On Wed, 2016-10-05 at 14:40 +0100, David Woodhouse wrote: > How's this for a start...
Now I think I have it right for CCM too, although having to use strstr() for that makes me *very* sad. Next up, Chacha20-Poly1305... and then maybe I can stop worrying about new modes and ciphersuites because those won't be added in OpenSSL 1.1 and we can get OpenSSL do to this for itself before 1.2? :) /* sets the DTLS MTU and returns the actual tunnel MTU */ unsigned dtls_set_mtu(struct openconnect_info *vpninfo, unsigned mtu) { int tun_mtu; int ivlen, maclen, blocksize = 1, pad = 0; #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL <= 1.0.2 only supports CBC ciphers with PSK */ ivlen = EVP_CIPHER_iv_length(EVP_CIPHER_CTX_cipher(vpninfo->dtls_ssl->enc_write_ctx)); maclen = EVP_MD_CTX_size(vpninfo->dtls_ssl->write_hash); blocksize = ivlen; pad = 1; #else /* Now it gets more fun... */ const SSL_CIPHER *s_ciph = SSL_get_current_cipher(vpninfo->dtls_ssl); const EVP_CIPHER *e_ciph; const EVP_MD *e_md; char wtf[128]; e_ciph = EVP_get_cipherbynid(SSL_CIPHER_get_cipher_nid(s_ciph)); switch (EVP_CIPHER_mode(e_ciph)) { case EVP_CIPH_GCM_MODE: ivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN; maclen = EVP_GCM_TLS_TAG_LEN; blocksize = 1; pad = 0; break; case EVP_CIPH_CCM_MODE: ivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN; SSL_CIPHER_description(s_ciph, wtf, sizeof(wtf)); if (strstr(wtf, "CCM8")) maclen = 8; else maclen = 16; blocksize = 1; pad = 0; break; case EVP_CIPH_CBC_MODE: e_md = EVP_get_digestbynid(SSL_CIPHER_get_digest_nid(s_ciph)); blocksize = EVP_CIPHER_block_size(e_ciph); ivlen = EVP_CIPHER_iv_length(e_ciph); pad = 1; maclen = EVP_MD_size(e_md); break; case EVP_CIPH_STREAM_CIPHER: /* Seen with PSK-CHACHA20-POLY1305 */ default: printf("wtf mode %d\n", EVP_CIPHER_mode(e_ciph)); // XXX ; } #endif /* Take off the explicit IV and the MAC (XXX: overflow!) */ printf("iv %d mac %d blk %d\n", ivlen, maclen, blocksize); tun_mtu = mtu - DTLS1_RT_HEADER_LENGTH - ivlen - maclen; /* For block cipher modes round down to blocksize */ printf("tun %d & 0x%x == %d\n", tun_mtu, ~(blocksize-1), tun_mtu & (~(blocksize-1))); tun_mtu -= tun_mtu % blocksize; /* ... and CBC modes require at least one byte to indicate padding length */ tun_mtu -= pad; DTLS_set_link_mtu(vpninfo->dtls_ssl, mtu); /* We already set the link MTU, but hopefully by the time we * finish it, this function will be better at working out the * actual tunnel MTU than OpenSSL is. So do that too... */ SSL_set_mtu(vpninfo->dtls_ssl, tun_mtu); return tun_mtu; } -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev