diff --git a/ssl/record/methods/dtls_meth.c b/ssl/record/methods/dtls_meth.c index 36c0f4dc58..baa72b8b78 100644 --- a/ssl/record/methods/dtls_meth.c +++ b/ssl/record/methods/dtls_meth.c @@ -662,13 +662,14 @@ again: */ if (DTLS13_UNI_HDR_FIX_BITS_IS_SET(rr->type) && rl->version == DTLS1_3_VERSION - && rl->sn_enc_ctx != NULL && ((rl->packet_length < rechdrlen + DTLS13_CIPHERTEXT_MINSIZE) - || !dtls_crypt_sequence_number(rl->sn_enc_ctx, - recseqnum + recseqnumoffs, - recseqnumlen, - rl->packet + rechdrlen, - rl->sn_enc_offs))) { + || (rl->sn_enc_ctx == NULL && rl->mac_ctx == NULL) + || (rl->sn_enc_ctx != NULL + && !dtls_crypt_sequence_number(rl->sn_enc_ctx, + recseqnum + recseqnumoffs, + recseqnumlen, + rl->packet + rechdrlen, + rl->sn_enc_offs)))) { /* sequence number encryption failed dump record */ rr->length = 0; rl->packet_length = 0; diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c index 9db1bf3b3f..aa6992a846 100644 --- a/ssl/record/methods/tls13_meth.c +++ b/ssl/record/methods/tls13_meth.c @@ -391,6 +391,9 @@ static int tls13_add_record_padding(OSSL_RECORD_LAYER *rl, { size_t rlen; size_t max_frag_len = rl->max_frag_len; + int isdtls = rl->isdtls; + size_t mac_size = 0; + size_t taglen = rl->taglen; /* Nothing to be done in the case of a plaintext alert */ if (rl->allow_plain_alerts && thistempl->type != SSL3_RT_ALERT) @@ -457,6 +460,19 @@ static int tls13_add_record_padding(OSSL_RECORD_LAYER *rl, padding = bp - remainder; } } + + /* + * DTLS1.3 RFC 9147 Section 4.2.3 says records should be padded + * if the ciphertext is less than 16 bytes. + */ + if (isdtls) { + if (rl->mac_ctx != NULL) + mac_size = EVP_MAC_CTX_get_mac_size(rl->mac_ctx); + + if (padding + rlen + taglen + mac_size < DTLS13_CIPHERTEXT_MINSIZE) + padding += DTLS13_CIPHERTEXT_MINSIZE - (padding + rlen + taglen + mac_size); + } + if (padding > 0) { /* do not allow the record to exceed max plaintext length */ if (padding > max_padding) diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 24f820cab5..0cd0b89a4b 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1746,9 +1746,10 @@ int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl, size_t seqnumlen = DTLS13_UNI_HDR_SEQ_BIT_IS_SET(*recordstart) ? 2 : 1; if (!ossl_assert(DTLS13_UNI_HDR_SEQ_OFF + seqnumlen <= rechdrlen) - || !dtls_crypt_sequence_number(rl->sn_enc_ctx, recordstart + DTLS13_UNI_HDR_SEQ_OFF, - seqnumlen, recordstart + rechdrlen, - rl->sn_enc_offs)) { + || (rl->sn_enc_ctx != NULL + && !dtls_crypt_sequence_number(rl->sn_enc_ctx, recordstart + DTLS13_UNI_HDR_SEQ_OFF, + seqnumlen, recordstart + rechdrlen, + rl->sn_enc_offs))) { RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 4dbac30134..8fd89c8fb0 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -490,6 +490,7 @@ int ssl_cipher_get_evp_cipher_sn(SSL_CTX *ctx, const SSL_CIPHER *sslc, if (i == -1) { *enc = NULL; + *inputoffs = 0; } else { if (i == SSL_ENC_NULL_IDX) { /* diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 74f928f7df..04726bcb42 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -373,7 +373,7 @@ int tls13_setup_key_block(SSL_CONNECTION *s) { const EVP_CIPHER *c; const EVP_CIPHER *snc = NULL, **p_snc = SSL_CONNECTION_IS_DTLS(s) ? &snc : NULL; - size_t snoffs; + size_t snoffs = 0; const EVP_MD *hash; int mac_type = NID_undef; size_t mac_secret_size = 0; diff --git a/test/sslapitest.c b/test/sslapitest.c index 6e9e016ed2..d73fd495fa 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4851,17 +4851,6 @@ static int test_early_data_skip(int idx) if (testdtls) { idx -= OSSL_NELEM(ciphersuites) * 3; - if (idx % OSSL_NELEM(ciphersuites) == 0 || idx % OSSL_NELEM(ciphersuites) == 5 - || idx % OSSL_NELEM(ciphersuites) == 6) { - /* - * TODO(DTLSv1.3): testing with DTLS fails for DTLS1.3 Padding - * needs to be implemented https://github.com/openssl/project/issues/1700 - * - * TODO(DTLSv1.3): Testing DTLS1.3 with Integrity only ciphersuits fails - * https://github.com/openssl/project/issues/1702 - */ - return TEST_skip("Tests fails with DTLS1.3 for ciphers are not supported"); - } #if defined(OSSL_NO_USABLE_DTLS1_3) return TEST_skip("No usable DTLSv1.3"); #endif @@ -4886,17 +4875,6 @@ static int test_early_data_skip_hrr(int idx) if (testdtls) { idx -= OSSL_NELEM(ciphersuites) * 3; - if (idx % OSSL_NELEM(ciphersuites) == 0 || idx % OSSL_NELEM(ciphersuites) == 5 - || idx % OSSL_NELEM(ciphersuites) == 6) { - /* - * TODO(DTLSv1.3): testing with DTLS fails for DTLS1.3 Padding - * needs to be implemented https://github.com/openssl/project/issues/1700 - * - * TODO(DTLSv1.3): Testing DTLS1.3 with Integrity only ciphersuits fails - * https://github.com/openssl/project/issues/1702 - */ - return TEST_skip("Tests fails with DTLS1.3 for ciphers are not supported"); - } #if defined(OSSL_NO_USABLE_DTLS1_3) return TEST_skip("No usable DTLSv1.3"); #endif @@ -4922,17 +4900,6 @@ static int test_early_data_skip_hrr_fail(int idx) if (testdtls) { idx -= OSSL_NELEM(ciphersuites) * 3; - if (idx % OSSL_NELEM(ciphersuites) == 0 || idx % OSSL_NELEM(ciphersuites) == 5 - || idx % OSSL_NELEM(ciphersuites) == 6) { - /* - * TODO(DTLSv1.3): testing with DTLS fails for DTLS1.3 Padding - * needs to be implemented https://github.com/openssl/project/issues/1700 - * - * TODO(DTLSv1.3): Testing DTLS1.3 with Integrity only ciphersuits fails - * https://github.com/openssl/project/issues/1702 - */ - return TEST_skip("Tests fails with DTLS1.3 for ciphers are not supported"); - } #if defined(OSSL_NO_USABLE_DTLS1_3) return TEST_skip("No usable DTLSv1.3"); #endif @@ -4957,17 +4924,6 @@ static int test_early_data_skip_abort(int idx) if (testdtls) { idx -= OSSL_NELEM(ciphersuites) * 3; - if (idx % OSSL_NELEM(ciphersuites) == 0 || idx % OSSL_NELEM(ciphersuites) == 5 - || idx % OSSL_NELEM(ciphersuites) == 6) { - /* - * TODO(DTLSv1.3): testing with DTLS fails for DTLS1.3 Padding - * needs to be implemented https://github.com/openssl/project/issues/1700 - * - * TODO(DTLSv1.3): Testing DTLS1.3 with Integrity only ciphersuits fails - * https://github.com/openssl/project/issues/1702 - */ - return TEST_skip("Tests fails with DTLS1.3 for ciphers are not supported"); - } #if defined(OSSL_NO_USABLE_DTLS1_3) return TEST_skip("No usable DTLSv1.3"); #endif @@ -5370,15 +5326,6 @@ static int test_early_data_psk_with_all_ciphers(int idx) if (testdtls) { idx -= 7; - /* - * TODO(DTLSv1.3): testing with DTLS fails for DTLS1.3 Padding - * needs to be implemented https://github.com/openssl/project/issues/1700 - * - * TODO(DTLSv1.3): Testing DTLS1.3 with Integrity only ciphersuits fails - * https://github.com/openssl/project/issues/1702 - */ - if (idx >= 3) - return TEST_skip("Tests fails with DTLS1.3 for ciphers are not supported"); #if defined(OSSL_NO_USABLE_DTLS1_3) testresult = TEST_skip("No usable DTLSv1.3"); goto end; @@ -8470,7 +8417,7 @@ static int test_key_update_local_in_write(int idx) tmp = NULL; /* - * For DTLS1.3 the key udpate will succeed for it would + * For DTLS1.3 the key update will succeed for it would * have just dropped the packet above */ if (!testdtls) @@ -8548,7 +8495,9 @@ end: return testresult; } +#endif /* OSSL_NO_USABLE_TLS1_3 | OSSL_NO_USABLE_DTLS1_3 */ +#if !defined(OSSL_NO_USABLE_TLS1_3) /* * Test we can handle a KeyUpdate (update requested) message while * local read data is pending(the msg header had been read 5 bytes). @@ -13005,7 +12954,7 @@ end: #endif } -#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OSSL_NO_USABLE_DTLS1_3) +#if !defined(OSSL_NO_USABLE_TLS1_3) /* * Test that read_ahead works across a key change * Test 0: Test with TLS @@ -13073,7 +13022,9 @@ end: SSL_CTX_free(cctx); return testresult; } +#endif +#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OSSL_NO_USABLE_DTLS1_3) static size_t record_pad_cb(SSL *s, int type, size_t len, void *arg) { int *called = arg; @@ -15207,6 +15158,8 @@ int setup_tests(void) ADD_ALL_TESTS(test_key_update_peer_in_write, 4); ADD_ALL_TESTS(test_key_update_peer_in_read, 4); ADD_ALL_TESTS(test_key_update_local_in_write, 4); +#endif +#if !defined(OSSL_NO_USABLE_TLS1_3) ADD_ALL_TESTS(test_key_update_local_in_read, 2); #endif ADD_ALL_TESTS(test_ssl_clear, 8); @@ -15272,9 +15225,11 @@ int setup_tests(void) #endif ADD_TEST(test_load_dhfile); #if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OSSL_NO_USABLE_DTLS1_3) - ADD_TEST(test_read_ahead_key_change); ADD_ALL_TESTS(test_tls13_record_padding, 12); #endif +#if !defined(OSSL_NO_USABLE_TLS1_3) + ADD_TEST(test_read_ahead_key_change); +#endif #if (!defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3)) \ || (!defined(OPENSSL_NO_DTLS1_2) && !defined(OSSL_NO_USABLE_DTLS1_3)) ADD_ALL_TESTS(test_serverinfo_custom, 8);