diff options
| author | jsing <> | 2020-08-01 16:38:17 +0000 |
|---|---|---|
| committer | jsing <> | 2020-08-01 16:38:17 +0000 |
| commit | f687d8a359d0a472b6c9fc20fc47af1750e0c808 (patch) | |
| tree | 56d1a7c04a3474f2cd9595dd4d035b822d688319 /src/lib/libssl/ssl_pkt.c | |
| parent | 337cfcf46a9b6d390560440dfb631f10b7aa04b9 (diff) | |
| download | openbsd-f687d8a359d0a472b6c9fc20fc47af1750e0c808.tar.gz openbsd-f687d8a359d0a472b6c9fc20fc47af1750e0c808.tar.bz2 openbsd-f687d8a359d0a472b6c9fc20fc47af1750e0c808.zip | |
Pull record version selection code up and pass it as an argument to
ssl3_create_record().
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
| -rw-r--r-- | src/lib/libssl/ssl_pkt.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 02282778a2..5d12b40f28 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_pkt.c,v 1.25 2020/07/30 16:53:01 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_pkt.c,v 1.26 2020/08/01 16:38:17 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -617,13 +617,12 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
| 617 | } | 617 | } |
| 618 | 618 | ||
| 619 | static int | 619 | static int |
| 620 | ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf, | 620 | ssl3_create_record(SSL *s, unsigned char *p, uint16_t version, uint8_t type, |
| 621 | unsigned int len) | 621 | const unsigned char *buf, unsigned int len) |
| 622 | { | 622 | { |
| 623 | SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec); | 623 | SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec); |
| 624 | SSL_SESSION *sess = s->session; | 624 | SSL_SESSION *sess = s->session; |
| 625 | int eivlen, mac_size = 0; | 625 | int eivlen, mac_size = 0; |
| 626 | uint16_t version; | ||
| 627 | CBB cbb; | 626 | CBB cbb; |
| 628 | 627 | ||
| 629 | memset(&cbb, 0, sizeof(cbb)); | 628 | memset(&cbb, 0, sizeof(cbb)); |
| @@ -634,15 +633,6 @@ ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf, | |||
| 634 | goto err; | 633 | goto err; |
| 635 | } | 634 | } |
| 636 | 635 | ||
| 637 | /* | ||
| 638 | * Some servers hang if initial client hello is larger than 256 | ||
| 639 | * bytes and record version number > TLS 1.0. | ||
| 640 | */ | ||
| 641 | version = s->version; | ||
| 642 | if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && | ||
| 643 | TLS1_get_version(s) > TLS1_VERSION) | ||
| 644 | version = TLS1_VERSION; | ||
| 645 | |||
| 646 | if (!CBB_init_fixed(&cbb, p, SSL3_RT_HEADER_LENGTH)) | 636 | if (!CBB_init_fixed(&cbb, p, SSL3_RT_HEADER_LENGTH)) |
| 647 | goto err; | 637 | goto err; |
| 648 | 638 | ||
| @@ -733,6 +723,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 733 | unsigned char *p; | 723 | unsigned char *p; |
| 734 | int need_empty_fragment = 0; | 724 | int need_empty_fragment = 0; |
| 735 | int prefix_len = 0; | 725 | int prefix_len = 0; |
| 726 | uint16_t version; | ||
| 736 | size_t align; | 727 | size_t align; |
| 737 | int ret; | 728 | int ret; |
| 738 | 729 | ||
| @@ -763,6 +754,15 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 763 | return 0; | 754 | return 0; |
| 764 | 755 | ||
| 765 | /* | 756 | /* |
| 757 | * Some servers hang if initial client hello is larger than 256 | ||
| 758 | * bytes and record version number > TLS 1.0. | ||
| 759 | */ | ||
| 760 | version = s->version; | ||
| 761 | if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && | ||
| 762 | TLS1_get_version(s) > TLS1_VERSION) | ||
| 763 | version = TLS1_VERSION; | ||
| 764 | |||
| 765 | /* | ||
| 766 | * Countermeasure against known-IV weakness in CBC ciphersuites | 766 | * Countermeasure against known-IV weakness in CBC ciphersuites |
| 767 | * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this | 767 | * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this |
| 768 | * is unnecessary for AEAD. | 768 | * is unnecessary for AEAD. |
| @@ -789,7 +789,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 789 | wb->offset = align; | 789 | wb->offset = align; |
| 790 | 790 | ||
| 791 | if (need_empty_fragment) { | 791 | if (need_empty_fragment) { |
| 792 | if (!ssl3_create_record(s, p, type, buf, 0)) | 792 | if (!ssl3_create_record(s, p, version, type, buf, 0)) |
| 793 | goto err; | 793 | goto err; |
| 794 | 794 | ||
| 795 | prefix_len = wr->length; | 795 | prefix_len = wr->length; |
| @@ -804,7 +804,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 804 | S3I(s)->empty_fragment_done = 1; | 804 | S3I(s)->empty_fragment_done = 1; |
| 805 | } | 805 | } |
| 806 | 806 | ||
| 807 | if (!ssl3_create_record(s, p, type, buf, len)) | 807 | if (!ssl3_create_record(s, p, version, type, buf, len)) |
| 808 | goto err; | 808 | goto err; |
| 809 | 809 | ||
| 810 | wb->left = prefix_len + wr->length; | 810 | wb->left = prefix_len + wr->length; |