required compression algorithm missing
SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:345:scsv received when renegotiating
SSL_R_SCT_VERIFICATION_FAILED:208:sct verification failed
+SSL_R_SEQUENCE_CTR_WRAPPED:326:sequence ctr wrapped
SSL_R_SERVERHELLO_TLSEXT:275:serverhello tlsext
SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED:277:session id context uninitialized
SSL_R_SHUTDOWN_WHILE_IN_INIT:407:shutdown while in init
# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342
# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345
# define SSL_R_SCT_VERIFICATION_FAILED 208
+# define SSL_R_SEQUENCE_CTR_WRAPPED 326
# define SSL_R_SERVERHELLO_TLSEXT 275
# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407
goto err;
}
- /* TODO(RECLAYER): FIXME */
- ssl3_record_sequence_update(rl->sequence);
+ if (!tls_increment_sequence_ctr(rl)) {
+ /* RLAYERfatal() already called */
+ goto err;
+ }
/* now let's set up wb */
SSL3_BUFFER_set_left(wb, SSL3_RECORD_get_length(&wr));
const unsigned char *mac_secret,
size_t mac_secret_length, char is_sslv3);
+int tls_increment_sequence_ctr(OSSL_RECORD_LAYER *rl);
+
int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
int clearold, size_t *readbytes);
int tls_get_more_records(OSSL_RECORD_LAYER *rl);
EVP_MD_CTX_free(md_ctx);
}
- ssl3_record_sequence_update(seq);
+ if (!tls_increment_sequence_ctr(rl))
+ return 0;
+
return 1;
}
for (loop = 0; loop < SEQ_NUM_SIZE; loop++)
iv[offset + loop] = staticiv[offset + loop] ^ seq[loop];
- /* Increment the sequence counter */
- for (loop = SEQ_NUM_SIZE; loop > 0; loop--) {
- ++seq[loop - 1];
- if (seq[loop - 1] != 0)
- break;
- }
- if (loop == 0) {
- /* Sequence has wrapped */
+ if (!tls_increment_sequence_ctr(rl)) {
+ /* RLAYERfatal already called */
return 0;
}
EVP_CIPHER_CTX *ds;
size_t reclen[SSL_MAX_PIPELINES];
unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
- int i, pad = 0, tmpr, provided;
+ int pad = 0, tmpr, provided;
size_t bs, ctr, padnum, loop;
unsigned char padval;
const EVP_CIPHER *enc;
memcpy(buf[ctr], dtlsseq, 8);
} else {
memcpy(buf[ctr], seq, 8);
- for (i = 7; i >= 0; i--) { /* increment */
- ++seq[i];
- if (seq[i] != 0)
- break;
+ if (!tls_increment_sequence_ctr(rl)) {
+ /* RLAYERfatal already called */
+ return 0;
}
}
}
if (!rl->isdtls && rl->tlstree) {
- unsigned char *seq;
int decrement_seq = 0;
/*
if (sending && !rl->use_etm)
decrement_seq = 1;
- seq = rl->sequence;
- if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_TLSTREE, decrement_seq, seq) <= 0) {
+ if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_TLSTREE, decrement_seq,
+ rl->sequence) <= 0) {
+
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
unsigned char *seq = rl->sequence;
EVP_MD_CTX *hash;
size_t md_size;
- int i;
EVP_MD_CTX *hmac = NULL, *mac_ctx;
unsigned char header[13];
int t;
BIO_dump_indent(trc_out, rec->data, rec->length, 4);
} OSSL_TRACE_END(TLS);
- if (!rl->isdtls) {
- for (i = 7; i >= 0; i--) {
- ++seq[i];
- if (seq[i] != 0)
- break;
- }
+ if (!rl->isdtls && !tls_increment_sequence_ctr(rl)) {
+ /* RLAYERfatal already called */
+ goto end;
}
+
OSSL_TRACE_BEGIN(TLS) {
BIO_printf(trc_out, "md:\n");
BIO_dump_indent(trc_out, md, md_size, 4);
return 1;
}
+int tls_increment_sequence_ctr(OSSL_RECORD_LAYER *rl)
+{
+ int i;
+
+ /* Increment the sequence counter */
+ for (i = SEQ_NUM_SIZE; i > 0; i--) {
+ ++(rl->sequence[i - 1]);
+ if (rl->sequence[i - 1] != 0)
+ break;
+ }
+ if (i == 0) {
+ /* Sequence has wrapped */
+ RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_SEQUENCE_CTR_WRAPPED);
+ return 0;
+ }
+ return 1;
+}
+
/*
* Return values are as per SSL_read()
*/
* If in encrypt-then-mac mode calculate mac from encrypted record. All
* the details below are public so no timing details can leak.
*/
- if (rl->use_etm && rl->md_ctx) {
+ if (rl->use_etm && rl->md_ctx != NULL) {
unsigned char *mac;
for (j = 0; j < num_recs; j++) {
if (rl->enc_ctx != NULL
&& !rl->use_etm
&& EVP_MD_CTX_get0_md(rl->md_ctx) != NULL) {
- /* rl->md_ctx != NULL => mac_size != -1 */
-
for (j = 0; j < num_recs; j++) {
SSL_MAC_BUF *thismb = &macbufs[j];
}
}
-void ssl3_record_sequence_update(unsigned char *seq)
-{
- int i;
-
- for (i = 7; i >= 0; i--) {
- ++seq[i];
- if (seq[i] != 0)
- break;
- }
-}
-
/*
* Returns true if the current rrec was sent in SSLv2 backwards compatible
* format and false otherwise.
#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch)
int dtls_buffer_record(SSL_CONNECTION *s, TLS_RECORD *rec);
-void ssl3_record_sequence_update(unsigned char *seq);
/* Macros/functions provided by the SSL3_BUFFER component */
"scsv received when renegotiating"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCT_VERIFICATION_FAILED),
"sct verification failed"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SEQUENCE_CTR_WRAPPED),
+ "sequence ctr wrapped"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),
"session id context uninitialized"},