Make the NULL cipher TLS aware

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
author: Matt Caswell <matt@openssl.org> 2020-06-22 10:51:48 +0100
committer: Matt Caswell <matt@openssl.org> 2020-07-06 09:26:09 +0100
commit: 1ae7354c049cb3e45bfb17c0c1bf3ff04814fa4d (patch)
tree: 630ef8873b328fe89ef50a97548dee1b678d5c87 /providers
parent: 27d4c840fc399fe0d4550a5b88e91ecca887d1a4 (diff)
1 files changed, 75 insertions, 8 deletions
diff --git a/providers/implementations/ciphers/cipher_null.c b/providers/implementations/ciphers/cipher_null.c
index 3018a5b075..713d29e3e8 100644
--- a/providers/implementations/ciphers/cipher_null.c
+++ b/providers/implementations/ciphers/cipher_null.c
@@ -14,22 +14,37 @@
 #include "prov/ciphercommon.h"
 #include "prov/providercommonerr.h"
 
+typedef struct prov_cipher_null_ctx_st {
+    int enc;
+    size_t tlsmacsize;
+    const unsigned char *tlsmac;
+} PROV_CIPHER_NULL_CTX;
+
 static OSSL_FUNC_cipher_newctx_fn null_newctx;
 static void *null_newctx(void *provctx)
 {
-    static int dummy = 0;
-
-    return &dummy;
+    return OPENSSL_zalloc(sizeof(PROV_CIPHER_NULL_CTX));
 }
 
 static OSSL_FUNC_cipher_freectx_fn null_freectx;
 static void null_freectx(void *vctx)
 {
+    OPENSSL_free(vctx);
+}
+
+static OSSL_FUNC_cipher_encrypt_init_fn null_einit;
+static int null_einit(void *vctx, const unsigned char *key, size_t keylen,
+                      const unsigned char *iv, size_t ivlen)
+{
+    PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx;
+
+    ctx->enc = 1;
+    return 1;
 }
 
-static OSSL_FUNC_cipher_encrypt_init_fn null_init;
-static int null_init(void *vctx, const unsigned char *key, size_t keylen,
-                     const unsigned char *iv, size_t ivlen)
+static OSSL_FUNC_cipher_decrypt_init_fn null_dinit;
+static int null_dinit(void *vctx, const unsigned char *key, size_t keylen,
+                      const unsigned char *iv, size_t ivlen)
 {
     return 1;
 }
@@ -38,6 +53,18 @@ static OSSL_FUNC_cipher_cipher_fn null_cipher;
 static int null_cipher(void *vctx, unsigned char *out, size_t *outl,
                        size_t outsize, const unsigned char *in, size_t inl)
 {
+    PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx;
+
+    if (!ctx->enc && ctx->tlsmacsize > 0) {
+        /*
+         * TLS NULL cipher as per:
+         * https://tools.ietf.org/html/rfc5246#section-6.2.3.1
+         */
+        if (inl < ctx->tlsmacsize)
+            return 0;
+        ctx->tlsmac = in + inl - ctx->tlsmacsize;
+        inl -= ctx->tlsmacsize;
+    }
     if (outsize < inl)
         return 0;
     if (in != out)
@@ -63,6 +90,7 @@ static int null_get_params(OSSL_PARAM params[])
 static const OSSL_PARAM null_known_gettable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+    { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
     OSSL_PARAM_END
 };
 
@@ -75,6 +103,7 @@ static const OSSL_PARAM *null_gettable_ctx_params(void)
 static OSSL_FUNC_cipher_get_ctx_params_fn null_get_ctx_params;
 static int null_get_ctx_params(void *vctx, OSSL_PARAM params[])
 {
+    PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx;
     OSSL_PARAM *p;
 
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
@@ -87,6 +116,41 @@ static int null_get_ctx_params(void *vctx, OSSL_PARAM params[])
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC);
+    if (p != NULL
+        && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    return 1;
+}
+
+static const OSSL_PARAM null_known_settable_ctx_params[] = {
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL),
+    OSSL_PARAM_END
+};
+
+static OSSL_FUNC_cipher_settable_ctx_params_fn null_settable_ctx_params;
+static const OSSL_PARAM *null_settable_ctx_params(void)
+{
+    return null_known_settable_ctx_params;
+}
+
+
+static OSSL_FUNC_cipher_set_ctx_params_fn null_set_ctx_params;
+static int null_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx;
+    const OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE);
+    if (p != NULL) {
+        if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+    }
+
     return 1;
 }
 
@@ -95,8 +159,8 @@ const OSSL_DISPATCH null_functions[] = {
       (void (*)(void)) null_newctx },
     { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) null_freectx },
     { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) null_newctx },
-    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))null_init },
-    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))null_init },
+    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))null_einit },
+    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))null_dinit },
     { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))null_cipher },
     { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))null_final },
     { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))null_cipher },
@@ -106,5 +170,8 @@ const OSSL_DISPATCH null_functions[] = {
     { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, (void (*)(void))null_get_ctx_params },
     { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,
       (void (*)(void))null_gettable_ctx_params },
+    { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, (void (*)(void))null_set_ctx_params },
+    { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,
+      (void (*)(void))null_settable_ctx_params },
     { 0, NULL }
 };
author	Matt Caswell <matt@openssl.org>	2020-06-22 10:51:48 +0100
committer	Matt Caswell <matt@openssl.org>	2020-07-06 09:26:09 +0100
commit	1ae7354c049cb3e45bfb17c0c1bf3ff04814fa4d (patch)
tree	630ef8873b328fe89ef50a97548dee1b678d5c87 /providers
parent	27d4c840fc399fe0d4550a5b88e91ecca887d1a4 (diff)