ee6d491e597c1f18e21334e3cb7998133074e.tar.bz2 openbsd-392ee6d491e597c1f18e21334e3cb7998133074e.zip

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 22209d574b..7631dd4cd4 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.63 2020/02/15 14:40:38 jsing Exp $	1	# $OpenBSD: Makefile,v 1.64 2020/03/13 16:40:42 jsing Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4	.ifndef NOMAN	4	.ifndef NOMAN
@@ -34,7 +34,6 @@ SRCS= \
34	bs_cbs.c \	34	bs_cbs.c \
35	d1_both.c \	35	d1_both.c \
36	d1_clnt.c \	36	d1_clnt.c \
37	d1_enc.c \
38	d1_lib.c \	37	d1_lib.c \
39	d1_pkt.c \	38	d1_pkt.c \
40	d1_srtp.c \	39	d1_srtp.c \


diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c deleted file mode 100644 index 3927fbfe0d..0000000000 --- a/src/lib/libssl/d1_enc.c +++ /dev/null
@@ -1,212 +0,0 @@
1	/* $OpenBSD: d1_enc.c,v 1.15 2020/03/12 17:01:53 jsing Exp $ */
2	/*
3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5	*/
6	/* ====================================================================
7	* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8	*
9	* Redistribution and use in source and binary forms, with or without
10	* modification, are permitted provided that the following conditions
11	* are met:
12	*
13	* 1. Redistributions of source code must retain the above copyright
14	* notice, this list of conditions and the following disclaimer.
15	*
16	* 2. Redistributions in binary form must reproduce the above copyright
17	* notice, this list of conditions and the following disclaimer in
18	* the documentation and/or other materials provided with the
19	* distribution.
20	*
21	* 3. All advertising materials mentioning features or use of this
22	* software must display the following acknowledgment:
23	* "This product includes software developed by the OpenSSL Project
24	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25	*
26	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27	* endorse or promote products derived from this software without
28	* prior written permission. For written permission, please contact
29	* openssl-core@openssl.org.
30	*
31	* 5. Products derived from this software may not be called "OpenSSL"
32	* nor may "OpenSSL" appear in their names without prior written
33	* permission of the OpenSSL Project.
34	*
35	* 6. Redistributions of any form whatsoever must retain the following
36	* acknowledgment:
37	* "This product includes software developed by the OpenSSL Project
38	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39	*
40	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51	* OF THE POSSIBILITY OF SUCH DAMAGE.
52	* ====================================================================
53	*
54	* This product includes cryptographic software written by Eric Young
55	* (eay@cryptsoft.com). This product includes software written by Tim
56	* Hudson (tjh@cryptsoft.com).
57	*
58	*/
59	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60	* All rights reserved.
61	*
62	* This package is an SSL implementation written
63	* by Eric Young (eay@cryptsoft.com).
64	* The implementation was written so as to conform with Netscapes SSL.
65	*
66	* This library is free for commercial and non-commercial use as long as
67	* the following conditions are aheared to. The following conditions
68	* apply to all code found in this distribution, be it the RC4, RSA,
69	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
70	* included with this distribution is covered by the same copyright terms
71	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
72	*
73	* Copyright remains Eric Young's, and as such any Copyright notices in
74	* the code are not to be removed.
75	* If this package is used in a product, Eric Young should be given attribution
76	* as the author of the parts of the library used.
77	* This can be in the form of a textual message at program startup or
78	* in documentation (online or textual) provided with the package.
79	*
80	* Redistribution and use in source and binary forms, with or without
81	* modification, are permitted provided that the following conditions
82	* are met:
83	* 1. Redistributions of source code must retain the copyright
84	* notice, this list of conditions and the following disclaimer.
85	* 2. Redistributions in binary form must reproduce the above copyright
86	* notice, this list of conditions and the following disclaimer in the
87	* documentation and/or other materials provided with the distribution.
88	* 3. All advertising materials mentioning features or use of this software
89	* must display the following acknowledgement:
90	* "This product includes cryptographic software written by
91	* Eric Young (eay@cryptsoft.com)"
92	* The word 'cryptographic' can be left out if the rouines from the library
93	* being used are not cryptographic related :-).
94	* 4. If you include any Windows specific code (or a derivative thereof) from
95	* the apps directory (application code) you must include an acknowledgement:
96	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97	*
98	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108	* SUCH DAMAGE.
109	*
110	* The licence and distribution terms for any publically available version or
111	* derivative of this code cannot be changed. i.e. this code cannot simply be
112	* copied and put under another distribution licence
113	* [including the GNU Public Licence.]
114	*/
115
116	#include <stdio.h>
117
118	#include "ssl_locl.h"
119
120	#include <openssl/evp.h>
121	#include <openssl/hmac.h>
122	#include <openssl/md5.h>
123
124	/* dtls1_enc encrypts/decrypts the record in \|s->wrec\| / \|s->rrec\|, respectively.
125	*
126	* Returns:
127	* 0: (in non-constant time) if the record is publically invalid (i.e. too
128	* short etc).
129	* 1: if the record's padding is valid / the encryption was successful.
130	* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
131	* an internal error occured. */
132	int
133	dtls1_enc(SSL *s, int send)
134	{
135	SSL3_RECORD_INTERNAL *rec;
136	EVP_CIPHER_CTX *ds;
137	unsigned long l;
138	int bs, i, j, k, mac_size = 0;
139	const EVP_CIPHER *enc;
140
141	if (send) {
142	if (EVP_MD_CTX_md(s->internal->write_hash)) {
143	mac_size = EVP_MD_CTX_size(s->internal->write_hash);
144	if (mac_size < 0)
145	return -1;
146	}
147	ds = s->internal->enc_write_ctx;
148	rec = &(S3I(s)->wrec);
149	if (s->internal->enc_write_ctx == NULL)
150	enc = NULL;
151	else {
152	enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx);
153	if (rec->data != rec->input) {
154	#ifdef DEBUG
155	/* we can't write into the input stream */
156	fprintf(stderr, "%s:%d: rec->data != rec->input\n",
157	__FILE__, __LINE__);
158	#endif
159	} else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
160	arc4random_buf(rec->input,
161	EVP_CIPHER_block_size(ds->cipher));
162	}
163	}
164	} else {
165	if (EVP_MD_CTX_md(s->read_hash)) {
166	mac_size = EVP_MD_CTX_size(s->read_hash);
167	OPENSSL_assert(mac_size >= 0);
168	}
169	ds = s->enc_read_ctx;
170	rec = &(S3I(s)->rrec);
171	if (s->enc_read_ctx == NULL)
172	enc = NULL;
173	else
174	enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
175	}
176
177
178	if ((s->session == NULL) \|\| (ds == NULL) \|\| (enc == NULL)) {
179	memmove(rec->data, rec->input, rec->length);
180	rec->input = rec->data;
181	} else {
182	l = rec->length;
183	bs = EVP_CIPHER_block_size(ds->cipher);
184
185	if ((bs != 1) && send) {
186	i = bs - ((int)l % bs);
187
188	/* Add weird padding of upto 256 bytes */
189
190	/* we need to add 'i' padding bytes of value j */
191	j = i - 1;
192	for (k = (int)l; k < (int)(l + i); k++)
193	rec->input[k] = j;
194	l += i;
195	rec->length += i;
196	}
197
198
199	if (!send) {
200	if (l == 0 \|\| l % bs != 0)
201	return 0;
202	}
203
204	EVP_Cipher(ds, rec->data, rec->input, l);
205
206
207	if ((bs != 1) && !send)
208	return tls1_cbc_remove_padding(s, rec, bs, mac_size);
209	}
210	return (1);
211	}
212


diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 524cfc3351..36090533aa 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.72 2020/03/12 17:09:02 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.73 2020/03/13 16:40:42 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -364,7 +364,7 @@ dtls1_process_record(SSL *s)
364	* 0: (in non-constant time) if the record is publically invalid.	364	* 0: (in non-constant time) if the record is publically invalid.
365	* 1: if the padding is valid	365	* 1: if the padding is valid
366	* -1: if the padding is invalid */	366	* -1: if the padding is invalid */
367	if ((enc_err = dtls1_enc(s, 0)) == 0) {	367	if ((enc_err = tls1_enc(s, 0)) == 0) {
368	/* For DTLS we simply ignore bad packets. */	368	/* For DTLS we simply ignore bad packets. */
369	rr->length = 0;	369	rr->length = 0;
370	s->internal->packet_length = 0;	370	s->internal->packet_length = 0;
@@ -1282,8 +1282,8 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
1282	wr->length += bs;	1282	wr->length += bs;
1283	}	1283	}
1284		1284
1285	/* dtls1_enc can only have an error on read */	1285	/* tls1_enc can only have an error on read */
1286	dtls1_enc(s, 1);	1286	tls1_enc(s, 1);
1287		1287
1288	if (!CBB_add_u16(&cbb, wr->length))	1288	if (!CBB_add_u16(&cbb, wr->length))
1289	goto err;	1289	goto err;


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 6604768485..f7b3868cd6 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.269 2020/03/12 17:09:02 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.270 2020/03/13 16:40:42 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1306,7 +1306,6 @@ long dtls1_ctrl(SSL s, int cmd, long larg, void parg);
1306	long dtls1_get_message(SSL s, int st1, int stn, int mt, long max, int ok);	1306	long dtls1_get_message(SSL s, int st1, int stn, int mt, long max, int ok);
1307	int dtls1_get_record(SSL *s);	1307	int dtls1_get_record(SSL *s);
1308	int dtls1_dispatch_alert(SSL *s);	1308	int dtls1_dispatch_alert(SSL *s);
1309	int dtls1_enc(SSL *s, int snd);
1310		1309
1311	int ssl_init_wbio_buffer(SSL *s, int push);	1310	int ssl_init_wbio_buffer(SSL *s, int push);
1312	void ssl_free_wbio_buffer(SSL *s);	1311	void ssl_free_wbio_buffer(SSL *s);


diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 347d34d455..177ee061ed 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.120 2020/03/12 17:09:02 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.121 2020/03/13 16:40:42 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -341,13 +341,16 @@ tls1_change_cipher_state_aead(SSL s, char is_read, const unsigned char key,
341	const EVP_AEAD *aead = S3I(s)->tmp.new_aead;	341	const EVP_AEAD *aead = S3I(s)->tmp.new_aead;
342	SSL_AEAD_CTX *aead_ctx;	342	SSL_AEAD_CTX *aead_ctx;
343		343
		344	/* XXX - Need to avoid clearing write state for DTLS. */
		345	if (SSL_IS_DTLS(s))
		346	return 0;
		347
344	if (is_read) {	348	if (is_read) {
345	ssl_clear_cipher_read_state(s);	349	ssl_clear_cipher_read_state(s);
346	if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx))	350	if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx))
347	return 0;	351	return 0;
348	aead_ctx = s->internal->aead_read_ctx;	352	aead_ctx = s->internal->aead_read_ctx;
349	} else {	353	} else {
350	/* XXX - Need to correctly handle DTLS. */
351	ssl_clear_cipher_write_state(s);	354	ssl_clear_cipher_write_state(s);
352	if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx))	355	if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx))
353	return 0;	356	return 0;