summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortedu <>2014-04-14 18:45:55 +0000
committertedu <>2014-04-14 18:45:55 +0000
commit95635d69892027aae43126c720bdf465c55b75b4 (patch)
treecf54816807c3e7c50d1a7df6ceac26ecda2c9f53 /src
parent4de5e966312f32adfcbfa844e67772602bb18ed6 (diff)
downloadopenbsd-95635d69892027aae43126c720bdf465c55b75b4.tar.gz
openbsd-95635d69892027aae43126c720bdf465c55b75b4.tar.bz2
openbsd-95635d69892027aae43126c720bdf465c55b75b4.zip
make OPENSSL_NO_HEARTBLEED the default and only option. ok deraadt miod
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_both.c153
-rw-r--r--src/lib/libssl/d1_clnt.c12
-rw-r--r--src/lib/libssl/d1_lib.c7
-rw-r--r--src/lib/libssl/d1_pkt.c12
-rw-r--r--src/lib/libssl/d1_srvr.c12
-rw-r--r--src/lib/libssl/s3_clnt.c11
-rw-r--r--src/lib/libssl/s3_lib.c21
-rw-r--r--src/lib/libssl/s3_pkt.c13
-rw-r--r--src/lib/libssl/s3_srvr.c11
-rw-r--r--src/lib/libssl/src/apps/s_cb.c20
-rw-r--r--src/lib/libssl/src/apps/s_client.c8
-rw-r--r--src/lib/libssl/src/apps/s_server.c11
-rw-r--r--src/lib/libssl/src/ssl/d1_both.c153
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c12
-rw-r--r--src/lib/libssl/src/ssl/d1_lib.c7
-rw-r--r--src/lib/libssl/src/ssl/d1_pkt.c12
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c12
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c11
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c21
-rw-r--r--src/lib/libssl/src/ssl/s3_pkt.c13
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c11
-rw-r--r--src/lib/libssl/src/ssl/ssl.h10
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h7
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c214
-rw-r--r--src/lib/libssl/src/ssl/tls1.h10
-rw-r--r--src/lib/libssl/ssl.h10
-rw-r--r--src/lib/libssl/ssl/Makefile4
-rw-r--r--src/lib/libssl/ssl_locl.h7
-rw-r--r--src/lib/libssl/t1_lib.c214
-rw-r--r--src/lib/libssl/tls1.h10
30 files changed, 2 insertions, 1027 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index c051e84874..6e51aa7f69 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1041,11 +1041,7 @@ dtls1_read_failed(SSL *s, int code)
1041 return code; 1041 return code;
1042 } 1042 }
1043 1043
1044#ifndef OPENSSL_NO_HEARTBEATS
1045 if (!SSL_in_init(s) && !s->tlsext_hb_pending) /* done, no need to send a retransmit */
1046#else
1047 if (!SSL_in_init(s)) /* done, no need to send a retransmit */ 1044 if (!SSL_in_init(s)) /* done, no need to send a retransmit */
1048#endif
1049 { 1045 {
1050 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); 1046 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
1051 return code; 1047 return code;
@@ -1386,152 +1382,3 @@ dtls1_shutdown(SSL *s)
1386#endif 1382#endif
1387 return ret; 1383 return ret;
1388} 1384}
1389
1390#ifndef OPENSSL_NO_HEARTBEATS
1391int
1392dtls1_process_heartbeat(SSL *s)
1393{
1394 unsigned char *p = &s->s3->rrec.data[0], *pl;
1395 unsigned short hbtype;
1396 unsigned int payload;
1397 unsigned int padding = 16; /* Use minimum padding */
1398
1399 if (s->msg_callback)
1400 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
1401 &s->s3->rrec.data[0], s->s3->rrec.length,
1402 s, s->msg_callback_arg);
1403
1404 /* Read type and payload length first */
1405 if (1 + 2 + 16 > s->s3->rrec.length)
1406 return 0; /* silently discard */
1407 hbtype = *p++;
1408 n2s(p, payload);
1409 if (1 + 2 + payload + 16 > s->s3->rrec.length)
1410 return 0; /* silently discard per RFC 6520 sec. 4 */
1411 pl = p;
1412
1413 if (hbtype == TLS1_HB_REQUEST) {
1414 unsigned char *buffer, *bp;
1415 unsigned int write_length = 1 /* heartbeat type */ +
1416 2 /* heartbeat length */ +
1417 payload + padding;
1418 int r;
1419
1420 if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
1421 return 0;
1422
1423 /* Allocate memory for the response, size is 1 byte
1424 * message type, plus 2 bytes payload length, plus
1425 * payload, plus padding
1426 */
1427 buffer = OPENSSL_malloc(write_length);
1428 bp = buffer;
1429
1430 /* Enter response type, length and copy payload */
1431 *bp++ = TLS1_HB_RESPONSE;
1432 s2n(payload, bp);
1433 memcpy(bp, pl, payload);
1434 bp += payload;
1435 /* Random padding */
1436 RAND_pseudo_bytes(bp, padding);
1437
1438 r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
1439
1440 if (r >= 0 && s->msg_callback)
1441 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1442 buffer, write_length,
1443 s, s->msg_callback_arg);
1444
1445 OPENSSL_free(buffer);
1446
1447 if (r < 0)
1448 return r;
1449 } else if (hbtype == TLS1_HB_RESPONSE) {
1450 unsigned int seq;
1451
1452 /* We only send sequence numbers (2 bytes unsigned int),
1453 * and 16 random bytes, so we just try to read the
1454 * sequence number */
1455 n2s(pl, seq);
1456
1457 if (payload == 18 && seq == s->tlsext_hb_seq) {
1458 dtls1_stop_timer(s);
1459 s->tlsext_hb_seq++;
1460 s->tlsext_hb_pending = 0;
1461 }
1462 }
1463
1464 return 0;
1465}
1466
1467int
1468dtls1_heartbeat(SSL *s)
1469{
1470 unsigned char *buf, *p;
1471 int ret;
1472 unsigned int payload = 18; /* Sequence number + random bytes */
1473 unsigned int padding = 16; /* Use minimum padding */
1474
1475 /* Only send if peer supports and accepts HB requests... */
1476 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
1477 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
1478 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
1479 return -1;
1480 }
1481
1482 /* ...and there is none in flight yet... */
1483 if (s->tlsext_hb_pending) {
1484 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
1485 return -1;
1486 }
1487
1488 /* ...and no handshake in progress. */
1489 if (SSL_in_init(s) || s->in_handshake) {
1490 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
1491 return -1;
1492 }
1493
1494 /* Check if padding is too long, payload and padding
1495 * must not exceed 2^14 - 3 = 16381 bytes in total.
1496 */
1497 OPENSSL_assert(payload + padding <= 16381);
1498
1499 /* Create HeartBeat message, we just use a sequence number
1500 * as payload to distuingish different messages and add
1501 * some random stuff.
1502 * - Message Type, 1 byte
1503 * - Payload Length, 2 bytes (unsigned int)
1504 * - Payload, the sequence number (2 bytes uint)
1505 * - Payload, random bytes (16 bytes uint)
1506 * - Padding
1507 */
1508 buf = OPENSSL_malloc(1 + 2 + payload + padding);
1509 p = buf;
1510 /* Message Type */
1511 *p++ = TLS1_HB_REQUEST;
1512 /* Payload length (18 bytes here) */
1513 s2n(payload, p);
1514 /* Sequence number */
1515 s2n(s->tlsext_hb_seq, p);
1516 /* 16 random bytes */
1517 RAND_pseudo_bytes(p, 16);
1518 p += 16;
1519 /* Random padding */
1520 RAND_pseudo_bytes(p, padding);
1521
1522 ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
1523 if (ret >= 0) {
1524 if (s->msg_callback)
1525 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1526 buf, 3 + payload + padding,
1527 s, s->msg_callback_arg);
1528
1529 dtls1_start_timer(s);
1530 s->tlsext_hb_pending = 1;
1531 }
1532
1533 OPENSSL_free(buf);
1534
1535 return ret;
1536}
1537#endif
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 4c6aac7536..1b7cbaec15 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -176,18 +176,6 @@ dtls1_connect(SSL *s)
176 s->in_handshake, NULL); 176 s->in_handshake, NULL);
177#endif 177#endif
178 178
179#ifndef OPENSSL_NO_HEARTBEATS
180 /* If we're awaiting a HeartbeatResponse, pretend we
181 * already got and don't await it anymore, because
182 * Heartbeats don't make sense during handshakes anyway.
183 */
184 if (s->tlsext_hb_pending) {
185 dtls1_stop_timer(s);
186 s->tlsext_hb_pending = 0;
187 s->tlsext_hb_seq++;
188 }
189#endif
190
191 for (;;) { 179 for (;;) {
192 state = s->state; 180 state = s->state;
193 181
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 3da7c36545..73c44c807a 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -433,13 +433,6 @@ dtls1_handle_timeout(SSL *s)
433 s->d1->timeout.read_timeouts = 1; 433 s->d1->timeout.read_timeouts = 1;
434 } 434 }
435 435
436#ifndef OPENSSL_NO_HEARTBEATS
437 if (s->tlsext_hb_pending) {
438 s->tlsext_hb_pending = 0;
439 return dtls1_heartbeat(s);
440 }
441#endif
442
443 dtls1_start_timer(s); 436 dtls1_start_timer(s);
444 return dtls1_retransmit_buffered_messages(s); 437 return dtls1_retransmit_buffered_messages(s);
445} 438}
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 30fe8460fb..830dc2d2d0 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -937,18 +937,6 @@ start:
937 dest = s->d1->alert_fragment; 937 dest = s->d1->alert_fragment;
938 dest_len = &s->d1->alert_fragment_len; 938 dest_len = &s->d1->alert_fragment_len;
939 } 939 }
940#ifndef OPENSSL_NO_HEARTBEATS
941 else if (rr->type == TLS1_RT_HEARTBEAT) {
942 dtls1_process_heartbeat(s);
943
944 /* Exit and notify application to read again */
945 rr->length = 0;
946 s->rwstate = SSL_READING;
947 BIO_clear_retry_flags(SSL_get_rbio(s));
948 BIO_set_retry_read(SSL_get_rbio(s));
949 return (-1);
950 }
951#endif
952 /* else it's a CCS message, or application data or wrong */ 940 /* else it's a CCS message, or application data or wrong */
953 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) { 941 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
954 /* Application data while renegotiating 942 /* Application data while renegotiating
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 164fcfbf1f..47a0c0e2a2 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -185,18 +185,6 @@ dtls1_accept(SSL *s)
185 return (-1); 185 return (-1);
186 } 186 }
187 187
188#ifndef OPENSSL_NO_HEARTBEATS
189 /* If we're awaiting a HeartbeatResponse, pretend we
190 * already got and don't await it anymore, because
191 * Heartbeats don't make sense during handshakes anyway.
192 */
193 if (s->tlsext_hb_pending) {
194 dtls1_stop_timer(s);
195 s->tlsext_hb_pending = 0;
196 s->tlsext_hb_seq++;
197 }
198#endif
199
200 for (;;) { 188 for (;;) {
201 state = s->state; 189 state = s->state;
202 190
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 4ad8d3943e..c1460266fe 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -202,17 +202,6 @@ ssl3_connect(SSL *s)
202 if (!SSL_in_init(s) || SSL_in_before(s)) 202 if (!SSL_in_init(s) || SSL_in_before(s))
203 SSL_clear(s); 203 SSL_clear(s);
204 204
205#ifndef OPENSSL_NO_HEARTBEATS
206 /* If we're awaiting a HeartbeatResponse, pretend we
207 * already got and don't await it anymore, because
208 * Heartbeats don't make sense during handshakes anyway.
209 */
210 if (s->tlsext_hb_pending) {
211 s->tlsext_hb_pending = 0;
212 s->tlsext_hb_seq++;
213 }
214#endif
215
216 for (;;) { 205 for (;;) {
217 state = s->state; 206 state = s->state;
218 207
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 926071fffa..68a4b8ca2d 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -3319,27 +3319,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3319 ret = 1; 3319 ret = 1;
3320 break; 3320 break;
3321 3321
3322#ifndef OPENSSL_NO_HEARTBEATS
3323 case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3324 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
3325 ret = dtls1_heartbeat(s);
3326 else
3327 ret = tls1_heartbeat(s);
3328 break;
3329
3330 case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3331 ret = s->tlsext_hb_pending;
3332 break;
3333
3334 case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3335 if (larg)
3336 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3337 else
3338 s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3339 ret = 1;
3340 break;
3341#endif
3342
3343#endif /* !OPENSSL_NO_TLSEXT */ 3322#endif /* !OPENSSL_NO_TLSEXT */
3344 default: 3323 default:
3345 break; 3324 break;
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 6c677d9f6b..70e6acad4f 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1022,19 +1022,6 @@ start:
1022 dest = s->s3->alert_fragment; 1022 dest = s->s3->alert_fragment;
1023 dest_len = &s->s3->alert_fragment_len; 1023 dest_len = &s->s3->alert_fragment_len;
1024 } 1024 }
1025#ifndef OPENSSL_NO_HEARTBEATS
1026 else if (rr->type == TLS1_RT_HEARTBEAT) {
1027 tls1_process_heartbeat(s);
1028
1029 /* Exit and notify application to read again */
1030 rr->length = 0;
1031 s->rwstate = SSL_READING;
1032 BIO_clear_retry_flags(SSL_get_rbio(s));
1033 BIO_set_retry_read(SSL_get_rbio(s));
1034 return (-1);
1035 }
1036#endif
1037
1038 if (dest_maxlen > 0) { 1025 if (dest_maxlen > 0) {
1039 n = dest_maxlen - *dest_len; /* available space in 'dest' */ 1026 n = dest_maxlen - *dest_len; /* available space in 'dest' */
1040 if (rr->length < n) 1027 if (rr->length < n)
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 14066031ca..1f0afc2353 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -233,17 +233,6 @@ ssl3_accept(SSL *s)
233 return (-1); 233 return (-1);
234 } 234 }
235 235
236#ifndef OPENSSL_NO_HEARTBEATS
237 /* If we're awaiting a HeartbeatResponse, pretend we
238 * already got and don't await it anymore, because
239 * Heartbeats don't make sense during handshakes anyway.
240 */
241 if (s->tlsext_hb_pending) {
242 s->tlsext_hb_pending = 0;
243 s->tlsext_hb_seq++;
244 }
245#endif
246
247 for (;;) { 236 for (;;) {
248 state = s->state; 237 state = s->state;
249 238
diff --git a/src/lib/libssl/src/apps/s_cb.c b/src/lib/libssl/src/apps/s_cb.c
index 4e9b733543..1d6a5183c4 100644
--- a/src/lib/libssl/src/apps/s_cb.c
+++ b/src/lib/libssl/src/apps/s_cb.c
@@ -608,26 +608,6 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, size_t
608 } 608 }
609 } 609 }
610 } 610 }
611
612#ifndef OPENSSL_NO_HEARTBEATS
613 if (content_type == 24) /* Heartbeat */
614 {
615 str_details1 = ", Heartbeat";
616
617 if (len > 0)
618 {
619 switch (((const unsigned char*)buf)[0])
620 {
621 case 1:
622 str_details1 = ", HeartbeatRequest";
623 break;
624 case 2:
625 str_details1 = ", HeartbeatResponse";
626 break;
627 }
628 }
629 }
630#endif
631 } 611 }
632 612
633 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2); 613 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index f7885ad21d..78566a595e 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -1881,14 +1881,6 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
1881 SSL_renegotiate(con); 1881 SSL_renegotiate(con);
1882 cbuf_len=0; 1882 cbuf_len=0;
1883 } 1883 }
1884#ifndef OPENSSL_NO_HEARTBEATS
1885 else if ((!c_ign_eof) && (cbuf[0] == 'B'))
1886 {
1887 BIO_printf(bio_err,"HEARTBEATING\n");
1888 SSL_heartbeat(con);
1889 cbuf_len=0;
1890 }
1891#endif
1892 else 1884 else
1893 { 1885 {
1894 cbuf_len=i; 1886 cbuf_len=i;
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 15070a44c1..53da15da23 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -2199,17 +2199,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
2199 ret= -11;*/ 2199 ret= -11;*/
2200 goto err; 2200 goto err;
2201 } 2201 }
2202
2203#ifndef OPENSSL_NO_HEARTBEATS
2204 if ((buf[0] == 'B') &&
2205 ((buf[1] == '\n') || (buf[1] == '\r')))
2206 {
2207 BIO_printf(bio_err,"HEARTBEATING\n");
2208 SSL_heartbeat(con);
2209 i=0;
2210 continue;
2211 }
2212#endif
2213 if ((buf[0] == 'r') && 2202 if ((buf[0] == 'r') &&
2214 ((buf[1] == '\n') || (buf[1] == '\r'))) 2203 ((buf[1] == '\n') || (buf[1] == '\r')))
2215 { 2204 {
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index c051e84874..6e51aa7f69 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -1041,11 +1041,7 @@ dtls1_read_failed(SSL *s, int code)
1041 return code; 1041 return code;
1042 } 1042 }
1043 1043
1044#ifndef OPENSSL_NO_HEARTBEATS
1045 if (!SSL_in_init(s) && !s->tlsext_hb_pending) /* done, no need to send a retransmit */
1046#else
1047 if (!SSL_in_init(s)) /* done, no need to send a retransmit */ 1044 if (!SSL_in_init(s)) /* done, no need to send a retransmit */
1048#endif
1049 { 1045 {
1050 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); 1046 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
1051 return code; 1047 return code;
@@ -1386,152 +1382,3 @@ dtls1_shutdown(SSL *s)
1386#endif 1382#endif
1387 return ret; 1383 return ret;
1388} 1384}
1389
1390#ifndef OPENSSL_NO_HEARTBEATS
1391int
1392dtls1_process_heartbeat(SSL *s)
1393{
1394 unsigned char *p = &s->s3->rrec.data[0], *pl;
1395 unsigned short hbtype;
1396 unsigned int payload;
1397 unsigned int padding = 16; /* Use minimum padding */
1398
1399 if (s->msg_callback)
1400 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
1401 &s->s3->rrec.data[0], s->s3->rrec.length,
1402 s, s->msg_callback_arg);
1403
1404 /* Read type and payload length first */
1405 if (1 + 2 + 16 > s->s3->rrec.length)
1406 return 0; /* silently discard */
1407 hbtype = *p++;
1408 n2s(p, payload);
1409 if (1 + 2 + payload + 16 > s->s3->rrec.length)
1410 return 0; /* silently discard per RFC 6520 sec. 4 */
1411 pl = p;
1412
1413 if (hbtype == TLS1_HB_REQUEST) {
1414 unsigned char *buffer, *bp;
1415 unsigned int write_length = 1 /* heartbeat type */ +
1416 2 /* heartbeat length */ +
1417 payload + padding;
1418 int r;
1419
1420 if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
1421 return 0;
1422
1423 /* Allocate memory for the response, size is 1 byte
1424 * message type, plus 2 bytes payload length, plus
1425 * payload, plus padding
1426 */
1427 buffer = OPENSSL_malloc(write_length);
1428 bp = buffer;
1429
1430 /* Enter response type, length and copy payload */
1431 *bp++ = TLS1_HB_RESPONSE;
1432 s2n(payload, bp);
1433 memcpy(bp, pl, payload);
1434 bp += payload;
1435 /* Random padding */
1436 RAND_pseudo_bytes(bp, padding);
1437
1438 r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
1439
1440 if (r >= 0 && s->msg_callback)
1441 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1442 buffer, write_length,
1443 s, s->msg_callback_arg);
1444
1445 OPENSSL_free(buffer);
1446
1447 if (r < 0)
1448 return r;
1449 } else if (hbtype == TLS1_HB_RESPONSE) {
1450 unsigned int seq;
1451
1452 /* We only send sequence numbers (2 bytes unsigned int),
1453 * and 16 random bytes, so we just try to read the
1454 * sequence number */
1455 n2s(pl, seq);
1456
1457 if (payload == 18 && seq == s->tlsext_hb_seq) {
1458 dtls1_stop_timer(s);
1459 s->tlsext_hb_seq++;
1460 s->tlsext_hb_pending = 0;
1461 }
1462 }
1463
1464 return 0;
1465}
1466
1467int
1468dtls1_heartbeat(SSL *s)
1469{
1470 unsigned char *buf, *p;
1471 int ret;
1472 unsigned int payload = 18; /* Sequence number + random bytes */
1473 unsigned int padding = 16; /* Use minimum padding */
1474
1475 /* Only send if peer supports and accepts HB requests... */
1476 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
1477 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
1478 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
1479 return -1;
1480 }
1481
1482 /* ...and there is none in flight yet... */
1483 if (s->tlsext_hb_pending) {
1484 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
1485 return -1;
1486 }
1487
1488 /* ...and no handshake in progress. */
1489 if (SSL_in_init(s) || s->in_handshake) {
1490 SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
1491 return -1;
1492 }
1493
1494 /* Check if padding is too long, payload and padding
1495 * must not exceed 2^14 - 3 = 16381 bytes in total.
1496 */
1497 OPENSSL_assert(payload + padding <= 16381);
1498
1499 /* Create HeartBeat message, we just use a sequence number
1500 * as payload to distuingish different messages and add
1501 * some random stuff.
1502 * - Message Type, 1 byte
1503 * - Payload Length, 2 bytes (unsigned int)
1504 * - Payload, the sequence number (2 bytes uint)
1505 * - Payload, random bytes (16 bytes uint)
1506 * - Padding
1507 */
1508 buf = OPENSSL_malloc(1 + 2 + payload + padding);
1509 p = buf;
1510 /* Message Type */
1511 *p++ = TLS1_HB_REQUEST;
1512 /* Payload length (18 bytes here) */
1513 s2n(payload, p);
1514 /* Sequence number */
1515 s2n(s->tlsext_hb_seq, p);
1516 /* 16 random bytes */
1517 RAND_pseudo_bytes(p, 16);
1518 p += 16;
1519 /* Random padding */
1520 RAND_pseudo_bytes(p, padding);
1521
1522 ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
1523 if (ret >= 0) {
1524 if (s->msg_callback)
1525 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1526 buf, 3 + payload + padding,
1527 s, s->msg_callback_arg);
1528
1529 dtls1_start_timer(s);
1530 s->tlsext_hb_pending = 1;
1531 }
1532
1533 OPENSSL_free(buf);
1534
1535 return ret;
1536}
1537#endif
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 4c6aac7536..1b7cbaec15 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -176,18 +176,6 @@ dtls1_connect(SSL *s)
176 s->in_handshake, NULL); 176 s->in_handshake, NULL);
177#endif 177#endif
178 178
179#ifndef OPENSSL_NO_HEARTBEATS
180 /* If we're awaiting a HeartbeatResponse, pretend we
181 * already got and don't await it anymore, because
182 * Heartbeats don't make sense during handshakes anyway.
183 */
184 if (s->tlsext_hb_pending) {
185 dtls1_stop_timer(s);
186 s->tlsext_hb_pending = 0;
187 s->tlsext_hb_seq++;
188 }
189#endif
190
191 for (;;) { 179 for (;;) {
192 state = s->state; 180 state = s->state;
193 181
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c
index 3da7c36545..73c44c807a 100644
--- a/src/lib/libssl/src/ssl/d1_lib.c
+++ b/src/lib/libssl/src/ssl/d1_lib.c
@@ -433,13 +433,6 @@ dtls1_handle_timeout(SSL *s)
433 s->d1->timeout.read_timeouts = 1; 433 s->d1->timeout.read_timeouts = 1;
434 } 434 }
435 435
436#ifndef OPENSSL_NO_HEARTBEATS
437 if (s->tlsext_hb_pending) {
438 s->tlsext_hb_pending = 0;
439 return dtls1_heartbeat(s);
440 }
441#endif
442
443 dtls1_start_timer(s); 436 dtls1_start_timer(s);
444 return dtls1_retransmit_buffered_messages(s); 437 return dtls1_retransmit_buffered_messages(s);
445} 438}
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index 30fe8460fb..830dc2d2d0 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -937,18 +937,6 @@ start:
937 dest = s->d1->alert_fragment; 937 dest = s->d1->alert_fragment;
938 dest_len = &s->d1->alert_fragment_len; 938 dest_len = &s->d1->alert_fragment_len;
939 } 939 }
940#ifndef OPENSSL_NO_HEARTBEATS
941 else if (rr->type == TLS1_RT_HEARTBEAT) {
942 dtls1_process_heartbeat(s);
943
944 /* Exit and notify application to read again */
945 rr->length = 0;
946 s->rwstate = SSL_READING;
947 BIO_clear_retry_flags(SSL_get_rbio(s));
948 BIO_set_retry_read(SSL_get_rbio(s));
949 return (-1);
950 }
951#endif
952 /* else it's a CCS message, or application data or wrong */ 940 /* else it's a CCS message, or application data or wrong */
953 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) { 941 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
954 /* Application data while renegotiating 942 /* Application data while renegotiating
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 164fcfbf1f..47a0c0e2a2 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -185,18 +185,6 @@ dtls1_accept(SSL *s)
185 return (-1); 185 return (-1);
186 } 186 }
187 187
188#ifndef OPENSSL_NO_HEARTBEATS
189 /* If we're awaiting a HeartbeatResponse, pretend we
190 * already got and don't await it anymore, because
191 * Heartbeats don't make sense during handshakes anyway.
192 */
193 if (s->tlsext_hb_pending) {
194 dtls1_stop_timer(s);
195 s->tlsext_hb_pending = 0;
196 s->tlsext_hb_seq++;
197 }
198#endif
199
200 for (;;) { 188 for (;;) {
201 state = s->state; 189 state = s->state;
202 190
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 4ad8d3943e..c1460266fe 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -202,17 +202,6 @@ ssl3_connect(SSL *s)
202 if (!SSL_in_init(s) || SSL_in_before(s)) 202 if (!SSL_in_init(s) || SSL_in_before(s))
203 SSL_clear(s); 203 SSL_clear(s);
204 204
205#ifndef OPENSSL_NO_HEARTBEATS
206 /* If we're awaiting a HeartbeatResponse, pretend we
207 * already got and don't await it anymore, because
208 * Heartbeats don't make sense during handshakes anyway.
209 */
210 if (s->tlsext_hb_pending) {
211 s->tlsext_hb_pending = 0;
212 s->tlsext_hb_seq++;
213 }
214#endif
215
216 for (;;) { 205 for (;;) {
217 state = s->state; 206 state = s->state;
218 207
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 926071fffa..68a4b8ca2d 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -3319,27 +3319,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3319 ret = 1; 3319 ret = 1;
3320 break; 3320 break;
3321 3321
3322#ifndef OPENSSL_NO_HEARTBEATS
3323 case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3324 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
3325 ret = dtls1_heartbeat(s);
3326 else
3327 ret = tls1_heartbeat(s);
3328 break;
3329
3330 case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3331 ret = s->tlsext_hb_pending;
3332 break;
3333
3334 case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3335 if (larg)
3336 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3337 else
3338 s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3339 ret = 1;
3340 break;
3341#endif
3342
3343#endif /* !OPENSSL_NO_TLSEXT */ 3322#endif /* !OPENSSL_NO_TLSEXT */
3344 default: 3323 default:
3345 break; 3324 break;
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index 6c677d9f6b..70e6acad4f 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -1022,19 +1022,6 @@ start:
1022 dest = s->s3->alert_fragment; 1022 dest = s->s3->alert_fragment;
1023 dest_len = &s->s3->alert_fragment_len; 1023 dest_len = &s->s3->alert_fragment_len;
1024 } 1024 }
1025#ifndef OPENSSL_NO_HEARTBEATS
1026 else if (rr->type == TLS1_RT_HEARTBEAT) {
1027 tls1_process_heartbeat(s);
1028
1029 /* Exit and notify application to read again */
1030 rr->length = 0;
1031 s->rwstate = SSL_READING;
1032 BIO_clear_retry_flags(SSL_get_rbio(s));
1033 BIO_set_retry_read(SSL_get_rbio(s));
1034 return (-1);
1035 }
1036#endif
1037
1038 if (dest_maxlen > 0) { 1025 if (dest_maxlen > 0) {
1039 n = dest_maxlen - *dest_len; /* available space in 'dest' */ 1026 n = dest_maxlen - *dest_len; /* available space in 'dest' */
1040 if (rr->length < n) 1027 if (rr->length < n)
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 14066031ca..1f0afc2353 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -233,17 +233,6 @@ ssl3_accept(SSL *s)
233 return (-1); 233 return (-1);
234 } 234 }
235 235
236#ifndef OPENSSL_NO_HEARTBEATS
237 /* If we're awaiting a HeartbeatResponse, pretend we
238 * already got and don't await it anymore, because
239 * Heartbeats don't make sense during handshakes anyway.
240 */
241 if (s->tlsext_hb_pending) {
242 s->tlsext_hb_pending = 0;
243 s->tlsext_hb_seq++;
244 }
245#endif
246
247 for (;;) { 236 for (;;) {
248 state = s->state; 237 state = s->state;
249 238
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index f524d0d80c..bf4b2f2cb6 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -684,11 +684,6 @@ struct ssl_session_st
684#define SSL_get_secure_renegotiation_support(ssl) \ 684#define SSL_get_secure_renegotiation_support(ssl) \
685 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) 685 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
686 686
687#ifndef OPENSSL_NO_HEARTBEATS
688#define SSL_heartbeat(ssl) \
689 SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
690#endif
691
692void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 687void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
693void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 688void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
694#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 689#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
@@ -1595,11 +1590,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1595#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 1590#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
1596#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 1591#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
1597#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 1592#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
1598#ifndef OPENSSL_NO_HEARTBEATS
1599#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85
1600#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
1601#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
1602#endif
1603#endif 1593#endif
1604 1594
1605#define DTLS_CTRL_GET_TIMEOUT 73 1595#define DTLS_CTRL_GET_TIMEOUT 73
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 42271d634f..7311d984ae 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1108,13 +1108,6 @@ int ssl_check_clienthello_tlsext_early(SSL *s);
1108int ssl_check_clienthello_tlsext_late(SSL *s); 1108int ssl_check_clienthello_tlsext_late(SSL *s);
1109int ssl_check_serverhello_tlsext(SSL *s); 1109int ssl_check_serverhello_tlsext(SSL *s);
1110 1110
1111#ifndef OPENSSL_NO_HEARTBEATS
1112int tls1_heartbeat(SSL *s);
1113int dtls1_heartbeat(SSL *s);
1114int tls1_process_heartbeat(SSL *s);
1115int dtls1_process_heartbeat(SSL *s);
1116#endif
1117
1118#ifdef OPENSSL_NO_SHA256 1111#ifdef OPENSSL_NO_SHA256
1119#define tlsext_tick_md EVP_sha1 1112#define tlsext_tick_md EVP_sha1
1120#else 1113#else
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 08f7a444ad..8796651806 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -615,20 +615,6 @@ unsigned char
615 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); 615 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
616 } 616 }
617 617
618#ifndef OPENSSL_NO_HEARTBEATS
619 /* Add Heartbeat extension */
620 s2n(TLSEXT_TYPE_heartbeat, ret);
621 s2n(1, ret);
622 /* Set mode:
623 * 1: peer may send requests
624 * 2: peer not allowed to send requests
625 */
626 if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
627 *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
628 else
629 *(ret++) = SSL_TLSEXT_HB_ENABLED;
630#endif
631
632#ifndef OPENSSL_NO_NEXTPROTONEG 618#ifndef OPENSSL_NO_NEXTPROTONEG
633 if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { 619 if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
634 /* The client advertises an emtpy extension to indicate its 620 /* The client advertises an emtpy extension to indicate its
@@ -838,23 +824,6 @@ unsigned char
838 ret += 36; 824 ret += 36;
839 } 825 }
840 826
841#ifndef OPENSSL_NO_HEARTBEATS
842 /* Add Heartbeat extension if we've received one */
843 if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) {
844 s2n(TLSEXT_TYPE_heartbeat, ret);
845 s2n(1, ret);
846 /* Set mode:
847 * 1: peer may send requests
848 * 2: peer not allowed to send requests
849 */
850 if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
851 *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
852 else
853 *(ret++) = SSL_TLSEXT_HB_ENABLED;
854
855 }
856#endif
857
858#ifndef OPENSSL_NO_NEXTPROTONEG 827#ifndef OPENSSL_NO_NEXTPROTONEG
859 next_proto_neg_seen = s->s3->next_proto_neg_seen; 828 next_proto_neg_seen = s->s3->next_proto_neg_seen;
860 s->s3->next_proto_neg_seen = 0; 829 s->s3->next_proto_neg_seen = 0;
@@ -980,11 +949,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
980 s->s3->next_proto_neg_seen = 0; 949 s->s3->next_proto_neg_seen = 0;
981#endif 950#endif
982 951
983#ifndef OPENSSL_NO_HEARTBEATS
984 s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
985 SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
986#endif
987
988#ifndef OPENSSL_NO_EC 952#ifndef OPENSSL_NO_EC
989 if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) 953 if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
990 ssl_check_for_safari(s, data, d, n); 954 ssl_check_for_safari(s, data, d, n);
@@ -1342,22 +1306,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1342 else 1306 else
1343 s->tlsext_status_type = -1; 1307 s->tlsext_status_type = -1;
1344 } 1308 }
1345#ifndef OPENSSL_NO_HEARTBEATS
1346 else if (type == TLSEXT_TYPE_heartbeat) {
1347 switch (data[0]) {
1348 case 0x01: /* Client allows us to send HB requests */
1349 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1350 break;
1351 case 0x02: /* Client doesn't accept HB requests */
1352 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1353 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
1354 break;
1355 default:
1356 *al = SSL_AD_ILLEGAL_PARAMETER;
1357 return 0;
1358 }
1359 }
1360#endif
1361#ifndef OPENSSL_NO_NEXTPROTONEG 1309#ifndef OPENSSL_NO_NEXTPROTONEG
1362 else if (type == TLSEXT_TYPE_next_proto_neg && 1310 else if (type == TLSEXT_TYPE_next_proto_neg &&
1363 s->s3->tmp.finish_md_len == 0) { 1311 s->s3->tmp.finish_md_len == 0) {
@@ -1443,11 +1391,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
1443 s->s3->next_proto_neg_seen = 0; 1391 s->s3->next_proto_neg_seen = 0;
1444#endif 1392#endif
1445 1393
1446#ifndef OPENSSL_NO_HEARTBEATS
1447 s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
1448 SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
1449#endif
1450
1451 if (data >= (d + n - 2)) 1394 if (data >= (d + n - 2))
1452 goto ri_check; 1395 goto ri_check;
1453 1396
@@ -1595,22 +1538,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
1595 return 0; 1538 return 0;
1596 renegotiate_seen = 1; 1539 renegotiate_seen = 1;
1597 } 1540 }
1598#ifndef OPENSSL_NO_HEARTBEATS
1599 else if (type == TLSEXT_TYPE_heartbeat) {
1600 switch (data[0]) {
1601 case 0x01: /* Server allows us to send HB requests */
1602 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1603 break;
1604 case 0x02: /* Server doesn't accept HB requests */
1605 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1606 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
1607 break;
1608 default:
1609 *al = SSL_AD_ILLEGAL_PARAMETER;
1610 return 0;
1611 }
1612 }
1613#endif
1614#ifndef OPENSSL_NO_SRTP 1541#ifndef OPENSSL_NO_SRTP
1615 else if (type == TLSEXT_TYPE_use_srtp) { 1542 else if (type == TLSEXT_TYPE_use_srtp) {
1616 if (ssl_parse_serverhello_use_srtp_ext(s, data, size, 1543 if (ssl_parse_serverhello_use_srtp_ext(s, data, size,
@@ -2454,144 +2381,3 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2454} 2381}
2455 2382
2456#endif 2383#endif
2457
2458#ifndef OPENSSL_NO_HEARTBEATS
2459int
2460tls1_process_heartbeat(SSL *s)
2461{
2462 unsigned char *p = &s->s3->rrec.data[0], *pl;
2463 unsigned short hbtype;
2464 unsigned int payload;
2465 unsigned int padding = 16; /* Use minimum padding */
2466
2467 if (s->msg_callback)
2468 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
2469 &s->s3->rrec.data[0], s->s3->rrec.length,
2470 s, s->msg_callback_arg);
2471
2472 /* Read type and payload length first */
2473 if (1 + 2 + 16 > s->s3->rrec.length)
2474 return 0; /* silently discard */
2475 hbtype = *p++;
2476 n2s(p, payload);
2477 if (1 + 2 + payload + 16 > s->s3->rrec.length)
2478 return 0; /* silently discard per RFC 6520 sec. 4 */
2479 pl = p;
2480
2481 if (hbtype == TLS1_HB_REQUEST) {
2482 unsigned char *buffer, *bp;
2483 int r;
2484
2485 /* Allocate memory for the response, size is 1 bytes
2486 * message type, plus 2 bytes payload length, plus
2487 * payload, plus padding
2488 */
2489 buffer = OPENSSL_malloc(1 + 2 + payload + padding);
2490 bp = buffer;
2491
2492 /* Enter response type, length and copy payload */
2493 *bp++ = TLS1_HB_RESPONSE;
2494 s2n(payload, bp);
2495 memcpy(bp, pl, payload);
2496 bp += payload;
2497 /* Random padding */
2498 RAND_pseudo_bytes(bp, padding);
2499
2500 r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
2501
2502 if (r >= 0 && s->msg_callback)
2503 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
2504 buffer, 3 + payload + padding,
2505 s, s->msg_callback_arg);
2506
2507 OPENSSL_free(buffer);
2508
2509 if (r < 0)
2510 return r;
2511 } else if (hbtype == TLS1_HB_RESPONSE) {
2512 unsigned int seq;
2513
2514 /* We only send sequence numbers (2 bytes unsigned int),
2515 * and 16 random bytes, so we just try to read the
2516 * sequence number */
2517 n2s(pl, seq);
2518
2519 if (payload == 18 && seq == s->tlsext_hb_seq) {
2520 s->tlsext_hb_seq++;
2521 s->tlsext_hb_pending = 0;
2522 }
2523 }
2524
2525 return 0;
2526}
2527
2528int
2529tls1_heartbeat(SSL *s)
2530{
2531 unsigned char *buf, *p;
2532 int ret;
2533 unsigned int payload = 18; /* Sequence number + random bytes */
2534 unsigned int padding = 16; /* Use minimum padding */
2535
2536 /* Only send if peer supports and accepts HB requests... */
2537 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
2538 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
2539 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
2540 return -1;
2541 }
2542
2543 /* ...and there is none in flight yet... */
2544 if (s->tlsext_hb_pending) {
2545 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
2546 return -1;
2547 }
2548
2549 /* ...and no handshake in progress. */
2550 if (SSL_in_init(s) || s->in_handshake) {
2551 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
2552 return -1;
2553 }
2554
2555 /* Check if padding is too long, payload and padding
2556 * must not exceed 2^14 - 3 = 16381 bytes in total.
2557 */
2558 OPENSSL_assert(payload + padding <= 16381);
2559
2560 /* Create HeartBeat message, we just use a sequence number
2561 * as payload to distuingish different messages and add
2562 * some random stuff.
2563 * - Message Type, 1 byte
2564 * - Payload Length, 2 bytes (unsigned int)
2565 * - Payload, the sequence number (2 bytes uint)
2566 * - Payload, random bytes (16 bytes uint)
2567 * - Padding
2568 */
2569 buf = OPENSSL_malloc(1 + 2 + payload + padding);
2570 p = buf;
2571 /* Message Type */
2572 *p++ = TLS1_HB_REQUEST;
2573 /* Payload length (18 bytes here) */
2574 s2n(payload, p);
2575 /* Sequence number */
2576 s2n(s->tlsext_hb_seq, p);
2577 /* 16 random bytes */
2578 RAND_pseudo_bytes(p, 16);
2579 p += 16;
2580 /* Random padding */
2581 RAND_pseudo_bytes(p, padding);
2582
2583 ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
2584 if (ret >= 0) {
2585 if (s->msg_callback)
2586 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
2587 buf, 3 + payload + padding,
2588 s, s->msg_callback_arg);
2589
2590 s->tlsext_hb_pending = 1;
2591 }
2592
2593 OPENSSL_free(buf);
2594
2595 return ret;
2596}
2597#endif
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h
index c992091e30..7e35f13849 100644
--- a/src/lib/libssl/src/ssl/tls1.h
+++ b/src/lib/libssl/src/ssl/tls1.h
@@ -360,16 +360,6 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
360#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ 360#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
361SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) 361SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
362 362
363#ifndef OPENSSL_NO_HEARTBEATS
364#define SSL_TLSEXT_HB_ENABLED 0x01
365#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02
366#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04
367
368#define SSL_get_tlsext_heartbeat_pending(ssl) \
369 SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
370#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
371 SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
372#endif
373#endif 363#endif
374 364
375/* PSK ciphersuites from 4279 */ 365/* PSK ciphersuites from 4279 */
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index f524d0d80c..bf4b2f2cb6 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -684,11 +684,6 @@ struct ssl_session_st
684#define SSL_get_secure_renegotiation_support(ssl) \ 684#define SSL_get_secure_renegotiation_support(ssl) \
685 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) 685 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
686 686
687#ifndef OPENSSL_NO_HEARTBEATS
688#define SSL_heartbeat(ssl) \
689 SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
690#endif
691
692void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 687void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
693void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 688void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
694#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 689#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
@@ -1595,11 +1590,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1595#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 1590#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
1596#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 1591#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
1597#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 1592#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
1598#ifndef OPENSSL_NO_HEARTBEATS
1599#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85
1600#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
1601#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
1602#endif
1603#endif 1593#endif
1604 1594
1605#define DTLS_CTRL_GET_TIMEOUT 73 1595#define DTLS_CTRL_GET_TIMEOUT 73
diff --git a/src/lib/libssl/ssl/Makefile b/src/lib/libssl/ssl/Makefile
index 805070c5fe..465e6e96c3 100644
--- a/src/lib/libssl/ssl/Makefile
+++ b/src/lib/libssl/ssl/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.32 2014/04/13 15:49:50 miod Exp $ 1# $OpenBSD: Makefile,v 1.33 2014/04/14 18:45:55 tedu Exp $
2 2
3LIB= ssl 3LIB= ssl
4 4
@@ -8,7 +8,7 @@ LSSL_SRC= ${SSL_SRC}/ssl
8CFLAGS+= -DTERMIOS -DANSI_SOURCE 8CFLAGS+= -DTERMIOS -DANSI_SOURCE
9CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 9CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5
10CFLAGS+= -DOPENSSL_NO_SSL2 10CFLAGS+= -DOPENSSL_NO_SSL2
11CFLAGS+= -DOPENSSL_NO_BUF_FREELISTS -DOPENSSL_NO_HEARTBEATS 11CFLAGS+= -DOPENSSL_NO_BUF_FREELISTS
12CFLAGS+= -I${SSL_SRC} 12CFLAGS+= -I${SSL_SRC}
13 13
14SRCS=\ 14SRCS=\
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 42271d634f..7311d984ae 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1108,13 +1108,6 @@ int ssl_check_clienthello_tlsext_early(SSL *s);
1108int ssl_check_clienthello_tlsext_late(SSL *s); 1108int ssl_check_clienthello_tlsext_late(SSL *s);
1109int ssl_check_serverhello_tlsext(SSL *s); 1109int ssl_check_serverhello_tlsext(SSL *s);
1110 1110
1111#ifndef OPENSSL_NO_HEARTBEATS
1112int tls1_heartbeat(SSL *s);
1113int dtls1_heartbeat(SSL *s);
1114int tls1_process_heartbeat(SSL *s);
1115int dtls1_process_heartbeat(SSL *s);
1116#endif
1117
1118#ifdef OPENSSL_NO_SHA256 1111#ifdef OPENSSL_NO_SHA256
1119#define tlsext_tick_md EVP_sha1 1112#define tlsext_tick_md EVP_sha1
1120#else 1113#else
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 08f7a444ad..8796651806 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -615,20 +615,6 @@ unsigned char
615 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); 615 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
616 } 616 }
617 617
618#ifndef OPENSSL_NO_HEARTBEATS
619 /* Add Heartbeat extension */
620 s2n(TLSEXT_TYPE_heartbeat, ret);
621 s2n(1, ret);
622 /* Set mode:
623 * 1: peer may send requests
624 * 2: peer not allowed to send requests
625 */
626 if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
627 *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
628 else
629 *(ret++) = SSL_TLSEXT_HB_ENABLED;
630#endif
631
632#ifndef OPENSSL_NO_NEXTPROTONEG 618#ifndef OPENSSL_NO_NEXTPROTONEG
633 if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { 619 if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
634 /* The client advertises an emtpy extension to indicate its 620 /* The client advertises an emtpy extension to indicate its
@@ -838,23 +824,6 @@ unsigned char
838 ret += 36; 824 ret += 36;
839 } 825 }
840 826
841#ifndef OPENSSL_NO_HEARTBEATS
842 /* Add Heartbeat extension if we've received one */
843 if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) {
844 s2n(TLSEXT_TYPE_heartbeat, ret);
845 s2n(1, ret);
846 /* Set mode:
847 * 1: peer may send requests
848 * 2: peer not allowed to send requests
849 */
850 if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
851 *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
852 else
853 *(ret++) = SSL_TLSEXT_HB_ENABLED;
854
855 }
856#endif
857
858#ifndef OPENSSL_NO_NEXTPROTONEG 827#ifndef OPENSSL_NO_NEXTPROTONEG
859 next_proto_neg_seen = s->s3->next_proto_neg_seen; 828 next_proto_neg_seen = s->s3->next_proto_neg_seen;
860 s->s3->next_proto_neg_seen = 0; 829 s->s3->next_proto_neg_seen = 0;
@@ -980,11 +949,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
980 s->s3->next_proto_neg_seen = 0; 949 s->s3->next_proto_neg_seen = 0;
981#endif 950#endif
982 951
983#ifndef OPENSSL_NO_HEARTBEATS
984 s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
985 SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
986#endif
987
988#ifndef OPENSSL_NO_EC 952#ifndef OPENSSL_NO_EC
989 if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) 953 if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
990 ssl_check_for_safari(s, data, d, n); 954 ssl_check_for_safari(s, data, d, n);
@@ -1342,22 +1306,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1342 else 1306 else
1343 s->tlsext_status_type = -1; 1307 s->tlsext_status_type = -1;
1344 } 1308 }
1345#ifndef OPENSSL_NO_HEARTBEATS
1346 else if (type == TLSEXT_TYPE_heartbeat) {
1347 switch (data[0]) {
1348 case 0x01: /* Client allows us to send HB requests */
1349 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1350 break;
1351 case 0x02: /* Client doesn't accept HB requests */
1352 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1353 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
1354 break;
1355 default:
1356 *al = SSL_AD_ILLEGAL_PARAMETER;
1357 return 0;
1358 }
1359 }
1360#endif
1361#ifndef OPENSSL_NO_NEXTPROTONEG 1309#ifndef OPENSSL_NO_NEXTPROTONEG
1362 else if (type == TLSEXT_TYPE_next_proto_neg && 1310 else if (type == TLSEXT_TYPE_next_proto_neg &&
1363 s->s3->tmp.finish_md_len == 0) { 1311 s->s3->tmp.finish_md_len == 0) {
@@ -1443,11 +1391,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
1443 s->s3->next_proto_neg_seen = 0; 1391 s->s3->next_proto_neg_seen = 0;
1444#endif 1392#endif
1445 1393
1446#ifndef OPENSSL_NO_HEARTBEATS
1447 s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
1448 SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
1449#endif
1450
1451 if (data >= (d + n - 2)) 1394 if (data >= (d + n - 2))
1452 goto ri_check; 1395 goto ri_check;
1453 1396
@@ -1595,22 +1538,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n,
1595 return 0; 1538 return 0;
1596 renegotiate_seen = 1; 1539 renegotiate_seen = 1;
1597 } 1540 }
1598#ifndef OPENSSL_NO_HEARTBEATS
1599 else if (type == TLSEXT_TYPE_heartbeat) {
1600 switch (data[0]) {
1601 case 0x01: /* Server allows us to send HB requests */
1602 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1603 break;
1604 case 0x02: /* Server doesn't accept HB requests */
1605 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1606 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
1607 break;
1608 default:
1609 *al = SSL_AD_ILLEGAL_PARAMETER;
1610 return 0;
1611 }
1612 }
1613#endif
1614#ifndef OPENSSL_NO_SRTP 1541#ifndef OPENSSL_NO_SRTP
1615 else if (type == TLSEXT_TYPE_use_srtp) { 1542 else if (type == TLSEXT_TYPE_use_srtp) {
1616 if (ssl_parse_serverhello_use_srtp_ext(s, data, size, 1543 if (ssl_parse_serverhello_use_srtp_ext(s, data, size,
@@ -2454,144 +2381,3 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2454} 2381}
2455 2382
2456#endif 2383#endif
2457
2458#ifndef OPENSSL_NO_HEARTBEATS
2459int
2460tls1_process_heartbeat(SSL *s)
2461{
2462 unsigned char *p = &s->s3->rrec.data[0], *pl;
2463 unsigned short hbtype;
2464 unsigned int payload;
2465 unsigned int padding = 16; /* Use minimum padding */
2466
2467 if (s->msg_callback)
2468 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
2469 &s->s3->rrec.data[0], s->s3->rrec.length,
2470 s, s->msg_callback_arg);
2471
2472 /* Read type and payload length first */
2473 if (1 + 2 + 16 > s->s3->rrec.length)
2474 return 0; /* silently discard */
2475 hbtype = *p++;
2476 n2s(p, payload);
2477 if (1 + 2 + payload + 16 > s->s3->rrec.length)
2478 return 0; /* silently discard per RFC 6520 sec. 4 */
2479 pl = p;
2480
2481 if (hbtype == TLS1_HB_REQUEST) {
2482 unsigned char *buffer, *bp;
2483 int r;
2484
2485 /* Allocate memory for the response, size is 1 bytes
2486 * message type, plus 2 bytes payload length, plus
2487 * payload, plus padding
2488 */
2489 buffer = OPENSSL_malloc(1 + 2 + payload + padding);
2490 bp = buffer;
2491
2492 /* Enter response type, length and copy payload */
2493 *bp++ = TLS1_HB_RESPONSE;
2494 s2n(payload, bp);
2495 memcpy(bp, pl, payload);
2496 bp += payload;
2497 /* Random padding */
2498 RAND_pseudo_bytes(bp, padding);
2499
2500 r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
2501
2502 if (r >= 0 && s->msg_callback)
2503 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
2504 buffer, 3 + payload + padding,
2505 s, s->msg_callback_arg);
2506
2507 OPENSSL_free(buffer);
2508
2509 if (r < 0)
2510 return r;
2511 } else if (hbtype == TLS1_HB_RESPONSE) {
2512 unsigned int seq;
2513
2514 /* We only send sequence numbers (2 bytes unsigned int),
2515 * and 16 random bytes, so we just try to read the
2516 * sequence number */
2517 n2s(pl, seq);
2518
2519 if (payload == 18 && seq == s->tlsext_hb_seq) {
2520 s->tlsext_hb_seq++;
2521 s->tlsext_hb_pending = 0;
2522 }
2523 }
2524
2525 return 0;
2526}
2527
2528int
2529tls1_heartbeat(SSL *s)
2530{
2531 unsigned char *buf, *p;
2532 int ret;
2533 unsigned int payload = 18; /* Sequence number + random bytes */
2534 unsigned int padding = 16; /* Use minimum padding */
2535
2536 /* Only send if peer supports and accepts HB requests... */
2537 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
2538 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
2539 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
2540 return -1;
2541 }
2542
2543 /* ...and there is none in flight yet... */
2544 if (s->tlsext_hb_pending) {
2545 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
2546 return -1;
2547 }
2548
2549 /* ...and no handshake in progress. */
2550 if (SSL_in_init(s) || s->in_handshake) {
2551 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
2552 return -1;
2553 }
2554
2555 /* Check if padding is too long, payload and padding
2556 * must not exceed 2^14 - 3 = 16381 bytes in total.
2557 */
2558 OPENSSL_assert(payload + padding <= 16381);
2559
2560 /* Create HeartBeat message, we just use a sequence number
2561 * as payload to distuingish different messages and add
2562 * some random stuff.
2563 * - Message Type, 1 byte
2564 * - Payload Length, 2 bytes (unsigned int)
2565 * - Payload, the sequence number (2 bytes uint)
2566 * - Payload, random bytes (16 bytes uint)
2567 * - Padding
2568 */
2569 buf = OPENSSL_malloc(1 + 2 + payload + padding);
2570 p = buf;
2571 /* Message Type */
2572 *p++ = TLS1_HB_REQUEST;
2573 /* Payload length (18 bytes here) */
2574 s2n(payload, p);
2575 /* Sequence number */
2576 s2n(s->tlsext_hb_seq, p);
2577 /* 16 random bytes */
2578 RAND_pseudo_bytes(p, 16);
2579 p += 16;
2580 /* Random padding */
2581 RAND_pseudo_bytes(p, padding);
2582
2583 ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
2584 if (ret >= 0) {
2585 if (s->msg_callback)
2586 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
2587 buf, 3 + payload + padding,
2588 s, s->msg_callback_arg);
2589
2590 s->tlsext_hb_pending = 1;
2591 }
2592
2593 OPENSSL_free(buf);
2594
2595 return ret;
2596}
2597#endif
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index c992091e30..7e35f13849 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -360,16 +360,6 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
360#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ 360#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
361SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) 361SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
362 362
363#ifndef OPENSSL_NO_HEARTBEATS
364#define SSL_TLSEXT_HB_ENABLED 0x01
365#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02
366#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04
367
368#define SSL_get_tlsext_heartbeat_pending(ssl) \
369 SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
370#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
371 SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
372#endif
373#endif 363#endif
374 364
375/* PSK ciphersuites from 4279 */ 365/* PSK ciphersuites from 4279 */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 00:32:37 +0000