From 71af26b57b274e50d22151f70de812d29e4db3e5 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 2 Nov 2009 13:38:22 +0000 Subject: [PATCH] PR: 2089 Submitted by: Robin Seggelmann Approved by: steve@openssl.org DTLS Fragment size bug fix. --- ssl/d1_both.c | 18 ++++++++++-- ssl/s3_srvr.c | 78 ++++++++++++++++++++++++++++++++++----------------- 2 files changed, 67 insertions(+), 29 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index ffc8ffe5d5..c1b0720bbf 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -177,7 +177,7 @@ int dtls1_do_write(SSL *s, int type) { int ret; int curr_mtu; - unsigned int len, frag_off; + unsigned int len, frag_off, mac_size, blocksize; /* AHA! Figure out the MTU, and stick to the right size */ if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) @@ -225,11 +225,22 @@ int dtls1_do_write(SSL *s, int type) OPENSSL_assert(s->init_num == (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + if (s->write_hash) + mac_size = EVP_MD_CTX_size(s->write_hash); + else + mac_size = 0; + + if (s->enc_write_ctx && + (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) + blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); + else + blocksize = 0; + frag_off = 0; while( s->init_num) { curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - - DTLS1_RT_HEADER_LENGTH; + DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH) { @@ -237,7 +248,8 @@ int dtls1_do_write(SSL *s, int type) ret = BIO_flush(SSL_get_wbio(s)); if ( ret <= 0) return ret; - curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH; + curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - + mac_size - blocksize; } if ( s->init_num > curr_mtu) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 77d7d878e3..458b233d86 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1679,13 +1679,18 @@ int ssl3_send_server_key_exchange(SSL *s) j=0; for (num=2; num > 0; num--) { - EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,&(d[4]),n); - EVP_DigestFinal_ex(&md_ctx,q, - (unsigned int *)&i); + if (!EVP_DigestInit_ex(&md_ctx,(num == 2) + ?s->ctx->md5:s->ctx->sha1, NULL) + || !EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE) + || !EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE) + || !EVP_DigestUpdate(&md_ctx,&(d[4]),n) + || !EVP_DigestFinal_ex(&md_ctx,q, + (unsigned int *)&i)) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB); + goto err; + } + q+=i; j+=i; } @@ -1704,14 +1709,14 @@ int ssl3_send_server_key_exchange(SSL *s) if (pkey->type == EVP_PKEY_DSA) { /* lets do DSS */ - EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL); - EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(d[4]),n); - if (!EVP_SignFinal(&md_ctx,&(p[2]), + if (!EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL) + || !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE) + || !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE) + || !EVP_SignUpdate(&md_ctx,&(d[4]),n) + || !EVP_SignFinal(&md_ctx,&(p[2]), (unsigned int *)&i,pkey)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB); goto err; } s2n(i,p); @@ -1723,14 +1728,14 @@ int ssl3_send_server_key_exchange(SSL *s) if (pkey->type == EVP_PKEY_EC) { /* let's do ECDSA */ - EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); - EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(d[4]),n); - if (!EVP_SignFinal(&md_ctx,&(p[2]), - (unsigned int *)&i,pkey)) + if (!EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL) + || !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE) + || !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE) + || !EVP_SignUpdate(&md_ctx,&(d[4]),n) + || !EVP_SignFinal(&md_ctx,&(p[2]), + (unsigned int *)&i,pkey)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB); goto err; } s2n(i,p); @@ -2969,7 +2974,7 @@ int ssl3_send_newsession_ticket(SSL *s) if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { unsigned char *p, *senc, *macstart; - int len, slen; + int len, slen, rv = 0; unsigned int hlen; EVP_CIPHER_CTX ctx; HMAC_CTX hctx; @@ -3024,11 +3029,21 @@ int ssl3_send_newsession_ticket(SSL *s) else { RAND_pseudo_bytes(iv, 16); +<<<<<<< s3_srvr.c + if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + s->ctx->tlsext_tick_aes_key, iv)) + goto evp_err; + if (!HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, + 16, tlsext_tick_md(), NULL)) + goto evp_err; + memcpy(key_name, s->ctx->tlsext_tick_key_name, 16); +======= EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, iv); HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(), NULL); memcpy(key_name, tctx->tlsext_tick_key_name, 16); +>>>>>>> 1.180 } l2n(s->session->tlsext_tick_lifetime_hint, p); /* Skip ticket length for now */ @@ -3041,15 +3056,26 @@ int ssl3_send_newsession_ticket(SSL *s) memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); p += EVP_CIPHER_CTX_iv_length(&ctx); /* Encrypt session data */ - EVP_EncryptUpdate(&ctx, p, &len, senc, slen); + if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen)) + goto evp_err; p += len; - EVP_EncryptFinal(&ctx, p, &len); + if (!EVP_EncryptFinal(&ctx, p, &len)) + goto evp_err; p += len; - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_Update(&hctx, macstart, p - macstart); - HMAC_Final(&hctx, p, &hlen); + if (!HMAC_Update(&hctx, macstart, p - macstart)) + goto evp_err; + + if (!HMAC_Final(&hctx, p, &hlen)) + goto evp_err; + + rv = 1; + + evp_err: + EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); + if (!rv) + return -1; p += hlen; /* Now write out lengths: p points to end of data written */ -- 2.25.1