mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

PR: 2089

Browse Source 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Fragment size bug fix.
This commit is contained in:
Dr. Stephen Henson 2009-11-02 13:38:22 +00:00
parent 2008e714f3
commit 71af26b57b
2 changed files with 67 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ssl/d1_both.c
View File

@ -177,7 +177,7 @@ int dtls1_do_write(SSL *s, int type)
{
int ret;
int curr_mtu;
unsigned int len, frag_off;
unsigned int len, frag_off, mac_size, blocksize;
/* AHA! Figure out the MTU, and stick to the right size */
if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
@ -225,11 +225,22 @@ int dtls1_do_write(SSL *s, int type)
OPENSSL_assert(s->init_num ==
(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
if (s->write_hash)
mac_size = EVP_MD_CTX_size(s->write_hash);
else
mac_size = 0;
if (s->enc_write_ctx &&
(EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
else
blocksize = 0;
frag_off = 0;
while( s->init_num)
{
curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
DTLS1_RT_HEADER_LENGTH;
DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
{
@ -237,7 +248,8 @@ int dtls1_do_write(SSL *s, int type)
ret = BIO_flush(SSL_get_wbio(s));
if ( ret <= 0)
return ret;
curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH;
curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
mac_size - blocksize;
}
if ( s->init_num > curr_mtu)

78
ssl/s3_srvr.c
View File

@ -1679,13 +1679,18 @@ int ssl3_send_server_key_exchange(SSL *s)
j=0;
for (num=2; num > 0; num--)
{
EVP_DigestInit_ex(&md_ctx,(num == 2)
?s->ctx->md5:s->ctx->sha1, NULL);
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(d[4]),n);
EVP_DigestFinal_ex(&md_ctx,q,
(unsigned int *)&i);
if (!EVP_DigestInit_ex(&md_ctx,(num == 2)
?s->ctx->md5:s->ctx->sha1, NULL)
|| !EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
|| !EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
|| !EVP_DigestUpdate(&md_ctx,&(d[4]),n)
|| !EVP_DigestFinal_ex(&md_ctx,q,
(unsigned int *)&i))
{
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
goto err;
}
q+=i;
j+=i;
}
@ -1704,14 +1709,14 @@ int ssl3_send_server_key_exchange(SSL *s)
if (pkey->type == EVP_PKEY_DSA)
{
/* lets do DSS */
EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_SignUpdate(&md_ctx,&(d[4]),n);
if (!EVP_SignFinal(&md_ctx,&(p[2]),
if (!EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL)
|| !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
|| !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
|| !EVP_SignUpdate(&md_ctx,&(d[4]),n)
|| !EVP_SignFinal(&md_ctx,&(p[2]),
(unsigned int *)&i,pkey))
{
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
goto err;
}
s2n(i,p);
@ -1723,14 +1728,14 @@ int ssl3_send_server_key_exchange(SSL *s)
if (pkey->type == EVP_PKEY_EC)
{
/* let's do ECDSA */
EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_SignUpdate(&md_ctx,&(d[4]),n);
if (!EVP_SignFinal(&md_ctx,&(p[2]),
(unsigned int *)&i,pkey))
if (!EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL)
|| !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
|| !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
|| !EVP_SignUpdate(&md_ctx,&(d[4]),n)
|| !EVP_SignFinal(&md_ctx,&(p[2]),
(unsigned int *)&i,pkey))
{
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
goto err;
}
s2n(i,p);
@ -2969,7 +2974,7 @@ int ssl3_send_newsession_ticket(SSL *s)
if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
{
unsigned char *p, *senc, *macstart;
int len, slen;
int len, slen, rv = 0;
unsigned int hlen;
EVP_CIPHER_CTX ctx;
HMAC_CTX hctx;
@ -3024,11 +3029,21 @@ int ssl3_send_newsession_ticket(SSL *s)
else
{
RAND_pseudo_bytes(iv, 16);
<<<<<<< s3_srvr.c
if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
s->ctx->tlsext_tick_aes_key, iv))
goto evp_err;
if (!HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key,
16, tlsext_tick_md(), NULL))
goto evp_err;
memcpy(key_name, s->ctx->tlsext_tick_key_name, 16);
=======
EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, iv);
HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
tlsext_tick_md(), NULL);
memcpy(key_name, tctx->tlsext_tick_key_name, 16);
>>>>>>> 1.180
}
l2n(s->session->tlsext_tick_lifetime_hint, p);
/* Skip ticket length for now */
@ -3041,15 +3056,26 @@ int ssl3_send_newsession_ticket(SSL *s)
memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
p += EVP_CIPHER_CTX_iv_length(&ctx);
/* Encrypt session data */
EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
goto evp_err;
p += len;
EVP_EncryptFinal(&ctx, p, &len);
if (!EVP_EncryptFinal(&ctx, p, &len))
goto evp_err;
p += len;
EVP_CIPHER_CTX_cleanup(&ctx);
HMAC_Update(&hctx, macstart, p - macstart);
HMAC_Final(&hctx, p, &hlen);
if (!HMAC_Update(&hctx, macstart, p - macstart))
goto evp_err;
if (!HMAC_Final(&hctx, p, &hlen))
goto evp_err;
rv = 1;
evp_err:
EVP_CIPHER_CTX_cleanup(&ctx);
HMAC_CTX_cleanup(&hctx);
if (!rv)
return -1;
p += hlen;
/* Now write out lengths: p points to end of data written */