From 7f2f0ac7bfdd676cd919dd94b971874eade41830 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 20 May 2022 16:54:12 +0100 Subject: Make the record layer directly aware of EtM We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18132) --- crypto/err/openssl.txt | 1 + include/openssl/core_names.h | 1 + include/openssl/sslerr.h | 1 + ssl/record/methods/ktls_meth.c | 142 ++++++++++++++++++++++++++++------- ssl/record/methods/recmethod_local.h | 6 +- ssl/record/methods/ssl3_meth.c | 2 +- ssl/record/methods/tls1_meth.c | 21 +----- ssl/record/methods/tls_common.c | 29 ++++--- ssl/record/rec_layer_s3.c | 59 +++++++-------- ssl/ssl_err.c | 2 + ssl/ssl_local.h | 12 +-- ssl/t1_enc.c | 28 +++---- ssl/tls13_enc.c | 2 +- util/mkerr.pl | 5 +- 14 files changed, 200 insertions(+), 111 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 8c0d2f4793..3f1d844e04 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1529,6 +1529,7 @@ SSL_R_UNKNOWN_CMD_NAME:386:unknown cmd name SSL_R_UNKNOWN_COMMAND:139:unknown command SSL_R_UNKNOWN_DIGEST:368:unknown digest SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE:250:unknown key exchange type +SSL_R_UNKNOWN_MANDATORY_PARAMETER:323:unknown mandatory parameter SSL_R_UNKNOWN_PKEY_TYPE:251:unknown pkey type SSL_R_UNKNOWN_PROTOCOL:252:unknown protocol SSL_R_UNKNOWN_SSL_VERSION:254:unknown ssl version diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 1d866368f7..aadce3c034 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -561,6 +561,7 @@ extern "C" { #define OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS "options" #define OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE "mode" #define OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD "read_ahead" +#define OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM "use_etm" # ifdef __cplusplus } diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 0e46b7b026..8248b641d7 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -320,6 +320,7 @@ # define SSL_R_UNKNOWN_COMMAND 139 # define SSL_R_UNKNOWN_DIGEST 368 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_MANDATORY_PARAMETER 323 # define SSL_R_UNKNOWN_PKEY_TYPE 251 # define SSL_R_UNKNOWN_PROTOCOL 252 # define SSL_R_UNKNOWN_SSL_VERSION 254 diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c index 59f52e4488..dbebb8acf5 100644 --- a/ssl/record/methods/ktls_meth.c +++ b/ssl/record/methods/ktls_meth.c @@ -79,14 +79,13 @@ static int check_rx_read_ahead(SSL_CONNECTION *s, unsigned char *rec_seq) #if defined(__FreeBSD__) # include "crypto/cryptodev.h" -/*- - * Check if a given cipher is supported by the KTLS interface. - * The kernel might still fail the setsockopt() if no suitable - * provider is found, but this checks if the socket option - * supports the cipher suite used at all. +/* + * TODO(RECLAYER): This is essentially a copy of ktls_int_check_supported_cipher + * but using an SSL object instead of an OSSL_RECORD_LAYER object. Once + * everything has been moved to the reocrd layer this can be deleted */ int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c, - size_t taglen) + const EVP_MD *md, size_t taglen) { switch (s->version) { @@ -99,29 +98,73 @@ int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c, return 0; } - switch (s->s3.tmp.new_cipher->algorithm_enc) { - case SSL_AES128GCM: - case SSL_AES256GCM: - return 1; + if (EVP_CIPHER_is_a(c, "AES-128-GCM") + || EVP_CIPHER_is_a(c, "AES-256-GCM") # ifdef OPENSSL_KTLS_CHACHA20_POLY1305 - case SSL_CHACHA20POLY1305: - return 1; + || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305") # endif - case SSL_AES128: - case SSL_AES256: - if (s->ext.use_etm) - return 0; - switch (s->s3.tmp.new_cipher->algorithm_mac) { - case SSL_SHA1: - case SSL_SHA256: - case SSL_SHA384: - return 1; - default: - return 0; - } + ) + return 1; + + if (!EVP_CIPHER_is_a(c, "AES-128-CBC") + && !EVP_CIPHER_is_a(c, "AES-256-CBC")) + return 0; + + if (s->ext.use_etm) + return 0; + + if (md == NULL + || EVP_MD_is_a(md, "SHA1") + || EVP_MD_is_a(md, "SHA2-256") + || EVP_MD_is_a(md, "SHA2-384")) + return 1; + + return 0; +} + +/*- + * Check if a given cipher is supported by the KTLS interface. + * The kernel might still fail the setsockopt() if no suitable + * provider is found, but this checks if the socket option + * supports the cipher suite used at all. + */ +static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl, + const EVP_CIPHER *c, + const EVP_MD *md, + size_t taglen) +{ + switch (rl->version) { + case TLS1_VERSION: + case TLS1_1_VERSION: + case TLS1_2_VERSION: + case TLS1_3_VERSION: + break; default: return 0; } + + if (EVP_CIPHER_is_a(c, "AES-128-GCM") + || EVP_CIPHER_is_a(c, "AES-256-GCM") +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + || EVP_CIPHER_is_a(c, "CHACHA20-POLY1305") +# endif + ) + return 1; + + if (!EVP_CIPHER_is_a(c, "AES-128-CBC") + && !EVP_CIPHER_is_a(c, "AES-256-CBC")) + return 0; + + if (rl->use_etm) + return 0; + + if (md == NULL + || EVP_MD_is_a(md, "SHA1") + || EVP_MD_is_a(md, "SHA2-256") + || EVP_MD_is_a(md, "SHA2-384")) + return 1; + + return 0; } /* Function to configure kernel TLS structure */ @@ -187,9 +230,13 @@ int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c, #if defined(OPENSSL_SYS_LINUX) -/* Function to check supported ciphers in Linux */ +/* + * TODO(RECLAYER): This is essentially a copy of ktls_int_check_supported_cipher + * but using an SSL object instead of an OSSL_RECORD_LAYER object. Once + * everything has been moved to the reocrd layer this can be deleted + */ int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c, - size_t taglen) + const EVP_MD *md, size_t taglen) { switch (s->version) { case TLS1_2_VERSION: @@ -226,6 +273,47 @@ int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c, return 0; } +/* Function to check supported ciphers in Linux */ +static int ktls_int_check_supported_cipher(OSSL_RECORD_LAYER *rl, + const EVP_CIPHER *c, + const EVP_MD *md, + size_t taglen) +{ + switch (rl->version) { + case TLS1_2_VERSION: + case TLS1_3_VERSION: + break; + default: + return 0; + } + + /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 + * or Chacha20-Poly1305 + */ +# ifdef OPENSSL_KTLS_AES_CCM_128 + if (EVP_CIPHER_is_a(c, "AES-128-CCM")) { + if (rl->version == TLS_1_3_VERSION /* broken on 5.x kernels */ + || taglen != EVP_CCM_TLS_TAG_LEN) + return 0; + return 1; + } else +# endif + if (0 +# ifdef OPENSSL_KTLS_AES_GCM_128 + || EVP_CIPHER_is_a(c, "AES-128-GCM") +# endif +# ifdef OPENSSL_KTLS_AES_GCM_256 + || EVP_CIPHER_is_a(c, "AES-256-GCM") +# endif +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + || EVP_CIPHER_is_a(c, "ChaCha20-Poly1305") +# endif + ) { + return 1; + } + return 0; +} + /* Function to configure kernel TLS structure */ int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c, void *rl_sequence, ktls_crypto_info_t *crypto_info, @@ -378,7 +466,7 @@ static int ktls_set_crypto_state(OSSL_RECORD_LAYER *rl, int level, return OSSL_RECORD_RETURN_NON_FATAL_ERR; /* check that cipher is supported */ - if (!ktls_check_supported_cipher(s, ciph, taglen)) + if (!ktls_int_check_supported_cipher(rl, ciph, md, taglen)) return OSSL_RECORD_RETURN_NON_FATAL_ERR; /* diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index 6e3f3ee20c..56fd278e76 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -139,6 +139,9 @@ struct ossl_record_layer_st /* Only used by SSLv3 */ unsigned char mac_secret[EVP_MAX_MD_SIZE]; + /* TLSv1.0/TLSv1.1/TLSv1.2 */ + int use_etm; + /* TLSv1.3 fields */ /* static IV */ unsigned char iv[EVP_MAX_IV_LENGTH]; @@ -177,8 +180,7 @@ void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason, int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl, EVP_CIPHER_CTX *ctx, const EVP_CIPHER *ciph, - const EVP_MD *md, - SSL_CONNECTION *s); + const EVP_MD *md); /* ssl3_cbc.c */ __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); __owur int ssl3_cbc_digest_record(const EVP_MD *md, diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c index fa0e1c28a8..a2761de96a 100644 --- a/ssl/record/methods/ssl3_meth.c +++ b/ssl/record/methods/ssl3_meth.c @@ -61,7 +61,7 @@ static int ssl3_set_crypto_state(OSSL_RECORD_LAYER *rl, int level, } if (EVP_CIPHER_get0_provider(ciph) != NULL - && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md, s)) { + && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) { return OSSL_RECORD_RETURN_FATAL; } diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c index 0b972e975c..d744c6f260 100644 --- a/ssl/record/methods/tls1_meth.c +++ b/ssl/record/methods/tls1_meth.c @@ -34,21 +34,6 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level, if (level != OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) return OSSL_RECORD_RETURN_FATAL; - if (s->ext.use_etm) - s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; - else - s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; - - if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) - s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; - else - s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; - - if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE) - s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE; - else - s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE; - if ((rl->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); return OSSL_RECORD_RETURN_FATAL; @@ -143,7 +128,7 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level, return OSSL_RECORD_RETURN_FATAL; } if (EVP_CIPHER_get0_provider(ciph) != NULL - && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md, s)) + && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) return OSSL_RECORD_RETURN_FATAL; return OSSL_RECORD_RETURN_SUCCESS; @@ -362,7 +347,7 @@ static int tls1_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs, * So if we are in ETM mode, we use seq 'as is' in the ctrl-function. * Otherwise we have to decrease it in the implementation */ - if (sending && !SSL_WRITE_ETM(s)) + if (sending && !rl->use_etm) decrement_seq = 1; seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer) @@ -543,7 +528,7 @@ static int tls1_mac(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md, header[11] = (unsigned char)(rec->length >> 8); header[12] = (unsigned char)(rec->length & 0xff); - if (!sending && !SSL_READ_ETM(ssl) + if (!sending && !rl->use_etm && EVP_CIPHER_CTX_get_mode(rl->enc_read_ctx) == EVP_CIPH_CBC_MODE && ssl3_cbc_record_digest_supported(mac_ctx)) { OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params; diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index accb5b1120..f5d51ef697 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -36,8 +36,7 @@ void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason, int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl, EVP_CIPHER_CTX *ctx, const EVP_CIPHER *ciph, - const EVP_MD *md, - SSL_CONNECTION *s) + const EVP_MD *md) { /* * Provided cipher, the TLS padding/MAC removal is performed provider @@ -48,12 +47,7 @@ int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl, int imacsize = -1; if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0 - /* - * We look at s->ext.use_etm instead of SSL_READ_ETM() or - * SSL_WRITE_ETM() because this test applies to both reading - * and writing. - */ - && !s->ext.use_etm) + && !rl->use_etm) imacsize = EVP_MD_get_size(md); if (imacsize >= 0) macsize = (size_t)imacsize; @@ -662,7 +656,7 @@ static int tls_get_more_records(OSSL_RECORD_LAYER *rl, * If in encrypt-then-mac mode calculate mac from encrypted record. All * the details below are public so no timing details can leak. */ - if (SSL_READ_ETM(s) && rl->read_hash) { + if (rl->use_etm && rl->read_hash) { unsigned char *mac; for (j = 0; j < num_recs; j++) { @@ -748,7 +742,7 @@ static int tls_get_more_records(OSSL_RECORD_LAYER *rl, /* r->length is now the compressed data plus mac */ if ((sess != NULL) && (rl->enc_read_ctx != NULL) - && (!SSL_READ_ETM(s) && EVP_MD_CTX_get0_md(rl->read_hash) != NULL)) { + && (!rl->use_etm && EVP_MD_CTX_get0_md(rl->read_hash) != NULL)) { /* rl->read_hash != NULL => mac_size != -1 */ for (j = 0; j < num_recs; j++) { @@ -1049,6 +1043,21 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, goto err; } + /* Loop through all the settings since they must all be understood */ + for (p = settings; p->key != NULL; p++) { + if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM) == 0) { + if (!OSSL_PARAM_get_int(p, &rl->use_etm)) { + RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER); + goto err; + } + break; + } else { + RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_MANDATORY_PARAMETER); + goto err; + } + } + + if (level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) { /* * We ignore any read_ahead setting prior to the application protection diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 8ea42d19b9..6f40b73c2b 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -15,7 +15,6 @@ #include #include #include -#include #include "record_local.h" #include "internal/packet.h" @@ -1797,18 +1796,18 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int mactype, const EVP_MD *md, const SSL_COMP *comp) { - OSSL_PARAM_BLD *tmpl = NULL; - OSSL_PARAM *options = NULL; + OSSL_PARAM options[4], *opts = options; + OSSL_PARAM settings[2], *set = settings; const OSSL_RECORD_METHOD *origmeth = s->rrlmethod; - int ret = 0; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); const OSSL_RECORD_METHOD *meth; + int use_etm; meth = ssl_select_next_record_layer(s, level); if (s->rrlmethod != NULL && !s->rrlmethod->free(s->rrl)) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - goto err; + return 0; } if (meth != NULL) @@ -1819,20 +1818,25 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, return 0; } - if ((tmpl = OSSL_PARAM_BLD_new()) == NULL - || !OSSL_PARAM_BLD_push_uint64(tmpl, - OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS, - s->options) - || !OSSL_PARAM_BLD_push_uint32(tmpl, - OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE, - s->mode) - || !OSSL_PARAM_BLD_push_int(tmpl, - OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD, - s->rlayer.read_ahead) - || (options = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - goto err; - } + /* Parameters that *may* be supported by a record layer if passed */ + *opts++ = OSSL_PARAM_construct_uint64(OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS, + &s->options); + *opts++ = OSSL_PARAM_construct_uint32(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE, + &s->mode); + *opts++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE, + &s->rlayer.read_ahead); + *opts = OSSL_PARAM_construct_end(); + + /* Parameters that *must* be supported by a record layer if passed */ + if (direction == OSSL_RECORD_DIRECTION_READ) + use_etm = SSL_READ_ETM(s) ? 1 : 0; + else + use_etm = SSL_WRITE_ETM(s) ? 1 : 0; + + if (use_etm) + *set++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM, + &use_etm); + *set = OSSL_PARAM_construct_end(); for (;;) { int rlret; @@ -1843,7 +1847,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, if (s->rrlnext == NULL) { BIO_free(prev); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; + return 0; } rlret = s->rrlmethod->new_record_layer(sctx->libctx, sctx->propq, @@ -1851,13 +1855,13 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, level, key, keylen, iv, ivlen, mackey, mackeylen, ciph, taglen, mactype, md, comp, prev, s->rbio, - s->rrlnext, NULL, NULL, NULL, + s->rrlnext, NULL, NULL, settings, options, &s->rrl, s); BIO_free(prev); switch (rlret) { case OSSL_RECORD_RETURN_FATAL: SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_RECORD_LAYER_FAILURE); - goto err; + return 0; case OSSL_RECORD_RETURN_NON_FATAL_ERR: if (s->rrlmethod != origmeth && origmeth != NULL) { @@ -1869,7 +1873,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, continue; } SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_RECORD_LAYER); - goto err; + return 0; case OSSL_RECORD_RETURN_SUCCESS: break; @@ -1877,15 +1881,10 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, default: /* Should not happen */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; + return 0; } break; } - ret = ssl_post_record_layer_select(s); - err: - OSSL_PARAM_free(options); - OSSL_PARAM_BLD_free(tmpl); - - return ret; + return ssl_post_record_layer_select(s); } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 7abd6de4a2..fb825eb371 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -523,6 +523,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_MANDATORY_PARAMETER), + "unknown mandatory parameter"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SSL_VERSION), diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index b4920a1c12..16cb7d64db 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2861,12 +2861,12 @@ __owur int ssl_log_secret(SSL_CONNECTION *s, const char *label, # ifndef OPENSSL_NO_KTLS /* ktls.c */ int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c, - size_t taglen); -int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c, - void *rl_sequence, ktls_crypto_info_t *crypto_info, - int is_tx, unsigned char *iv, size_t ivlen, - unsigned char *key, size_t keylen, - unsigned char *mac_key, size_t mac_secret_size); + const EVP_MD *md, size_t taglen); +int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c, void *rl_sequence, + ktls_crypto_info_t *crypto_info, int is_tx, + unsigned char *iv, size_t ivlen, unsigned char *key, + size_t keylen, unsigned char *mac_key, + size_t mac_secret_size); # endif __owur int srp_generate_server_master_secret(SSL_CONNECTION *s); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index b7adc9daff..7083cd8151 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -227,22 +227,22 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which) } if (which & SSL3_CC_READ) { - if (SSL_CONNECTION_IS_DTLS(s)) { - if (s->ext.use_etm) - s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; - else - s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; + if (s->ext.use_etm) + s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; + else + s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; - if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) - s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; - else - s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; + if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) + s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; + else + s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; - if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE) - s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE; - else - s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE; + if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE) + s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE; + else + s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE; + if (SSL_CONNECTION_IS_DTLS(s)) { if (s->enc_read_ctx != NULL) { reuse_dd = 1; } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { @@ -425,7 +425,7 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which) goto skip_ktls; /* check that cipher is supported */ - if (!ktls_check_supported_cipher(s, c, taglen)) + if (!ktls_check_supported_cipher(s, c, m, taglen)) goto skip_ktls; if (which & SSL3_CC_WRITE) diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 7e5f551aae..01461894fe 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -743,7 +743,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) goto skip_ktls; /* check that cipher is supported */ - if (!ktls_check_supported_cipher(s, cipher, taglen)) + if (!ktls_check_supported_cipher(s, cipher, NULL, taglen)) goto skip_ktls; if (which & SSL3_CC_WRITE) diff --git a/util/mkerr.pl b/util/mkerr.pl index 1cb772c00f..861b613b0d 100755 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -117,8 +117,9 @@ if ( $internal ) { die "Cannot mix -internal and -static\n" if $static; die "Extra parameters given.\n" if @ARGV; @source = ( glob('crypto/*.c'), glob('crypto/*/*.c'), - glob('ssl/*.c'), glob('ssl/*/*.c'), glob('providers/*.c'), - glob('providers/*/*.c'), glob('providers/*/*/*.c') ); + glob('ssl/*.c'), glob('ssl/*/*.c'), glob('ssl/*/*/*.c'), + glob('providers/*.c'), glob('providers/*/*.c'), + glob('providers/*/*/*.c') ); } else { die "-module isn't useful without -internal\n" if scalar keys %modules > 0; @source = @ARGV; -- cgit v1.2.3