Skip to content

Commit

Permalink
Move the sequence number into the OSSL_RECORD_LAYER object
Browse files Browse the repository at this point in the history 
This removes some references to the SSL object from the record layer.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #18132)
  • Loading branch information
@mattcaswell
mattcaswell committed Aug 18, 2022
1 parent ffbd6e6 commit 0755722
Show file tree
Hide file tree
Showing 7 changed files with 19 additions and 35 deletions.
8 changes: 1 addition & 7 deletions ssl/record/methods/ktls_meth.c
View file
Expand Up @@ -449,7 +449,6 @@ static int ktls_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
/* TODO(RECLAYER): Remove me */
SSL_CONNECTION *s)
{
void *rl_sequence;
ktls_crypto_info_t crypto_info;

/*
Expand Down Expand Up @@ -488,12 +487,7 @@ static int ktls_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
return OSSL_RECORD_RETURN_NON_FATAL_ERR;
}

if (rl->direction == OSSL_RECORD_DIRECTION_WRITE)
rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer);
else
rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer);

if (!ktls_configure_crypto(s, ciph, rl_sequence, &crypto_info,
if (!ktls_configure_crypto(s, ciph, rl->sequence, &crypto_info,
rl->direction == OSSL_RECORD_DIRECTION_WRITE,
iv, ivlen, key, keylen, mackey, mackeylen))
return OSSL_RECORD_RETURN_NON_FATAL_ERR;
Expand Down
3 changes: 3 additions & 0 deletions ssl/record/methods/recmethod_local.h
View file
Expand Up @@ -113,6 +113,9 @@ struct ossl_record_layer_st
unsigned char *packet;
size_t packet_length;

/* Sequence number for the next record */
unsigned char sequence[SEQ_NUM_SIZE];

int alert;

/*
Expand Down
4 changes: 1 addition & 3 deletions ssl/record/methods/ssl3_meth.c
View file
Expand Up @@ -215,7 +215,7 @@ static const unsigned char ssl3_pad_2[48] = {
static int ssl3_mac(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md,
int sending, SSL_CONNECTION *ssl)
{
unsigned char *mac_sec, *seq;
unsigned char *mac_sec, *seq = rl->sequence;
const EVP_MD_CTX *hash;
unsigned char *p, rec_char;
size_t md_size;
Expand All @@ -224,11 +224,9 @@ static int ssl3_mac(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md,

if (sending) {
mac_sec = &(ssl->s3.write_mac_secret[0]);
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash;
} else {
mac_sec = &(rl->mac_secret[0]);
seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
hash = rl->read_hash;
}

Expand Down
5 changes: 1 addition & 4 deletions ssl/record/methods/tls13_meth.c
View file
Expand Up @@ -41,7 +41,6 @@ static int tls13_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
return OSSL_RECORD_RETURN_FATAL;
}

RECORD_LAYER_reset_read_sequence(&s->rlayer);
rl->taglen = taglen;

mode = EVP_CIPHER_get_mode(ciph);
Expand All @@ -66,7 +65,7 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH];
size_t ivlen, offset, loop, hdrlen;
unsigned char *staticiv;
unsigned char *seq;
unsigned char *seq = rl->sequence;
int lenu, lenf;
SSL3_RECORD *rec = &recs[0];
WPACKET wpkt;
Expand All @@ -82,11 +81,9 @@ static int tls13_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
if (sending) {
ctx = s->enc_write_ctx;
staticiv = s->write_iv;
seq = RECORD_LAYER_get_write_sequence(&s->rlayer);
} else {
ctx = rl->enc_read_ctx;
staticiv = rl->iv;
seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
}

cipher = EVP_CIPHER_CTX_get0_cipher(ctx);
Expand Down
20 changes: 5 additions & 15 deletions ssl/record/methods/tls1_meth.c
View file
Expand Up @@ -55,11 +55,6 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
}
}
#endif
/*
* this is done by dtls1_reset_seq_numbers for DTLS
*/
if (!rl->isdtls)
RECORD_LAYER_reset_read_sequence(&s->rlayer);

/*
* If we have an AEAD Cipher, then there is no separate MAC, so we can skip
Expand Down Expand Up @@ -248,8 +243,7 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
& EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
unsigned char *seq;

seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
: RECORD_LAYER_get_read_sequence(&s->rlayer);
seq = rl->sequence;

if (SSL_CONNECTION_IS_DTLS(s)) {
/* DTLS does not support pipelining */
Expand Down Expand Up @@ -350,8 +344,7 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
if (sending && !rl->use_etm)
decrement_seq = 1;

seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
: RECORD_LAYER_get_read_sequence(&s->rlayer);
seq = rl->sequence;
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_TLSTREE, decrement_seq, seq) <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
Expand Down Expand Up @@ -468,7 +461,7 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
static int tls1_mac(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md,
int sending, SSL_CONNECTION *ssl)
{
unsigned char *seq;
unsigned char *seq = rl->sequence;
EVP_MD_CTX *hash;
size_t md_size;
int i;
Expand All @@ -481,13 +474,10 @@ static int tls1_mac(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md,
int t;
int ret = 0;

if (sending) {
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
if (sending)
hash = ssl->write_hash;
} else {
seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
else
hash = rl->read_hash;
}

t = EVP_MD_CTX_get_size(hash);
if (!ossl_assert(t >= 0))
Expand Down
5 changes: 3 additions & 2 deletions ssl/record/methods/tls_common.c
View file
Expand Up @@ -724,7 +724,8 @@ static int tls_get_more_records(OSSL_RECORD_LAYER *rl,
rl->num_recs = 0;
rl->curr_rec = 0;
rl->num_released = 0;
RECORD_LAYER_reset_read_sequence(&s->rlayer);
/* Reset the read sequence */
memset(rl->sequence, 0, sizeof(rl->sequence));
ret = 1;
goto end;
}
Expand Down Expand Up @@ -1260,7 +1261,7 @@ int tls_reset(OSSL_RECORD_LAYER *rl)

int tls_unprocessed_read_pending(OSSL_RECORD_LAYER *rl)
{
return SSL3_BUFFER_get_left(&rl->rbuf) != 0;;
return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
}

int tls_processed_read_pending(OSSL_RECORD_LAYER *rl)
Expand Down
9 changes: 5 additions & 4 deletions test/sslapitest.c
View file
Expand Up @@ -40,6 +40,7 @@
#include "internal/nelem.h"
#include "internal/ktls.h"
#include "../ssl/ssl_local.h"
#include "../ssl/record/methods/recmethod_local.h"
#include "filterprov.h"

#undef OSSL_NO_USABLE_TLS1_3
Expand Down Expand Up @@ -1087,9 +1088,9 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)

cbuf[0] = count++;
memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_before, &clientsc->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_before, &clientsc->rrl->sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_before, &serversc->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_before, &serversc->rrl->sequence, SEQ_NUM_SIZE);

if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf)))
goto end;
Expand All @@ -1110,9 +1111,9 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
}

memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_after, &clientsc->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_after, &clientsc->rrl->sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_after, &serversc->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_after, &serversc->rrl->sequence, SEQ_NUM_SIZE);

/* verify the payload */
if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf)))
Expand Down

0 comments on commit 0755722

Please sign in to comment.