PR: 1751
authorDr. Stephen Henson <steve@openssl.org>
Sun, 19 Apr 2009 18:03:13 +0000 (18:03 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 19 Apr 2009 18:03:13 +0000 (18:03 +0000)
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.

13 files changed:
ssl/d1_both.c
ssl/d1_clnt.c
ssl/d1_lib.c
ssl/d1_pkt.c
ssl/d1_srvr.c
ssl/dtls1.h
ssl/s3_clnt.c
ssl/s3_pkt.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl_lib.c
ssl/ssl_sess.c
ssl/t1_enc.c

index 9130983..1abfd00 100644 (file)
@@ -300,7 +300,7 @@ int dtls1_do_write(SSL *s, int type)
                                const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
                                int xlen;
 
-                               if (frag_off == 0)
+                               if (frag_off == 0 && s->version != DTLS1_BAD_VER)
                                        {
                                        /* reconstruct message header is if it
                                         * is being sent in single fragment */
@@ -407,8 +407,10 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                        s2n (msg_hdr->seq,p);
                        l2n3(0,p);
                        l2n3(msg_len,p);
-                       p       -= DTLS1_HM_HEADER_LENGTH;
-                       msg_len += DTLS1_HM_HEADER_LENGTH;
+                       if (s->version != DTLS1_BAD_VER) {
+                               p       -= DTLS1_HM_HEADER_LENGTH;
+                               msg_len += DTLS1_HM_HEADER_LENGTH;
+                       }
 
                        ssl3_finish_mac(s, p, msg_len);
                        if (s->msg_callback)
@@ -775,6 +777,13 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
                *p++=SSL3_MT_CCS;
                s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
                s->init_num=DTLS1_CCS_HEADER_LENGTH;
+
+               if (s->version == DTLS1_BAD_VER) {
+                       s->d1->next_handshake_write_seq++;
+                       s2n(s->d1->handshake_write_seq,p);
+                       s->init_num+=2;
+               }
+
                s->init_off=0;
 
                dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, 
@@ -989,7 +998,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
        if ( is_ccs)
                {
                OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
-                       DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
+                              ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
                }
        else
                {
index c151264..b2ed383 100644 (file)
@@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s);
 
 static const SSL_METHOD *dtls1_get_client_method(int ver)
        {
-       if (ver == DTLS1_VERSION)
+       if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
                return(DTLSv1_client_method());
        else
                return(NULL);
@@ -181,7 +181,8 @@ int dtls1_connect(SSL *s)
                        s->server=0;
                        if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
-                       if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+                       if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
+                           (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
                                {
                                SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
                                ret = -1;
index be47541..712b880 100644 (file)
@@ -176,7 +176,10 @@ void dtls1_free(SSL *s)
 void dtls1_clear(SSL *s)
        {
        ssl3_clear(s);
-       s->version=DTLS1_VERSION;
+       if (s->options & SSL_OP_CISCO_ANYCONNECT)
+               s->version=DTLS1_BAD_VER;
+       else
+               s->version=DTLS1_VERSION;
        }
 
 /*
index 2e9d545..918dc70 100644 (file)
@@ -591,7 +591,7 @@ again:
                                }
                        }
 
-               if ((version & 0xff00) != (DTLS1_VERSION & 0xff00))
+               if ((version & 0xff00) != (s->version & 0xff00))
                        {
                        SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
                        goto err;
@@ -1067,13 +1067,17 @@ start:
        if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
                {
                struct ccs_header_st ccs_hdr;
+               int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
 
                dtls1_get_ccs_header(rr->data, &ccs_hdr);
 
+               if (s->version == DTLS1_BAD_VER)
+                       ccs_hdr_len = 3;
+
                /* 'Change Cipher Spec' is just a single byte, so we know
                 * exactly what the record payload has to look like */
                /* XDTLS: check that epoch is consistent */
-               if (    (rr->length != DTLS1_CCS_HEADER_LENGTH) || 
+               if (    (rr->length != ccs_hdr_len) || 
                        (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
                        {
                        i=SSL_AD_ILLEGAL_PARAMETER;
@@ -1094,6 +1098,9 @@ start:
                /* do this whenever CCS is processed */
                dtls1_reset_seq_numbers(s, SSL3_CC_READ);
 
+               if (s->version == DTLS1_BAD_VER)
+                       s->d1->handshake_read_seq++;
+
                goto start;
                }
 
@@ -1401,7 +1408,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 #if 0
        /* 'create_empty_fragment' is true only when this function calls itself */
        if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
-               && SSL_version(s) != DTLS1_VERSION)
+           && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
                {
                /* countermeasure against known-IV weakness in CBC ciphersuites
                 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 
@@ -1428,7 +1435,6 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
                s->s3->empty_fragment_done = 1;
                }
 #endif
-
        p = wb->buf + prefix_len;
 
        /* write the header */
index ebd35c7..666ab75 100644 (file)
@@ -292,7 +292,8 @@ int dtls1_accept(SSL *s)
                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
 
                        /* HelloVerifyRequest resets Finished MAC */
-                       ssl3_init_finished_mac(s);
+                       if (s->version != DTLS1_BAD_VER)
+                               ssl3_init_finished_mac(s);
                        break;
                        
                case SSL3_ST_SW_SRVR_HELLO_A:
index cb8bd7c..2066638 100644 (file)
@@ -68,6 +68,7 @@ extern "C" {
 #endif
 
 #define DTLS1_VERSION                  0xFEFF
+#define DTLS1_BAD_VER                  0x0100
 
 #if 0
 /* this alert description is not specified anywhere... */
index f83389b..ceab11e 100644 (file)
@@ -737,7 +737,7 @@ int ssl3_get_server_hello(SSL *s)
 
        if (!ok) return((int)n);
 
-       if ( SSL_version(s) == DTLS1_VERSION)
+       if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
                {
                if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
                        {
index 2ae6b59..77cf037 100644 (file)
@@ -177,8 +177,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
                }
 
        /* extend reads should not span multiple packets for DTLS */
-       if ( SSL_version(s) == DTLS1_VERSION &&
-               extend)
+       if ( (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+            && extend)
                {
                if ( left > 0 && n > left)
                        n = left;
@@ -836,7 +836,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
                        return(s->s3->wpend_ret);
                        }
                else if (i <= 0) {
-                       if (s->version == DTLS1_VERSION) {
+                       if (s->version == DTLS1_VERSION ||
+                           s->version == DTLS1_BAD_VER) {
                                /* For DTLS, just drop it. That's kind of the whole
                                   point in using a datagram service */
                                wb->left = 0;
index 44a67f8..55b2166 100644 (file)
@@ -1920,7 +1920,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                        }
 
                /* TLS and [incidentally] DTLS{0xFEFF} */
-               if (s->version > SSL3_VERSION)
+               if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
                        {
                        n2s(p,i);
                        if (n != i+2)
index a9d1fa5..82fa94a 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -542,6 +542,8 @@ typedef struct ssl_session_st
 #define SSL_OP_COOKIE_EXCHANGE              0x00002000L
 /* Don't use RFC4507 ticket extension */
 #define SSL_OP_NO_TICKET                   0x00004000L
+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
+#define SSL_OP_CISCO_ANYCONNECT                    0x00008000L
 
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION  0x00010000L
index 24cd426..f305bc7 100644 (file)
@@ -1038,7 +1038,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
                s->max_cert_list=larg;
                return(l);
        case SSL_CTRL_SET_MTU:
-               if (SSL_version(s) == DTLS1_VERSION)
+               if (SSL_version(s) == DTLS1_VERSION ||
+                   SSL_version(s) == DTLS1_BAD_VER)
                        {
                        s->d1->mtu = larg;
                        return larg;
index 4c72f18..bebbfa0 100644 (file)
@@ -300,6 +300,11 @@ int ssl_get_new_session(SSL *s, int session)
                        ss->ssl_version=TLS1_VERSION;
                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
                        }
+               else if (s->version == DTLS1_BAD_VER)
+                       {
+                       ss->ssl_version=DTLS1_BAD_VER;
+                       ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+                       }
                else if (s->version == DTLS1_VERSION)
                        {
                        ss->ssl_version=DTLS1_VERSION;
index e351738..d9cb059 100644 (file)
@@ -882,7 +882,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                        mac_ctx = &hmac;
                }
 
-       if (ssl->version == DTLS1_VERSION)
+       if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
                {
                unsigned char dtlsseq[8],*p=dtlsseq;
 
@@ -911,7 +911,7 @@ printf("rec=");
 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
 
-       if (ssl->version != DTLS1_VERSION)
+       if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
                {
                for (i=7; i>=0; i--)
                        {