Further support for sequence numbers and MAC verification (2da80d47) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/err/openssl.txt

+5 −0

Original line number	Diff line number	Diff line
		@@ -1365,10 +1365,12 @@ SSL_F_TLMSP_CONSTRUCT_MIDDLEBOX_KEY_MATERIAL:645:\
		SSL_F_TLMSP_CONSTRUCT_SERVER_KEY_EXCHANGE:692:\
		tlmsp_construct_server_key_exchange
		SSL_F_TLMSP_CONSTRUCT_STOC_TLMSP:646:tlmsp_construct_stoc_tlmsp
		SSL_F_TLMSP_CONTAINER_CHECK_MAC:722:tlmsp_container_check_mac
		SSL_F_TLMSP_CONTAINER_ENC:647:tlmsp_container_enc
		SSL_F_TLMSP_CONTAINER_FORWARDING_MAC:648:tlmsp_container_forwarding_mac
		SSL_F_TLMSP_CONTAINER_MAC:649:tlmsp_container_mac
		SSL_F_TLMSP_CONTAINER_READ:650:TLMSP_container_read
		SSL_F_TLMSP_CONTAINER_READER_CHECK_MAC:721:tlmsp_container_reader_check_mac
		SSL_F_TLMSP_CONTAINER_WRITE:651:TLMSP_container_write
		SSL_F_TLMSP_CONTEXT_ACCESS_ADD:652:TLMSP_context_access_add
		SSL_F_TLMSP_DERIVE_KEYS:653:tlmsp_derive_keys
		@@ -1438,12 +1440,15 @@ SSL_F_TLMSP_READ_CONTAINER:720:tlmsp_read_container
		SSL_F_TLMSP_READ_FORWARDING_MAC:670:tlmsp_read_forwarding_mac
		SSL_F_TLMSP_READ_FORWARDING_MACS:671:tlmsp_read_forwarding_macs
		SSL_F_TLMSP_READ_FRAGMENT:672:tlmsp_read_fragment
		SSL_F_TLMSP_READ_M_INFO:725:tlmsp_read_m_info
		SSL_F_TLMSP_READ_WRITER_MAC:673:tlmsp_read_writer_mac
		SSL_F_TLMSP_RECORD_ENC:674:tlmsp_record_enc
		SSL_F_TLMSP_RECORD_MAC:675:tlmsp_record_mac
		SSL_F_TLMSP_RESET_CIPHER:676:tlmsp_reset_cipher
		SSL_F_TLMSP_SETUP_ADVANCE_KEYS:677:tlmsp_setup_advance_keys
		SSL_F_TLMSP_SETUP_KEY_BLOCK:678:tlmsp_setup_key_block
		SSL_F_TLMSP_VERIFY_FORWARDING_MAC:724:tlmsp_verify_forwarding_mac
		SSL_F_TLMSP_VERIFY_READER_MAC:723:tlmsp_verify_reader_mac
		SSL_F_TLMSP_WRITE_BYTES:679:tlmsp_write_bytes
		SSL_F_TLMSP_WRITE_FORWARDING_MAC:680:tlmsp_write_forwarding_mac
		SSL_F_TLMSP_WRITE_FORWARDING_MACS:681:tlmsp_write_forwarding_macs

include/openssl/sslerr.h

+5 −0

Original line number	Diff line number	Diff line
		@@ -271,10 +271,12 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLMSP_CONSTRUCT_MIDDLEBOX_KEY_MATERIAL 645
		# define SSL_F_TLMSP_CONSTRUCT_SERVER_KEY_EXCHANGE 692
		# define SSL_F_TLMSP_CONSTRUCT_STOC_TLMSP 646
		# define SSL_F_TLMSP_CONTAINER_CHECK_MAC 722
		# define SSL_F_TLMSP_CONTAINER_ENC 647
		# define SSL_F_TLMSP_CONTAINER_FORWARDING_MAC 648
		# define SSL_F_TLMSP_CONTAINER_MAC 649
		# define SSL_F_TLMSP_CONTAINER_READ 650
		# define SSL_F_TLMSP_CONTAINER_READER_CHECK_MAC 721
		# define SSL_F_TLMSP_CONTAINER_WRITE 651
		# define SSL_F_TLMSP_CONTEXT_ACCESS_ADD 652
		# define SSL_F_TLMSP_DERIVE_KEYS 653
		@@ -327,12 +329,15 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLMSP_READ_FORWARDING_MAC 670
		# define SSL_F_TLMSP_READ_FORWARDING_MACS 671
		# define SSL_F_TLMSP_READ_FRAGMENT 672
		# define SSL_F_TLMSP_READ_M_INFO 725
		# define SSL_F_TLMSP_READ_WRITER_MAC 673
		# define SSL_F_TLMSP_RECORD_ENC 674
		# define SSL_F_TLMSP_RECORD_MAC 675
		# define SSL_F_TLMSP_RESET_CIPHER 676
		# define SSL_F_TLMSP_SETUP_ADVANCE_KEYS 677
		# define SSL_F_TLMSP_SETUP_KEY_BLOCK 678
		# define SSL_F_TLMSP_VERIFY_FORWARDING_MAC 724
		# define SSL_F_TLMSP_VERIFY_READER_MAC 723
		# define SSL_F_TLMSP_WRITE_BYTES 679
		# define SSL_F_TLMSP_WRITE_FORWARDING_MAC 680
		# define SSL_F_TLMSP_WRITE_FORWARDING_MACS 681

ssl/build.info

+1 −1

Original line number	Diff line number	Diff line
		@@ -5,7 +5,7 @@ SOURCE[../libssl]=\
		statem/statem_lib.c statem/extensions.c statem/extensions_srvr.c \
		statem/extensions_clnt.c statem/extensions_cust.c s3_cbc.c s3_msg.c \
		methods.c t1_lib.c t1_enc.c tls13_enc.c \
		tlmsp_addr.c tlmsp_buf.c tlmsp_con.c tlmsp_ctx.c tlmsp_enc.c tlmsp_ext.c tlmsp_fin.c tlmsp_key.c tlmsp_lib.c tlmsp_mbx.c tlmsp_mbx_msg.c tlmsp_msg.c \
		tlmsp_addr.c tlmsp_buf.c tlmsp_con.c tlmsp_ctx.c tlmsp_enc.c tlmsp_ext.c tlmsp_fin.c tlmsp_key.c tlmsp_lib.c tlmsp_mbx.c tlmsp_mbx_msg.c tlmsp_msg.c tlmsp_seq.c \
		d1_lib.c record/rec_layer_d1.c d1_msg.c \
		statem/statem_dtls.c d1_srtp.c \
		ssl_lib.c ssl_cert.c ssl_sess.c \

ssl/record/rec_layer_s3.c

+12 −0

Original line number	Diff line number	Diff line
		@@ -892,6 +892,18 @@ int do_ssl3_write(SSL s, int type, const unsigned char buf,
		if (s->compress != NULL)
		maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;

		/*
		* If this is a TLMSP context 0 record type, update our transmit
		* sequence number here.
		*/
		if (SSL_IS_TLMSP(s) && tlmsp_record_context0(s, rectype)) {
		if (!tlmsp_sequence_transmit(s, 0)) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
		ERR_R_INTERNAL_ERROR);
		goto err;
		}
		}

		/* write the header */
		if (!WPACKET_put_bytes_u8(thispkt, rectype)
		\|\| !WPACKET_put_bytes_u16(thispkt, version)

ssl/record/ssl3_record.c

+12 −0

Original line number	Diff line number	Diff line
		@@ -525,6 +525,18 @@ int ssl3_get_record(SSL *s)
		}
		}

		/*
		* If we are using TLMSP and this is a context 0 record, advance the
		* receive sequence number.
		*/
		if (SSL_IS_TLMSP(s) && tlmsp_record_context0(s, thisrr->type)) {
		if (!tlmsp_sequence_receive(s, tlmsp_record_author(s, thisrr->input, thisrr->length), 0)) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
		ERR_R_INTERNAL_ERROR);
		return -1;
		}
		}

		/*
		* If in encrypt-then-mac mode calculate mac from encrypted record. All
		* the details below are public so no timing details can leak.