On Thu, 2009-02-26 at 21:03 +0900, David Woodhouse wrote:
> On Thu, 2009-02-26 at 13:00 +0900, David Woodhouse wrote:
> > Generating a patch against HEAD will take me a little longer (and be
> > less directly useful, in the foreseeable future, because distributions
> > are actually shipping 0.9.8x.)
>
> I'm working on this; I've rediscovered my standalone test case and will
> spend much of the next 24 hours locked in airplanes where I can poke at
> it.
>
> My current patch against HEAD isn't working yet because I still need to
> add some of the existing backward-compatibility support which is in the
> stable branch but not HEAD.
I finally threw away everything I'd done and started again from scratch,
and I have it working against openssl-1.0.0-beta1.
Again, this is required for interoperation with existing OpenSSL-based
deployments which are quite common "out there", and which can't be
updated to use the "real" protocol.
Index: ssl/d1_both.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_both.c,v
retrieving revision 1.14.2.4
diff -u -p -r1.14.2.4 d1_both.c
--- ssl/d1_both.c 15 Apr 2009 14:49:36 -0000 1.14.2.4
+++ ssl/d1_both.c 19 Apr 2009 18:35:41 -0000
@@ -300,7 +300,7 @@ int dtls1_do_write(SSL *s, int type)
const struct hm_header_st *msg_hdr =
&s->d1->w_msg_hdr;
int xlen;
- if (frag_off == 0)
+ if (frag_off == 0 && s->version !=
DTLS1_BAD_VER)
{
/* reconstruct message header is if it
* is being sent in single fragment */
@@ -407,8 +407,10 @@ long dtls1_get_message(SSL *s, int st1,
s2n (msg_hdr->seq,p);
l2n3(0,p);
l2n3(msg_len,p);
- p -= DTLS1_HM_HEADER_LENGTH;
- msg_len += DTLS1_HM_HEADER_LENGTH;
+ if (s->version != DTLS1_BAD_VER) {
+ p -= DTLS1_HM_HEADER_LENGTH;
+ msg_len += DTLS1_HM_HEADER_LENGTH;
+ }
ssl3_finish_mac(s, p, msg_len);
if (s->msg_callback)
@@ -775,6 +777,13 @@ int dtls1_send_change_cipher_spec(SSL *s
*p++=SSL3_MT_CCS;
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
s->init_num=DTLS1_CCS_HEADER_LENGTH;
+
+ if (s->version == DTLS1_BAD_VER) {
+ s->d1->next_handshake_write_seq++;
+ s2n(s->d1->handshake_write_seq,p);
+ s->init_num+=2;
+ }
+
s->init_off=0;
dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
@@ -989,7 +998,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
if ( is_ccs)
{
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
+
((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned
int)s->init_num);
}
else
{
Index: ssl/d1_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.16.2.3
diff -u -p -r1.16.2.3 d1_clnt.c
--- ssl/d1_clnt.c 14 Apr 2009 14:33:12 -0000 1.16.2.3
+++ ssl/d1_clnt.c 19 Apr 2009 17:42:51 -0000
@@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s
static const SSL_METHOD *dtls1_get_client_method(int ver)
{
- if (ver == DTLS1_VERSION)
+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
return(DTLSv1_client_method());
else
return(NULL);
@@ -181,7 +181,8 @@ int dtls1_connect(SSL *s)
s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)
&&
+ (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
{
SSLerr(SSL_F_DTLS1_CONNECT,
ERR_R_INTERNAL_ERROR);
ret = -1;
Index: ssl/d1_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_lib.c,v
retrieving revision 1.8.2.1
diff -u -p -r1.8.2.1 d1_lib.c
--- ssl/d1_lib.c 14 Apr 2009 14:20:56 -0000 1.8.2.1
+++ ssl/d1_lib.c 19 Apr 2009 17:42:51 -0000
@@ -176,7 +176,10 @@ void dtls1_free(SSL *s)
void dtls1_clear(SSL *s)
{
ssl3_clear(s);
- s->version=DTLS1_VERSION;
+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ s->version=DTLS1_BAD_VER;
+ else
+ s->version=DTLS1_VERSION;
}
/*
Index: ssl/d1_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_pkt.c,v
retrieving revision 1.27.2.4
diff -u -p -r1.27.2.4 d1_pkt.c
--- ssl/d1_pkt.c 15 Apr 2009 14:49:36 -0000 1.27.2.4
+++ ssl/d1_pkt.c 19 Apr 2009 18:37:44 -0000
@@ -591,7 +591,7 @@ again:
}
}
- if ((version & 0xff00) != (DTLS1_VERSION & 0xff00))
+ if ((version & 0xff00) != (s->version & 0xff00))
{
SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
goto err;
@@ -1067,13 +1067,17 @@ start:
if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
{
struct ccs_header_st ccs_hdr;
+ int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
dtls1_get_ccs_header(rr->data, &ccs_hdr);
+ if (s->version == DTLS1_BAD_VER)
+ ccs_hdr_len = 3;
+
/* 'Change Cipher Spec' is just a single byte, so we know
* exactly what the record payload has to look like */
/* XDTLS: check that epoch is consistent */
- if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) ||
+ if ( (rr->length != ccs_hdr_len) ||
(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
{
i=SSL_AD_ILLEGAL_PARAMETER;
@@ -1094,6 +1098,9 @@ start:
/* do this whenever CCS is processed */
dtls1_reset_seq_numbers(s, SSL3_CC_READ);
+ if (s->version == DTLS1_BAD_VER)
+ s->d1->handshake_read_seq++;
+
goto start;
}
@@ -1401,7 +1408,7 @@ int do_dtls1_write(SSL *s, int type, con
#if 0
/* 'create_empty_fragment' is true only when this function calls itself
*/
if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION)
+ && SSL_version(s) != DTLS1_VERSION && SSL_version(s) !=
DTLS1_BAD_VER)
{
/* countermeasure against known-IV weakness in CBC ciphersuites
* (see http://www.openssl.org/~bodo/tls-cbc.txt)
@@ -1428,7 +1435,6 @@ int do_dtls1_write(SSL *s, int type, con
s->s3->empty_fragment_done = 1;
}
#endif
-
p = wb->buf + prefix_len;
/* write the header */
Index: ssl/d1_srvr.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_srvr.c,v
retrieving revision 1.20.2.2
diff -u -p -r1.20.2.2 d1_srvr.c
--- ssl/d1_srvr.c 14 Apr 2009 14:33:12 -0000 1.20.2.2
+++ ssl/d1_srvr.c 19 Apr 2009 18:17:04 -0000
@@ -292,7 +292,8 @@ int dtls1_accept(SSL *s)
s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
/* HelloVerifyRequest resets Finished MAC */
- ssl3_init_finished_mac(s);
+ if (s->version != DTLS1_BAD_VER)
+ ssl3_init_finished_mac(s);
break;
case SSL3_ST_SW_SRVR_HELLO_A:
Index: ssl/dtls1.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/dtls1.h,v
retrieving revision 1.12.2.4
diff -u -p -r1.12.2.4 dtls1.h
--- ssl/dtls1.h 15 Apr 2009 14:49:36 -0000 1.12.2.4
+++ ssl/dtls1.h 19 Apr 2009 17:49:49 -0000
@@ -68,6 +68,7 @@ extern "C" {
#endif
#define DTLS1_VERSION 0xFEFF
+#define DTLS1_BAD_VER 0x0100
#if 0
/* this alert description is not specified anywhere... */
Index: ssl/s3_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.129
diff -u -p -r1.129 s3_clnt.c
--- ssl/s3_clnt.c 14 Feb 2009 21:49:38 -0000 1.129
+++ ssl/s3_clnt.c 19 Apr 2009 17:42:51 -0000
@@ -737,7 +737,7 @@ int ssl3_get_server_hello(SSL *s)
if (!ok) return((int)n);
- if ( SSL_version(s) == DTLS1_VERSION)
+ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
{
if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
{
Index: ssl/s3_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_pkt.c,v
retrieving revision 1.72.2.2
diff -u -p -r1.72.2.2 s3_pkt.c
--- ssl/s3_pkt.c 16 Apr 2009 17:22:50 -0000 1.72.2.2
+++ ssl/s3_pkt.c 19 Apr 2009 18:22:32 -0000
@@ -177,8 +177,8 @@ int ssl3_read_n(SSL *s, int n, int max,
}
/* extend reads should not span multiple packets for DTLS */
- if ( SSL_version(s) == DTLS1_VERSION &&
- extend)
+ if ( (SSL_version(s) == DTLS1_VERSION || SSL_version(s) ==
DTLS1_BAD_VER)
+ && extend)
{
if ( left > 0 && n > left)
n = left;
@@ -836,7 +836,8 @@ int ssl3_write_pending(SSL *s, int type,
return(s->s3->wpend_ret);
}
else if (i <= 0) {
- if (s->version == DTLS1_VERSION) {
+ if (s->version == DTLS1_VERSION ||
+ s->version == DTLS1_BAD_VER) {
/* For DTLS, just drop it. That's kind of the
whole
point in using a datagram service */
wb->left = 0;
Index: ssl/s3_srvr.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.171
diff -u -p -r1.171 s3_srvr.c
--- ssl/s3_srvr.c 7 Jan 2009 23:44:27 -0000 1.171
+++ ssl/s3_srvr.c 19 Apr 2009 18:23:54 -0000
@@ -1920,7 +1920,7 @@ int ssl3_get_client_key_exchange(SSL *s)
}
/* TLS and [incidentally] DTLS{0xFEFF} */
- if (s->version > SSL3_VERSION)
+ if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
{
n2s(p,i);
if (n != i+2)
Index: ssl/ssl.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl.h,v
retrieving revision 1.221.2.3
diff -u -p -r1.221.2.3 ssl.h
--- ssl/ssl.h 7 Apr 2009 17:01:07 -0000 1.221.2.3
+++ ssl/ssl.h 19 Apr 2009 17:42:51 -0000
@@ -542,6 +542,8 @@ typedef struct ssl_session_st
#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET 0x00004000L
+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
+#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
Index: ssl/ssl_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_lib.c,v
retrieving revision 1.176.2.1
diff -u -p -r1.176.2.1 ssl_lib.c
--- ssl/ssl_lib.c 4 Apr 2009 17:57:33 -0000 1.176.2.1
+++ ssl/ssl_lib.c 19 Apr 2009 17:42:51 -0000
@@ -1038,7 +1038,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
s->max_cert_list=larg;
return(l);
case SSL_CTRL_SET_MTU:
- if (SSL_version(s) == DTLS1_VERSION)
+ if (SSL_version(s) == DTLS1_VERSION ||
+ SSL_version(s) == DTLS1_BAD_VER)
{
s->d1->mtu = larg;
return larg;
Index: ssl/ssl_sess.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.74
diff -u -p -r1.74 ssl_sess.c
--- ssl/ssl_sess.c 15 Nov 2008 17:18:11 -0000 1.74
+++ ssl/ssl_sess.c 19 Apr 2009 17:42:51 -0000
@@ -300,6 +300,11 @@ int ssl_get_new_session(SSL *s, int sess
ss->ssl_version=TLS1_VERSION;
ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
}
+ else if (s->version == DTLS1_BAD_VER)
+ {
+ ss->ssl_version=DTLS1_BAD_VER;
+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ }
else if (s->version == DTLS1_VERSION)
{
ss->ssl_version=DTLS1_VERSION;
Index: ssl/t1_enc.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/t1_enc.c,v
retrieving revision 1.57
diff -u -p -r1.57 t1_enc.c
--- ssl/t1_enc.c 11 Jan 2009 20:34:23 -0000 1.57
+++ ssl/t1_enc.c 19 Apr 2009 18:40:43 -0000
@@ -882,7 +882,7 @@ int tls1_mac(SSL *ssl, unsigned char *md
mac_ctx = &hmac;
}
- if (ssl->version == DTLS1_VERSION)
+ if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
{
unsigned char dtlsseq[8],*p=dtlsseq;
@@ -911,7 +911,7 @@ printf("rec=");
{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]);
printf("\n"); }
#endif
- if (ssl->version != DTLS1_VERSION)
+ if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
{
for (i=7; i>=0; i--)
{
--
dwmw2
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
