Provide TLS 1.3 cipher AEAD/hash and legacy I/O handling functions.

Provide functionality for determining AEADs and hashes for TLS 1.3 ciphers. Also provide wire read/write callbacks that interface with BIO and functions that interface between SSL_read/SSL_write and the TLS 1.3 record layer API. ok tb@
author: jsing <> 2019-01-21 09:10:58 +0000
committer: jsing <> 2019-01-21 09:10:58 +0000
commit: 3ef5fc080daaeca210db9bb6c0ec9e6cc0ca6b04 (patch)
tree: ff520e13188df3c74d950537932fb1d5a6d7b898
parent: 549758b49616a2ed2f8e76f1ec804a664cab843e (diff)
download: openbsd-3ef5fc080daaeca210db9bb6c0ec9e6cc0ca6b04.tar.gz
openbsd-3ef5fc080daaeca210db9bb6c0ec9e6cc0ca6b04.tar.bz2
openbsd-3ef5fc080daaeca210db9bb6c0ec9e6cc0ca6b04.zip
3 files changed, 210 insertions, 2 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index 12cfd3d4f0..1bb3a0e78d 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.50 2019/01/20 12:27:34 jsing Exp $
+# $OpenBSD: Makefile,v 1.51 2019/01/21 09:10:58 jsing Exp $
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -65,6 +65,7 @@ SRCS= \
        tls13_handshake.c \
        tls13_handshake_msg.c \
        tls13_key_schedule.c \
+        tls13_lib.c \
        tls13_record.c \
        tls13_record_layer.c
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index bb3ff1fe9c..03fdab7e53 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.11 2019/01/21 06:58:44 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.12 2019/01/21 09:10:58 jsing Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -146,9 +146,19 @@ struct tls13_ctx {
        SSL *ssl;
        uint8_t mode;
        struct tls13_handshake_stage handshake_stage;
+        struct tls13_record_layer *rl;
 };
 /*
+ * Legacy interfaces.
+ */
+ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
+ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg);
+int tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len,
+    int peek);
+int tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len);
+/*
 * Message Types - RFC 8446, Section B.3.
 *
 * Values listed as "_RESERVED" were used in previous versions of TLS and are
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
new file mode 100644
index 0000000000..a9d83d709a
--- /dev/null
+++ b/src/lib/libssl/tls13_lib.c
@@ -0,0 +1,197 @@
+/*      $OpenBSD: tls13_lib.c,v 1.1 2019/01/21 09:10:58 jsing Exp $ */
+/*
+ * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <limits.h>
+#include <stddef.h>
+#include <openssl/evp.h>
+#include "ssl_locl.h"
+#include "tls13_internal.h"
+const EVP_AEAD *
+tls13_cipher_aead(const SSL_CIPHER *cipher)
+{
+        if (cipher == NULL)
+                return NULL;
+        if (cipher->algorithm_ssl != SSL_TLSV1_3)
+                return NULL;
+        switch (cipher->algorithm_enc) {
+        case SSL_AES128GCM:
+                return EVP_aead_aes_128_gcm();
+        case SSL_AES256GCM:
+                return EVP_aead_aes_256_gcm();
+        case SSL_CHACHA20POLY1305:
+                return EVP_aead_chacha20_poly1305();
+        }
+        return NULL;
+}
+const EVP_MD *
+tls13_cipher_hash(const SSL_CIPHER *cipher)
+{
+        if (cipher == NULL)
+                return NULL;
+        if (cipher->algorithm_ssl != SSL_TLSV1_3)
+                return NULL;
+        switch (cipher->algorithm2) {
+        case SSL_HANDSHAKE_MAC_SHA256:
+                return EVP_sha256();
+        case SSL_HANDSHAKE_MAC_SHA384:
+                return EVP_sha384();
+        }
+        return NULL;
+}
+static ssize_t
+tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len)
+{
+        int n;
+        if (ssl->rbio == NULL) {
+                SSLerror(ssl, SSL_R_BIO_NOT_SET);
+                return TLS13_IO_FAILURE;
+        }
+        if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) {
+                if (BIO_should_read(ssl->rbio))
+                        return TLS13_IO_WANT_POLLIN;
+                if (BIO_should_write(ssl->rbio))
+                        return TLS13_IO_WANT_POLLOUT;
+                return TLS13_IO_FAILURE;
+        }
+        return n;
+}
+ssize_t
+tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        return tls13_legacy_wire_read(ctx->ssl, buf, n);
+}
+static ssize_t
+tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len)
+{
+        int n;
+        if (ssl->wbio == NULL) {
+                SSLerror(ssl, SSL_R_BIO_NOT_SET);
+                return TLS13_IO_FAILURE;
+        }
+        if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) {
+                if (BIO_should_read(ssl->wbio))
+                        return TLS13_IO_WANT_POLLIN;
+                if (BIO_should_write(ssl->wbio))
+                        return TLS13_IO_WANT_POLLOUT;
+                return TLS13_IO_FAILURE;
+        }
+        return n;
+}
+ssize_t
+tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        return tls13_legacy_wire_write(ctx->ssl, buf, n);
+}
+static int
+tls13_legacy_return_code(SSL *ssl, ssize_t ret)
+{
+        ssl->internal->rwstate = SSL_NOTHING;
+        if (ret > INT_MAX) {
+                SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+                return -1;
+        }
+        /* A successful read or write. */
+        if (ret > 0)
+                return ret;
+        switch (ret) {
+        case TLS13_IO_EOF:
+                return 0;
+        case TLS13_IO_FAILURE:
+                /* XXX - we need to record/map internal errors. */
+                if (ERR_peek_error() == 0)
+                        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+                return -1;
+        case TLS13_IO_WANT_POLLIN:
+                ssl->internal->rwstate = SSL_READING;
+                return -1;
+        case TLS13_IO_WANT_POLLOUT:
+                ssl->internal->rwstate = SSL_WRITING;
+                return -1;
+        }
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return -1;
+}
+int
+tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int peek)
+{
+        struct tls13_ctx *ctx = ssl->internal->tls13;
+        ssize_t ret;
+        if (peek) {
+                /* XXX - support peek... */
+                SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+                return -1;
+        }
+        if (type != SSL3_RT_APPLICATION_DATA) {
+                SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return -1;
+        }
+        ret = tls13_read_application_data(ctx->rl, buf, len);
+        return tls13_legacy_return_code(ssl, ret);
+}
+int
+tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len)
+{
+        struct tls13_ctx *ctx = ssl->internal->tls13;
+        ssize_t ret;
+        if (type != SSL3_RT_APPLICATION_DATA) {
+                SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return -1;
+        }
+        ret = tls13_write_application_data(ctx->rl, buf, len);
+        return tls13_legacy_return_code(ssl, ret);
+}
author	jsing <>	2019-01-21 09:10:58 +0000
committer	jsing <>	2019-01-21 09:10:58 +0000
commit	3ef5fc080daaeca210db9bb6c0ec9e6cc0ca6b04 (patch)
tree	ff520e13188df3c74d950537932fb1d5a6d7b898
parent	549758b49616a2ed2f8e76f1ec804a664cab843e (diff)
download	openbsd-3ef5fc080daaeca210db9bb6c0ec9e6cc0ca6b04.tar.gz openbsd-3ef5fc080daaeca210db9bb6c0ec9e6cc0ca6b04.tar.bz2 openbsd-3ef5fc080daaeca210db9bb6c0ec9e6cc0ca6b04.zip

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 12cfd3d4f0..1bb3a0e78d 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.50 2019/01/20 12:27:34 jsing Exp $	1	# $OpenBSD: Makefile,v 1.51 2019/01/21 09:10:58 jsing Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4	.ifndef NOMAN	4	.ifndef NOMAN
@@ -65,6 +65,7 @@ SRCS= \
65	tls13_handshake.c \	65	tls13_handshake.c \
66	tls13_handshake_msg.c \	66	tls13_handshake_msg.c \
67	tls13_key_schedule.c \	67	tls13_key_schedule.c \
		68	tls13_lib.c \
68	tls13_record.c \	69	tls13_record.c \
69	tls13_record_layer.c	70	tls13_record_layer.c
70		71


diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index bb3ff1fe9c..03fdab7e53 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_internal.h,v 1.11 2019/01/21 06:58:44 jsing Exp $ */	1	/* $OpenBSD: tls13_internal.h,v 1.12 2019/01/21 09:10:58 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -146,9 +146,19 @@ struct tls13_ctx {
146	SSL *ssl;	146	SSL *ssl;
147	uint8_t mode;	147	uint8_t mode;
148	struct tls13_handshake_stage handshake_stage;	148	struct tls13_handshake_stage handshake_stage;
		149	struct tls13_record_layer *rl;
149	};	150	};
150		151
151	/*	152	/*
		153	* Legacy interfaces.
		154	*/
		155	ssize_t tls13_legacy_wire_read_cb(void buf, size_t n, void arg);
		156	ssize_t tls13_legacy_wire_write_cb(const void buf, size_t n, void arg);
		157	int tls13_legacy_read_bytes(SSL ssl, int type, unsigned char buf, int len,
		158	int peek);
		159	int tls13_legacy_write_bytes(SSL ssl, int type, const void buf, int len);
		160
		161	/*
152	* Message Types - RFC 8446, Section B.3.	162	* Message Types - RFC 8446, Section B.3.
153	*	163	*
154	* Values listed as "_RESERVED" were used in previous versions of TLS and are	164	* Values listed as "_RESERVED" were used in previous versions of TLS and are


diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c new file mode 100644 index 0000000000..a9d83d709a --- /dev/null +++ b/src/lib/libssl/tls13_lib.c
@@ -0,0 +1,197 @@
		1	/* $OpenBSD: tls13_lib.c,v 1.1 2019/01/21 09:10:58 jsing Exp $ */
		2	/*
		3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include <limits.h>
		19	#include <stddef.h>
		20
		21	#include <openssl/evp.h>
		22
		23	#include "ssl_locl.h"
		24	#include "tls13_internal.h"
		25
		26	const EVP_AEAD *
		27	tls13_cipher_aead(const SSL_CIPHER *cipher)
		28	{
		29	if (cipher == NULL)
		30	return NULL;
		31	if (cipher->algorithm_ssl != SSL_TLSV1_3)
		32	return NULL;
		33
		34	switch (cipher->algorithm_enc) {
		35	case SSL_AES128GCM:
		36	return EVP_aead_aes_128_gcm();
		37	case SSL_AES256GCM:
		38	return EVP_aead_aes_256_gcm();
		39	case SSL_CHACHA20POLY1305:
		40	return EVP_aead_chacha20_poly1305();
		41	}
		42
		43	return NULL;
		44	}
		45
		46	const EVP_MD *
		47	tls13_cipher_hash(const SSL_CIPHER *cipher)
		48	{
		49	if (cipher == NULL)
		50	return NULL;
		51	if (cipher->algorithm_ssl != SSL_TLSV1_3)
		52	return NULL;
		53
		54	switch (cipher->algorithm2) {
		55	case SSL_HANDSHAKE_MAC_SHA256:
		56	return EVP_sha256();
		57	case SSL_HANDSHAKE_MAC_SHA384:
		58	return EVP_sha384();
		59	}
		60
		61	return NULL;
		62	}
		63
		64	static ssize_t
		65	tls13_legacy_wire_read(SSL ssl, uint8_t buf, size_t len)
		66	{
		67	int n;
		68
		69	if (ssl->rbio == NULL) {
		70	SSLerror(ssl, SSL_R_BIO_NOT_SET);
		71	return TLS13_IO_FAILURE;
		72	}
		73
		74	if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) {
		75	if (BIO_should_read(ssl->rbio))
		76	return TLS13_IO_WANT_POLLIN;
		77	if (BIO_should_write(ssl->rbio))
		78	return TLS13_IO_WANT_POLLOUT;
		79
		80	return TLS13_IO_FAILURE;
		81	}
		82
		83	return n;
		84	}
		85
		86	ssize_t
		87	tls13_legacy_wire_read_cb(void buf, size_t n, void arg)
		88	{
		89	struct tls13_ctx *ctx = arg;
		90
		91	return tls13_legacy_wire_read(ctx->ssl, buf, n);
		92	}
		93
		94	static ssize_t
		95	tls13_legacy_wire_write(SSL ssl, const uint8_t buf, size_t len)
		96	{
		97	int n;
		98
		99	if (ssl->wbio == NULL) {
		100	SSLerror(ssl, SSL_R_BIO_NOT_SET);
		101	return TLS13_IO_FAILURE;
		102	}
		103
		104	if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) {
		105	if (BIO_should_read(ssl->wbio))
		106	return TLS13_IO_WANT_POLLIN;
		107	if (BIO_should_write(ssl->wbio))
		108	return TLS13_IO_WANT_POLLOUT;
		109
		110	return TLS13_IO_FAILURE;
		111	}
		112
		113	return n;
		114	}
		115
		116	ssize_t
		117	tls13_legacy_wire_write_cb(const void buf, size_t n, void arg)
		118	{
		119	struct tls13_ctx *ctx = arg;
		120
		121	return tls13_legacy_wire_write(ctx->ssl, buf, n);
		122	}
		123
		124	static int
		125	tls13_legacy_return_code(SSL *ssl, ssize_t ret)
		126	{
		127	ssl->internal->rwstate = SSL_NOTHING;
		128
		129	if (ret > INT_MAX) {
		130	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
		131	return -1;
		132	}
		133
		134	/* A successful read or write. */
		135	if (ret > 0)
		136	return ret;
		137
		138	switch (ret) {
		139	case TLS13_IO_EOF:
		140	return 0;
		141
		142	case TLS13_IO_FAILURE:
		143	/* XXX - we need to record/map internal errors. */
		144	if (ERR_peek_error() == 0)
		145	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
		146	return -1;
		147
		148	case TLS13_IO_WANT_POLLIN:
		149	ssl->internal->rwstate = SSL_READING;
		150	return -1;
		151
		152	case TLS13_IO_WANT_POLLOUT:
		153	ssl->internal->rwstate = SSL_WRITING;
		154	return -1;
		155	}
		156
		157	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
		158	return -1;
		159	}
		160
		161	int
		162	tls13_legacy_read_bytes(SSL ssl, int type, unsigned char buf, int len, int peek)
		163	{
		164	struct tls13_ctx *ctx = ssl->internal->tls13;
		165	ssize_t ret;
		166
		167	if (peek) {
		168	/* XXX - support peek... */
		169	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
		170	return -1;
		171	}
		172
		173	if (type != SSL3_RT_APPLICATION_DATA) {
		174	SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		175	return -1;
		176	}
		177
		178	ret = tls13_read_application_data(ctx->rl, buf, len);
		179
		180	return tls13_legacy_return_code(ssl, ret);
		181	}
		182
		183	int
		184	tls13_legacy_write_bytes(SSL ssl, int type, const void buf, int len)
		185	{
		186	struct tls13_ctx *ctx = ssl->internal->tls13;
		187	ssize_t ret;
		188
		189	if (type != SSL3_RT_APPLICATION_DATA) {
		190	SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		191	return -1;
		192	}
		193
		194	ret = tls13_write_application_data(ctx->rl, buf, len);
		195
		196	return tls13_legacy_return_code(ssl, ret);
		197	}