mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

Convert the TLSv1.0/1.1/1.2 crypto code to use the new write record layer

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19217)
This commit is contained in:
Matt Caswell 2022-09-14 15:24:10 +01:00
parent 8302259013
commit 9251c3c4c7
7 changed files with 183 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/record/methods/dtls_meth.c
View File

@ -237,7 +237,7 @@ static int dtls_process_record(OSSL_RECORD_LAYER *rl, DTLS_BITMAP *bitmap)
}
/* r->length is now just compressed */
if (rl->expand != NULL) {
if (rl->compctx != NULL) {
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
SSL_R_COMPRESSED_LENGTH_TOO_LONG);

7
ssl/record/methods/recmethod_local.h
View File

@ -160,11 +160,14 @@ struct ossl_record_layer_st
/* cryptographic state */
EVP_CIPHER_CTX *enc_ctx;
/* Explicit IV length */
size_t eivlen;
/* used for mac generation */
EVP_MD_CTX *md_ctx;
/* uncompress */
COMP_CTX *expand;
/* compress/uncompress */
COMP_CTX *compctx;
/* Set to 1 if this is the first handshake. 0 otherwise */
int is_first_handshake;

4
ssl/record/methods/ssl3_meth.c
View File

@ -43,8 +43,8 @@ static int ssl3_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
}
#ifndef OPENSSL_NO_COMP
if (comp != NULL) {
rl->expand = COMP_CTX_new(comp->method);
if (rl->expand == NULL) {
rl->compctx = COMP_CTX_new(comp->method);
if (rl->compctx == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}

35
ssl/record/methods/tls1_meth.c
View File

@ -26,6 +26,7 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
{
EVP_CIPHER_CTX *ciph_ctx;
EVP_PKEY *mac_key;
int enc = (rl->direction == OSSL_RECORD_DIRECTION_WRITE) ? 1 : 0;
if (level != OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)
return OSSL_RECORD_RETURN_FATAL;
@ -44,8 +45,8 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
}
#ifndef OPENSSL_NO_COMP
if (comp != NULL) {
rl->expand = COMP_CTX_new(comp->method);
if (rl->expand == NULL) {
rl->compctx = COMP_CTX_new(comp->method);
if (rl->compctx == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
@ -82,26 +83,26 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
}
if (EVP_CIPHER_get_mode(ciph) == EVP_CIPH_GCM_MODE) {
if (!EVP_DecryptInit_ex(ciph_ctx, ciph, NULL, key, NULL)
if (!EVP_CipherInit_ex(ciph_ctx, ciph, NULL, key, NULL, enc)
|| EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_GCM_SET_IV_FIXED,
(int)ivlen, iv) <= 0) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
} else if (EVP_CIPHER_get_mode(ciph) == EVP_CIPH_CCM_MODE) {
if (!EVP_DecryptInit_ex(ciph_ctx, ciph, NULL, NULL, NULL)
if (!EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, enc)
|| EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, 12,
NULL) <= 0
|| EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
(int)taglen, NULL) <= 0
|| EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_CCM_SET_IV_FIXED,
(int)ivlen, iv) <= 0
|| !EVP_DecryptInit_ex(ciph_ctx, NULL, NULL, key, NULL)) {
|| !EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, enc)) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
} else {
if (!EVP_DecryptInit_ex(ciph_ctx, ciph, NULL, key, iv)) {
if (!EVP_CipherInit_ex(ciph_ctx, ciph, NULL, key, iv, enc)) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
@ -118,6 +119,28 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
&& !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md))
return OSSL_RECORD_RETURN_FATAL;
/* Calculate the explict IV length */
if (RLAYER_USE_EXPLICIT_IV(rl)) {
int mode = EVP_CIPHER_CTX_get_mode(ciph_ctx);
int eivlen = 0;
if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_get_iv_length(ciph_ctx);
if (eivlen < 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
return OSSL_RECORD_RETURN_FATAL;
}
if (eivlen <= 1)
eivlen = 0;
} else if (mode == EVP_CIPH_GCM_MODE) {
/* Need explicit part of IV for GCM mode */
eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
} else if (mode == EVP_CIPH_CCM_MODE) {
eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
}
rl->eivlen = (size_t)eivlen;
}
return OSSL_RECORD_RETURN_SUCCESS;
}

194
ssl/record/methods/tls_common.c
View File

@ -159,7 +159,7 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
defltlen = ssl_get_max_send_fragment(s)
+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
#ifndef OPENSSL_NO_COMP
if (ssl_allow_compression(s))
if (tls_allow_compression(rl))
defltlen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
if (!(rl->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
@ -968,7 +968,7 @@ int tls_default_validate_record_header(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
* If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH
* does not include the compression overhead anyway.
*/
if (rl->expand == NULL)
if (rl->compctx == NULL)
len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
@ -981,6 +981,25 @@ int tls_default_validate_record_header(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
return 1;
}
static int tls_do_compress(OSSL_RECORD_LAYER *rl, SSL3_RECORD *wr)
{
#ifndef OPENSSL_NO_COMP
int i;
i = COMP_compress_block(rl->compctx, wr->data,
(int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD),
wr->input, (int)wr->length);
if (i < 0)
return 0;
wr->length = i;
wr->input = wr->data;
return 1;
#else
return 0;
#endif
}
int tls_do_uncompress(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
{
#ifndef OPENSSL_NO_COMP
@ -993,7 +1012,7 @@ int tls_do_uncompress(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
if (rec->comp == NULL)
return 0;
i = COMP_expand_block(rl->expand, rec->comp, SSL3_RT_MAX_PLAIN_LENGTH,
i = COMP_expand_block(rl->compctx, rec->comp, SSL3_RT_MAX_PLAIN_LENGTH,
rec->data, (int)rec->length);
if (i < 0)
return 0;
@ -1009,7 +1028,7 @@ int tls_do_uncompress(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
/* Shared by tlsany_meth, ssl3_meth and tls1_meth */
int tls_default_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
{
if (rl->expand != NULL) {
if (rl->compctx != NULL) {
if (rec->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
SSL_R_COMPRESSED_LENGTH_TOO_LONG);
@ -1371,7 +1390,7 @@ static void tls_int_free(OSSL_RECORD_LAYER *rl)
EVP_CIPHER_CTX_free(rl->enc_ctx);
EVP_MD_CTX_free(rl->md_ctx);
#ifndef OPENSSL_NO_COMP
COMP_CTX_free(rl->expand);
COMP_CTX_free(rl->compctx);
#endif
if (rl->version == SSL3_VERSION)
@ -1488,11 +1507,9 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
WPACKET *thispkt;
SSL3_RECORD *thiswr;
unsigned char *recordstart;
int mac_size, clear = 0, ret = 0;
int eivlen = 0;
int mac_size = 0, ret = 0;
size_t align = 0;
SSL3_BUFFER *wb;
SSL_SESSION *sess;
size_t len, wpinited = 0;
size_t j, prefix = 0;
int using_ktls;
@ -1502,28 +1519,37 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE prefixtempl;
OSSL_RECORD_TEMPLATE *thistempl;
sess = s->session;
/*
* TODO(RECLAYER): Remove this once SSLv3/TLSv1.3/DTLS crypto has
* been moved to the new write record layer.
*/
if (rl->version == SSL3_VERSION
|| rl->version == TLS1_3_VERSION
|| rl->isdtls) {
SSL_SESSION *sess = s->session;
if ((sess == NULL)
|| (s->enc_write_ctx == NULL)
|| (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) {
clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
mac_size = 0;
if ((sess == NULL)
|| (s->enc_write_ctx == NULL)
|| (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) {
mac_size = 0;
} else {
mac_size = EVP_MD_CTX_get_size(s->write_hash);
if (mac_size < 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
}
} else {
mac_size = EVP_MD_CTX_get_size(s->write_hash);
if (mac_size < 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
if (rl->md_ctx != NULL && EVP_MD_CTX_get0_md(rl->md_ctx) != NULL) {
mac_size = EVP_MD_CTX_get_size(rl->md_ctx);
if (mac_size < 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
}
}
/*
* 'create_empty_fragment' is true only when we have recursively called
* ourselves.
* Do we need to do that recursion in order to add an empty record prefix?
*/
/* Do we need to add an empty record prefix? */
prefix = rl->need_empty_fragments
&& !clear
&& templates[0].type == SSL3_RT_APPLICATION_DATA;
/*
@ -1601,28 +1627,6 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
}
}
if (!using_ktls) {
/* Explicit IV length, block ciphers appropriate version flag */
if (s->enc_write_ctx != NULL && RLAYER_USE_EXPLICIT_IV(rl)
&& rl->version != TLS1_3_VERSION) {
int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx);
if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx);
if (eivlen < 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
goto err;
}
if (eivlen <= 1)
eivlen = 0;
} else if (mode == EVP_CIPH_GCM_MODE) {
/* Need explicit part of IV for GCM mode */
eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
} else if (mode == EVP_CIPH_CCM_MODE) {
eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
}
}
}
/* Clear our SSL3_RECORD structures */
memset(wr, 0, sizeof(wr));
for (j = 0; j < numtempl + prefix; j++) {
@ -1651,7 +1655,7 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
SSL3_RECORD_set_rec_version(thiswr, thistempl->version);
maxcomplen = thistempl->buflen;
if (s->compress != NULL)
if (rl->compctx != NULL)
maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
/*
@ -1662,8 +1666,8 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
&& (!WPACKET_put_bytes_u8(thispkt, rectype)
|| !WPACKET_put_bytes_u16(thispkt, thistempl->version)
|| !WPACKET_start_sub_packet_u16(thispkt)
|| (eivlen > 0
&& !WPACKET_allocate_bytes(thispkt, eivlen, NULL))
|| (rl->eivlen > 0
&& !WPACKET_allocate_bytes(thispkt, rl->eivlen, NULL))
|| (maxcomplen > 0
&& !WPACKET_reserve_bytes(thispkt, maxcomplen,
&compressdata)))) {
@ -1683,8 +1687,8 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
*/
/* first we compress */
if (s->compress != NULL) {
if (!ssl3_do_compress(s, thiswr)
if (rl->compctx != NULL) {
if (!tls_do_compress(rl, thiswr)
|| !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE);
goto err;
@ -1761,10 +1765,24 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
if (!using_ktls && !rl->use_etm && mac_size != 0) {
unsigned char *mac;
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !ssl->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
/*
* TODO(RECLAYER): Remove this once SSLv3/TLSv1.3/DTLS crypto has
* been moved to the new write record layer.
*/
if (rl->version == SSL3_VERSION
|| rl->version == TLS1_3_VERSION
|| rl->isdtls) {
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !ssl->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
} else {
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !rl->funcs->mac(rl, thiswr, mac, 1)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
}
}
@ -1807,17 +1825,44 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
} else {
if (!using_ktls) {
if (prefix) {
if (ssl->method->ssl3_enc->enc(s, wr, 1, 1, NULL, mac_size) < 1) {
/*
* TODO(RECLAYER): Remove this once SSLv3 crypto has been moved
* to the new write record layer.
*/
if (rl->version == SSL3_VERSION) {
if (ssl->method->ssl3_enc->enc(s, wr, 1, 1, NULL, mac_size) < 1) {
if (!ossl_statem_in_error(s))
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
} else {
if (rl->funcs->cipher(rl, wr, 1, 1, NULL, mac_size) < 1) {
if (!ossl_statem_in_error(s))
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
}
}
/*
* TODO(RECLAYER): Remove this once SSLv3/TLSv1.3/DTLS crypto has
* been moved to the new write record layer.
*/
if (rl->version == SSL3_VERSION
|| rl->version == TLS1_3_VERSION
|| rl->isdtls) {
if (ssl->method->ssl3_enc->enc(s, wr + prefix, numtempl, 1, NULL,
mac_size) < 1) {
if (!ossl_statem_in_error(s))
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
} else {
if (rl->funcs->cipher(rl, wr + prefix, numtempl, 1, NULL,
mac_size) < 1) {
if (!ossl_statem_in_error(s))
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
}
if (ssl->method->ssl3_enc->enc(s, wr + prefix, numtempl, 1, NULL,
mac_size) < 1) {
if (!ossl_statem_in_error(s))
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
}
}
@ -1847,11 +1892,26 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
if (rl->use_etm && mac_size != 0) {
unsigned char *mac;
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !ssl->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
/*
* TODO(RECLAYER): Remove this once SSLv3/TLSv1.3/DTLS crypto has
* been moved to the new write record layer.
*/
if (rl->version == SSL3_VERSION
|| rl->version == TLS1_3_VERSION
|| rl->isdtls) {
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !ssl->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
} else {
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !rl->funcs->mac(rl, thiswr, mac, 1)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
}
SSL3_RECORD_add_length(thiswr, mac_size);
}

33
ssl/record/methods/tls_multib.c
View File

@ -24,17 +24,14 @@ static int tls_is_multiblock_capable(OSSL_RECORD_LAYER *rl, int type,
size_t len, size_t fraglen)
{
#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
/* TODO(RECLAYER): REMOVE ME */
SSL_CONNECTION *s = rl->cbarg;
if (type == SSL3_RT_APPLICATION_DATA
&& len >= 4 * fraglen
&& s->compress == NULL
&& rl->compctx == NULL
&& rl->msg_callback == NULL
&& !rl->use_etm
&& RLAYER_USE_EXPLICIT_IV(rl)
&& !BIO_get_ktls_send(s->wbio)
&& (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx))
&& !BIO_get_ktls_send(rl->bio)
&& (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl->enc_ctx))
& EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) != 0)
return 1;
#endif
@ -73,8 +70,6 @@ static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
size_t i;
size_t totlen;
SSL3_BUFFER *wb;
/* TODO(RECLAYER): Remove me */
SSL_CONNECTION *s = rl->cbarg;
unsigned char aad[13];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
size_t packlen;
@ -113,9 +108,9 @@ static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
* multiblock write in the call to tls_setup_write_buffer() - the different
* buffer sizes will be spotted and the buffer reallocated.
*/
packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
(int)templates[0].buflen, NULL);
packlen = EVP_CIPHER_CTX_ctrl(rl->enc_ctx,
EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
(int)templates[0].buflen, NULL);
packlen *= numtempl;
if (!tls_setup_write_buffer(rl, 1, packlen, packlen)) {
/* RLAYERfatal() already called */
@ -124,7 +119,7 @@ static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
wb = &rl->wbuf[0];
mb_param.interleave = numtempl;
memcpy(aad, s->rlayer.write_sequence, 8);
memcpy(aad, rl->sequence, 8);
aad[8] = templates[0].type;
aad[9] = (unsigned char)(templates[0].version >> 8);
aad[10] = (unsigned char)(templates[0].version);
@ -134,9 +129,9 @@ static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
mb_param.inp = aad;
mb_param.len = totlen;
packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
sizeof(mb_param), &mb_param);
packleni = EVP_CIPHER_CTX_ctrl(rl->enc_ctx,
EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
sizeof(mb_param), &mb_param);
packlen = (size_t)packleni;
if (packleni <= 0 || packlen > wb->len) { /* never happens */
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -147,17 +142,17 @@ static int tls_write_records_multiblock_int(OSSL_RECORD_LAYER *rl,
mb_param.inp = templates[0].buf;
mb_param.len = totlen;
if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
if (EVP_CIPHER_CTX_ctrl(rl->enc_ctx,
EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
sizeof(mb_param), &mb_param) <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
s->rlayer.write_sequence[7] += mb_param.interleave;
if (s->rlayer.write_sequence[7] < mb_param.interleave) {
rl->sequence[7] += mb_param.interleave;
if (rl->sequence[7] < mb_param.interleave) {
int j = 6;
while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ;
while (j >= 0 && (++rl->sequence[j--]) == 0) ;
}
wb->offset = 0;

6
ssl/t1_enc.c
View File

@ -252,7 +252,7 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which)
goto err;
}
/* TODO(RECLAYER): Temporary - remove me when write rlayer done*/
/* TODO(RECLAYER): Temporary - remove me when DTLS write rlayer done*/
goto skip_ktls;
} else {
s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
@ -281,6 +281,10 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which)
goto err;
}
/* TODO(RECLAYER): Temporary - remove me when DTLS write rlayer done*/
if (!SSL_CONNECTION_IS_DTLS(s))
goto skip_ktls;
if (s->enc_write_ctx != NULL && !SSL_CONNECTION_IS_DTLS(s)) {
reuse_dd = 1;
} else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {