PR: 2089

author Dr. Stephen Henson <steve@openssl.org>

Mon, 2 Nov 2009 13:38:22 +0000 (13:38 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Mon, 2 Nov 2009 13:38:22 +0000 (13:38 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Mon, 2 Nov 2009 13:38:22 +0000 (13:38 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Mon, 2 Nov 2009 13:38:22 +0000 (13:38 +0000)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c

index ffc8ffe5d55d22887a93d7b8109bc8b7bfaf81d0..c1b0720bbf37dca483b42fd717861d9d146389fb 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -177,7 +177,7 @@ int dtls1_do_write(SSL *s, int type)
         {
         int ret;
         int curr_mtu;
         {
         int ret;
         int curr_mtu;
-       unsigned int len, frag_off;
+       unsigned int len, frag_off, mac_size, blocksize;
  
         /* AHA!  Figure out the MTU, and stick to the right size */
         if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
  
         /* AHA!  Figure out the MTU, and stick to the right size */
         if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
@@ -225,11 +225,22 @@ int dtls1_do_write(SSL *s, int type)
                 OPENSSL_assert(s->init_num == 
                         (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
  
                 OPENSSL_assert(s->init_num == 
                         (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
  
+       if (s->write_hash)
+               mac_size = EVP_MD_CTX_size(s->write_hash);
+       else
+               mac_size = 0;
+
+       if (s->enc_write_ctx && 
+               (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
+               blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
+       else
+               blocksize = 0;
+
         frag_off = 0;
         while( s->init_num)
                 {
                 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 
         frag_off = 0;
         while( s->init_num)
                 {
                 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 
-                       DTLS1_RT_HEADER_LENGTH;
+                       DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
  
                 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
                         {
  
                 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
                         {
@@ -237,7 +248,8 @@ int dtls1_do_write(SSL *s, int type)
                         ret = BIO_flush(SSL_get_wbio(s));
                         if ( ret <= 0)
                                 return ret;
                         ret = BIO_flush(SSL_get_wbio(s));
                         if ( ret <= 0)
                                 return ret;
-                       curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH;
+                       curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
+                               mac_size - blocksize;
                         }
  
                 if ( s->init_num > curr_mtu)
                         }
  
                 if ( s->init_num > curr_mtu)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index 77d7d878e381cf48dce1af3752ecbc3231d897f1..458b233d860d956ab115cd12fbc82d6128d8438c 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1679,13 +1679,18 @@ int ssl3_send_server_key_exchange(SSL *s)
                                 j=0;
                                 for (num=2; num > 0; num--)
                                         {
                                 j=0;
                                 for (num=2; num > 0; num--)
                                         {
-                                       EVP_DigestInit_ex(&md_ctx,(num == 2)
-                                               ?s->ctx->md5:s->ctx->sha1, NULL);
-                                       EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-                                       EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-                                       EVP_DigestUpdate(&md_ctx,&(d[4]),n);
-                                       EVP_DigestFinal_ex(&md_ctx,q,
-                                               (unsigned int *)&i);
+                                       if (!EVP_DigestInit_ex(&md_ctx,(num == 2)
+                                               ?s->ctx->md5:s->ctx->sha1, NULL)
+                                               || !EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
+                                               || !EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
+                                               || !EVP_DigestUpdate(&md_ctx,&(d[4]),n)
+                                               || !EVP_DigestFinal_ex(&md_ctx,q,
+                                               (unsigned int *)&i))
+                                               {
+                                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
+                                               goto err;
+                                               }
+                                               
                                         q+=i;
                                         j+=i;
                                         }
                                         q+=i;
                                         j+=i;
                                         }
@@ -1704,14 +1709,14 @@ int ssl3_send_server_key_exchange(SSL *s)
                                 if (pkey->type == EVP_PKEY_DSA)
                                 {
                                 /* lets do DSS */
                                 if (pkey->type == EVP_PKEY_DSA)
                                 {
                                 /* lets do DSS */
-                               EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
-                               EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-                               EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-                               EVP_SignUpdate(&md_ctx,&(d[4]),n);
-                               if (!EVP_SignFinal(&md_ctx,&(p[2]),
+                               if (!EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL)
+                                       || !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
+                                       || !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
+                                       || !EVP_SignUpdate(&md_ctx,&(d[4]),n)
+                                       || !EVP_SignFinal(&md_ctx,&(p[2]),
                                         (unsigned int *)&i,pkey))
                                         {
                                         (unsigned int *)&i,pkey))
                                         {
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
+                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
                                         goto err;
                                         }
                                 s2n(i,p);
                                         goto err;
                                         }
                                 s2n(i,p);
@@ -1723,14 +1728,14 @@ int ssl3_send_server_key_exchange(SSL *s)
                                 if (pkey->type == EVP_PKEY_EC)
                                 {
                                 /* let's do ECDSA */
                                 if (pkey->type == EVP_PKEY_EC)
                                 {
                                 /* let's do ECDSA */
-                               EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
-                               EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-                               EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-                               EVP_SignUpdate(&md_ctx,&(d[4]),n);
-                               if (!EVP_SignFinal(&md_ctx,&(p[2]),
-                                       (unsigned int *)&i,pkey))
+                               if (!EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL)
+                                       || !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
+                                       || !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
+                                       || !EVP_SignUpdate(&md_ctx,&(d[4]),n)
+                                       || !EVP_SignFinal(&md_ctx,&(p[2]),
+                                               (unsigned int *)&i,pkey))
                                         {
                                         {
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
+                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
                                         goto err;
                                         }
                                 s2n(i,p);
                                         goto err;
                                         }
                                 s2n(i,p);
@@ -2969,7 +2974,7 @@ int ssl3_send_newsession_ticket(SSL *s)
         if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
                 {
                 unsigned char *p, *senc, *macstart;
         if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
                 {
                 unsigned char *p, *senc, *macstart;
-               int len, slen;
+               int len, slen, rv = 0;
                 unsigned int hlen;
                 EVP_CIPHER_CTX ctx;
                 HMAC_CTX hctx;
                 unsigned int hlen;
                 EVP_CIPHER_CTX ctx;
                 HMAC_CTX hctx;
@@ -3024,11 +3029,21 @@ int ssl3_send_newsession_ticket(SSL *s)
                 else
                         {
                         RAND_pseudo_bytes(iv, 16);
                 else
                         {
                         RAND_pseudo_bytes(iv, 16);
+<<<<<<< s3_srvr.c
+                       if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+                                       s->ctx->tlsext_tick_aes_key, iv))
+                               goto evp_err;
+                       if (!HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key,
+                                       16, tlsext_tick_md(), NULL))
+                               goto evp_err;
+                       memcpy(key_name, s->ctx->tlsext_tick_key_name, 16);
+=======
                         EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
                                         tctx->tlsext_tick_aes_key, iv);
                         HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
                                         tlsext_tick_md(), NULL);
                         memcpy(key_name, tctx->tlsext_tick_key_name, 16);
                         EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
                                         tctx->tlsext_tick_aes_key, iv);
                         HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
                                         tlsext_tick_md(), NULL);
                         memcpy(key_name, tctx->tlsext_tick_key_name, 16);
+>>>>>>> 1.180
                         }
                 l2n(s->session->tlsext_tick_lifetime_hint, p);
                 /* Skip ticket length for now */
                         }
                 l2n(s->session->tlsext_tick_lifetime_hint, p);
                 /* Skip ticket length for now */
@@ -3041,15 +3056,26 @@ int ssl3_send_newsession_ticket(SSL *s)
                 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
                 p += EVP_CIPHER_CTX_iv_length(&ctx);
                 /* Encrypt session data */
                 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
                 p += EVP_CIPHER_CTX_iv_length(&ctx);
                 /* Encrypt session data */
-               EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
+               if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
+                       goto evp_err;
                 p += len;
                 p += len;
-               EVP_EncryptFinal(&ctx, p, &len);
+               if (!EVP_EncryptFinal(&ctx, p, &len))
+                       goto evp_err;
                 p += len;
                 p += len;
-               EVP_CIPHER_CTX_cleanup(&ctx);
  
  
-               HMAC_Update(&hctx, macstart, p - macstart);
-               HMAC_Final(&hctx, p, &hlen);
+               if (!HMAC_Update(&hctx, macstart, p - macstart))
+                       goto evp_err;
+
+               if (!HMAC_Final(&hctx, p, &hlen))
+                       goto evp_err;
+
+               rv = 1;
+
+               evp_err:
+               EVP_CIPHER_CTX_cleanup(&ctx);
                 HMAC_CTX_cleanup(&hctx);
                 HMAC_CTX_cleanup(&hctx);
+               if (!rv)
+                       return -1;
  
                 p += hlen;
                 /* Now write out lengths: p points to end of data written */
  
                 p += hlen;
                 /* Now write out lengths: p points to end of data written */
author	Dr. Stephen Henson <steve@openssl.org>
	Mon, 2 Nov 2009 13:38:22 +0000 (13:38 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Mon, 2 Nov 2009 13:38:22 +0000 (13:38 +0000)
ssl/d1_both.c		patch \| blob \| history
ssl/s3_srvr.c		patch \| blob \| history