diff options
author | Matt Caswell <matt@openssl.org> | 2020-06-22 10:51:48 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-07-06 09:26:09 +0100 |
commit | 1ae7354c049cb3e45bfb17c0c1bf3ff04814fa4d (patch) | |
tree | 630ef8873b328fe89ef50a97548dee1b678d5c87 /providers | |
parent | 27d4c840fc399fe0d4550a5b88e91ecca887d1a4 (diff) |
Make the NULL cipher TLS aware
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/ciphers/cipher_null.c | 83 |
1 files changed, 75 insertions, 8 deletions
diff --git a/providers/implementations/ciphers/cipher_null.c b/providers/implementations/ciphers/cipher_null.c index 3018a5b075..713d29e3e8 100644 --- a/providers/implementations/ciphers/cipher_null.c +++ b/providers/implementations/ciphers/cipher_null.c @@ -14,22 +14,37 @@ #include "prov/ciphercommon.h" #include "prov/providercommonerr.h" +typedef struct prov_cipher_null_ctx_st { + int enc; + size_t tlsmacsize; + const unsigned char *tlsmac; +} PROV_CIPHER_NULL_CTX; + static OSSL_FUNC_cipher_newctx_fn null_newctx; static void *null_newctx(void *provctx) { - static int dummy = 0; - - return &dummy; + return OPENSSL_zalloc(sizeof(PROV_CIPHER_NULL_CTX)); } static OSSL_FUNC_cipher_freectx_fn null_freectx; static void null_freectx(void *vctx) { + OPENSSL_free(vctx); +} + +static OSSL_FUNC_cipher_encrypt_init_fn null_einit; +static int null_einit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) +{ + PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; + + ctx->enc = 1; + return 1; } -static OSSL_FUNC_cipher_encrypt_init_fn null_init; -static int null_init(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) +static OSSL_FUNC_cipher_decrypt_init_fn null_dinit; +static int null_dinit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) { return 1; } @@ -38,6 +53,18 @@ static OSSL_FUNC_cipher_cipher_fn null_cipher; static int null_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize, const unsigned char *in, size_t inl) { + PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; + + if (!ctx->enc && ctx->tlsmacsize > 0) { + /* + * TLS NULL cipher as per: + * https://tools.ietf.org/html/rfc5246#section-6.2.3.1 + */ + if (inl < ctx->tlsmacsize) + return 0; + ctx->tlsmac = in + inl - ctx->tlsmacsize; + inl -= ctx->tlsmacsize; + } if (outsize < inl) return 0; if (in != out) @@ -63,6 +90,7 @@ static int null_get_params(OSSL_PARAM params[]) static const OSSL_PARAM null_known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), + { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED }, OSSL_PARAM_END }; @@ -75,6 +103,7 @@ static const OSSL_PARAM *null_gettable_ctx_params(void) static OSSL_FUNC_cipher_get_ctx_params_fn null_get_ctx_params; static int null_get_ctx_params(void *vctx, OSSL_PARAM params[]) { + PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; OSSL_PARAM *p; p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); @@ -87,6 +116,41 @@ static int null_get_ctx_params(void *vctx, OSSL_PARAM params[]) ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC); + if (p != NULL + && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + return 1; +} + +static const OSSL_PARAM null_known_settable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL), + OSSL_PARAM_END +}; + +static OSSL_FUNC_cipher_settable_ctx_params_fn null_settable_ctx_params; +static const OSSL_PARAM *null_settable_ctx_params(void) +{ + return null_known_settable_ctx_params; +} + + +static OSSL_FUNC_cipher_set_ctx_params_fn null_set_ctx_params; +static int null_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE); + if (p != NULL) { + if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + } + return 1; } @@ -95,8 +159,8 @@ const OSSL_DISPATCH null_functions[] = { (void (*)(void)) null_newctx }, { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) null_freectx }, { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) null_newctx }, - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))null_init }, - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))null_init }, + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))null_einit }, + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))null_dinit }, { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))null_cipher }, { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))null_final }, { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))null_cipher }, @@ -106,5 +170,8 @@ const OSSL_DISPATCH null_functions[] = { { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))null_get_ctx_params }, { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, (void (*)(void))null_gettable_ctx_params }, + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, (void (*)(void))null_set_ctx_params }, + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, + (void (*)(void))null_settable_ctx_params }, { 0, NULL } }; |