-/* $OpenBSD: ssl_locl.h,v 1.331 2021/03/27 17:56:28 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.332 2021/03/29 16:19:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int ssl3_handshake_write(SSL *s);
int ssl3_record_write(SSL *s, int type);
-void tls1_record_sequence_increment(unsigned char *seq);
int ssl3_do_change_cipher_spec(SSL *ssl);
int dtls1_do_write(SSL *s, int type);
-/* $OpenBSD: t1_enc.c,v 1.135 2021/03/24 18:44:00 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.136 2021/03/29 16:19:15 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
S3I(s)->hs.tls12.key_block_len = 0;
}
-void
-tls1_record_sequence_increment(unsigned char *seq)
-{
- int i;
-
- for (i = SSL3_SEQUENCE_SIZE - 1; i >= 0; i--) {
- if (++seq[i] != 0)
- break;
- }
-}
-
/*
* TLS P_hash() data expansion function - see RFC 5246, section 5.
*/
-/* $OpenBSD: tls12_record_layer.c,v 1.24 2021/03/21 19:08:22 tb Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.25 2021/03/29 16:19:15 jsing Exp $ */
/*
* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
*
#include "ssl_locl.h"
+#define TLS12_RECORD_SEQ_NUM_LEN 8
+
struct tls12_record_protection {
uint16_t epoch;
- uint8_t seq_num[SSL3_SEQUENCE_SIZE];
+ uint8_t seq_num[TLS12_RECORD_SEQ_NUM_LEN];
SSL_AEAD_CTX *aead_ctx;
sizeof(rl->write->seq_num));
}
+static const uint8_t tls12_max_seq_num[TLS12_RECORD_SEQ_NUM_LEN] = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+int
+tls12_record_layer_inc_seq_num(struct tls12_record_layer *rl, uint8_t *seq_num)
+{
+ CBS max_seq_num;
+ int i;
+
+ /*
+ * RFC 5246 section 6.1 and RFC 6347 section 4.1 - both TLS and DTLS
+ * sequence numbers must not wrap. Note that for DTLS the first two
+ * bytes are used as an "epoch" and not part of the sequence number.
+ */
+ CBS_init(&max_seq_num, seq_num, TLS12_RECORD_SEQ_NUM_LEN);
+ if (rl->dtls) {
+ if (!CBS_skip(&max_seq_num, 2))
+ return 0;
+ }
+ if (CBS_mem_equal(&max_seq_num, tls12_max_seq_num,
+ CBS_len(&max_seq_num)))
+ return 0;
+
+ for (i = TLS12_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--) {
+ if (++seq_num[i] != 0)
+ break;
+ }
+
+ return 1;
+}
+
static int
tls12_record_layer_set_mac_key(struct tls12_record_protection *rp,
const uint8_t *mac_key, size_t mac_key_len)
return 0;
}
- if (!rl->dtls)
- tls1_record_sequence_increment(rl->read->seq_num);
+ if (!rl->dtls) {
+ if (!tls12_record_layer_inc_seq_num(rl, rl->read->seq_num))
+ return 0;
+ }
return 1;
}
if (!CBB_flush(cbb))
goto err;
- tls1_record_sequence_increment(rl->write->seq_num);
+ if (!tls12_record_layer_inc_seq_num(rl, rl->write->seq_num))
+ goto err;
ret = 1;
projects / openbsd / commitdiff