From: Matt Caswell Date: Tue, 4 Oct 2022 14:59:06 +0000 (+0100) Subject: Add a post encryption processing step X-Git-Tag: openssl-3.2.0-alpha1~1925 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2a354d54632cccf7d76130712d068a3ef188a356;p=thirdparty%2Fopenssl.git Add a post encryption processing step For example in this we add the MAC if we are doing encrypt-then-mac. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19343) --- diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c index bd694a89486..6715e1c65d7 100644 --- a/ssl/record/methods/ktls_meth.c +++ b/ssl/record/methods/ktls_meth.c @@ -501,6 +501,16 @@ static int ktls_prepare_for_encryption(OSSL_RECORD_LAYER *rl, return 1; } +static int ktls_post_encryption_processing(OSSL_RECORD_LAYER *rl, + size_t mac_size, + OSSL_RECORD_TEMPLATE *templ, + WPACKET *thispkt, + SSL3_RECORD *thiswr) +{ + /* The kernel does anything that is needed, so nothing to do here */ + return 1; +} + static struct record_functions_st ossl_ktls_funcs = { ktls_set_crypto_state, ktls_cipher, @@ -517,7 +527,8 @@ static struct record_functions_st ossl_ktls_funcs = { NULL, ktls_prepare_record_header, NULL, - ktls_prepare_for_encryption + ktls_prepare_for_encryption, + ktls_post_encryption_processing }; const OSSL_RECORD_METHOD ossl_ktls_record_method = { diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index 2e30d2f1332..7f4ede9f4d0 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -120,6 +120,16 @@ struct record_functions_st size_t mac_size, WPACKET *thispkt, SSL3_RECORD *thiswr); + + /* + * Any updates required to the record after encryption has been applied. For + * example, adding a MAC if using encrypt-then-mac + */ + int (*post_encryption_processing)(OSSL_RECORD_LAYER *rl, + size_t mac_size, + OSSL_RECORD_TEMPLATE *thistempl, + WPACKET *thispkt, + SSL3_RECORD *thiswr); }; struct ossl_record_layer_st @@ -421,6 +431,11 @@ int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl, size_t mac_size, WPACKET *thispkt, SSL3_RECORD *thiswr); +int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl, + size_t mac_size, + OSSL_RECORD_TEMPLATE *thistempl, + WPACKET *thispkt, + SSL3_RECORD *thiswr); int tls_write_records_default(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, size_t numtempl); diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c index ef9a6ae4997..9b2d63e9b8b 100644 --- a/ssl/record/methods/ssl3_meth.c +++ b/ssl/record/methods/ssl3_meth.c @@ -317,5 +317,6 @@ struct record_functions_st ssl_3_0_funcs = { NULL, tls_prepare_record_header_default, NULL, - tls_prepare_for_encryption_default + tls_prepare_for_encryption_default, + tls_post_encryption_processing_default }; diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c index a9d90f6577e..8a3bdb254fe 100644 --- a/ssl/record/methods/tls13_meth.c +++ b/ssl/record/methods/tls13_meth.c @@ -325,5 +325,6 @@ struct record_functions_st tls_1_3_funcs = { tls13_get_record_type, tls_prepare_record_header_default, tls13_add_record_padding, - tls_prepare_for_encryption_default + tls_prepare_for_encryption_default, + tls_post_encryption_processing_default }; diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c index 71138abc28a..bd3c32832bc 100644 --- a/ssl/record/methods/tls1_meth.c +++ b/ssl/record/methods/tls1_meth.c @@ -658,7 +658,8 @@ struct record_functions_st tls_1_funcs = { NULL, tls_prepare_record_header_default, NULL, - tls_prepare_for_encryption_default + tls_prepare_for_encryption_default, + tls_post_encryption_processing_default }; struct record_functions_st dtls_1_funcs = { @@ -676,5 +677,6 @@ struct record_functions_st dtls_1_funcs = { NULL, NULL, NULL, + NULL, NULL }; diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 97e2714042b..9e157898b52 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1612,6 +1612,68 @@ int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl, return 1; } +int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl, + size_t mac_size, + OSSL_RECORD_TEMPLATE *thistempl, + WPACKET *thispkt, + SSL3_RECORD *thiswr) +{ + size_t origlen, len; + + /* Allocate bytes for the encryption overhead */ + if (!WPACKET_get_length(thispkt, &origlen) + /* Encryption should never shrink the data! */ + || origlen > thiswr->length + || (thiswr->length > origlen + && !WPACKET_allocate_bytes(thispkt, + thiswr->length - origlen, + NULL))) { + RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } + if (rl->use_etm && mac_size != 0) { + unsigned char *mac; + + if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) + || !rl->funcs->mac(rl, thiswr, mac, 1)) { + RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } + + SSL3_RECORD_add_length(thiswr, mac_size); + } + + if (!WPACKET_get_length(thispkt, &len) + || !WPACKET_close(thispkt)) { + RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } + + if (rl->msg_callback != NULL) { + unsigned char *recordstart; + + recordstart = WPACKET_get_curr(thispkt) - len - SSL3_RT_HEADER_LENGTH; + rl->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart, + SSL3_RT_HEADER_LENGTH, rl->cbarg); + + if (rl->version == TLS1_3_VERSION && rl->enc_ctx != NULL) { + unsigned char ctype = thistempl->type; + + rl->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE, + &ctype, 1, rl->cbarg); + } + } + + if (!WPACKET_finish(thispkt)) { + RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } + + SSL3_RECORD_add_length(thiswr, SSL3_RT_HEADER_LENGTH); + + return 1; +} + int tls_write_records_default(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, size_t numtempl) @@ -1620,11 +1682,9 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl, SSL3_RECORD wr[SSL_MAX_PIPELINES + 1]; WPACKET *thispkt; SSL3_RECORD *thiswr; - unsigned char *recordstart; int mac_size = 0, ret = 0; - size_t len, wpinited = 0; + size_t wpinited = 0; size_t j, prefix = 0; - int using_ktls; OSSL_RECORD_TEMPLATE prefixtempl; OSSL_RECORD_TEMPLATE *thistempl; @@ -1648,12 +1708,6 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl, goto err; } - using_ktls = BIO_get_ktls_send(rl->bio); - if (!ossl_assert(!using_ktls || !prefix)) { - RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - /* Clear our SSL3_RECORD structures */ memset(wr, 0, sizeof(wr)); for (j = 0; j < numtempl + prefix; j++) { @@ -1738,67 +1792,16 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl, } for (j = 0; j < numtempl + prefix; j++) { - size_t origlen; - thispkt = &pkt[j]; thiswr = &wr[j]; thistempl = (j < prefix) ? &prefixtempl : &templates[j - prefix]; - if (using_ktls) - goto mac_done; - - /* Allocate bytes for the encryption overhead */ - if (!WPACKET_get_length(thispkt, &origlen) - /* Encryption should never shrink the data! */ - || origlen > thiswr->length - || (thiswr->length > origlen - && !WPACKET_allocate_bytes(thispkt, - thiswr->length - origlen, - NULL))) { - RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - if (rl->use_etm && mac_size != 0) { - unsigned char *mac; - - if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) - || !rl->funcs->mac(rl, thiswr, mac, 1)) { - RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - - SSL3_RECORD_add_length(thiswr, mac_size); - } - - if (!WPACKET_get_length(thispkt, &len) - || !WPACKET_close(thispkt)) { - RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (rl->msg_callback) { - recordstart = WPACKET_get_curr(thispkt) - len - - SSL3_RT_HEADER_LENGTH; - rl->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart, - SSL3_RT_HEADER_LENGTH, rl->cbarg); - - if (rl->version == TLS1_3_VERSION && rl->enc_ctx != NULL) { - unsigned char ctype = thistempl->type; - - rl->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE, - &ctype, 1, rl->cbarg); - } - } - - if (!WPACKET_finish(thispkt)) { - RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + if (!rl->funcs->post_encryption_processing(rl, mac_size, thistempl, + thispkt, thiswr)) { + /* RLAYERfatal() already called */ goto err; } - /* header is added by the kernel when using offload */ - SSL3_RECORD_add_length(thiswr, SSL3_RT_HEADER_LENGTH); - - mac_done: /* * we should now have thiswr->data pointing to the encrypted data, which * is thiswr->length long. diff --git a/ssl/record/methods/tlsany_meth.c b/ssl/record/methods/tlsany_meth.c index bf4fe6a31c9..b18c475ed2d 100644 --- a/ssl/record/methods/tlsany_meth.c +++ b/ssl/record/methods/tlsany_meth.c @@ -159,7 +159,8 @@ struct record_functions_st tls_any_funcs = { NULL, tls_prepare_record_header_default, NULL, - tls_any_prepare_for_encryption + tls_any_prepare_for_encryption, + tls_post_encryption_processing_default }; static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers) @@ -187,5 +188,6 @@ struct record_functions_st dtls_any_funcs = { NULL, NULL, NULL, + NULL, NULL };