From a224fe14e92e6d49ee1fb1c4eafbe224da3a677a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 19 Apr 2009 18:08:12 +0000 Subject: [PATCH] PR: 1751 Submitted by: David Woodhouse Approved by: steve@openssl.org Compatibility patches for Cisco VPN client DTLS. --- ssl/d1_clnt.c | 5 +++-- ssl/d1_lib.c | 5 ++++- ssl/d1_pkt.c | 10 ++++++---- ssl/s3_clnt.c | 2 +- ssl/ssl.h | 2 ++ ssl/ssl_lib.c | 3 ++- ssl/ssl_sess.c | 5 +++++ ssl/t1_enc.c | 6 +++--- 8 files changed, 26 insertions(+), 12 deletions(-) diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 950aca4c2c..a6111db917 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s); static SSL_METHOD *dtls1_get_client_method(int ver) { - if (ver == DTLS1_VERSION) + if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) return(DTLSv1_client_method()); else return(NULL); @@ -181,7 +181,8 @@ int dtls1_connect(SSL *s) s->server=0; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) + if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && + (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) { SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); ret = -1; diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index ae067f6eed..20f76bde87 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -198,7 +198,10 @@ void dtls1_free(SSL *s) void dtls1_clear(SSL *s) { ssl3_clear(s); - s->version=DTLS1_VERSION; + if (s->options & SSL_OP_CISCO_ANYCONNECT) + s->version=DTLS1_BAD_VER; + else + s->version=DTLS1_VERSION; } /* diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 3fa4c43024..e5b36a38a0 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1024,15 +1024,17 @@ start: if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { struct ccs_header_st ccs_hdr; + int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; dtls1_get_ccs_header(rr->data, &ccs_hdr); /* 'Change Cipher Spec' is just a single byte, so we know * exactly what the record payload has to look like */ /* XDTLS: check that epoch is consistent */ - if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) || - (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) || - (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) + if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER) + ccs_hdr_len = 3; + + if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { i=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); @@ -1358,7 +1360,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, #if 0 /* 'create_empty_fragment' is true only when this function calls itself */ if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done - && SSL_version(s) != DTLS1_VERSION) + && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) { /* countermeasure against known-IV weakness in CBC ciphersuites * (see http://www.openssl.org/~bodo/tls-cbc.txt) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 50308487aa..7791b14508 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -708,7 +708,7 @@ int ssl3_get_server_hello(SSL *s) if (!ok) return((int)n); - if ( SSL_version(s) == DTLS1_VERSION) + if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { diff --git a/ssl/ssl.h b/ssl/ssl.h index ff8a128d3c..b1171c3a7e 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -510,6 +510,8 @@ typedef struct ssl_session_st #define SSL_OP_COOKIE_EXCHANGE 0x00002000L /* Don't use RFC4507 ticket extension */ #define SSL_OP_NO_TICKET 0x00004000L +/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ +#define SSL_OP_CISCO_ANYCONNECT 0x00008000L /* As server, disallow session resumption on renegotiation */ #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 893abff1f4..c3a9a6d706 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -995,7 +995,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) s->max_cert_list=larg; return(l); case SSL_CTRL_SET_MTU: - if (SSL_version(s) == DTLS1_VERSION) + if (SSL_version(s) == DTLS1_VERSION || + SSL_version(s) == DTLS1_BAD_VER) { s->d1->mtu = larg; return larg; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 8391d62212..e6eeccdc5f 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -211,6 +211,11 @@ int ssl_get_new_session(SSL *s, int session) ss->ssl_version=TLS1_VERSION; ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; } + else if (s->version == DTLS1_BAD_VER) + { + ss->ssl_version=DTLS1_BAD_VER; + ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == DTLS1_VERSION) { ss->ssl_version=DTLS1_VERSION; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 7cb3e29a41..dab6e4485b 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -765,10 +765,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) HMAC_CTX_init(&hmac); HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); - if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER) + if (ssl->version == DTLS1_BAD_VER || + (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)) { unsigned char dtlsseq[8],*p=dtlsseq; - s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); memcpy (p,&seq[2],6); @@ -793,7 +793,7 @@ printf("rec="); {unsigned int z; for (z=0; zlength; z++) printf("%02X ",buf[z]); printf("\n"); } #endif - if ( SSL_version(ssl) != DTLS1_VERSION) + if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER) { for (i=7; i>=0; i--) { -- 2.25.1