1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00

Upgrade openssl from 1.1.0e to 1.1.1b, with source code. 4.0.78

This commit is contained in:
winlin 2021-03-01 20:47:57 +08:00
parent 8f1c992379
commit 96dbd7bced
1476 changed files with 616554 additions and 4 deletions

View file

@ -0,0 +1,74 @@
Record Layer Design
===================
This file provides some guidance on the thinking behind the design of the
record layer code to aid future maintenance.
The record layer is divided into a number of components. At the time of writing
there are four: SSL3_RECORD, SSL3_BUFFER, DLTS1_BITMAP and RECORD_LAYER. Each
of these components is defined by:
1) A struct definition of the same name as the component
2) A set of source files that define the functions for that component
3) A set of accessor macros
All struct definitions are in record.h. The functions and macros are either
defined in record.h or record_locl.h dependent on whether they are intended to
be private to the record layer, or whether they form part of the API to the rest
of libssl.
The source files map to components as follows:
dtls1_bitmap.c -> DTLS1_BITMAP component
ssl3_buffer.c -> SSL3_BUFFER component
ssl3_record.c -> SSL3_RECORD component
rec_layer_s3.c, rec_layer_d1.c -> RECORD_LAYER component
The RECORD_LAYER component is a facade pattern, i.e. it provides a simplified
interface to the record layer for the rest of libssl. The other 3 components are
entirely private to the record layer and therefore should never be accessed
directly by libssl.
Any component can directly access its own members - they are private to that
component, e.g. ssl3_buffer.c can access members of the SSL3_BUFFER struct
without using a macro. No component can directly access the members of another
component, e.g. ssl3_buffer cannot reach inside the RECORD_LAYER component to
directly access its members. Instead components use accessor macros, so if code
in ssl3_buffer.c wants to access the members of the RECORD_LAYER it uses the
RECORD_LAYER_* macros.
Conceptually it looks like this:
libssl
|
---------------------------|-----record.h--------------------------------------
|
_______V______________
| |
| RECORD_LAYER |
| |
| rec_layer_s3.c |
| ^ |
| _________|__________ |
|| ||
|| DTLS1_RECORD_LAYER ||
|| ||
|| rec_layer_d1.c ||
||____________________||
|______________________|
record_locl.h ^ ^ ^
_________________| | |_________________
| | |
_____V_________ ______V________ _______V________
| | | | | |
| SSL3_BUFFER | | SSL3_RECORD | | DTLS1_BITMAP |
| |--->| | | |
| ssl3_buffer.c | | ssl3_record.c | | dtls1_bitmap.c |
|_______________| |_______________| |________________|
The two RECORD_LAYER source files build on each other, i.e.
the main one is rec_layer_s3.c which provides the core SSL/TLS layer. The second
one is rec_layer_d1.c which builds off of the SSL/TLS code to provide DTLS
specific capabilities. It uses some DTLS specific RECORD_LAYER component members
which should only be accessed from rec_layer_d1.c. These are held in the
DTLS1_RECORD_LAYER struct.

View file

@ -0,0 +1,78 @@
/*
* Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../ssl_locl.h"
#include "record_locl.h"
/* mod 128 saturating subtract of two 64-bit values in big-endian order */
static int satsub64be(const unsigned char *v1, const unsigned char *v2)
{
int64_t ret;
uint64_t l1, l2;
n2l8(v1, l1);
n2l8(v2, l2);
ret = l1 - l2;
/* We do not permit wrap-around */
if (l1 > l2 && ret < 0)
return 128;
else if (l2 > l1 && ret > 0)
return -128;
if (ret > 128)
return 128;
else if (ret < -128)
return -128;
else
return (int)ret;
}
int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
{
int cmp;
unsigned int shift;
const unsigned char *seq = s->rlayer.read_sequence;
cmp = satsub64be(seq, bitmap->max_seq_num);
if (cmp > 0) {
SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
return 1; /* this record in new */
}
shift = -cmp;
if (shift >= sizeof(bitmap->map) * 8)
return 0; /* stale, outside the window */
else if (bitmap->map & (1UL << shift))
return 0; /* record previously received */
SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
return 1;
}
void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
{
int cmp;
unsigned int shift;
const unsigned char *seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
cmp = satsub64be(seq, bitmap->max_seq_num);
if (cmp > 0) {
shift = cmp;
if (shift < sizeof(bitmap->map) * 8)
bitmap->map <<= shift, bitmap->map |= 1UL;
else
bitmap->map = 1UL;
memcpy(bitmap->max_seq_num, seq, SEQ_NUM_SIZE);
} else {
shift = -cmp;
if (shift < sizeof(bitmap->map) * 8)
bitmap->map |= 1UL << shift;
}
}

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,236 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*****************************************************************************
* *
* These structures should be considered PRIVATE to the record layer. No *
* non-record layer code should be using these structures in any way. *
* *
*****************************************************************************/
typedef struct ssl3_buffer_st {
/* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
unsigned char *buf;
/* default buffer size (or 0 if no default set) */
size_t default_len;
/* buffer size */
size_t len;
/* where to 'copy from' */
size_t offset;
/* how many bytes left */
size_t left;
} SSL3_BUFFER;
#define SEQ_NUM_SIZE 8
typedef struct ssl3_record_st {
/* Record layer version */
/* r */
int rec_version;
/* type of record */
/* r */
int type;
/* How many bytes available */
/* rw */
size_t length;
/*
* How many bytes were available before padding was removed? This is used
* to implement the MAC check in constant time for CBC records.
*/
/* rw */
size_t orig_len;
/* read/write offset into 'buf' */
/* r */
size_t off;
/* pointer to the record data */
/* rw */
unsigned char *data;
/* where the decode bytes are */
/* rw */
unsigned char *input;
/* only used with decompression - malloc()ed */
/* r */
unsigned char *comp;
/* Whether the data from this record has already been read or not */
/* r */
unsigned int read;
/* epoch number, needed by DTLS1 */
/* r */
unsigned long epoch;
/* sequence number, needed by DTLS1 */
/* r */
unsigned char seq_num[SEQ_NUM_SIZE];
} SSL3_RECORD;
typedef struct dtls1_bitmap_st {
/* Track 32 packets on 32-bit systems and 64 - on 64-bit systems */
unsigned long map;
/* Max record number seen so far, 64-bit value in big-endian encoding */
unsigned char max_seq_num[SEQ_NUM_SIZE];
} DTLS1_BITMAP;
typedef struct record_pqueue_st {
unsigned short epoch;
struct pqueue_st *q;
} record_pqueue;
typedef struct dtls1_record_data_st {
unsigned char *packet;
size_t packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
#ifndef OPENSSL_NO_SCTP
struct bio_dgram_sctp_rcvinfo recordinfo;
#endif
} DTLS1_RECORD_DATA;
typedef struct dtls_record_layer_st {
/*
* The current data and handshake epoch. This is initially
* undefined, and starts at zero once the initial handshake is
* completed
*/
unsigned short r_epoch;
unsigned short w_epoch;
/* records being received in the current epoch */
DTLS1_BITMAP bitmap;
/* renegotiation starts a new set of sequence numbers */
DTLS1_BITMAP next_bitmap;
/* Received handshake records (processed and unprocessed) */
record_pqueue unprocessed_rcds;
record_pqueue processed_rcds;
/*
* Buffered application records. Only for records between CCS and
* Finished to prevent either protocol violation or unnecessary message
* loss.
*/
record_pqueue buffered_app_data;
/* save last and current sequence numbers for retransmissions */
unsigned char last_write_sequence[8];
unsigned char curr_write_sequence[8];
} DTLS_RECORD_LAYER;
/*****************************************************************************
* *
* This structure should be considered "opaque" to anything outside of the *
* record layer. No non-record layer code should be accessing the members of *
* this structure. *
* *
*****************************************************************************/
typedef struct record_layer_st {
/* The parent SSL structure */
SSL *s;
/*
* Read as many input bytes as possible (for
* non-blocking reads)
*/
int read_ahead;
/* where we are when reading */
int rstate;
/* How many pipelines can be used to read data */
size_t numrpipes;
/* How many pipelines can be used to write data */
size_t numwpipes;
/* read IO goes into here */
SSL3_BUFFER rbuf;
/* write IO goes into here */
SSL3_BUFFER wbuf[SSL_MAX_PIPELINES];
/* each decoded record goes in here */
SSL3_RECORD rrec[SSL_MAX_PIPELINES];
/* used internally to point at a raw packet */
unsigned char *packet;
size_t packet_length;
/* number of bytes sent so far */
size_t wnum;
unsigned char handshake_fragment[4];
size_t handshake_fragment_len;
/* The number of consecutive empty records we have received */
size_t empty_record_count;
/* partial write - check the numbers match */
/* number bytes written */
size_t wpend_tot;
int wpend_type;
/* number of bytes submitted */
size_t wpend_ret;
const unsigned char *wpend_buf;
unsigned char read_sequence[SEQ_NUM_SIZE];
unsigned char write_sequence[SEQ_NUM_SIZE];
/* Set to true if this is the first record in a connection */
unsigned int is_first_record;
/* Count of the number of consecutive warning alerts received */
unsigned int alert_count;
DTLS_RECORD_LAYER *d;
} RECORD_LAYER;
/*****************************************************************************
* *
* The following macros/functions represent the libssl internal API to the *
* record layer. Any libssl code may call these functions/macros *
* *
*****************************************************************************/
#define MIN_SSL2_RECORD_LEN 9
#define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra))
#define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead)
#define RECORD_LAYER_get_packet(rl) ((rl)->packet)
#define RECORD_LAYER_get_packet_length(rl) ((rl)->packet_length)
#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
#define DTLS_RECORD_LAYER_get_w_epoch(rl) ((rl)->d->w_epoch)
#define DTLS_RECORD_LAYER_get_processed_rcds(rl) \
((rl)->d->processed_rcds)
#define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \
((rl)->d->unprocessed_rcds)
#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf)
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
void RECORD_LAYER_clear(RECORD_LAYER *rl);
void RECORD_LAYER_release(RECORD_LAYER *rl);
int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl);
int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
__owur size_t ssl3_pending(const SSL *s);
__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len,
size_t *written);
int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
size_t *pipelens, size_t numpipes,
int create_empty_fragment, size_t *written);
__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, size_t len, int peek,
size_t *readbytes);
__owur int ssl3_setup_buffers(SSL *s);
__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send);
__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
size_t *written);
__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send);
__owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
__owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send);
int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e);
void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, size_t len, int peek,
size_t *readbytes);
__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
size_t *written);
int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
size_t len, int create_empty_fragment, size_t *written);
void dtls1_reset_seq_numbers(SSL *s, int rw);
int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq,
size_t off);

View file

@ -0,0 +1,116 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*****************************************************************************
* *
* The following macros/functions are PRIVATE to the record layer. They *
* should NOT be used outside of the record layer. *
* *
*****************************************************************************/
#define MAX_WARN_ALERT_COUNT 5
/* Functions/macros provided by the RECORD_LAYER component */
#define RECORD_LAYER_get_rrec(rl) ((rl)->rrec)
#define RECORD_LAYER_set_packet(rl, p) ((rl)->packet = (p))
#define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0)
#define RECORD_LAYER_get_rstate(rl) ((rl)->rstate)
#define RECORD_LAYER_set_rstate(rl, st) ((rl)->rstate = (st))
#define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence)
#define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence)
#define RECORD_LAYER_get_numrpipes(rl) ((rl)->numrpipes)
#define RECORD_LAYER_set_numrpipes(rl, n) ((rl)->numrpipes = (n))
#define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++)
#define RECORD_LAYER_reset_empty_record_count(rl) \
((rl)->empty_record_count = 0)
#define RECORD_LAYER_get_empty_record_count(rl) ((rl)->empty_record_count)
#define RECORD_LAYER_is_first_record(rl) ((rl)->is_first_record)
#define RECORD_LAYER_set_first_record(rl) ((rl)->is_first_record = 1)
#define RECORD_LAYER_clear_first_record(rl) ((rl)->is_first_record = 0)
#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch)
__owur int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
size_t *readbytes);
DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch);
int dtls1_process_buffered_records(SSL *s);
int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue);
int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);
void ssl3_record_sequence_update(unsigned char *seq);
/* Functions provided by the DTLS1_BITMAP component */
int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
/* Macros/functions provided by the SSL3_BUFFER component */
#define SSL3_BUFFER_get_buf(b) ((b)->buf)
#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n))
#define SSL3_BUFFER_get_len(b) ((b)->len)
#define SSL3_BUFFER_set_len(b, l) ((b)->len = (l))
#define SSL3_BUFFER_get_left(b) ((b)->left)
#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l))
#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l))
#define SSL3_BUFFER_get_offset(b) ((b)->offset)
#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o))
#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o))
#define SSL3_BUFFER_is_initialised(b) ((b)->buf != NULL)
#define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l))
void SSL3_BUFFER_clear(SSL3_BUFFER *b);
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n);
void SSL3_BUFFER_release(SSL3_BUFFER *b);
__owur int ssl3_setup_read_buffer(SSL *s);
__owur int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len);
int ssl3_release_read_buffer(SSL *s);
int ssl3_release_write_buffer(SSL *s);
/* Macros/functions provided by the SSL3_RECORD component */
#define SSL3_RECORD_get_type(r) ((r)->type)
#define SSL3_RECORD_set_type(r, t) ((r)->type = (t))
#define SSL3_RECORD_set_rec_version(r, v) ((r)->rec_version = (v))
#define SSL3_RECORD_get_length(r) ((r)->length)
#define SSL3_RECORD_set_length(r, l) ((r)->length = (l))
#define SSL3_RECORD_add_length(r, l) ((r)->length += (l))
#define SSL3_RECORD_sub_length(r, l) ((r)->length -= (l))
#define SSL3_RECORD_get_data(r) ((r)->data)
#define SSL3_RECORD_set_data(r, d) ((r)->data = (d))
#define SSL3_RECORD_get_input(r) ((r)->input)
#define SSL3_RECORD_set_input(r, i) ((r)->input = (i))
#define SSL3_RECORD_reset_input(r) ((r)->input = (r)->data)
#define SSL3_RECORD_get_seq_num(r) ((r)->seq_num)
#define SSL3_RECORD_get_off(r) ((r)->off)
#define SSL3_RECORD_set_off(r, o) ((r)->off = (o))
#define SSL3_RECORD_add_off(r, o) ((r)->off += (o))
#define SSL3_RECORD_get_epoch(r) ((r)->epoch)
#define SSL3_RECORD_is_sslv2_record(r) \
((r)->rec_version == SSL2_VERSION)
#define SSL3_RECORD_is_read(r) ((r)->read)
#define SSL3_RECORD_set_read(r) ((r)->read = 1)
void SSL3_RECORD_clear(SSL3_RECORD *r, size_t);
void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs);
void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);
int ssl3_get_record(SSL *s);
__owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr);
__owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr);
int ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, size_t md_size);
__owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
size_t block_size, size_t mac_size);
__owur int tls1_cbc_remove_padding(const SSL *s,
SSL3_RECORD *rec,
size_t block_size, size_t mac_size);
int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
__owur int dtls1_get_record(SSL *s);
int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send);

View file

@ -0,0 +1,179 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../ssl_locl.h"
#include "record_locl.h"
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
{
if (d != NULL)
memcpy(b->buf, d, n);
b->left = n;
b->offset = 0;
}
/*
* Clear the contents of an SSL3_BUFFER but retain any memory allocated. Also
* retains the default_len setting
*/
void SSL3_BUFFER_clear(SSL3_BUFFER *b)
{
b->offset = 0;
b->left = 0;
}
void SSL3_BUFFER_release(SSL3_BUFFER *b)
{
OPENSSL_free(b->buf);
b->buf = NULL;
}
int ssl3_setup_read_buffer(SSL *s)
{
unsigned char *p;
size_t len, align = 0, headerlen;
SSL3_BUFFER *b;
b = RECORD_LAYER_get_rbuf(&s->rlayer);
if (SSL_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH;
else
headerlen = SSL3_RT_HEADER_LENGTH;
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
#endif
if (b->buf == NULL) {
len = SSL3_RT_MAX_PLAIN_LENGTH
+ SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
#ifndef OPENSSL_NO_COMP
if (ssl_allow_compression(s))
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
if (b->default_len > len)
len = b->default_len;
if ((p = OPENSSL_malloc(len)) == NULL) {
/*
* We've got a malloc failure, and we're still initialising buffers.
* We assume we're so doomed that we won't even be able to send an
* alert.
*/
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_SETUP_READ_BUFFER,
ERR_R_MALLOC_FAILURE);
return 0;
}
b->buf = p;
b->len = len;
}
RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
return 1;
}
int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
{
unsigned char *p;
size_t align = 0, headerlen;
SSL3_BUFFER *wb;
size_t currpipe;
s->rlayer.numwpipes = numwpipes;
if (len == 0) {
if (SSL_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH + 1;
else
headerlen = SSL3_RT_HEADER_LENGTH;
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
#endif
len = ssl_get_max_send_fragment(s)
+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
#ifndef OPENSSL_NO_COMP
if (ssl_allow_compression(s))
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
}
wb = RECORD_LAYER_get_wbuf(&s->rlayer);
for (currpipe = 0; currpipe < numwpipes; currpipe++) {
SSL3_BUFFER *thiswb = &wb[currpipe];
if (thiswb->buf != NULL && thiswb->len != len) {
OPENSSL_free(thiswb->buf);
thiswb->buf = NULL; /* force reallocation */
}
if (thiswb->buf == NULL) {
p = OPENSSL_malloc(len);
if (p == NULL) {
s->rlayer.numwpipes = currpipe;
/*
* We've got a malloc failure, and we're still initialising
* buffers. We assume we're so doomed that we won't even be able
* to send an alert.
*/
SSLfatal(s, SSL_AD_NO_ALERT,
SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
return 0;
}
memset(thiswb, 0, sizeof(SSL3_BUFFER));
thiswb->buf = p;
thiswb->len = len;
}
}
return 1;
}
int ssl3_setup_buffers(SSL *s)
{
if (!ssl3_setup_read_buffer(s)) {
/* SSLfatal() already called */
return 0;
}
if (!ssl3_setup_write_buffer(s, 1, 0)) {
/* SSLfatal() already called */
return 0;
}
return 1;
}
int ssl3_release_write_buffer(SSL *s)
{
SSL3_BUFFER *wb;
size_t pipes;
pipes = s->rlayer.numwpipes;
while (pipes > 0) {
wb = &RECORD_LAYER_get_wbuf(&s->rlayer)[pipes - 1];
OPENSSL_free(wb->buf);
wb->buf = NULL;
pipes--;
}
s->rlayer.numwpipes = 0;
return 1;
}
int ssl3_release_read_buffer(SSL *s)
{
SSL3_BUFFER *b;
b = RECORD_LAYER_get_rbuf(&s->rlayer);
OPENSSL_free(b->buf);
b->buf = NULL;
return 1;
}

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,196 @@
/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../ssl_locl.h"
#include "record_locl.h"
#include "internal/cryptlib.h"
/*-
* tls13_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for
* internal errors, but not otherwise.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* short etc).
* 1: if the record encryption was successful.
* -1: if the record's AEAD-authenticator is invalid or, if sending,
* an internal error occurred.
*/
int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
{
EVP_CIPHER_CTX *ctx;
unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH];
size_t ivlen, taglen, offset, loop, hdrlen;
unsigned char *staticiv;
unsigned char *seq;
int lenu, lenf;
SSL3_RECORD *rec = &recs[0];
uint32_t alg_enc;
WPACKET wpkt;
if (n_recs != 1) {
/* Should not happen */
/* TODO(TLS1.3): Support pipelining */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
}
if (sending) {
ctx = s->enc_write_ctx;
staticiv = s->write_iv;
seq = RECORD_LAYER_get_write_sequence(&s->rlayer);
} else {
ctx = s->enc_read_ctx;
staticiv = s->read_iv;
seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
}
/*
* If we're sending an alert and ctx != NULL then we must be forcing
* plaintext alerts. If we're reading and ctx != NULL then we allow
* plaintext alerts at certain points in the handshake. If we've got this
* far then we have already validated that a plaintext alert is ok here.
*/
if (ctx == NULL || rec->type == SSL3_RT_ALERT) {
memmove(rec->data, rec->input, rec->length);
rec->input = rec->data;
return 1;
}
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (s->early_data_state == SSL_EARLY_DATA_WRITING
|| s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
if (s->session != NULL && s->session->ext.max_early_data > 0) {
alg_enc = s->session->cipher->algorithm_enc;
} else {
if (!ossl_assert(s->psksession != NULL
&& s->psksession->ext.max_early_data > 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
}
alg_enc = s->psksession->cipher->algorithm_enc;
}
} else {
/*
* To get here we must have selected a ciphersuite - otherwise ctx would
* be NULL
*/
if (!ossl_assert(s->s3->tmp.new_cipher != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
}
alg_enc = s->s3->tmp.new_cipher->algorithm_enc;
}
if (alg_enc & SSL_AESCCM) {
if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
taglen = EVP_CCM8_TLS_TAG_LEN;
else
taglen = EVP_CCM_TLS_TAG_LEN;
if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
}
} else if (alg_enc & SSL_AESGCM) {
taglen = EVP_GCM_TLS_TAG_LEN;
} else if (alg_enc & SSL_CHACHA20) {
taglen = EVP_CHACHAPOLY_TLS_TAG_LEN;
} else {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
}
if (!sending) {
/*
* Take off tag. There must be at least one byte of content type as
* well as the tag
*/
if (rec->length < taglen + 1)
return 0;
rec->length -= taglen;
}
/* Set up IV */
if (ivlen < SEQ_NUM_SIZE) {
/* Should not happen */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
}
offset = ivlen - SEQ_NUM_SIZE;
memcpy(iv, staticiv, offset);
for (loop = 0; loop < SEQ_NUM_SIZE; loop++)
iv[offset + loop] = staticiv[offset + loop] ^ seq[loop];
/* Increment the sequence counter */
for (loop = SEQ_NUM_SIZE; loop > 0; loop--) {
++seq[loop - 1];
if (seq[loop - 1] != 0)
break;
}
if (loop == 0) {
/* Sequence has wrapped */
return -1;
}
/* TODO(size_t): lenu/lenf should be a size_t but EVP doesn't support it */
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0
|| (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
taglen,
rec->data + rec->length) <= 0)) {
return -1;
}
/* Set up the AAD */
if (!WPACKET_init_static_len(&wpkt, recheader, sizeof(recheader), 0)
|| !WPACKET_put_bytes_u8(&wpkt, rec->type)
|| !WPACKET_put_bytes_u16(&wpkt, rec->rec_version)
|| !WPACKET_put_bytes_u16(&wpkt, rec->length + taglen)
|| !WPACKET_get_total_written(&wpkt, &hdrlen)
|| hdrlen != SSL3_RT_HEADER_LENGTH
|| !WPACKET_finish(&wpkt)) {
WPACKET_cleanup(&wpkt);
return -1;
}
/*
* For CCM we must explicitly set the total plaintext length before we add
* any AAD.
*/
if (((alg_enc & SSL_AESCCM) != 0
&& EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
(unsigned int)rec->length) <= 0)
|| EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
sizeof(recheader)) <= 0
|| EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
(unsigned int)rec->length) <= 0
|| EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
|| (size_t)(lenu + lenf) != rec->length) {
return -1;
}
if (sending) {
/* Add the tag */
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
rec->data + rec->length) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
return -1;
}
rec->length += taglen;
}
return 1;
}