Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.

Read and write contexts are also added to the SSL_CTX, along with supporting code. Based on Adam Langley's chromium diffs. Rides the recent SSL library bump.
author: jsing <> 2014-06-13 10:52:24 +0000
committer: jsing <> 2014-06-13 10:52:24 +0000
commit: 87e30739835137951cf48dfa7f692aae2f40dc40 (patch)
tree: c478059909f99617992b0630fe527244e4f5873d /src
parent: 9ef9f06708ef4fe615f3485f5d82f3fb919fdf03 (diff)
download: openbsd-87e30739835137951cf48dfa7f692aae2f40dc40.tar.gz
openbsd-87e30739835137951cf48dfa7f692aae2f40dc40.tar.bz2
openbsd-87e30739835137951cf48dfa7f692aae2f40dc40.zip
8 files changed, 98 insertions, 8 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 8235e0775a..f5d8bedbea 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.46 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.47 2014/06/13 10:52:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -753,6 +753,9 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                        eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
                else
                        eivlen = 0;
+        } else if (s->aead_write_ctx != NULL &&
+            s->aead_write_ctx->variable_nonce_in_record) {
+                eivlen = s->aead_write_ctx->variable_nonce_len;
        } else
                eivlen = 0;
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index 8235e0775a..f5d8bedbea 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.46 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.47 2014/06/13 10:52:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -753,6 +753,9 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                        eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
                else
                        eivlen = 0;
+        } else if (s->aead_write_ctx != NULL &&
+            s->aead_write_ctx->variable_nonce_in_record) {
+                eivlen = s->aead_write_ctx->variable_nonce_len;
        } else
                eivlen = 0;
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index cd71f7bcfe..826d7c1696 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.53 2014/06/13 04:29:13 miod Exp $ */
+/* $OpenBSD: ssl.h,v 1.54 2014/06/13 10:52:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -654,6 +654,8 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+struct ssl_aead_ctx_st;
+typedef struct ssl_aead_ctx_st SSL_AEAD_CTX;
 #define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
@@ -1093,6 +1095,10 @@ struct ssl_st {
         * the ones to be 'copied' into these ones */
        int mac_flags;
+        SSL_AEAD_CTX *aead_read_ctx;    /* AEAD context. If non-NULL, then
+                                           enc_read_ctx and read_hash are
+                                           ignored. */
        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
        EVP_MD_CTX *read_hash;                  /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
@@ -1101,6 +1107,10 @@ struct ssl_st {
        char *expand;
 #endif
+        SSL_AEAD_CTX *aead_write_ctx;   /* AEAD context. If non-NULL, then
+                                           enc_write_ctx and write_hash are
+                                           ignored. */
        EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
        EVP_MD_CTX *write_hash;                 /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 05abdb3944..297c80124d 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.66 2014/06/13 04:29:13 miod Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.67 2014/06/13 10:52:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2660,6 +2660,17 @@ ssl_clear_cipher_ctx(SSL *s)
        EVP_CIPHER_CTX_free(s->enc_write_ctx);
        s->enc_write_ctx = NULL;
+        if (s->aead_read_ctx != NULL) {
+                EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx);
+                free(s->aead_read_ctx);
+                s->aead_read_ctx = NULL;
+        }
+        if (s->aead_write_ctx != NULL) {
+                EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx);
+                free(s->aead_write_ctx);
+                s->aead_write_ctx = NULL;
+        }
 #ifndef OPENSSL_NO_COMP
        COMP_CTX_free(s->expand);
        s->expand = NULL;
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 18b329048e..ea5f8c3d4e 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.49 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.50 2014/06/13 10:52:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -578,6 +578,27 @@ typedef struct ssl3_enc_method {
 /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
 #define SSL_ENC_FLAG_TLS1_2_CIPHERS     (1 << 4)
+/*
+ * ssl_aead_ctx_st contains information about an AEAD that is being used to
+ * encrypt an SSL connection.
+ */
+struct ssl_aead_ctx_st {
+        EVP_AEAD_CTX ctx;
+        /*
+         * fixed_nonce contains any bytes of the nonce that are fixed for all
+         * records.
+         */
+        unsigned char fixed_nonce[8];
+        unsigned char fixed_nonce_len;
+        unsigned char variable_nonce_len;
+        unsigned char tag_len;
+        /*
+         * variable_nonce_in_record is non-zero if the variable nonce
+         * for a record is included as a prefix before the ciphertext.
+         */
+        char variable_nonce_in_record;
+};
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
 typedef struct ssl3_comp_st {
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index cd71f7bcfe..826d7c1696 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.53 2014/06/13 04:29:13 miod Exp $ */
+/* $OpenBSD: ssl.h,v 1.54 2014/06/13 10:52:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -654,6 +654,8 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+struct ssl_aead_ctx_st;
+typedef struct ssl_aead_ctx_st SSL_AEAD_CTX;
 #define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
@@ -1093,6 +1095,10 @@ struct ssl_st {
         * the ones to be 'copied' into these ones */
        int mac_flags;
+        SSL_AEAD_CTX *aead_read_ctx;    /* AEAD context. If non-NULL, then
+                                           enc_read_ctx and read_hash are
+                                           ignored. */
        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
        EVP_MD_CTX *read_hash;                  /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
@@ -1101,6 +1107,10 @@ struct ssl_st {
        char *expand;
 #endif
+        SSL_AEAD_CTX *aead_write_ctx;   /* AEAD context. If non-NULL, then
+                                           enc_write_ctx and write_hash are
+                                           ignored. */
        EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
        EVP_MD_CTX *write_hash;                 /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 05abdb3944..297c80124d 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.66 2014/06/13 04:29:13 miod Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.67 2014/06/13 10:52:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2660,6 +2660,17 @@ ssl_clear_cipher_ctx(SSL *s)
        EVP_CIPHER_CTX_free(s->enc_write_ctx);
        s->enc_write_ctx = NULL;
+        if (s->aead_read_ctx != NULL) {
+                EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx);
+                free(s->aead_read_ctx);
+                s->aead_read_ctx = NULL;
+        }
+        if (s->aead_write_ctx != NULL) {
+                EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx);
+                free(s->aead_write_ctx);
+                s->aead_write_ctx = NULL;
+        }
 #ifndef OPENSSL_NO_COMP
        COMP_CTX_free(s->expand);
        s->expand = NULL;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 18b329048e..ea5f8c3d4e 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.49 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.50 2014/06/13 10:52:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -578,6 +578,27 @@ typedef struct ssl3_enc_method {
 /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
 #define SSL_ENC_FLAG_TLS1_2_CIPHERS     (1 << 4)
+/*
+ * ssl_aead_ctx_st contains information about an AEAD that is being used to
+ * encrypt an SSL connection.
+ */
+struct ssl_aead_ctx_st {
+        EVP_AEAD_CTX ctx;
+        /*
+         * fixed_nonce contains any bytes of the nonce that are fixed for all
+         * records.
+         */
+        unsigned char fixed_nonce[8];
+        unsigned char fixed_nonce_len;
+        unsigned char variable_nonce_len;
+        unsigned char tag_len;
+        /*
+         * variable_nonce_in_record is non-zero if the variable nonce
+         * for a record is included as a prefix before the ciphertext.
+         */
+        char variable_nonce_in_record;
+};
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
 typedef struct ssl3_comp_st {
author	jsing <>	2014-06-13 10:52:24 +0000
committer	jsing <>	2014-06-13 10:52:24 +0000
commit	87e30739835137951cf48dfa7f692aae2f40dc40 (patch)
tree	c478059909f99617992b0630fe527244e4f5873d /src
parent	9ef9f06708ef4fe615f3485f5d82f3fb919fdf03 (diff)
download	openbsd-87e30739835137951cf48dfa7f692aae2f40dc40.tar.gz openbsd-87e30739835137951cf48dfa7f692aae2f40dc40.tar.bz2 openbsd-87e30739835137951cf48dfa7f692aae2f40dc40.zip