summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2014-05-30 14:01:12 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2014-05-30 14:01:12 +0000
commitaa1cc81d3d6852fc247169c40d0183c505f71d8f (patch)
tree3cbd62b0a76b5e4c0ab8aa08697a328ff84f28be
parentfdf3730e2ac24c749826cf2730bba6c7bebb26af (diff)
Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and
SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
-rw-r--r--lib/libssl/s3_both.c4
-rw-r--r--lib/libssl/s3_cbc.c3
-rw-r--r--lib/libssl/s3_clnt.c19
-rw-r--r--lib/libssl/s3_lib.c4
-rw-r--r--lib/libssl/s3_pkt.c28
-rw-r--r--lib/libssl/s3_srvr.c32
-rw-r--r--lib/libssl/ssl_lib.c4
-rw-r--r--lib/libssl/t1_enc.c13
-rw-r--r--lib/libssl/t1_lib.c7
9 files changed, 50 insertions, 64 deletions
diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c
index f1d686b56f6..54b73451eb4 100644
--- a/lib/libssl/s3_both.c
+++ b/lib/libssl/s3_both.c
@@ -632,7 +632,7 @@ ssl3_setup_read_buffer(SSL *s)
unsigned char *p;
size_t len, align = 0, headerlen;
- if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+ if (SSL_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH;
else
headerlen = SSL3_RT_HEADER_LENGTH;
@@ -672,7 +672,7 @@ ssl3_setup_write_buffer(SSL *s)
unsigned char *p;
size_t len, align = 0, headerlen;
- if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+ if (SSL_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH + 1;
else
headerlen = SSL3_RT_HEADER_LENGTH;
diff --git a/lib/libssl/s3_cbc.c b/lib/libssl/s3_cbc.c
index e8f7df572f3..9ba9896a52f 100644
--- a/lib/libssl/s3_cbc.c
+++ b/lib/libssl/s3_cbc.c
@@ -148,8 +148,9 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
{
unsigned padding_length, good, to_check, i;
const unsigned overhead = 1 /* padding length byte */ + mac_size;
+
/* Check if version requires explicit IV */
- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) {
+ if (SSL_USE_EXPLICIT_IV(s)) {
/* These lengths are all public so we can test them in
* non-constant time.
*/
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 8dbea3869d1..abe5c5a86b6 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -848,8 +848,7 @@ ssl3_get_server_hello(SSL *s)
if (!ok)
return ((int)n);
- if (SSL_version(s) == DTLS1_VERSION ||
- SSL_version(s) == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
if (s->d1->send_cookie == 0) {
s->s3->tmp.reuse_message = 1;
@@ -986,11 +985,10 @@ ssl3_get_server_hello(SSL *s)
}
s->s3->tmp.new_cipher = c;
/*
- * Don't digest cached records if TLS v1.2: we may need them for
+ * Don't digest cached records if no sigalgs: we may need them for
* client authentication.
*/
- if (TLS1_get_version(s) < TLS1_2_VERSION &&
- !ssl3_digest_cached_records(s)) {
+ if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s)) {
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
@@ -1592,7 +1590,7 @@ ssl3_get_key_exchange(SSL *s)
/* if it was signed, check the signature */
if (pkey != NULL) {
- if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+ if (SSL_USE_SIGALGS(s)) {
int sigalg = tls12_get_sigid(pkey);
/* Should never happen */
if (sigalg == -1) {
@@ -1634,8 +1632,7 @@ ssl3_get_key_exchange(SSL *s)
goto f_err;
}
- if (pkey->type == EVP_PKEY_RSA &&
- TLS1_get_version(s) < TLS1_2_VERSION) {
+ if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
int num;
j = 0;
@@ -1787,7 +1784,7 @@ ssl3_get_certificate_request(SSL *s)
for (i = 0; i < ctype_num; i++)
s->s3->tmp.ctype[i] = p[i];
p += ctype_num;
- if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+ if (SSL_USE_SIGALGS(s)) {
n2s(p, llen);
/* Check we have enough room for signature algorithms and
* following length value.
@@ -2612,7 +2609,7 @@ ssl3_send_client_verify(SSL *s)
pctx = EVP_PKEY_CTX_new(pkey, NULL);
EVP_PKEY_sign_init(pctx);
if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
- if (TLS1_get_version(s) < TLS1_2_VERSION)
+ if (!SSL_USE_SIGALGS(s))
s->method->ssl3_enc->cert_verify_mac(s,
NID_sha1, &(data[MD5_DIGEST_LENGTH]));
} else {
@@ -2622,7 +2619,7 @@ ssl3_send_client_verify(SSL *s)
* For TLS v1.2 send signature algorithm and signature
* using agreed digest and cached handshake records.
*/
- if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+ if (SSL_USE_SIGALGS(s)) {
long hdatalen = 0;
void *hdata;
const EVP_MD *md = s->cert->key->digest;
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 2c15a87269b..da69caa6dd9 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -3022,9 +3022,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
- /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
+ /* Skip TLS v1.2 only ciphersuites if not supported. */
if ((c->algorithm_ssl & SSL_TLSV1_2) &&
- (TLS1_get_version(s) < TLS1_2_VERSION))
+ !SSL_USE_TLS1_2_CIPHERS(s))
continue;
ssl_set_cert_masks(cert, c);
diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c
index 3a167f058c0..b8be8b52558 100644
--- a/lib/libssl/s3_pkt.c
+++ b/lib/libssl/s3_pkt.c
@@ -178,7 +178,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
/* For DTLS/UDP reads should not span multiple packets
* because the read operation returns the whole packet
* at once (as long as it fits into the buffer). */
- if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
if (left > 0 && n > left)
n = left;
}
@@ -238,18 +238,17 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
if (i <= 0) {
rb->left = left;
if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
- SSL_version(s) != DTLS1_VERSION &&
- SSL_version(s) != DTLS1_BAD_VER)
+ !SSL_IS_DTLS(s)) {
if (len + left == 0)
ssl3_release_read_buffer(s);
+ }
return (i);
}
left += i;
/* reads should *never* span multiple packets for DTLS because
* the underlying transport protocol is message oriented as opposed
* to byte oriented as in the TLS case. */
- if (SSL_version(s) == DTLS1_VERSION ||
- SSL_version(s) == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
if (n > left)
n = left; /* makes the while condition false */
}
@@ -722,10 +721,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* field where we are to write out packet length */
plen = p;
-
p += 2;
- /* Explicit IV length, block ciphers and TLS version 1.1 or later */
- if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) {
+
+ /* Explicit IV length. */
+ if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
@@ -844,18 +843,17 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
wb->left = 0;
wb->offset += i;
if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
- SSL_version(s) != DTLS1_VERSION &&
- SSL_version(s) != DTLS1_BAD_VER)
+ !SSL_IS_DTLS(s))
ssl3_release_write_buffer(s);
s->rwstate = SSL_NOTHING;
return (s->s3->wpend_ret);
} else if (i <= 0) {
- if (s->version == DTLS1_VERSION ||
- s->version == DTLS1_BAD_VER) {
- /* For DTLS, just drop it. That's kind of the whole
- point in using a datagram service */
+ /*
+ * For DTLS, just drop it. That's kind of the
+ * whole point in using a datagram service.
+ */
+ if (SSL_IS_DTLS(s))
wb->left = 0;
- }
return (i);
}
wb->offset += i;
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 481cf37bef6..120f92a9d39 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -591,13 +591,13 @@ ssl3_accept(SSL *s)
s->state = SSL3_ST_SR_FINISHED_A;
#endif
s->init_num = 0;
- } else if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+ } else if (SSL_USE_SIGALGS(s)) {
s->state = SSL3_ST_SR_CERT_VRFY_A;
s->init_num = 0;
if (!s->session->peer)
break;
/*
- * For TLS v1.2 freeze the handshake buffer
+ * For sigalgs freeze the handshake buffer
* at this point and digest cached records.
*/
if (!s->s3->handshake_buffer) {
@@ -980,7 +980,7 @@ ssl3_get_client_hello(SSL *s)
* Versions before 0.9.7 always allow clients to resume sessions in
* renegotiation. 0.9.7 and later allow this by default, but optionally
* ignore resumption requests with flag
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag
* rather than a change to default behavior so that applications
* relying on this for security won't even compile against older
* library versions).
@@ -1010,7 +1010,7 @@ ssl3_get_client_hello(SSL *s)
p += j;
- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
/* cookie stuff */
cookie_len = *(p++);
@@ -1331,8 +1331,7 @@ ssl3_get_client_hello(SSL *s)
s->s3->tmp.new_cipher = s->session->cipher;
}
- if (TLS1_get_version(s) < TLS1_2_VERSION ||
- !(s->verify_mode & SSL_VERIFY_PEER)) {
+ if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) {
if (!ssl3_digest_cached_records(s)) {
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
@@ -1819,8 +1818,7 @@ ssl3_send_server_key_exchange(SSL *s)
* n is the length of the params, they start at &(d[4])
* and p points to the space at the end.
*/
- if (pkey->type == EVP_PKEY_RSA
- && TLS1_get_version(s) < TLS1_2_VERSION) {
+ if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
q = md_buf;
j = 0;
for (num = 2; num > 0; num--) {
@@ -1850,13 +1848,9 @@ ssl3_send_server_key_exchange(SSL *s)
}
s2n(u, p);
n += u + 2;
- } else
- if (md) {
- /*
- * For TLS1.2 and later send signature
- * algorithm
- */
- if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+ } else if (md) {
+ /* Send signature algorithm. */
+ if (SSL_USE_SIGALGS(s)) {
if (!tls12_get_sigandhash(p, pkey, md)) {
/* Should never happen */
al = SSL_AD_INTERNAL_ERROR;
@@ -1884,7 +1878,7 @@ ssl3_send_server_key_exchange(SSL *s)
}
s2n(i, p);
n += i + 2;
- if (TLS1_get_version(s) >= TLS1_2_VERSION)
+ if (SSL_USE_SIGALGS(s))
n += 2;
} else {
/* Is this error check actually needed? */
@@ -1937,7 +1931,7 @@ ssl3_send_certificate_request(SSL *s)
p += n;
n++;
- if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+ if (SSL_USE_SIGALGS(s)) {
nl = tls12_get_req_sig_algs(s, p + 2);
s2n(nl, p);
p += nl + 2;
@@ -2592,7 +2586,7 @@ ssl3_get_cert_verify(SSL *s)
pkey->type == NID_id_GostR3410_2001) ) {
i = 64;
} else {
- if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+ if (SSL_USE_SIGALGS(s)) {
int sigalg = tls12_get_sigid(pkey);
/* Should never happen */
if (sigalg == -1) {
@@ -2635,7 +2629,7 @@ ssl3_get_cert_verify(SSL *s)
goto f_err;
}
- if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+ if (SSL_USE_SIGALGS(s)) {
long hdatalen = 0;
void *hdata;
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 3e654117bf0..e3b67817ccc 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1104,9 +1104,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
if (larg < (long)dtls1_min_mtu())
return (0);
#endif
-
- if (SSL_version(s) == DTLS1_VERSION ||
- SSL_version(s) == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
s->d1->mtu = larg;
return (larg);
}
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index 87860feda98..9d47bde6c6b 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -639,14 +639,11 @@ tls1_enc(SSL *s, int send)
if (s->enc_write_ctx == NULL)
enc = NULL;
else {
- int ivlen;
+ int ivlen = 0;
enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
- /* For TLSv1.1 and later explicit IV */
- if (s->version >= TLS1_1_VERSION &&
+ if (SSL_USE_EXPLICIT_IV(s) &&
EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
ivlen = EVP_CIPHER_iv_length(enc);
- else
- ivlen = 0;
if (ivlen > 1) {
if (rec->data != rec->input)
/* we can't write into the input stream:
@@ -686,7 +683,7 @@ tls1_enc(SSL *s, int send)
seq = send ? s->s3->write_sequence : s->s3->read_sequence;
- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
unsigned char dtlsseq[9], *p = dtlsseq;
s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
@@ -876,7 +873,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
mac_ctx = &hmac;
}
- if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(ssl)) {
unsigned char dtlsseq[8], *p = dtlsseq;
s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
@@ -919,7 +916,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
if (!stream_mac)
EVP_MD_CTX_cleanup(&hmac);
- if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) {
+ if (!SSL_IS_DTLS(ssl)) {
for (i = 7; i >= 0; i--) {
++seq[i];
if (seq[i] != 0)
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index b15465d5500..fa70f21f95a 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -2028,7 +2028,7 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
if (p >= limit)
return -1;
/* Skip past DTLS cookie */
- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+ if (SSL_IS_DTLS(s)) {
i = *(p++);
p += i;
if (p >= limit)
@@ -2296,9 +2296,10 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
const EVP_MD *md;
CERT *c = s->cert;
- /* Extension ignored for TLS versions below 1.2 */
- if (TLS1_get_version(s) < TLS1_2_VERSION)
+ /* Extension ignored for inappropriate versions */
+ if (!SSL_USE_SIGALGS(s))
return 1;
+
/* Should never happen */
if (!c)
return 0;