size_t DTLS_get_data_mtu(const SSL *s)
{
size_t mac_overhead, int_overhead, blocksize, ext_overhead;
const SSL_CIPHER *ciph = SSL_get_current_cipher(s);
size_t mtu = s->d1->mtu;
if (ciph == NULL)
return 0;
if (!ssl_cipher_get_overhead(ciph, &mac_overhead, &int_overhead,
&blocksize, &ext_overhead))
return 0;
if (SSL_USE_ETM(s))
ext_overhead += mac_overhead;
else
int_overhead += mac_overhead;
/* Subtract external overhead (e.g. IV/nonce, separate MAC) */
if (ext_overhead + DTLS1_RT_HEADER_LENGTH >= mtu)
return 0;
mtu -= ext_overhead + DTLS1_RT_HEADER_LENGTH;
/* Round encrypted payload down to cipher block size (for CBC etc.)
* No check for overflow since 'mtu % blocksize' cannot exceed mtu. */
if (blocksize)
mtu -= (mtu % blocksize);
/* Subtract internal overhead (e.g. CBC padding len byte) */
if (int_overhead >= mtu)
return 0;
mtu -= int_overhead;
return mtu;
}
int tls1_setup_key_block(SSL *s)
{
unsigned char *p1,*p2=NULL;
const EVP_CIPHER *c;
const EVP_MD *hash;
int num;
SSL_COMP *comp;
int mac_type= NID_undef,mac_secret_size=0;
int ret=0;
#ifdef KSSL_DEBUG
printf ("tls1_setup_key_block()\n");
#endif /* KSSL_DEBUG */
if (s->s3->tmp.key_block_length != 0)
return(1);
if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&comp, SSL_USE_ETM(s)))
{
SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return(0);
}
s->s3->tmp.new_sym_enc=c;
s->s3->tmp.new_hash=hash;
s->s3->tmp.new_mac_pkey_type = mac_type;
s->s3->tmp.new_mac_secret_size = mac_secret_size;
num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c);
num*=2;
ssl3_cleanup_key_block(s);
if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
{
SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
goto err;
}
s->s3->tmp.key_block_length=num;
s->s3->tmp.key_block=p1;
if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
{
SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
goto err;
}
#ifdef TLS_DEBUG
printf("client random\n");
{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
printf("server random\n");
{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
printf("pre-master\n");
{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
#endif
if (!tls1_generate_key_block(s,p1,p2,num))
goto err;
#ifdef TLS_DEBUG
printf("\nkey block\n");
{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
#endif
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
&& s->method->version <= TLS1_VERSION)
{
/* enable vulnerability countermeasure for CBC ciphers with
* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
*/
s->s3->need_empty_fragments = 1;
if (s->session->cipher != NULL)
{
if (s->session->cipher->algorithm_enc == SSL_eNULL)
s->s3->need_empty_fragments = 0;
#ifndef OPENSSL_NO_RC4
if (s->session->cipher->algorithm_enc == SSL_RC4)
s->s3->need_empty_fragments = 0;
#endif
}
}
ret = 1;
err:
if (p2)
{
OPENSSL_cleanse(p2,num);
OPENSSL_free(p2);
}
return(ret);
}
static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm)
{
SSL *srvr_ssl = NULL, *clnt_ssl = NULL;
BIO *sc_bio = NULL;
int i;
size_t s;
size_t mtus[30];
unsigned char buf[600];
int rv = 0;
memset(buf, 0x5a, sizeof(buf));
if (create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, NULL, NULL) != 1)
goto out;
if (no_etm)
SSL_set_options(srvr_ssl, SSL_OP_NO_ENCRYPT_THEN_MAC);
if (SSL_set_cipher_list(srvr_ssl, cs) != 1 ||
SSL_set_cipher_list(clnt_ssl, cs) != 1) {
ERR_print_errors_fp(stdout);
goto out;
}
sc_bio = SSL_get_rbio(srvr_ssl);
if (create_ssl_connection(clnt_ssl, srvr_ssl) != 1)
goto out;
if (debug)
printf("Channel established\n");
/* For record MTU values between 500 and 539, call DTLS_get_data_mtu()
* to query the payload MTU which will fit. */
for (i = 0; i < 30; i++) {
SSL_set_mtu(clnt_ssl, 500 + i);
mtus[i] = DTLS_get_data_mtu(clnt_ssl);
if (debug)
printf("%s%s payload MTU for record mtu %d = %"OSSLzu"\n",
cs, no_etm ? "-noEtM":"", 500 + i, mtus[i]);
if (mtus[i] == 0) {
fprintf(stderr,
"payload MTU failed with record MTU %d for %s\n",
500 + i, cs);
goto out;
}
}
/* Now get out of the way */
SSL_set_mtu(clnt_ssl, 1000);
/* Now for all values in the range of payload MTUs, send
* a payload of that size and see what actual record size
* we end up with. */
for (s = mtus[0]; s <= mtus[29]; s++) {
size_t reclen;
if (SSL_write(clnt_ssl, buf, s) != (int)s) {
ERR_print_errors_fp(stdout);
goto out;
}
reclen = BIO_read(sc_bio, buf, sizeof(buf));
if (debug)
printf("record %"OSSLzu" for payload %"OSSLzu"\n", reclen, s);
for (i = 0; i < 30; i++) {
/* DTLS_get_data_mtu() with record MTU 500+i returned mtus[i] ... */
if (s <= mtus[i] && reclen > (size_t)(500 + i)) {
/* We sent a packet smaller than or equal to mtus[j] and
* that made a record *larger* than the record MTU 500+j! */
fprintf(stderr,
"%s: Payload MTU %"OSSLzu" reported for record MTU %d\n"
"but sending a payload of %"OSSLzu" made a record of %"OSSLzu"(too large)\n",
cs, mtus[i], 500 + i, s, reclen);
goto out;
}
if (s > mtus[i] && reclen <= (size_t)(500 + i)) {
/* We sent a *larger* packet than mtus[i] and that *still*
* fits within the record MTU 500+i, so DTLS_get_data_mtu()
* was overly pessimistic. */
fprintf(stderr,
"%s: Payload MTU %"OSSLzu" reported for record MTU %d\n"
"but sending a payload of %"OSSLzu" made a record of %"OSSLzu" (too small)\n",
cs, mtus[i], 500 + i, s, reclen);
goto out;
}
}
}
rv = 1;
if (SSL_USE_ETM(clnt_ssl))
rv = 2;
out:
SSL_free(clnt_ssl);
SSL_free(srvr_ssl);
return rv;
}
