diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/d1_both.c | 19 | ||||
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 13 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 13 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 17 | ||||
| -rw-r--r-- | src/lib/libssl/tls12_record_layer.c | 47 |
7 files changed, 38 insertions, 84 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index 8c4fec589f..ba4e9edd8d 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_both.c,v 1.65 2021/01/19 19:07:39 jsing Exp $ */ | 1 | /* $OpenBSD: d1_both.c,v 1.66 2021/01/26 14:22:19 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -1009,7 +1009,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | |||
| 1009 | unsigned long header_length; | 1009 | unsigned long header_length; |
| 1010 | unsigned char seq64be[8]; | 1010 | unsigned char seq64be[8]; |
| 1011 | struct dtls1_retransmit_state saved_state; | 1011 | struct dtls1_retransmit_state saved_state; |
| 1012 | unsigned char save_write_sequence[8]; | ||
| 1013 | 1012 | ||
| 1014 | /* | 1013 | /* |
| 1015 | OPENSSL_assert(s->internal->init_num == 0); | 1014 | OPENSSL_assert(s->internal->init_num == 0); |
| @@ -1059,14 +1058,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | |||
| 1059 | if (!tls12_record_layer_use_write_epoch(s->internal->rl, D1I(s)->w_epoch)) | 1058 | if (!tls12_record_layer_use_write_epoch(s->internal->rl, D1I(s)->w_epoch)) |
| 1060 | return 0; | 1059 | return 0; |
| 1061 | 1060 | ||
| 1062 | if (frag->msg_header.saved_retransmit_state.epoch == | ||
| 1063 | saved_state.epoch - 1) { | ||
| 1064 | memcpy(save_write_sequence, S3I(s)->write_sequence, | ||
| 1065 | sizeof(S3I(s)->write_sequence)); | ||
| 1066 | memcpy(S3I(s)->write_sequence, D1I(s)->last_write_sequence, | ||
| 1067 | sizeof(S3I(s)->write_sequence)); | ||
| 1068 | } | ||
| 1069 | |||
| 1070 | ret = dtls1_do_write(s, frag->msg_header.is_ccs ? | 1061 | ret = dtls1_do_write(s, frag->msg_header.is_ccs ? |
| 1071 | SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); | 1062 | SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); |
| 1072 | 1063 | ||
| @@ -1077,14 +1068,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | |||
| 1077 | if (!tls12_record_layer_use_write_epoch(s->internal->rl, D1I(s)->w_epoch)) | 1068 | if (!tls12_record_layer_use_write_epoch(s->internal->rl, D1I(s)->w_epoch)) |
| 1078 | return 0; | 1069 | return 0; |
| 1079 | 1070 | ||
| 1080 | if (frag->msg_header.saved_retransmit_state.epoch == | ||
| 1081 | saved_state.epoch - 1) { | ||
| 1082 | memcpy(D1I(s)->last_write_sequence, S3I(s)->write_sequence, | ||
| 1083 | sizeof(S3I(s)->write_sequence)); | ||
| 1084 | memcpy(S3I(s)->write_sequence, save_write_sequence, | ||
| 1085 | sizeof(S3I(s)->write_sequence)); | ||
| 1086 | } | ||
| 1087 | |||
| 1088 | D1I(s)->retransmitting = 0; | 1071 | D1I(s)->retransmitting = 0; |
| 1089 | 1072 | ||
| 1090 | (void)BIO_flush(SSL_get_wbio(s)); | 1073 | (void)BIO_flush(SSL_get_wbio(s)); |
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index bde13c99e5..bbf2e8e538 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.90 2021/01/19 19:07:39 jsing Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.91 2021/01/26 14:22:19 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -205,9 +205,6 @@ dtls1_copy_record(SSL *s, DTLS1_RECORD_DATA_INTERNAL *rdata) | |||
| 205 | memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); | 205 | memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); |
| 206 | memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL)); | 206 | memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL)); |
| 207 | 207 | ||
| 208 | /* Set proper sequence number for mac calculation */ | ||
| 209 | memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6); | ||
| 210 | |||
| 211 | return (1); | 208 | return (1); |
| 212 | } | 209 | } |
| 213 | 210 | ||
| @@ -419,10 +416,6 @@ again: | |||
| 419 | if (!CBS_get_u16(&header, &len)) | 416 | if (!CBS_get_u16(&header, &len)) |
| 420 | goto again; | 417 | goto again; |
| 421 | 418 | ||
| 422 | if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]), | ||
| 423 | sizeof(S3I(s)->read_sequence) - 2, NULL)) | ||
| 424 | goto again; | ||
| 425 | |||
| 426 | if (!CBS_write_bytes(&seq_no, &rr->seq_num[2], | 419 | if (!CBS_write_bytes(&seq_no, &rr->seq_num[2], |
| 427 | sizeof(rr->seq_num) - 2, NULL)) | 420 | sizeof(rr->seq_num) - 2, NULL)) |
| 428 | goto again; | 421 | goto again; |
| @@ -1241,12 +1234,8 @@ dtls1_reset_seq_numbers(SSL *s, int rw) | |||
| 1241 | memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), | 1234 | memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), |
| 1242 | sizeof(DTLS1_BITMAP)); | 1235 | sizeof(DTLS1_BITMAP)); |
| 1243 | memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP)); | 1236 | memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP)); |
| 1244 | memset(S3I(s)->read_sequence, 0, sizeof(S3I(s)->read_sequence)); | ||
| 1245 | } else { | 1237 | } else { |
| 1246 | D1I(s)->w_epoch++; | 1238 | D1I(s)->w_epoch++; |
| 1247 | tls12_record_layer_set_write_epoch(s->internal->rl, D1I(s)->w_epoch); | 1239 | tls12_record_layer_set_write_epoch(s->internal->rl, D1I(s)->w_epoch); |
| 1248 | memcpy(D1I(s)->last_write_sequence, S3I(s)->write_sequence, | ||
| 1249 | sizeof(S3I(s)->write_sequence)); | ||
| 1250 | memset(S3I(s)->write_sequence, 0, sizeof(S3I(s)->write_sequence)); | ||
| 1251 | } | 1240 | } |
| 1252 | } | 1241 | } |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 0537cf0e46..e0e0ae4ff1 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.240 2021/01/09 10:34:29 tb Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.241 2021/01/26 14:22:19 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2612,8 +2612,6 @@ ssl_clear_cipher_read_state(SSL *s) | |||
| 2612 | s->read_hash = NULL; | 2612 | s->read_hash = NULL; |
| 2613 | 2613 | ||
| 2614 | tls12_record_layer_clear_read_state(s->internal->rl); | 2614 | tls12_record_layer_clear_read_state(s->internal->rl); |
| 2615 | tls12_record_layer_set_read_seq_num(s->internal->rl, | ||
| 2616 | S3I(s)->read_sequence); | ||
| 2617 | 2615 | ||
| 2618 | if (s->internal->aead_read_ctx != NULL) { | 2616 | if (s->internal->aead_read_ctx != NULL) { |
| 2619 | EVP_AEAD_CTX_cleanup(&s->internal->aead_read_ctx->ctx); | 2617 | EVP_AEAD_CTX_cleanup(&s->internal->aead_read_ctx->ctx); |
| @@ -2631,8 +2629,6 @@ ssl_clear_cipher_write_state(SSL *s) | |||
| 2631 | s->internal->write_hash = NULL; | 2629 | s->internal->write_hash = NULL; |
| 2632 | 2630 | ||
| 2633 | tls12_record_layer_clear_write_state(s->internal->rl); | 2631 | tls12_record_layer_clear_write_state(s->internal->rl); |
| 2634 | tls12_record_layer_set_write_seq_num(s->internal->rl, | ||
| 2635 | S3I(s)->write_sequence); | ||
| 2636 | 2632 | ||
| 2637 | if (s->internal->aead_write_ctx != NULL) { | 2633 | if (s->internal->aead_write_ctx != NULL) { |
| 2638 | EVP_AEAD_CTX_cleanup(&s->internal->aead_write_ctx->ctx); | 2634 | EVP_AEAD_CTX_cleanup(&s->internal->aead_write_ctx->ctx); |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 01f2ebbab1..4390361c66 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.316 2021/01/21 18:48:57 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.317 2021/01/26 14:22:20 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -491,10 +491,7 @@ void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, | |||
| 491 | uint16_t epoch); | 491 | uint16_t epoch); |
| 492 | void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl); | 492 | void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl); |
| 493 | void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl); | 493 | void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl); |
| 494 | void tls12_record_layer_set_read_seq_num(struct tls12_record_layer *rl, | 494 | void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl); |
| 495 | uint8_t *seq_num); | ||
| 496 | void tls12_record_layer_set_write_seq_num(struct tls12_record_layer *rl, | ||
| 497 | uint8_t *seq_num); | ||
| 498 | int tls12_record_layer_set_read_aead(struct tls12_record_layer *rl, | 495 | int tls12_record_layer_set_read_aead(struct tls12_record_layer *rl, |
| 499 | SSL_AEAD_CTX *aead_ctx); | 496 | SSL_AEAD_CTX *aead_ctx); |
| 500 | int tls12_record_layer_set_write_aead(struct tls12_record_layer *rl, | 497 | int tls12_record_layer_set_write_aead(struct tls12_record_layer *rl, |
| @@ -844,9 +841,6 @@ typedef struct ssl3_buffer_internal_st { | |||
| 844 | } SSL3_BUFFER_INTERNAL; | 841 | } SSL3_BUFFER_INTERNAL; |
| 845 | 842 | ||
| 846 | typedef struct ssl3_state_internal_st { | 843 | typedef struct ssl3_state_internal_st { |
| 847 | unsigned char read_sequence[SSL3_SEQUENCE_SIZE]; | ||
| 848 | unsigned char write_sequence[SSL3_SEQUENCE_SIZE]; | ||
| 849 | |||
| 850 | SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */ | 844 | SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */ |
| 851 | SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */ | 845 | SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */ |
| 852 | 846 | ||
| @@ -990,9 +984,6 @@ typedef struct dtls1_state_internal_st { | |||
| 990 | 984 | ||
| 991 | unsigned short handshake_read_seq; | 985 | unsigned short handshake_read_seq; |
| 992 | 986 | ||
| 993 | /* save last sequence number for retransmissions */ | ||
| 994 | unsigned char last_write_sequence[SSL3_SEQUENCE_SIZE]; | ||
| 995 | |||
| 996 | /* Received handshake records (processed and unprocessed) */ | 987 | /* Received handshake records (processed and unprocessed) */ |
| 997 | record_pqueue unprocessed_rcds; | 988 | record_pqueue unprocessed_rcds; |
| 998 | record_pqueue processed_rcds; | 989 | record_pqueue processed_rcds; |
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 000cac6785..3551ee41ee 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.89 2021/01/19 18:57:09 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.90 2021/01/26 14:22:20 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -328,9 +328,8 @@ ssl3_accept(SSL *s) | |||
| 328 | * stateless while listening. | 328 | * stateless while listening. |
| 329 | */ | 329 | */ |
| 330 | if (listen) { | 330 | if (listen) { |
| 331 | memcpy(S3I(s)->write_sequence, | 331 | tls12_record_layer_reflect_seq_num( |
| 332 | S3I(s)->read_sequence, | 332 | s->internal->rl); |
| 333 | sizeof(S3I(s)->write_sequence)); | ||
| 334 | } | 333 | } |
| 335 | 334 | ||
| 336 | /* If we're just listening, stop here */ | 335 | /* If we're just listening, stop here */ |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 875aae36b0..a0b377389b 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.129 2021/01/19 19:07:39 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.130 2021/01/26 14:22:20 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -494,7 +494,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 494 | const unsigned char *client_write_iv, *server_write_iv; | 494 | const unsigned char *client_write_iv, *server_write_iv; |
| 495 | const unsigned char *mac_secret, *key, *iv; | 495 | const unsigned char *mac_secret, *key, *iv; |
| 496 | int mac_secret_size, key_len, iv_len; | 496 | int mac_secret_size, key_len, iv_len; |
| 497 | unsigned char *key_block, *seq; | 497 | unsigned char *key_block; |
| 498 | const EVP_CIPHER *cipher; | 498 | const EVP_CIPHER *cipher; |
| 499 | const EVP_AEAD *aead; | 499 | const EVP_AEAD *aead; |
| 500 | char is_read, use_client_keys; | 500 | char is_read, use_client_keys; |
| @@ -517,15 +517,6 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 517 | use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | 517 | use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
| 518 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)); | 518 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)); |
| 519 | 519 | ||
| 520 | /* | ||
| 521 | * Reset sequence number to zero - for DTLS this is handled in | ||
| 522 | * dtls1_reset_seq_numbers(). | ||
| 523 | */ | ||
| 524 | if (!SSL_is_dtls(s)) { | ||
| 525 | seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence; | ||
| 526 | memset(seq, 0, SSL3_SEQUENCE_SIZE); | ||
| 527 | } | ||
| 528 | |||
| 529 | if (aead != NULL) { | 520 | if (aead != NULL) { |
| 530 | key_len = EVP_AEAD_key_length(aead); | 521 | key_len = EVP_AEAD_key_length(aead); |
| 531 | iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.new_cipher); | 522 | iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.new_cipher); |
| @@ -569,14 +560,10 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 569 | if (!tls12_record_layer_change_read_cipher_state(s->internal->rl, | 560 | if (!tls12_record_layer_change_read_cipher_state(s->internal->rl, |
| 570 | mac_secret, mac_secret_size, key, key_len, iv, iv_len)) | 561 | mac_secret, mac_secret_size, key, key_len, iv, iv_len)) |
| 571 | goto err; | 562 | goto err; |
| 572 | tls12_record_layer_set_read_seq_num(s->internal->rl, | ||
| 573 | S3I(s)->read_sequence); | ||
| 574 | } else { | 563 | } else { |
| 575 | if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, | 564 | if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, |
| 576 | mac_secret, mac_secret_size, key, key_len, iv, iv_len)) | 565 | mac_secret, mac_secret_size, key, key_len, iv, iv_len)) |
| 577 | goto err; | 566 | goto err; |
| 578 | tls12_record_layer_set_write_seq_num(s->internal->rl, | ||
| 579 | S3I(s)->write_sequence); | ||
| 580 | } | 567 | } |
| 581 | 568 | ||
| 582 | if (aead != NULL) { | 569 | if (aead != NULL) { |
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c index b45a625fd4..0104443286 100644 --- a/src/lib/libssl/tls12_record_layer.c +++ b/src/lib/libssl/tls12_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls12_record_layer.c,v 1.14 2021/01/20 07:05:25 tb Exp $ */ | 1 | /* $OpenBSD: tls12_record_layer.c,v 1.15 2021/01/26 14:22:20 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -23,6 +23,7 @@ | |||
| 23 | 23 | ||
| 24 | struct tls12_record_protection { | 24 | struct tls12_record_protection { |
| 25 | uint16_t epoch; | 25 | uint16_t epoch; |
| 26 | uint8_t seq_num[SSL3_SEQUENCE_SIZE]; | ||
| 26 | 27 | ||
| 27 | int stream_mac; | 28 | int stream_mac; |
| 28 | 29 | ||
| @@ -37,8 +38,6 @@ struct tls12_record_protection { | |||
| 37 | 38 | ||
| 38 | EVP_CIPHER_CTX *cipher_ctx; | 39 | EVP_CIPHER_CTX *cipher_ctx; |
| 39 | EVP_MD_CTX *hash_ctx; | 40 | EVP_MD_CTX *hash_ctx; |
| 40 | |||
| 41 | uint8_t *seq_num; | ||
| 42 | }; | 41 | }; |
| 43 | 42 | ||
| 44 | static struct tls12_record_protection * | 43 | static struct tls12_record_protection * |
| @@ -48,12 +47,22 @@ tls12_record_protection_new(void) | |||
| 48 | } | 47 | } |
| 49 | 48 | ||
| 50 | static void | 49 | static void |
| 50 | tls12_record_protection_clear(struct tls12_record_protection *rp) | ||
| 51 | { | ||
| 52 | memset(rp->seq_num, 0, sizeof(rp->seq_num)); | ||
| 53 | |||
| 54 | freezero(rp->mac_key, rp->mac_key_len); | ||
| 55 | rp->mac_key = NULL; | ||
| 56 | rp->mac_key_len = 0; | ||
| 57 | } | ||
| 58 | |||
| 59 | static void | ||
| 51 | tls12_record_protection_free(struct tls12_record_protection *rp) | 60 | tls12_record_protection_free(struct tls12_record_protection *rp) |
| 52 | { | 61 | { |
| 53 | if (rp == NULL) | 62 | if (rp == NULL) |
| 54 | return; | 63 | return; |
| 55 | 64 | ||
| 56 | freezero(rp->mac_key, rp->mac_key_len); | 65 | tls12_record_protection_clear(rp); |
| 57 | 66 | ||
| 58 | freezero(rp, sizeof(struct tls12_record_protection)); | 67 | freezero(rp, sizeof(struct tls12_record_protection)); |
| 59 | } | 68 | } |
| @@ -294,32 +303,24 @@ void | |||
| 294 | tls12_record_layer_clear_read_state(struct tls12_record_layer *rl) | 303 | tls12_record_layer_clear_read_state(struct tls12_record_layer *rl) |
| 295 | { | 304 | { |
| 296 | tls12_record_layer_set_read_state(rl, NULL, NULL, NULL, 0); | 305 | tls12_record_layer_set_read_state(rl, NULL, NULL, NULL, 0); |
| 297 | tls12_record_layer_set_read_mac_key(rl, NULL, 0); | 306 | tls12_record_protection_clear(rl->read); |
| 298 | rl->read->seq_num = NULL; | ||
| 299 | } | 307 | } |
| 300 | 308 | ||
| 301 | void | 309 | void |
| 302 | tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) | 310 | tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) |
| 303 | { | 311 | { |
| 304 | tls12_record_layer_set_write_state(rl, NULL, NULL, NULL, 0); | 312 | tls12_record_layer_set_write_state(rl, NULL, NULL, NULL, 0); |
| 305 | rl->write->seq_num = NULL; | 313 | tls12_record_protection_clear(rl->write); |
| 306 | 314 | ||
| 307 | tls12_record_protection_free(rl->write_previous); | 315 | tls12_record_protection_free(rl->write_previous); |
| 308 | rl->write_previous = NULL; | 316 | rl->write_previous = NULL; |
| 309 | } | 317 | } |
| 310 | 318 | ||
| 311 | void | 319 | void |
| 312 | tls12_record_layer_set_read_seq_num(struct tls12_record_layer *rl, | 320 | tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl) |
| 313 | uint8_t *seq_num) | ||
| 314 | { | 321 | { |
| 315 | rl->read->seq_num = seq_num; | 322 | memcpy(rl->write->seq_num, rl->read->seq_num, |
| 316 | } | 323 | sizeof(rl->write->seq_num)); |
| 317 | |||
| 318 | void | ||
| 319 | tls12_record_layer_set_write_seq_num(struct tls12_record_layer *rl, | ||
| 320 | uint8_t *seq_num) | ||
| 321 | { | ||
| 322 | rl->write->seq_num = seq_num; | ||
| 323 | } | 324 | } |
| 324 | 325 | ||
| 325 | int | 326 | int |
| @@ -391,6 +392,8 @@ tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, | |||
| 391 | if ((read_new = tls12_record_protection_new()) == NULL) | 392 | if ((read_new = tls12_record_protection_new()) == NULL) |
| 392 | goto err; | 393 | goto err; |
| 393 | 394 | ||
| 395 | /* Read sequence number gets reset to zero. */ | ||
| 396 | |||
| 394 | /* XXX - change cipher state. */ | 397 | /* XXX - change cipher state. */ |
| 395 | 398 | ||
| 396 | tls12_record_protection_free(rl->read_current); | 399 | tls12_record_protection_free(rl->read_current); |
| @@ -416,6 +419,8 @@ tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, | |||
| 416 | if ((write_new = tls12_record_protection_new()) == NULL) | 419 | if ((write_new = tls12_record_protection_new()) == NULL) |
| 417 | goto err; | 420 | goto err; |
| 418 | 421 | ||
| 422 | /* Write sequence number gets reset to zero. */ | ||
| 423 | |||
| 419 | /* XXX - change cipher state. */ | 424 | /* XXX - change cipher state. */ |
| 420 | 425 | ||
| 421 | if (rl->dtls) { | 426 | if (rl->dtls) { |
| @@ -434,6 +439,7 @@ tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, | |||
| 434 | 439 | ||
| 435 | return ret; | 440 | return ret; |
| 436 | } | 441 | } |
| 442 | |||
| 437 | static int | 443 | static int |
| 438 | tls12_record_layer_build_seq_num(struct tls12_record_layer *rl, CBB *cbb, | 444 | tls12_record_layer_build_seq_num(struct tls12_record_layer *rl, CBB *cbb, |
| 439 | uint16_t epoch, uint8_t *seq_num, size_t seq_num_len) | 445 | uint16_t epoch, uint8_t *seq_num, size_t seq_num_len) |
| @@ -896,7 +902,7 @@ tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf, | |||
| 896 | uint8_t content_type; | 902 | uint8_t content_type; |
| 897 | 903 | ||
| 898 | CBS_init(&cbs, buf, buf_len); | 904 | CBS_init(&cbs, buf, buf_len); |
| 899 | CBS_init(&seq_num, rl->read->seq_num, SSL3_SEQUENCE_SIZE); | 905 | CBS_init(&seq_num, rl->read->seq_num, sizeof(rl->read->seq_num)); |
| 900 | 906 | ||
| 901 | if (!CBS_get_u8(&cbs, &content_type)) | 907 | if (!CBS_get_u8(&cbs, &content_type)) |
| 902 | return 0; | 908 | return 0; |
| @@ -912,6 +918,9 @@ tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf, | |||
| 912 | */ | 918 | */ |
| 913 | if (!CBS_get_bytes(&cbs, &seq_num, SSL3_SEQUENCE_SIZE)) | 919 | if (!CBS_get_bytes(&cbs, &seq_num, SSL3_SEQUENCE_SIZE)) |
| 914 | return 0; | 920 | return 0; |
| 921 | if (!CBS_write_bytes(&seq_num, rl->read->seq_num, | ||
| 922 | sizeof(rl->read->seq_num), NULL)) | ||
| 923 | return 0; | ||
| 915 | } | 924 | } |
| 916 | if (!CBS_get_u16_length_prefixed(&cbs, &fragment)) | 925 | if (!CBS_get_u16_length_prefixed(&cbs, &fragment)) |
| 917 | return 0; | 926 | return 0; |
| @@ -1096,7 +1105,7 @@ tls12_record_layer_seal_record(struct tls12_record_layer *rl, | |||
| 1096 | if (!CBB_init(&seq_num_cbb, SSL3_SEQUENCE_SIZE)) | 1105 | if (!CBB_init(&seq_num_cbb, SSL3_SEQUENCE_SIZE)) |
| 1097 | goto err; | 1106 | goto err; |
| 1098 | if (!tls12_record_layer_build_seq_num(rl, &seq_num_cbb, rl->write->epoch, | 1107 | if (!tls12_record_layer_build_seq_num(rl, &seq_num_cbb, rl->write->epoch, |
| 1099 | rl->write->seq_num, SSL3_SEQUENCE_SIZE)) | 1108 | rl->write->seq_num, sizeof(rl->write->seq_num))) |
| 1100 | goto err; | 1109 | goto err; |
| 1101 | if (!CBB_finish(&seq_num_cbb, &seq_num_data, &seq_num_len)) | 1110 | if (!CBB_finish(&seq_num_cbb, &seq_num_data, &seq_num_len)) |
| 1102 | goto err; | 1111 | goto err; |