diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2015-09-02 17:59:16 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-09-02 17:59:16 +0000 |
| commit | 2f9f34e160696a8a69788c0b7db37c3216281b51 (patch) | |
| tree | b3498a15d9f14026bea936629803c6afed4ba5b4 /lib | |
| parent | b952906257abec1467cece3051393c951c0a66b1 (diff) | |
Replace dtls1_client_hello() with ssl3_client_hello() - both are basically
the same code, with two slight differences for DTLS handling.
Also, make use of send_cookie to determine if the client random needs to
be preserved, rather than testing if it is zeroed (hopefully your random
number generator never returned all zeros, since the existing code would
break). Inspired by BoringSSL.
ok doug@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/src/ssl/d1_clnt.c | 105 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_clnt.c | 27 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_locl.h | 3 |
3 files changed, 29 insertions, 106 deletions
diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c index b087535ce11..23d6b372c91 100644 --- a/lib/libssl/src/ssl/d1_clnt.c +++ b/lib/libssl/src/ssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.47 2015/07/15 18:35:34 beck Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.48 2015/09/02 17:59:15 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -263,7 +263,7 @@ dtls1_connect(SSL *s) } dtls1_start_timer(s); - ret = dtls1_client_hello(s); + ret = ssl3_client_hello(s); if (ret <= 0) goto end; @@ -275,9 +275,10 @@ dtls1_connect(SSL *s) s->init_num = 0; - /* turn on buffering for the next lot of output */ - if (s->bbio != s->wbio) - s->wbio = BIO_push(s->bbio, s->wbio); + /* turn on buffering for the next lot of output */ + if (s->bbio != s->wbio) + s->wbio = BIO_push(s->bbio, s->wbio); + break; case SSL3_ST_CR_SRVR_HELLO_A: @@ -603,100 +604,6 @@ end: return (ret); } -int -dtls1_client_hello(SSL *s) -{ - unsigned char *bufend, *d, *p; - unsigned int i; - - if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { - SSL_SESSION *sess = s->session; - - if ((s->session == NULL) || - (s->session->ssl_version != s->version) || - (!sess->session_id_length && !sess->tlsext_tick) || - (s->session->not_resumable)) { - if (!ssl_get_new_session(s, 0)) - goto err; - } - /* else use the pre-loaded session */ - - p = s->s3->client_random; - - /* if client_random is initialized, reuse it, we are - * required to use same upon reply to HelloVerify */ - for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) - ; - if (i == sizeof(s->s3->client_random)) - arc4random_buf(p, sizeof(s->s3->client_random)); - - d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO); - - *(p++) = s->version >> 8; - *(p++) = s->version&0xff; - s->client_version = s->version; - - /* Random stuff */ - memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); - p += SSL3_RANDOM_SIZE; - - /* Session ID */ - if (s->new_session) - i = 0; - else - i = s->session->session_id_length; - *(p++) = i; - if (i != 0) { - if (i > sizeof s->session->session_id) { - SSLerr(SSL_F_DTLS1_CLIENT_HELLO, - ERR_R_INTERNAL_ERROR); - goto err; - } - memcpy(p, s->session->session_id, i); - p += i; - } - - /* cookie stuff */ - if (s->d1->cookie_len > sizeof(s->d1->cookie)) { - SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto err; - } - *(p++) = s->d1->cookie_len; - memcpy(p, s->d1->cookie, s->d1->cookie_len); - p += s->d1->cookie_len; - - /* Ciphers supported */ - i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]); - if (i == 0) { - SSLerr(SSL_F_DTLS1_CLIENT_HELLO, - SSL_R_NO_CIPHERS_AVAILABLE); - goto err; - } - s2n(i, p); - p += i; - - /* add in (no) COMPRESSION */ - *(p++) = 1; - *(p++) = 0; /* Add the NULL method */ - - bufend = (unsigned char *)s->init_buf->data + - SSL3_RT_MAX_PLAIN_LENGTH; - if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) { - SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto err; - } - - ssl3_handshake_msg_finish(s, p - d); - - s->state = SSL3_ST_CW_CLNT_HELLO_B; - } - - /* SSL3_ST_CW_CLNT_HELLO_B */ - return (ssl3_handshake_write(s)); -err: - return (-1); -} - static int dtls1_get_hello_verify(SSL *s) { diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 5b9af06aa5e..1d1a0c77f0b 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.124 2015/09/01 13:38:27 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.125 2015/09/02 17:59:15 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -584,7 +584,6 @@ end: return (ret); } - int ssl3_client_hello(SSL *s) { @@ -603,7 +602,13 @@ ssl3_client_hello(SSL *s) } /* else use the pre-loaded session */ - arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); + /* + * If a DTLS ClientHello message is being resent after a + * HelloVerifyRequest, we must retain the original client + * random value. + */ + if (!SSL_IS_DTLS(s) || s->d1->send_cookie == 0) + arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO); @@ -660,6 +665,18 @@ ssl3_client_hello(SSL *s) p += i; } + /* DTLS Cookie. */ + if (SSL_IS_DTLS(s)) { + if (s->d1->cookie_len > sizeof(s->d1->cookie)) { + SSLerr(SSL_F_DTLS1_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + goto err; + } + *(p++) = s->d1->cookie_len; + memcpy(p, s->d1->cookie, s->d1->cookie_len); + p += s->d1->cookie_len; + } + /* Ciphers supported */ i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]); if (i == 0) { @@ -683,9 +700,9 @@ ssl3_client_hello(SSL *s) goto err; } - s->state = SSL3_ST_CW_CLNT_HELLO_B; - ssl3_handshake_msg_finish(s, p - d); + + s->state = SSL3_ST_CW_CLNT_HELLO_B; } /* SSL3_ST_CW_CLNT_HELLO_B */ diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index b7853b24c84..8c8dec77b68 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.102 2015/09/01 13:38:27 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.103 2015/09/02 17:59:15 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -729,7 +729,6 @@ int ssl3_check_cert_and_algorithm(SSL *s); int ssl3_check_finished(SSL *s); int ssl3_send_next_proto(SSL *s); -int dtls1_client_hello(SSL *s); int dtls1_send_client_certificate(SSL *s); int dtls1_send_client_key_exchange(SSL *s); int dtls1_send_client_verify(SSL *s); |