diff --git a/CHANGES.SSLeay b/CHANGES.SSLeay index dbb80b003d81ae4bfaa3607572116fb59190dab6..ca5cd729767806167a85341e4e547e4b70cbf2c3 100644 --- a/CHANGES.SSLeay +++ b/CHANGES.SSLeay @@ -148,7 +148,7 @@ eric (about to go bushwalking for the 4 day easter break :-) This would tend to cause memory overwrites since SSLv3 has a maximum packet size of 16k. If your program uses buffers <= 16k, you would probably never see this problem. - - Fixed a new errors that were cause by malloc() not returning + - Fixed a few errors that were cause by malloc() not returning 0 initialised memory.. - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing diff --git a/apps/cms.c b/apps/cms.c index b7382a4f1f4f1f374bc1407fb7b5482d6c9b4d2b..f16e6469a777fcee390ecf603b98a79eedbc425c 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -704,7 +704,7 @@ int MAIN(int argc, char **argv) if (secret_key && !secret_keyid) { - BIO_printf(bio_err, "No sectre key id\n"); + BIO_printf(bio_err, "No secret key id\n"); goto end; } diff --git a/apps/s_server.c b/apps/s_server.c index b6cc5eecb711c8dbce609bee6af8bd40f8b48990..dffa5d31512bd8f33aa707b53b3559e6fc6b70f6 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -671,7 +671,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) return p->extension_error; if (ctx2) { - BIO_printf(p->biodebug,"Swiching server context.\n"); + BIO_printf(p->biodebug,"Switching server context.\n"); SSL_set_SSL_CTX(s,ctx2); } } diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index f3fc4f111a86cf2ac8b30d556654ad24e9e892ba..44eb2bbc9798123e0d625be522a757a672d6b650 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -205,7 +205,7 @@ int CRYPTO_get_new_lockid(char *name) #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) /* A hack to make Visual C++ 5.0 work correctly when linking as * a DLL using /MT. Without this, the application cannot use - * and floating point printf's. + * any floating point printf's. * It also seems to be needed for Visual C 1.5 (win16) */ SSLeay_MSVC5_hack=(double)name[0]*(double)name[1]; #endif diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 139cfe1794a6bf6949b182f83581691a0f761742..ac793397f10f5289fe0d1a5ac1cc8ad3e33f4b28 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -787,7 +787,7 @@ void CRYPTO_mem_leaks(BIO *b) * XXX This should be in CRYPTO_mem_leaks_cb, * and CRYPTO_mem_leaks should be implemented by * using CRYPTO_mem_leaks_cb. - * (Also their should be a variant of lh_doall_arg + * (Also there should be a variant of lh_doall_arg * that takes a function pointer instead of a void *; * this would obviate the ugly and illegal * void_fn_to_char kludge in CRYPTO_mem_leaks_cb. diff --git a/crypto/symhacks.h b/crypto/symhacks.h index da08f5fddc509b55cf1752db451137a40045e6fb..35e164121e50e59817d2a30945c6ab7659dffd9f 100644 --- a/crypto/symhacks.h +++ b/crypto/symhacks.h @@ -382,7 +382,7 @@ #endif /* defined OPENSSL_SYS_VMS */ -/* Case insensiteve linking causes problems.... */ +/* Case insensitive linking causes problems.... */ #if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) #undef ERR_load_CRYPTO_strings #define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 84c0f5bc5c152871971cbf45f3d45942a22a22ef..790a6dd03280868366303cf209433ac040d693cc 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -152,7 +152,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, sk_X509_NAME_ENTRY_num(rnm) - 1)->set) { X509V3err(X509V3_F_SET_DIST_POINT_NAME, - X509V3_R_INVAID_MULTIPLE_RDNS); + X509V3_R_INVALID_MULTIPLE_RDNS); goto err; } } diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index 601211f41691f75f34eb40c79d8c0c4fd083a136..c254b2ff981f6ee98c5656d34537650e9df10a75 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -82,7 +82,7 @@ static int process_pci_value(CONF_VALUE *val, { if (*language) { - X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED); X509V3_conf_err(val); return 0; } @@ -97,7 +97,7 @@ static int process_pci_value(CONF_VALUE *val, { if (*pathlen) { - X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); X509V3_conf_err(val); return 0; } diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 86efc4b5b5468838ec81c69876118b646a312fc4..f9f6f1f91f4df1a1c812180036787f36aacb44e6 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -159,7 +159,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"}, {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"}, {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"}, -{ERR_REASON(X509V3_R_INVAID_MULTIPLE_RDNS),"invaid multiple rdns"}, +{ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS),"invalid multiple rdns"}, {ERR_REASON(X509V3_R_INVALID_ASNUMBER) ,"invalid asnumber"}, {ERR_REASON(X509V3_R_INVALID_ASRANGE) ,"invalid asrange"}, {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"}, @@ -193,9 +193,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"}, {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"}, {ERR_REASON(X509V3_R_OTHERNAME_ERROR) ,"othername error"}, -{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"}, +{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),"policy language already defined"}, {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"}, -{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"}, +{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),"policy path length already defined"}, {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"}, {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"}, {ERR_REASON(X509V3_R_SECTION_NOT_FOUND) ,"section not found"}, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 0ea97d18d4049ab2711ca8901ab8a1950f63dbcf..f9bacb6f015a604b28798d42b14cddd16b761657 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -951,7 +951,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 #define X509V3_R_ILLEGAL_HEX_DIGIT 113 #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 -#define X509V3_R_INVAID_MULTIPLE_RDNS 161 +#define X509V3_R_INVALID_MULTIPLE_RDNS 161 #define X509V3_R_INVALID_ASNUMBER 162 #define X509V3_R_INVALID_ASRANGE 163 #define X509V3_R_INVALID_BOOLEAN_STRING 104 @@ -985,9 +985,9 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 #define X509V3_R_OPERATION_NOT_DEFINED 148 #define X509V3_R_OTHERNAME_ERROR 147 -#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 +#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 #define X509V3_R_POLICY_PATH_LENGTH 156 -#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 +#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 #define X509V3_R_SECTION_NOT_FOUND 150 diff --git a/doc/crypto/BIO_s_mem.pod b/doc/crypto/BIO_s_mem.pod index 19648acfae0f265b00ced60ee855851fd94d497a..8f85e0dceeb7f29a1207770a119618258b5ea4ca 100644 --- a/doc/crypto/BIO_s_mem.pod +++ b/doc/crypto/BIO_s_mem.pod @@ -74,7 +74,7 @@ Writes to memory BIOs will always succeed if memory is available: that is their size can grow indefinitely. Every read from a read write memory BIO will remove the data just read with -an internal copy operation, if a BIO contains a lots of data and it is +an internal copy operation, if a BIO contains a lot of data and it is read in small chunks the operation can be very slow. The use of a read only memory BIO avoids this problem. If the BIO must be read write then adding a buffering BIO to the chain will speed up the process. diff --git a/doc/ssleay.txt b/doc/ssleay.txt index a8b04d7059a3b05fe5207e5e8e555d48b0c8425f..4d2e7148681dc4d794ba1c42793b446a61551bc5 100644 --- a/doc/ssleay.txt +++ b/doc/ssleay.txt @@ -20,7 +20,7 @@ don't do that. ==== readme ======================================================== This is the old 0.6.6 docuementation. Most of the cipher stuff is still -relevent but I'm working (very slowly) on new docuemtation. +relevent but I'm working (very slowly) on new documentation. The current version can be found online at http://www.cryptsoft.com/ssleay/doc @@ -548,8 +548,8 @@ application, ssleay. This one program is composed of many programs that can all be compiled independantly. ssleay has 3 modes of operation. -1) If the ssleay binaray has the name of one of its component programs, it -executes that program and then exits. This can be achieve by using hard or +1) If the ssleay binary has the name of one of its component programs, it +executes that program and then exits. This can be achieved by using hard or symbolic links, or failing that, just renaming the binary. 2) If the first argument to ssleay is the name of one of the component programs, that program runs that program and then exits. @@ -1185,7 +1185,7 @@ typedef struct bio_st example is for BIO_s_sock(). A socket needs to be assigned to the BIO before it can be used. - 'shutdown', this flag indicates if the underlying - comunication primative being used should be closed/freed + communication primitive being used should be closed/freed when the BIO is closed. - 'flags' is used to hold extra state. It is primarily used to hold information about why a non-blocking operation @@ -1799,7 +1799,7 @@ int BN_set_word(BIGNUM *a, unsigned long w); unsigned long BN_get_word(BIGNUM *a); Returns 'a' in an unsigned long. Not remarkably, often 'a' will - be biger than a word, in which case 0xffffffffL is returned. + be bigger than a word, in which case 0xffffffffL is returned. Word Operations These functions are much more efficient that the normal bignum arithmetic @@ -2058,7 +2058,7 @@ Now you will notice that macros like PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ (char *)x, NULL,NULL,0,NULL) Don't do encryption normally. If you want to PEM encrypt your X509 structure, -either just call PEM_ASN1_write directly or just define you own +either just call PEM_ASN1_write directly or just define your own macro variant. As you can see, this macro just sets all encryption related parameters to NULL. @@ -5566,7 +5566,7 @@ These 2 functions create and destroy SSL_CTX structures The SSL_CTX has a session_cache_mode which is by default, in SSL_SESS_CACHE_SERVER mode. What this means is that the library -will automatically add new session-id's to the cache apon sucsessful +will automatically add new session-id's to the cache upon successful SSL_accept() calls. If SSL_SESS_CACHE_CLIENT is set, then client certificates are also added to the cache. @@ -5580,12 +5580,12 @@ SSL_SESS_NO_CACHE_BOTH - Either SSL_accept() or SSL_connect(). If SSL_SESS_CACHE_NO_AUTO_CLEAR is set, old timed out sessions are not automatically removed each 255, SSL_connect()s or SSL_accept()s. -By default, apon every 255 successful SSL_connect() or SSL_accept()s, +By default, upon every 255 successful SSL_connect() or SSL_accept()s, the cache is flush. Please note that this could be expensive on a heavily loaded SSL server, in which case, turn this off and clear the cache of old entries 'manually' (with one of the functions listed below) every few hours. Perhaps I should up this number, it is hard -to say. Remember, the '255' new calls is just a mechanims to get called +to say. Remember, the '255' new calls is just a mechanism to get called every now and then, in theory at most 255 new session-id's will have been added but if 100 are added every minute, you would still have 500 in the cache before any would start being flushed (assuming a 3 minute @@ -5628,10 +5628,10 @@ if copy is 1. Otherwise, the reference count is not modified. void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback. -These callbacks are basically indended to be used by processes to +These callbacks are basically intended to be used by processes to send their session-id's to other processes. I currently have not implemented -non-blocking semantics for these callbacks, it is upto the appication -to make the callbacks effiecent if they require blocking (perhaps +non-blocking semantics for these callbacks, it is upto the application +to make the callbacks efficient if they require blocking (perhaps by 'saving' them and then 'posting them' when control returns from the SSL_accept(). @@ -6589,7 +6589,7 @@ This information can be used to recall the functions when the 'error' condition has dissapeared. After the connection has been made, information can be retrived about the -SSL session and the session-id values that have been decided apon. +SSL session and the session-id values that have been decided upon. The 'peer' certificate can be retrieved. The session-id values include diff --git a/e_os.h b/e_os.h index c6c6082c83feb2da2499ca3972492af6fdbf7fd4..3fbfe8e0ba69c3badc359d1057542dc3a21f0587 100644 --- a/e_os.h +++ b/e_os.h @@ -112,7 +112,7 @@ extern "C" { /******************************************************************** The Microsoft section ********************************************************************/ -/* The following is used becaue of the small stack in some +/* The following is used because of the small stack in some * Microsoft operating systems */ #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32) # define MS_STATIC static @@ -275,14 +275,14 @@ extern "C" { # if !defined(OPENSSL_NO_SOCK) && defined(_WIN32_WINNT) /* * Just like defining _WIN32_WINNT including winsock2.h implies - * certain "discipline" for maintaing [broad] binary compatibility. + * certain "discipline" for maintaining [broad] binary compatibility. * As long as structures are invariant among Winsock versions, * it's sufficient to check for specific Winsock2 API availability * at run-time [DSO_global_lookup is recommended]... */ # include # include - /* yes, they have to be #included prior */ + /* yes, they have to be #included prior to */ # endif # include # include @@ -372,7 +372,7 @@ static unsigned int _strlen31(const char *str) # define DEFAULT_HOME "C:" # endif -#else /* The non-microsoft world world */ +#else /* The non-microsoft world */ # ifdef OPENSSL_SYS_VMS # define VMS 1 diff --git a/e_os2.h b/e_os2.h index e17527ab404b25660434dc24c3f3c8cc59c6fbea..4c785c62cf7a7c1aa7d41f0921b4f82ec85f9668 100644 --- a/e_os2.h +++ b/e_os2.h @@ -262,7 +262,7 @@ extern "C" { #define OPENSSL_EXTERN OPENSSL_IMPORT /* Macros to allow global variables to be reached through function calls when - required (if a shared library version requvres it, for example. + required (if a shared library version requires it, for example. The way it's done allows definitions like this: // in foobar.c diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c index 37c4d656fff92f7ce9c8e7ea982c5c50f48a1b25..5d04a17821aae549d8e9272fef01ce569f14182d 100644 --- a/engines/ccgost/gost94_keyx.c +++ b/engines/ccgost/gost94_keyx.c @@ -25,7 +25,7 @@ /* Computes Diffie-Hellman key and stores it into buffer in * little-endian byte order as expected by both versions of GOST 94 - * algorigthm + * algorithm */ static int compute_pair_key_le(unsigned char *pair_key,BIGNUM *pub_key,DH *dh) { diff --git a/engines/ccgost/gost_sign.c b/engines/ccgost/gost_sign.c index 2593ab0d0795e39a50f536f975ed55e6b55dc10a..4095654358fac8537db90b956effe9bbeed0a716 100644 --- a/engines/ccgost/gost_sign.c +++ b/engines/ccgost/gost_sign.c @@ -3,7 +3,7 @@ * Copyright (c) 2005-2006 Cryptocom LTD * * This file is distributed under the same license as OpenSSL * * * - * Implementation of GOST R 34.10-94 signature algoritgthm * + * Implementation of GOST R 34.10-94 signature algorithm * * for OpenSSL * * Requires OpenSSL 0.9.9 for compilation * **********************************************************************/ diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 913098361143506950154849ce0f8e58c49c8806..1abfd0007a1d0cc9b11d9c793ae7300035a469b4 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -300,7 +300,7 @@ int dtls1_do_write(SSL *s, int type) const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; int xlen; - if (frag_off == 0) + if (frag_off == 0 && s->version != DTLS1_BAD_VER) { /* reconstruct message header is if it * is being sent in single fragment */ @@ -407,8 +407,10 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) s2n (msg_hdr->seq,p); l2n3(0,p); l2n3(msg_len,p); - p -= DTLS1_HM_HEADER_LENGTH; - msg_len += DTLS1_HM_HEADER_LENGTH; + if (s->version != DTLS1_BAD_VER) { + p -= DTLS1_HM_HEADER_LENGTH; + msg_len += DTLS1_HM_HEADER_LENGTH; + } ssl3_finish_mac(s, p, msg_len); if (s->msg_callback) @@ -775,6 +777,13 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) *p++=SSL3_MT_CCS; s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->init_num=DTLS1_CCS_HEADER_LENGTH; + + if (s->version == DTLS1_BAD_VER) { + s->d1->next_handshake_write_seq++; + s2n(s->d1->handshake_write_seq,p); + s->init_num+=2; + } + s->init_off=0; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, @@ -989,7 +998,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) if ( is_ccs) { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); + ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num); } else { diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index c151264e56381e9e1f2c578bb6f2fc5a06801e1a..b2ed383c3429bdef0dfb1279e348a8a646984916 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s); static const SSL_METHOD *dtls1_get_client_method(int ver) { - if (ver == DTLS1_VERSION) + if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) return(DTLSv1_client_method()); else return(NULL); @@ -181,7 +181,8 @@ int dtls1_connect(SSL *s) s->server=0; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) + if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && + (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) { SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); ret = -1; diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index be4754144055cf6d38875eecb6c4d01012d22aae..712b880f919a7df00ac3c11a86c9ae4dedac5da7 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -176,7 +176,10 @@ void dtls1_free(SSL *s) void dtls1_clear(SSL *s) { ssl3_clear(s); - s->version=DTLS1_VERSION; + if (s->options & SSL_OP_CISCO_ANYCONNECT) + s->version=DTLS1_BAD_VER; + else + s->version=DTLS1_VERSION; } /* diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 2e9d5452f7beb23679ea58275b534c52ff779804..918dc70798eac91a112c5f9fd4b1af948175655a 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -591,7 +591,7 @@ again: } } - if ((version & 0xff00) != (DTLS1_VERSION & 0xff00)) + if ((version & 0xff00) != (s->version & 0xff00)) { SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto err; @@ -1067,13 +1067,17 @@ start: if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { struct ccs_header_st ccs_hdr; + int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; dtls1_get_ccs_header(rr->data, &ccs_hdr); + if (s->version == DTLS1_BAD_VER) + ccs_hdr_len = 3; + /* 'Change Cipher Spec' is just a single byte, so we know * exactly what the record payload has to look like */ /* XDTLS: check that epoch is consistent */ - if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) || + if ( (rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { i=SSL_AD_ILLEGAL_PARAMETER; @@ -1094,6 +1098,9 @@ start: /* do this whenever CCS is processed */ dtls1_reset_seq_numbers(s, SSL3_CC_READ); + if (s->version == DTLS1_BAD_VER) + s->d1->handshake_read_seq++; + goto start; } @@ -1401,7 +1408,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, #if 0 /* 'create_empty_fragment' is true only when this function calls itself */ if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done - && SSL_version(s) != DTLS1_VERSION) + && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) { /* countermeasure against known-IV weakness in CBC ciphersuites * (see http://www.openssl.org/~bodo/tls-cbc.txt) @@ -1428,7 +1435,6 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, s->s3->empty_fragment_done = 1; } #endif - p = wb->buf + prefix_len; /* write the header */ diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index ebd35c71617b46f2c5a470d7d857baf2bdd8fc3f..666ab75d1dd2fd3da38688e84f04fc6f1c9b3426 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -292,7 +292,8 @@ int dtls1_accept(SSL *s) s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; /* HelloVerifyRequest resets Finished MAC */ - ssl3_init_finished_mac(s); + if (s->version != DTLS1_BAD_VER) + ssl3_init_finished_mac(s); break; case SSL3_ST_SW_SRVR_HELLO_A: diff --git a/ssl/dtls1.h b/ssl/dtls1.h index cb8bd7cdfe10268c8fcd25224ecb0665bce8603e..2066638f9425aab45f27d7857da573fd36dc16f6 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -68,6 +68,7 @@ extern "C" { #endif #define DTLS1_VERSION 0xFEFF +#define DTLS1_BAD_VER 0x0100 #if 0 /* this alert description is not specified anywhere... */ diff --git a/ssl/kssl.c b/ssl/kssl.c index 864eb836083c8d35ad290d6a69bc63df6175958a..73401c92a3e9be7a449c0e4be682100b6d6ea7aa 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -68,11 +68,6 @@ #include -#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */ -#include -#if 0 /* Experimental */ -#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */ -#endif #include #define KRB5_PRIVATE 1 diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f83389b54369531e03ecf207074436e36a558e4e..ceab11eb4aea730dec1f0a73ef032ab2d8444f7a 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -737,7 +737,7 @@ int ssl3_get_server_hello(SSL *s) if (!ok) return((int)n); - if ( SSL_version(s) == DTLS1_VERSION) + if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 00faadf8984ef0151b915f38e13fbf811f7d294c..3d7aec97a2028fea35fb8aa4bae6ae3c63a26ccd 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -655,7 +655,7 @@ static int ssl3_handshake_mac(SSL *s, int md_nid, if (!ssl3_digest_cached_records(s)) return 0; - /* Search for djgest of specified type in the handshake_dgst + /* Search for digest of specified type in the handshake_dgst * array*/ for (i=0;i 0 && n > left) n = left; @@ -836,9 +836,9 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, return(s->s3->wpend_ret); } else if (i <= 0) { - if (s->version == DTLS1_VERSION) { - /* For DTLS, just drop it. That's kind of the wh -ole + if (s->version == DTLS1_VERSION || + s->version == DTLS1_BAD_VER) { + /* For DTLS, just drop it. That's kind of the whole point in using a datagram service */ wb->left = 0; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 44a67f86d54ff649441297ed8c8ecca3791f291a..55b2166d2b0a702d6ebffeb73a6f4d115a2727f8 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1920,7 +1920,7 @@ int ssl3_get_client_key_exchange(SSL *s) } /* TLS and [incidentally] DTLS{0xFEFF} */ - if (s->version > SSL3_VERSION) + if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) { n2s(p,i); if (n != i+2) diff --git a/ssl/ssl.h b/ssl/ssl.h index a9d1fa5fccef0f3f896bb401c2b91160de173d00..82fa94a07d53bd27f48798f2149333434650fba8 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -542,6 +542,8 @@ typedef struct ssl_session_st #define SSL_OP_COOKIE_EXCHANGE 0x00002000L /* Don't use RFC4507 ticket extension */ #define SSL_OP_NO_TICKET 0x00004000L +/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ +#define SSL_OP_CISCO_ANYCONNECT 0x00008000L /* As server, disallow session resumption on renegotiation */ #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 24cd4268e4033989900e7de140937ede528097ed..f305bc7b368d9940f082593842cae48428bc5caa 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1038,7 +1038,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) s->max_cert_list=larg; return(l); case SSL_CTRL_SET_MTU: - if (SSL_version(s) == DTLS1_VERSION) + if (SSL_version(s) == DTLS1_VERSION || + SSL_version(s) == DTLS1_BAD_VER) { s->d1->mtu = larg; return larg; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 4c72f18a7538b1c17e13c829bbb8c271eec3cee1..bebbfa099d4e4c04822427417eb233e3b5508066 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -300,6 +300,11 @@ int ssl_get_new_session(SSL *s, int session) ss->ssl_version=TLS1_VERSION; ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; } + else if (s->version == DTLS1_BAD_VER) + { + ss->ssl_version=DTLS1_BAD_VER; + ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == DTLS1_VERSION) { ss->ssl_version=DTLS1_VERSION; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index e35173823771e9303520f99e4c85b17daa20a1f8..d9cb059d0c21685d8b0e9c7c2cba816fe4b70350 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -882,7 +882,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) mac_ctx = &hmac; } - if (ssl->version == DTLS1_VERSION) + if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) { unsigned char dtlsseq[8],*p=dtlsseq; @@ -911,7 +911,7 @@ printf("rec="); {unsigned int z; for (z=0; zlength; z++) printf("%02X ",buf[z]); printf("\n"); } #endif - if (ssl->version != DTLS1_VERSION) + if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) { for (i=7; i>=0; i--) { diff --git a/test/times b/test/times index 738d569b8f4f1691a8b732560cd17fb8c5064f38..6b66eb342e6cd3eeab425de80b46ebd99e6b1710 100644 --- a/test/times +++ b/test/times @@ -1,7 +1,7 @@ More number for the questions about SSL overheads.... -The following numbers were generated on a pentium pro 200, running linux. +The following numbers were generated on a Pentium pro 200, running Linux. They give an indication of the SSL protocol and encryption overheads. The program that generated them is an unreleased version of ssl/ssltest.c @@ -11,7 +11,7 @@ interface. How do I read this? The protocol and cipher are reasonable obvious. The next number is the number of connections being made. The next is the -number of bytes exchanged bewteen the client and server side of the protocol. +number of bytes exchanged between the client and server side of the protocol. This is the number of bytes that the client sends to the server, and then the server sends back. Because this is all happening in one process, the data is being encrypted, decrypted, encrypted and then decrypted again. @@ -55,10 +55,10 @@ SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s What does this all mean? Well for a server, with no session-id reuse, with a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, -a pentium pro 200 running linux can handle the SSLv3 protocol overheads of +a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of about 49 connections a second. Reality will be quite different :-). -Remeber the first number is 1000 full ssl handshakes, the second is +Remember the first number is 1000 full ssl handshakes, the second is 1 full and 999 with session-id reuse. The RSA overheads for each exchange would be one public and one private operation, but the protocol/MAC/cipher cost would be quite similar in both the client and server. @@ -72,21 +72,21 @@ eric (adding numbers to speculation) killer in SSL. Often delays in the TCP protocol will make session-id reuse look slower that new sessions, but this would not be the case on a loaded server. -- The TCP round trip latencies, while slowing indervidual connections, +- The TCP round trip latencies, while slowing individual connections, would have minimal impact on throughput. - Instead of sending one 102400 byte buffer, one 8k buffer is sent until - the required number of bytes are processed. -- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers. +- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers. - A 512bit server key was being used except where noted. - No server key verification was being performed on the client side of the protocol. This would slow things down very little. - The library being used is SSLeay 0.8.x. -- The normal mesauring system was commands of the form +- The normal measuring system was commands of the form time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse This modified version of ssltest should be in the next public release of SSLeay. -The general cipher performace number for this platform are +The general cipher performance number for this platform are SSLeay 0.8.2a 04-Sep-1997 built on Fri Sep 5 17:37:05 EST 1997 diff --git a/times/x86/des3s.cpp b/times/x86/des3s.cpp index 02d527c057c27c0554073601787ad4a1d572b54d..cd2b1126f19fbb5b467b09788451e50e29b86542 100644 --- a/times/x86/des3s.cpp +++ b/times/x86/des3s.cpp @@ -60,7 +60,7 @@ void main(int argc,char *argv[]) des_encrypt3(&data[0],key1,key2,key3); } - printf("des %d %d (%d)\n", + printf("des3 %d %d (%d)\n", e1-s1,e2-s2,((e2-s2)-(e1-s1))); } }