Remove dtls1_enc().

Like much of the original DTLS code, dtls1_enc() is effectively a renamed copy of tls1_enc(). Since then tls1_enc() has been modified, however the non-AEAD code remains largely the same. As such, remove dtls1_enc() and instead call tls1_enc() from the DTLS code. The tls1_enc() AEAD code does not currently work correctly with DTLS, however this is a non-issue since we do not support AEAD cipher suites with DTLS currently. ok tb@
author: jsing <> 2020-03-13 16:40:42 +0000
committer: jsing <> 2020-03-13 16:40:42 +0000
commit: 591b982ee293938f0df951b42722d3714201a5b8 (patch)
tree: 58f87656681e6786b7b16935eb8b009442a64c49 /src/lib/libssl/d1_enc.c
parent: ef441d96ee48c8a1b34e562f076c2b5da071c375 (diff)
download: openbsd-591b982ee293938f0df951b42722d3714201a5b8.tar.gz
openbsd-591b982ee293938f0df951b42722d3714201a5b8.tar.bz2
openbsd-591b982ee293938f0df951b42722d3714201a5b8.zip
1 files changed, 0 insertions, 212 deletions
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
deleted file mode 100644
index 3927fbfe0d..0000000000
--- a/src/lib/libssl/d1_enc.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/* $OpenBSD: d1_enc.c,v 1.15 2020/03/12 17:01:53 jsing Exp $ */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
- *       short etc).
- *   1: if the record's padding is valid / the encryption was successful.
- *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- *       an internal error occured. */
-int
-dtls1_enc(SSL *s, int send)
-{
-        SSL3_RECORD_INTERNAL *rec;
-        EVP_CIPHER_CTX *ds;
-        unsigned long l;
-        int bs, i, j, k, mac_size = 0;
-        const EVP_CIPHER *enc;
-        if (send) {
-                if (EVP_MD_CTX_md(s->internal->write_hash)) {
-                        mac_size = EVP_MD_CTX_size(s->internal->write_hash);
-                        if (mac_size < 0)
-                                return -1;
-                }
-                ds = s->internal->enc_write_ctx;
-                rec = &(S3I(s)->wrec);
-                if (s->internal->enc_write_ctx == NULL)
-                        enc = NULL;
-                else {
-                        enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx);
-                        if (rec->data != rec->input) {
-#ifdef DEBUG
-                                /* we can't write into the input stream */
-                                fprintf(stderr, "%s:%d: rec->data != rec->input\n",
-                                    __FILE__, __LINE__);
-#endif
-                        } else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
-                                arc4random_buf(rec->input,
-                                    EVP_CIPHER_block_size(ds->cipher));
-                        }
-                }
-        } else {
-                if (EVP_MD_CTX_md(s->read_hash)) {
-                        mac_size = EVP_MD_CTX_size(s->read_hash);
-                        OPENSSL_assert(mac_size >= 0);
-                }
-                ds = s->enc_read_ctx;
-                rec = &(S3I(s)->rrec);
-                if (s->enc_read_ctx == NULL)
-                        enc = NULL;
-                else
-                        enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-        }
-        if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
-                memmove(rec->data, rec->input, rec->length);
-                rec->input = rec->data;
-        } else {
-                l = rec->length;
-                bs = EVP_CIPHER_block_size(ds->cipher);
-                if ((bs != 1) && send) {
-                        i = bs - ((int)l % bs);
-                        /* Add weird padding of upto 256 bytes */
-                        /* we need to add 'i' padding bytes of value j */
-                        j = i - 1;
-                        for (k = (int)l; k < (int)(l + i); k++)
-                                rec->input[k] = j;
-                        l += i;
-                        rec->length += i;
-                }
-                if (!send) {
-                        if (l == 0 || l % bs != 0)
-                                return 0;
-                }
-                EVP_Cipher(ds, rec->data, rec->input, l);
-                if ((bs != 1) && !send)
-                        return tls1_cbc_remove_padding(s, rec, bs, mac_size);
-        }
-        return (1);
-}
author	jsing <>	2020-03-13 16:40:42 +0000
committer	jsing <>	2020-03-13 16:40:42 +0000
commit	591b982ee293938f0df951b42722d3714201a5b8 (patch)
tree	58f87656681e6786b7b16935eb8b009442a64c49 /src/lib/libssl/d1_enc.c
parent	ef441d96ee48c8a1b34e562f076c2b5da071c375 (diff)
download	openbsd-591b982ee293938f0df951b42722d3714201a5b8.tar.gz openbsd-591b982ee293938f0df951b42722d3714201a5b8.tar.bz2 openbsd-591b982ee293938f0df951b42722d3714201a5b8.zip

diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c deleted file mode 100644 index 3927fbfe0d..0000000000 --- a/src/lib/libssl/d1_enc.c +++ /dev/null
@@ -1,212 +0,0 @@
1	/* $OpenBSD: d1_enc.c,v 1.15 2020/03/12 17:01:53 jsing Exp $ */
2	/*
3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5	*/
6	/* ====================================================================
7	* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8	*
9	* Redistribution and use in source and binary forms, with or without
10	* modification, are permitted provided that the following conditions
11	* are met:
12	*
13	* 1. Redistributions of source code must retain the above copyright
14	* notice, this list of conditions and the following disclaimer.
15	*
16	* 2. Redistributions in binary form must reproduce the above copyright
17	* notice, this list of conditions and the following disclaimer in
18	* the documentation and/or other materials provided with the
19	* distribution.
20	*
21	* 3. All advertising materials mentioning features or use of this
22	* software must display the following acknowledgment:
23	* "This product includes software developed by the OpenSSL Project
24	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25	*
26	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27	* endorse or promote products derived from this software without
28	* prior written permission. For written permission, please contact
29	* openssl-core@openssl.org.
30	*
31	* 5. Products derived from this software may not be called "OpenSSL"
32	* nor may "OpenSSL" appear in their names without prior written
33	* permission of the OpenSSL Project.
34	*
35	* 6. Redistributions of any form whatsoever must retain the following
36	* acknowledgment:
37	* "This product includes software developed by the OpenSSL Project
38	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39	*
40	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51	* OF THE POSSIBILITY OF SUCH DAMAGE.
52	* ====================================================================
53	*
54	* This product includes cryptographic software written by Eric Young
55	* (eay@cryptsoft.com). This product includes software written by Tim
56	* Hudson (tjh@cryptsoft.com).
57	*
58	*/
59	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60	* All rights reserved.
61	*
62	* This package is an SSL implementation written
63	* by Eric Young (eay@cryptsoft.com).
64	* The implementation was written so as to conform with Netscapes SSL.
65	*
66	* This library is free for commercial and non-commercial use as long as
67	* the following conditions are aheared to. The following conditions
68	* apply to all code found in this distribution, be it the RC4, RSA,
69	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
70	* included with this distribution is covered by the same copyright terms
71	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
72	*
73	* Copyright remains Eric Young's, and as such any Copyright notices in
74	* the code are not to be removed.
75	* If this package is used in a product, Eric Young should be given attribution
76	* as the author of the parts of the library used.
77	* This can be in the form of a textual message at program startup or
78	* in documentation (online or textual) provided with the package.
79	*
80	* Redistribution and use in source and binary forms, with or without
81	* modification, are permitted provided that the following conditions
82	* are met:
83	* 1. Redistributions of source code must retain the copyright
84	* notice, this list of conditions and the following disclaimer.
85	* 2. Redistributions in binary form must reproduce the above copyright
86	* notice, this list of conditions and the following disclaimer in the
87	* documentation and/or other materials provided with the distribution.
88	* 3. All advertising materials mentioning features or use of this software
89	* must display the following acknowledgement:
90	* "This product includes cryptographic software written by
91	* Eric Young (eay@cryptsoft.com)"
92	* The word 'cryptographic' can be left out if the rouines from the library
93	* being used are not cryptographic related :-).
94	* 4. If you include any Windows specific code (or a derivative thereof) from
95	* the apps directory (application code) you must include an acknowledgement:
96	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97	*
98	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108	* SUCH DAMAGE.
109	*
110	* The licence and distribution terms for any publically available version or
111	* derivative of this code cannot be changed. i.e. this code cannot simply be
112	* copied and put under another distribution licence
113	* [including the GNU Public Licence.]
114	*/
115
116	#include <stdio.h>
117
118	#include "ssl_locl.h"
119
120	#include <openssl/evp.h>
121	#include <openssl/hmac.h>
122	#include <openssl/md5.h>
123
124	/* dtls1_enc encrypts/decrypts the record in \|s->wrec\| / \|s->rrec\|, respectively.
125	*
126	* Returns:
127	* 0: (in non-constant time) if the record is publically invalid (i.e. too
128	* short etc).
129	* 1: if the record's padding is valid / the encryption was successful.
130	* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
131	* an internal error occured. */
132	int
133	dtls1_enc(SSL *s, int send)
134	{
135	SSL3_RECORD_INTERNAL *rec;
136	EVP_CIPHER_CTX *ds;
137	unsigned long l;
138	int bs, i, j, k, mac_size = 0;
139	const EVP_CIPHER *enc;
140
141	if (send) {
142	if (EVP_MD_CTX_md(s->internal->write_hash)) {
143	mac_size = EVP_MD_CTX_size(s->internal->write_hash);
144	if (mac_size < 0)
145	return -1;
146	}
147	ds = s->internal->enc_write_ctx;
148	rec = &(S3I(s)->wrec);
149	if (s->internal->enc_write_ctx == NULL)
150	enc = NULL;
151	else {
152	enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx);
153	if (rec->data != rec->input) {
154	#ifdef DEBUG
155	/* we can't write into the input stream */
156	fprintf(stderr, "%s:%d: rec->data != rec->input\n",
157	__FILE__, __LINE__);
158	#endif
159	} else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
160	arc4random_buf(rec->input,
161	EVP_CIPHER_block_size(ds->cipher));
162	}
163	}
164	} else {
165	if (EVP_MD_CTX_md(s->read_hash)) {
166	mac_size = EVP_MD_CTX_size(s->read_hash);
167	OPENSSL_assert(mac_size >= 0);
168	}
169	ds = s->enc_read_ctx;
170	rec = &(S3I(s)->rrec);
171	if (s->enc_read_ctx == NULL)
172	enc = NULL;
173	else
174	enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
175	}
176
177
178	if ((s->session == NULL) \|\| (ds == NULL) \|\| (enc == NULL)) {
179	memmove(rec->data, rec->input, rec->length);
180	rec->input = rec->data;
181	} else {
182	l = rec->length;
183	bs = EVP_CIPHER_block_size(ds->cipher);
184
185	if ((bs != 1) && send) {
186	i = bs - ((int)l % bs);
187
188	/* Add weird padding of upto 256 bytes */
189
190	/* we need to add 'i' padding bytes of value j */
191	j = i - 1;
192	for (k = (int)l; k < (int)(l + i); k++)
193	rec->input[k] = j;
194	l += i;
195	rec->length += i;
196	}
197
198
199	if (!send) {
200	if (l == 0 \|\| l % bs != 0)
201	return 0;
202	}
203
204	EVP_Cipher(ds, rec->data, rec->input, l);
205
206
207	if ((bs != 1) && !send)
208	return tls1_cbc_remove_padding(s, rec, bs, mac_size);
209	}
210	return (1);
211	}
212