diff options
| author | mrezai <mhd.rezai@gmail.com> | 2016-04-15 19:03:35 +0430 |
|---|---|---|
| committer | mrezai <mhd.rezai@gmail.com> | 2016-04-15 19:03:35 +0430 |
| commit | e97922f22038e9049ed4c2db5b3736dfaa0edde3 (patch) | |
| tree | 37e036a343e7482a387b7acd0a88509af78a69eb /drivers/builtin_openssl2/ssl/d1_pkt.c | |
| parent | 880f4abda44a42532abb6f15999a90bc85f6264a (diff) | |
Update OpenSSL to version 1.0.2g
Diffstat (limited to 'drivers/builtin_openssl2/ssl/d1_pkt.c')
| -rw-r--r-- | drivers/builtin_openssl2/ssl/d1_pkt.c | 66 |
1 files changed, 41 insertions, 25 deletions
diff --git a/drivers/builtin_openssl2/ssl/d1_pkt.c b/drivers/builtin_openssl2/ssl/d1_pkt.c index d659ed428e..fe30ec7d00 100644 --- a/drivers/builtin_openssl2/ssl/d1_pkt.c +++ b/drivers/builtin_openssl2/ssl/d1_pkt.c @@ -612,6 +612,10 @@ int dtls1_get_record(SSL *s) p = s->packet; + if (s->msg_callback) + s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, + s, s->msg_callback_arg); + /* Pull apart the header into the DTLS1_RECORD */ rr->type = *(p++); ssl_major = *(p++); @@ -1488,10 +1492,10 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned char *p, *pseq; int i, mac_size, clear = 0; int prefix_len = 0; + int eivlen; SSL3_RECORD *wr; SSL3_BUFFER *wb; SSL_SESSION *sess; - int bs; /* * first check if there is a SSL3_BUFFER still being written out. This @@ -1570,27 +1574,41 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, *(p++) = type & 0xff; wr->type = type; - - *(p++) = (s->version >> 8); - *(p++) = s->version & 0xff; + /* + * Special case: for hello verify request, client version 1.0 and we + * haven't decided which version to use yet send back using version 1.0 + * header: otherwise some clients will ignore it. + */ + if (s->method->version == DTLS_ANY_VERSION) { + *(p++) = DTLS1_VERSION >> 8; + *(p++) = DTLS1_VERSION & 0xff; + } else { + *(p++) = s->version >> 8; + *(p++) = s->version & 0xff; + } /* field where we are to write out packet epoch, seq num and len */ pseq = p; p += 10; - /* lets setup the record stuff. */ - - /* - * Make space for the explicit IV in case of CBC. (this is a bit of a - * boundary violation, but what the heck). - */ - if (s->enc_write_ctx && - (EVP_CIPHER_mode(s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) - bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher); - else - bs = 0; + /* Explicit IV length, block ciphers appropriate version flag */ + if (s->enc_write_ctx) { + int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); + if (mode == EVP_CIPH_CBC_MODE) { + eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); + if (eivlen <= 1) + eivlen = 0; + } + /* Need explicit part of IV for GCM mode */ + else if (mode == EVP_CIPH_GCM_MODE) + eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN; + else + eivlen = 0; + } else + eivlen = 0; - wr->data = p + bs; /* make room for IV in case of CBC */ + /* lets setup the record stuff. */ + wr->data = p + eivlen; /* make room for IV in case of CBC */ wr->length = (int)len; wr->input = (unsigned char *)buf; @@ -1616,7 +1634,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, */ if (mac_size != 0) { - if (s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0) + if (s->method->ssl3_enc->mac(s, &(p[wr->length + eivlen]), 1) < 0) goto err; wr->length += mac_size; } @@ -1625,14 +1643,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, wr->input = p; wr->data = p; - /* ssl3_enc can only have an error on read */ - if (bs) { /* bs != 0 in case of CBC */ - RAND_pseudo_bytes(p, bs); - /* - * master IV and last CBC residue stand for the rest of randomness - */ - wr->length += bs; - } + if (eivlen) + wr->length += eivlen; if (s->method->ssl3_enc->enc(s, 1) < 1) goto err; @@ -1656,6 +1668,10 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, pseq += 6; s2n(wr->length, pseq); + if (s->msg_callback) + s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, + DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + /* * we should now have wr->data pointing to the encrypted data, which is * wr->length long |