Make the NULL cipher TLS aware

author Matt Caswell <matt@openssl.org>

Mon, 22 Jun 2020 09:51:48 +0000 (10:51 +0100)

committer Matt Caswell <matt@openssl.org>

Mon, 6 Jul 2020 08:26:09 +0000 (09:26 +0100)
author Matt Caswell <matt@openssl.org>
Mon, 22 Jun 2020 09:51:48 +0000 (10:51 +0100)
committer Matt Caswell <matt@openssl.org>
Mon, 6 Jul 2020 08:26:09 +0000 (09:26 +0100)
diff --git a/providers/implementations/ciphers/cipher_null.c b/providers/implementations/ciphers/cipher_null.c

index 3018a5b0756baf9f76ba98f4db10c6dad783cd7b..713d29e3e84ffcb27aa38c71b23483d532aa9093 100644 (file)
--- a/providers/implementations/ciphers/cipher_null.c
+++ b/providers/implementations/ciphers/cipher_null.c
@@ -14,22 +14,37 @@
  #include "prov/ciphercommon.h"
  #include "prov/providercommonerr.h"
  
+typedef struct prov_cipher_null_ctx_st {
+    int enc;
+    size_t tlsmacsize;
+    const unsigned char *tlsmac;
+} PROV_CIPHER_NULL_CTX;
+
  static OSSL_FUNC_cipher_newctx_fn null_newctx;
  static void *null_newctx(void *provctx)
  {
-    static int dummy = 0;
-
-    return &dummy;
+    return OPENSSL_zalloc(sizeof(PROV_CIPHER_NULL_CTX));
  }
  
  static OSSL_FUNC_cipher_freectx_fn null_freectx;
  static void null_freectx(void *vctx)
  {
+    OPENSSL_free(vctx);
+}
+
+static OSSL_FUNC_cipher_encrypt_init_fn null_einit;
+static int null_einit(void *vctx, const unsigned char *key, size_t keylen,
+                      const unsigned char *iv, size_t ivlen)
+{
+    PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx;
+
+    ctx->enc = 1;
+    return 1;
  }
  
-static OSSL_FUNC_cipher_encrypt_init_fn null_init;
-static int null_init(void *vctx, const unsigned char *key, size_t keylen,
-                     const unsigned char *iv, size_t ivlen)
+static OSSL_FUNC_cipher_decrypt_init_fn null_dinit;
+static int null_dinit(void *vctx, const unsigned char *key, size_t keylen,
+                      const unsigned char *iv, size_t ivlen)
  {
      return 1;
  }
@@ -38,6 +53,18 @@ static OSSL_FUNC_cipher_cipher_fn null_cipher;
  static int null_cipher(void *vctx, unsigned char *out, size_t *outl,
                         size_t outsize, const unsigned char *in, size_t inl)
  {
+    PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx;
+
+    if (!ctx->enc && ctx->tlsmacsize > 0) {
+        /*
+         * TLS NULL cipher as per:
+         * https://tools.ietf.org/html/rfc5246#section-6.2.3.1
+         */
+        if (inl < ctx->tlsmacsize)
+            return 0;
+        ctx->tlsmac = in + inl - ctx->tlsmacsize;
+        inl -= ctx->tlsmacsize;
+    }
      if (outsize < inl)
          return 0;
      if (in != out)
@@ -63,6 +90,7 @@ static int null_get_params(OSSL_PARAM params[])
  static const OSSL_PARAM null_known_gettable_ctx_params[] = {
      OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
      OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+    { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
      OSSL_PARAM_END
  };
  
@@ -75,6 +103,7 @@ static const OSSL_PARAM *null_gettable_ctx_params(void)
  static OSSL_FUNC_cipher_get_ctx_params_fn null_get_ctx_params;
  static int null_get_ctx_params(void *vctx, OSSL_PARAM params[])
  {
+    PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx;
      OSSL_PARAM *p;
  
      p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
@@ -87,6 +116,41 @@ static int null_get_ctx_params(void *vctx, OSSL_PARAM params[])
          ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
          return 0;
      }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC);
+    if (p != NULL
+        && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    return 1;
+}
+
+static const OSSL_PARAM null_known_settable_ctx_params[] = {
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL),
+    OSSL_PARAM_END
+};
+
+static OSSL_FUNC_cipher_settable_ctx_params_fn null_settable_ctx_params;
+static const OSSL_PARAM *null_settable_ctx_params(void)
+{
+    return null_known_settable_ctx_params;
+}
+
+
+static OSSL_FUNC_cipher_set_ctx_params_fn null_set_ctx_params;
+static int null_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx;
+    const OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE);
+    if (p != NULL) {
+        if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+    }
+
      return 1;
  }
  
@@ -95,8 +159,8 @@ const OSSL_DISPATCH null_functions[] = {
        (void (*)(void)) null_newctx },
      { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) null_freectx },
      { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) null_newctx },
-    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))null_init },
-    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))null_init },
+    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))null_einit },
+    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))null_dinit },
      { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))null_cipher },
      { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))null_final },
      { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))null_cipher },
@@ -106,5 +170,8 @@ const OSSL_DISPATCH null_functions[] = {
      { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))null_get_ctx_params },
      { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,
        (void (*)(void))null_gettable_ctx_params },
+    { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, (void (*)(void))null_set_ctx_params },
+    { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,
+      (void (*)(void))null_settable_ctx_params },
      { 0, NULL }
  };
author	Matt Caswell <matt@openssl.org>
	Mon, 22 Jun 2020 09:51:48 +0000 (10:51 +0100)
committer	Matt Caswell <matt@openssl.org>
	Mon, 6 Jul 2020 08:26:09 +0000 (09:26 +0100)