#define TLS_CURVE_CHAR2 0x1
#define TLS_CURVE_PRIME 0x0
-static tls_curve_info nid_list[] =
+static const tls_curve_info nid_list[] =
{
{NID_sect163k1, 80, TLS_CURVE_CHAR2},/* sect163k1 (1) */
{NID_sect163r1, 80, TLS_CURVE_CHAR2},/* sect163r1 (2) */
/* See if curve is allowed by security callback */
static int tls_curve_allowed(SSL *s, const unsigned char *curve, int op)
{
- tls_curve_info *cinfo;
+ const tls_curve_info *cinfo;
if (curve[0])
return 1;
if ((curve[1] < 1) || ((size_t)curve[1] >
ret += s->alpn_client_proto_list_len;
}
- if(SSL_get_srtp_profiles(s))
+ if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
{
int el;
}
ret += el;
}
-
+ custom_ext_init(&s->cert->cli_ext);
/* Add custom TLS Extensions to ClientHello */
- if (s->cert->custom_cli_ext_records_count)
+ if (!custom_ext_add(s, 0, &ret, limit, al))
+ return NULL;
+#ifdef TLSEXT_TYPE_encrypt_then_mac
+ if (s->version != SSL3_VERSION)
{
- size_t i;
- custom_cli_ext_record* record;
-
- for (i = 0; i < s->cert->custom_cli_ext_records_count; i++)
- {
- const unsigned char* out = NULL;
- unsigned short outlen = 0;
-
- record = &s->cert->custom_cli_ext_records[i];
- /* NULL callback sends empty extension */
- /* -1 from callback omits extension */
- if (record->fn1)
- {
- int cb_retval = 0;
- cb_retval = record->fn1(s, record->ext_type,
- &out, &outlen, al,
- record->arg);
- if (cb_retval == 0)
- return NULL; /* error */
- if (cb_retval == -1)
- continue; /* skip this extension */
- }
- if (limit < ret + 4 + outlen)
- return NULL;
- s2n(record->ext_type, ret);
- s2n(outlen, ret);
- memcpy(ret, out, outlen);
- ret += outlen;
- }
+ s2n(TLSEXT_TYPE_encrypt_then_mac,ret);
+ s2n(0,ret);
}
-#ifdef TLSEXT_TYPE_encrypt_then_mac
- s2n(TLSEXT_TYPE_encrypt_then_mac,ret);
- s2n(0,ret);
#endif
/* Add padding to workaround bugs in F5 terminators.
int extdatalen=0;
unsigned char *orig = buf;
unsigned char *ret = buf;
- size_t i;
- custom_srv_ext_record *record;
#ifndef OPENSSL_NO_NEXTPROTONEG
int next_proto_neg_seen;
#endif
}
#endif
- if(s->srtp_profile)
+ if(SSL_IS_DTLS(s) && s->srtp_profile)
{
int el;
}
}
#endif
-
- for (i = 0; i < s->cert->custom_srv_ext_records_count; i++)
- {
- const unsigned char *out = NULL;
- unsigned short outlen = 0;
- int cb_retval = 0;
-
- record = &s->cert->custom_srv_ext_records[i];
-
- /* NULL callback or -1 omits extension */
- if (!record->fn2)
- continue;
- cb_retval = record->fn2(s, record->ext_type,
- &out, &outlen, al,
- record->arg);
- if (cb_retval == 0)
- return NULL; /* error */
- if (cb_retval == -1)
- continue; /* skip this extension */
- if (limit < ret + 4 + outlen)
- return NULL;
- s2n(record->ext_type, ret);
- s2n(outlen, ret);
- memcpy(ret, out, outlen);
- ret += outlen;
- }
+ if (!custom_ext_add(s, 1, &ret, limit, al))
+ return NULL;
#ifdef TLSEXT_TYPE_encrypt_then_mac
if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
{
- /* Don't use encrypt_then_mac if AEAD: might want
- * to disable for other ciphersuites too.
+ /* Don't use encrypt_then_mac if AEAD, RC4 or SSL 3.0:
+ * might want to disable for other cases too.
*/
- if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD)
+ if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD
+ || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4
+ || s->version == SSL3_VERSION)
s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
else
{
}
#endif /* !OPENSSL_NO_EC */
+
static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
{
unsigned short type;
s->s3->alpn_selected = NULL;
}
- /* Clear observed custom extensions */
- s->s3->serverinfo_client_tlsext_custom_types_count = 0;
- if (s->s3->serverinfo_client_tlsext_custom_types != NULL)
- {
- OPENSSL_free(s->s3->serverinfo_client_tlsext_custom_types);
- s->s3->serverinfo_client_tlsext_custom_types = NULL;
- }
-
#ifndef OPENSSL_NO_HEARTBEATS
s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
}
/* session ticket processed earlier */
- else if (type == TLSEXT_TYPE_use_srtp)
+ else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
+ && type == TLSEXT_TYPE_use_srtp)
{
if(ssl_parse_clienthello_use_srtp_ext(s, data, size,
al))
return 0;
}
+#ifdef TLSEXT_TYPE_encrypt_then_mac
+ else if (type == TLSEXT_TYPE_encrypt_then_mac)
+ {
+ if (s->version != SSL3_VERSION)
+ s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
+ }
+#endif
/* If this ClientHello extension was unhandled and this is
* a nonresumed connection, check whether the extension is a
* custom TLS Extension (has a custom_srv_ext_record), and if
* so call the callback and record the extension number so that
* an appropriate ServerHello may be later returned.
*/
- else if (!s->hit && s->cert->custom_srv_ext_records_count)
+ else if (!s->hit)
{
- custom_srv_ext_record *record;
-
- for (i=0; i < s->cert->custom_srv_ext_records_count; i++)
- {
- record = &s->cert->custom_srv_ext_records[i];
- if (type == record->ext_type)
- {
- if (record->fn1 && !record->fn1(s, type, data, size, al, record->arg))
- return 0;
- }
- }
+ if (custom_ext_parse(s, 1, type, data, size, al) <= 0)
+ return 0;
}
-#ifdef TLSEXT_TYPE_encrypt_then_mac
- else if (type == TLSEXT_TYPE_encrypt_then_mac)
- s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
-#endif
data+=size;
}
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n)
{
int al = -1;
+ custom_ext_init(&s->cert->srv_ext);
if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0)
{
ssl3_send_alert(s,SSL3_AL_FATAL,al);
}
}
#endif
- else if (type == TLSEXT_TYPE_use_srtp)
+ else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp)
{
if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
al))
return 0;
}
- /* If this extension type was not otherwise handled, but
- * matches a custom_cli_ext_record, then send it to the c
- * callback */
- else if (s->cert->custom_cli_ext_records_count)
- {
- size_t i;
- custom_cli_ext_record* record;
-
- for (i = 0; i < s->cert->custom_cli_ext_records_count; i++)
- {
- record = &s->cert->custom_cli_ext_records[i];
- if (record->ext_type == type)
- {
- if (record->fn2 && !record->fn2(s, type, data, size, al, record->arg))
- return 0;
- break;
- }
- }
- }
#ifdef TLSEXT_TYPE_encrypt_then_mac
else if (type == TLSEXT_TYPE_encrypt_then_mac)
{
- /* Ignore if inappropriate ciphersuite */
- if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD)
+ /* Ignore if inappropriate ciphersuite or SSL 3.0 */
+ if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
+ && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4
+ && s->version != SSL3_VERSION)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
}
#endif
+ /* If this extension type was not otherwise handled, but
+ * matches a custom_cli_ext_record, then send it to the c
+ * callback */
+ else if (custom_ext_parse(s, 0, type, data, size, al) <= 0)
+ return 0;
data += size;
}
HMAC_Final(&hctx, tick_hmac, NULL);
HMAC_CTX_cleanup(&hctx);
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
+ {
+ EVP_CIPHER_CTX_cleanup(&ctx);
return 2;
+ }
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);