From 282f50c32f1cbabc77296f995bf1a6408dca06df Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 28 Jan 2021 17:00:39 +0000 Subject: Move AEAD handling into the new TLSv1.2 record layer. ok tb@ --- src/lib/libssl/t1_enc.c | 94 +++---------------------------------------------- 1 file changed, 5 insertions(+), 89 deletions(-) (limited to 'src/lib/libssl/t1_enc.c') diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index a0b377389b..b84a5347f1 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.130 2021/01/26 14:22:20 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.131 2021/01/28 17:00:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -310,90 +310,6 @@ tls1_generate_key_block(SSL *s, uint8_t *key_block, size_t key_block_len) NULL, 0, NULL, 0, key_block, key_block_len); } -/* - * tls1_aead_ctx_init allocates aead_ctx, if needed. It returns 1 on success - * and 0 on failure. - */ -static int -tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx) -{ - if (*aead_ctx != NULL) { - EVP_AEAD_CTX_cleanup(&(*aead_ctx)->ctx); - return (1); - } - - *aead_ctx = malloc(sizeof(SSL_AEAD_CTX)); - if (*aead_ctx == NULL) { - SSLerrorx(ERR_R_MALLOC_FAILURE); - return (0); - } - - return (1); -} - -static int -tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, - unsigned int key_len, const unsigned char *iv, unsigned int iv_len) -{ - const EVP_AEAD *aead = S3I(s)->tmp.new_aead; - SSL_AEAD_CTX *aead_ctx; - - /* XXX - Need to avoid clearing write state for DTLS. */ - if (SSL_is_dtls(s)) - return 0; - - if (is_read) { - ssl_clear_cipher_read_state(s); - if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx)) - return 0; - aead_ctx = s->internal->aead_read_ctx; - - if (!tls12_record_layer_set_read_aead(s->internal->rl, aead_ctx)) - return 0; - } else { - ssl_clear_cipher_write_state(s); - if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx)) - return 0; - aead_ctx = s->internal->aead_write_ctx; - - if (!tls12_record_layer_set_write_aead(s->internal->rl, aead_ctx)) - return 0; - } - - if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len, - EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) - return (0); - if (iv_len > sizeof(aead_ctx->fixed_nonce)) { - SSLerrorx(ERR_R_INTERNAL_ERROR); - return (0); - } - memcpy(aead_ctx->fixed_nonce, iv, iv_len); - aead_ctx->fixed_nonce_len = iv_len; - aead_ctx->variable_nonce_len = 8; /* always the case, currently. */ - aead_ctx->variable_nonce_in_record = - (S3I(s)->hs.new_cipher->algorithm2 & - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0; - aead_ctx->xor_fixed_nonce = - S3I(s)->hs.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305; - aead_ctx->tag_len = EVP_AEAD_max_overhead(aead); - - if (aead_ctx->xor_fixed_nonce) { - if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) || - aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) { - SSLerrorx(ERR_R_INTERNAL_ERROR); - return (0); - } - } else { - if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len != - EVP_AEAD_nonce_length(aead)) { - SSLerrorx(ERR_R_INTERNAL_ERROR); - return (0); - } - } - - return (1); -} - /* * tls1_change_cipher_state_cipher performs the work needed to switch cipher * states when using EVP_CIPHER. The argument is_read is true iff this function @@ -566,10 +482,8 @@ tls1_change_cipher_state(SSL *s, int which) goto err; } - if (aead != NULL) { - return tls1_change_cipher_state_aead(s, is_read, key, key_len, - iv, iv_len); - } + if (aead != NULL) + return 1; return tls1_change_cipher_state_cipher(s, is_read, mac_secret, mac_secret_size, key, key_len, iv, iv_len); @@ -617,6 +531,8 @@ tls1_setup_key_block(SSL *s) S3I(s)->tmp.new_mac_pkey_type = mac_type; S3I(s)->tmp.new_mac_secret_size = mac_secret_size; + tls12_record_layer_set_aead(s->internal->rl, aead); + tls1_cleanup_key_block(s); if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len, -- cgit v1.2.3-55-g6feb