summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls12_record_layer.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/tls12_record_layer.c')
-rw-r--r--src/lib/libssl/tls12_record_layer.c78
1 files changed, 31 insertions, 47 deletions
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index 7e29f4ed65..b9a3320de8 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls12_record_layer.c,v 1.26 2021/04/19 17:26:39 jsing Exp $ */ 1/* $OpenBSD: tls12_record_layer.c,v 1.27 2021/05/05 10:05:27 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -254,18 +254,6 @@ tls12_record_layer_write_protected(struct tls12_record_layer *rl)
254 return tls12_record_protection_engaged(rl->write); 254 return tls12_record_protection_engaged(rl->write);
255} 255}
256 256
257const EVP_AEAD *
258tls12_record_layer_aead(struct tls12_record_layer *rl)
259{
260 return rl->aead;
261}
262
263const EVP_CIPHER *
264tls12_record_layer_cipher(struct tls12_record_layer *rl)
265{
266 return rl->cipher;
267}
268
269void 257void
270tls12_record_layer_set_aead(struct tls12_record_layer *rl, const EVP_AEAD *aead) 258tls12_record_layer_set_aead(struct tls12_record_layer *rl, const EVP_AEAD *aead)
271{ 259{
@@ -410,11 +398,10 @@ tls12_record_layer_set_mac_key(struct tls12_record_protection *rp,
410 398
411static int 399static int
412tls12_record_layer_ccs_aead(struct tls12_record_layer *rl, 400tls12_record_layer_ccs_aead(struct tls12_record_layer *rl,
413 struct tls12_record_protection *rp, int is_write, const uint8_t *mac_key, 401 struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key,
414 size_t mac_key_len, const uint8_t *key, size_t key_len, const uint8_t *iv, 402 CBS *iv)
415 size_t iv_len)
416{ 403{
417 size_t aead_nonce_len; 404 size_t aead_nonce_len, fixed_nonce_len;
418 405
419 if (!tls12_record_protection_unused(rp)) 406 if (!tls12_record_protection_unused(rp))
420 return 0; 407 return 0;
@@ -431,11 +418,11 @@ tls12_record_layer_ccs_aead(struct tls12_record_layer *rl,
431 if (rl->aead == EVP_aead_chacha20_poly1305()) 418 if (rl->aead == EVP_aead_chacha20_poly1305())
432 rp->aead_ctx->xor_fixed_nonce = 1; 419 rp->aead_ctx->xor_fixed_nonce = 1;
433 420
434 if (iv_len > sizeof(rp->aead_ctx->fixed_nonce)) 421 if (!CBS_write_bytes(iv, rp->aead_ctx->fixed_nonce,
422 sizeof(rp->aead_ctx->fixed_nonce), &fixed_nonce_len))
435 return 0; 423 return 0;
436 424
437 memcpy(rp->aead_ctx->fixed_nonce, iv, iv_len); 425 rp->aead_ctx->fixed_nonce_len = fixed_nonce_len;
438 rp->aead_ctx->fixed_nonce_len = iv_len;
439 rp->aead_ctx->tag_len = EVP_AEAD_max_overhead(rl->aead); 426 rp->aead_ctx->tag_len = EVP_AEAD_max_overhead(rl->aead);
440 rp->aead_ctx->variable_nonce_len = 8; 427 rp->aead_ctx->variable_nonce_len = 8;
441 428
@@ -454,8 +441,8 @@ tls12_record_layer_ccs_aead(struct tls12_record_layer *rl,
454 return 0; 441 return 0;
455 } 442 }
456 443
457 if (!EVP_AEAD_CTX_init(&rp->aead_ctx->ctx, rl->aead, key, key_len, 444 if (!EVP_AEAD_CTX_init(&rp->aead_ctx->ctx, rl->aead, CBS_data(key),
458 EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) 445 CBS_len(key), EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
459 return 0; 446 return 0;
460 447
461 return 1; 448 return 1;
@@ -463,9 +450,8 @@ tls12_record_layer_ccs_aead(struct tls12_record_layer *rl,
463 450
464static int 451static int
465tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl, 452tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
466 struct tls12_record_protection *rp, int is_write, const uint8_t *mac_key, 453 struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key,
467 size_t mac_key_len, const uint8_t *key, size_t key_len, const uint8_t *iv, 454 CBS *iv)
468 size_t iv_len)
469{ 455{
470 EVP_PKEY *mac_pkey = NULL; 456 EVP_PKEY *mac_pkey = NULL;
471 int gost_param_nid; 457 int gost_param_nid;
@@ -478,23 +464,23 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
478 mac_type = EVP_PKEY_HMAC; 464 mac_type = EVP_PKEY_HMAC;
479 rp->stream_mac = 0; 465 rp->stream_mac = 0;
480 466
481 if (iv_len > INT_MAX || key_len > INT_MAX) 467 if (CBS_len(iv) > INT_MAX || CBS_len(key) > INT_MAX)
482 goto err; 468 goto err;
483 if (EVP_CIPHER_iv_length(rl->cipher) != iv_len) 469 if (EVP_CIPHER_iv_length(rl->cipher) != CBS_len(iv))
484 goto err; 470 goto err;
485 if (EVP_CIPHER_key_length(rl->cipher) != key_len) 471 if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key))
486 goto err; 472 goto err;
487 473
488 /* Special handling for GOST... */ 474 /* Special handling for GOST... */
489 if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) { 475 if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
490 if (mac_key_len != 32) 476 if (CBS_len(mac_key) != 32)
491 goto err; 477 goto err;
492 mac_type = EVP_PKEY_GOSTIMIT; 478 mac_type = EVP_PKEY_GOSTIMIT;
493 rp->stream_mac = 1; 479 rp->stream_mac = 1;
494 } else { 480 } else {
495 if (mac_key_len > INT_MAX) 481 if (CBS_len(mac_key) > INT_MAX)
496 goto err; 482 goto err;
497 if (EVP_MD_size(rl->mac_hash) != mac_key_len) 483 if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
498 goto err; 484 goto err;
499 } 485 }
500 486
@@ -503,15 +489,16 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
503 if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL) 489 if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL)
504 goto err; 490 goto err;
505 491
506 if (!tls12_record_layer_set_mac_key(rp, mac_key, mac_key_len)) 492 if (!tls12_record_layer_set_mac_key(rp, CBS_data(mac_key),
493 CBS_len(mac_key)))
507 goto err; 494 goto err;
508 495
509 if ((mac_pkey = EVP_PKEY_new_mac_key(mac_type, NULL, mac_key, 496 if ((mac_pkey = EVP_PKEY_new_mac_key(mac_type, NULL, CBS_data(mac_key),
510 mac_key_len)) == NULL) 497 CBS_len(mac_key))) == NULL)
511 goto err; 498 goto err;
512 499
513 if (!EVP_CipherInit_ex(rp->cipher_ctx, rl->cipher, NULL, key, iv, 500 if (!EVP_CipherInit_ex(rp->cipher_ctx, rl->cipher, NULL, CBS_data(key),
514 is_write)) 501 CBS_data(iv), is_write))
515 goto err; 502 goto err;
516 503
517 if (EVP_DigestSignInit(rp->hash_ctx, NULL, rl->mac_hash, NULL, 504 if (EVP_DigestSignInit(rp->hash_ctx, NULL, rl->mac_hash, NULL,
@@ -545,22 +532,20 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
545 532
546static int 533static int
547tls12_record_layer_change_cipher_state(struct tls12_record_layer *rl, 534tls12_record_layer_change_cipher_state(struct tls12_record_layer *rl,
548 struct tls12_record_protection *rp, int is_write, const uint8_t *mac_key, 535 struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key,
549 size_t mac_key_len, const uint8_t *key, size_t key_len, const uint8_t *iv, 536 CBS *iv)
550 size_t iv_len)
551{ 537{
552 if (rl->aead != NULL) 538 if (rl->aead != NULL)
553 return tls12_record_layer_ccs_aead(rl, rp, is_write, mac_key, 539 return tls12_record_layer_ccs_aead(rl, rp, is_write, mac_key,
554 mac_key_len, key, key_len, iv, iv_len); 540 key, iv);
555 541
556 return tls12_record_layer_ccs_cipher(rl, rp, is_write, mac_key, 542 return tls12_record_layer_ccs_cipher(rl, rp, is_write, mac_key,
557 mac_key_len, key, key_len, iv, iv_len); 543 key, iv);
558} 544}
559 545
560int 546int
561tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, 547tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl,
562 const uint8_t *mac_key, size_t mac_key_len, const uint8_t *key, 548 CBS *mac_key, CBS *key, CBS *iv)
563 size_t key_len, const uint8_t *iv, size_t iv_len)
564{ 549{
565 struct tls12_record_protection *read_new = NULL; 550 struct tls12_record_protection *read_new = NULL;
566 int ret = 0; 551 int ret = 0;
@@ -571,7 +556,7 @@ tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl,
571 /* Read sequence number gets reset to zero. */ 556 /* Read sequence number gets reset to zero. */
572 557
573 if (!tls12_record_layer_change_cipher_state(rl, read_new, 0, 558 if (!tls12_record_layer_change_cipher_state(rl, read_new, 0,
574 mac_key, mac_key_len, key, key_len, iv, iv_len)) 559 mac_key, key, iv))
575 goto err; 560 goto err;
576 561
577 tls12_record_protection_free(rl->read_current); 562 tls12_record_protection_free(rl->read_current);
@@ -588,8 +573,7 @@ tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl,
588 573
589int 574int
590tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, 575tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl,
591 const uint8_t *mac_key, size_t mac_key_len, const uint8_t *key, 576 CBS *mac_key, CBS *key, CBS *iv)
592 size_t key_len, const uint8_t *iv, size_t iv_len)
593{ 577{
594 struct tls12_record_protection *write_new; 578 struct tls12_record_protection *write_new;
595 int ret = 0; 579 int ret = 0;
@@ -600,7 +584,7 @@ tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl,
600 /* Write sequence number gets reset to zero. */ 584 /* Write sequence number gets reset to zero. */
601 585
602 if (!tls12_record_layer_change_cipher_state(rl, write_new, 1, 586 if (!tls12_record_layer_change_cipher_state(rl, write_new, 1,
603 mac_key, mac_key_len, key, key_len, iv, iv_len)) 587 mac_key, key, iv))
604 goto err; 588 goto err;
605 589
606 if (rl->dtls) { 590 if (rl->dtls) {