Provide functions to determine if TLSv1.2 record protection is engaged.

Call these functions from code that needs to know if we've changed cipher state and enabled record protection, rather than inconsistently checking various pointers from other places in the code base. This also fixes a minor bug where the wrong pointers are checked if we're operating with AEAD. ok inoguchi@ tb@
author: jsing <> 2021-01-19 18:57:09 +0000
committer: jsing <> 2021-01-19 18:57:09 +0000
commit: eb720c630d40660f4bf00d58faa6f6d59ba82ea2 (patch)
tree: 1cc6adc2f532c5f987be2b9a01b957de5960ebfa /src
parent: ac4995fa26f1a8ba3ff386c0caf843a423a4abc7 (diff)
download: openbsd-eb720c630d40660f4bf00d58faa6f6d59ba82ea2.tar.gz
openbsd-eb720c630d40660f4bf00d58faa6f6d59ba82ea2.tar.bz2
openbsd-eb720c630d40660f4bf00d58faa6f6d59ba82ea2.zip
5 files changed, 37 insertions, 18 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 4f15015145..14ff8221be 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.88 2021/01/13 18:38:34 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.89 2021/01/19 18:57:09 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -642,13 +642,12 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                return (0);
        }
+        /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
-        if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
+        if (type == rr->type) {
-        {
                /* make sure that we are not getting application data when we
                 * are doing a handshake for the first time */
-                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+                if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
-                        (s->enc_read_ctx == NULL)) {
+                    !tls12_record_layer_read_protected(s->internal->rl)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
                        goto f_err;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index e09f668121..e0a4c49ccb 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.313 2021/01/19 18:51:08 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.314 2021/01/19 18:57:09 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -479,6 +479,8 @@ void tls12_record_layer_alert(struct tls12_record_layer *rl,
    uint8_t *alert_desc);
 int tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
    size_t *overhead);
+int tls12_record_layer_read_protected(struct tls12_record_layer *rl);
+int tls12_record_layer_write_protected(struct tls12_record_layer *rl);
 void tls12_record_layer_set_version(struct tls12_record_layer *rl,
    uint16_t version);
 void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 4cc1914ecd..31a66753bf 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.33 2020/10/14 16:57:33 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.34 2021/01/19 18:57:09 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -370,11 +370,12 @@ ssl3_get_record(SSL *s)
                /* Lets check version */
                if (!s->internal->first_packet && ssl_version != s->version) {
-                        SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
                        if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
-                            !s->internal->enc_write_ctx && !s->internal->write_hash)
+                            !tls12_record_layer_write_protected(s->internal->rl)) {
                                /* Send back error using their minor version number :-) */
                                s->version = ssl_version;
+                        }
+                        SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
                        al = SSL_AD_PROTOCOL_VERSION;
                        goto f_err;
                }
@@ -569,8 +570,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
         * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this
         * is unnecessary for AEAD.
         */
-        if (sess != NULL && s->internal->enc_write_ctx != NULL &&
+        if (sess != NULL && tls12_record_layer_write_protected(s->internal->rl)) {
-            EVP_MD_CTX_md(s->internal->write_hash) != NULL) {
                if (S3I(s)->need_empty_fragments &&
                    !S3I(s)->empty_fragment_done &&
                    type == SSL3_RT_APPLICATION_DATA)
@@ -814,8 +814,8 @@ start:
        if (type == rr->type) {
                /* make sure that we are not getting application data when we
                 * are doing a handshake for the first time */
-                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+                if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
-                        (s->enc_read_ctx == NULL)) {
+                    !tls12_record_layer_read_protected(s->internal->rl)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
                        goto f_err;
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index ac3669550c..000cac6785 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.88 2020/10/14 16:57:33 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.89 2021/01/19 18:57:09 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -853,15 +853,15 @@ ssl3_get_client_hello(SSL *s)
        if (!ssl_downgrade_max_version(s, &max_version))
                goto err;
        if (ssl_max_shared_version(s, client_version, &shared_version) != 1) {
-                SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
                if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
-                    !s->internal->enc_write_ctx && !s->internal->write_hash) {
+                    !tls12_record_layer_write_protected(s->internal->rl)) {
                        /*
                         * Similar to ssl3_get_record, send alert using remote
                         * version number.
                         */
                        s->version = s->client_version;
                }
+                SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
                al = SSL_AD_PROTOCOL_VERSION;
                goto f_err;
        }
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index 7fa31707d3..affc5375a2 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.11 2021/01/19 18:51:08 jsing Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.12 2021/01/19 18:57:09 jsing Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 *
@@ -59,6 +59,12 @@ tls12_record_protection_free(struct tls12_record_protection *rp)
 }
 static int
+tls12_record_protection_engaged(struct tls12_record_protection *rp)
+{
+        return rp->aead_ctx != NULL || rp->cipher_ctx != NULL;
+}
+static int
 tls12_record_protection_eiv_len(struct tls12_record_protection *rp,
    size_t *out_eiv_len)
 {
@@ -195,6 +201,18 @@ tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
        return 1;
 }
+int
+tls12_record_layer_read_protected(struct tls12_record_layer *rl)
+{
+        return tls12_record_protection_engaged(rl->read);
+}
+int
+tls12_record_layer_write_protected(struct tls12_record_layer *rl)
+{
+        return tls12_record_protection_engaged(rl->write);
+}
 void
 tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)
 {
author	jsing <>	2021-01-19 18:57:09 +0000
committer	jsing <>	2021-01-19 18:57:09 +0000
commit	eb720c630d40660f4bf00d58faa6f6d59ba82ea2 (patch)
tree	1cc6adc2f532c5f987be2b9a01b957de5960ebfa /src
parent	ac4995fa26f1a8ba3ff386c0caf843a423a4abc7 (diff)
download	openbsd-eb720c630d40660f4bf00d58faa6f6d59ba82ea2.tar.gz openbsd-eb720c630d40660f4bf00d58faa6f6d59ba82ea2.tar.bz2 openbsd-eb720c630d40660f4bf00d58faa6f6d59ba82ea2.zip

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 4f15015145..14ff8221be 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.88 2021/01/13 18:38:34 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.89 2021/01/19 18:57:09 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -642,13 +642,12 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
642	return (0);	642	return (0);
643	}	643	}
644		644
645		645	/* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
646	if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */	646	if (type == rr->type) {
647	{
648	/* make sure that we are not getting application data when we	647	/* make sure that we are not getting application data when we
649	* are doing a handshake for the first time */	648	* are doing a handshake for the first time */
650	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&	649	if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
651	(s->enc_read_ctx == NULL)) {	650	!tls12_record_layer_read_protected(s->internal->rl)) {
652	al = SSL_AD_UNEXPECTED_MESSAGE;	651	al = SSL_AD_UNEXPECTED_MESSAGE;
653	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);	652	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
654	goto f_err;	653	goto f_err;


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index e09f668121..e0a4c49ccb 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.313 2021/01/19 18:51:08 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.314 2021/01/19 18:57:09 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -479,6 +479,8 @@ void tls12_record_layer_alert(struct tls12_record_layer *rl,
479	uint8_t *alert_desc);	479	uint8_t *alert_desc);
480	int tls12_record_layer_write_overhead(struct tls12_record_layer *rl,	480	int tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
481	size_t *overhead);	481	size_t *overhead);
		482	int tls12_record_layer_read_protected(struct tls12_record_layer *rl);
		483	int tls12_record_layer_write_protected(struct tls12_record_layer *rl);
482	void tls12_record_layer_set_version(struct tls12_record_layer *rl,	484	void tls12_record_layer_set_version(struct tls12_record_layer *rl,
483	uint16_t version);	485	uint16_t version);
484	void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,	486	void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,


diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 4cc1914ecd..31a66753bf 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_pkt.c,v 1.33 2020/10/14 16:57:33 jsing Exp $ */	1	/* $OpenBSD: ssl_pkt.c,v 1.34 2021/01/19 18:57:09 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -370,11 +370,12 @@ ssl3_get_record(SSL *s)
370		370
371	/* Lets check version */	371	/* Lets check version */
372	if (!s->internal->first_packet && ssl_version != s->version) {	372	if (!s->internal->first_packet && ssl_version != s->version) {
373	SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
374	if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&	373	if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
375	!s->internal->enc_write_ctx && !s->internal->write_hash)	374	!tls12_record_layer_write_protected(s->internal->rl)) {
376	/* Send back error using their minor version number :-) */	375	/* Send back error using their minor version number :-) */
377	s->version = ssl_version;	376	s->version = ssl_version;
		377	}
		378	SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
378	al = SSL_AD_PROTOCOL_VERSION;	379	al = SSL_AD_PROTOCOL_VERSION;
379	goto f_err;	380	goto f_err;
380	}	381	}
@@ -569,8 +570,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf, unsigned int len)
569	* (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this	570	* (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this
570	* is unnecessary for AEAD.	571	* is unnecessary for AEAD.
571	*/	572	*/
572	if (sess != NULL && s->internal->enc_write_ctx != NULL &&	573	if (sess != NULL && tls12_record_layer_write_protected(s->internal->rl)) {
573	EVP_MD_CTX_md(s->internal->write_hash) != NULL) {
574	if (S3I(s)->need_empty_fragments &&	574	if (S3I(s)->need_empty_fragments &&
575	!S3I(s)->empty_fragment_done &&	575	!S3I(s)->empty_fragment_done &&
576	type == SSL3_RT_APPLICATION_DATA)	576	type == SSL3_RT_APPLICATION_DATA)
@@ -814,8 +814,8 @@ start:
814	if (type == rr->type) {	814	if (type == rr->type) {
815	/* make sure that we are not getting application data when we	815	/* make sure that we are not getting application data when we
816	* are doing a handshake for the first time */	816	* are doing a handshake for the first time */
817	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&	817	if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
818	(s->enc_read_ctx == NULL)) {	818	!tls12_record_layer_read_protected(s->internal->rl)) {
819	al = SSL_AD_UNEXPECTED_MESSAGE;	819	al = SSL_AD_UNEXPECTED_MESSAGE;
820	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);	820	SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
821	goto f_err;	821	goto f_err;


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index ac3669550c..000cac6785 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.88 2020/10/14 16:57:33 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.89 2021/01/19 18:57:09 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -853,15 +853,15 @@ ssl3_get_client_hello(SSL *s)
853	if (!ssl_downgrade_max_version(s, &max_version))	853	if (!ssl_downgrade_max_version(s, &max_version))
854	goto err;	854	goto err;
855	if (ssl_max_shared_version(s, client_version, &shared_version) != 1) {	855	if (ssl_max_shared_version(s, client_version, &shared_version) != 1) {
856	SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
857	if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&	856	if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
858	!s->internal->enc_write_ctx && !s->internal->write_hash) {	857	!tls12_record_layer_write_protected(s->internal->rl)) {
859	/*	858	/*
860	* Similar to ssl3_get_record, send alert using remote	859	* Similar to ssl3_get_record, send alert using remote
861	* version number.	860	* version number.
862	*/	861	*/
863	s->version = s->client_version;	862	s->version = s->client_version;
864	}	863	}
		864	SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
865	al = SSL_AD_PROTOCOL_VERSION;	865	al = SSL_AD_PROTOCOL_VERSION;
866	goto f_err;	866	goto f_err;
867	}	867	}


diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c index 7fa31707d3..affc5375a2 100644 --- a/src/lib/libssl/tls12_record_layer.c +++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls12_record_layer.c,v 1.11 2021/01/19 18:51:08 jsing Exp $ */	1	/* $OpenBSD: tls12_record_layer.c,v 1.12 2021/01/19 18:57:09 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -59,6 +59,12 @@ tls12_record_protection_free(struct tls12_record_protection *rp)
59	}	59	}
60		60
61	static int	61	static int
		62	tls12_record_protection_engaged(struct tls12_record_protection *rp)
		63	{
		64	return rp->aead_ctx != NULL \|\| rp->cipher_ctx != NULL;
		65	}
		66
		67	static int
62	tls12_record_protection_eiv_len(struct tls12_record_protection *rp,	68	tls12_record_protection_eiv_len(struct tls12_record_protection *rp,
63	size_t *out_eiv_len)	69	size_t *out_eiv_len)
64	{	70	{
@@ -195,6 +201,18 @@ tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
195	return 1;	201	return 1;
196	}	202	}
197		203
		204	int
		205	tls12_record_layer_read_protected(struct tls12_record_layer *rl)
		206	{
		207	return tls12_record_protection_engaged(rl->read);
		208	}
		209
		210	int
		211	tls12_record_layer_write_protected(struct tls12_record_layer *rl)
		212	{
		213	return tls12_record_protection_engaged(rl->write);
		214	}
		215
198	void	216	void
199	tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)	217	tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)
200	{	218	{