From: Matt Caswell <matt@openssl.org>
Date: Thu, 19 May 2022 16:11:13 +0000 (+0100)
Subject: Remove SSL_USE_EXPLICT_IV() from the record layer methods
X-Git-Tag: openssl-3.2.0-alpha1~2236
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88d616805cab4fd052bcff890627668a8f4bae33;p=thirdparty%2Fopenssl.git

Remove SSL_USE_EXPLICT_IV() from the record layer methods

Instead we introduce RLAYER_USE_EXPLICIT_IV(). This removes a dependency
on the SSL object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
---

diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h
index 8cad4b39794..6e3f3ee20cc 100644
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -171,6 +171,9 @@ void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
      ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC),      \
      ossl_rlayer_fatal)
 
+# define RLAYER_USE_EXPLICIT_IV(rl) ((rl)->version == TLS1_1_VERSION \
+                                     || (rl)->version == TLS1_2_VERSION)
+
 int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
                                      EVP_CIPHER_CTX *ctx,
                                      const EVP_CIPHER *ciph,
diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c
index 2e60778b72e..0b972e975ce 100644
--- a/ssl/record/methods/tls1_meth.c
+++ b/ssl/record/methods/tls1_meth.c
@@ -198,7 +198,7 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
 
         enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
         /* For TLSv1.1 and later explicit IV */
-        if (SSL_USE_EXPLICIT_IV(s)
+        if (RLAYER_USE_EXPLICIT_IV(s)
             && EVP_CIPHER_get_mode(enc) == EVP_CIPH_CBC_MODE)
             ivlen = EVP_CIPHER_get_iv_length(enc);
         else
@@ -399,7 +399,7 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
             } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) {
                     recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
                     recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
-            } else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) {
+            } else if (bs != 1 && RLAYER_USE_EXPLICIT_IV(rl)) {
                 recs[0].data += bs;
                 recs[0].input += bs;
                 recs[0].orig_len -= bs;
@@ -449,7 +449,7 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
                     recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
                     recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
                     recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
-                } else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) {
+                } else if (bs != 1 && RLAYER_USE_EXPLICIT_IV(rl)) {
                     if (recs[ctr].length < bs)
                         return 0;
                     recs[ctr].data += bs;
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 681a830eb9f..accb5b11209 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -608,7 +608,7 @@ static int tls_get_more_records(OSSL_RECORD_LAYER *rl,
         rl->is_first_record = 0;
     } while (num_recs < max_recs
              && thisrr->type == SSL3_RT_APPLICATION_DATA
-             && SSL_USE_EXPLICIT_IV(s)
+             && RLAYER_USE_EXPLICIT_IV(rl)
              && rl->enc_read_ctx != NULL
              && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl->enc_read_ctx))
                  & EVP_CIPH_FLAG_PIPELINE) != 0