diff options
| author | BoringSSL Robot <178796648329-compute@developer.gserviceaccount.com> | 2024-06-25 00:48:16 +0000 |
|---|---|---|
| committer | BoringSSL Robot <178796648329-compute@developer.gserviceaccount.com> | 2024-06-25 00:48:16 +0000 |
| commit | e6b03733628149a89a1d18b3ef8f39aa1055aba8 (patch) | |
| tree | 119714c7aca644b2ab6805381b891c42239133e6 | |
| parent | 212e1f7754fdf9785c400b99602659168ae625b3 (diff) | |
| parent | 12f0f4bec2a6db53a53748dd6001d1aacaae26ba (diff) | |
| download | boringssl-e6b03733628149a89a1d18b3ef8f39aa1055aba8.zip boringssl-e6b03733628149a89a1d18b3ef8f39aa1055aba8.tar.gz boringssl-e6b03733628149a89a1d18b3ef8f39aa1055aba8.tar.bz2 | |
update main-with-bazel from master branch
| -rw-r--r-- | src/ssl/d1_both.cc | 14 | ||||
| -rw-r--r-- | src/ssl/d1_pkt.cc | 8 | ||||
| -rw-r--r-- | src/ssl/dtls_record.cc | 27 | ||||
| -rw-r--r-- | src/ssl/internal.h | 19 | ||||
| -rw-r--r-- | src/ssl/tls_record.cc | 2 | ||||
| -rw-r--r-- | src/util/fipstools/CMakeLists.txt | 12 | ||||
| -rw-r--r-- | src/util/fipstools/test_fips.c | 36 |
7 files changed, 58 insertions, 60 deletions
diff --git a/src/ssl/d1_both.cc b/src/ssl/d1_both.cc index b910b96..1a68d93 100644 --- a/src/ssl/d1_both.cc +++ b/src/ssl/d1_both.cc @@ -624,16 +624,14 @@ static enum seal_result_t seal_next_message(SSL *ssl, uint8_t *out, assert(ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len); assert(msg == &ssl->d1->outgoing_messages[ssl->d1->outgoing_written]); - enum dtls1_use_epoch_t use_epoch = dtls1_use_current_epoch; - if (ssl->d1->w_epoch >= 1 && msg->epoch == ssl->d1->w_epoch - 1) { - use_epoch = dtls1_use_previous_epoch; - } else if (msg->epoch != ssl->d1->w_epoch) { + if (msg->epoch != ssl->d1->w_epoch && + (ssl->d1->w_epoch == 0 || msg->epoch != ssl->d1->w_epoch - 1)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return seal_error; } - size_t overhead = dtls_max_seal_overhead(ssl, use_epoch); - size_t prefix = dtls_seal_prefix_len(ssl, use_epoch); + size_t overhead = dtls_max_seal_overhead(ssl, msg->epoch); + size_t prefix = dtls_seal_prefix_len(ssl, msg->epoch); if (msg->is_ccs) { // Check there is room for the ChangeCipherSpec. @@ -644,7 +642,7 @@ static enum seal_result_t seal_next_message(SSL *ssl, uint8_t *out, if (!dtls_seal_record(ssl, out, out_len, max_out, SSL3_RT_CHANGE_CIPHER_SPEC, kChangeCipherSpec, - sizeof(kChangeCipherSpec), use_epoch)) { + sizeof(kChangeCipherSpec), msg->epoch)) { return seal_error; } @@ -697,7 +695,7 @@ static enum seal_result_t seal_next_message(SSL *ssl, uint8_t *out, MakeSpan(frag, frag_len)); if (!dtls_seal_record(ssl, out, out_len, max_out, SSL3_RT_HANDSHAKE, - out + prefix, frag_len, use_epoch)) { + out + prefix, frag_len, msg->epoch)) { return seal_error; } diff --git a/src/ssl/d1_pkt.cc b/src/ssl/d1_pkt.cc index b866156..da898b4 100644 --- a/src/ssl/d1_pkt.cc +++ b/src/ssl/d1_pkt.cc @@ -208,7 +208,7 @@ int dtls1_write_app_data(SSL *ssl, bool *out_needs_handshake, } int ret = dtls1_write_record(ssl, SSL3_RT_APPLICATION_DATA, in, - dtls1_use_current_epoch); + ssl->d1->w_epoch); if (ret <= 0) { return ret; } @@ -217,7 +217,7 @@ int dtls1_write_app_data(SSL *ssl, bool *out_needs_handshake, } int dtls1_write_record(SSL *ssl, int type, Span<const uint8_t> in, - enum dtls1_use_epoch_t use_epoch) { + uint16_t epoch) { SSLBuffer *buf = &ssl->s3->write_buffer; assert(in.size() <= SSL3_RT_MAX_PLAIN_LENGTH); // There should never be a pending write buffer in DTLS. One can't write half @@ -235,7 +235,7 @@ int dtls1_write_record(SSL *ssl, int type, Span<const uint8_t> in, in.size() + SSL_max_seal_overhead(ssl)) || !dtls_seal_record(ssl, buf->remaining().data(), &ciphertext_len, buf->remaining().size(), type, in.data(), in.size(), - use_epoch)) { + epoch)) { buf->Clear(); return -1; } @@ -250,7 +250,7 @@ int dtls1_write_record(SSL *ssl, int type, Span<const uint8_t> in, int dtls1_dispatch_alert(SSL *ssl) { int ret = dtls1_write_record(ssl, SSL3_RT_ALERT, ssl->s3->send_alert, - dtls1_use_current_epoch); + ssl->d1->w_epoch); if (ret <= 0) { return ret; } diff --git a/src/ssl/dtls_record.cc b/src/ssl/dtls_record.cc index 068864f..6551aa4 100644 --- a/src/ssl/dtls_record.cc +++ b/src/ssl/dtls_record.cc @@ -258,29 +258,30 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type, } static const SSLAEADContext *get_write_aead(const SSL *ssl, - enum dtls1_use_epoch_t use_epoch) { - if (use_epoch == dtls1_use_previous_epoch) { - assert(ssl->d1->w_epoch >= 1); + uint16_t epoch) { + if (epoch < ssl->d1->w_epoch) { + assert(epoch + 1 == ssl->d1->w_epoch); return ssl->d1->last_aead_write_ctx.get(); } + assert(epoch == ssl->d1->w_epoch); return ssl->s3->aead_write_ctx.get(); } size_t dtls_max_seal_overhead(const SSL *ssl, - enum dtls1_use_epoch_t use_epoch) { - return DTLS1_RT_HEADER_LENGTH + get_write_aead(ssl, use_epoch)->MaxOverhead(); + uint16_t epoch) { + return DTLS1_RT_HEADER_LENGTH + get_write_aead(ssl, epoch)->MaxOverhead(); } -size_t dtls_seal_prefix_len(const SSL *ssl, enum dtls1_use_epoch_t use_epoch) { +size_t dtls_seal_prefix_len(const SSL *ssl, uint16_t epoch) { return DTLS1_RT_HEADER_LENGTH + - get_write_aead(ssl, use_epoch)->ExplicitNonceLen(); + get_write_aead(ssl, epoch)->ExplicitNonceLen(); } bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, uint8_t type, const uint8_t *in, size_t in_len, - enum dtls1_use_epoch_t use_epoch) { - const size_t prefix = dtls_seal_prefix_len(ssl, use_epoch); + uint16_t epoch) { + const size_t prefix = dtls_seal_prefix_len(ssl, epoch); if (buffers_alias(in, in_len, out, max_out) && (max_out < prefix || out + prefix != in)) { OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT); @@ -288,14 +289,14 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, } // Determine the parameters for the current epoch. - uint16_t epoch = ssl->d1->w_epoch; SSLAEADContext *aead = ssl->s3->aead_write_ctx.get(); uint64_t *seq = &ssl->s3->write_sequence; - if (use_epoch == dtls1_use_previous_epoch) { - assert(ssl->d1->w_epoch >= 1); - epoch = ssl->d1->w_epoch - 1; + if (epoch < ssl->d1->w_epoch) { + assert(epoch + 1 == ssl->d1->w_epoch); aead = ssl->d1->last_aead_write_ctx.get(); seq = &ssl->d1->last_write_sequence; + } else { + assert(epoch == ssl->d1->w_epoch); } if (max_out < DTLS1_RT_HEADER_LENGTH) { diff --git a/src/ssl/internal.h b/src/ssl/internal.h index 2e44641..4db9f17 100644 --- a/src/ssl/internal.h +++ b/src/ssl/internal.h @@ -1044,26 +1044,21 @@ size_t ssl_seal_align_prefix_len(const SSL *ssl); bool tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, uint8_t type, const uint8_t *in, size_t in_len); -enum dtls1_use_epoch_t { - dtls1_use_previous_epoch, - dtls1_use_current_epoch, -}; - // dtls_max_seal_overhead returns the maximum overhead, in bytes, of sealing a // record. -size_t dtls_max_seal_overhead(const SSL *ssl, enum dtls1_use_epoch_t use_epoch); +size_t dtls_max_seal_overhead(const SSL *ssl, uint16_t epoch); // dtls_seal_prefix_len returns the number of bytes of prefix to reserve in // front of the plaintext when sealing a record in-place. -size_t dtls_seal_prefix_len(const SSL *ssl, enum dtls1_use_epoch_t use_epoch); +size_t dtls_seal_prefix_len(const SSL *ssl, uint16_t epoch); -// dtls_seal_record implements |tls_seal_record| for DTLS. |use_epoch| selects -// which epoch's cipher state to use. Unlike |tls_seal_record|, |in| and |out| -// may alias but, if they do, |in| must be exactly |dtls_seal_prefix_len| bytes +// dtls_seal_record implements |tls_seal_record| for DTLS. |epoch| selects which +// epoch's cipher state to use. Unlike |tls_seal_record|, |in| and |out| may +// alias but, if they do, |in| must be exactly |dtls_seal_prefix_len| bytes // ahead of |out|. bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, uint8_t type, const uint8_t *in, size_t in_len, - enum dtls1_use_epoch_t use_epoch); + uint16_t epoch); // ssl_process_alert processes |in| as an alert and updates |ssl|'s shutdown // state. It returns one of |ssl_open_record_discard|, |ssl_open_record_error|, @@ -3379,7 +3374,7 @@ int dtls1_write_app_data(SSL *ssl, bool *out_needs_handshake, // dtls1_write_record sends a record. It returns one on success and <= 0 on // error. int dtls1_write_record(SSL *ssl, int type, Span<const uint8_t> in, - enum dtls1_use_epoch_t use_epoch); + uint16_t epoch); int dtls1_retransmit_outgoing_messages(SSL *ssl); bool dtls1_parse_fragment(CBS *cbs, struct hm_header_st *out_hdr, diff --git a/src/ssl/tls_record.cc b/src/ssl/tls_record.cc index 395b9a4..5a820f6 100644 --- a/src/ssl/tls_record.cc +++ b/src/ssl/tls_record.cc @@ -606,7 +606,7 @@ using namespace bssl; size_t SSL_max_seal_overhead(const SSL *ssl) { if (SSL_is_dtls(ssl)) { - return dtls_max_seal_overhead(ssl, dtls1_use_current_epoch); + return dtls_max_seal_overhead(ssl, ssl->d1->w_epoch); } size_t ret = SSL3_RT_HEADER_LENGTH; diff --git a/src/util/fipstools/CMakeLists.txt b/src/util/fipstools/CMakeLists.txt index 87abf0a..69e1284 100644 --- a/src/util/fipstools/CMakeLists.txt +++ b/src/util/fipstools/CMakeLists.txt @@ -1,8 +1,6 @@ -if(FIPS) - add_executable( - test_fips +add_executable( + test_fips - test_fips.c - ) - target_link_libraries(test_fips crypto) -endif() + test_fips.c +) +target_link_libraries(test_fips crypto) diff --git a/src/util/fipstools/test_fips.c b/src/util/fipstools/test_fips.c index bb36853..d225a5d 100644 --- a/src/util/fipstools/test_fips.c +++ b/src/util/fipstools/test_fips.c @@ -37,7 +37,9 @@ #include "../../crypto/fipsmodule/tls/internal.h" #include "../../crypto/internal.h" +OPENSSL_MSVC_PRAGMA(warning(disable : 4295)) +#if defined(BORINGSSL_FIPS) static void hexdump(const void *a, size_t len) { const unsigned char *in = (const unsigned char *)a; for (size_t i = 0; i < len; i++) { @@ -46,6 +48,7 @@ static void hexdump(const void *a, size_t len) { printf("\n"); } +#endif int main(int argc, char **argv) { // Ensure that the output is line-buffered rather than fully buffered. When @@ -67,12 +70,17 @@ int main(int argc, char **argv) { printf("Module: '%s', version: %" PRIu32 " hash:\n", FIPS_module_name(), module_version); -#if !defined(OPENSSL_ASAN) - hexdump(FIPS_module_hash(), SHA256_DIGEST_LENGTH); +#if !defined(BORINGSSL_FIPS) + // |module_version| will be zero, so the non-FIPS build will never get + // this far. + printf("Non zero module version in non-FIPS build - should not happen!\n"); + goto err; #else +#if defined(OPENSSL_ASAN) printf("(not available when compiled for ASAN)"); +#else + hexdump(FIPS_module_hash(), SHA256_DIGEST_LENGTH); #endif - printf("\n"); static const uint8_t kAESKey[16] = "BoringCrypto Key"; static const uint8_t kPlaintext[64] = @@ -149,8 +157,8 @@ int main(int argc, char **argv) { printf("About to AES-GCM open "); hexdump(output, out_len); if (!EVP_AEAD_CTX_open(&aead_ctx, output, &out_len, sizeof(output), nonce, - EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()), - output, out_len, NULL, 0)) { + EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()), output, + out_len, NULL, 0)) { printf("AES-GCM decrypt failed\n"); goto err; } @@ -178,8 +186,8 @@ int main(int argc, char **argv) { memcpy(&des_iv, &kDESIV, sizeof(des_iv)); printf("About to 3DES-CBC decrypt "); hexdump(kPlaintext, sizeof(kPlaintext)); - DES_ede3_cbc_encrypt(output, output, sizeof(kPlaintext), &des1, - &des2, &des3, &des_iv, DES_DECRYPT); + DES_ede3_cbc_encrypt(output, output, sizeof(kPlaintext), &des1, &des2, &des3, + &des_iv, DES_DECRYPT); printf(" got "); hexdump(output, sizeof(kPlaintext)); @@ -281,9 +289,8 @@ int main(int argc, char **argv) { hexdump(kPlaintextSHA256, sizeof(kPlaintextSHA256)); ECDSA_SIG *sig = ECDSA_do_sign(kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key); - if (sig == NULL || - !ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig, - ec_key)) { + if (sig == NULL || !ECDSA_do_verify(kPlaintextSHA256, + sizeof(kPlaintextSHA256), sig, ec_key)) { printf("ECDSA Sign/Verify PWCT failed.\n"); goto err; } @@ -305,7 +312,7 @@ int main(int argc, char **argv) { /* ECDSA with an invalid public key. */ ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - static const uint8_t kNotValidX926[] = {1,2,3,4,5,6}; + static const uint8_t kNotValidX926[] = {1, 2, 3, 4, 5, 6}; if (!EC_KEY_oct2key(ec_key, kNotValidX926, sizeof(kNotValidX926), /*ctx=*/NULL)) { printf("Error while parsing invalid ECDSA public key\n"); @@ -387,10 +394,8 @@ int main(int argc, char **argv) { /* FFDH */ printf("About to compute FFDH key-agreement:\n"); DH *dh = DH_get_rfc7919_2048(); - uint8_t dh_result[2048/8]; - if (!dh || - !DH_generate_key(dh) || - sizeof(dh_result) != DH_size(dh) || + uint8_t dh_result[2048 / 8]; + if (!dh || !DH_generate_key(dh) || sizeof(dh_result) != DH_size(dh) || DH_compute_key_padded(dh_result, DH_get0_pub_key(dh), dh) != sizeof(dh_result)) { fprintf(stderr, "FFDH failed.\n"); @@ -403,6 +408,7 @@ int main(int argc, char **argv) { printf("PASS\n"); return 0; +#endif // !defined(BORINGSSL_FIPS) err: printf("FAIL\n"); |