Skip to content

Commit

Permalink
fixup! Add support for integrity-only cipher suites for TLS v1.3
Browse files Browse the repository at this point in the history
  • Loading branch information
@rajeev-0
rajeev-0 committed Jan 16, 2024
1 parent 38fc3b5 commit 7e33e58
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 50 deletions.
64 changes: 30 additions & 34 deletions providers/implementations/ciphers/cipher_enull_hmac.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -49,17 +49,15 @@ static void enull_hmac_freectx(void *vctx)

static void *enull_hmac_dupctx(void *vctx)
{
PROV_ENULL_HMAC_CTX *ctx = (PROV_ENULL_HMAC_CTX *)vctx;
PROV_ENULL_HMAC_CTX *dupctx = NULL;
PROV_ENULL_HMAC_CTX *ctx = (PROV_ENULL_HMAC_CTX *)vctx, *dupctx;

if (ctx != NULL)
if (ctx == NULL)
return NULL;

dupctx = OPENSSL_memdup(ctx, sizeof(*dupctx));
if (dupctx == NULL)
return NULL;

memset(&dupctx->md, 0, sizeof(dupctx->md));
if (!ossl_prov_digest_copy(&dupctx->md, &ctx->md))
goto err;

Expand Down Expand Up @@ -145,6 +143,7 @@ static int enull_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[])
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
/* The key length can not be modified */
if (len != ctx->base.keylen) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
Expand All @@ -156,6 +155,7 @@ static int enull_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[])
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
/* The iv length can not be modified */
if (len != ctx->base.ivlen) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
return 0;
Expand All @@ -178,14 +178,14 @@ static int enull_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[])
}
memcpy(ctx->tag, p->data, p->data_size);
}
ctx->tag_len = p->data_size;
}
return 1;
}

static const OSSL_PARAM enull_hmac_known_settable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
OSSL_PARAM_END
};
const OSSL_PARAM *enull_hmac_settable_ctx_params(ossl_unused void *cctx,
Expand Down Expand Up @@ -276,16 +276,18 @@ static int enull_hmac_final(void *vctx, unsigned char *out, size_t *outl,
return 1;
}

#define IMPLEMENT_cipher(lcmd, UCMD, flags, kbits, blkbits, ivbits) \
static OSSL_FUNC_cipher_get_params_fn enull_hmac_##lcmd##_get_params; \
static int enull_hmac_##lcmd##_get_params(OSSL_PARAM params[]) \
#define OSSL_DISPATCHALG(num, name) {OSSL_FUNC_CIPHER_##num, \
(void (*)(void))name}
#define IMPLEMENT_cipher(cmd, CMD, flags, kbits, blkbits, ivbits) \
static OSSL_FUNC_cipher_get_params_fn enull_hmac_##cmd##_get_params; \
static int enull_hmac_##cmd##_get_params(OSSL_PARAM params[]) \
{ \
return ossl_cipher_generic_get_params(params, 0, flags, \
kbits, blkbits, ivbits); \
} \
\
static OSSL_FUNC_cipher_newctx_fn enull_hmac_##lcmd##_newctx; \
static void *enull_hmac_##lcmd##_newctx(void *provctx) \
static OSSL_FUNC_cipher_newctx_fn enull_hmac_##cmd##_newctx; \
static void *enull_hmac_##cmd##_newctx(void *provctx) \
{ \
PROV_ENULL_HMAC_CTX *ctx; \
\
Expand All @@ -300,38 +302,32 @@ static void *enull_hmac_##lcmd##_newctx(void *provctx) \
return NULL; \
} \
if (ossl_prov_digest_fetch(&ctx->md, PROV_LIBCTX_OF(provctx), \
#UCMD, NULL) == NULL) { \
#CMD, NULL) == NULL) { \
enull_hmac_freectx(ctx); \
return NULL; \
} \
ctx->tag_len = ENULL_HMAC_##UCMD##_TAGLEN; \
ctx->tag_len = ENULL_HMAC_##CMD##_TAGLEN; \
ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, 0, flags, \
ossl_prov_cipher_hw_enull_hmac(kbits), \
provctx); \
return ctx; \
} \
\
const OSSL_DISPATCH ossl_enull_hmac_##lcmd##_functions[] = { \
{ OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))enull_hmac_##lcmd##_newctx }, \
{ OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))enull_hmac_freectx }, \
{ OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))enull_hmac_dupctx }, \
{ OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))enull_hmac_einit }, \
{ OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))enull_hmac_dinit }, \
{ OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))enull_hmac_update }, \
{ OSSL_FUNC_CIPHER_FINAL, (void (*)(void))enull_hmac_final }, \
{ OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))enull_hmac_cipher}, \
{ OSSL_FUNC_CIPHER_GET_PARAMS, \
(void (*)(void))enull_hmac_##lcmd##_get_params }, \
{ OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
(void (*)(void))enull_hmac_gettable_params }, \
{ OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
(void (*)(void))enull_hmac_get_ctx_params }, \
{ OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
(void (*)(void))enull_hmac_gettable_ctx_params }, \
{ OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
(void (*)(void))enull_hmac_set_ctx_params }, \
{ OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
(void (*)(void))enull_hmac_settable_ctx_params }, \
const OSSL_DISPATCH ossl_enull_hmac_##cmd##_functions[] = { \
OSSL_DISPATCHALG(NEWCTX, enull_hmac_##cmd##_newctx), \
OSSL_DISPATCHALG(FREECTX, enull_hmac_freectx), \
OSSL_DISPATCHALG(DUPCTX, enull_hmac_dupctx), \
OSSL_DISPATCHALG(ENCRYPT_INIT, enull_hmac_einit), \
OSSL_DISPATCHALG(DECRYPT_INIT, enull_hmac_dinit), \
OSSL_DISPATCHALG(UPDATE, enull_hmac_update), \
OSSL_DISPATCHALG(FINAL, enull_hmac_final), \
OSSL_DISPATCHALG(CIPHER, enull_hmac_cipher), \
OSSL_DISPATCHALG(GET_PARAMS, enull_hmac_##cmd##_get_params), \
OSSL_DISPATCHALG(GETTABLE_PARAMS, enull_hmac_gettable_params), \
OSSL_DISPATCHALG(GET_CTX_PARAMS, enull_hmac_get_ctx_params), \
OSSL_DISPATCHALG(GETTABLE_CTX_PARAMS, enull_hmac_gettable_ctx_params), \
OSSL_DISPATCHALG(SET_CTX_PARAMS, enull_hmac_set_ctx_params), \
OSSL_DISPATCHALG(SETTABLE_CTX_PARAMS, enull_hmac_settable_ctx_params), \
OSSL_DISPATCH_END \
}

Expand Down
21 changes: 10 additions & 11 deletions providers/implementations/ciphers/cipher_enull_hmac.h
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand All @@ -15,18 +15,18 @@
#define ENULL_HMAC_SHA256_KEYLEN 32
#define ENULL_HMAC_SHA256_BLKLEN 1
#define ENULL_HMAC_SHA256_TAGLEN 32
#define ENULL_HMAC_SHA256_IVLEN 32
#define ENULL_HMAC_SHA256_MODE 0
#define ENULL_HMAC_SHA256_FLAGS (PROV_CIPHER_FLAG_AEAD \
| PROV_CIPHER_FLAG_CUSTOM_IV)
#define ENULL_HMAC_SHA256_IVLEN 32
#define ENULL_HMAC_SHA256_MODE 0
#define ENULL_HMAC_SHA256_FLAGS (PROV_CIPHER_FLAG_AEAD \
| PROV_CIPHER_FLAG_CUSTOM_IV)

#define ENULL_HMAC_SHA384_KEYLEN 48
#define ENULL_HMAC_SHA384_BLKLEN 1
#define ENULL_HMAC_SHA384_TAGLEN 48
#define ENULL_HMAC_SHA384_IVLEN 48
#define ENULL_HMAC_SHA384_MODE 0
#define ENULL_HMAC_SHA384_FLAGS (PROV_CIPHER_FLAG_AEAD \
| PROV_CIPHER_FLAG_CUSTOM_IV)
#define ENULL_HMAC_SHA384_IVLEN 48
#define ENULL_HMAC_SHA384_MODE 0
#define ENULL_HMAC_SHA384_FLAGS (PROV_CIPHER_FLAG_AEAD \
| PROV_CIPHER_FLAG_CUSTOM_IV)

#define ENULL_HMAC_MAX_KEYLEN 48 /* ENULL_HMAC_SHA384_KEYLEN */
#define ENULL_HMAC_MAX_TAGLEN 48 /* ENULL_HMAC_SHA384_TAGLEN */
Expand All @@ -36,8 +36,7 @@ typedef struct {
PROV_CIPHER_CTX base; /* must be first */
HMAC_CTX *hmac;
PROV_DIGEST md;
unsigned char key[ENULL_HMAC_MAX_KEYLEN];
unsigned int keylen;
unsigned char key[ENULL_HMAC_MAX_KEYLEN]; /* len is in base.keylen */
unsigned char tag[ENULL_HMAC_MAX_TAGLEN];
unsigned int tag_len;
} PROV_ENULL_HMAC_CTX;
Expand Down
15 changes: 10 additions & 5 deletions providers/implementations/ciphers/cipher_enull_hmac_hw.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand All @@ -23,11 +23,12 @@ static int enull_hmac_initkey(PROV_CIPHER_CTX *bctx, const uint8_t *key,
{
PROV_ENULL_HMAC_CTX *ctx = (PROV_ENULL_HMAC_CTX *)bctx;

if (key == NULL || keylen > sizeof(ctx->key))
if (key == NULL || keylen > sizeof(ctx->key)) {
ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
return 0;
}

memcpy(ctx->key, key, keylen);
ctx->keylen = keylen;
return 1;
}

Expand All @@ -36,9 +37,12 @@ static int enull_hmac_initiv(PROV_CIPHER_CTX *bctx,
{
PROV_ENULL_HMAC_CTX *ctx = (PROV_ENULL_HMAC_CTX *)bctx;

if (iv == NULL || ivlen > ENULL_HMAC_MAX_IVLEN)
if (iv == NULL || ivlen > ENULL_HMAC_MAX_IVLEN) {
ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
return 0;
if (!HMAC_Init_ex(ctx->hmac, ctx->key, ctx->keylen,
}

if (!HMAC_Init_ex(ctx->hmac, ctx->key, ctx->base.keylen,
ossl_prov_digest_md(&ctx->md), NULL))
return 0;

Expand Down Expand Up @@ -67,6 +71,7 @@ static int enull_hmac_cipher(PROV_CIPHER_CTX *bctx, unsigned char *out,
}
}

/* Just copying because we don't encrypt or decrypt */
if (in != NULL && out != NULL && in != out)
memcpy(out, in, inl);

Expand Down

0 comments on commit 7e33e58

Please sign in to comment.