summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_both.c17
-rw-r--r--src/lib/libssl/ssl_lib.c14
-rw-r--r--src/lib/libssl/ssl_locl.h26
-rw-r--r--src/lib/libssl/t1_enc.c117
-rw-r--r--src/lib/libssl/tls12_record_layer.c167
5 files changed, 141 insertions, 200 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 06a8585e10..f4c1cb95b0 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.67 2021/02/20 14:14:16 tb Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.68 2021/02/27 14:20:50 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -201,12 +201,6 @@ dtls1_hm_fragment_free(hm_fragment *frag)
201 if (frag == NULL) 201 if (frag == NULL)
202 return; 202 return;
203 203
204 if (frag->msg_header.is_ccs) {
205 EVP_CIPHER_CTX_free(
206 frag->msg_header.saved_retransmit_state.enc_write_ctx);
207 EVP_MD_CTX_free(
208 frag->msg_header.saved_retransmit_state.write_hash);
209 }
210 free(frag->fragment); 204 free(frag->fragment);
211 free(frag->reassembly); 205 free(frag->reassembly);
212 free(frag); 206 free(frag);
@@ -977,8 +971,6 @@ dtls1_buffer_message(SSL *s, int is_ccs)
977 frag->msg_header.is_ccs = is_ccs; 971 frag->msg_header.is_ccs = is_ccs;
978 972
979 /* save current state*/ 973 /* save current state*/
980 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->internal->enc_write_ctx;
981 frag->msg_header.saved_retransmit_state.write_hash = s->internal->write_hash;
982 frag->msg_header.saved_retransmit_state.session = s->session; 974 frag->msg_header.saved_retransmit_state.session = s->session;
983 frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch; 975 frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch;
984 976
@@ -1078,11 +1070,16 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1078void 1070void
1079dtls1_clear_record_buffer(SSL *s) 1071dtls1_clear_record_buffer(SSL *s)
1080{ 1072{
1073 hm_fragment *frag;
1081 pitem *item; 1074 pitem *item;
1082 1075
1083 for(item = pqueue_pop(s->d1->sent_messages); item != NULL; 1076 for(item = pqueue_pop(s->d1->sent_messages); item != NULL;
1084 item = pqueue_pop(s->d1->sent_messages)) { 1077 item = pqueue_pop(s->d1->sent_messages)) {
1085 dtls1_hm_fragment_free((hm_fragment *)item->data); 1078 frag = item->data;
1079 if (frag->msg_header.is_ccs)
1080 tls12_record_layer_write_epoch_done(s->internal->rl,
1081 frag->msg_header.saved_retransmit_state.epoch);
1082 dtls1_hm_fragment_free(frag);
1086 pitem_free(item); 1083 pitem_free(item);
1087 } 1084 }
1088} 1085}
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 57d0f4b779..e0a77d7820 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.249 2021/02/25 17:06:05 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.250 2021/02/27 14:20:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2616,22 +2616,14 @@ ssl_clear_cipher_state(SSL *s)
2616void 2616void
2617ssl_clear_cipher_read_state(SSL *s) 2617ssl_clear_cipher_read_state(SSL *s)
2618{ 2618{
2619 EVP_CIPHER_CTX_free(s->enc_read_ctx);
2620 s->enc_read_ctx = NULL;
2621 EVP_MD_CTX_free(s->read_hash);
2622 s->read_hash = NULL;
2623
2624 tls12_record_layer_clear_read_state(s->internal->rl); 2619 tls12_record_layer_clear_read_state(s->internal->rl);
2620 tls12_record_layer_read_cipher_hash(s->internal->rl,
2621 &s->enc_read_ctx, &s->read_hash);
2625} 2622}
2626 2623
2627void 2624void
2628ssl_clear_cipher_write_state(SSL *s) 2625ssl_clear_cipher_write_state(SSL *s)
2629{ 2626{
2630 EVP_CIPHER_CTX_free(s->internal->enc_write_ctx);
2631 s->internal->enc_write_ctx = NULL;
2632 EVP_MD_CTX_free(s->internal->write_hash);
2633 s->internal->write_hash = NULL;
2634
2635 tls12_record_layer_clear_write_state(s->internal->rl); 2627 tls12_record_layer_clear_write_state(s->internal->rl);
2636} 2628}
2637 2629
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7ed3094c3e..b2af8fd7c9 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.323 2021/02/25 17:06:05 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.324 2021/02/27 14:20:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -483,6 +483,9 @@ int tls12_record_layer_read_protected(struct tls12_record_layer *rl);
483int tls12_record_layer_write_protected(struct tls12_record_layer *rl); 483int tls12_record_layer_write_protected(struct tls12_record_layer *rl);
484void tls12_record_layer_set_aead(struct tls12_record_layer *rl, 484void tls12_record_layer_set_aead(struct tls12_record_layer *rl,
485 const EVP_AEAD *aead); 485 const EVP_AEAD *aead);
486void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl,
487 const EVP_CIPHER *cipher, const EVP_MD *handshake_hash,
488 const EVP_MD *mac_hash);
486void tls12_record_layer_set_version(struct tls12_record_layer *rl, 489void tls12_record_layer_set_version(struct tls12_record_layer *rl,
487 uint16_t version); 490 uint16_t version);
488void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, 491void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,
@@ -494,16 +497,8 @@ void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl,
494void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl); 497void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl);
495void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl); 498void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl);
496void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl); 499void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl);
497int tls12_record_layer_set_read_aead(struct tls12_record_layer *rl, 500void tls12_record_layer_read_cipher_hash(struct tls12_record_layer *rl,
498 SSL_AEAD_CTX *aead_ctx); 501 EVP_CIPHER_CTX **cipher, EVP_MD_CTX **hash);
499int tls12_record_layer_set_write_aead(struct tls12_record_layer *rl,
500 SSL_AEAD_CTX *aead_ctx);
501int tls12_record_layer_set_read_cipher_hash(struct tls12_record_layer *rl,
502 EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac);
503int tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl,
504 EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac);
505int tls12_record_layer_set_read_mac_key(struct tls12_record_layer *rl,
506 const uint8_t *mac_key, size_t mac_key_len);
507int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, 502int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl,
508 const uint8_t *mac_key, size_t mac_key_len, const uint8_t *key, 503 const uint8_t *mac_key, size_t mac_key_len, const uint8_t *key,
509 size_t key_len, const uint8_t *iv, size_t iv_len); 504 size_t key_len, const uint8_t *iv, size_t iv_len);
@@ -774,9 +769,6 @@ typedef struct ssl_internal_st {
774 769
775 STACK_OF(SSL_CIPHER) *cipher_list_tls13; 770 STACK_OF(SSL_CIPHER) *cipher_list_tls13;
776 771
777 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
778 EVP_MD_CTX *write_hash; /* used for mac generation */
779
780 struct tls12_record_layer *rl; 772 struct tls12_record_layer *rl;
781 773
782 /* session info */ 774 /* session info */
@@ -902,8 +894,6 @@ typedef struct ssl3_state_internal_st {
902 SSL_HANDSHAKE_TLS13 hs_tls13; 894 SSL_HANDSHAKE_TLS13 hs_tls13;
903 895
904 struct { 896 struct {
905 int new_mac_secret_size;
906
907 unsigned char cert_verify_md[EVP_MAX_MD_SIZE]; 897 unsigned char cert_verify_md[EVP_MAX_MD_SIZE];
908 898
909 unsigned char finish_md[EVP_MAX_MD_SIZE]; 899 unsigned char finish_md[EVP_MAX_MD_SIZE];
@@ -931,8 +921,8 @@ typedef struct ssl3_state_internal_st {
931 921
932 const EVP_CIPHER *new_sym_enc; 922 const EVP_CIPHER *new_sym_enc;
933 const EVP_AEAD *new_aead; 923 const EVP_AEAD *new_aead;
934 const EVP_MD *new_hash; 924 int new_mac_secret_size;
935 int new_mac_pkey_type; 925
936 int cert_request; 926 int cert_request;
937 } tmp; 927 } tmp;
938 928
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 8f3e9649b0..05a5b1d953 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.132 2021/02/03 15:14:44 tb Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.133 2021/02/27 14:20:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -310,98 +310,6 @@ tls1_generate_key_block(SSL *s, uint8_t *key_block, size_t key_block_len)
310 NULL, 0, NULL, 0, key_block, key_block_len); 310 NULL, 0, NULL, 0, key_block, key_block_len);
311} 311}
312 312
313/*
314 * tls1_change_cipher_state_cipher performs the work needed to switch cipher
315 * states when using EVP_CIPHER. The argument is_read is true iff this function
316 * is being called due to reading, as opposed to writing, a ChangeCipherSpec
317 * message.
318 */
319static int
320tls1_change_cipher_state_cipher(SSL *s, char is_read,
321 const unsigned char *mac_secret, unsigned int mac_secret_size,
322 const unsigned char *key, unsigned int key_len, const unsigned char *iv,
323 unsigned int iv_len)
324{
325 EVP_CIPHER_CTX *cipher_ctx;
326 const EVP_CIPHER *cipher;
327 EVP_MD_CTX *mac_ctx;
328 EVP_PKEY *mac_key;
329 const EVP_MD *mac;
330 int stream_mac;
331 int mac_type;
332
333 cipher = S3I(s)->tmp.new_sym_enc;
334 mac = S3I(s)->tmp.new_hash;
335 mac_type = S3I(s)->tmp.new_mac_pkey_type;
336 stream_mac = S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC;
337
338 if (is_read) {
339 ssl_clear_cipher_read_state(s);
340
341 if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
342 goto err;
343 s->enc_read_ctx = cipher_ctx;
344 if ((mac_ctx = EVP_MD_CTX_new()) == NULL)
345 goto err;
346 s->read_hash = mac_ctx;
347
348 if (!tls12_record_layer_set_read_cipher_hash(s->internal->rl,
349 cipher_ctx, mac_ctx, stream_mac))
350 goto err;
351
352 if (!tls12_record_layer_set_read_mac_key(s->internal->rl,
353 mac_secret, mac_secret_size))
354 goto err;
355 } else {
356 /*
357 * DTLS fragments retain a pointer to the compression, cipher
358 * and hash contexts, so that it can restore state in order
359 * to perform retransmissions. As such, we cannot free write
360 * contexts that are used for DTLS - these are instead freed
361 * by DTLS when its frees a ChangeCipherSpec fragment.
362 */
363 if (!SSL_is_dtls(s))
364 ssl_clear_cipher_write_state(s);
365
366 if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
367 goto err;
368 s->internal->enc_write_ctx = cipher_ctx;
369 if ((mac_ctx = EVP_MD_CTX_new()) == NULL)
370 goto err;
371 s->internal->write_hash = mac_ctx;
372
373 if (!tls12_record_layer_set_write_cipher_hash(s->internal->rl,
374 cipher_ctx, mac_ctx, stream_mac))
375 goto err;
376 }
377
378 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read);
379
380 if ((mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret,
381 mac_secret_size)) == NULL)
382 goto err;
383 EVP_DigestSignInit(mac_ctx, NULL, mac, NULL, mac_key);
384 EVP_PKEY_free(mac_key);
385
386 if (S3I(s)->hs.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
387 int nid;
388 if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
389 nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
390 else
391 nid = NID_id_tc26_gost_28147_param_Z;
392
393 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
394 if (S3I(s)->hs.new_cipher->algorithm_mac == SSL_GOST89MAC)
395 EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
396 }
397
398 return (1);
399
400err:
401 SSLerrorx(ERR_R_MALLOC_FAILURE);
402 return (0);
403}
404
405int 313int
406tls1_change_cipher_state(SSL *s, int which) 314tls1_change_cipher_state(SSL *s, int which)
407{ 315{
@@ -476,17 +384,14 @@ tls1_change_cipher_state(SSL *s, int which)
476 if (!tls12_record_layer_change_read_cipher_state(s->internal->rl, 384 if (!tls12_record_layer_change_read_cipher_state(s->internal->rl,
477 mac_secret, mac_secret_size, key, key_len, iv, iv_len)) 385 mac_secret, mac_secret_size, key, key_len, iv, iv_len))
478 goto err; 386 goto err;
387 tls12_record_layer_read_cipher_hash(s->internal->rl,
388 &s->enc_read_ctx, &s->read_hash);
479 } else { 389 } else {
480 if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, 390 if (!tls12_record_layer_change_write_cipher_state(s->internal->rl,
481 mac_secret, mac_secret_size, key, key_len, iv, iv_len)) 391 mac_secret, mac_secret_size, key, key_len, iv, iv_len))
482 goto err; 392 goto err;
483 } 393 }
484 394 return (1);
485 if (aead != NULL)
486 return 1;
487
488 return tls1_change_cipher_state_cipher(s, is_read,
489 mac_secret, mac_secret_size, key, key_len, iv, iv_len);
490 395
491 err: 396 err:
492 return (0); 397 return (0);
@@ -501,7 +406,8 @@ tls1_setup_key_block(SSL *s)
501 int key_len, iv_len; 406 int key_len, iv_len;
502 const EVP_CIPHER *cipher = NULL; 407 const EVP_CIPHER *cipher = NULL;
503 const EVP_AEAD *aead = NULL; 408 const EVP_AEAD *aead = NULL;
504 const EVP_MD *mac = NULL; 409 const EVP_MD *handshake_hash = NULL;
410 const EVP_MD *mac_hash = NULL;
505 int ret = 0; 411 int ret = 0;
506 412
507 if (S3I(s)->hs.key_block_len != 0) 413 if (S3I(s)->hs.key_block_len != 0)
@@ -516,8 +422,8 @@ tls1_setup_key_block(SSL *s)
516 key_len = EVP_AEAD_key_length(aead); 422 key_len = EVP_AEAD_key_length(aead);
517 iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->session->cipher); 423 iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->session->cipher);
518 } else { 424 } else {
519 if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type, 425 if (!ssl_cipher_get_evp(s->session, &cipher, &mac_hash,
520 &mac_secret_size)) { 426 &mac_type, &mac_secret_size)) {
521 SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); 427 SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
522 return (0); 428 return (0);
523 } 429 }
@@ -525,13 +431,16 @@ tls1_setup_key_block(SSL *s)
525 iv_len = EVP_CIPHER_iv_length(cipher); 431 iv_len = EVP_CIPHER_iv_length(cipher);
526 } 432 }
527 433
434 if (!ssl_get_handshake_evp_md(s, &handshake_hash))
435 return (0);
436
528 S3I(s)->tmp.new_aead = aead; 437 S3I(s)->tmp.new_aead = aead;
529 S3I(s)->tmp.new_sym_enc = cipher; 438 S3I(s)->tmp.new_sym_enc = cipher;
530 S3I(s)->tmp.new_hash = mac;
531 S3I(s)->tmp.new_mac_pkey_type = mac_type;
532 S3I(s)->tmp.new_mac_secret_size = mac_secret_size; 439 S3I(s)->tmp.new_mac_secret_size = mac_secret_size;
533 440
534 tls12_record_layer_set_aead(s->internal->rl, aead); 441 tls12_record_layer_set_aead(s->internal->rl, aead);
442 tls12_record_layer_set_cipher_hash(s->internal->rl, cipher,
443 handshake_hash, mac_hash);
535 444
536 tls1_cleanup_key_block(s); 445 tls1_cleanup_key_block(s);
537 446
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index f090e2d940..b7e891d268 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls12_record_layer.c,v 1.18 2021/02/27 13:38:35 jsing Exp $ */ 1/* $OpenBSD: tls12_record_layer.c,v 1.19 2021/02/27 14:20:50 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -33,10 +33,6 @@ struct tls12_record_protection {
33 uint8_t *mac_key; 33 uint8_t *mac_key;
34 size_t mac_key_len; 34 size_t mac_key_len;
35 35
36 /*
37 * XXX - for now these are just pointers to externally managed
38 * structs/memory. These should eventually be owned by the record layer.
39 */
40 EVP_CIPHER_CTX *cipher_ctx; 36 EVP_CIPHER_CTX *cipher_ctx;
41 EVP_MD_CTX *hash_ctx; 37 EVP_MD_CTX *hash_ctx;
42}; 38};
@@ -58,6 +54,12 @@ tls12_record_protection_clear(struct tls12_record_protection *rp)
58 rp->aead_ctx = NULL; 54 rp->aead_ctx = NULL;
59 } 55 }
60 56
57 EVP_CIPHER_CTX_free(rp->cipher_ctx);
58 rp->cipher_ctx = NULL;
59
60 EVP_MD_CTX_free(rp->hash_ctx);
61 rp->hash_ctx = NULL;
62
61 freezero(rp->mac_key, rp->mac_key_len); 63 freezero(rp->mac_key, rp->mac_key_len);
62 rp->mac_key = NULL; 64 rp->mac_key = NULL;
63 rp->mac_key_len = 0; 65 rp->mac_key_len = 0;
@@ -149,6 +151,9 @@ struct tls12_record_layer {
149 uint8_t alert_desc; 151 uint8_t alert_desc;
150 152
151 const EVP_AEAD *aead; 153 const EVP_AEAD *aead;
154 const EVP_CIPHER *cipher;
155 const EVP_MD *handshake_hash;
156 const EVP_MD *mac_hash;
152 157
153 /* Pointers to active record protection (memory is not owned). */ 158 /* Pointers to active record protection (memory is not owned). */
154 struct tls12_record_protection *read; 159 struct tls12_record_protection *read;
@@ -247,6 +252,16 @@ tls12_record_layer_set_aead(struct tls12_record_layer *rl, const EVP_AEAD *aead)
247} 252}
248 253
249void 254void
255tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl,
256 const EVP_CIPHER *cipher, const EVP_MD *handshake_hash,
257 const EVP_MD *mac_hash)
258{
259 rl->cipher = cipher;
260 rl->handshake_hash = handshake_hash;
261 rl->mac_hash = mac_hash;
262}
263
264void
250tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version) 265tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)
251{ 266{
252 rl->version = version; 267 rl->version = version;
@@ -290,35 +305,15 @@ tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, uint16_t epoc
290 rl->write_previous = NULL; 305 rl->write_previous = NULL;
291} 306}
292 307
293static void
294tls12_record_layer_set_read_state(struct tls12_record_layer *rl,
295 EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac)
296{
297 rl->read->cipher_ctx = cipher_ctx;
298 rl->read->hash_ctx = hash_ctx;
299 rl->read->stream_mac = stream_mac;
300}
301
302static void
303tls12_record_layer_set_write_state(struct tls12_record_layer *rl,
304 EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac)
305{
306 rl->write->cipher_ctx = cipher_ctx;
307 rl->write->hash_ctx = hash_ctx;
308 rl->write->stream_mac = stream_mac;
309}
310
311void 308void
312tls12_record_layer_clear_read_state(struct tls12_record_layer *rl) 309tls12_record_layer_clear_read_state(struct tls12_record_layer *rl)
313{ 310{
314 tls12_record_layer_set_read_state(rl, NULL, NULL, 0);
315 tls12_record_protection_clear(rl->read); 311 tls12_record_protection_clear(rl->read);
316} 312}
317 313
318void 314void
319tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) 315tls12_record_layer_clear_write_state(struct tls12_record_layer *rl)
320{ 316{
321 tls12_record_layer_set_write_state(rl, NULL, NULL, 0);
322 tls12_record_protection_clear(rl->write); 317 tls12_record_protection_clear(rl->write);
323 318
324 tls12_record_protection_free(rl->write_previous); 319 tls12_record_protection_free(rl->write_previous);
@@ -326,48 +321,36 @@ tls12_record_layer_clear_write_state(struct tls12_record_layer *rl)
326} 321}
327 322
328void 323void
329tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl) 324tls12_record_layer_read_cipher_hash(struct tls12_record_layer *rl,
330{ 325 EVP_CIPHER_CTX **cipher, EVP_MD_CTX **hash)
331 memcpy(rl->write->seq_num, rl->read->seq_num,
332 sizeof(rl->write->seq_num));
333}
334
335int
336tls12_record_layer_set_read_cipher_hash(struct tls12_record_layer *rl,
337 EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac)
338{ 326{
339 tls12_record_layer_set_read_state(rl, cipher_ctx, hash_ctx, 327 *cipher = rl->read->cipher_ctx;
340 stream_mac); 328 *hash = rl->read->hash_ctx;
341
342 return 1;
343} 329}
344 330
345int 331void
346tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl, 332tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl)
347 EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac)
348{ 333{
349 tls12_record_layer_set_write_state(rl, cipher_ctx, hash_ctx, 334 memcpy(rl->write->seq_num, rl->read->seq_num,
350 stream_mac); 335 sizeof(rl->write->seq_num));
351
352 return 1;
353} 336}
354 337
355int 338static int
356tls12_record_layer_set_read_mac_key(struct tls12_record_layer *rl, 339tls12_record_layer_set_mac_key(struct tls12_record_protection *rp,
357 const uint8_t *mac_key, size_t mac_key_len) 340 const uint8_t *mac_key, size_t mac_key_len)
358{ 341{
359 freezero(rl->read->mac_key, rl->read->mac_key_len); 342 freezero(rp->mac_key, rp->mac_key_len);
360 rl->read->mac_key = NULL; 343 rp->mac_key = NULL;
361 rl->read->mac_key_len = 0; 344 rp->mac_key_len = 0;
362 345
363 if (mac_key == NULL || mac_key_len == 0) 346 if (mac_key == NULL || mac_key_len == 0)
364 return 1; 347 return 1;
365 348
366 if ((rl->read->mac_key = calloc(1, mac_key_len)) == NULL) 349 if ((rp->mac_key = calloc(1, mac_key_len)) == NULL)
367 return 0; 350 return 0;
368 351
369 memcpy(rl->read->mac_key, mac_key, mac_key_len); 352 memcpy(rp->mac_key, mac_key, mac_key_len);
370 rl->read->mac_key_len = mac_key_len; 353 rp->mac_key_len = mac_key_len;
371 354
372 return 1; 355 return 1;
373} 356}
@@ -421,6 +404,76 @@ tls12_record_layer_ccs_aead(struct tls12_record_layer *rl,
421} 404}
422 405
423static int 406static int
407tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
408 struct tls12_record_protection *rp, int is_write, const uint8_t *mac_key,
409 size_t mac_key_len, const uint8_t *key, size_t key_len, const uint8_t *iv,
410 size_t iv_len)
411{
412 EVP_PKEY *mac_pkey = NULL;
413 int gost_param_nid;
414 int mac_type;
415 int ret = 0;
416
417 mac_type = EVP_PKEY_HMAC;
418 rp->stream_mac = 0;
419
420 /* Special handling for GOST... */
421 if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
422 if (mac_key_len != 32)
423 goto err;
424 mac_type = EVP_PKEY_GOSTIMIT;
425 rp->stream_mac = 1;
426 } else {
427 if (EVP_MD_size(rl->mac_hash) != mac_key_len)
428 goto err;
429 }
430
431 if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
432 goto err;
433 if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL)
434 goto err;
435
436 if (!tls12_record_layer_set_mac_key(rp, mac_key, mac_key_len))
437 goto err;
438
439 if ((mac_pkey = EVP_PKEY_new_mac_key(mac_type, NULL, mac_key,
440 mac_key_len)) == NULL)
441 goto err;
442
443 if (!EVP_CipherInit_ex(rp->cipher_ctx, rl->cipher, NULL, key, iv,
444 is_write))
445 goto err;
446
447 if (EVP_DigestSignInit(rp->hash_ctx, NULL, rl->mac_hash, NULL,
448 mac_pkey) <= 0)
449 goto err;
450
451 /* More special handling for GOST... */
452 if (EVP_CIPHER_type(rl->cipher) == NID_gost89_cnt) {
453 gost_param_nid = NID_id_tc26_gost_28147_param_Z;
454 if (EVP_MD_type(rl->handshake_hash) == NID_id_GostR3411_94)
455 gost_param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
456
457 if (EVP_CIPHER_CTX_ctrl(rp->cipher_ctx, EVP_CTRL_GOST_SET_SBOX,
458 gost_param_nid, 0) <= 0)
459 goto err;
460
461 if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) {
462 if (EVP_MD_CTX_ctrl(rp->hash_ctx, EVP_MD_CTRL_GOST_SET_SBOX,
463 gost_param_nid, 0) <= 0)
464 goto err;
465 }
466 }
467
468 ret = 1;
469
470 err:
471 EVP_PKEY_free(mac_pkey);
472
473 return ret;
474}
475
476static int
424tls12_record_layer_change_cipher_state(struct tls12_record_layer *rl, 477tls12_record_layer_change_cipher_state(struct tls12_record_layer *rl,
425 struct tls12_record_protection *rp, int is_write, const uint8_t *mac_key, 478 struct tls12_record_protection *rp, int is_write, const uint8_t *mac_key,
426 size_t mac_key_len, const uint8_t *key, size_t key_len, const uint8_t *iv, 479 size_t mac_key_len, const uint8_t *key, size_t key_len, const uint8_t *iv,
@@ -433,11 +486,11 @@ tls12_record_layer_change_cipher_state(struct tls12_record_layer *rl,
433 if (mac_key_len > INT_MAX || key_len > INT_MAX || iv_len > INT_MAX) 486 if (mac_key_len > INT_MAX || key_len > INT_MAX || iv_len > INT_MAX)
434 return 0; 487 return 0;
435 488
436 /* XXX - only aead for now. */ 489 if (rl->aead != NULL)
437 if (rl->aead == NULL) 490 return tls12_record_layer_ccs_aead(rl, rp, is_write, mac_key,
438 return 1; 491 mac_key_len, key, key_len, iv, iv_len);
439 492
440 return tls12_record_layer_ccs_aead(rl, rp, is_write, mac_key, 493 return tls12_record_layer_ccs_cipher(rl, rp, is_write, mac_key,
441 mac_key_len, key, key_len, iv, iv_len); 494 mac_key_len, key, key_len, iv, iv_len);
442} 495}
443 496
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-19 02:49:42 +0000