diff options
Diffstat (limited to 'src/lib/libssl/tls12_record_layer.c')
-rw-r--r-- | src/lib/libssl/tls12_record_layer.c | 79 |
1 files changed, 43 insertions, 36 deletions
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c index 3568e1876a..a65906697d 100644 --- a/src/lib/libssl/tls12_record_layer.c +++ b/src/lib/libssl/tls12_record_layer.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls12_record_layer.c,v 1.36 2022/01/14 09:12:15 tb Exp $ */ | 1 | /* $OpenBSD: tls12_record_layer.c,v 1.37 2022/11/11 17:15:26 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -864,28 +864,25 @@ tls12_record_layer_aead_xored_nonce(struct tls12_record_layer *rl, | |||
864 | 864 | ||
865 | static int | 865 | static int |
866 | tls12_record_layer_open_record_plaintext(struct tls12_record_layer *rl, | 866 | tls12_record_layer_open_record_plaintext(struct tls12_record_layer *rl, |
867 | uint8_t content_type, CBS *fragment, uint8_t **out, size_t *out_len) | 867 | uint8_t content_type, CBS *fragment, struct tls_content *out) |
868 | { | 868 | { |
869 | if (tls12_record_protection_engaged(rl->read)) | 869 | if (tls12_record_protection_engaged(rl->read)) |
870 | return 0; | 870 | return 0; |
871 | 871 | ||
872 | /* XXX - decrypt/process in place for now. */ | 872 | return tls_content_dup_data(out, content_type, CBS_data(fragment), |
873 | *out = (uint8_t *)CBS_data(fragment); | 873 | CBS_len(fragment)); |
874 | *out_len = CBS_len(fragment); | ||
875 | |||
876 | return 1; | ||
877 | } | 874 | } |
878 | 875 | ||
879 | static int | 876 | static int |
880 | tls12_record_layer_open_record_protected_aead(struct tls12_record_layer *rl, | 877 | tls12_record_layer_open_record_protected_aead(struct tls12_record_layer *rl, |
881 | uint8_t content_type, CBS *seq_num, CBS *fragment, uint8_t **out, | 878 | uint8_t content_type, CBS *seq_num, CBS *fragment, struct tls_content *out) |
882 | size_t *out_len) | ||
883 | { | 879 | { |
884 | struct tls12_record_protection *rp = rl->read; | 880 | struct tls12_record_protection *rp = rl->read; |
885 | uint8_t *header = NULL; | 881 | uint8_t *header = NULL; |
886 | size_t header_len = 0; | 882 | size_t header_len = 0; |
887 | uint8_t *plain; | 883 | uint8_t *content = NULL; |
888 | size_t plain_len; | 884 | size_t content_len = 0; |
885 | size_t out_len = 0; | ||
889 | CBS var_nonce; | 886 | CBS var_nonce; |
890 | int ret = 0; | 887 | int ret = 0; |
891 | 888 | ||
@@ -913,43 +910,47 @@ tls12_record_layer_open_record_protected_aead(struct tls12_record_layer *rl, | |||
913 | goto err; | 910 | goto err; |
914 | } | 911 | } |
915 | 912 | ||
916 | /* XXX - decrypt/process in place for now. */ | 913 | content_len = CBS_len(fragment) - rp->aead_tag_len; |
917 | plain = (uint8_t *)CBS_data(fragment); | 914 | if ((content = calloc(1, CBS_len(fragment))) == NULL) { |
918 | plain_len = CBS_len(fragment) - rp->aead_tag_len; | 915 | content_len = 0; |
916 | goto err; | ||
917 | } | ||
919 | 918 | ||
920 | if (!tls12_record_layer_pseudo_header(rl, content_type, plain_len, | 919 | if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, |
921 | seq_num, &header, &header_len)) | 920 | seq_num, &header, &header_len)) |
922 | goto err; | 921 | goto err; |
923 | 922 | ||
924 | if (!EVP_AEAD_CTX_open(rp->aead_ctx, plain, out_len, plain_len, | 923 | if (!EVP_AEAD_CTX_open(rp->aead_ctx, content, &out_len, content_len, |
925 | rp->aead_nonce, rp->aead_nonce_len, CBS_data(fragment), | 924 | rp->aead_nonce, rp->aead_nonce_len, CBS_data(fragment), |
926 | CBS_len(fragment), header, header_len)) { | 925 | CBS_len(fragment), header, header_len)) { |
927 | rl->alert_desc = SSL_AD_BAD_RECORD_MAC; | 926 | rl->alert_desc = SSL_AD_BAD_RECORD_MAC; |
928 | goto err; | 927 | goto err; |
929 | } | 928 | } |
930 | 929 | ||
931 | if (*out_len > SSL3_RT_MAX_PLAIN_LENGTH) { | 930 | if (out_len > SSL3_RT_MAX_PLAIN_LENGTH) { |
932 | rl->alert_desc = SSL_AD_RECORD_OVERFLOW; | 931 | rl->alert_desc = SSL_AD_RECORD_OVERFLOW; |
933 | goto err; | 932 | goto err; |
934 | } | 933 | } |
935 | 934 | ||
936 | if (*out_len != plain_len) | 935 | if (out_len != content_len) |
937 | goto err; | 936 | goto err; |
938 | 937 | ||
939 | *out = plain; | 938 | tls_content_set_data(out, content_type, content, content_len); |
939 | content = NULL; | ||
940 | content_len = 0; | ||
940 | 941 | ||
941 | ret = 1; | 942 | ret = 1; |
942 | 943 | ||
943 | err: | 944 | err: |
944 | freezero(header, header_len); | 945 | freezero(header, header_len); |
946 | freezero(content, content_len); | ||
945 | 947 | ||
946 | return ret; | 948 | return ret; |
947 | } | 949 | } |
948 | 950 | ||
949 | static int | 951 | static int |
950 | tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl, | 952 | tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl, |
951 | uint8_t content_type, CBS *seq_num, CBS *fragment, uint8_t **out, | 953 | uint8_t content_type, CBS *seq_num, CBS *fragment, struct tls_content *out) |
952 | size_t *out_len) | ||
953 | { | 954 | { |
954 | EVP_CIPHER_CTX *enc = rl->read->cipher_ctx; | 955 | EVP_CIPHER_CTX *enc = rl->read->cipher_ctx; |
955 | SSL3_RECORD_INTERNAL rrec; | 956 | SSL3_RECORD_INTERNAL rrec; |
@@ -958,8 +959,8 @@ tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl, | |||
958 | size_t mac_len = 0; | 959 | size_t mac_len = 0; |
959 | uint8_t *out_mac = NULL; | 960 | uint8_t *out_mac = NULL; |
960 | size_t out_mac_len = 0; | 961 | size_t out_mac_len = 0; |
961 | uint8_t *plain; | 962 | uint8_t *content = NULL; |
962 | size_t plain_len; | 963 | size_t content_len = 0; |
963 | size_t min_len; | 964 | size_t min_len; |
964 | CBB cbb_mac; | 965 | CBB cbb_mac; |
965 | int ret = 0; | 966 | int ret = 0; |
@@ -1001,16 +1002,16 @@ tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl, | |||
1001 | goto err; | 1002 | goto err; |
1002 | } | 1003 | } |
1003 | 1004 | ||
1004 | /* XXX - decrypt/process in place for now. */ | 1005 | if ((content = calloc(1, CBS_len(fragment))) == NULL) |
1005 | plain = (uint8_t *)CBS_data(fragment); | 1006 | goto err; |
1006 | plain_len = CBS_len(fragment); | 1007 | content_len = CBS_len(fragment); |
1007 | 1008 | ||
1008 | if (!EVP_Cipher(enc, plain, CBS_data(fragment), plain_len)) | 1009 | if (!EVP_Cipher(enc, content, CBS_data(fragment), CBS_len(fragment))) |
1009 | goto err; | 1010 | goto err; |
1010 | 1011 | ||
1011 | rrec.data = plain; | 1012 | rrec.data = content; |
1012 | rrec.input = plain; | 1013 | rrec.input = content; |
1013 | rrec.length = plain_len; | 1014 | rrec.length = content_len; |
1014 | 1015 | ||
1015 | /* | 1016 | /* |
1016 | * We now have to remove padding, extract MAC, calculate MAC | 1017 | * We now have to remove padding, extract MAC, calculate MAC |
@@ -1058,8 +1059,13 @@ tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl, | |||
1058 | goto err; | 1059 | goto err; |
1059 | } | 1060 | } |
1060 | 1061 | ||
1061 | *out = rrec.data; | 1062 | tls_content_set_data(out, content_type, content, content_len); |
1062 | *out_len = rrec.length; | 1063 | content = NULL; |
1064 | content_len = 0; | ||
1065 | |||
1066 | /* Actual content is after EIV, minus padding and MAC. */ | ||
1067 | if (!tls_content_set_bounds(out, eiv_len, rrec.length)) | ||
1068 | goto err; | ||
1063 | 1069 | ||
1064 | ret = 1; | 1070 | ret = 1; |
1065 | 1071 | ||
@@ -1067,13 +1073,14 @@ tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl, | |||
1067 | CBB_cleanup(&cbb_mac); | 1073 | CBB_cleanup(&cbb_mac); |
1068 | freezero(mac, mac_len); | 1074 | freezero(mac, mac_len); |
1069 | freezero(out_mac, out_mac_len); | 1075 | freezero(out_mac, out_mac_len); |
1076 | freezero(content, content_len); | ||
1070 | 1077 | ||
1071 | return ret; | 1078 | return ret; |
1072 | } | 1079 | } |
1073 | 1080 | ||
1074 | int | 1081 | int |
1075 | tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf, | 1082 | tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf, |
1076 | size_t buf_len, uint8_t **out, size_t *out_len) | 1083 | size_t buf_len, struct tls_content *out) |
1077 | { | 1084 | { |
1078 | CBS cbs, fragment, seq_num; | 1085 | CBS cbs, fragment, seq_num; |
1079 | uint16_t version; | 1086 | uint16_t version; |
@@ -1105,15 +1112,15 @@ tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf, | |||
1105 | 1112 | ||
1106 | if (rl->read->aead_ctx != NULL) { | 1113 | if (rl->read->aead_ctx != NULL) { |
1107 | if (!tls12_record_layer_open_record_protected_aead(rl, | 1114 | if (!tls12_record_layer_open_record_protected_aead(rl, |
1108 | content_type, &seq_num, &fragment, out, out_len)) | 1115 | content_type, &seq_num, &fragment, out)) |
1109 | return 0; | 1116 | return 0; |
1110 | } else if (rl->read->cipher_ctx != NULL) { | 1117 | } else if (rl->read->cipher_ctx != NULL) { |
1111 | if (!tls12_record_layer_open_record_protected_cipher(rl, | 1118 | if (!tls12_record_layer_open_record_protected_cipher(rl, |
1112 | content_type, &seq_num, &fragment, out, out_len)) | 1119 | content_type, &seq_num, &fragment, out)) |
1113 | return 0; | 1120 | return 0; |
1114 | } else { | 1121 | } else { |
1115 | if (!tls12_record_layer_open_record_plaintext(rl, | 1122 | if (!tls12_record_layer_open_record_plaintext(rl, |
1116 | content_type, &fragment, out, out_len)) | 1123 | content_type, &fragment, out)) |
1117 | return 0; | 1124 | return 0; |
1118 | } | 1125 | } |
1119 | 1126 | ||