From 19d00444488c0a5861911ac8ba6b71c5c1f6c19a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 26 Jul 2022 12:44:09 +0100 Subject: [PATCH] Remove some redundant code Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18132) --- ssl/record/rec_layer_d1.c | 8 +- ssl/record/rec_layer_s3.c | 6 - ssl/record/record.h | 4 +- ssl/record/record_local.h | 1 - ssl/record/ssl3_record.c | 258 +++++++-------------------------- ssl/record/ssl3_record_tls13.c | 47 ++---- ssl/statem/statem_dtls.c | 1 - ssl/t1_enc.c | 9 +- ssl/tls13_enc.c | 12 +- test/tls13secretstest.c | 4 - 10 files changed, 80 insertions(+), 270 deletions(-) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index a5d45b3ae3a3b..9a83e6d924c66 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -184,9 +184,6 @@ static void dtls_unbuffer_record(SSL_CONNECTION *s) } #endif - /* Set proper sequence number for mac calculation */ - memcpy(&(s->rlayer.read_sequence[2]), &(rdata->seq_num[2]), 6); - OPENSSL_free(item->data); pitem_free(item); } @@ -854,10 +851,8 @@ int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf, void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw) { unsigned char *seq; - unsigned int seq_bytes = sizeof(s->rlayer.read_sequence); if (rw & SSL3_CC_READ) { - seq = s->rlayer.read_sequence; s->rlayer.d->r_epoch++; /* @@ -870,7 +865,6 @@ void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw) memcpy(s->rlayer.d->last_write_sequence, seq, sizeof(s->rlayer.write_sequence)); s->rlayer.d->w_epoch++; + memset(seq, 0, sizeof(s->rlayer.write_sequence)); } - - memset(seq, 0, seq_bytes); } diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 041e069a88958..0adf5d49a97bb 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -44,7 +44,6 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl) ssl3_release_write_buffer(rl->s); - RECORD_LAYER_reset_read_sequence(rl); RECORD_LAYER_reset_write_sequence(rl); if (rl->rrlmethod != NULL) @@ -82,11 +81,6 @@ int RECORD_LAYER_write_pending(const RECORD_LAYER *rl) && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0; } -void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl) -{ - memset(rl->read_sequence, 0, sizeof(rl->read_sequence)); -} - void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl) { memset(rl->write_sequence, 0, sizeof(rl->write_sequence)); diff --git a/ssl/record/record.h b/ssl/record/record.h index 8facdb27cee14..793292ae337e3 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -178,8 +178,7 @@ typedef struct record_layer_st { /* number of bytes submitted */ size_t wpend_ret; const unsigned char *wpend_buf; - /* TODO(RECLAYER): Why do we need this */ - unsigned char read_sequence[SEQ_NUM_SIZE]; + unsigned char write_sequence[SEQ_NUM_SIZE]; /* Count of the number of consecutive warning alerts received */ unsigned int alert_count; @@ -223,7 +222,6 @@ void RECORD_LAYER_release(RECORD_LAYER *rl); int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl); int RECORD_LAYER_write_pending(const RECORD_LAYER *rl); -void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); __owur size_t ssl3_pending(const SSL *s); diff --git a/ssl/record/record_local.h b/ssl/record/record_local.h index 527bc4f64e7ff..c49afbd2c6046 100644 --- a/ssl/record/record_local.h +++ b/ssl/record/record_local.h @@ -18,7 +18,6 @@ /* Functions/macros provided by the RECORD_LAYER component */ -#define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence) #define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence) #define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++) #define RECORD_LAYER_reset_empty_record_count(rl) \ diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 5b3d48464c324..fdf694a0e72df 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -179,25 +179,19 @@ int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, size_t bs; const EVP_CIPHER *enc; + assert(sending); rec = inrecs; /* * We shouldn't ever be called with more than one record in the SSLv3 case */ if (n_recs != 1) return 0; - if (sending) { - ds = s->enc_write_ctx; - if (s->enc_write_ctx == NULL) - enc = NULL; - else - enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx); - } else { - ds = s->enc_read_ctx; - if (s->enc_read_ctx == NULL) - enc = NULL; - else - enc = EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx); - } + + ds = s->enc_write_ctx; + if (s->enc_write_ctx == NULL) + enc = NULL; + else + enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx); if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { memmove(rec->data, rec->input, rec->length); @@ -210,7 +204,7 @@ int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, /* COMPRESS */ - if ((bs != 1) && sending && !provided) { + if ((bs != 1) && !provided) { /* * We only do this for legacy ciphers. Provided ciphers add the * padding on the provider side. @@ -228,14 +222,6 @@ int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, rec->input[l - 1] = (unsigned char)(i - 1); } - if (!sending) { - if (l == 0 || l % bs != 0) { - /* Publicly invalid */ - return 0; - } - /* otherwise, rec->length >= bs */ - } - if (EVP_CIPHER_get0_provider(enc) != NULL) { int outlen; @@ -243,41 +229,12 @@ int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, (unsigned int)l)) return 0; rec->length = outlen; - - if (!sending && mac != NULL) { - /* Now get a pointer to the MAC */ - OSSL_PARAM params[2], *p = params; - - /* Get the MAC */ - mac->alloced = 0; - - *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC, - (void **)&mac->mac, - macsize); - *p = OSSL_PARAM_construct_end(); - - if (!EVP_CIPHER_CTX_get_params(ds, params)) { - /* Shouldn't normally happen */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - } } else { if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1) { /* Shouldn't happen */ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, ERR_R_INTERNAL_ERROR); return 0; } - - if (!sending) - return ssl3_cbc_remove_padding_and_mac(&rec->length, - rec->orig_len, - rec->data, - (mac != NULL) ? &mac->mac : NULL, - (mac != NULL) ? &mac->alloced : NULL, - bs, - macsize, - SSL_CONNECTION_GET_CTX(s)->libctx); } } return 1; @@ -304,66 +261,52 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, size_t bs, ctr, padnum, loop; unsigned char padval; const EVP_CIPHER *enc; - int tlstree_enc = sending ? (s->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE) - : (s->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE); + int tlstree_enc = (s->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE); if (n_recs == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - if (sending) { - if (EVP_MD_CTX_get0_md(s->write_hash)) { - int n = EVP_MD_CTX_get_size(s->write_hash); - if (!ossl_assert(n >= 0)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } + assert(sending); + if (EVP_MD_CTX_get0_md(s->write_hash)) { + int n = EVP_MD_CTX_get_size(s->write_hash); + + if (!ossl_assert(n >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; } - ds = s->enc_write_ctx; - if (s->enc_write_ctx == NULL) - enc = NULL; - else { - int ivlen; - - enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx); - /* For TLSv1.1 and later explicit IV */ - if (SSL_USE_EXPLICIT_IV(s) - && EVP_CIPHER_get_mode(enc) == EVP_CIPH_CBC_MODE) - ivlen = EVP_CIPHER_get_iv_length(enc); - else - ivlen = 0; - if (ivlen > 1) { - for (ctr = 0; ctr < n_recs; ctr++) { - if (recs[ctr].data != recs[ctr].input) { - /* - * we can't write into the input stream: Can this ever - * happen?? (steve) - */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } else if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, - recs[ctr].input, - ivlen, 0) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } + } + ds = s->enc_write_ctx; + if (s->enc_write_ctx == NULL) + enc = NULL; + else { + int ivlen; + + enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx); + /* For TLSv1.1 and later explicit IV */ + if (SSL_USE_EXPLICIT_IV(s) + && EVP_CIPHER_get_mode(enc) == EVP_CIPH_CBC_MODE) + ivlen = EVP_CIPHER_get_iv_length(enc); + else + ivlen = 0; + if (ivlen > 1) { + for (ctr = 0; ctr < n_recs; ctr++) { + if (recs[ctr].data != recs[ctr].input) { + /* + * we can't write into the input stream: Can this ever + * happen?? (steve) + */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } else if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, + recs[ctr].input, + ivlen, 0) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; } } } - } else { - if (EVP_MD_CTX_get0_md(s->read_hash)) { - int n = EVP_MD_CTX_get_size(s->read_hash); - if (!ossl_assert(n >= 0)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - } - ds = s->enc_read_ctx; - if (s->enc_read_ctx == NULL) - enc = NULL; - else - enc = EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx); } if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { @@ -394,15 +337,13 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { unsigned char *seq; - seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer) - : RECORD_LAYER_get_read_sequence(&s->rlayer); + seq = RECORD_LAYER_get_write_sequence(&s->rlayer); if (SSL_CONNECTION_IS_DTLS(s)) { /* DTLS does not support pipelining */ unsigned char dtlsseq[8], *p = dtlsseq; - s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : - DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); + s2n(DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer), p); memcpy(p, &seq[2], 6); memcpy(buf[ctr], dtlsseq, 8); } else { @@ -426,12 +367,10 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, return 0; } - if (sending) { - reclen[ctr] += pad; - recs[ctr].length += pad; - } + reclen[ctr] += pad; + recs[ctr].length += pad; - } else if ((bs != 1) && sending && !provided) { + } else if ((bs != 1) && !provided) { /* * We only do this for legacy ciphers. Provided ciphers add the * padding on the provider side. @@ -451,13 +390,6 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, reclen[ctr] += padnum; recs[ctr].length += padnum; } - - if (!sending) { - if (reclen[ctr] == 0 || reclen[ctr] % bs != 0) { - /* Publicly invalid */ - return 0; - } - } } if (n_recs > 1) { unsigned char *data[SSL_MAX_PIPELINES]; @@ -493,11 +425,10 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, * So if we are in ETM mode, we use seq 'as is' in the ctrl-function. * Otherwise we have to decrease it in the implementation */ - if (sending && !SSL_WRITE_ETM(s)) + if (!SSL_WRITE_ETM(s)) decrement_seq = 1; - seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer) - : RECORD_LAYER_get_read_sequence(&s->rlayer); + seq = RECORD_LAYER_get_write_sequence(&s->rlayer); if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_TLSTREE, decrement_seq, seq) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -517,45 +448,6 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, (unsigned int)reclen[0])) return 0; recs[0].length = outlen; - - /* - * The length returned from EVP_CipherUpdate above is the actual - * payload length. We need to adjust the data/input ptr to skip over - * any explicit IV - */ - if (!sending) { - if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { - recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; - recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; - } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { - recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; - recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; - } else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) { - recs[0].data += bs; - recs[0].input += bs; - recs[0].orig_len -= bs; - } - - /* Now get a pointer to the MAC (if applicable) */ - if (macs != NULL) { - OSSL_PARAM params[2], *p = params; - - /* Get the MAC */ - macs[0].alloced = 0; - - *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC, - (void **)&macs[0].mac, - macsize); - *p = OSSL_PARAM_construct_end(); - - if (!EVP_CIPHER_CTX_get_params(ds, params)) { - /* Shouldn't normally happen */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - ERR_R_INTERNAL_ERROR); - return 0; - } - } - } } else { /* Legacy cipher */ @@ -568,45 +460,6 @@ int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, /* AEAD can fail to verify MAC */ return 0; } - - if (!sending) { - for (ctr = 0; ctr < n_recs; ctr++) { - /* Adjust the record to remove the explicit IV/MAC/Tag */ - if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { - recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; - } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { - recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; - recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN; - } else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) { - if (recs[ctr].length < bs) - return 0; - recs[ctr].data += bs; - recs[ctr].input += bs; - recs[ctr].length -= bs; - recs[ctr].orig_len -= bs; - } - - /* - * If using Mac-then-encrypt, then this will succeed but - * with a random MAC if padding is invalid - */ - if (!tls1_cbc_remove_padding_and_mac(&recs[ctr].length, - recs[ctr].orig_len, - recs[ctr].data, - (macs != NULL) ? &macs[ctr].mac : NULL, - (macs != NULL) ? &macs[ctr].alloced - : NULL, - bs, - pad ? (size_t)pad : macsize, - (EVP_CIPHER_get_flags(enc) - & EVP_CIPH_FLAG_AEAD_CIPHER) != 0, - SSL_CONNECTION_GET_CTX(s)->libctx)) - return 0; - } - } } } return 1; @@ -681,10 +534,8 @@ int tls1_mac_old(SSL_CONNECTION *sc, SSL3_RECORD *rec, unsigned char *md, int i; EVP_MD_CTX *hmac = NULL, *mac_ctx; unsigned char header[13]; - int stream_mac = sending ? (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) - : (sc->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM); - int tlstree_mac = sending ? (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE) - : (sc->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE); + int stream_mac = (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM); + int tlstree_mac = (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE); int t; int ret = 0; @@ -721,8 +572,7 @@ int tls1_mac_old(SSL_CONNECTION *sc, SSL3_RECORD *rec, unsigned char *md, if (SSL_CONNECTION_IS_DTLS(sc)) { unsigned char dtlsseq[8], *p = dtlsseq; - s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&sc->rlayer) : - DTLS_RECORD_LAYER_get_r_epoch(&sc->rlayer), p); + s2n(DTLS_RECORD_LAYER_get_w_epoch(&sc->rlayer), p); memcpy(p, &seq[2], 6); memcpy(header, dtlsseq, 8); diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index 3bbc46b2afabc..978df6d6e3aed 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include "../ssl_local.h" #include "record_local.h" #include "internal/cryptlib.h" @@ -40,15 +41,10 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, return 0; } - if (sending) { - ctx = s->enc_write_ctx; - staticiv = s->write_iv; - seq = RECORD_LAYER_get_write_sequence(&s->rlayer); - } else { - ctx = s->enc_read_ctx; - staticiv = s->read_iv; - seq = RECORD_LAYER_get_read_sequence(&s->rlayer); - } + assert(sending); + ctx = s->enc_write_ctx; + staticiv = s->write_iv; + seq = RECORD_LAYER_get_write_sequence(&s->rlayer); /* * If we're sending an alert and ctx != NULL then we must be forcing @@ -97,8 +93,7 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, taglen = EVP_CCM8_TLS_TAG_LEN; else taglen = EVP_CCM_TLS_TAG_LEN; - if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, - NULL) <= 0) { + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -111,16 +106,6 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, return 0; } - if (!sending) { - /* - * Take off tag. There must be at least one byte of content type as - * well as the tag - */ - if (rec->length < taglen + 1) - return 0; - rec->length -= taglen; - } - /* Set up IV */ if (ivlen < SEQ_NUM_SIZE) { /* Should not happen */ @@ -143,10 +128,7 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, return 0; } - if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0 - || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - taglen, - rec->data + rec->length) <= 0)) { + if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -179,15 +161,14 @@ int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending, || (size_t)(lenu + lenf) != rec->length) { return 0; } - if (sending) { - /* Add the tag */ - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, - rec->data + rec->length) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - rec->length += taglen; + + /* Add the tag */ + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, + rec->data + rec->length) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; } + rec->length += taglen; return 1; } diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index e1b6b5790e074..c9b17bb22bfd4 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -922,7 +922,6 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, /*- * for these 2 messages, we need to * ssl->enc_read_ctx re-init - * ssl->rlayer.read_sequence zero * ssl->s3.read_mac_secret re-init * ssl->session->read_sym_enc assign * ssl->session->read_compression assign diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 2667765be3581..920c8e028b102 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -414,10 +414,11 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which) goto err; } - if (which & SSL3_CC_WRITE) - rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer); - else - rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); + /* + * If we get here we are only doing the write side. The read side goes + * through the new record layer code. + */ + rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer); if (!ktls_configure_crypto(sctx->libctx, s->version, c, m, rl_sequence, &crypto_info, which & SSL3_CC_WRITE, iv, diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 437deaa9930ec..0af8ad2918ca6 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -472,8 +472,6 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) if (which & SSL3_CC_READ) { iv = s->read_iv; - - RECORD_LAYER_reset_read_sequence(&s->rlayer); } else { s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; if (s->enc_write_ctx != NULL) { @@ -763,10 +761,11 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) } /* configure kernel crypto structure */ - if (which & SSL3_CC_WRITE) - rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer); - else - rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); + /* + * If we get here we are only doing the write side. The read side goes + * through the new record layer code. + */ + rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer); if (!ktls_configure_crypto(sctx->libctx, s->version, cipher, NULL, rl_sequence, &crypto_info, which & SSL3_CC_WRITE, @@ -821,7 +820,6 @@ int tls13_update_key(SSL_CONNECTION *s, int sending) } else { iv = s->read_iv; ciph_ctx = s->enc_read_ctx; - RECORD_LAYER_reset_read_sequence(&s->rlayer); } if (!derive_secret_key_and_iv(s, sending, md, diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index ae5702d3a65bf..dbd6c8e7d2fc8 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -157,10 +157,6 @@ const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s) return EVP_sha256(); } -void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl) -{ -} - void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl) { }