resolve conflicts

author: djm <> 2012-10-13 21:25:14 +0000
committer: djm <> 2012-10-13 21:25:14 +0000
commit: 942650cdef05a877200cb7aff3a075935a5fd0cd (patch)
tree: 281e0a29ae8f87a8c47fbd4deaa1f3d48b8cc5c1 /src/lib/libssl/s3_pkt.c
parent: 37f091539f73e1650c83acd0c78677ef48c209a6 (diff)
download: openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.tar.gz
openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.tar.bz2
openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.zip
1 files changed, 68 insertions, 9 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index f9b3629cf7..adf8c387cc 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -115,6 +115,7 @@
 #include "ssl_locl.h"
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
+#include <openssl/rand.h>
 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                         unsigned int len, int create_empty_fragment);
@@ -630,6 +631,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        unsigned char *p,*plen;
        int i,mac_size,clear=0;
        int prefix_len=0;
+        int eivlen;
        long align=0;
        SSL3_RECORD *wr;
        SSL3_BUFFER *wb=&(s->s3->wbuf);
@@ -662,10 +664,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        if (    (sess == NULL) ||
                (s->enc_write_ctx == NULL) ||
                (EVP_MD_CTX_md(s->write_hash) == NULL))
+                {
+#if 1
+                clear=s->enc_write_ctx?0:1;     /* must be AEAD cipher */
+#else
                clear=1;
+#endif
-        if (clear)
                mac_size=0;
+                }
        else
                {
                mac_size=EVP_MD_CTX_size(s->write_hash);
@@ -734,14 +740,39 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        wr->type=type;
        *(p++)=(s->version>>8);
-        *(p++)=s->version&0xff;
+        /* Some servers hang if iniatial client hello is larger than 256
+         * bytes and record version number > TLS 1.0
+         */
+        if (s->state == SSL3_ST_CW_CLNT_HELLO_B
+                                && TLS1_get_version(s) > TLS1_VERSION)
+                *(p++) = 0x1;
+        else
+                *(p++)=s->version&0xff;
        /* field where we are to write out packet length */
        plen=p; 
        p+=2;
+        /* Explicit IV length, block ciphers and TLS version 1.1 or later */
+        if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
+                {
+                int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+                if (mode == EVP_CIPH_CBC_MODE)
+                        {
+                        eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+                        if (eivlen <= 1)
+                                eivlen = 0;
+                        }
+                /* Need explicit part of IV for GCM mode */
+                else if (mode == EVP_CIPH_GCM_MODE)
+                        eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                else
+                        eivlen = 0;
+                }
+        else 
+                eivlen = 0;
        /* lets setup the record stuff. */
-        wr->data=p;
+        wr->data=p + eivlen;
        wr->length=(int)len;
        wr->input=(unsigned char *)buf;
@@ -769,11 +800,19 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        if (mac_size != 0)
                {
-                if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0)
+                if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0)
                        goto err;
                wr->length+=mac_size;
-                wr->input=p;
+                }
-                wr->data=p;
+        wr->input=p;
+        wr->data=p;
+        if (eivlen)
+                {
+        /*      if (RAND_pseudo_bytes(p, eivlen) <= 0)
+                        goto err; */
+                wr->length += eivlen;
                }
        /* ssl3_enc can only have an error on read */
@@ -1042,6 +1081,19 @@ start:
                        dest = s->s3->alert_fragment;
                        dest_len = &s->s3->alert_fragment_len;
                        }
+#ifndef OPENSSL_NO_HEARTBEATS
+                else if (rr->type == TLS1_RT_HEARTBEAT)
+                        {
+                        tls1_process_heartbeat(s);
+                        /* Exit and notify application to read again */
+                        rr->length = 0;
+                        s->rwstate=SSL_READING;
+                        BIO_clear_retry_flags(SSL_get_rbio(s));
+                        BIO_set_retry_read(SSL_get_rbio(s));
+                        return(-1);
+                        }
+#endif
                if (dest_maxlen > 0)
                        {
@@ -1185,6 +1237,10 @@ start:
                                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
                                goto f_err;
                                }
+#ifdef SSL_AD_MISSING_SRP_USERNAME
+                        if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+                                return(0);
+#endif
                        }
                else if (alert_level == 2) /* fatal */
                        {
@@ -1263,6 +1319,7 @@ start:
 #else
                        s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
 #endif
+                        s->renegotiate=1;
                        s->new_session=1;
                        }
                i=s->handshake_func(s);
@@ -1296,8 +1353,10 @@ start:
                {
        default:
 #ifndef OPENSSL_NO_TLS
-                /* TLS just ignores unknown message types */
+                /* TLS up to v1.1 just ignores unknown message types:
-                if (s->version == TLS1_VERSION)
+                 * TLS v1.2 give an unexpected message alert.
+                 */
+                if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
                        {
                        rr->length = 0;
                        goto start;
author	djm <>	2012-10-13 21:25:14 +0000
committer	djm <>	2012-10-13 21:25:14 +0000
commit	942650cdef05a877200cb7aff3a075935a5fd0cd (patch)
tree	281e0a29ae8f87a8c47fbd4deaa1f3d48b8cc5c1 /src/lib/libssl/s3_pkt.c
parent	37f091539f73e1650c83acd0c78677ef48c209a6 (diff)
download	openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.tar.gz openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.tar.bz2 openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.zip

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index f9b3629cf7..adf8c387cc 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c
@@ -115,6 +115,7 @@
115	#include "ssl_locl.h"	115	#include "ssl_locl.h"
116	#include <openssl/evp.h>	116	#include <openssl/evp.h>
117	#include <openssl/buffer.h>	117	#include <openssl/buffer.h>
		118	#include <openssl/rand.h>
118		119
119	static int do_ssl3_write(SSL s, int type, const unsigned char buf,	120	static int do_ssl3_write(SSL s, int type, const unsigned char buf,
120	unsigned int len, int create_empty_fragment);	121	unsigned int len, int create_empty_fragment);
@@ -630,6 +631,7 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
630	unsigned char p,plen;	631	unsigned char p,plen;
631	int i,mac_size,clear=0;	632	int i,mac_size,clear=0;
632	int prefix_len=0;	633	int prefix_len=0;
		634	int eivlen;
633	long align=0;	635	long align=0;
634	SSL3_RECORD *wr;	636	SSL3_RECORD *wr;
635	SSL3_BUFFER *wb=&(s->s3->wbuf);	637	SSL3_BUFFER *wb=&(s->s3->wbuf);
@@ -662,10 +664,14 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
662	if ( (sess == NULL) \|\|	664	if ( (sess == NULL) \|\|
663	(s->enc_write_ctx == NULL) \|\|	665	(s->enc_write_ctx == NULL) \|\|
664	(EVP_MD_CTX_md(s->write_hash) == NULL))	666	(EVP_MD_CTX_md(s->write_hash) == NULL))
		667	{
		668	#if 1
		669	clear=s->enc_write_ctx?0:1; /* must be AEAD cipher */
		670	#else
665	clear=1;	671	clear=1;
666		672	#endif
667	if (clear)
668	mac_size=0;	673	mac_size=0;
		674	}
669	else	675	else
670	{	676	{
671	mac_size=EVP_MD_CTX_size(s->write_hash);	677	mac_size=EVP_MD_CTX_size(s->write_hash);
@@ -734,14 +740,39 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
734	wr->type=type;	740	wr->type=type;
735		741
736	*(p++)=(s->version>>8);	742	*(p++)=(s->version>>8);
737	*(p++)=s->version&0xff;	743	/* Some servers hang if iniatial client hello is larger than 256
		744	* bytes and record version number > TLS 1.0
		745	*/
		746	if (s->state == SSL3_ST_CW_CLNT_HELLO_B
		747	&& TLS1_get_version(s) > TLS1_VERSION)
		748	*(p++) = 0x1;
		749	else
		750	*(p++)=s->version&0xff;
738		751
739	/* field where we are to write out packet length */	752	/* field where we are to write out packet length */
740	plen=p;	753	plen=p;
741	p+=2;	754	p+=2;
		755	/* Explicit IV length, block ciphers and TLS version 1.1 or later */
		756	if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
		757	{
		758	int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
		759	if (mode == EVP_CIPH_CBC_MODE)
		760	{
		761	eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
		762	if (eivlen <= 1)
		763	eivlen = 0;
		764	}
		765	/* Need explicit part of IV for GCM mode */
		766	else if (mode == EVP_CIPH_GCM_MODE)
		767	eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
		768	else
		769	eivlen = 0;
		770	}
		771	else
		772	eivlen = 0;
742		773
743	/* lets setup the record stuff. */	774	/* lets setup the record stuff. */
744	wr->data=p;	775	wr->data=p + eivlen;
745	wr->length=(int)len;	776	wr->length=(int)len;
746	wr->input=(unsigned char *)buf;	777	wr->input=(unsigned char *)buf;
747		778
@@ -769,11 +800,19 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
769		800
770	if (mac_size != 0)	801	if (mac_size != 0)
771	{	802	{
772	if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0)	803	if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0)
773	goto err;	804	goto err;
774	wr->length+=mac_size;	805	wr->length+=mac_size;
775	wr->input=p;	806	}
776	wr->data=p;	807
		808	wr->input=p;
		809	wr->data=p;
		810
		811	if (eivlen)
		812	{
		813	/* if (RAND_pseudo_bytes(p, eivlen) <= 0)
		814	goto err; */
		815	wr->length += eivlen;
777	}	816	}
778		817
779	/* ssl3_enc can only have an error on read */	818	/* ssl3_enc can only have an error on read */
@@ -1042,6 +1081,19 @@ start:
1042	dest = s->s3->alert_fragment;	1081	dest = s->s3->alert_fragment;
1043	dest_len = &s->s3->alert_fragment_len;	1082	dest_len = &s->s3->alert_fragment_len;
1044	}	1083	}
		1084	#ifndef OPENSSL_NO_HEARTBEATS
		1085	else if (rr->type == TLS1_RT_HEARTBEAT)
		1086	{
		1087	tls1_process_heartbeat(s);
		1088
		1089	/* Exit and notify application to read again */
		1090	rr->length = 0;
		1091	s->rwstate=SSL_READING;
		1092	BIO_clear_retry_flags(SSL_get_rbio(s));
		1093	BIO_set_retry_read(SSL_get_rbio(s));
		1094	return(-1);
		1095	}
		1096	#endif
1045		1097
1046	if (dest_maxlen > 0)	1098	if (dest_maxlen > 0)
1047	{	1099	{
@@ -1185,6 +1237,10 @@ start:
1185	SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);	1237	SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
1186	goto f_err;	1238	goto f_err;
1187	}	1239	}
		1240	#ifdef SSL_AD_MISSING_SRP_USERNAME
		1241	if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
		1242	return(0);
		1243	#endif
1188	}	1244	}
1189	else if (alert_level == 2) /* fatal */	1245	else if (alert_level == 2) /* fatal */
1190	{	1246	{
@@ -1263,6 +1319,7 @@ start:
1263	#else	1319	#else
1264	s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;	1320	s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1265	#endif	1321	#endif
		1322	s->renegotiate=1;
1266	s->new_session=1;	1323	s->new_session=1;
1267	}	1324	}
1268	i=s->handshake_func(s);	1325	i=s->handshake_func(s);
@@ -1296,8 +1353,10 @@ start:
1296	{	1353	{
1297	default:	1354	default:
1298	#ifndef OPENSSL_NO_TLS	1355	#ifndef OPENSSL_NO_TLS
1299	/* TLS just ignores unknown message types */	1356	/* TLS up to v1.1 just ignores unknown message types:
1300	if (s->version == TLS1_VERSION)	1357	* TLS v1.2 give an unexpected message alert.
		1358	*/
		1359	if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
1301	{	1360	{
1302	rr->length = 0;	1361	rr->length = 0;
1303	goto start;	1362	goto start;