From: Matt Caswell Date: Thu, 30 Jul 2020 12:16:39 +0000 (+0100) Subject: Start using the provider side TLS HMAC implementation X-Git-Tag: openssl-3.0.0-alpha7~413 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2e2084dac34170fe1f9e93975e5b3cdc30360a9c;p=thirdparty%2Fopenssl.git Start using the provider side TLS HMAC implementation This commit just moves the TLS1 and above implementation to use the TLS HMAC implementation in the providers. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12732) --- diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index f32841152af..3376395a172 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -51,7 +51,7 @@ struct hmac_data_st { PROV_DIGEST digest; unsigned char *key; size_t keylen; - /* Length of TLS data including the MAC but excluding padding */ + /* Length of full TLS record including the MAC and any padding */ size_t tls_data_size; unsigned char tls_header[13]; int tls_header_set; @@ -166,8 +166,8 @@ static int hmac_update(void *vmacctx, const unsigned char *data, macctx->tls_header_set = 1; return 1; } - /* datalen is macctx->tls_data_size plus the padding length */ - if (datalen < macctx->tls_data_size) + /* macctx->tls_data_size is datalen plus the padding length */ + if (macctx->tls_data_size < datalen) return 0; return ssl3_cbc_digest_record(ossl_prov_digest_md(&macctx->digest), @@ -175,8 +175,8 @@ static int hmac_update(void *vmacctx, const unsigned char *data, &macctx->tls_mac_out_size, macctx->tls_header, data, - macctx->tls_data_size, datalen, + macctx->tls_data_size, macctx->key, macctx->keylen, 0); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 70707da691a..6708a832412 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1465,31 +1465,25 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) header[12] = (unsigned char)(rec->length & 0xff); if (!sending && !SSL_READ_ETM(ssl) && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(mac_ctx)) { - /* - * This is a CBC-encrypted record. We must avoid leaking any - * timing-side channel information about how many blocks of data we - * are hashing because that gives an attacker a timing-oracle. - */ - /* Final param == not SSLv3 */ - if (ssl3_cbc_digest_record(EVP_MD_CTX_md(mac_ctx), - md, &md_size, - header, rec->input, - rec->length + md_size, rec->orig_len, - ssl->s3.read_mac_secret, - ssl->s3.read_mac_secret_size, 0) <= 0) { - EVP_MD_CTX_free(hmac); - return 0; - } - } else { - /* TODO(size_t): Convert these calls */ - if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 - || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 - || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { - EVP_MD_CTX_free(hmac); + EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && + ssl3_cbc_record_digest_supported(mac_ctx)) { + OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params; + + *p++ = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE, + &rec->orig_len); + *p++ = OSSL_PARAM_construct_end(); + + if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_pkey_ctx(mac_ctx), + tls_hmac_params)) return 0; - } + } + + /* TODO(size_t): Convert these calls */ + if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 + || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 + || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { + EVP_MD_CTX_free(hmac); + return 0; } EVP_MD_CTX_free(hmac);