summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2021-03-29 16:19:15 +0000
committerjsing <>2021-03-29 16:19:15 +0000
commit84b53cb9086e02b898c2ed561177d37a66d2e659 (patch)
tree208986f6a978755c10c6497025772040ee9e9d33 /src
parentd9dfab150e9c80a3bafbf4effd23e943ab9ba197 (diff)
downloadopenbsd-84b53cb9086e02b898c2ed561177d37a66d2e659.tar.gz
openbsd-84b53cb9086e02b898c2ed561177d37a66d2e659.tar.bz2
openbsd-84b53cb9086e02b898c2ed561177d37a66d2e659.zip
Move the TLSv1.2 record number increment into the new record layer.
This adds checks (based on the TLSv1.3 implementation) to ensure that the TLS/DTLS sequence numbers do not wrap, as required by the respective RFCs. ok inoguchi@ tb@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/t1_enc.c13
-rw-r--r--src/lib/libssl/tls12_record_layer.c47
3 files changed, 44 insertions, 19 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7f197bbcdf..4b2f98f84d 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.331 2021/03/27 17:56:28 tb Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.332 2021/03/29 16:19:15 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1261,7 +1261,6 @@ int ssl3_handshake_msg_finish(SSL *s, CBB *handshake);
1261int ssl3_handshake_write(SSL *s); 1261int ssl3_handshake_write(SSL *s);
1262int ssl3_record_write(SSL *s, int type); 1262int ssl3_record_write(SSL *s, int type);
1263 1263
1264void tls1_record_sequence_increment(unsigned char *seq);
1265int ssl3_do_change_cipher_spec(SSL *ssl); 1264int ssl3_do_change_cipher_spec(SSL *ssl);
1266 1265
1267int dtls1_do_write(SSL *s, int type); 1266int dtls1_do_write(SSL *s, int type);
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index b9dcbac661..0ddd52b530 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.135 2021/03/24 18:44:00 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.136 2021/03/29 16:19:15 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -157,17 +157,6 @@ tls1_cleanup_key_block(SSL *s)
157 S3I(s)->hs.tls12.key_block_len = 0; 157 S3I(s)->hs.tls12.key_block_len = 0;
158} 158}
159 159
160void
161tls1_record_sequence_increment(unsigned char *seq)
162{
163 int i;
164
165 for (i = SSL3_SEQUENCE_SIZE - 1; i >= 0; i--) {
166 if (++seq[i] != 0)
167 break;
168 }
169}
170
171/* 160/*
172 * TLS P_hash() data expansion function - see RFC 5246, section 5. 161 * TLS P_hash() data expansion function - see RFC 5246, section 5.
173 */ 162 */
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index ba3c3dfb2b..6cf8b31c63 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls12_record_layer.c,v 1.24 2021/03/21 19:08:22 tb Exp $ */ 1/* $OpenBSD: tls12_record_layer.c,v 1.25 2021/03/29 16:19:15 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -22,9 +22,11 @@
22 22
23#include "ssl_locl.h" 23#include "ssl_locl.h"
24 24
25#define TLS12_RECORD_SEQ_NUM_LEN 8
26
25struct tls12_record_protection { 27struct tls12_record_protection {
26 uint16_t epoch; 28 uint16_t epoch;
27 uint8_t seq_num[SSL3_SEQUENCE_SIZE]; 29 uint8_t seq_num[TLS12_RECORD_SEQ_NUM_LEN];
28 30
29 SSL_AEAD_CTX *aead_ctx; 31 SSL_AEAD_CTX *aead_ctx;
30 32
@@ -342,6 +344,38 @@ tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl)
342 sizeof(rl->write->seq_num)); 344 sizeof(rl->write->seq_num));
343} 345}
344 346
347static const uint8_t tls12_max_seq_num[TLS12_RECORD_SEQ_NUM_LEN] = {
348 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
349};
350
351int
352tls12_record_layer_inc_seq_num(struct tls12_record_layer *rl, uint8_t *seq_num)
353{
354 CBS max_seq_num;
355 int i;
356
357 /*
358 * RFC 5246 section 6.1 and RFC 6347 section 4.1 - both TLS and DTLS
359 * sequence numbers must not wrap. Note that for DTLS the first two
360 * bytes are used as an "epoch" and not part of the sequence number.
361 */
362 CBS_init(&max_seq_num, seq_num, TLS12_RECORD_SEQ_NUM_LEN);
363 if (rl->dtls) {
364 if (!CBS_skip(&max_seq_num, 2))
365 return 0;
366 }
367 if (CBS_mem_equal(&max_seq_num, tls12_max_seq_num,
368 CBS_len(&max_seq_num)))
369 return 0;
370
371 for (i = TLS12_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--) {
372 if (++seq_num[i] != 0)
373 break;
374 }
375
376 return 1;
377}
378
345static int 379static int
346tls12_record_layer_set_mac_key(struct tls12_record_protection *rp, 380tls12_record_layer_set_mac_key(struct tls12_record_protection *rp,
347 const uint8_t *mac_key, size_t mac_key_len) 381 const uint8_t *mac_key, size_t mac_key_len)
@@ -1074,8 +1108,10 @@ tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf,
1074 return 0; 1108 return 0;
1075 } 1109 }
1076 1110
1077 if (!rl->dtls) 1111 if (!rl->dtls) {
1078 tls1_record_sequence_increment(rl->read->seq_num); 1112 if (!tls12_record_layer_inc_seq_num(rl, rl->read->seq_num))
1113 return 0;
1114 }
1079 1115
1080 return 1; 1116 return 1;
1081} 1117}
@@ -1274,7 +1310,8 @@ tls12_record_layer_seal_record(struct tls12_record_layer *rl,
1274 if (!CBB_flush(cbb)) 1310 if (!CBB_flush(cbb))
1275 goto err; 1311 goto err;
1276 1312
1277 tls1_record_sequence_increment(rl->write->seq_num); 1313 if (!tls12_record_layer_inc_seq_num(rl, rl->write->seq_num))
1314 goto err;
1278 1315
1279 ret = 1; 1316 ret = 1;
1280 1317
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 23:22:57 +0000