From: Matt Caswell Date: Tue, 30 Aug 2022 15:26:33 +0000 (+0100) Subject: Move need_empty_fragments inside the record layer X-Git-Tag: openssl-3.2.0-alpha1~2031 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b9e4e78342df6575b358def3d951227e9c6cebda;p=thirdparty%2Fopenssl.git Move need_empty_fragments inside the record layer This flag can now be managed entirely by the new record layer code so we move it into ossl_record_layer_st. Reviewed-by: Hugo Landau Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/19198) --- diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index 289f2e83330..294bec3e086 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -139,6 +139,13 @@ struct ossl_record_layer_st /* The number of consecutive empty records we have received */ size_t empty_record_count; + /* + * Do we need to send a prefix empty record before application data as a + * countermeasure against known-IV weakness (necessary for SSLv3 and + * TLSv1.0) + */ + int need_empty_fragments; + /* cryptographic state */ EVP_CIPHER_CTX *enc_ctx; diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 0f094abf7ff..2c480c0815e 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1238,6 +1238,17 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, goto err; } + if ((rl->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) == 0 + && rl->version <= TLS1_VERSION + && !EVP_CIPHER_is_a(ciph, "NULL") + && !EVP_CIPHER_is_a(ciph, "RC4")) { + /* + * Enable vulnerability countermeasure for CBC ciphers with known-IV + * problem (http://www.openssl.org/~bodo/tls-cbc.txt) + */ + rl->need_empty_fragments = 1; + } + *retrl = rl; return OSSL_RECORD_RETURN_SUCCESS; err: @@ -1440,7 +1451,7 @@ int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, * ourselves. * Do we need to do that recursion in order to add an empty record prefix? */ - prefix = s->s3.need_empty_fragments + prefix = rl->need_empty_fragments && !clear && templates[0].type == SSL3_RT_APPLICATION_DATA; diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index a1b91a0acb7..e778a2a8607 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -259,22 +259,6 @@ int ssl3_setup_key_block(SSL_CONNECTION *s) /* Calls SSLfatal() as required */ ret = ssl3_generate_key_block(s, p, num); - if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) { - /* - * enable vulnerability countermeasure for CBC ciphers with known-IV - * problem (http://www.openssl.org/~bodo/tls-cbc.txt) - */ - s->s3.need_empty_fragments = 1; - - if (s->session->cipher != NULL) { - if (s->session->cipher->algorithm_enc == SSL_eNULL) - s->s3.need_empty_fragments = 0; - - if (s->session->cipher->algorithm_enc == SSL_RC4) - s->s3.need_empty_fragments = 0; - } - } - return ret; } diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index c8e8d9f4475..61b77602bac 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1296,8 +1296,7 @@ struct ssl_connection_st { unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; unsigned char server_random[SSL3_RANDOM_SIZE]; unsigned char client_random[SSL3_RANDOM_SIZE]; - /* flags for countermeasure against known-IV weakness */ - int need_empty_fragments; + /* used during startup, digest all incoming/outgoing packets */ BIO *handshake_buffer; /* diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 2ef0da41b58..88249c7951d 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -523,23 +523,6 @@ int tls1_setup_key_block(SSL_CONNECTION *s) BIO_dump_indent(trc_out, p, num, 4); } OSSL_TRACE_END(TLS); - if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) - && SSL_CONNECTION_GET_SSL(s)->method->version <= TLS1_VERSION) { - /* - * enable vulnerability countermeasure for CBC ciphers with known-IV - * problem (http://www.openssl.org/~bodo/tls-cbc.txt) - */ - s->s3.need_empty_fragments = 1; - - if (s->session->cipher != NULL) { - if (s->session->cipher->algorithm_enc == SSL_eNULL) - s->s3.need_empty_fragments = 0; - - if (s->session->cipher->algorithm_enc == SSL_RC4) - s->s3.need_empty_fragments = 0; - } - } - ret = 1; err: return ret;