Conversation
mattcaswell
force-pushed
the
tls1_3-record-construct
branch
from
55ba47e to
c010aba
Compare
mattcaswell
force-pushed
the
tls1_3-record-construct
branch
from
c010aba to
54b5778
Compare
Add some tests for the new record construction
At the moment the msg callback only received the record header with the outer record type in it. We never pass the inner record type - we probably need to at some point.
mattcaswell
force-pushed
the
tls1_3-record-construct
branch
from
54b5778 to
f8ea452
Compare
|
I rebased this again. All previous PRs this depended on have now been merged into master, so please review all commits. |
ssl/packet.c
Outdated
| } | ||
| *allocbytes = GETBUF(pkt) + pkt->curr; | ||
| if (allocbytes != NULL) | ||
| *allocbytes = GETBUF(pkt) + pkt->curr; |
There was a problem hiding this comment.
shouldn't this call the new get_curr routine you just added?
| #endif | ||
| outbuf[0] = SSL3_BUFFER_get_buf(wb) + align; | ||
| SSL3_BUFFER_set_offset(wb, align); | ||
| if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb), |
There was a problem hiding this comment.
I dislike &foo[0] constructs as a parameter, since foo is the same thing by definition
There was a problem hiding this comment.
Yes they are the same, but in my mind it makes it a lot clearer that you are referring to a single entity and not the array as a whole. Especially when you mix it in scenarios where on other lines we refer to a single entity which is not at index 0. I dislike the inconsistency.
ssl/record/rec_layer_s3.c
Outdated
| wb = &s->rlayer.wbuf[0]; | ||
| outbuf[0] = SSL3_BUFFER_get_buf(wb) + SSL3_BUFFER_get_offset(wb) | ||
| + prefix_len; | ||
| if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb), |
There was a problem hiding this comment.
maybe break after the pkt param, so that the get_buf/get_len calls could appear on the same line.
There was a problem hiding this comment.
They still will not fit on the same line.
| + prefix_len; | ||
| if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb), | ||
| SSL3_BUFFER_get_len(wb), 0) | ||
| || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb) |
There was a problem hiding this comment.
linebreak after the comma so that the expression can fit on a single line.
ssl/record/rec_layer_s3.c
Outdated
| } else { | ||
| for (j = 0; j < numpipes; j++) { | ||
| wb = &s->rlayer.wbuf[j]; | ||
| #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 |
There was a problem hiding this comment.
This is in existing code...but ok, done.
ssl/record/rec_layer_s3.c
Outdated
| /* field where we are to write out packet length */ | ||
| plen[j] = outbuf[j]; | ||
| outbuf[j] += 2; | ||
| maxcomplen = pipelens[j] + (s->compress != NULL |
There was a problem hiding this comment.
break after the plus to keep the ternary subexpression together.
There was a problem hiding this comment.
maxcomplen = pipelens[j]
+ (s->compress != NULL
? SSL3_RT_MAX_COMPRESSED_OVERHEAD : 0);
Or
maxcomplen = pipelens[j];
if (s->compress != NULL)
maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
There was a problem hiding this comment.
My comment isn't getting formatted properly. In the first example line the + under the =, and then see how much fits.
There was a problem hiding this comment.
I implemented the second variant.
ssl/record/rec_layer_s3.c
Outdated
| #endif | ||
| outbuf[j] = SSL3_BUFFER_get_buf(wb) + align; | ||
| SSL3_BUFFER_set_offset(wb, align); | ||
| if (!WPACKET_init_static_len(&pkt[j], SSL3_BUFFER_get_buf(wb), |
There was a problem hiding this comment.
as above, try to keep the getbuf/buflen params together.
There was a problem hiding this comment.
As above, still does not fit.
ssl/record/rec_layer_s3.c
Outdated
| } else if (mode == EVP_CIPH_CCM_MODE) { | ||
| eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN; | ||
| else | ||
| } else { |
There was a problem hiding this comment.
maybe init eivlen to zero so you can avoid this statement and the one at 783
| } | ||
| SSL3_RECORD_add_length(&wr[j], 1); | ||
| /* | ||
| * TODO(TLS1.3): Padding goes here. Do we need an API to add this? |
There was a problem hiding this comment.
yes we need an API or a callback. which one to do requires some thought.
ssl/record/ssl3_record.c
Outdated
| if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) { | ||
| size_t end; | ||
|
|
||
| if (rr[j].length == 0) { |
There was a problem hiding this comment.
introduce a local pointer value to replace all these rr[j] instances.
There was a problem hiding this comment.
and not just in this if block, that is.
Improves the readability of the code, and reduces the liklihood of errors.
|
Updated commits addressing feedback so far pushed. |
|
As for the "still does not fit" I understand, but perhaps you can reformat the lines so that the subexpressions are better self-contained. |
|
BTW, if you say that you cannot do the reformatting then +1 |
|
I have had another look at the sub-expressions, but I can't come up with a better way of formatting them that is more sane than what I currently have. |
| + prefix_len; | ||
| if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb), | ||
| SSL3_BUFFER_get_len(wb), 0) | ||
| || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb) |
There was a problem hiding this comment.
So I was suggesting that maybe this is better:
if (!WPACKET_init_static_len(&pkt[0],
SSL3_BUFFER_get_buf(wb),
SSL3_BUFFER_get_len(wb), 0)
Or this
if (!WPACKET_init_static_len(&pkt[0],
SSL3_BUFFER_get_buf(wb), SSL3_BUFFER_get_len(wb),
0)
There was a problem hiding this comment.
Ok, I did the first version.
ssl/record/rec_layer_s3.c
Outdated
| /* field where we are to write out packet length */ | ||
| plen[j] = outbuf[j]; | ||
| outbuf[j] += 2; | ||
| maxcomplen = pipelens[j] + (s->compress != NULL |
There was a problem hiding this comment.
My comment isn't getting formatted properly. In the first example line the + under the =, and then see how much fits.
ssl/record/rec_layer_s3.c
Outdated
| size_t origlen; | ||
|
|
||
| /* Allocate bytes for the encryption overhead */ | ||
| if (!WPACKET_get_length(&pkt[j], &origlen) |
There was a problem hiding this comment.
I think all these pkt[j] and wr[j] should become pointers.
|
upon re-reading, I'm holding back by plus-one; the formatting isn't the issue, it's the pkt/wr[j] stuff. |
…pointer Improves the readability of the code, and reduces the liklihood of errors. Also made a few minor style changes.
|
New commit pushed addressing the feedback. |
|
+1 |
|
Pushed. Thanks. |
| * TODO(TLS1.3): Make sure we prevent compression!!! | ||
| */ | ||
| if (!ssl3_do_compress(s, thiswr) | ||
| || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) { |
There was a problem hiding this comment.
How does the (compressed) data get to the WPACKET in the compression case?
It looks to me like ssl3_do_compress is keeping it within the SSL3_RECORD.
There was a problem hiding this comment.
Look at the SSL3_RECORD_set_data() call a few lines above. An SSL3_RECORD structure never actually stores data itself, it just holds pointers to data somewhere else. In this case we set the data to point at the data that we just reserved in the WPACKET_reserve_bytes() call.
There was a problem hiding this comment.
Ah, thanks.
(Do we have any tests that exercise the SSL compression functionality? I see that ssltest_old.c takes a -zlib argument, but am not finding any recipes that actually use it.)
| p = RECORD_LAYER_get_packet(&s->rlayer); | ||
|
|
||
| if (!PACKET_buf_init(&pkt, RECORD_LAYER_get_packet(&s->rlayer), | ||
| RECORD_LAYER_get_packet_length(&s->rlayer))) { |
There was a problem hiding this comment.
Hmm, maybe a RECORD_to_PACKET helper is in order?
There was a problem hiding this comment.
Well, maybe...but its probably not worth it for just one instance of this.
| /* | ||
| * TODO(TLS1.3): Padding goes here. Do we need an API to add this? | ||
| * For now, use no padding | ||
| */ |
There was a problem hiding this comment.
There should probably be some sort of API. One could imagine letting the application choose amongst some predefined padding profiles, like "add random chaff" or "pad up to N-byte boundaries for various fixed N". I guess one could also imagine adding a callback to give the application packet-level control, which might be useful for tor-like applications, but is probably overkill for the first cut at things.
There was a problem hiding this comment.
It might make sense to always add a padding byte for now, to exercise the read-side code (unless there are boringssl tests already covering that?).
There was a problem hiding this comment.
Look at what we did for CT. A callback, and provide a couple of fixed policies.
There was a problem hiding this comment.
Yes, I'm thinking along similar lines. A later PR though.
|
|
||
| if (TLSProxy::Proxy->is_tls13()) { | ||
| #Get the content type | ||
| my $content_type = unpack("C", substr($data, length($data) - 1)); |
There was a problem hiding this comment.
Hmm, does this mean the proxy is unable to cope with padding?
There was a problem hiding this comment.
Yes. But that's ok. The proxy is only ever used as a test tool between two communicating OpenSSL instances. At the moment OpenSSL never sends padding, so this works. At some point in the future we will have to amend it when we start to send padding.
3 participants
Checklist
Description of change
This modifies the record layer to use TLSv1.3 record construction. I also updated various parts of the record layer to use PACKET/WPACKET.