summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/d1_pkt.c3
-rw-r--r--src/lib/libssl/ssl_locl.h4
-rw-r--r--src/lib/libssl/tls12_record_layer.c151
3 files changed, 89 insertions, 69 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 30ce78414d..4c450d2cb9 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.85 2020/10/03 17:35:16 jsing Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.86 2021/01/13 18:20:54 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -316,7 +316,6 @@ dtls1_process_record(SSL *s)
316 size_t out_len; 316 size_t out_len;
317 317
318 tls12_record_layer_set_version(s->internal->rl, s->version); 318 tls12_record_layer_set_version(s->internal->rl, s->version);
319 tls12_record_layer_set_read_epoch(s->internal->rl, rr->epoch);
320 319
321 if (!tls12_record_layer_open_record(s->internal->rl, s->internal->packet, 320 if (!tls12_record_layer_open_record(s->internal->rl, s->internal->packet,
322 s->internal->packet_length, &out, &out_len)) { 321 s->internal->packet_length, &out, &out_len)) {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 5c646d2208..560fcdc1a4 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.311 2021/01/07 15:32:59 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.312 2021/01/13 18:20:54 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -479,8 +479,6 @@ void tls12_record_layer_alert(struct tls12_record_layer *rl,
479 uint8_t *alert_desc); 479 uint8_t *alert_desc);
480void tls12_record_layer_set_version(struct tls12_record_layer *rl, 480void tls12_record_layer_set_version(struct tls12_record_layer *rl,
481 uint16_t version); 481 uint16_t version);
482void tls12_record_layer_set_read_epoch(struct tls12_record_layer *rl,
483 uint16_t epoch);
484void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, 482void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,
485 uint16_t epoch); 483 uint16_t epoch);
486void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl); 484void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl);
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index 2b331355be..50311a3d84 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls12_record_layer.c,v 1.8 2021/01/12 17:47:20 jsing Exp $ */ 1/* $OpenBSD: tls12_record_layer.c,v 1.9 2021/01/13 18:20:54 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -114,12 +114,6 @@ tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)
114} 114}
115 115
116void 116void
117tls12_record_layer_set_read_epoch(struct tls12_record_layer *rl, uint16_t epoch)
118{
119 rl->read->epoch = epoch;
120}
121
122void
123tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, uint16_t epoch) 117tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, uint16_t epoch)
124{ 118{
125 rl->write->epoch = epoch; 119 rl->write->epoch = epoch;
@@ -256,8 +250,8 @@ tls12_record_layer_build_seq_num(struct tls12_record_layer *rl, CBB *cbb,
256 250
257static int 251static int
258tls12_record_layer_pseudo_header(struct tls12_record_layer *rl, 252tls12_record_layer_pseudo_header(struct tls12_record_layer *rl,
259 uint8_t content_type, uint16_t record_len, uint16_t epoch, uint8_t *seq_num, 253 uint8_t content_type, uint16_t record_len, CBS *seq_num, uint8_t **out,
260 size_t seq_num_len, uint8_t **out, size_t *out_len) 254 size_t *out_len)
261{ 255{
262 CBB cbb; 256 CBB cbb;
263 257
@@ -268,8 +262,7 @@ tls12_record_layer_pseudo_header(struct tls12_record_layer *rl,
268 if (!CBB_init(&cbb, 13)) 262 if (!CBB_init(&cbb, 13))
269 goto err; 263 goto err;
270 264
271 if (!tls12_record_layer_build_seq_num(rl, &cbb, epoch, 265 if (!CBB_add_bytes(&cbb, CBS_data(seq_num), CBS_len(seq_num)))
272 seq_num, seq_num_len))
273 goto err; 266 goto err;
274 if (!CBB_add_u8(&cbb, content_type)) 267 if (!CBB_add_u8(&cbb, content_type))
275 goto err; 268 goto err;
@@ -291,9 +284,8 @@ tls12_record_layer_pseudo_header(struct tls12_record_layer *rl,
291 284
292static int 285static int
293tls12_record_layer_mac(struct tls12_record_layer *rl, CBB *cbb, 286tls12_record_layer_mac(struct tls12_record_layer *rl, CBB *cbb,
294 EVP_MD_CTX *hash_ctx, int stream_mac, uint16_t epoch, uint8_t *seq_num, 287 EVP_MD_CTX *hash_ctx, int stream_mac, CBS *seq_num, uint8_t content_type,
295 size_t seq_num_len, uint8_t content_type, const uint8_t *content, 288 const uint8_t *content, size_t content_len, size_t *out_len)
296 size_t content_len, size_t *out_len)
297{ 289{
298 EVP_MD_CTX *mac_ctx = NULL; 290 EVP_MD_CTX *mac_ctx = NULL;
299 uint8_t *header = NULL; 291 uint8_t *header = NULL;
@@ -308,7 +300,7 @@ tls12_record_layer_mac(struct tls12_record_layer *rl, CBB *cbb,
308 goto err; 300 goto err;
309 301
310 if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, 302 if (!tls12_record_layer_pseudo_header(rl, content_type, content_len,
311 epoch, seq_num, seq_num_len, &header, &header_len)) 303 seq_num, &header, &header_len))
312 goto err; 304 goto err;
313 305
314 if (EVP_DigestSignUpdate(mac_ctx, header, header_len) <= 0) 306 if (EVP_DigestSignUpdate(mac_ctx, header, header_len) <= 0)
@@ -341,8 +333,8 @@ tls12_record_layer_mac(struct tls12_record_layer *rl, CBB *cbb,
341 333
342static int 334static int
343tls12_record_layer_read_mac_cbc(struct tls12_record_layer *rl, CBB *cbb, 335tls12_record_layer_read_mac_cbc(struct tls12_record_layer *rl, CBB *cbb,
344 uint8_t content_type, const uint8_t *content, size_t content_len, 336 uint8_t content_type, CBS *seq_num, const uint8_t *content,
345 size_t mac_len, size_t padding_len) 337 size_t content_len, size_t mac_len, size_t padding_len)
346{ 338{
347 uint8_t *header = NULL; 339 uint8_t *header = NULL;
348 size_t header_len = 0; 340 size_t header_len = 0;
@@ -358,8 +350,7 @@ tls12_record_layer_read_mac_cbc(struct tls12_record_layer *rl, CBB *cbb,
358 goto err; 350 goto err;
359 351
360 if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, 352 if (!tls12_record_layer_pseudo_header(rl, content_type, content_len,
361 rl->read->epoch, rl->read->seq_num, SSL3_SEQUENCE_SIZE, 353 seq_num, &header, &header_len))
362 &header, &header_len))
363 goto err; 354 goto err;
364 355
365 if (!CBB_add_space(cbb, &mac, mac_len)) 356 if (!CBB_add_space(cbb, &mac, mac_len))
@@ -381,7 +372,8 @@ tls12_record_layer_read_mac_cbc(struct tls12_record_layer *rl, CBB *cbb,
381 372
382static int 373static int
383tls12_record_layer_read_mac(struct tls12_record_layer *rl, CBB *cbb, 374tls12_record_layer_read_mac(struct tls12_record_layer *rl, CBB *cbb,
384 uint8_t content_type, const uint8_t *content, size_t content_len) 375 uint8_t content_type, CBS *seq_num, const uint8_t *content,
376 size_t content_len)
385{ 377{
386 EVP_CIPHER_CTX *enc = rl->read->cipher_ctx; 378 EVP_CIPHER_CTX *enc = rl->read->cipher_ctx;
387 size_t out_len; 379 size_t out_len;
@@ -390,18 +382,18 @@ tls12_record_layer_read_mac(struct tls12_record_layer *rl, CBB *cbb,
390 return 0; 382 return 0;
391 383
392 return tls12_record_layer_mac(rl, cbb, rl->read->hash_ctx, 384 return tls12_record_layer_mac(rl, cbb, rl->read->hash_ctx,
393 rl->read->stream_mac, rl->read->epoch, rl->read->seq_num, 385 rl->read->stream_mac, seq_num, content_type, content, content_len,
394 SSL3_SEQUENCE_SIZE, content_type, content, content_len, &out_len); 386 &out_len);
395} 387}
396 388
397static int 389static int
398tls12_record_layer_write_mac(struct tls12_record_layer *rl, CBB *cbb, 390tls12_record_layer_write_mac(struct tls12_record_layer *rl, CBB *cbb,
399 uint8_t content_type, const uint8_t *content, size_t content_len, 391 uint8_t content_type, CBS *seq_num, const uint8_t *content,
400 size_t *out_len) 392 size_t content_len, size_t *out_len)
401{ 393{
402 return tls12_record_layer_mac(rl, cbb, rl->write->hash_ctx, 394 return tls12_record_layer_mac(rl, cbb, rl->write->hash_ctx,
403 rl->write->stream_mac, rl->write->epoch, rl->write->seq_num, 395 rl->write->stream_mac, seq_num, content_type, content, content_len,
404 SSL3_SEQUENCE_SIZE, content_type, content, content_len, out_len); 396 out_len);
405} 397}
406 398
407static int 399static int
@@ -494,21 +486,21 @@ tls12_record_layer_open_record_plaintext(struct tls12_record_layer *rl,
494 486
495static int 487static int
496tls12_record_layer_open_record_protected_aead(struct tls12_record_layer *rl, 488tls12_record_layer_open_record_protected_aead(struct tls12_record_layer *rl,
497 uint8_t content_type, CBS *fragment, uint8_t **out, size_t *out_len) 489 uint8_t content_type, CBS *seq_num, CBS *fragment, uint8_t **out,
490 size_t *out_len)
498{ 491{
499 const SSL_AEAD_CTX *aead = rl->read->aead_ctx; 492 const SSL_AEAD_CTX *aead = rl->read->aead_ctx;
500 uint8_t *header = NULL, *nonce = NULL; 493 uint8_t *header = NULL, *nonce = NULL;
501 size_t header_len = 0, nonce_len = 0; 494 size_t header_len = 0, nonce_len = 0;
502 uint8_t *plain; 495 uint8_t *plain;
503 size_t plain_len; 496 size_t plain_len;
504 uint16_t epoch = 0;
505 CBS var_nonce; 497 CBS var_nonce;
506 int ret = 0; 498 int ret = 0;
507 499
508 /* XXX - move to nonce allocated in record layer, matching TLSv1.3 */ 500 /* XXX - move to nonce allocated in record layer, matching TLSv1.3 */
509 if (aead->xor_fixed_nonce) { 501 if (aead->xor_fixed_nonce) {
510 if (!tls12_record_layer_aead_xored_nonce(rl, aead, 502 if (!tls12_record_layer_aead_xored_nonce(rl, aead,
511 rl->read->seq_num, &nonce, &nonce_len)) 503 CBS_data(seq_num), &nonce, &nonce_len))
512 goto err; 504 goto err;
513 } else if (aead->variable_nonce_in_record) { 505 } else if (aead->variable_nonce_in_record) {
514 if (!CBS_get_bytes(fragment, &var_nonce, 506 if (!CBS_get_bytes(fragment, &var_nonce,
@@ -519,7 +511,7 @@ tls12_record_layer_open_record_protected_aead(struct tls12_record_layer *rl,
519 goto err; 511 goto err;
520 } else { 512 } else {
521 if (!tls12_record_layer_aead_concat_nonce(rl, aead, 513 if (!tls12_record_layer_aead_concat_nonce(rl, aead,
522 rl->read->seq_num, &nonce, &nonce_len)) 514 CBS_data(seq_num), &nonce, &nonce_len))
523 goto err; 515 goto err;
524 } 516 }
525 517
@@ -538,7 +530,7 @@ tls12_record_layer_open_record_protected_aead(struct tls12_record_layer *rl,
538 plain_len = CBS_len(fragment) - aead->tag_len; 530 plain_len = CBS_len(fragment) - aead->tag_len;
539 531
540 if (!tls12_record_layer_pseudo_header(rl, content_type, plain_len, 532 if (!tls12_record_layer_pseudo_header(rl, content_type, plain_len,
541 epoch, rl->read->seq_num, SSL3_SEQUENCE_SIZE, &header, &header_len)) 533 seq_num, &header, &header_len))
542 goto err; 534 goto err;
543 535
544 if (!EVP_AEAD_CTX_open(&aead->ctx, plain, out_len, plain_len, 536 if (!EVP_AEAD_CTX_open(&aead->ctx, plain, out_len, plain_len,
@@ -569,7 +561,8 @@ tls12_record_layer_open_record_protected_aead(struct tls12_record_layer *rl,
569 561
570static int 562static int
571tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl, 563tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl,
572 uint8_t content_type, CBS *fragment, uint8_t **out, size_t *out_len) 564 uint8_t content_type, CBS *seq_num, CBS *fragment, uint8_t **out,
565 size_t *out_len)
573{ 566{
574 EVP_CIPHER_CTX *enc = rl->read->cipher_ctx; 567 EVP_CIPHER_CTX *enc = rl->read->cipher_ctx;
575 SSL3_RECORD_INTERNAL rrec; 568 SSL3_RECORD_INTERNAL rrec;
@@ -651,13 +644,14 @@ tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl,
651 rrec.padding_length); 644 rrec.padding_length);
652 rrec.length -= mac_len; 645 rrec.length -= mac_len;
653 if (!tls12_record_layer_read_mac_cbc(rl, &cbb_mac, content_type, 646 if (!tls12_record_layer_read_mac_cbc(rl, &cbb_mac, content_type,
654 rrec.input, rrec.length, mac_len, rrec.padding_length)) 647 seq_num, rrec.input, rrec.length, mac_len,
648 rrec.padding_length))
655 goto err; 649 goto err;
656 } else { 650 } else {
657 rrec.length -= mac_len; 651 rrec.length -= mac_len;
658 memcpy(mac, rrec.data + rrec.length, mac_len); 652 memcpy(mac, rrec.data + rrec.length, mac_len);
659 if (!tls12_record_layer_read_mac(rl, &cbb_mac, content_type, 653 if (!tls12_record_layer_read_mac(rl, &cbb_mac, content_type,
660 rrec.input, rrec.length)) 654 seq_num, rrec.input, rrec.length))
661 goto err; 655 goto err;
662 } 656 }
663 if (!CBB_finish(&cbb_mac, &out_mac, &out_mac_len)) 657 if (!CBB_finish(&cbb_mac, &out_mac, &out_mac_len))
@@ -696,20 +690,26 @@ int
696tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf, 690tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf,
697 size_t buf_len, uint8_t **out, size_t *out_len) 691 size_t buf_len, uint8_t **out, size_t *out_len)
698{ 692{
699 CBS cbs, fragment, seq_no; 693 CBS cbs, fragment, seq_num;
700 uint16_t epoch, version; 694 uint16_t version;
701 uint8_t content_type; 695 uint8_t content_type;
702 696
703 CBS_init(&cbs, buf, buf_len); 697 CBS_init(&cbs, buf, buf_len);
698 CBS_init(&seq_num, rl->read->seq_num, SSL3_SEQUENCE_SIZE);
704 699
705 if (!CBS_get_u8(&cbs, &content_type)) 700 if (!CBS_get_u8(&cbs, &content_type))
706 return 0; 701 return 0;
707 if (!CBS_get_u16(&cbs, &version)) 702 if (!CBS_get_u16(&cbs, &version))
708 return 0; 703 return 0;
709 if (rl->dtls) { 704 if (rl->dtls) {
710 if (!CBS_get_u16(&cbs, &epoch)) 705 /*
711 return 0; 706 * The DTLS sequence number is split into a 16 bit epoch and
712 if (!CBS_get_bytes(&cbs, &seq_no, 6)) 707 * 48 bit sequence number, however for the purposes of record
708 * processing it is treated the same as a TLS 64 bit sequence
709 * number. DTLS also uses explicit read sequence numbers, which
710 * we need to extract from the DTLS record header.
711 */
712 if (!CBS_get_bytes(&cbs, &seq_num, SSL3_SEQUENCE_SIZE))
713 return 0; 713 return 0;
714 } 714 }
715 if (!CBS_get_u16_length_prefixed(&cbs, &fragment)) 715 if (!CBS_get_u16_length_prefixed(&cbs, &fragment))
@@ -717,11 +717,11 @@ tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf,
717 717
718 if (rl->read->aead_ctx != NULL) { 718 if (rl->read->aead_ctx != NULL) {
719 if (!tls12_record_layer_open_record_protected_aead(rl, 719 if (!tls12_record_layer_open_record_protected_aead(rl,
720 content_type, &fragment, out, out_len)) 720 content_type, &seq_num, &fragment, out, out_len))
721 return 0; 721 return 0;
722 } else if (rl->read->cipher_ctx != NULL) { 722 } else if (rl->read->cipher_ctx != NULL) {
723 if (!tls12_record_layer_open_record_protected_cipher(rl, 723 if (!tls12_record_layer_open_record_protected_cipher(rl,
724 content_type, &fragment, out, out_len)) 724 content_type, &seq_num, &fragment, out, out_len))
725 return 0; 725 return 0;
726 } else { 726 } else {
727 if (!tls12_record_layer_open_record_plaintext(rl, 727 if (!tls12_record_layer_open_record_plaintext(rl,
@@ -747,35 +747,36 @@ tls12_record_layer_seal_record_plaintext(struct tls12_record_layer *rl,
747 747
748static int 748static int
749tls12_record_layer_seal_record_protected_aead(struct tls12_record_layer *rl, 749tls12_record_layer_seal_record_protected_aead(struct tls12_record_layer *rl,
750 uint8_t content_type, const uint8_t *content, size_t content_len, CBB *out) 750 uint8_t content_type, CBS *seq_num, const uint8_t *content,
751 size_t content_len, CBB *out)
751{ 752{
752 const SSL_AEAD_CTX *aead = rl->write->aead_ctx; 753 const SSL_AEAD_CTX *aead = rl->write->aead_ctx;
753 uint8_t *header = NULL, *nonce = NULL; 754 uint8_t *header = NULL, *nonce = NULL;
754 size_t header_len = 0, nonce_len = 0; 755 size_t header_len = 0, nonce_len = 0;
755 size_t enc_record_len, out_len; 756 size_t enc_record_len, out_len;
756 uint16_t epoch = 0;
757 uint8_t *enc_data; 757 uint8_t *enc_data;
758 int ret = 0; 758 int ret = 0;
759 759
760 /* XXX - move to nonce allocated in record layer, matching TLSv1.3 */ 760 /* XXX - move to nonce allocated in record layer, matching TLSv1.3 */
761 if (aead->xor_fixed_nonce) { 761 if (aead->xor_fixed_nonce) {
762 if (!tls12_record_layer_aead_xored_nonce(rl, aead, 762 if (!tls12_record_layer_aead_xored_nonce(rl, aead,
763 rl->write->seq_num, &nonce, &nonce_len)) 763 CBS_data(seq_num), &nonce, &nonce_len))
764 goto err; 764 goto err;
765 } else { 765 } else {
766 if (!tls12_record_layer_aead_concat_nonce(rl, aead, 766 if (!tls12_record_layer_aead_concat_nonce(rl, aead,
767 rl->write->seq_num, &nonce, &nonce_len)) 767 CBS_data(seq_num), &nonce, &nonce_len))
768 goto err; 768 goto err;
769 } 769 }
770 770
771 if (aead->variable_nonce_in_record) { 771 if (aead->variable_nonce_in_record) {
772 /* XXX - length check? */ 772 /* XXX - length check? */
773 if (!CBB_add_bytes(out, rl->write->seq_num, aead->variable_nonce_len)) 773 if (!CBB_add_bytes(out, CBS_data(seq_num),
774 aead->variable_nonce_len))
774 goto err; 775 goto err;
775 } 776 }
776 777
777 if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, 778 if (!tls12_record_layer_pseudo_header(rl, content_type, content_len,
778 epoch, rl->write->seq_num, SSL3_SEQUENCE_SIZE, &header, &header_len)) 779 seq_num, &header, &header_len))
779 goto err; 780 goto err;
780 781
781 /* XXX EVP_AEAD_max_tag_len vs EVP_AEAD_CTX_tag_len. */ 782 /* XXX EVP_AEAD_max_tag_len vs EVP_AEAD_CTX_tag_len. */
@@ -803,7 +804,8 @@ tls12_record_layer_seal_record_protected_aead(struct tls12_record_layer *rl,
803 804
804static int 805static int
805tls12_record_layer_seal_record_protected_cipher(struct tls12_record_layer *rl, 806tls12_record_layer_seal_record_protected_cipher(struct tls12_record_layer *rl,
806 uint8_t content_type, const uint8_t *content, size_t content_len, CBB *out) 807 uint8_t content_type, CBS *seq_num, const uint8_t *content,
808 size_t content_len, CBB *out)
807{ 809{
808 EVP_CIPHER_CTX *enc = rl->write->cipher_ctx; 810 EVP_CIPHER_CTX *enc = rl->write->cipher_ctx;
809 size_t mac_len, pad_len; 811 size_t mac_len, pad_len;
@@ -836,7 +838,7 @@ tls12_record_layer_seal_record_protected_cipher(struct tls12_record_layer *rl,
836 mac_len = 0; 838 mac_len = 0;
837 if (rl->write->hash_ctx != NULL) { 839 if (rl->write->hash_ctx != NULL) {
838 if (!tls12_record_layer_write_mac(rl, &cbb, content_type, 840 if (!tls12_record_layer_write_mac(rl, &cbb, content_type,
839 content, content_len, &mac_len)) 841 seq_num, content, content_len, &mac_len))
840 goto err; 842 goto err;
841 } 843 }
842 844
@@ -883,39 +885,60 @@ int
883tls12_record_layer_seal_record(struct tls12_record_layer *rl, 885tls12_record_layer_seal_record(struct tls12_record_layer *rl,
884 uint8_t content_type, const uint8_t *content, size_t content_len, CBB *cbb) 886 uint8_t content_type, const uint8_t *content, size_t content_len, CBB *cbb)
885{ 887{
886 CBB fragment; 888 uint8_t *seq_num_data = NULL;
889 size_t seq_num_len = 0;
890 CBB fragment, seq_num_cbb;
891 CBS seq_num;
892 int ret = 0;
893
894 /*
895 * Construct the effective sequence number - this is used in both
896 * the DTLS header and for MAC calculations.
897 */
898 if (!CBB_init(&seq_num_cbb, SSL3_SEQUENCE_SIZE))
899 goto err;
900 if (!tls12_record_layer_build_seq_num(rl, &seq_num_cbb, rl->write->epoch,
901 rl->write->seq_num, SSL3_SEQUENCE_SIZE))
902 goto err;
903 if (!CBB_finish(&seq_num_cbb, &seq_num_data, &seq_num_len))
904 goto err;
905 CBS_init(&seq_num, seq_num_data, seq_num_len);
887 906
888 if (!CBB_add_u8(cbb, content_type)) 907 if (!CBB_add_u8(cbb, content_type))
889 return 0; 908 goto err;
890 if (!CBB_add_u16(cbb, rl->version)) 909 if (!CBB_add_u16(cbb, rl->version))
891 return 0; 910 goto err;
892 if (rl->dtls) { 911 if (rl->dtls) {
893 if (!tls12_record_layer_build_seq_num(rl, cbb, 912 if (!CBB_add_bytes(cbb, CBS_data(&seq_num), CBS_len(&seq_num)))
894 rl->write->epoch, rl->write->seq_num, 913 goto err;
895 SSL3_SEQUENCE_SIZE))
896 return 0;
897 } 914 }
898 if (!CBB_add_u16_length_prefixed(cbb, &fragment)) 915 if (!CBB_add_u16_length_prefixed(cbb, &fragment))
899 return 0; 916 goto err;
900 917
901 if (rl->write->aead_ctx != NULL) { 918 if (rl->write->aead_ctx != NULL) {
902 if (!tls12_record_layer_seal_record_protected_aead(rl, 919 if (!tls12_record_layer_seal_record_protected_aead(rl,
903 content_type, content, content_len, &fragment)) 920 content_type, &seq_num, content, content_len, &fragment))
904 return 0; 921 goto err;
905 } else if (rl->write->cipher_ctx != NULL) { 922 } else if (rl->write->cipher_ctx != NULL) {
906 if (!tls12_record_layer_seal_record_protected_cipher(rl, 923 if (!tls12_record_layer_seal_record_protected_cipher(rl,
907 content_type, content, content_len, &fragment)) 924 content_type, &seq_num, content, content_len, &fragment))
908 return 0; 925 goto err;
909 } else { 926 } else {
910 if (!tls12_record_layer_seal_record_plaintext(rl, 927 if (!tls12_record_layer_seal_record_plaintext(rl,
911 content_type, content, content_len, &fragment)) 928 content_type, content, content_len, &fragment))
912 return 0; 929 goto err;
913 } 930 }
914 931
915 if (!CBB_flush(cbb)) 932 if (!CBB_flush(cbb))
916 return 0; 933 goto err;
917 934
918 tls1_record_sequence_increment(rl->write->seq_num); 935 tls1_record_sequence_increment(rl->write->seq_num);
919 936
920 return 1; 937 ret = 1;
938
939 err:
940 CBB_cleanup(&seq_num_cbb);
941 free(seq_num_data);
942
943 return ret;
921} 944}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 18:12:49 +0000