diff options
| author | Tomas Mraz <tomas@openssl.org> | 2022-11-11 16:18:48 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-02-08 16:20:55 +0100 |
| commit | 25624c9087d5422c3bb93cd987a066cb7c883a16 (patch) | |
| tree | ed3b762338f9a08a0fcccfbe09d32f18c5e15bb2 /ssl | |
| parent | 416a9286859d444e5a77bbdcc73f0c35b34e574b (diff) | |
Rationalize FIPS sources
Avoid including QUIC related stuff in the FIPS sources.
Also avoid including libssl headers in ssl3_cbc.c.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19658)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/quic/quic_rx_depack.c | 2 | ||||
| -rw-r--r-- | ssl/record/methods/recmethod_local.h | 30 | ||||
| -rw-r--r-- | ssl/record/methods/ssl3_cbc.c | 9 | ||||
| -rw-r--r-- | ssl/record/methods/ssl3_meth.c | 1 | ||||
| -rw-r--r-- | ssl/record/methods/tls1_meth.c | 1 | ||||
| -rw-r--r-- | ssl/record/methods/tls_common.c | 1 | ||||
| -rw-r--r-- | ssl/record/methods/tls_pad.c | 19 | ||||
| -rw-r--r-- | ssl/ssl_local.h | 90 |
8 files changed, 10 insertions, 143 deletions
diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c index 3892c76086..939df84c9d 100644 --- a/ssl/quic/quic_rx_depack.c +++ b/ssl/quic/quic_rx_depack.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "internal/packet.h" +#include "internal/packet_quic.h" #include "internal/nelem.h" #include "internal/quic_wire.h" #include "internal/quic_record_rx.h" diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index e07193531a..beac10e9eb 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -407,36 +407,6 @@ int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl, const EVP_CIPHER *ciph, const EVP_MD *md); -/* tls_pad.c */ -int ssl3_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - OSSL_LIB_CTX *libctx); - -int tls1_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - int aead, - OSSL_LIB_CTX *libctx); - -/* ssl3_cbc.c */ -__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); -__owur int ssl3_cbc_digest_record(const EVP_MD *md, - unsigned char *md_out, - size_t *md_out_size, - const unsigned char *header, - const unsigned char *data, - size_t data_size, - size_t data_plus_mac_plus_padding_size, - const unsigned char *mac_secret, - size_t mac_secret_length, char is_sslv3); - int tls_increment_sequence_ctr(OSSL_RECORD_LAYER *rl); int tls_alloc_buffers(OSSL_RECORD_LAYER *rl); int tls_free_buffers(OSSL_RECORD_LAYER *rl); diff --git a/ssl/record/methods/ssl3_cbc.c b/ssl/record/methods/ssl3_cbc.c index 25f3d9e1c6..b42f5a39ff 100644 --- a/ssl/record/methods/ssl3_cbc.c +++ b/ssl/record/methods/ssl3_cbc.c @@ -22,17 +22,16 @@ */ #include "internal/deprecated.h" -#include "recmethod_local.h" - -#include "internal/constant_time.h" -#include "internal/cryptlib.h" - #include <openssl/evp.h> #ifndef FIPS_MODULE # include <openssl/md5.h> #endif #include <openssl/sha.h> +#include "internal/ssl3_cbc.h" +#include "internal/constant_time.h" +#include "internal/cryptlib.h" + /* * MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's * length field. (SHA-384/512 have 128-bit length.) diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c index 279a3d11e8..a38fccae7b 100644 --- a/ssl/record/methods/ssl3_meth.c +++ b/ssl/record/methods/ssl3_meth.c @@ -9,6 +9,7 @@ #include <openssl/evp.h> #include <openssl/core_names.h> +#include "internal/ssl3_cbc.h" #include "../../ssl_local.h" #include "../record_local.h" #include "recmethod_local.h" diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c index be26e5dec0..139da76fc6 100644 --- a/ssl/record/methods/tls1_meth.c +++ b/ssl/record/methods/tls1_meth.c @@ -11,6 +11,7 @@ #include <openssl/core_names.h> #include <openssl/rand.h> #include <openssl/ssl.h> +#include "internal/ssl3_cbc.h" #include "../../ssl_local.h" #include "../record_local.h" #include "recmethod_local.h" diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index b1f6a6433b..69745f902b 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -16,6 +16,7 @@ #include <openssl/ssl.h> #include "internal/e_os.h" #include "internal/packet.h" +#include "internal/ssl3_cbc.h" #include "../../ssl_local.h" #include "../record_local.h" #include "recmethod_local.h" diff --git a/ssl/record/methods/tls_pad.c b/ssl/record/methods/tls_pad.c index 7311c8266a..d326a7608a 100644 --- a/ssl/record/methods/tls_pad.c +++ b/ssl/record/methods/tls_pad.c @@ -9,8 +9,10 @@ #include <openssl/rand.h> #include <openssl/evp.h> + #include "internal/constant_time.h" #include "internal/cryptlib.h" +#include "internal/ssl3_cbc.h" /* * This file has no dependencies on the rest of libssl because it is shared @@ -31,23 +33,6 @@ static int ssl3_cbc_copy_mac(size_t *reclen, size_t good, OSSL_LIB_CTX *libctx); -int ssl3_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - OSSL_LIB_CTX *libctx); - -int tls1_cbc_remove_padding_and_mac(size_t *reclen, - size_t origreclen, - unsigned char *recdata, - unsigned char **mac, - int *alloced, - size_t block_size, size_t mac_size, - int aead, - OSSL_LIB_CTX *libctx); - /*- * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC * record in |recdata| by updating |reclen| in constant time. It also extracts diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 65634a24ef..130cf385a9 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -43,96 +43,6 @@ # define OPENSSL_EXTERN OPENSSL_EXPORT # endif -# define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24)) - -/* NOTE - c is not incremented as per c2l */ -# define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff)) - -# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ - l|=((unsigned long)(*((c)++)))<<16, \ - l|=((unsigned long)(*((c)++)))<< 8, \ - l|=((unsigned long)(*((c)++)))) - -# define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ - l|=((uint64_t)(*((c)++)))<<48, \ - l|=((uint64_t)(*((c)++)))<<40, \ - l|=((uint64_t)(*((c)++)))<<32, \ - l|=((uint64_t)(*((c)++)))<<24, \ - l|=((uint64_t)(*((c)++)))<<16, \ - l|=((uint64_t)(*((c)++)))<< 8, \ - l|=((uint64_t)(*((c)++)))) - - -# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -# define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* NOTE - c is not incremented as per l2c */ -# define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -# define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \ - (((unsigned int)((c)[1])) )),(c)+=2) -# define s2n(s,c) (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \ - (c)[1]=(unsigned char)(((s) )&0xff)),(c)+=2) - -# define n2l3(c,l) ((l =(((unsigned long)((c)[0]))<<16)| \ - (((unsigned long)((c)[1]))<< 8)| \ - (((unsigned long)((c)[2])) )),(c)+=3) - -# define l2n3(l,c) (((c)[0]=(unsigned char)(((l)>>16)&0xff), \ - (c)[1]=(unsigned char)(((l)>> 8)&0xff), \ - (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3) - # define TLS_MAX_VERSION_INTERNAL TLS1_3_VERSION # define DTLS_MAX_VERSION_INTERNAL DTLS1_2_VERSION |