1 files changed, 5 insertions, 85 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 4a6b3b7dcf..748ff988da 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.80 2020/08/11 19:21:54 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.81 2020/08/30 15:40:19 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1174,14 +1174,9 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
 int
 do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 {
-        SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec);
        SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
-        SSL_SESSION *sess = s->session;
-        int block_size = 0, eivlen = 0, mac_size = 0;
-        size_t pad_len, record_len;
-        CBB cbb, fragment;
        size_t out_len;
-        uint8_t *p;
+        CBB cbb;
        int ret;
        memset(&cbb, 0, sizeof(cbb));
@@ -1205,81 +1200,15 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
        if (len == 0)
                return 0;
-        if (sess != NULL && s->internal->enc_write_ctx != NULL &&
-            EVP_MD_CTX_md(s->internal->write_hash) != NULL) {
-                if ((mac_size = EVP_MD_CTX_size(s->internal->write_hash)) < 0)
-                        goto err;
-        }
-        /* Explicit IV length. */
-        if (s->internal->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
-                int mode = EVP_CIPHER_CTX_mode(s->internal->enc_write_ctx);
-                if (mode == EVP_CIPH_CBC_MODE) {
-                        eivlen = EVP_CIPHER_CTX_iv_length(s->internal->enc_write_ctx);
-                        if (eivlen <= 1)
-                                eivlen = 0;
-                }
-        } else if (s->internal->aead_write_ctx != NULL &&
-            s->internal->aead_write_ctx->variable_nonce_in_record) {
-                eivlen = s->internal->aead_write_ctx->variable_nonce_len;
-        }
-        /* Determine length of record fragment. */
-        record_len = eivlen + len + mac_size;
-        if (s->internal->enc_write_ctx != NULL) {
-                block_size = EVP_CIPHER_CTX_block_size(s->internal->enc_write_ctx);
-                if (block_size <= 0 || block_size > EVP_MAX_BLOCK_LENGTH)
-                        goto err;
-                if (block_size > 1) {
-                        pad_len = block_size - (record_len % block_size);
-                        record_len += pad_len;
-                }
-        } else if (s->internal->aead_write_ctx != NULL) {
-                record_len += s->internal->aead_write_ctx->tag_len;
-        }
-        /* DTLS implements explicit IV, so no need for empty fragments. */
        wb->offset = 0;
        if (!CBB_init_fixed(&cbb, wb->buf, wb->len))
                goto err;
-        /* Write the header. */
+        tls12_record_layer_set_version(s->internal->rl, s->version);
-        if (!CBB_add_u8(&cbb, type))
+        tls12_record_layer_set_write_epoch(s->internal->rl, D1I(s)->w_epoch);
-                goto err;
-        if (!CBB_add_u16(&cbb, s->version))
-                goto err;
-        if (!CBB_add_u16(&cbb, D1I(s)->w_epoch))
-                goto err;
-        if (!CBB_add_bytes(&cbb, &(S3I(s)->write_sequence[2]), 6))
-                goto err;
-        if (!CBB_add_u16_length_prefixed(&cbb, &fragment))
-                goto err;
-        if (!CBB_add_space(&fragment, &p, record_len))
-                goto err;
-        wr->type = type;
-        wr->data = p + eivlen;
-        wr->length = (int)len;
-        wr->input = wr->data;
-        memcpy(wr->data, buf, len);
-        if (mac_size != 0) {
-                if (tls1_mac(s, &(p[wr->length + eivlen]), 1) < 0)
-                        goto err;
-                wr->length += mac_size;
-        }
-        wr->data = p;
+        if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb))
-        wr->input = p;
-        wr->length += eivlen;
-        if (tls1_enc(s, 1) != 1)
-                goto err;
-        if (wr->length != record_len)
                goto err;
        if (!CBB_finish(&cbb, NULL, &out_len))
@@ -1288,15 +1217,6 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
        wb->left = out_len;
        /*
-         * We should now have wr->data pointing to the encrypted data,
-         * which is wr->length long.
-         */
-        wr->type = type; /* not needed but helps for debugging */
-        wr->length += DTLS1_RT_HEADER_LENGTH;
-        tls1_record_sequence_increment(S3I(s)->write_sequence);
-        /*
         * Memorize arguments so that ssl3_write_pending can detect
         * bad write retries later.
         */

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 4a6b3b7dcf..748ff988da 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.80 2020/08/11 19:21:54 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.81 2020/08/30 15:40:19 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1174,14 +1174,9 @@ dtls1_write_bytes(SSL s, int type, const void buf, int len)
1174	int	1174	int
1175	do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)	1175	do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
1176	{	1176	{
1177	SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec);
1178	SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);	1177	SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
1179	SSL_SESSION *sess = s->session;
1180	int block_size = 0, eivlen = 0, mac_size = 0;
1181	size_t pad_len, record_len;
1182	CBB cbb, fragment;
1183	size_t out_len;	1178	size_t out_len;
1184	uint8_t *p;	1179	CBB cbb;
1185	int ret;	1180	int ret;
1186		1181
1187	memset(&cbb, 0, sizeof(cbb));	1182	memset(&cbb, 0, sizeof(cbb));
@@ -1205,81 +1200,15 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
1205	if (len == 0)	1200	if (len == 0)
1206	return 0;	1201	return 0;
1207		1202
1208	if (sess != NULL && s->internal->enc_write_ctx != NULL &&
1209	EVP_MD_CTX_md(s->internal->write_hash) != NULL) {
1210	if ((mac_size = EVP_MD_CTX_size(s->internal->write_hash)) < 0)
1211	goto err;
1212	}
1213
1214	/* Explicit IV length. */
1215	if (s->internal->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
1216	int mode = EVP_CIPHER_CTX_mode(s->internal->enc_write_ctx);
1217	if (mode == EVP_CIPH_CBC_MODE) {
1218	eivlen = EVP_CIPHER_CTX_iv_length(s->internal->enc_write_ctx);
1219	if (eivlen <= 1)
1220	eivlen = 0;
1221	}
1222	} else if (s->internal->aead_write_ctx != NULL &&
1223	s->internal->aead_write_ctx->variable_nonce_in_record) {
1224	eivlen = s->internal->aead_write_ctx->variable_nonce_len;
1225	}
1226
1227	/* Determine length of record fragment. */
1228	record_len = eivlen + len + mac_size;
1229	if (s->internal->enc_write_ctx != NULL) {
1230	block_size = EVP_CIPHER_CTX_block_size(s->internal->enc_write_ctx);
1231	if (block_size <= 0 \|\| block_size > EVP_MAX_BLOCK_LENGTH)
1232	goto err;
1233	if (block_size > 1) {
1234	pad_len = block_size - (record_len % block_size);
1235	record_len += pad_len;
1236	}
1237	} else if (s->internal->aead_write_ctx != NULL) {
1238	record_len += s->internal->aead_write_ctx->tag_len;
1239	}
1240
1241	/* DTLS implements explicit IV, so no need for empty fragments. */
1242
1243	wb->offset = 0;	1203	wb->offset = 0;
1244		1204
1245	if (!CBB_init_fixed(&cbb, wb->buf, wb->len))	1205	if (!CBB_init_fixed(&cbb, wb->buf, wb->len))
1246	goto err;	1206	goto err;
1247		1207
1248	/* Write the header. */	1208	tls12_record_layer_set_version(s->internal->rl, s->version);
1249	if (!CBB_add_u8(&cbb, type))	1209	tls12_record_layer_set_write_epoch(s->internal->rl, D1I(s)->w_epoch);
1250	goto err;
1251	if (!CBB_add_u16(&cbb, s->version))
1252	goto err;
1253	if (!CBB_add_u16(&cbb, D1I(s)->w_epoch))
1254	goto err;
1255	if (!CBB_add_bytes(&cbb, &(S3I(s)->write_sequence[2]), 6))
1256	goto err;
1257	if (!CBB_add_u16_length_prefixed(&cbb, &fragment))
1258	goto err;
1259	if (!CBB_add_space(&fragment, &p, record_len))
1260	goto err;
1261
1262	wr->type = type;
1263	wr->data = p + eivlen;
1264	wr->length = (int)len;
1265	wr->input = wr->data;
1266
1267	memcpy(wr->data, buf, len);
1268
1269	if (mac_size != 0) {
1270	if (tls1_mac(s, &(p[wr->length + eivlen]), 1) < 0)
1271	goto err;
1272	wr->length += mac_size;
1273	}
1274		1210
1275	wr->data = p;	1211	if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb))
1276	wr->input = p;
1277	wr->length += eivlen;
1278
1279	if (tls1_enc(s, 1) != 1)
1280	goto err;
1281
1282	if (wr->length != record_len)
1283	goto err;	1212	goto err;
1284		1213
1285	if (!CBB_finish(&cbb, NULL, &out_len))	1214	if (!CBB_finish(&cbb, NULL, &out_len))
@@ -1288,15 +1217,6 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
1288	wb->left = out_len;	1217	wb->left = out_len;
1289		1218
1290	/*	1219	/*
1291	* We should now have wr->data pointing to the encrypted data,
1292	* which is wr->length long.
1293	*/
1294	wr->type = type; /* not needed but helps for debugging */
1295	wr->length += DTLS1_RT_HEADER_LENGTH;
1296
1297	tls1_record_sequence_increment(S3I(s)->write_sequence);
1298
1299	/*
1300	* Memorize arguments so that ssl3_write_pending can detect	1220	* Memorize arguments so that ssl3_write_pending can detect
1301	* bad write retries later.	1221	* bad write retries later.
1302	*/	1222	*/