/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-dtls-fixes2.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-dtls-fixes2.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Feb 18 03:03:10 2014 UTC (10 years, 8 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Initial import

1 wellsi 1.1 diff -up openssl-fips-0.9.8e/ssl/d1_pkt.c.dtls-fixes2 openssl-fips-0.9.8e/ssl/d1_pkt.c
2     --- openssl-fips-0.9.8e/ssl/d1_pkt.c.dtls-fixes2 2012-01-16 11:00:34.242797904 +0100
3     +++ openssl-fips-0.9.8e/ssl/d1_pkt.c 2012-01-18 15:45:25.144865068 +0100
4     @@ -134,7 +134,7 @@ static int dtls1_record_needs_buffering(
5     unsigned short *priority, unsigned long *offset);
6     #endif
7     static int dtls1_buffer_record(SSL *s, record_pqueue *q,
8     - PQ_64BIT priority);
9     + PQ_64BIT *priority);
10     static int dtls1_process_record(SSL *s);
11     #if PQ_64BIT_IS_INTEGER
12     static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
13     @@ -156,13 +156,16 @@ dtls1_copy_record(SSL *s, pitem *item)
14     s->packet_length = rdata->packet_length;
15     memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
16     memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
17     +
18     + /* Set proper sequence number for mac calculation */
19     + memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
20    
21     return(1);
22     }
23    
24    
25     static int
26     -dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority)
27     +dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT *priority)
28     {
29     DTLS1_RECORD_DATA *rdata;
30     pitem *item;
31     @@ -172,7 +175,7 @@ dtls1_buffer_record(SSL *s, record_pqueu
32     return 0;
33    
34     rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
35     - item = pitem_new(priority, rdata);
36     + item = pitem_new(*priority, rdata);
37     if (rdata == NULL || item == NULL)
38     {
39     if (rdata != NULL) OPENSSL_free(rdata);
40     @@ -253,9 +256,6 @@ dtls1_process_buffered_records(SSL *s)
41     item = pqueue_peek(s->d1->unprocessed_rcds.q);
42     if (item)
43     {
44     - DTLS1_RECORD_DATA *rdata;
45     - rdata = (DTLS1_RECORD_DATA *)item->data;
46     -
47     /* Check if epoch is current. */
48     if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
49     return(1); /* Nothing to do. */
50     @@ -267,7 +267,7 @@ dtls1_process_buffered_records(SSL *s)
51     if ( ! dtls1_process_record(s))
52     return(0);
53     dtls1_buffer_record(s, &(s->d1->processed_rcds),
54     - s->s3->rrec.seq_num);
55     + &s->s3->rrec.seq_num);
56     }
57     }
58    
59     @@ -328,13 +328,15 @@ dtls1_get_buffered_record(SSL *s)
60     static int
61     dtls1_process_record(SSL *s)
62     {
63     - int i,al;
64     + int al;
65     int clear=0;
66     int enc_err;
67     SSL_SESSION *sess;
68     SSL3_RECORD *rr;
69     unsigned int mac_size;
70     unsigned char md[EVP_MAX_MD_SIZE];
71     + int decryption_failed_or_bad_record_mac = 0;
72     + unsigned char *mac = NULL;
73    
74    
75     rr= &(s->s3->rrec);
76     @@ -369,12 +371,10 @@ dtls1_process_record(SSL *s)
77     enc_err = s->method->ssl3_enc->enc(s,0);
78     if (enc_err <= 0)
79     {
80     - if (enc_err == 0)
81     - /* SSLerr() and ssl3_send_alert() have been called */
82     - goto err;
83     -
84     - /* otherwise enc_err == -1 */
85     - goto decryption_failed_or_bad_record_mac;
86     + /* To minimize information leaked via timing, we will always
87     + * perform all computations before discarding the message.
88     + */
89     + decryption_failed_or_bad_record_mac = 1;
90     }
91    
92     #ifdef TLS_DEBUG
93     @@ -400,28 +400,32 @@ if ( (sess == NULL) ||
94     SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
95     goto f_err;
96     #else
97     - goto decryption_failed_or_bad_record_mac;
98     + decryption_failed_or_bad_record_mac = 1;
99     #endif
100     }
101     /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
102     - if (rr->length < mac_size)
103     + if (rr->length >= mac_size)
104     {
105     -#if 0 /* OK only for stream ciphers */
106     - al=SSL_AD_DECODE_ERROR;
107     - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
108     - goto f_err;
109     -#else
110     - goto decryption_failed_or_bad_record_mac;
111     -#endif
112     + rr->length -= mac_size;
113     + mac = &rr->data[rr->length];
114     }
115     - rr->length-=mac_size;
116     - i=s->method->ssl3_enc->mac(s,md,0);
117     - if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
118     + else
119     + rr->length = 0;
120     + s->method->ssl3_enc->mac(s,md,0);
121     + if (mac == NULL || memcmp(md, mac, mac_size) != 0)
122     {
123     - goto decryption_failed_or_bad_record_mac;
124     + decryption_failed_or_bad_record_mac = 1;
125     }
126     }
127    
128     + if (decryption_failed_or_bad_record_mac)
129     + {
130     + /* decryption failed, silently discard message */
131     + rr->length = 0;
132     + s->packet_length = 0;
133     + goto err;
134     + }
135     +
136     /* r->length is now just compressed */
137     if (s->expand != NULL)
138     {
139     @@ -460,14 +464,6 @@ if ( (sess == NULL) ||
140     dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
141     return(1);
142    
143     -decryption_failed_or_bad_record_mac:
144     - /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
145     - * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
146     - * failure is directly visible from the ciphertext anyway,
147     - * we should not reveal which kind of error occured -- this
148     - * might become visible to an attacker (e.g. via logfile) */
149     - al=SSL_AD_BAD_RECORD_MAC;
150     - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
151     f_err:
152     ssl3_send_alert(s,SSL3_AL_FATAL,al);
153     err:
154     @@ -486,22 +482,19 @@ err:
155     /* used only by dtls1_read_bytes */
156     int dtls1_get_record(SSL *s)
157     {
158     - int ssl_major,ssl_minor,al;
159     + int ssl_major,ssl_minor;
160     int i,n;
161     SSL3_RECORD *rr;
162     - SSL_SESSION *sess;
163     - unsigned char *p;
164     + unsigned char *p = NULL;
165     unsigned short version;
166     DTLS1_BITMAP *bitmap;
167     unsigned int is_next_epoch;
168    
169     rr= &(s->s3->rrec);
170     - sess=s->session;
171    
172     /* The epoch may have changed. If so, process all the
173     * pending records. This is a non-blocking operation. */
174     - if ( ! dtls1_process_buffered_records(s))
175     - return 0;
176     + dtls1_process_buffered_records(s);
177    
178     /* if we're renegotiating, then there may be buffered records */
179     if (dtls1_get_processed_record(s))
180     @@ -517,7 +510,12 @@ again:
181     /* read timeout is handled by dtls1_read_bytes */
182     if (n <= 0) return(n); /* error or non-blocking */
183    
184     - OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH);
185     + /* this packet contained a partial record, dump it */
186     + if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
187     + {
188     + s->packet_length = 0;
189     + goto again;
190     + }
191    
192     s->rstate=SSL_ST_READ_BODY;
193    
194     @@ -542,27 +540,28 @@ again:
195     {
196     if (version != s->version && version != DTLS1_BAD_VER)
197     {
198     - SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
199     - /* Send back error using their
200     - * version number :-) */
201     - s->version=version;
202     - al=SSL_AD_PROTOCOL_VERSION;
203     - goto f_err;
204     + /* unexpected version, silently discard */
205     + rr->length = 0;
206     + s->packet_length = 0;
207     + goto again;
208     }
209     }
210    
211     if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
212     (version & 0xff00) != (DTLS1_BAD_VER & 0xff00))
213     {
214     - SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
215     - goto err;
216     + /* wrong version, silently discard record */
217     + rr->length = 0;
218     + s->packet_length = 0;
219     + goto again;
220     }
221    
222     if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
223     {
224     - al=SSL_AD_RECORD_OVERFLOW;
225     - SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
226     - goto f_err;
227     + /* record too long, silently discard it */
228     + rr->length = 0;
229     + s->packet_length = 0;
230     + goto again;
231     }
232    
233     s->client_version = version;
234     @@ -581,6 +580,7 @@ again:
235     /* this packet contained a partial record, dump it */
236     if ( n != i)
237     {
238     + rr->length = 0;
239     s->packet_length = 0;
240     goto again;
241     }
242     @@ -594,6 +594,7 @@ again:
243     bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
244     if ( bitmap == NULL)
245     {
246     + rr->length = 0;
247     s->packet_length = 0; /* dump this record */
248     goto again; /* get another record */
249     }
250     @@ -601,6 +602,7 @@ again:
251     /* check whether this is a repeat, or aged record */
252     if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))
253     {
254     + rr->length = 0;
255     s->packet_length=0; /* dump this record */
256     goto again; /* get another record */
257     }
258     @@ -615,21 +617,22 @@ again:
259     if (is_next_epoch)
260     {
261     dtls1_record_bitmap_update(s, bitmap);
262     - dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
263     + dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num);
264     + rr->length = 0;
265     s->packet_length = 0;
266     goto again;
267     }
268    
269     - if ( ! dtls1_process_record(s))
270     - return(0);
271     + if (!dtls1_process_record(s))
272     + {
273     + rr->length = 0;
274     + s->packet_length=0; /* dump this record */
275     + goto again; /* get another record */
276     + }
277    
278     dtls1_clear_timeouts(s); /* done waiting */
279     return(1);
280    
281     -f_err:
282     - ssl3_send_alert(s,SSL3_AL_FATAL,al);
283     -err:
284     - return(0);
285     }
286    
287     /* Return up to 'len' payload bytes received in 'type' records.

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed