openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Enable the ability to query the COMP_METHOD being used in the record layer 

We also convert to passing COMP_METHOD rather than SSL_COMP to the record
layer. The former is a public type while the latter is internal only - and
the only thing we need from SSL_COMP is the method.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19217)
This commit is contained in:
Matt Caswell 2022-09-15 16:03:02 +01:00
parent 9251c3c4c7
commit 1e76110b72
12 changed files with 60 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/record/methods/dtls_meth.c
View File

@ -628,7 +628,7 @@ dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
size_t ivlen, unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
const OSSL_DISPATCH *fns, void *cbarg,
@ -712,5 +712,6 @@ const OSSL_RECORD_METHOD ossl_dtls_record_method = {
tls_set_max_pipelines,
dtls_set_in_init,
tls_get_state,
tls_set_options
tls_set_options,
tls_get_compression
};

12
ssl/record/methods/ktls_meth.c
View File

@ -375,7 +375,7 @@ static int ktls_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
size_t taglen,
int mactype,
const EVP_MD *md,
const SSL_COMP *comp)
COMP_METHOD *comp)
{
ktls_crypto_info_t crypto_info;
@ -499,7 +499,7 @@ ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
size_t ivlen, unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
const OSSL_DISPATCH *fns, void *cbarg,
@ -520,10 +520,11 @@ ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
/*
* TODO(RECLAYER): We're not ready to set the crypto state for the write
* record layer. Fix this once we are
* record layer in TLSv1.3. Fix this once we are
*/
if (direction == OSSL_RECORD_DIRECTION_WRITE)
if (direction == OSSL_RECORD_DIRECTION_WRITE && vers == TLS1_3_VERSION)
return 1;
ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
ivlen, mackey, mackeylen, ciph,
taglen, mactype, md, comp);
@ -563,5 +564,6 @@ const OSSL_RECORD_METHOD ossl_ktls_record_method = {
tls_set_max_pipelines,
NULL,
tls_get_state,
tls_set_options
tls_set_options,
tls_get_compression
};

5
ssl/record/methods/recmethod_local.h
View File

@ -36,7 +36,7 @@ struct record_functions_st
size_t taglen,
int mactype,
const EVP_MD *md,
const SSL_COMP *comp);
COMP_METHOD *comp);
/*
* Returns:
@ -295,7 +295,7 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
BIO *transport, BIO *next,
BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
@ -327,6 +327,7 @@ void tls_set_max_pipelines(OSSL_RECORD_LAYER *rl, size_t max_pipelines);
void tls_get_state(OSSL_RECORD_LAYER *rl, const char **shortstr,
const char **longstr);
int tls_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options);
const COMP_METHOD *tls_get_compression(OSSL_RECORD_LAYER *rl);
int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl);
int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
size_t firstlen, size_t nextlen);

4
ssl/record/methods/ssl3_meth.c
View File

@ -21,7 +21,7 @@ static int ssl3_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
size_t taglen,
int mactype,
const EVP_MD *md,
const SSL_COMP *comp)
COMP_METHOD *comp)
{
EVP_CIPHER_CTX *ciph_ctx;
@ -43,7 +43,7 @@ static int ssl3_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
}
#ifndef OPENSSL_NO_COMP
if (comp != NULL) {
rl->compctx = COMP_CTX_new(comp->method);
rl->compctx = COMP_CTX_new(comp);
if (rl->compctx == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR);
return OSSL_RECORD_RETURN_FATAL;

2
ssl/record/methods/tls13_meth.c
View File

@ -21,7 +21,7 @@ static int tls13_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
size_t taglen,
int mactype,
const EVP_MD *md,
const SSL_COMP *comp)
COMP_METHOD *comp)
{
EVP_CIPHER_CTX *ciph_ctx;
int mode;

4
ssl/record/methods/tls1_meth.c
View File

@ -22,7 +22,7 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
size_t taglen,
int mactype,
const EVP_MD *md,
const SSL_COMP *comp)
COMP_METHOD *comp)
{
EVP_CIPHER_CTX *ciph_ctx;
EVP_PKEY *mac_key;
@ -45,7 +45,7 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
}
#ifndef OPENSSL_NO_COMP
if (comp != NULL) {
rl->compctx = COMP_CTX_new(comp->method);
rl->compctx = COMP_CTX_new(comp);
if (rl->compctx == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR);
return OSSL_RECORD_RETURN_FATAL;

17
ssl/record/methods/tls_common.c
View File

@ -12,6 +12,7 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/core_names.h>
#include <openssl/comp.h>
#include "internal/e_os.h"
#include "internal/packet.h"
#include "../../ssl_local.h"
@ -1197,7 +1198,7 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
BIO *transport, BIO *next, BIO_ADDR *local,
BIO_ADDR *peer, const OSSL_PARAM *settings,
const OSSL_PARAM *options,
@ -1327,7 +1328,7 @@ tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
size_t ivlen, unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
const OSSL_DISPATCH *fns, void *cbarg,
@ -2140,6 +2141,15 @@ void tls_get_state(OSSL_RECORD_LAYER *rl, const char **shortstr,
*longstr = lng;
}
const COMP_METHOD *tls_get_compression(OSSL_RECORD_LAYER *rl)
{
#ifndef OPENSSL_NO_COMP
return (rl->compctx == NULL) ? NULL : COMP_CTX_get_method(rl->compctx);
#else
return NULL;
#endif
}
const OSSL_RECORD_METHOD ossl_tls_record_method = {
tls_new_record_layer,
tls_free,
@ -2162,5 +2172,6 @@ const OSSL_RECORD_METHOD ossl_tls_record_method = {
tls_set_max_pipelines,
NULL,
tls_get_state,
tls_set_options
tls_set_options,
tls_get_compression
};

2
ssl/record/methods/tlsany_meth.c
View File

@ -20,7 +20,7 @@ static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
size_t taglen,
int mactype,
const EVP_MD *md,
const SSL_COMP *comp)
COMP_METHOD *comp)
{
if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);

3
ssl/record/rec_layer_s3.c
View File

@ -1136,6 +1136,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
unsigned int maxfrag = SSL3_RT_MAX_PLAIN_LENGTH;
int use_early_data = 0;
uint32_t max_early_data;
COMP_METHOD *compm = (comp == NULL) ? NULL : comp->method;
meth = ssl_select_next_record_layer(s, level);
@ -1282,7 +1283,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
s->server, direction, level, epoch,
key, keylen, iv, ivlen, mackey,
mackeylen, ciph, taglen, mactype, md,
comp, prev, thisbio, next, NULL, NULL,
compm, prev, thisbio, next, NULL, NULL,
settings, options, rlayer_dispatch_tmp,
s, &newrl);
BIO_free(prev);

4
ssl/record/recordmethod.h
View File

@ -134,7 +134,7 @@ struct ossl_record_method_st {
size_t taglen,
int mactype,
const EVP_MD *md,
const SSL_COMP *comp,
COMP_METHOD *comp,
BIO *prev,
BIO *transport,
BIO *next,
@ -300,6 +300,8 @@ struct ossl_record_method_st {
* new_record_layer call.
*/
int (*set_options)(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options);
const COMP_METHOD *(*get_compression)(OSSL_RECORD_LAYER *rl);
};

8
ssl/ssl_lib.c
View File

@ -4786,7 +4786,11 @@ const COMP_METHOD *SSL_get_current_compression(const SSL *s)
if (sc == NULL)
return NULL;
return sc->compress ? COMP_CTX_get_method(sc->compress) : NULL;
/* TODO(RECLAYER): Remove me once SSLv3/DTLS moved to write record layer */
if (SSL_CONNECTION_IS_DTLS(sc) || sc->version == SSL3_VERSION)
return sc->compress ? COMP_CTX_get_method(sc->compress) : NULL;
return sc->rlayer.wrlmethod->get_compression(sc->rlayer.wrl);
#else
return NULL;
#endif
@ -4800,7 +4804,7 @@ const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
if (sc == NULL)
return NULL;
return sc->expand ? COMP_CTX_get_method(sc->expand) : NULL;
return sc->rlayer.rrlmethod->get_compression(sc->rlayer.rrl);
#else
return NULL;
#endif

20
test/sslapitest.c
View File

@ -1073,9 +1073,15 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
goto end;
cbuf[0] = count++;
memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
/* TODO(RECLAYER): Remove me once TLSv1.3 write side converted */
if (SSL_CONNECTION_IS_TLS13(serversc)) {
memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
} else {
memcpy(crec_wseq_before, &clientsc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_before, &serversc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
}
memcpy(crec_rseq_before, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_before, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf)))
@ -1096,9 +1102,15 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
}
}
memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
/* TODO(RECLAYER): Remove me once TLSv1.3 write side converted */
if (SSL_CONNECTION_IS_TLS13(serversc)) {
memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
} else {
memcpy(crec_wseq_after, &clientsc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_after, &serversc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
}
memcpy(crec_rseq_after, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_after, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
/* verify the payload */