]>
git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/record/ssl3_record_tls13.c
2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "../ssl_locl.h"
11 #include "record_locl.h"
14 * tls13_enc encrypts/decrypts |n_recs| in |recs|.
17 * 0: (in non-constant time) if the record is publically invalid (i.e. too
19 * 1: if the record encryption was successful.
20 * -1: if the record's AEAD-authenticator is invalid or, if sending,
21 * an internal error occurred.
23 int tls13_enc(SSL
*s
, SSL3_RECORD
*recs
, size_t n_recs
, int send
)
26 unsigned char iv
[EVP_MAX_IV_LENGTH
];
27 size_t ivlen
, offset
, loop
;
28 unsigned char *staticiv
;
31 SSL3_RECORD
*rec
= &recs
[0];
34 /* Should not happen */
35 /* TODO(TLS1.3): Support pipelining */
40 ctx
= s
->enc_write_ctx
;
41 staticiv
= s
->write_iv
;
42 seq
= RECORD_LAYER_get_write_sequence(&s
->rlayer
);
44 ctx
= s
->enc_read_ctx
;
45 staticiv
= s
->read_iv
;
46 seq
= RECORD_LAYER_get_read_sequence(&s
->rlayer
);
50 memmove(rec
->data
, rec
->input
, rec
->length
);
51 rec
->input
= rec
->data
;
54 ivlen
= EVP_CIPHER_CTX_iv_length(ctx
);
58 * Take off tag. There must be at least one byte of content type as
62 * TODO(TLS1.3): We're going to need to figure out the tag len based on
63 * the cipher. For now we just support GCM tags.
64 * TODO(TLS1.3): When we've swapped over the record layer to TLSv1.3
65 * then the length must be 1 + the tag len to account for the content
66 * byte that we know must have been encrypted.
68 if (rec
->length
< EVP_GCM_TLS_TAG_LEN
)
70 rec
->length
-= EVP_GCM_TLS_TAG_LEN
;
74 if (ivlen
< SEQ_NUM_SIZE
) {
75 /* Should not happen */
78 offset
= ivlen
- SEQ_NUM_SIZE
;
79 memcpy(iv
, staticiv
, offset
);
80 for (loop
= 0; loop
< SEQ_NUM_SIZE
; loop
++)
81 iv
[offset
+ loop
] = staticiv
[offset
+ loop
] ^ seq
[loop
];
83 /* TODO(size_t): lenu/lenf should be a size_t but EVP doesn't support it */
84 if (EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, iv
, send
) <= 0
85 || EVP_CipherUpdate(ctx
, rec
->data
, &lenu
, rec
->input
,
86 (unsigned int)rec
->length
) <= 0
87 || (!send
&& EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
89 rec
->data
+ rec
->length
) <= 0)
90 || EVP_CipherFinal_ex(ctx
, rec
->data
+ lenu
, &lenf
) <= 0
91 || (size_t)(lenu
+ lenf
) != rec
->length
) {
97 if (EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, EVP_GCM_TLS_TAG_LEN
,
98 rec
->data
+ rec
->length
) <= 0)
100 rec
->length
+= EVP_GCM_TLS_TAG_LEN
;