New Russian TLS 1.2 implementation

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442)
author: Dmitry Belyavskiy <beldmit@gmail.com> 2020-03-30 18:09:24 +0300
committer: Dmitry Belyavskiy <beldmit@gmail.com> 2020-05-19 13:02:43 +0300
commit: 5a5530a29abcf5d7ab7194d73b3807d568b06cbd (patch)
tree: 4084ebfee1f5e052d892e6b406c5b9358920170c /ssl/record
parent: 0e139a02d59323e5d9c0ad87ea9c8c3914696b83 (diff)
1 files changed, 32 insertions, 2 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 24b42098db..a2f7f848d1 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -977,6 +977,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
     unsigned char padval;
     int imac_size;
     const EVP_CIPHER *enc;
+    int tlstree_enc = sending ? (s->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE)
+                              : (s->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE);
 
     if (n_recs == 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
@@ -1156,6 +1158,27 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
             }
         }
 
+        if (!SSL_IS_DTLS(s) && tlstree_enc) {
+            unsigned char *seq;
+            int decrement_seq = 0;
+
+            /*
+             * When sending, seq is incremented after MAC calculation.
+             * So if we are in ETM mode, we use seq 'as is' in the ctrl-function.
+             * Otherwise we have to decrease it in the implementation
+             */
+            if (sending && !SSL_WRITE_ETM(s))
+                decrement_seq = 1;
+
+            seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
+                          : RECORD_LAYER_get_read_sequence(&s->rlayer);
+            if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_TLSTREE, decrement_seq, seq) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         ERR_R_INTERNAL_ERROR);
+              return -1;
+            }
+        }
+
         /* TODO(size_t): Convert this call */
         tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input,
                           (unsigned int)reclen[0]);
@@ -1319,8 +1342,10 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
     int i;
     EVP_MD_CTX *hmac = NULL, *mac_ctx;
     unsigned char header[13];
-    int stream_mac = (sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
-                      : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
+    int stream_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
+                             : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM);
+    int tlstree_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE)
+                              : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE);
     int t;
 
     if (sending) {
@@ -1348,6 +1373,11 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
         mac_ctx = hmac;
     }
 
+    if (!SSL_IS_DTLS(ssl) && tlstree_mac && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) {
+        EVP_MD_CTX_free(hmac);
+        return 0;
+    }
+
     if (SSL_IS_DTLS(ssl)) {
         unsigned char dtlsseq[8], *p = dtlsseq;
author	Dmitry Belyavskiy <beldmit@gmail.com>	2020-03-30 18:09:24 +0300
committer	Dmitry Belyavskiy <beldmit@gmail.com>	2020-05-19 13:02:43 +0300
commit	5a5530a29abcf5d7ab7194d73b3807d568b06cbd (patch)
tree	4084ebfee1f5e052d892e6b406c5b9358920170c /ssl/record
parent	0e139a02d59323e5d9c0ad87ea9c8c3914696b83 (diff)