summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-05-30 14:01:11 +0000
committerjsing <>2014-05-30 14:01:11 +0000
commitd7bb67cc99974281f55641afa52a0f9e8f1ff938 (patch)
treefeaa5e2dc937f09df0609d84b0849a48c405df08
parent7388822d9393b64a9eb25e34c9bac56fb7f39f15 (diff)
downloadopenbsd-d7bb67cc99974281f55641afa52a0f9e8f1ff938.tar.gz
openbsd-d7bb67cc99974281f55641afa52a0f9e8f1ff938.tar.bz2
openbsd-d7bb67cc99974281f55641afa52a0f9e8f1ff938.zip
Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and
SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_both.c4
-rw-r--r--src/lib/libssl/s3_cbc.c3
-rw-r--r--src/lib/libssl/s3_clnt.c19
-rw-r--r--src/lib/libssl/s3_lib.c4
-rw-r--r--src/lib/libssl/s3_pkt.c28
-rw-r--r--src/lib/libssl/s3_srvr.c32
-rw-r--r--src/lib/libssl/src/ssl/s3_both.c4
-rw-r--r--src/lib/libssl/src/ssl/s3_cbc.c3
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c19
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c4
-rw-r--r--src/lib/libssl/src/ssl/s3_pkt.c28
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c32
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c4
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c13
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c7
-rw-r--r--src/lib/libssl/ssl_lib.c4
-rw-r--r--src/lib/libssl/t1_enc.c13
-rw-r--r--src/lib/libssl/t1_lib.c7
18 files changed, 100 insertions, 128 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index f1d686b56f..54b73451eb 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -632,7 +632,7 @@ ssl3_setup_read_buffer(SSL *s)
632 unsigned char *p; 632 unsigned char *p;
633 size_t len, align = 0, headerlen; 633 size_t len, align = 0, headerlen;
634 634
635 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 635 if (SSL_IS_DTLS(s))
636 headerlen = DTLS1_RT_HEADER_LENGTH; 636 headerlen = DTLS1_RT_HEADER_LENGTH;
637 else 637 else
638 headerlen = SSL3_RT_HEADER_LENGTH; 638 headerlen = SSL3_RT_HEADER_LENGTH;
@@ -672,7 +672,7 @@ ssl3_setup_write_buffer(SSL *s)
672 unsigned char *p; 672 unsigned char *p;
673 size_t len, align = 0, headerlen; 673 size_t len, align = 0, headerlen;
674 674
675 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 675 if (SSL_IS_DTLS(s))
676 headerlen = DTLS1_RT_HEADER_LENGTH + 1; 676 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
677 else 677 else
678 headerlen = SSL3_RT_HEADER_LENGTH; 678 headerlen = SSL3_RT_HEADER_LENGTH;
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index e8f7df572f..9ba9896a52 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -148,8 +148,9 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
148{ 148{
149 unsigned padding_length, good, to_check, i; 149 unsigned padding_length, good, to_check, i;
150 const unsigned overhead = 1 /* padding length byte */ + mac_size; 150 const unsigned overhead = 1 /* padding length byte */ + mac_size;
151
151 /* Check if version requires explicit IV */ 152 /* Check if version requires explicit IV */
152 if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) { 153 if (SSL_USE_EXPLICIT_IV(s)) {
153 /* These lengths are all public so we can test them in 154 /* These lengths are all public so we can test them in
154 * non-constant time. 155 * non-constant time.
155 */ 156 */
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 8dbea3869d..abe5c5a86b 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -848,8 +848,7 @@ ssl3_get_server_hello(SSL *s)
848 if (!ok) 848 if (!ok)
849 return ((int)n); 849 return ((int)n);
850 850
851 if (SSL_version(s) == DTLS1_VERSION || 851 if (SSL_IS_DTLS(s)) {
852 SSL_version(s) == DTLS1_BAD_VER) {
853 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { 852 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
854 if (s->d1->send_cookie == 0) { 853 if (s->d1->send_cookie == 0) {
855 s->s3->tmp.reuse_message = 1; 854 s->s3->tmp.reuse_message = 1;
@@ -986,11 +985,10 @@ ssl3_get_server_hello(SSL *s)
986 } 985 }
987 s->s3->tmp.new_cipher = c; 986 s->s3->tmp.new_cipher = c;
988 /* 987 /*
989 * Don't digest cached records if TLS v1.2: we may need them for 988 * Don't digest cached records if no sigalgs: we may need them for
990 * client authentication. 989 * client authentication.
991 */ 990 */
992 if (TLS1_get_version(s) < TLS1_2_VERSION && 991 if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s)) {
993 !ssl3_digest_cached_records(s)) {
994 al = SSL_AD_INTERNAL_ERROR; 992 al = SSL_AD_INTERNAL_ERROR;
995 goto f_err; 993 goto f_err;
996 } 994 }
@@ -1592,7 +1590,7 @@ ssl3_get_key_exchange(SSL *s)
1592 1590
1593 /* if it was signed, check the signature */ 1591 /* if it was signed, check the signature */
1594 if (pkey != NULL) { 1592 if (pkey != NULL) {
1595 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 1593 if (SSL_USE_SIGALGS(s)) {
1596 int sigalg = tls12_get_sigid(pkey); 1594 int sigalg = tls12_get_sigid(pkey);
1597 /* Should never happen */ 1595 /* Should never happen */
1598 if (sigalg == -1) { 1596 if (sigalg == -1) {
@@ -1634,8 +1632,7 @@ ssl3_get_key_exchange(SSL *s)
1634 goto f_err; 1632 goto f_err;
1635 } 1633 }
1636 1634
1637 if (pkey->type == EVP_PKEY_RSA && 1635 if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
1638 TLS1_get_version(s) < TLS1_2_VERSION) {
1639 int num; 1636 int num;
1640 1637
1641 j = 0; 1638 j = 0;
@@ -1787,7 +1784,7 @@ ssl3_get_certificate_request(SSL *s)
1787 for (i = 0; i < ctype_num; i++) 1784 for (i = 0; i < ctype_num; i++)
1788 s->s3->tmp.ctype[i] = p[i]; 1785 s->s3->tmp.ctype[i] = p[i];
1789 p += ctype_num; 1786 p += ctype_num;
1790 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 1787 if (SSL_USE_SIGALGS(s)) {
1791 n2s(p, llen); 1788 n2s(p, llen);
1792 /* Check we have enough room for signature algorithms and 1789 /* Check we have enough room for signature algorithms and
1793 * following length value. 1790 * following length value.
@@ -2612,7 +2609,7 @@ ssl3_send_client_verify(SSL *s)
2612 pctx = EVP_PKEY_CTX_new(pkey, NULL); 2609 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2613 EVP_PKEY_sign_init(pctx); 2610 EVP_PKEY_sign_init(pctx);
2614 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { 2611 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
2615 if (TLS1_get_version(s) < TLS1_2_VERSION) 2612 if (!SSL_USE_SIGALGS(s))
2616 s->method->ssl3_enc->cert_verify_mac(s, 2613 s->method->ssl3_enc->cert_verify_mac(s,
2617 NID_sha1, &(data[MD5_DIGEST_LENGTH])); 2614 NID_sha1, &(data[MD5_DIGEST_LENGTH]));
2618 } else { 2615 } else {
@@ -2622,7 +2619,7 @@ ssl3_send_client_verify(SSL *s)
2622 * For TLS v1.2 send signature algorithm and signature 2619 * For TLS v1.2 send signature algorithm and signature
2623 * using agreed digest and cached handshake records. 2620 * using agreed digest and cached handshake records.
2624 */ 2621 */
2625 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 2622 if (SSL_USE_SIGALGS(s)) {
2626 long hdatalen = 0; 2623 long hdatalen = 0;
2627 void *hdata; 2624 void *hdata;
2628 const EVP_MD *md = s->cert->key->digest; 2625 const EVP_MD *md = s->cert->key->digest;
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 2c15a87269..da69caa6dd 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -3022,9 +3022,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3022 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 3022 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3023 c = sk_SSL_CIPHER_value(prio, i); 3023 c = sk_SSL_CIPHER_value(prio, i);
3024 3024
3025 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 3025 /* Skip TLS v1.2 only ciphersuites if not supported. */
3026 if ((c->algorithm_ssl & SSL_TLSV1_2) && 3026 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3027 (TLS1_get_version(s) < TLS1_2_VERSION)) 3027 !SSL_USE_TLS1_2_CIPHERS(s))
3028 continue; 3028 continue;
3029 3029
3030 ssl_set_cert_masks(cert, c); 3030 ssl_set_cert_masks(cert, c);
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 3a167f058c..b8be8b5255 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -178,7 +178,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
178 /* For DTLS/UDP reads should not span multiple packets 178 /* For DTLS/UDP reads should not span multiple packets
179 * because the read operation returns the whole packet 179 * because the read operation returns the whole packet
180 * at once (as long as it fits into the buffer). */ 180 * at once (as long as it fits into the buffer). */
181 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { 181 if (SSL_IS_DTLS(s)) {
182 if (left > 0 && n > left) 182 if (left > 0 && n > left)
183 n = left; 183 n = left;
184 } 184 }
@@ -238,18 +238,17 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
238 if (i <= 0) { 238 if (i <= 0) {
239 rb->left = left; 239 rb->left = left;
240 if (s->mode & SSL_MODE_RELEASE_BUFFERS && 240 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
241 SSL_version(s) != DTLS1_VERSION && 241 !SSL_IS_DTLS(s)) {
242 SSL_version(s) != DTLS1_BAD_VER)
243 if (len + left == 0) 242 if (len + left == 0)
244 ssl3_release_read_buffer(s); 243 ssl3_release_read_buffer(s);
244 }
245 return (i); 245 return (i);
246 } 246 }
247 left += i; 247 left += i;
248 /* reads should *never* span multiple packets for DTLS because 248 /* reads should *never* span multiple packets for DTLS because
249 * the underlying transport protocol is message oriented as opposed 249 * the underlying transport protocol is message oriented as opposed
250 * to byte oriented as in the TLS case. */ 250 * to byte oriented as in the TLS case. */
251 if (SSL_version(s) == DTLS1_VERSION || 251 if (SSL_IS_DTLS(s)) {
252 SSL_version(s) == DTLS1_BAD_VER) {
253 if (n > left) 252 if (n > left)
254 n = left; /* makes the while condition false */ 253 n = left; /* makes the while condition false */
255 } 254 }
@@ -722,10 +721,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
722 721
723 /* field where we are to write out packet length */ 722 /* field where we are to write out packet length */
724 plen = p; 723 plen = p;
725
726 p += 2; 724 p += 2;
727 /* Explicit IV length, block ciphers and TLS version 1.1 or later */ 725
728 if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) { 726 /* Explicit IV length. */
727 if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
729 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); 728 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
730 if (mode == EVP_CIPH_CBC_MODE) { 729 if (mode == EVP_CIPH_CBC_MODE) {
731 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); 730 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
@@ -844,18 +843,17 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
844 wb->left = 0; 843 wb->left = 0;
845 wb->offset += i; 844 wb->offset += i;
846 if (s->mode & SSL_MODE_RELEASE_BUFFERS && 845 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
847 SSL_version(s) != DTLS1_VERSION && 846 !SSL_IS_DTLS(s))
848 SSL_version(s) != DTLS1_BAD_VER)
849 ssl3_release_write_buffer(s); 847 ssl3_release_write_buffer(s);
850 s->rwstate = SSL_NOTHING; 848 s->rwstate = SSL_NOTHING;
851 return (s->s3->wpend_ret); 849 return (s->s3->wpend_ret);
852 } else if (i <= 0) { 850 } else if (i <= 0) {
853 if (s->version == DTLS1_VERSION || 851 /*
854 s->version == DTLS1_BAD_VER) { 852 * For DTLS, just drop it. That's kind of the
855 /* For DTLS, just drop it. That's kind of the whole 853 * whole point in using a datagram service.
856 point in using a datagram service */ 854 */
855 if (SSL_IS_DTLS(s))
857 wb->left = 0; 856 wb->left = 0;
858 }
859 return (i); 857 return (i);
860 } 858 }
861 wb->offset += i; 859 wb->offset += i;
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 481cf37bef..120f92a9d3 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -591,13 +591,13 @@ ssl3_accept(SSL *s)
591 s->state = SSL3_ST_SR_FINISHED_A; 591 s->state = SSL3_ST_SR_FINISHED_A;
592#endif 592#endif
593 s->init_num = 0; 593 s->init_num = 0;
594 } else if (TLS1_get_version(s) >= TLS1_2_VERSION) { 594 } else if (SSL_USE_SIGALGS(s)) {
595 s->state = SSL3_ST_SR_CERT_VRFY_A; 595 s->state = SSL3_ST_SR_CERT_VRFY_A;
596 s->init_num = 0; 596 s->init_num = 0;
597 if (!s->session->peer) 597 if (!s->session->peer)
598 break; 598 break;
599 /* 599 /*
600 * For TLS v1.2 freeze the handshake buffer 600 * For sigalgs freeze the handshake buffer
601 * at this point and digest cached records. 601 * at this point and digest cached records.
602 */ 602 */
603 if (!s->s3->handshake_buffer) { 603 if (!s->s3->handshake_buffer) {
@@ -980,7 +980,7 @@ ssl3_get_client_hello(SSL *s)
980 * Versions before 0.9.7 always allow clients to resume sessions in 980 * Versions before 0.9.7 always allow clients to resume sessions in
981 * renegotiation. 0.9.7 and later allow this by default, but optionally 981 * renegotiation. 0.9.7 and later allow this by default, but optionally
982 * ignore resumption requests with flag 982 * ignore resumption requests with flag
983 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag 983 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag
984 * rather than a change to default behavior so that applications 984 * rather than a change to default behavior so that applications
985 * relying on this for security won't even compile against older 985 * relying on this for security won't even compile against older
986 * library versions). 986 * library versions).
@@ -1010,7 +1010,7 @@ ssl3_get_client_hello(SSL *s)
1010 1010
1011 p += j; 1011 p += j;
1012 1012
1013 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { 1013 if (SSL_IS_DTLS(s)) {
1014 /* cookie stuff */ 1014 /* cookie stuff */
1015 cookie_len = *(p++); 1015 cookie_len = *(p++);
1016 1016
@@ -1331,8 +1331,7 @@ ssl3_get_client_hello(SSL *s)
1331 s->s3->tmp.new_cipher = s->session->cipher; 1331 s->s3->tmp.new_cipher = s->session->cipher;
1332 } 1332 }
1333 1333
1334 if (TLS1_get_version(s) < TLS1_2_VERSION || 1334 if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) {
1335 !(s->verify_mode & SSL_VERIFY_PEER)) {
1336 if (!ssl3_digest_cached_records(s)) { 1335 if (!ssl3_digest_cached_records(s)) {
1337 al = SSL_AD_INTERNAL_ERROR; 1336 al = SSL_AD_INTERNAL_ERROR;
1338 goto f_err; 1337 goto f_err;
@@ -1819,8 +1818,7 @@ ssl3_send_server_key_exchange(SSL *s)
1819 * n is the length of the params, they start at &(d[4]) 1818 * n is the length of the params, they start at &(d[4])
1820 * and p points to the space at the end. 1819 * and p points to the space at the end.
1821 */ 1820 */
1822 if (pkey->type == EVP_PKEY_RSA 1821 if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
1823 && TLS1_get_version(s) < TLS1_2_VERSION) {
1824 q = md_buf; 1822 q = md_buf;
1825 j = 0; 1823 j = 0;
1826 for (num = 2; num > 0; num--) { 1824 for (num = 2; num > 0; num--) {
@@ -1850,13 +1848,9 @@ ssl3_send_server_key_exchange(SSL *s)
1850 } 1848 }
1851 s2n(u, p); 1849 s2n(u, p);
1852 n += u + 2; 1850 n += u + 2;
1853 } else 1851 } else if (md) {
1854 if (md) { 1852 /* Send signature algorithm. */
1855 /* 1853 if (SSL_USE_SIGALGS(s)) {
1856 * For TLS1.2 and later send signature
1857 * algorithm
1858 */
1859 if (TLS1_get_version(s) >= TLS1_2_VERSION) {
1860 if (!tls12_get_sigandhash(p, pkey, md)) { 1854 if (!tls12_get_sigandhash(p, pkey, md)) {
1861 /* Should never happen */ 1855 /* Should never happen */
1862 al = SSL_AD_INTERNAL_ERROR; 1856 al = SSL_AD_INTERNAL_ERROR;
@@ -1884,7 +1878,7 @@ ssl3_send_server_key_exchange(SSL *s)
1884 } 1878 }
1885 s2n(i, p); 1879 s2n(i, p);
1886 n += i + 2; 1880 n += i + 2;
1887 if (TLS1_get_version(s) >= TLS1_2_VERSION) 1881 if (SSL_USE_SIGALGS(s))
1888 n += 2; 1882 n += 2;
1889 } else { 1883 } else {
1890 /* Is this error check actually needed? */ 1884 /* Is this error check actually needed? */
@@ -1937,7 +1931,7 @@ ssl3_send_certificate_request(SSL *s)
1937 p += n; 1931 p += n;
1938 n++; 1932 n++;
1939 1933
1940 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 1934 if (SSL_USE_SIGALGS(s)) {
1941 nl = tls12_get_req_sig_algs(s, p + 2); 1935 nl = tls12_get_req_sig_algs(s, p + 2);
1942 s2n(nl, p); 1936 s2n(nl, p);
1943 p += nl + 2; 1937 p += nl + 2;
@@ -2592,7 +2586,7 @@ ssl3_get_cert_verify(SSL *s)
2592 pkey->type == NID_id_GostR3410_2001) ) { 2586 pkey->type == NID_id_GostR3410_2001) ) {
2593 i = 64; 2587 i = 64;
2594 } else { 2588 } else {
2595 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 2589 if (SSL_USE_SIGALGS(s)) {
2596 int sigalg = tls12_get_sigid(pkey); 2590 int sigalg = tls12_get_sigid(pkey);
2597 /* Should never happen */ 2591 /* Should never happen */
2598 if (sigalg == -1) { 2592 if (sigalg == -1) {
@@ -2635,7 +2629,7 @@ ssl3_get_cert_verify(SSL *s)
2635 goto f_err; 2629 goto f_err;
2636 } 2630 }
2637 2631
2638 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 2632 if (SSL_USE_SIGALGS(s)) {
2639 long hdatalen = 0; 2633 long hdatalen = 0;
2640 void *hdata; 2634 void *hdata;
2641 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); 2635 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index f1d686b56f..54b73451eb 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -632,7 +632,7 @@ ssl3_setup_read_buffer(SSL *s)
632 unsigned char *p; 632 unsigned char *p;
633 size_t len, align = 0, headerlen; 633 size_t len, align = 0, headerlen;
634 634
635 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 635 if (SSL_IS_DTLS(s))
636 headerlen = DTLS1_RT_HEADER_LENGTH; 636 headerlen = DTLS1_RT_HEADER_LENGTH;
637 else 637 else
638 headerlen = SSL3_RT_HEADER_LENGTH; 638 headerlen = SSL3_RT_HEADER_LENGTH;
@@ -672,7 +672,7 @@ ssl3_setup_write_buffer(SSL *s)
672 unsigned char *p; 672 unsigned char *p;
673 size_t len, align = 0, headerlen; 673 size_t len, align = 0, headerlen;
674 674
675 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 675 if (SSL_IS_DTLS(s))
676 headerlen = DTLS1_RT_HEADER_LENGTH + 1; 676 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
677 else 677 else
678 headerlen = SSL3_RT_HEADER_LENGTH; 678 headerlen = SSL3_RT_HEADER_LENGTH;
diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c
index e8f7df572f..9ba9896a52 100644
--- a/src/lib/libssl/src/ssl/s3_cbc.c
+++ b/src/lib/libssl/src/ssl/s3_cbc.c
@@ -148,8 +148,9 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
148{ 148{
149 unsigned padding_length, good, to_check, i; 149 unsigned padding_length, good, to_check, i;
150 const unsigned overhead = 1 /* padding length byte */ + mac_size; 150 const unsigned overhead = 1 /* padding length byte */ + mac_size;
151
151 /* Check if version requires explicit IV */ 152 /* Check if version requires explicit IV */
152 if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) { 153 if (SSL_USE_EXPLICIT_IV(s)) {
153 /* These lengths are all public so we can test them in 154 /* These lengths are all public so we can test them in
154 * non-constant time. 155 * non-constant time.
155 */ 156 */
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 8dbea3869d..abe5c5a86b 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -848,8 +848,7 @@ ssl3_get_server_hello(SSL *s)
848 if (!ok) 848 if (!ok)
849 return ((int)n); 849 return ((int)n);
850 850
851 if (SSL_version(s) == DTLS1_VERSION || 851 if (SSL_IS_DTLS(s)) {
852 SSL_version(s) == DTLS1_BAD_VER) {
853 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { 852 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
854 if (s->d1->send_cookie == 0) { 853 if (s->d1->send_cookie == 0) {
855 s->s3->tmp.reuse_message = 1; 854 s->s3->tmp.reuse_message = 1;
@@ -986,11 +985,10 @@ ssl3_get_server_hello(SSL *s)
986 } 985 }
987 s->s3->tmp.new_cipher = c; 986 s->s3->tmp.new_cipher = c;
988 /* 987 /*
989 * Don't digest cached records if TLS v1.2: we may need them for 988 * Don't digest cached records if no sigalgs: we may need them for
990 * client authentication. 989 * client authentication.
991 */ 990 */
992 if (TLS1_get_version(s) < TLS1_2_VERSION && 991 if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s)) {
993 !ssl3_digest_cached_records(s)) {
994 al = SSL_AD_INTERNAL_ERROR; 992 al = SSL_AD_INTERNAL_ERROR;
995 goto f_err; 993 goto f_err;
996 } 994 }
@@ -1592,7 +1590,7 @@ ssl3_get_key_exchange(SSL *s)
1592 1590
1593 /* if it was signed, check the signature */ 1591 /* if it was signed, check the signature */
1594 if (pkey != NULL) { 1592 if (pkey != NULL) {
1595 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 1593 if (SSL_USE_SIGALGS(s)) {
1596 int sigalg = tls12_get_sigid(pkey); 1594 int sigalg = tls12_get_sigid(pkey);
1597 /* Should never happen */ 1595 /* Should never happen */
1598 if (sigalg == -1) { 1596 if (sigalg == -1) {
@@ -1634,8 +1632,7 @@ ssl3_get_key_exchange(SSL *s)
1634 goto f_err; 1632 goto f_err;
1635 } 1633 }
1636 1634
1637 if (pkey->type == EVP_PKEY_RSA && 1635 if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
1638 TLS1_get_version(s) < TLS1_2_VERSION) {
1639 int num; 1636 int num;
1640 1637
1641 j = 0; 1638 j = 0;
@@ -1787,7 +1784,7 @@ ssl3_get_certificate_request(SSL *s)
1787 for (i = 0; i < ctype_num; i++) 1784 for (i = 0; i < ctype_num; i++)
1788 s->s3->tmp.ctype[i] = p[i]; 1785 s->s3->tmp.ctype[i] = p[i];
1789 p += ctype_num; 1786 p += ctype_num;
1790 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 1787 if (SSL_USE_SIGALGS(s)) {
1791 n2s(p, llen); 1788 n2s(p, llen);
1792 /* Check we have enough room for signature algorithms and 1789 /* Check we have enough room for signature algorithms and
1793 * following length value. 1790 * following length value.
@@ -2612,7 +2609,7 @@ ssl3_send_client_verify(SSL *s)
2612 pctx = EVP_PKEY_CTX_new(pkey, NULL); 2609 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2613 EVP_PKEY_sign_init(pctx); 2610 EVP_PKEY_sign_init(pctx);
2614 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { 2611 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
2615 if (TLS1_get_version(s) < TLS1_2_VERSION) 2612 if (!SSL_USE_SIGALGS(s))
2616 s->method->ssl3_enc->cert_verify_mac(s, 2613 s->method->ssl3_enc->cert_verify_mac(s,
2617 NID_sha1, &(data[MD5_DIGEST_LENGTH])); 2614 NID_sha1, &(data[MD5_DIGEST_LENGTH]));
2618 } else { 2615 } else {
@@ -2622,7 +2619,7 @@ ssl3_send_client_verify(SSL *s)
2622 * For TLS v1.2 send signature algorithm and signature 2619 * For TLS v1.2 send signature algorithm and signature
2623 * using agreed digest and cached handshake records. 2620 * using agreed digest and cached handshake records.
2624 */ 2621 */
2625 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 2622 if (SSL_USE_SIGALGS(s)) {
2626 long hdatalen = 0; 2623 long hdatalen = 0;
2627 void *hdata; 2624 void *hdata;
2628 const EVP_MD *md = s->cert->key->digest; 2625 const EVP_MD *md = s->cert->key->digest;
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 2c15a87269..da69caa6dd 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -3022,9 +3022,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3022 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { 3022 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3023 c = sk_SSL_CIPHER_value(prio, i); 3023 c = sk_SSL_CIPHER_value(prio, i);
3024 3024
3025 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 3025 /* Skip TLS v1.2 only ciphersuites if not supported. */
3026 if ((c->algorithm_ssl & SSL_TLSV1_2) && 3026 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3027 (TLS1_get_version(s) < TLS1_2_VERSION)) 3027 !SSL_USE_TLS1_2_CIPHERS(s))
3028 continue; 3028 continue;
3029 3029
3030 ssl_set_cert_masks(cert, c); 3030 ssl_set_cert_masks(cert, c);
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index 3a167f058c..b8be8b5255 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -178,7 +178,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
178 /* For DTLS/UDP reads should not span multiple packets 178 /* For DTLS/UDP reads should not span multiple packets
179 * because the read operation returns the whole packet 179 * because the read operation returns the whole packet
180 * at once (as long as it fits into the buffer). */ 180 * at once (as long as it fits into the buffer). */
181 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { 181 if (SSL_IS_DTLS(s)) {
182 if (left > 0 && n > left) 182 if (left > 0 && n > left)
183 n = left; 183 n = left;
184 } 184 }
@@ -238,18 +238,17 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
238 if (i <= 0) { 238 if (i <= 0) {
239 rb->left = left; 239 rb->left = left;
240 if (s->mode & SSL_MODE_RELEASE_BUFFERS && 240 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
241 SSL_version(s) != DTLS1_VERSION && 241 !SSL_IS_DTLS(s)) {
242 SSL_version(s) != DTLS1_BAD_VER)
243 if (len + left == 0) 242 if (len + left == 0)
244 ssl3_release_read_buffer(s); 243 ssl3_release_read_buffer(s);
244 }
245 return (i); 245 return (i);
246 } 246 }
247 left += i; 247 left += i;
248 /* reads should *never* span multiple packets for DTLS because 248 /* reads should *never* span multiple packets for DTLS because
249 * the underlying transport protocol is message oriented as opposed 249 * the underlying transport protocol is message oriented as opposed
250 * to byte oriented as in the TLS case. */ 250 * to byte oriented as in the TLS case. */
251 if (SSL_version(s) == DTLS1_VERSION || 251 if (SSL_IS_DTLS(s)) {
252 SSL_version(s) == DTLS1_BAD_VER) {
253 if (n > left) 252 if (n > left)
254 n = left; /* makes the while condition false */ 253 n = left; /* makes the while condition false */
255 } 254 }
@@ -722,10 +721,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
722 721
723 /* field where we are to write out packet length */ 722 /* field where we are to write out packet length */
724 plen = p; 723 plen = p;
725
726 p += 2; 724 p += 2;
727 /* Explicit IV length, block ciphers and TLS version 1.1 or later */ 725
728 if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) { 726 /* Explicit IV length. */
727 if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
729 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); 728 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
730 if (mode == EVP_CIPH_CBC_MODE) { 729 if (mode == EVP_CIPH_CBC_MODE) {
731 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); 730 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
@@ -844,18 +843,17 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
844 wb->left = 0; 843 wb->left = 0;
845 wb->offset += i; 844 wb->offset += i;
846 if (s->mode & SSL_MODE_RELEASE_BUFFERS && 845 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
847 SSL_version(s) != DTLS1_VERSION && 846 !SSL_IS_DTLS(s))
848 SSL_version(s) != DTLS1_BAD_VER)
849 ssl3_release_write_buffer(s); 847 ssl3_release_write_buffer(s);
850 s->rwstate = SSL_NOTHING; 848 s->rwstate = SSL_NOTHING;
851 return (s->s3->wpend_ret); 849 return (s->s3->wpend_ret);
852 } else if (i <= 0) { 850 } else if (i <= 0) {
853 if (s->version == DTLS1_VERSION || 851 /*
854 s->version == DTLS1_BAD_VER) { 852 * For DTLS, just drop it. That's kind of the
855 /* For DTLS, just drop it. That's kind of the whole 853 * whole point in using a datagram service.
856 point in using a datagram service */ 854 */
855 if (SSL_IS_DTLS(s))
857 wb->left = 0; 856 wb->left = 0;
858 }
859 return (i); 857 return (i);
860 } 858 }
861 wb->offset += i; 859 wb->offset += i;
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 481cf37bef..120f92a9d3 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -591,13 +591,13 @@ ssl3_accept(SSL *s)
591 s->state = SSL3_ST_SR_FINISHED_A; 591 s->state = SSL3_ST_SR_FINISHED_A;
592#endif 592#endif
593 s->init_num = 0; 593 s->init_num = 0;
594 } else if (TLS1_get_version(s) >= TLS1_2_VERSION) { 594 } else if (SSL_USE_SIGALGS(s)) {
595 s->state = SSL3_ST_SR_CERT_VRFY_A; 595 s->state = SSL3_ST_SR_CERT_VRFY_A;
596 s->init_num = 0; 596 s->init_num = 0;
597 if (!s->session->peer) 597 if (!s->session->peer)
598 break; 598 break;
599 /* 599 /*
600 * For TLS v1.2 freeze the handshake buffer 600 * For sigalgs freeze the handshake buffer
601 * at this point and digest cached records. 601 * at this point and digest cached records.
602 */ 602 */
603 if (!s->s3->handshake_buffer) { 603 if (!s->s3->handshake_buffer) {
@@ -980,7 +980,7 @@ ssl3_get_client_hello(SSL *s)
980 * Versions before 0.9.7 always allow clients to resume sessions in 980 * Versions before 0.9.7 always allow clients to resume sessions in
981 * renegotiation. 0.9.7 and later allow this by default, but optionally 981 * renegotiation. 0.9.7 and later allow this by default, but optionally
982 * ignore resumption requests with flag 982 * ignore resumption requests with flag
983 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag 983 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag
984 * rather than a change to default behavior so that applications 984 * rather than a change to default behavior so that applications
985 * relying on this for security won't even compile against older 985 * relying on this for security won't even compile against older
986 * library versions). 986 * library versions).
@@ -1010,7 +1010,7 @@ ssl3_get_client_hello(SSL *s)
1010 1010
1011 p += j; 1011 p += j;
1012 1012
1013 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { 1013 if (SSL_IS_DTLS(s)) {
1014 /* cookie stuff */ 1014 /* cookie stuff */
1015 cookie_len = *(p++); 1015 cookie_len = *(p++);
1016 1016
@@ -1331,8 +1331,7 @@ ssl3_get_client_hello(SSL *s)
1331 s->s3->tmp.new_cipher = s->session->cipher; 1331 s->s3->tmp.new_cipher = s->session->cipher;
1332 } 1332 }
1333 1333
1334 if (TLS1_get_version(s) < TLS1_2_VERSION || 1334 if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) {
1335 !(s->verify_mode & SSL_VERIFY_PEER)) {
1336 if (!ssl3_digest_cached_records(s)) { 1335 if (!ssl3_digest_cached_records(s)) {
1337 al = SSL_AD_INTERNAL_ERROR; 1336 al = SSL_AD_INTERNAL_ERROR;
1338 goto f_err; 1337 goto f_err;
@@ -1819,8 +1818,7 @@ ssl3_send_server_key_exchange(SSL *s)
1819 * n is the length of the params, they start at &(d[4]) 1818 * n is the length of the params, they start at &(d[4])
1820 * and p points to the space at the end. 1819 * and p points to the space at the end.
1821 */ 1820 */
1822 if (pkey->type == EVP_PKEY_RSA 1821 if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
1823 && TLS1_get_version(s) < TLS1_2_VERSION) {
1824 q = md_buf; 1822 q = md_buf;
1825 j = 0; 1823 j = 0;
1826 for (num = 2; num > 0; num--) { 1824 for (num = 2; num > 0; num--) {
@@ -1850,13 +1848,9 @@ ssl3_send_server_key_exchange(SSL *s)
1850 } 1848 }
1851 s2n(u, p); 1849 s2n(u, p);
1852 n += u + 2; 1850 n += u + 2;
1853 } else 1851 } else if (md) {
1854 if (md) { 1852 /* Send signature algorithm. */
1855 /* 1853 if (SSL_USE_SIGALGS(s)) {
1856 * For TLS1.2 and later send signature
1857 * algorithm
1858 */
1859 if (TLS1_get_version(s) >= TLS1_2_VERSION) {
1860 if (!tls12_get_sigandhash(p, pkey, md)) { 1854 if (!tls12_get_sigandhash(p, pkey, md)) {
1861 /* Should never happen */ 1855 /* Should never happen */
1862 al = SSL_AD_INTERNAL_ERROR; 1856 al = SSL_AD_INTERNAL_ERROR;
@@ -1884,7 +1878,7 @@ ssl3_send_server_key_exchange(SSL *s)
1884 } 1878 }
1885 s2n(i, p); 1879 s2n(i, p);
1886 n += i + 2; 1880 n += i + 2;
1887 if (TLS1_get_version(s) >= TLS1_2_VERSION) 1881 if (SSL_USE_SIGALGS(s))
1888 n += 2; 1882 n += 2;
1889 } else { 1883 } else {
1890 /* Is this error check actually needed? */ 1884 /* Is this error check actually needed? */
@@ -1937,7 +1931,7 @@ ssl3_send_certificate_request(SSL *s)
1937 p += n; 1931 p += n;
1938 n++; 1932 n++;
1939 1933
1940 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 1934 if (SSL_USE_SIGALGS(s)) {
1941 nl = tls12_get_req_sig_algs(s, p + 2); 1935 nl = tls12_get_req_sig_algs(s, p + 2);
1942 s2n(nl, p); 1936 s2n(nl, p);
1943 p += nl + 2; 1937 p += nl + 2;
@@ -2592,7 +2586,7 @@ ssl3_get_cert_verify(SSL *s)
2592 pkey->type == NID_id_GostR3410_2001) ) { 2586 pkey->type == NID_id_GostR3410_2001) ) {
2593 i = 64; 2587 i = 64;
2594 } else { 2588 } else {
2595 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 2589 if (SSL_USE_SIGALGS(s)) {
2596 int sigalg = tls12_get_sigid(pkey); 2590 int sigalg = tls12_get_sigid(pkey);
2597 /* Should never happen */ 2591 /* Should never happen */
2598 if (sigalg == -1) { 2592 if (sigalg == -1) {
@@ -2635,7 +2629,7 @@ ssl3_get_cert_verify(SSL *s)
2635 goto f_err; 2629 goto f_err;
2636 } 2630 }
2637 2631
2638 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 2632 if (SSL_USE_SIGALGS(s)) {
2639 long hdatalen = 0; 2633 long hdatalen = 0;
2640 void *hdata; 2634 void *hdata;
2641 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); 2635 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 3e654117bf..e3b67817cc 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1104,9 +1104,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1104 if (larg < (long)dtls1_min_mtu()) 1104 if (larg < (long)dtls1_min_mtu())
1105 return (0); 1105 return (0);
1106#endif 1106#endif
1107 1107 if (SSL_IS_DTLS(s)) {
1108 if (SSL_version(s) == DTLS1_VERSION ||
1109 SSL_version(s) == DTLS1_BAD_VER) {
1110 s->d1->mtu = larg; 1108 s->d1->mtu = larg;
1111 return (larg); 1109 return (larg);
1112 } 1110 }
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 87860feda9..9d47bde6c6 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -639,14 +639,11 @@ tls1_enc(SSL *s, int send)
639 if (s->enc_write_ctx == NULL) 639 if (s->enc_write_ctx == NULL)
640 enc = NULL; 640 enc = NULL;
641 else { 641 else {
642 int ivlen; 642 int ivlen = 0;
643 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); 643 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
644 /* For TLSv1.1 and later explicit IV */ 644 if (SSL_USE_EXPLICIT_IV(s) &&
645 if (s->version >= TLS1_1_VERSION &&
646 EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) 645 EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
647 ivlen = EVP_CIPHER_iv_length(enc); 646 ivlen = EVP_CIPHER_iv_length(enc);
648 else
649 ivlen = 0;
650 if (ivlen > 1) { 647 if (ivlen > 1) {
651 if (rec->data != rec->input) 648 if (rec->data != rec->input)
652 /* we can't write into the input stream: 649 /* we can't write into the input stream:
@@ -686,7 +683,7 @@ tls1_enc(SSL *s, int send)
686 683
687 seq = send ? s->s3->write_sequence : s->s3->read_sequence; 684 seq = send ? s->s3->write_sequence : s->s3->read_sequence;
688 685
689 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { 686 if (SSL_IS_DTLS(s)) {
690 unsigned char dtlsseq[9], *p = dtlsseq; 687 unsigned char dtlsseq[9], *p = dtlsseq;
691 688
692 s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p); 689 s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
@@ -876,7 +873,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
876 mac_ctx = &hmac; 873 mac_ctx = &hmac;
877 } 874 }
878 875
879 if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) { 876 if (SSL_IS_DTLS(ssl)) {
880 unsigned char dtlsseq[8], *p = dtlsseq; 877 unsigned char dtlsseq[8], *p = dtlsseq;
881 878
882 s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p); 879 s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
@@ -919,7 +916,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
919 if (!stream_mac) 916 if (!stream_mac)
920 EVP_MD_CTX_cleanup(&hmac); 917 EVP_MD_CTX_cleanup(&hmac);
921 918
922 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) { 919 if (!SSL_IS_DTLS(ssl)) {
923 for (i = 7; i >= 0; i--) { 920 for (i = 7; i >= 0; i--) {
924 ++seq[i]; 921 ++seq[i];
925 if (seq[i] != 0) 922 if (seq[i] != 0)
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index b15465d550..fa70f21f95 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -2028,7 +2028,7 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
2028 if (p >= limit) 2028 if (p >= limit)
2029 return -1; 2029 return -1;
2030 /* Skip past DTLS cookie */ 2030 /* Skip past DTLS cookie */
2031 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { 2031 if (SSL_IS_DTLS(s)) {
2032 i = *(p++); 2032 i = *(p++);
2033 p += i; 2033 p += i;
2034 if (p >= limit) 2034 if (p >= limit)
@@ -2296,9 +2296,10 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2296 const EVP_MD *md; 2296 const EVP_MD *md;
2297 CERT *c = s->cert; 2297 CERT *c = s->cert;
2298 2298
2299 /* Extension ignored for TLS versions below 1.2 */ 2299 /* Extension ignored for inappropriate versions */
2300 if (TLS1_get_version(s) < TLS1_2_VERSION) 2300 if (!SSL_USE_SIGALGS(s))
2301 return 1; 2301 return 1;
2302
2302 /* Should never happen */ 2303 /* Should never happen */
2303 if (!c) 2304 if (!c)
2304 return 0; 2305 return 0;
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 3e654117bf..e3b67817cc 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1104,9 +1104,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1104 if (larg < (long)dtls1_min_mtu()) 1104 if (larg < (long)dtls1_min_mtu())
1105 return (0); 1105 return (0);
1106#endif 1106#endif
1107 1107 if (SSL_IS_DTLS(s)) {
1108 if (SSL_version(s) == DTLS1_VERSION ||
1109 SSL_version(s) == DTLS1_BAD_VER) {
1110 s->d1->mtu = larg; 1108 s->d1->mtu = larg;
1111 return (larg); 1109 return (larg);
1112 } 1110 }
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 87860feda9..9d47bde6c6 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -639,14 +639,11 @@ tls1_enc(SSL *s, int send)
639 if (s->enc_write_ctx == NULL) 639 if (s->enc_write_ctx == NULL)
640 enc = NULL; 640 enc = NULL;
641 else { 641 else {
642 int ivlen; 642 int ivlen = 0;
643 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); 643 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
644 /* For TLSv1.1 and later explicit IV */ 644 if (SSL_USE_EXPLICIT_IV(s) &&
645 if (s->version >= TLS1_1_VERSION &&
646 EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) 645 EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
647 ivlen = EVP_CIPHER_iv_length(enc); 646 ivlen = EVP_CIPHER_iv_length(enc);
648 else
649 ivlen = 0;
650 if (ivlen > 1) { 647 if (ivlen > 1) {
651 if (rec->data != rec->input) 648 if (rec->data != rec->input)
652 /* we can't write into the input stream: 649 /* we can't write into the input stream:
@@ -686,7 +683,7 @@ tls1_enc(SSL *s, int send)
686 683
687 seq = send ? s->s3->write_sequence : s->s3->read_sequence; 684 seq = send ? s->s3->write_sequence : s->s3->read_sequence;
688 685
689 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { 686 if (SSL_IS_DTLS(s)) {
690 unsigned char dtlsseq[9], *p = dtlsseq; 687 unsigned char dtlsseq[9], *p = dtlsseq;
691 688
692 s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p); 689 s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
@@ -876,7 +873,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
876 mac_ctx = &hmac; 873 mac_ctx = &hmac;
877 } 874 }
878 875
879 if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) { 876 if (SSL_IS_DTLS(ssl)) {
880 unsigned char dtlsseq[8], *p = dtlsseq; 877 unsigned char dtlsseq[8], *p = dtlsseq;
881 878
882 s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p); 879 s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
@@ -919,7 +916,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
919 if (!stream_mac) 916 if (!stream_mac)
920 EVP_MD_CTX_cleanup(&hmac); 917 EVP_MD_CTX_cleanup(&hmac);
921 918
922 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) { 919 if (!SSL_IS_DTLS(ssl)) {
923 for (i = 7; i >= 0; i--) { 920 for (i = 7; i >= 0; i--) {
924 ++seq[i]; 921 ++seq[i];
925 if (seq[i] != 0) 922 if (seq[i] != 0)
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b15465d550..fa70f21f95 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -2028,7 +2028,7 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
2028 if (p >= limit) 2028 if (p >= limit)
2029 return -1; 2029 return -1;
2030 /* Skip past DTLS cookie */ 2030 /* Skip past DTLS cookie */
2031 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { 2031 if (SSL_IS_DTLS(s)) {
2032 i = *(p++); 2032 i = *(p++);
2033 p += i; 2033 p += i;
2034 if (p >= limit) 2034 if (p >= limit)
@@ -2296,9 +2296,10 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2296 const EVP_MD *md; 2296 const EVP_MD *md;
2297 CERT *c = s->cert; 2297 CERT *c = s->cert;
2298 2298
2299 /* Extension ignored for TLS versions below 1.2 */ 2299 /* Extension ignored for inappropriate versions */
2300 if (TLS1_get_version(s) < TLS1_2_VERSION) 2300 if (!SSL_USE_SIGALGS(s))
2301 return 1; 2301 return 1;
2302
2302 /* Should never happen */ 2303 /* Should never happen */
2303 if (!c) 2304 if (!c)
2304 return 0; 2305 return 0;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-03 22:53:24 +0000