src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2014-05-30 14:01:12 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2014-05-30 14:01:12 +0000
commit	aa1cc81d3d6852fc247169c40d0183c505f71d8f (patch)
tree	3cbd62b0a76b5e4c0ab8aa08697a328ff84f28be /lib/libssl
parent	fdf3730e2ac24c749826cf2730bba6c7bebb26af (diff)

Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and

SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.

Diffstat (limited to 'lib/libssl')

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

9 files changed, 50 insertions, 64 deletions

diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c
index f1d686b56f6..54b73451eb4 100644
--- a/lib/libssl/s3_both.c
+++ b/lib/libssl/s3_both.c

@@ -632,7 +632,7 @@ ssl3_setup_read_buffer(SSL *s)

unsigned char *p;

size_t len, align = 0, headerlen;

- if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)

+ if (SSL_IS_DTLS(s))

headerlen = DTLS1_RT_HEADER_LENGTH;

else

headerlen = SSL3_RT_HEADER_LENGTH;

@@ -672,7 +672,7 @@ ssl3_setup_write_buffer(SSL *s)

unsigned char *p;

size_t len, align = 0, headerlen;

- if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)

+ if (SSL_IS_DTLS(s))

headerlen = DTLS1_RT_HEADER_LENGTH + 1;

else

headerlen = SSL3_RT_HEADER_LENGTH;

diff --git a/lib/libssl/s3_cbc.c b/lib/libssl/s3_cbc.c
index e8f7df572f3..9ba9896a52f 100644
--- a/lib/libssl/s3_cbc.c
+++ b/lib/libssl/s3_cbc.c

@@ -148,8 +148,9 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,

{

unsigned padding_length, good, to_check, i;

const unsigned overhead = 1 /* padding length byte */ + mac_size;

/* Check if version requires explicit IV */

- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) {

+ if (SSL_USE_EXPLICIT_IV(s)) {

/* These lengths are all public so we can test them in

* non-constant time.

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 8dbea3869d1..abe5c5a86b6 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c

@@ -848,8 +848,7 @@ ssl3_get_server_hello(SSL *s)

if (!ok)

return ((int)n);

- if (SSL_version(s) == DTLS1_VERSION ||

- SSL_version(s) == DTLS1_BAD_VER) {

+ if (SSL_IS_DTLS(s)) {

if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {

if (s->d1->send_cookie == 0) {

s->s3->tmp.reuse_message = 1;

@@ -986,11 +985,10 @@ ssl3_get_server_hello(SSL *s)

}

s->s3->tmp.new_cipher = c;

- * Don't digest cached records if TLS v1.2: we may need them for

+ * Don't digest cached records if no sigalgs: we may need them for

* client authentication.

- if (TLS1_get_version(s) < TLS1_2_VERSION &&

- !ssl3_digest_cached_records(s)) {

+ if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s)) {

al = SSL_AD_INTERNAL_ERROR;

goto f_err;

}

@@ -1592,7 +1590,7 @@ ssl3_get_key_exchange(SSL *s)

/* if it was signed, check the signature */

if (pkey != NULL) {

- if (TLS1_get_version(s) >= TLS1_2_VERSION) {

+ if (SSL_USE_SIGALGS(s)) {

int sigalg = tls12_get_sigid(pkey);

/* Should never happen */

if (sigalg == -1) {

@@ -1634,8 +1632,7 @@ ssl3_get_key_exchange(SSL *s)

goto f_err;

}

- if (pkey->type == EVP_PKEY_RSA &&

- TLS1_get_version(s) < TLS1_2_VERSION) {

+ if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {

int num;

j = 0;

@@ -1787,7 +1784,7 @@ ssl3_get_certificate_request(SSL *s)

for (i = 0; i < ctype_num; i++)

s->s3->tmp.ctype[i] = p[i];

p += ctype_num;

- if (TLS1_get_version(s) >= TLS1_2_VERSION) {

+ if (SSL_USE_SIGALGS(s)) {

n2s(p, llen);

/* Check we have enough room for signature algorithms and

* following length value.

@@ -2612,7 +2609,7 @@ ssl3_send_client_verify(SSL *s)

pctx = EVP_PKEY_CTX_new(pkey, NULL);

EVP_PKEY_sign_init(pctx);

if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {

- if (TLS1_get_version(s) < TLS1_2_VERSION)

+ if (!SSL_USE_SIGALGS(s))

s->method->ssl3_enc->cert_verify_mac(s,

NID_sha1, &(data[MD5_DIGEST_LENGTH]));

} else {

@@ -2622,7 +2619,7 @@ ssl3_send_client_verify(SSL *s)

* For TLS v1.2 send signature algorithm and signature

* using agreed digest and cached handshake records.

- if (TLS1_get_version(s) >= TLS1_2_VERSION) {

+ if (SSL_USE_SIGALGS(s)) {

long hdatalen = 0;

void *hdata;

const EVP_MD *md = s->cert->key->digest;

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 2c15a87269b..da69caa6dd9 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c

@@ -3022,9 +3022,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,

for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {

c = sk_SSL_CIPHER_value(prio, i);

- /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */

+ /* Skip TLS v1.2 only ciphersuites if not supported. */

if ((c->algorithm_ssl & SSL_TLSV1_2) &&

- (TLS1_get_version(s) < TLS1_2_VERSION))

+ !SSL_USE_TLS1_2_CIPHERS(s))

continue;

ssl_set_cert_masks(cert, c);

diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c
index 3a167f058c0..b8be8b52558 100644
--- a/lib/libssl/s3_pkt.c
+++ b/lib/libssl/s3_pkt.c

@@ -178,7 +178,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)

/* For DTLS/UDP reads should not span multiple packets

* because the read operation returns the whole packet

* at once (as long as it fits into the buffer). */

- if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) {

+ if (SSL_IS_DTLS(s)) {

if (left > 0 && n > left)

n = left;

}

@@ -238,18 +238,17 @@ ssl3_read_n(SSL *s, int n, int max, int extend)

if (i <= 0) {

rb->left = left;

if (s->mode & SSL_MODE_RELEASE_BUFFERS &&

- SSL_version(s) != DTLS1_VERSION &&

- SSL_version(s) != DTLS1_BAD_VER)

+ !SSL_IS_DTLS(s)) {

if (len + left == 0)

ssl3_release_read_buffer(s);

+ }

return (i);

}

left += i;

/* reads should *never* span multiple packets for DTLS because

* the underlying transport protocol is message oriented as opposed

* to byte oriented as in the TLS case. */

- if (SSL_version(s) == DTLS1_VERSION ||

- SSL_version(s) == DTLS1_BAD_VER) {

+ if (SSL_IS_DTLS(s)) {

if (n > left)

n = left; /* makes the while condition false */

}

@@ -722,10 +721,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,

/* field where we are to write out packet length */

plen = p;

p += 2;

- /* Explicit IV length, block ciphers and TLS version 1.1 or later */

- if (s->enc_write_ctx && s->version >= TLS1_1_VERSION) {

+ /* Explicit IV length. */

+ if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {

int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);

if (mode == EVP_CIPH_CBC_MODE) {

eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);

@@ -844,18 +843,17 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf,

wb->left = 0;

wb->offset += i;

if (s->mode & SSL_MODE_RELEASE_BUFFERS &&

- SSL_version(s) != DTLS1_VERSION &&

- SSL_version(s) != DTLS1_BAD_VER)

+ !SSL_IS_DTLS(s))

ssl3_release_write_buffer(s);

s->rwstate = SSL_NOTHING;

return (s->s3->wpend_ret);

} else if (i <= 0) {

- if (s->version == DTLS1_VERSION ||

- s->version == DTLS1_BAD_VER) {

- /* For DTLS, just drop it. That's kind of the whole

- point in using a datagram service */

+ /*

+ * For DTLS, just drop it. That's kind of the

+ * whole point in using a datagram service.

+ */

+ if (SSL_IS_DTLS(s))

wb->left = 0;

- }

return (i);

}

wb->offset += i;

diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 481cf37bef6..120f92a9d39 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c

@@ -591,13 +591,13 @@ ssl3_accept(SSL *s)

s->state = SSL3_ST_SR_FINISHED_A;

#endif

s->init_num = 0;

- } else if (TLS1_get_version(s) >= TLS1_2_VERSION) {

+ } else if (SSL_USE_SIGALGS(s)) {

s->state = SSL3_ST_SR_CERT_VRFY_A;

s->init_num = 0;

if (!s->session->peer)

break;

- * For TLS v1.2 freeze the handshake buffer

+ * For sigalgs freeze the handshake buffer

* at this point and digest cached records.

if (!s->s3->handshake_buffer) {

@@ -980,7 +980,7 @@ ssl3_get_client_hello(SSL *s)

* Versions before 0.9.7 always allow clients to resume sessions in

* renegotiation. 0.9.7 and later allow this by default, but optionally

* ignore resumption requests with flag

- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag

+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag

* rather than a change to default behavior so that applications

* relying on this for security won't even compile against older

* library versions).

@@ -1010,7 +1010,7 @@ ssl3_get_client_hello(SSL *s)

p += j;

- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {

+ if (SSL_IS_DTLS(s)) {

/* cookie stuff */

cookie_len = *(p++);

@@ -1331,8 +1331,7 @@ ssl3_get_client_hello(SSL *s)

s->s3->tmp.new_cipher = s->session->cipher;

}

- if (TLS1_get_version(s) < TLS1_2_VERSION ||

- !(s->verify_mode & SSL_VERIFY_PEER)) {

+ if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) {

if (!ssl3_digest_cached_records(s)) {

al = SSL_AD_INTERNAL_ERROR;

goto f_err;

@@ -1819,8 +1818,7 @@ ssl3_send_server_key_exchange(SSL *s)

* n is the length of the params, they start at &(d[4])

* and p points to the space at the end.

- if (pkey->type == EVP_PKEY_RSA

- && TLS1_get_version(s) < TLS1_2_VERSION) {

+ if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {

q = md_buf;

j = 0;

for (num = 2; num > 0; num--) {

@@ -1850,13 +1848,9 @@ ssl3_send_server_key_exchange(SSL *s)

}

s2n(u, p);

n += u + 2;

- } else

- if (md) {

- /*

- * For TLS1.2 and later send signature

- * algorithm

- */

- if (TLS1_get_version(s) >= TLS1_2_VERSION) {

+ } else if (md) {

+ /* Send signature algorithm. */

+ if (SSL_USE_SIGALGS(s)) {

if (!tls12_get_sigandhash(p, pkey, md)) {

/* Should never happen */

al = SSL_AD_INTERNAL_ERROR;

@@ -1884,7 +1878,7 @@ ssl3_send_server_key_exchange(SSL *s)

}

s2n(i, p);

n += i + 2;

- if (TLS1_get_version(s) >= TLS1_2_VERSION)

+ if (SSL_USE_SIGALGS(s))

n += 2;

} else {

/* Is this error check actually needed? */

@@ -1937,7 +1931,7 @@ ssl3_send_certificate_request(SSL *s)

p += n;

n++;

- if (TLS1_get_version(s) >= TLS1_2_VERSION) {

+ if (SSL_USE_SIGALGS(s)) {

nl = tls12_get_req_sig_algs(s, p + 2);

s2n(nl, p);

p += nl + 2;

@@ -2592,7 +2586,7 @@ ssl3_get_cert_verify(SSL *s)

pkey->type == NID_id_GostR3410_2001) ) {

i = 64;

} else {

- if (TLS1_get_version(s) >= TLS1_2_VERSION) {

+ if (SSL_USE_SIGALGS(s)) {

int sigalg = tls12_get_sigid(pkey);

/* Should never happen */

if (sigalg == -1) {

@@ -2635,7 +2629,7 @@ ssl3_get_cert_verify(SSL *s)

goto f_err;

}

- if (TLS1_get_version(s) >= TLS1_2_VERSION) {

+ if (SSL_USE_SIGALGS(s)) {

long hdatalen = 0;

void *hdata;

hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 3e654117bf0..e3b67817ccc 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c

@@ -1104,9 +1104,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)

if (larg < (long)dtls1_min_mtu())

return (0);

#endif

- if (SSL_version(s) == DTLS1_VERSION ||

- SSL_version(s) == DTLS1_BAD_VER) {

+ if (SSL_IS_DTLS(s)) {

s->d1->mtu = larg;

return (larg);

}

diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index 87860feda98..9d47bde6c6b 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c

@@ -639,14 +639,11 @@ tls1_enc(SSL *s, int send)

if (s->enc_write_ctx == NULL)

enc = NULL;

else {

- int ivlen;

+ int ivlen = 0;

enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);

- /* For TLSv1.1 and later explicit IV */

- if (s->version >= TLS1_1_VERSION &&

+ if (SSL_USE_EXPLICIT_IV(s) &&

EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)

ivlen = EVP_CIPHER_iv_length(enc);

- else

- ivlen = 0;

if (ivlen > 1) {

if (rec->data != rec->input)

/* we can't write into the input stream:

@@ -686,7 +683,7 @@ tls1_enc(SSL *s, int send)

seq = send ? s->s3->write_sequence : s->s3->read_sequence;

- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {

+ if (SSL_IS_DTLS(s)) {

unsigned char dtlsseq[9], *p = dtlsseq;

s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);

@@ -876,7 +873,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)

mac_ctx = &hmac;

}

- if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) {

+ if (SSL_IS_DTLS(ssl)) {

unsigned char dtlsseq[8], *p = dtlsseq;

s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);

@@ -919,7 +916,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)

if (!stream_mac)

EVP_MD_CTX_cleanup(&hmac);

- if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) {

+ if (!SSL_IS_DTLS(ssl)) {

for (i = 7; i >= 0; i--) {

++seq[i];

if (seq[i] != 0)

diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index b15465d5500..fa70f21f95a 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c

@@ -2028,7 +2028,7 @@ tls1_process_ticket(SSL *s, unsigned char *session_id, int len,

if (p >= limit)

return -1;

/* Skip past DTLS cookie */

- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {

+ if (SSL_IS_DTLS(s)) {

i = *(p++);

p += i;

if (p >= limit)

@@ -2296,9 +2296,10 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)

const EVP_MD *md;

CERT *c = s->cert;

- /* Extension ignored for TLS versions below 1.2 */

- if (TLS1_get_version(s) < TLS1_2_VERSION)

+ /* Extension ignored for inappropriate versions */

+ if (!SSL_USE_SIGALGS(s))

return 1;

/* Should never happen */

if (!c)

return 0;