Skip to content

Commit

Permalink
fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Adds D…
Browse files Browse the repository at this point in the history 
…TLS 1.3 ACK message functionality
  • Loading branch information
@fwh-dc
fwh-dc committed Oct 11, 2024
1 parent fab205a commit a99bc8f
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 6 deletions.
19 changes: 15 additions & 4 deletions ssl/record/methods/dtls_meth.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -361,14 +361,13 @@ static int dtls_retrieve_rlayer_buffered_record(OSSL_RECORD_LAYER *rl,
}

/* rfc9147 section 4.2.3 */
int dtls_crypt_sequence_number(EVP_CIPHER_CTX *ctx, unsigned char *seq,
int dtls_crypt_sequence_number(EVP_CIPHER_CTX *ctx, unsigned char *seq, size_t seq_len,
unsigned char *rec_data, size_t rec_data_offs)
{
unsigned char mask[16];
int outlen, inlen;
unsigned char *iv, *in;
size_t i;
size_t seq_len = 6;

if (ossl_assert(sizeof(mask) > rec_data_offs))
inlen = (int)(sizeof(mask) - rec_data_offs);
Expand All @@ -388,6 +387,9 @@ int dtls_crypt_sequence_number(EVP_CIPHER_CTX *ctx, unsigned char *seq,
|| outlen != 0)
return 0;

if (!ossl_assert(sizeof(mask) > seq_len))
return 0;

for (i = 0; i < seq_len; i++)
seq[i] ^= mask[i];

Expand All @@ -413,6 +415,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
TLS_RL_RECORD *rr;
DTLS_BITMAP *bitmap;
unsigned int is_next_epoch;
unsigned char recseqnum[6];

rl->num_recs = 0;
rl->curr_rec = 0;
Expand Down Expand Up @@ -463,7 +466,7 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
|| !PACKET_get_1(&pkt, &record_type)
|| !PACKET_get_net_2(&pkt, &version)
|| !PACKET_get_net_2(&pkt, &epoch)
|| !PACKET_get_net_6(&pkt, &rl->sequence)
|| !PACKET_copy_bytes(&pkt, recseqnum, sizeof(recseqnum))
|| !PACKET_get_net_2_len(&pkt, &rr->length)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
Expand Down Expand Up @@ -558,7 +561,8 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
*/
if (rl->sn_enc_ctx != NULL
&& (rl->packet_length < DTLS1_RT_HEADER_LENGTH + 16
|| !dtls_crypt_sequence_number(rl->sn_enc_ctx, &(rl->sequence[2]),
|| !dtls_crypt_sequence_number(rl->sn_enc_ctx, recseqnum,
sizeof(recseqnum),
rl->packet + DTLS1_RT_HEADER_LENGTH,
rl->sn_enc_offs))) {
/* sequence number encryption failed dump record */
Expand All @@ -567,6 +571,13 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl)
goto again;
}

rl->sequence = ((uint64_t)recseqnum[0]) << 40;
rl->sequence ^= ((uint64_t)recseqnum[1]) << 32;
rl->sequence ^= ((uint64_t)recseqnum[2]) << 24;
rl->sequence ^= ((uint64_t)recseqnum[3]) << 16;
rl->sequence ^= ((uint64_t)recseqnum[4]) << 8;
rl->sequence ^= ((uint64_t)recseqnum[5]) << 0;

/* match epochs. NULL means the packet is dropped on the floor */
bitmap = dtls_get_bitmap(rl, rr, &is_next_epoch);
if (bitmap == NULL) {
Expand Down
2 changes: 1 addition & 1 deletion ssl/record/methods/recmethod_local.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -421,7 +421,7 @@ int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
int clearold, size_t *readbytes);
int tls_get_more_records(OSSL_RECORD_LAYER *rl);

int dtls_crypt_sequence_number(EVP_CIPHER_CTX *ctx, unsigned char *seq,
int dtls_crypt_sequence_number(EVP_CIPHER_CTX *ctx, unsigned char *seq, size_t seq_len,
unsigned char *rec_data, size_t rec_data_offs);
int dtls_get_more_records(OSSL_RECORD_LAYER *rl);

Expand Down
2 changes: 1 addition & 1 deletion ssl/record/methods/tls_common.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1715,7 +1715,7 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,

recordstart = WPACKET_get_curr(thispkt) - len - headerlen;

if (!dtls_crypt_sequence_number(rl->sn_enc_ctx, recordstart + DTLS1_RT_HEADER_SEQ_OFFS,
if (!dtls_crypt_sequence_number(rl->sn_enc_ctx, recordstart + DTLS1_RT_HEADER_SEQ_OFFS, 6,
recordstart + DTLS1_RT_HEADER_LENGTH,
rl->sn_enc_offs)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
Expand Down

0 comments on commit a99bc8f

Please sign in to comment.