diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2014-05-30 14:01:12 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-05-30 14:01:12 +0000 |
commit | aa1cc81d3d6852fc247169c40d0183c505f71d8f (patch) | |
tree | 3cbd62b0a76b5e4c0ab8aa08697a328ff84f28be | |
parent | fdf3730e2ac24c749826cf2730bba6c7bebb26af (diff) |
Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and
SSL_USE_TLS1_2_CIPHERS.
Largely based on OpenSSL head.
-rw-r--r-- | lib/libssl/s3_both.c | 4 | ||||
-rw-r--r-- | lib/libssl/s3_cbc.c | 3 | ||||
-rw-r--r-- | lib/libssl/s3_clnt.c | 19 | ||||
-rw-r--r-- | lib/libssl/s3_lib.c | 4 | ||||
-rw-r--r-- | lib/libssl/s3_pkt.c | 28 | ||||
-rw-r--r-- | lib/libssl/s3_srvr.c | 32 | ||||
-rw-r--r-- | lib/libssl/ssl_lib.c | 4 | ||||
-rw-r--r-- | lib/libssl/t1_enc.c | 13 | ||||
-rw-r--r-- | lib/libssl/t1_lib.c | 7 |
9 files changed, 50 insertions, 64 deletions
diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index f1d686b56f6..54b73451eb4 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -632,7 +632,7 @@ ssl3_setup_read_buffer(SSL *s) unsigned char *p; size_t len, align = 0, headerlen; - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + if (SSL_IS_DTLS(s)) headerlen = DTLS1_RT_HEADER_LENGTH; else headerlen = SSL3_RT_HEADER_LENGTH; @@ -672,7 +672,7 @@ ssl3_setup_write_buffer(SSL *s) unsigned char *p; size_t len, align = 0, headerlen; - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + if (SSL_IS_DTLS(s)) headerlen = DTLS1_RT_HEADER_LENGTH + 1; else headerlen = SSL3_RT_HEADER_LENGTH; diff --git a/lib/libssl/s3_cbc.c b/lib/libssl/s3_cbc.c index e8f7df572f3..9ba9896a52f 100644 --- a/lib/libssl/s3_cbc.c +++ b/lib/libssl/s3_cbc.c @@ -148,8 +148,9 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, { unsigned padding_length, good, to_check, i; const unsigned overhead = 1 /* padding length byte */ + mac_size; + /* Check if version requires explicit IV */ - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) { + if (SSL_USE_EXPLICIT_IV(s)) { /* These lengths are all public so we can test them in * non-constant time. */ diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 8dbea3869d1..abe5c5a86b6 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -848,8 +848,7 @@ ssl3_get_server_hello(SSL *s) if (!ok) return ((int)n); - if (SSL_version(s) == DTLS1_VERSION || - SSL_version(s) == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { if (s->d1->send_cookie == 0) { s->s3->tmp.reuse_message = 1; @@ -986,11 +985,10 @@ ssl3_get_server_hello(SSL *s) } s->s3->tmp.new_cipher = c; /* - * Don't digest cached records if TLS v1.2: we may need them for + * Don't digest cached records if no sigalgs: we may need them for * client authentication. */ - if (TLS1_get_version(s) < TLS1_2_VERSION && - !ssl3_digest_cached_records(s)) { + if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s)) { al = SSL_AD_INTERNAL_ERROR; goto f_err; } @@ -1592,7 +1590,7 @@ ssl3_get_key_exchange(SSL *s) /* if it was signed, check the signature */ if (pkey != NULL) { - if (TLS1_get_version(s) >= TLS1_2_VERSION) { + if (SSL_USE_SIGALGS(s)) { int sigalg = tls12_get_sigid(pkey); /* Should never happen */ if (sigalg == -1) { @@ -1634,8 +1632,7 @@ ssl3_get_key_exchange(SSL *s) goto f_err; } - if (pkey->type == EVP_PKEY_RSA && - TLS1_get_version(s) < TLS1_2_VERSION) { + if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) { int num; j = 0; @@ -1787,7 +1784,7 @@ ssl3_get_certificate_request(SSL *s) for (i = 0; i < ctype_num; i++) s->s3->tmp.ctype[i] = p[i]; p += ctype_num; - if (TLS1_get_version(s) >= TLS1_2_VERSION) { + if (SSL_USE_SIGALGS(s)) { n2s(p, llen); /* Check we have enough room for signature algorithms and * following length value. @@ -2612,7 +2609,7 @@ ssl3_send_client_verify(SSL *s) pctx = EVP_PKEY_CTX_new(pkey, NULL); EVP_PKEY_sign_init(pctx); if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { - if (TLS1_get_version(s) < TLS1_2_VERSION) + if (!SSL_USE_SIGALGS(s)) s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, &(data[MD5_DIGEST_LENGTH])); } else { @@ -2622,7 +2619,7 @@ ssl3_send_client_verify(SSL *s) * For TLS v1.2 send signature algorithm and signature * using agreed digest and cached handshake records. */ - if (TLS1_get_version(s) >= TLS1_2_VERSION) { + if (SSL_USE_SIGALGS(s)) { long hdatalen = 0; void *hdata; const EVP_MD *md = s->cert->key->digest; diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 2c15a87269b..da69caa6dd9 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -3022,9 +3022,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { c = sk_SSL_CIPHER_value(prio, i); - /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ + /* Skip TLS v1.2 only ciphersuites if not supported. */ if ((c->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_version(s) < TLS1_2_VERSION)) + !SSL_USE_TLS1_2_CIPHERS(s)) continue; ssl_set_cert_masks(cert, c); diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index 3a167f058c0..b8be8b52558 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -178,7 +178,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) /* For DTLS/UDP reads should not span multiple packets * because the read operation returns the whole packet * at once (as long as it fits into the buffer). */ - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { if (left > 0 && n > left) n = left; } @@ -238,18 +238,17 @@ ssl3_read_n(SSL *s, int n, int max, int extend) if (i <= 0) { rb->left = left; if (s->mode & SSL_MODE_RELEASE_BUFFERS && - SSL_version(s) != DTLS1_VERSION && - SSL_version(s) != DTLS1_BAD_VER) + !SSL_IS_DTLS(s)) { if (len + left == 0) ssl3_release_read_buffer(s); + } return (i); } left += i; /* reads should *never* span multiple packets for DTLS because * the underlying transport protocol is message oriented as opposed * to byte oriented as in the TLS case. */ - if (SSL_version(s) == DTLS1_VERSION || - SSL_version(s) == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { if (n > left) n = left; /* makes the while condition false */ } @@ -722,10 +721,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* field where we are to write out packet length */ plen = p; - p += 2; - /* Explicit IV length, block ciphers and TLS version 1.1 or later */ - if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) { + + /* Explicit IV length. */ + if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); @@ -844,18 +843,17 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, wb->left = 0; wb->offset += i; if (s->mode & SSL_MODE_RELEASE_BUFFERS && - SSL_version(s) != DTLS1_VERSION && - SSL_version(s) != DTLS1_BAD_VER) + !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); s->rwstate = SSL_NOTHING; return (s->s3->wpend_ret); } else if (i <= 0) { - if (s->version == DTLS1_VERSION || - s->version == DTLS1_BAD_VER) { - /* For DTLS, just drop it. That's kind of the whole - point in using a datagram service */ + /* + * For DTLS, just drop it. That's kind of the + * whole point in using a datagram service. + */ + if (SSL_IS_DTLS(s)) wb->left = 0; - } return (i); } wb->offset += i; diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 481cf37bef6..120f92a9d39 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -591,13 +591,13 @@ ssl3_accept(SSL *s) s->state = SSL3_ST_SR_FINISHED_A; #endif s->init_num = 0; - } else if (TLS1_get_version(s) >= TLS1_2_VERSION) { + } else if (SSL_USE_SIGALGS(s)) { s->state = SSL3_ST_SR_CERT_VRFY_A; s->init_num = 0; if (!s->session->peer) break; /* - * For TLS v1.2 freeze the handshake buffer + * For sigalgs freeze the handshake buffer * at this point and digest cached records. */ if (!s->s3->handshake_buffer) { @@ -980,7 +980,7 @@ ssl3_get_client_hello(SSL *s) * Versions before 0.9.7 always allow clients to resume sessions in * renegotiation. 0.9.7 and later allow this by default, but optionally * ignore resumption requests with flag - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag * rather than a change to default behavior so that applications * relying on this for security won't even compile against older * library versions). @@ -1010,7 +1010,7 @@ ssl3_get_client_hello(SSL *s) p += j; - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { /* cookie stuff */ cookie_len = *(p++); @@ -1331,8 +1331,7 @@ ssl3_get_client_hello(SSL *s) s->s3->tmp.new_cipher = s->session->cipher; } - if (TLS1_get_version(s) < TLS1_2_VERSION || - !(s->verify_mode & SSL_VERIFY_PEER)) { + if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) { if (!ssl3_digest_cached_records(s)) { al = SSL_AD_INTERNAL_ERROR; goto f_err; @@ -1819,8 +1818,7 @@ ssl3_send_server_key_exchange(SSL *s) * n is the length of the params, they start at &(d[4]) * and p points to the space at the end. */ - if (pkey->type == EVP_PKEY_RSA - && TLS1_get_version(s) < TLS1_2_VERSION) { + if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) { q = md_buf; j = 0; for (num = 2; num > 0; num--) { @@ -1850,13 +1848,9 @@ ssl3_send_server_key_exchange(SSL *s) } s2n(u, p); n += u + 2; - } else - if (md) { - /* - * For TLS1.2 and later send signature - * algorithm - */ - if (TLS1_get_version(s) >= TLS1_2_VERSION) { + } else if (md) { + /* Send signature algorithm. */ + if (SSL_USE_SIGALGS(s)) { if (!tls12_get_sigandhash(p, pkey, md)) { /* Should never happen */ al = SSL_AD_INTERNAL_ERROR; @@ -1884,7 +1878,7 @@ ssl3_send_server_key_exchange(SSL *s) } s2n(i, p); n += i + 2; - if (TLS1_get_version(s) >= TLS1_2_VERSION) + if (SSL_USE_SIGALGS(s)) n += 2; } else { /* Is this error check actually needed? */ @@ -1937,7 +1931,7 @@ ssl3_send_certificate_request(SSL *s) p += n; n++; - if (TLS1_get_version(s) >= TLS1_2_VERSION) { + if (SSL_USE_SIGALGS(s)) { nl = tls12_get_req_sig_algs(s, p + 2); s2n(nl, p); p += nl + 2; @@ -2592,7 +2586,7 @@ ssl3_get_cert_verify(SSL *s) pkey->type == NID_id_GostR3410_2001) ) { i = 64; } else { - if (TLS1_get_version(s) >= TLS1_2_VERSION) { + if (SSL_USE_SIGALGS(s)) { int sigalg = tls12_get_sigid(pkey); /* Should never happen */ if (sigalg == -1) { @@ -2635,7 +2629,7 @@ ssl3_get_cert_verify(SSL *s) goto f_err; } - if (TLS1_get_version(s) >= TLS1_2_VERSION) { + if (SSL_USE_SIGALGS(s)) { long hdatalen = 0; void *hdata; hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 3e654117bf0..e3b67817ccc 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1104,9 +1104,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) if (larg < (long)dtls1_min_mtu()) return (0); #endif - - if (SSL_version(s) == DTLS1_VERSION || - SSL_version(s) == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { s->d1->mtu = larg; return (larg); } diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 87860feda98..9d47bde6c6b 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -639,14 +639,11 @@ tls1_enc(SSL *s, int send) if (s->enc_write_ctx == NULL) enc = NULL; else { - int ivlen; + int ivlen = 0; enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); - /* For TLSv1.1 and later explicit IV */ - if (s->version >= TLS1_1_VERSION && + if (SSL_USE_EXPLICIT_IV(s) && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) ivlen = EVP_CIPHER_iv_length(enc); - else - ivlen = 0; if (ivlen > 1) { if (rec->data != rec->input) /* we can't write into the input stream: @@ -686,7 +683,7 @@ tls1_enc(SSL *s, int send) seq = send ? s->s3->write_sequence : s->s3->read_sequence; - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { unsigned char dtlsseq[9], *p = dtlsseq; s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p); @@ -876,7 +873,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) mac_ctx = &hmac; } - if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(ssl)) { unsigned char dtlsseq[8], *p = dtlsseq; s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p); @@ -919,7 +916,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) if (!stream_mac) EVP_MD_CTX_cleanup(&hmac); - if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) { + if (!SSL_IS_DTLS(ssl)) { for (i = 7; i >= 0; i--) { ++seq[i]; if (seq[i] != 0) diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index b15465d5500..fa70f21f95a 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -2028,7 +2028,7 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len, if (p >= limit) return -1; /* Skip past DTLS cookie */ - if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { + if (SSL_IS_DTLS(s)) { i = *(p++); p += i; if (p >= limit) @@ -2296,9 +2296,10 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) const EVP_MD *md; CERT *c = s->cert; - /* Extension ignored for TLS versions below 1.2 */ - if (TLS1_get_version(s) < TLS1_2_VERSION) + /* Extension ignored for inappropriate versions */ + if (!SSL_USE_SIGALGS(s)) return 1; + /* Should never happen */ if (!c) return 0; |