kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add bssl::SealRecord and bssl::OpenRecord.

Browse Source 
This is a C++ interface for encrypting and decrypting TLS application
data records in-place, wrapping the existing C API in tls_record.cc.

Also add bssl::Span, a non-owning reference to a contiguous array of
elements which can be used as a common interface over contiguous
container types (like std::vector), pointer-length-pairs, arrays, etc.

Change-Id: Iaa2ca4957cde511cb734b997db38f54e103b0d92
Reviewed-on: https://boringssl-review.googlesource.com/18104
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
Martin Kreichgauer 2017-07-18 12:42:18 -07:00 committed by Adam Langley
parent c937699735
commit 17c3057f26
6 changed files with 591 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
include/openssl/span.h Normal file
View File

@ -0,0 +1,160 @@
/* Copyright (c) 2017, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#ifndef OPENSSL_HEADER_SSL_SPAN_H
#define OPENSSL_HEADER_SSL_SPAN_H
#include <openssl/base.h>
#if !defined(BORINGSSL_NO_CXX)
#include <algorithm>
#include <type_traits>
#include "../crypto/internal.h"
extern "C++" {
namespace bssl {
template <typename T>
class Span;
namespace internal {
template <typename T>
class SpanBase {
/* Put comparison operator implementations into a base class with const T, so
* they can be used with any type that implicitly converts into a Span. */
static_assert(std::is_const<T>::value,
"Span<T> must be derived from SpanBase<const T>");
OPENSSL_MSVC_PRAGMA(warning(push))
/* MSVC issues warning C4996 for calls to any unsafe methods in the stdlib.
* In this case, it complains about three-parameter std::equal, however
* the four-parameter variant is C++14. See
* https://msdn.microsoft.com/en-us/library/aa985974.aspx. */
OPENSSL_MSVC_PRAGMA(warning(disable : 4996))
friend bool operator==(Span<T> lhs, Span<T> rhs) {
return lhs.size() == rhs.size() &&
std::equal(lhs.begin(), lhs.end(), rhs.begin());
}
OPENSSL_MSVC_PRAGMA(warning(pop))
friend bool operator!=(Span<T> lhs, Span<T> rhs) { return !(lhs == rhs); }
};
} // namespace internal
/* A Span<T> is a non-owning reference to a contiguous array of objects of type
* |T|. Conceptually, a Span is a simple a pointer to |T| and a count of
* elements accessible via that pointer. The elements referenced by the Span can
* be mutated if |T| is mutable.
*
* A Span can be constructed from container types implementing |data()| and
* |size()| methods. If |T| is constant, construction from a container type is
* implicit. This allows writing methods that accept data from some unspecified
* container type:
*
* // Foo views data referenced by v.
* void Foo(bssl::Span<const uint8_t> v) { ... }
*
* std::vector<uint8_t> vec;
* Foo(vec);
*
* For mutable Spans, conversion is explicit:
*
* // FooMutate mutates data referenced by v.
* void FooMutate(bssl::Span<uint8_t> v) { ... }
*
* FooMutate(bssl::Span<uint8_t>(vec));
*
* You can also use the |MakeSpan| and |MakeConstSpan| factory methods to
* construct Spans in order to deduce the type of the Span automatically.
*
* FooMutate(bssl::MakeSpan(vec));
*
* Note that Spans have value type sematics. They are cheap to construct and
* copy, and should be passed by value whenever a method would otherwise accept
* a reference or pointer to a container or array. */
template <typename T>
class Span : private internal::SpanBase<const T> {
private:
template <bool B, class V = void>
using enable_if_t = typename std::enable_if<B, V>::type;
// Heuristically test whether C is a container type that can be converted into
// a Span by checking for data() and size() member functions.
template <typename C>
using EnableIfContainer = enable_if_t<
std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
std::is_integral<decltype(std::declval<C>().size())>::value>;
public:
constexpr Span() : Span(nullptr, 0) {}
constexpr Span(T *ptr, size_t len) : data_(ptr), size_(len) {}
template <size_t N>
constexpr Span(T (&array)[N]) : Span(array, N) {}
template <typename C, typename = EnableIfContainer<C>,
typename = enable_if_t<std::is_const<T>::value, C>>
Span(const C &container) : data_(container.data()), size_(container.size()) {}
template <typename C, typename = EnableIfContainer<C>,
typename = enable_if_t<!std::is_const<T>::value, C>>
explicit Span(C &container)
: data_(container.data()), size_(container.size()) {}
T *data() const { return data_; }
size_t size() const { return size_; }
T *begin() const { return data_; }
const T *cbegin() const { return data_; }
T *end() const { return data_ + size_; };
const T *cend() const { return end(); };
T &operator[](size_t i) const { return data_[i]; }
T &at(size_t i) const { return data_[i]; }
private:
T *data_;
size_t size_;
};
template <typename T>
Span<T> MakeSpan(T *ptr, size_t size) {
return Span<T>(ptr, size);
}
template <typename C>
auto MakeSpan(C &c) -> decltype(MakeSpan(c.data(), c.size())) {
return MakeSpan(c.data(), c.size());
}
template <typename T>
Span<const T> MakeConstSpan(T *ptr, size_t size) {
return Span<const T>(ptr, size);
}
template <typename C>
auto MakeConstSpan(const C &c) -> decltype(MakeConstSpan(c.data(), c.size())) {
return MakeConstSpan(c.data(), c.size());
}
} // namespace bssl
} // extern C++
#endif // !defined(BORINGSSL_NO_CXX)
#endif /* OPENSSL_HEADER_SSL_SPAN_H */

55
include/openssl/ssl.h
View File

@ -149,6 +149,7 @@
#include <openssl/hmac.h>
#include <openssl/lhash.h>
#include <openssl/pem.h>
#include <openssl/span.h>
#include <openssl/ssl3.h>
#include <openssl/thread.h>
#include <openssl/tls1.h>
@ -4580,6 +4581,8 @@ struct ssl_ctx_st {
#if defined(__cplusplus)
} /* extern C */
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
namespace bssl {
@ -4588,10 +4591,62 @@ BORINGSSL_MAKE_DELETER(SSL, SSL_free)
BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
enum class OpenRecordResult {
kOK,
kDiscard,
kIncompleteRecord,
kAlertCloseNotify,
kAlertFatal,
kError,
};
/* *** EXPERIMENTAL -- DO NOT USE ***
*
* OpenRecord decrypts the first complete SSL record from |in| in-place, sets
* |out| to the decrypted application data, and |out_record_len| to the length
* of the encrypted record. Returns:
* - kOK if an application-data record was successfully decrypted and verified.
* - kDiscard if a record was sucessfully processed, but should be discarded.
* - kIncompleteRecord if |in| did not contain a complete record.
* - kAlertCloseNotify if a record was successfully processed but is a
* close_notify alert.
* - kAlertFatal if a record was successfully processed but is a fatal alert.
* - kError if an error occurred or the record is invalid. |*out_alert| will be
* set to an alert to emit. */
OPENSSL_EXPORT OpenRecordResult OpenRecord(SSL *ssl, Span<uint8_t> *out,
size_t *out_record_len,
uint8_t *out_alert,
Span<uint8_t> in);
OPENSSL_EXPORT size_t SealRecordPrefixLen(SSL *ssl, size_t plaintext_len);
OPENSSL_EXPORT size_t SealRecordMaxSuffixLen(SSL *ssl);
/* *** EXPERIMENTAL -- DO NOT USE ***
*
* SealRecord encrypts the cleartext of |in| and scatters the resulting TLS
* application data record between |out_prefix|, |out|, and |out_suffix|. It
* returns true on success or false if an error occurred.
*
* The length of |out_prefix| must equal |SealRecordPrefixLen|. The length of
* |out| must equal the length of |in|. The length of |out_suffix| must equal
* |MaxSealRecordSuffixLen|. |*out_suffix_len| is set to the actual number of
* bytes written to |out_suffix|.
*
* If enabled, |SealRecord| may perform TLS 1.0 CBC 1/n-1 record splitting.
* |SealRecordPrefixLen| accounts for the required overhead if that is the case.
*
* |out| may equal |in| to encrypt in-place but may not otherwise alias.
* |out_prefix| and |out_suffix| may not alias anything. */
OPENSSL_EXPORT bool SealRecord(SSL *ssl, Span<uint8_t> out_prefix,
Span<uint8_t> out, Span<uint8_t> out_suffix,
size_t *out_suffix_len, Span<const uint8_t> in);
} // namespace bssl
} /* extern C++ */
#endif // !defined(BORINGSSL_NO_CXX)
#endif
#define SSL_R_APP_DATA_IN_HANDSHAKE 100

1
ssl/CMakeLists.txt
View File

@ -45,6 +45,7 @@ target_link_libraries(ssl crypto)
add_executable(
ssl_test
span_test.cc
ssl_test.cc
$<TARGET_OBJECTS:gtest_main>

90
ssl/span_test.cc Normal file
View File

@ -0,0 +1,90 @@
/* Copyright (c) 2017, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <stdio.h>
#include <vector>
#include <gtest/gtest.h>
#include <openssl/ssl.h>
namespace bssl {
namespace {
static void TestCtor(Span<int> s, const int *ptr, size_t size) {
EXPECT_EQ(s.data(), ptr);
EXPECT_EQ(s.size(), size);
}
static void TestConstCtor(Span<const int> s, const int *ptr, size_t size) {
EXPECT_EQ(s.data(), ptr);
EXPECT_EQ(s.size(), size);
}
TEST(SpanTest, CtorEmpty) {
Span<int> s;
TestCtor(s, nullptr, 0);
}
TEST(SpanTest, CtorFromPtrAndSize) {
std::vector<int> v = {7, 8, 9, 10};
Span<int> s(v.data(), v.size());
TestCtor(s, v.data(), v.size());
}
TEST(SpanTest, CtorFromVector) {
std::vector<int> v = {1, 2};
// Const ctor is implicit.
TestConstCtor(v, v.data(), v.size());
// Mutable is explicit.
Span<int> s(v);
TestCtor(s, v.data(), v.size());
}
TEST(SpanTest, CtorConstFromArray) {
int v[] = {10, 11};
// Array ctor is implicit for const and mutable T.
TestConstCtor(v, v, 2);
TestCtor(v, v, 2);
}
TEST(SpanTest, MakeSpan) {
std::vector<int> v = {100, 200, 300};
TestCtor(MakeSpan(v), v.data(), v.size());
TestCtor(MakeSpan(v.data(), v.size()), v.data(), v.size());
TestConstCtor(MakeSpan(v.data(), v.size()), v.data(), v.size());
TestConstCtor(MakeSpan(v), v.data(), v.size());
}
TEST(SpanTest, MakeConstSpan) {
std::vector<int> v = {100, 200, 300};
TestConstCtor(MakeConstSpan(v), v.data(), v.size());
TestConstCtor(MakeConstSpan(v.data(), v.size()), v.data(), v.size());
// But not:
// TestConstCtor(MakeSpan(v), v.data(), v.size());
}
TEST(SpanTest, Accessor) {
std::vector<int> v({42, 23, 5, 101, 80});
Span<int> s(v);
for (size_t i = 0; i < s.size(); ++i) {
EXPECT_EQ(s[i], v[i]);
EXPECT_EQ(s.at(i), v.at(i));
}
EXPECT_EQ(s.begin(), v.data());
EXPECT_EQ(s.end(), v.data() + v.size());
}
} // namespace
} // namespace bssl

188
ssl/ssl_test.cc
View File

@ -3693,6 +3693,194 @@ TEST(SSLTest, SelectNextProto) {
EXPECT_EQ(Bytes("x"), Bytes(result, result_len));
}
TEST(SSLTest, SealRecord) {
bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
server_ctx(SSL_CTX_new(TLS_method()));
ASSERT_TRUE(client_ctx);
ASSERT_TRUE(server_ctx);
bssl::UniquePtr<X509> cert = GetTestCertificate();
bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
ASSERT_TRUE(cert);
ASSERT_TRUE(key);
ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
bssl::UniquePtr<SSL> client, server;
ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
server_ctx.get(),
nullptr /* no session */));
const std::vector<uint8_t> record = {1, 2, 3, 4, 5};
std::vector<uint8_t> prefix(
bssl::SealRecordPrefixLen(client.get(), record.size())),
body(record.size()), suffix(bssl::SealRecordMaxSuffixLen(client.get()));
size_t suffix_size;
ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
bssl::MakeSpan(body), bssl::MakeSpan(suffix),
&suffix_size, record));
suffix.resize(suffix_size);
std::vector<uint8_t> sealed;
sealed.insert(sealed.end(), prefix.begin(), prefix.end());
sealed.insert(sealed.end(), body.begin(), body.end());
sealed.insert(sealed.end(), suffix.begin(), suffix.end());
std::vector<uint8_t> sealed_copy = sealed;
bssl::Span<uint8_t> plaintext;
size_t record_len;
uint8_t alert = 255;
EXPECT_EQ(bssl::OpenRecord(server.get(), &plaintext, &record_len, &alert,
bssl::MakeSpan(sealed)),
bssl::OpenRecordResult::kOK);
EXPECT_EQ(record_len, sealed.size());
EXPECT_EQ(plaintext, record);
EXPECT_EQ(255, alert);
}
TEST(SSLTest, SealRecordInPlace) {
bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
server_ctx(SSL_CTX_new(TLS_method()));
ASSERT_TRUE(client_ctx);
ASSERT_TRUE(server_ctx);
bssl::UniquePtr<X509> cert = GetTestCertificate();
bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
ASSERT_TRUE(cert);
ASSERT_TRUE(key);
ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
bssl::UniquePtr<SSL> client, server;
ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
server_ctx.get(),
nullptr /* no session */));
const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
std::vector<uint8_t> record = plaintext;
std::vector<uint8_t> prefix(
bssl::SealRecordPrefixLen(client.get(), record.size())),
suffix(bssl::SealRecordMaxSuffixLen(client.get()));
size_t suffix_size;
ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
bssl::MakeSpan(record), bssl::MakeSpan(suffix),
&suffix_size, record));
suffix.resize(suffix_size);
record.insert(record.begin(), prefix.begin(), prefix.end());
record.insert(record.end(), suffix.begin(), suffix.end());
bssl::Span<uint8_t> result;
size_t record_len;
uint8_t alert;
EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
bssl::MakeSpan(record)),
bssl::OpenRecordResult::kOK);
EXPECT_EQ(record_len, record.size());
EXPECT_EQ(plaintext, result);
}
TEST(SSLTest, SealRecordTrailingData) {
bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
server_ctx(SSL_CTX_new(TLS_method()));
ASSERT_TRUE(client_ctx);
ASSERT_TRUE(server_ctx);
bssl::UniquePtr<X509> cert = GetTestCertificate();
bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
ASSERT_TRUE(cert);
ASSERT_TRUE(key);
ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
bssl::UniquePtr<SSL> client, server;
ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
server_ctx.get(),
nullptr /* no session */));
const std::vector<uint8_t> plaintext = {1, 2, 3, 4, 5};
std::vector<uint8_t> record = plaintext;
std::vector<uint8_t> prefix(
bssl::SealRecordPrefixLen(client.get(), record.size())),
suffix(bssl::SealRecordMaxSuffixLen(client.get()));
size_t suffix_size;
ASSERT_TRUE(bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
bssl::MakeSpan(record), bssl::MakeSpan(suffix),
&suffix_size, record));
suffix.resize(suffix_size);
record.insert(record.begin(), prefix.begin(), prefix.end());
record.insert(record.end(), suffix.begin(), suffix.end());
record.insert(record.end(), {5, 4, 3, 2, 1});
bssl::Span<uint8_t> result;
size_t record_len;
uint8_t alert;
EXPECT_EQ(bssl::OpenRecord(server.get(), &result, &record_len, &alert,
bssl::MakeSpan(record)),
bssl::OpenRecordResult::kOK);
EXPECT_EQ(record_len, record.size() - 5);
EXPECT_EQ(plaintext, result);
}
TEST(SSLTest, SealRecordInvalidSpanSize) {
bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())),
server_ctx(SSL_CTX_new(TLS_method()));
ASSERT_TRUE(client_ctx);
ASSERT_TRUE(server_ctx);
bssl::UniquePtr<X509> cert = GetTestCertificate();
bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
ASSERT_TRUE(cert);
ASSERT_TRUE(key);
ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get()));
ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get()));
bssl::UniquePtr<SSL> client, server;
ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(),
server_ctx.get(),
nullptr /* no session */));
std::vector<uint8_t> record = {1, 2, 3, 4, 5};
std::vector<uint8_t> prefix(
bssl::SealRecordPrefixLen(client.get(), record.size())),
suffix(bssl::SealRecordMaxSuffixLen(client.get()));
size_t suffix_size;
auto expect_err = []() {
int err = ERR_get_error();
EXPECT_EQ(ERR_GET_LIB(err), ERR_LIB_SSL);
EXPECT_EQ(ERR_GET_REASON(err), SSL_R_BUFFER_TOO_SMALL);
ERR_clear_error();
};
EXPECT_FALSE(bssl::SealRecord(
client.get(), bssl::MakeSpan(prefix.data(), prefix.size() - 1),
bssl::MakeSpan(record), bssl::MakeSpan(suffix), &suffix_size, record));
expect_err();
EXPECT_FALSE(bssl::SealRecord(
client.get(), bssl::MakeSpan(prefix.data(), prefix.size() + 1),
bssl::MakeSpan(record), bssl::MakeSpan(suffix), &suffix_size, record));
expect_err();
EXPECT_FALSE(
bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
bssl::MakeSpan(record.data(), record.size() - 1),
bssl::MakeSpan(suffix), &suffix_size, record));
expect_err();
EXPECT_FALSE(
bssl::SealRecord(client.get(), bssl::MakeSpan(prefix),
bssl::MakeSpan(record.data(), record.size() + 1),
bssl::MakeSpan(suffix), &suffix_size, record));
expect_err();
EXPECT_FALSE(bssl::SealRecord(
client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
bssl::MakeSpan(suffix.data(), suffix.size() - 1), &suffix_size, record));
expect_err();
EXPECT_FALSE(bssl::SealRecord(
client.get(), bssl::MakeSpan(prefix), bssl::MakeSpan(record),
bssl::MakeSpan(suffix.data(), suffix.size() + 1), &suffix_size, record));
expect_err();
}
// TODO(davidben): Convert this file to GTest properly.
TEST(SSLTest, AllTests) {
if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||

99
ssl/tls_record.cc
View File

@ -403,7 +403,7 @@ static int do_seal_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out,
}
static size_t tls_seal_scatter_prefix_len(const SSL *ssl, uint8_t type,
size_t in_len) {
size_t in_len) {
size_t ret = SSL3_RT_HEADER_LENGTH;
if (type == SSL3_RT_APPLICATION_DATA && in_len > 1 &&
ssl_needs_record_splitting(ssl)) {
@ -419,10 +419,20 @@ static size_t tls_seal_scatter_prefix_len(const SSL *ssl, uint8_t type,
return ret;
}
static size_t tls_seal_scatter_max_suffix_len(const SSL *ssl) {
size_t ret = ssl->s3->aead_write_ctx->MaxOverhead();
/* TLS 1.3 needs an extra byte for the encrypted record type. */
if (ssl->s3->aead_write_ctx->is_null_cipher() &&
ssl->s3->aead_write_ctx->version() >= TLS1_3_VERSION) {
ret += 1;
}
return ret;
}
/* tls_seal_scatter_record seals a new record of type |type| and body |in| and
* splits it between |out_prefix|, |out|, and |out_suffix|. Exactly
* |tls_seal_scatter_prefix_len| bytes are written to |out_prefix|, |in_len|
* bytes to |out|, and up to 1 + |SSLAEADContext::MaxOverhead| bytes to
* bytes to |out|, and up to |tls_seal_scatter_max_suffix_len| bytes to
* |out_suffix|. |*out_suffix_len| is set to the actual number of bytes written
* to |out_suffix|. It returns one on success and zero on error. If enabled,
* |tls_seal_scatter_record| implements TLS 1.0 CBC 1/n-1 record splitting and
@ -567,6 +577,91 @@ enum ssl_open_record_t ssl_process_alert(SSL *ssl, uint8_t *out_alert,
return ssl_open_record_error;
}
OpenRecordResult OpenRecord(SSL *ssl, Span<uint8_t> *out,
size_t *out_record_len, uint8_t *out_alert,
const Span<uint8_t> in) {
// This API is a work in progress and currently only works for TLS 1.2 servers
// and below.
if (SSL_in_init(ssl) ||
SSL_is_dtls(ssl) ||
ssl3_protocol_version(ssl) > TLS1_2_VERSION) {
assert(false);
*out_alert = SSL_AD_INTERNAL_ERROR;
return OpenRecordResult::kError;
}
*out = Span<uint8_t>();
*out_record_len = 0;
CBS plaintext;
uint8_t type;
size_t record_len;
const ssl_open_record_t result = tls_open_record(
ssl, &type, &plaintext, &record_len, out_alert, in.data(), in.size());
if (type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_ALERT) {
*out_alert = SSL_AD_UNEXPECTED_MESSAGE;
return OpenRecordResult::kError;
}
OpenRecordResult ret = OpenRecordResult::kError;
switch (result) {
case ssl_open_record_success:
ret = OpenRecordResult::kOK;
break;
case ssl_open_record_discard:
ret = OpenRecordResult::kDiscard;
break;
case ssl_open_record_partial:
ret = OpenRecordResult::kIncompleteRecord;
break;
case ssl_open_record_close_notify:
ret = OpenRecordResult::kAlertCloseNotify;
break;
case ssl_open_record_fatal_alert:
ret = OpenRecordResult::kAlertFatal;
break;
case ssl_open_record_error:
ret = OpenRecordResult::kError;
break;
}
*out =
MakeSpan(const_cast<uint8_t*>(CBS_data(&plaintext)), CBS_len(&plaintext));
*out_record_len = record_len;
return ret;
}
size_t SealRecordPrefixLen(SSL *ssl, size_t record_len) {
return tls_seal_scatter_prefix_len(ssl, SSL3_RT_APPLICATION_DATA, record_len);
}
size_t SealRecordMaxSuffixLen(SSL *ssl) {
return tls_seal_scatter_max_suffix_len(ssl);
}
bool SealRecord(SSL *ssl, const Span<uint8_t> out_prefix,
const Span<uint8_t> out, Span<uint8_t> out_suffix,
size_t *out_suffix_len, const Span<const uint8_t> in) {
// This API is a work in progress and currently only works for TLS 1.2 servers
// and below.
if (SSL_in_init(ssl) ||
SSL_is_dtls(ssl) ||
ssl3_protocol_version(ssl) > TLS1_2_VERSION) {
assert(false);
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return false;
}
if (out_prefix.size() != SealRecordPrefixLen(ssl, in.size()) ||
out.size() != in.size() ||
out_suffix.size() != SealRecordMaxSuffixLen(ssl)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
return false;
}
return tls_seal_scatter_record(
ssl, out_prefix.data(), out.data(), out_suffix.data(), out_suffix_len,
out_suffix.size(), SSL3_RT_APPLICATION_DATA, in.data(), in.size());
}
} // namespace bssl
using namespace bssl;