1 files changed, 6 insertions, 97 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 5c9b3be2ff..c9c86471d3 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.30 2020/08/09 16:54:16 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.31 2020/08/30 15:40:20 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -617,100 +617,6 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 }
 static int
-ssl3_create_record(SSL *s, CBB *cbb, uint16_t version, uint8_t type,
-    const unsigned char *buf, unsigned int len)
-{
-        SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec);
-        SSL_SESSION *sess = s->session;
-        int block_size = 0, eivlen = 0, mac_size = 0;
-        size_t pad_len, record_len;
-        CBB fragment;
-        uint8_t *p;
-        if (sess != NULL && s->internal->enc_write_ctx != NULL &&
-            EVP_MD_CTX_md(s->internal->write_hash) != NULL) {
-                if ((mac_size = EVP_MD_CTX_size(s->internal->write_hash)) < 0)
-                        goto err;
-        }
-        /* Explicit IV length. */
-        if (s->internal->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
-                int mode = EVP_CIPHER_CTX_mode(s->internal->enc_write_ctx);
-                if (mode == EVP_CIPH_CBC_MODE) {
-                        eivlen = EVP_CIPHER_CTX_iv_length(s->internal->enc_write_ctx);
-                        if (eivlen <= 1)
-                                eivlen = 0;
-                }
-        } else if (s->internal->aead_write_ctx != NULL &&
-            s->internal->aead_write_ctx->variable_nonce_in_record) {
-                eivlen = s->internal->aead_write_ctx->variable_nonce_len;
-        }
-        /* Determine length of record fragment. */
-        record_len = eivlen + len + mac_size;
-        if (s->internal->enc_write_ctx != NULL) {
-                block_size = EVP_CIPHER_CTX_block_size(s->internal->enc_write_ctx);
-                if (block_size <= 0 || block_size > EVP_MAX_BLOCK_LENGTH)
-                        goto err;
-                if (block_size > 1) {
-                        pad_len = block_size - (record_len % block_size);
-                        record_len += pad_len;
-                }
-        } else if (s->internal->aead_write_ctx != NULL) {
-                record_len += s->internal->aead_write_ctx->tag_len;
-        }
-        /* Write the header. */
-        if (!CBB_add_u8(cbb, type))
-                goto err;
-        if (!CBB_add_u16(cbb, version))
-                goto err;
-        if (!CBB_add_u16_length_prefixed(cbb, &fragment))
-                goto err;
-        if (!CBB_add_space(&fragment, &p, record_len))
-                goto err;
-        /* Set up the record. */
-        wr->type = type;
-        wr->data = p + eivlen;
-        wr->length = (int)len;
-        wr->input = wr->data;
-        memcpy(wr->data, buf, len);
-        if (mac_size != 0) {
-                if (tls1_mac(s, &(p[wr->length + eivlen]), 1) < 0)
-                        goto err;
-                wr->length += mac_size;
-        }
-        wr->data = p;
-        wr->input = p;
-        wr->length += eivlen;
-        if (tls1_enc(s, 1) != 1)
-                goto err;
-        if (wr->length != record_len)
-                goto err;
-        if (!CBB_flush(cbb))
-                goto err;
-        /*
-         * We should now have wr->data pointing to the encrypted data,
-         * which is wr->length long.
-         */
-        wr->type = type; /* not needed but helps for debugging */
-        wr->length += SSL3_RT_HEADER_LENGTH;
-        return 1;
- err:
-        return 0;
-}
-static int
 do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 {
        SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
@@ -785,13 +691,16 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
        if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align))
                goto err;
+        tls12_record_layer_set_version(s->internal->rl, version);
        if (need_empty_fragment) {
-                if (!ssl3_create_record(s, &cbb, version, type, buf, 0))
+                if (!tls12_record_layer_seal_record(s->internal->rl, type,
+                    buf, 0, &cbb))
                        goto err;
                S3I(s)->empty_fragment_done = 1;
        }
-        if (!ssl3_create_record(s, &cbb, version, type, buf, len))
+        if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb))
                goto err;
        if (!CBB_finish(&cbb, NULL, &out_len))

diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 5c9b3be2ff..c9c86471d3 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_pkt.c,v 1.30 2020/08/09 16:54:16 jsing Exp $ */	1	/* $OpenBSD: ssl_pkt.c,v 1.31 2020/08/30 15:40:20 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -617,100 +617,6 @@ ssl3_write_bytes(SSL s, int type, const void buf_, int len)
617	}	617	}
618		618
619	static int	619	static int
620	ssl3_create_record(SSL s, CBB cbb, uint16_t version, uint8_t type,
621	const unsigned char *buf, unsigned int len)
622	{
623	SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec);
624	SSL_SESSION *sess = s->session;
625	int block_size = 0, eivlen = 0, mac_size = 0;
626	size_t pad_len, record_len;
627	CBB fragment;
628	uint8_t *p;
629
630	if (sess != NULL && s->internal->enc_write_ctx != NULL &&
631	EVP_MD_CTX_md(s->internal->write_hash) != NULL) {
632	if ((mac_size = EVP_MD_CTX_size(s->internal->write_hash)) < 0)
633	goto err;
634	}
635
636	/* Explicit IV length. */
637	if (s->internal->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
638	int mode = EVP_CIPHER_CTX_mode(s->internal->enc_write_ctx);
639	if (mode == EVP_CIPH_CBC_MODE) {
640	eivlen = EVP_CIPHER_CTX_iv_length(s->internal->enc_write_ctx);
641	if (eivlen <= 1)
642	eivlen = 0;
643	}
644	} else if (s->internal->aead_write_ctx != NULL &&
645	s->internal->aead_write_ctx->variable_nonce_in_record) {
646	eivlen = s->internal->aead_write_ctx->variable_nonce_len;
647	}
648
649	/* Determine length of record fragment. */
650	record_len = eivlen + len + mac_size;
651	if (s->internal->enc_write_ctx != NULL) {
652	block_size = EVP_CIPHER_CTX_block_size(s->internal->enc_write_ctx);
653	if (block_size <= 0 \|\| block_size > EVP_MAX_BLOCK_LENGTH)
654	goto err;
655	if (block_size > 1) {
656	pad_len = block_size - (record_len % block_size);
657	record_len += pad_len;
658	}
659	} else if (s->internal->aead_write_ctx != NULL) {
660	record_len += s->internal->aead_write_ctx->tag_len;
661	}
662
663	/* Write the header. */
664	if (!CBB_add_u8(cbb, type))
665	goto err;
666	if (!CBB_add_u16(cbb, version))
667	goto err;
668	if (!CBB_add_u16_length_prefixed(cbb, &fragment))
669	goto err;
670	if (!CBB_add_space(&fragment, &p, record_len))
671	goto err;
672
673	/* Set up the record. */
674	wr->type = type;
675	wr->data = p + eivlen;
676	wr->length = (int)len;
677	wr->input = wr->data;
678
679	memcpy(wr->data, buf, len);
680
681	if (mac_size != 0) {
682	if (tls1_mac(s, &(p[wr->length + eivlen]), 1) < 0)
683	goto err;
684	wr->length += mac_size;
685	}
686
687	wr->data = p;
688	wr->input = p;
689	wr->length += eivlen;
690
691	if (tls1_enc(s, 1) != 1)
692	goto err;
693
694	if (wr->length != record_len)
695	goto err;
696
697	if (!CBB_flush(cbb))
698	goto err;
699
700	/*
701	* We should now have wr->data pointing to the encrypted data,
702	* which is wr->length long.
703	*/
704	wr->type = type; /* not needed but helps for debugging */
705	wr->length += SSL3_RT_HEADER_LENGTH;
706
707	return 1;
708
709	err:
710	return 0;
711	}
712
713	static int
714	do_ssl3_write(SSL s, int type, const unsigned char buf, unsigned int len)	620	do_ssl3_write(SSL s, int type, const unsigned char buf, unsigned int len)
715	{	621	{
716	SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);	622	SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
@@ -785,13 +691,16 @@ do_ssl3_write(SSL s, int type, const unsigned char buf, unsigned int len)
785	if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align))	691	if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align))
786	goto err;	692	goto err;
787		693
		694	tls12_record_layer_set_version(s->internal->rl, version);
		695
788	if (need_empty_fragment) {	696	if (need_empty_fragment) {
789	if (!ssl3_create_record(s, &cbb, version, type, buf, 0))	697	if (!tls12_record_layer_seal_record(s->internal->rl, type,
		698	buf, 0, &cbb))
790	goto err;	699	goto err;
791	S3I(s)->empty_fragment_done = 1;	700	S3I(s)->empty_fragment_done = 1;
792	}	701	}
793		702
794	if (!ssl3_create_record(s, &cbb, version, type, buf, len))	703	if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb))
795	goto err;	704	goto err;
796		705
797	if (!CBB_finish(&cbb, NULL, &out_len))	706	if (!CBB_finish(&cbb, NULL, &out_len))