Remove support for DTLS_BAD_VER. We do not support non-standard and

incomplete implementations just so that we can interoperate with products from vendors who have not bothered to fix things in the last ~10 years. ok bcook@ miod@
author: jsing <> 2015-09-10 17:57:50 +0000
committer: jsing <> 2015-09-10 17:57:50 +0000
commit: 6a01e44e5bb9917370be7048957c7d999d847bb6 (patch)
tree: b6e132390b9936d3bc45c6b7e5f7567e5fabce5b /src/lib/libssl/d1_both.c
parent: d65ad2c1f2794d3d6f1cd74e64b738ee9904a95b (diff)
download: openbsd-6a01e44e5bb9917370be7048957c7d999d847bb6.tar.gz
openbsd-6a01e44e5bb9917370be7048957c7d999d847bb6.tar.bz2
openbsd-6a01e44e5bb9917370be7048957c7d999d847bb6.zip
1 files changed, 5 insertions, 13 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index b479c61322..567a074535 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.34 2015/07/19 20:32:18 doug Exp $ */
+/* $OpenBSD: d1_both.c,v 1.35 2015/09/10 17:57:50 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -346,8 +346,7 @@ dtls1_do_write(SSL *s, int type)
                                const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
                                int xlen;
-                                if (frag_off == 0 &&
+                                if (frag_off == 0) {
-                                    s->version != DTLS1_BAD_VER) {
                                        /*
                                         * Reconstruct message header is if it
                                         * is being sent in single fragment
@@ -441,10 +440,9 @@ again:
        s2n (msg_hdr->seq, p);
        l2n3(0, p);
        l2n3(msg_len, p);
-        if (s->version != DTLS1_BAD_VER) {
-                p -= DTLS1_HM_HEADER_LENGTH;
+        p -= DTLS1_HM_HEADER_LENGTH;
-                msg_len += DTLS1_HM_HEADER_LENGTH;
+        msg_len += DTLS1_HM_HEADER_LENGTH;
-        }
        ssl3_finish_mac(s, p, msg_len);
        if (s->msg_callback)
@@ -971,12 +969,6 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
                s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
                s->init_num = DTLS1_CCS_HEADER_LENGTH;
-                if (s->version == DTLS1_BAD_VER) {
-                        s->d1->next_handshake_write_seq++;
-                        s2n(s->d1->handshake_write_seq, p);
-                        s->init_num += 2;
-                }
                s->init_off = 0;
                dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
author	jsing <>	2015-09-10 17:57:50 +0000
committer	jsing <>	2015-09-10 17:57:50 +0000
commit	6a01e44e5bb9917370be7048957c7d999d847bb6 (patch)
tree	b6e132390b9936d3bc45c6b7e5f7567e5fabce5b /src/lib/libssl/d1_both.c
parent	d65ad2c1f2794d3d6f1cd74e64b738ee9904a95b (diff)
download	openbsd-6a01e44e5bb9917370be7048957c7d999d847bb6.tar.gz openbsd-6a01e44e5bb9917370be7048957c7d999d847bb6.tar.bz2 openbsd-6a01e44e5bb9917370be7048957c7d999d847bb6.zip

diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index b479c61322..567a074535 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_both.c,v 1.34 2015/07/19 20:32:18 doug Exp $ */	1	/* $OpenBSD: d1_both.c,v 1.35 2015/09/10 17:57:50 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -346,8 +346,7 @@ dtls1_do_write(SSL *s, int type)
346	const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;	346	const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
347	int xlen;	347	int xlen;
348		348
349	if (frag_off == 0 &&	349	if (frag_off == 0) {
350	s->version != DTLS1_BAD_VER) {
351	/*	350	/*
352	* Reconstruct message header is if it	351	* Reconstruct message header is if it
353	* is being sent in single fragment	352	* is being sent in single fragment
@@ -441,10 +440,9 @@ again:
441	s2n (msg_hdr->seq, p);	440	s2n (msg_hdr->seq, p);
442	l2n3(0, p);	441	l2n3(0, p);
443	l2n3(msg_len, p);	442	l2n3(msg_len, p);
444	if (s->version != DTLS1_BAD_VER) {	443
445	p -= DTLS1_HM_HEADER_LENGTH;	444	p -= DTLS1_HM_HEADER_LENGTH;
446	msg_len += DTLS1_HM_HEADER_LENGTH;	445	msg_len += DTLS1_HM_HEADER_LENGTH;
447	}
448		446
449	ssl3_finish_mac(s, p, msg_len);	447	ssl3_finish_mac(s, p, msg_len);
450	if (s->msg_callback)	448	if (s->msg_callback)
@@ -971,12 +969,6 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
971	s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;	969	s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
972	s->init_num = DTLS1_CCS_HEADER_LENGTH;	970	s->init_num = DTLS1_CCS_HEADER_LENGTH;
973		971
974	if (s->version == DTLS1_BAD_VER) {
975	s->d1->next_handshake_write_seq++;
976	s2n(s->d1->handshake_write_seq, p);
977	s->init_num += 2;
978	}
979
980	s->init_off = 0;	972	s->init_off = 0;
981		973
982	dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,	974	dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,