size_t DTLS_get_data_mtu(const SSL *s) { size_t mac_overhead, int_overhead, blocksize, ext_overhead; const SSL_CIPHER *ciph = SSL_get_current_cipher(s); size_t mtu = s->d1->mtu; if (ciph == NULL) return 0; if (!ssl_cipher_get_overhead(ciph, &mac_overhead, &int_overhead, &blocksize, &ext_overhead)) return 0; if (SSL_USE_ETM(s)) ext_overhead += mac_overhead; else int_overhead += mac_overhead; /* Subtract external overhead (e.g. IV/nonce, separate MAC) */ if (ext_overhead + DTLS1_RT_HEADER_LENGTH >= mtu) return 0; mtu -= ext_overhead + DTLS1_RT_HEADER_LENGTH; /* Round encrypted payload down to cipher block size (for CBC etc.) * No check for overflow since 'mtu % blocksize' cannot exceed mtu. */ if (blocksize) mtu -= (mtu % blocksize); /* Subtract internal overhead (e.g. CBC padding len byte) */ if (int_overhead >= mtu) return 0; mtu -= int_overhead; return mtu; }
int tls1_setup_key_block(SSL *s) { unsigned char *p1,*p2=NULL; const EVP_CIPHER *c; const EVP_MD *hash; int num; SSL_COMP *comp; int mac_type= NID_undef,mac_secret_size=0; int ret=0; #ifdef KSSL_DEBUG printf ("tls1_setup_key_block()\n"); #endif /* KSSL_DEBUG */ if (s->s3->tmp.key_block_length != 0) return(1); if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&comp, SSL_USE_ETM(s))) { SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return(0); } s->s3->tmp.new_sym_enc=c; s->s3->tmp.new_hash=hash; s->s3->tmp.new_mac_pkey_type = mac_type; s->s3->tmp.new_mac_secret_size = mac_secret_size; num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c); num*=2; ssl3_cleanup_key_block(s); if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL) { SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); goto err; } s->s3->tmp.key_block_length=num; s->s3->tmp.key_block=p1; if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) { SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); goto err; } #ifdef TLS_DEBUG printf("client random\n"); { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); } printf("server random\n"); { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); } printf("pre-master\n"); { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } #endif if (!tls1_generate_key_block(s,p1,p2,num)) goto err; #ifdef TLS_DEBUG printf("\nkey block\n"); { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } #endif if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && s->method->version <= TLS1_VERSION) { /* enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ s->s3->need_empty_fragments = 1; if (s->session->cipher != NULL) { if (s->session->cipher->algorithm_enc == SSL_eNULL) s->s3->need_empty_fragments = 0; #ifndef OPENSSL_NO_RC4 if (s->session->cipher->algorithm_enc == SSL_RC4) s->s3->need_empty_fragments = 0; #endif } } ret = 1; err: if (p2) { OPENSSL_cleanse(p2,num); OPENSSL_free(p2); } return(ret); }
static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) { SSL *srvr_ssl = NULL, *clnt_ssl = NULL; BIO *sc_bio = NULL; int i; size_t s; size_t mtus[30]; unsigned char buf[600]; int rv = 0; memset(buf, 0x5a, sizeof(buf)); if (create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, NULL, NULL) != 1) goto out; if (no_etm) SSL_set_options(srvr_ssl, SSL_OP_NO_ENCRYPT_THEN_MAC); if (SSL_set_cipher_list(srvr_ssl, cs) != 1 || SSL_set_cipher_list(clnt_ssl, cs) != 1) { ERR_print_errors_fp(stdout); goto out; } sc_bio = SSL_get_rbio(srvr_ssl); if (create_ssl_connection(clnt_ssl, srvr_ssl) != 1) goto out; if (debug) printf("Channel established\n"); /* For record MTU values between 500 and 539, call DTLS_get_data_mtu() * to query the payload MTU which will fit. */ for (i = 0; i < 30; i++) { SSL_set_mtu(clnt_ssl, 500 + i); mtus[i] = DTLS_get_data_mtu(clnt_ssl); if (debug) printf("%s%s payload MTU for record mtu %d = %"OSSLzu"\n", cs, no_etm ? "-noEtM":"", 500 + i, mtus[i]); if (mtus[i] == 0) { fprintf(stderr, "payload MTU failed with record MTU %d for %s\n", 500 + i, cs); goto out; } } /* Now get out of the way */ SSL_set_mtu(clnt_ssl, 1000); /* Now for all values in the range of payload MTUs, send * a payload of that size and see what actual record size * we end up with. */ for (s = mtus[0]; s <= mtus[29]; s++) { size_t reclen; if (SSL_write(clnt_ssl, buf, s) != (int)s) { ERR_print_errors_fp(stdout); goto out; } reclen = BIO_read(sc_bio, buf, sizeof(buf)); if (debug) printf("record %"OSSLzu" for payload %"OSSLzu"\n", reclen, s); for (i = 0; i < 30; i++) { /* DTLS_get_data_mtu() with record MTU 500+i returned mtus[i] ... */ if (s <= mtus[i] && reclen > (size_t)(500 + i)) { /* We sent a packet smaller than or equal to mtus[j] and * that made a record *larger* than the record MTU 500+j! */ fprintf(stderr, "%s: Payload MTU %"OSSLzu" reported for record MTU %d\n" "but sending a payload of %"OSSLzu" made a record of %"OSSLzu"(too large)\n", cs, mtus[i], 500 + i, s, reclen); goto out; } if (s > mtus[i] && reclen <= (size_t)(500 + i)) { /* We sent a *larger* packet than mtus[i] and that *still* * fits within the record MTU 500+i, so DTLS_get_data_mtu() * was overly pessimistic. */ fprintf(stderr, "%s: Payload MTU %"OSSLzu" reported for record MTU %d\n" "but sending a payload of %"OSSLzu" made a record of %"OSSLzu" (too small)\n", cs, mtus[i], 500 + i, s, reclen); goto out; } } } rv = 1; if (SSL_USE_ETM(clnt_ssl)) rv = 2; out: SSL_free(clnt_ssl); SSL_free(srvr_ssl); return rv; }