[PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

David Woodhouse-7
This patch against the 0.9.8 branch adds an SSL option for compatibility
with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
VPN. This is RT #1751.

With this patch, and with the two bug fixes I just posted, I now have a
fully functional client operating with Cisco's VPN servers.

Index: ssl/d1_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.3.2.10
diff -u -p -r1.3.2.10 d1_clnt.c
--- ssl/d1_clnt.c 4 Jun 2008 18:35:25 -0000 1.3.2.10
+++ ssl/d1_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s
 
 static SSL_METHOD *dtls1_get_client_method(int ver)
  {
- if (ver == DTLS1_VERSION)
+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
  return(DTLSv1_client_method());
  else
  return(NULL);
@@ -181,7 +181,8 @@ int dtls1_connect(SSL *s)
  s->server=0;
  if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
+    (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
  {
  SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
  ret = -1;
Index: ssl/d1_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_lib.c,v
retrieving revision 1.1.2.5
diff -u -p -r1.1.2.5 d1_lib.c
--- ssl/d1_lib.c 5 Oct 2007 21:05:27 -0000 1.1.2.5
+++ ssl/d1_lib.c 29 Sep 2008 08:38:49 -0000
@@ -186,7 +186,10 @@ void dtls1_free(SSL *s)
 void dtls1_clear(SSL *s)
  {
  ssl3_clear(s);
- s->version=DTLS1_VERSION;
+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ s->version=DTLS1_BAD_VER;
+ else
+ s->version=DTLS1_VERSION;
  }
 
 /*
Index: ssl/d1_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.12
diff -u -p -r1.4.2.12 d1_pkt.c
--- ssl/d1_pkt.c 14 Sep 2008 17:57:03 -0000 1.4.2.12
+++ ssl/d1_pkt.c 29 Sep 2008 08:27:31 -0000
@@ -986,15 +986,17 @@ start:
  if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
  {
  struct ccs_header_st ccs_hdr;
+ int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
 
  dtls1_get_ccs_header(rr->data, &ccs_hdr);
 
  /* 'Change Cipher Spec' is just a single byte, so we know
  * exactly what the record payload has to look like */
  /* XDTLS: check that epoch is consistent */
- if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) ||
- (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) ||
- (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
+ if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
+ ccs_hdr_len = 3;
+
+ if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
  {
  i=SSL_AD_ILLEGAL_PARAMETER;
  SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
@@ -1310,7 +1312,7 @@ int do_dtls1_write(SSL *s, int type, con
 #if 0
  /* 'create_empty_fragment' is true only when this function calls itself */
  if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION)
+    && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
  {
  /* countermeasure against known-IV weakness in CBC ciphersuites
  * (see http://www.openssl.org/~bodo/tls-cbc.txt)
Index: ssl/s3_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.88.2.17
diff -u -p -r1.88.2.17 s3_clnt.c
--- ssl/s3_clnt.c 16 Jun 2008 16:56:41 -0000 1.88.2.17
+++ ssl/s3_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -708,7 +708,7 @@ int ssl3_get_server_hello(SSL *s)
 
  if (!ok) return((int)n);
 
- if ( SSL_version(s) == DTLS1_VERSION)
+ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
  {
  if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
  {
Index: ssl/ssl.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl.h,v
retrieving revision 1.161.2.21
diff -u -p -r1.161.2.21 ssl.h
--- ssl/ssl.h 13 Aug 2008 19:44:44 -0000 1.161.2.21
+++ ssl/ssl.h 29 Sep 2008 08:39:24 -0000
@@ -510,6 +510,8 @@ typedef struct ssl_session_st
 #define SSL_OP_COOKIE_EXCHANGE              0x00002000L
 /* Don't use RFC4507 ticket extension */
 #define SSL_OP_NO_TICKET            0x00004000L
+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
+#define SSL_OP_CISCO_ANYCONNECT    0x00008000L
 
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
Index: ssl/ssl_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_lib.c,v
retrieving revision 1.133.2.15
diff -u -p -r1.133.2.15 ssl_lib.c
--- ssl/ssl_lib.c 16 Jun 2008 16:56:42 -0000 1.133.2.15
+++ ssl/ssl_lib.c 29 Sep 2008 08:37:16 -0000
@@ -993,7 +993,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
  s->max_cert_list=larg;
  return(l);
  case SSL_CTRL_SET_MTU:
- if (SSL_version(s) == DTLS1_VERSION)
+ if (SSL_version(s) == DTLS1_VERSION ||
+    SSL_version(s) == DTLS1_BAD_VER)
  {
  s->d1->mtu = larg;
  return larg;
Index: ssl/ssl_sess.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.51.2.9
diff -u -p -r1.51.2.9 ssl_sess.c
--- ssl/ssl_sess.c 4 Jun 2008 18:35:27 -0000 1.51.2.9
+++ ssl/ssl_sess.c 29 Sep 2008 08:27:31 -0000
@@ -211,6 +211,11 @@ int ssl_get_new_session(SSL *s, int sess
  ss->ssl_version=TLS1_VERSION;
  ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
  }
+ else if (s->version == DTLS1_BAD_VER)
+ {
+ ss->ssl_version=DTLS1_BAD_VER;
+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ }
  else if (s->version == DTLS1_VERSION)
  {
  ss->ssl_version=DTLS1_VERSION;
Index: ssl/t1_enc.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/t1_enc.c,v
retrieving revision 1.35.2.6
diff -u -p -r1.35.2.6 t1_enc.c
--- ssl/t1_enc.c 13 Sep 2008 18:25:36 -0000 1.35.2.6
+++ ssl/t1_enc.c 29 Sep 2008 08:35:54 -0000
@@ -757,10 +757,10 @@ int tls1_mac(SSL *ssl, unsigned char *md
  HMAC_CTX_init(&hmac);
  HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
 
- if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
+ if (ssl->version == DTLS1_BAD_VER ||
+    (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
  {
  unsigned char dtlsseq[8],*p=dtlsseq;
-
  s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
  memcpy (p,&seq[2],6);
 
@@ -785,7 +785,7 @@ printf("rec=");
 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
 
- if ( SSL_version(ssl) != DTLS1_VERSION)
+ if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
  {
  for (i=7; i>=0; i--)
  {


--
dwmw2

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN [openssl.org #1751]

Rich Salz via RT
On Tue, 2008-10-07 at 10:12 +0100, David Woodhouse wrote:
> This patch against the 0.9.8 branch adds an SSL option for compatibility
> with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
> VPN. This is RT #1751.
>
> With this patch, and with the two bug fixes I just posted, I now have a
> fully functional client operating with Cisco's VPN servers.

Leaving aside the question of adding this to HEAD, can we please at
least add it to the 0.9.8 branch?

We're shipping a completely functional client for this VPN now, and all
that remains is to get the pre-RFC version of DTLS working again, which
is implemented by this patch.

--
dwmw2


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN [openssl.org #1751]

David Woodhouse-7
On Sat, 2008-12-20 at 14:00 +0100, David Woodhouse via RT wrote:

> On Tue, 2008-10-07 at 10:12 +0100, David Woodhouse wrote:
> > This patch against the 0.9.8 branch adds an SSL option for compatibility
> > with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
> > VPN. This is RT #1751.
> >
> > With this patch, and with the two bug fixes I just posted, I now have a
> > fully functional client operating with Cisco's VPN servers.
>
> Leaving aside the question of adding this to HEAD, can we please at
> least add it to the 0.9.8 branch?
>
> We're shipping a completely functional client for this VPN now, and all
> that remains is to get the pre-RFC version of DTLS working again, which
> is implemented by this patch.

Hello?

We really need to be able to communicate with the older versions of
OpenSSL which are out there in production use.

--
dwmw2

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN [openssl.org #1751]

David Woodhouse-7
On Sun, 2009-01-11 at 10:47 +0000, David Woodhouse wrote:

> On Sat, 2008-12-20 at 14:00 +0100, David Woodhouse via RT wrote:
> > On Tue, 2008-10-07 at 10:12 +0100, David Woodhouse wrote:
> > > This patch against the 0.9.8 branch adds an SSL option for compatibility
> > > with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
> > > VPN. This is RT #1751.
> > >
> > > With this patch, and with the two bug fixes I just posted, I now have a
> > > fully functional client operating with Cisco's VPN servers.
> >
> > Leaving aside the question of adding this to HEAD, can we please at
> > least add it to the 0.9.8 branch?
> >
> > We're shipping a completely functional client for this VPN now, and all
> > that remains is to get the pre-RFC version of DTLS working again, which
> > is implemented by this patch.
>
> Hello?
>
> We really need to be able to communicate with the older versions of
> OpenSSL which are out there in production use.

Ping?

--
dwmw2

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN [openssl.org #1751]

David Woodhouse-7
On Mon, 2009-02-09 at 07:14 +0000, David Woodhouse wrote:

> On Sun, 2009-01-11 at 10:47 +0000, David Woodhouse wrote:
> > On Sat, 2008-12-20 at 14:00 +0100, David Woodhouse via RT wrote:
> > > On Tue, 2008-10-07 at 10:12 +0100, David Woodhouse wrote:
> > > > This patch against the 0.9.8 branch adds an SSL option for compatibility
> > > > with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
> > > > VPN. This is RT #1751.
> > > >
> > > > With this patch, and with the two bug fixes I just posted, I now have a
> > > > fully functional client operating with Cisco's VPN servers.
> > >
> > > Leaving aside the question of adding this to HEAD, can we please at
> > > least add it to the 0.9.8 branch?
> > >
> > > We're shipping a completely functional client for this VPN now, and all
> > > that remains is to get the pre-RFC version of DTLS working again, which
> > > is implemented by this patch.
> >
> > Hello?
> >
> > We really need to be able to communicate with the older versions of
> > OpenSSL which are out there in production use.
>
> Ping?

Hello? Is there anybody out there?

--
dwmw2

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

[openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

Rich Salz via RT
In reply to this post by Rich Salz via RT
> [[hidden email] - Sat Dec 20 14:00:34 2008]:
>
> On Tue, 2008-10-07 at 10:12 +0100, David Woodhouse wrote:
> > This patch against the 0.9.8 branch adds an SSL option for compatibility
> > with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
> > VPN. This is RT #1751.
> >
> > With this patch, and with the two bug fixes I just posted, I now have a
> > fully functional client operating with Cisco's VPN servers.
>
> Leaving aside the question of adding this to HEAD, can we please at
> least add it to the 0.9.8 branch?

Adding to HEAD seems less problematic.

Anyway, I'm mostly happy with this patch, except from d1_pkt.c, shouldn't:

if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
 ccs_hdr_len = 3;

be

if (s->client_version == DTLS1_BAD_VER || (s->options &
SSL_OP_CISCO_ANYCONNECT))
 ccs_hdr_len = 3;

also, the patch as an attachment would be nice.

>
> We're shipping a completely functional client for this VPN now, and all
> that remains is to get the pre-RFC version of DTLS working again, which
> is implemented by this patch.
>
>
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN [openssl.org #1751]

Ger Hobbelt
In reply to this post by David Woodhouse-7
On Wed, Feb 25, 2009 at 1:44 PM, David Woodhouse <[hidden email]> wrote:
> Hello? Is there anybody out there?

I hear you.

Not that that helps much; maybe you need to address the core team
directly. Don't know why this is happening like this, maybe your patch
is counter-policy or some such, but for lack of sound, the why remains
pure guesswork. Anyway, thanks for posting it here as I may be needing
it in a while - another case of interoperability gaining over proper
standards-conforming protocol usage coming my way.


--
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--------------------------------------------------
web:    http://www.hobbelt.com/
        http://www.hebbut.net/
mail:   [hidden email]
mobile: +31-6-11 120 978
--------------------------------------------------
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

David Woodhouse-7
In reply to this post by Rich Salz via RT
On Wed, 2009-02-25 at 16:38 +0100, Ben Laurie via RT wrote:

> > [[hidden email] - Sat Dec 20 14:00:34 2008]:
> >
> > On Tue, 2008-10-07 at 10:12 +0100, David Woodhouse wrote:
> > > This patch against the 0.9.8 branch adds an SSL option for compatibility
> > > with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
> > > VPN. This is RT #1751.
> > >
> > > With this patch, and with the two bug fixes I just posted, I now have a
> > > fully functional client operating with Cisco's VPN servers.
> >
> > Leaving aside the question of adding this to HEAD, can we please at
> > least add it to the 0.9.8 branch?
>
> Adding to HEAD seems less problematic.
Well, the stable branch already has back-compat support for a new server
to talk to old clients. So it's kind of a no-brainer to make it work the
other way round too; new client code talking to old servers.

HEAD doesn't have that back-compat at all; a patch would be larger
there. I can certainly generate such a patch though. As soon as I'm not
in a hotel which blocks UDP traffic... :)

> Anyway, I'm mostly happy with this patch, except from d1_pkt.c, shouldn't:
>
> if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
>  ccs_hdr_len = 3;
>
> be
>
> if (s->client_version == DTLS1_BAD_VER || (s->options &
> SSL_OP_CISCO_ANYCONNECT))
>  ccs_hdr_len = 3;
Those are equivalent, I believe -- you should never hit this code path
with s->version == DTLS1_BAD_VER unless the ANYCONNECT option is set.

So it's purely a cosmetic thing -- I can change it if you prefer.

> also, the patch as an attachment would be nice.

I'm attaching the 0.9.8x patch I've been building with for the last few
months. Generating a patch against HEAD will take me a little longer
(and be less directly useful, in the foreseeable future, because
distributions are actually shipping 0.9.8x.)

--
dwmw2

openssl-stable-dtls.patch (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

Rich Salz via RT
On Wed, 2009-02-25 at 16:38 +0100, Ben Laurie via RT wrote:

> > [[hidden email] - Sat Dec 20 14:00:34 2008]:
> >
> > On Tue, 2008-10-07 at 10:12 +0100, David Woodhouse wrote:
> > > This patch against the 0.9.8 branch adds an SSL option for compatibility
> > > with the pre-RFC version of DTLS used by Cisco for their AnyConnect SSL
> > > VPN. This is RT #1751.
> > >
> > > With this patch, and with the two bug fixes I just posted, I now have a
> > > fully functional client operating with Cisco's VPN servers.
> >
> > Leaving aside the question of adding this to HEAD, can we please at
> > least add it to the 0.9.8 branch?
>
> Adding to HEAD seems less problematic.
Well, the stable branch already has back-compat support for a new server
to talk to old clients. So it's kind of a no-brainer to make it work the
other way round too; new client code talking to old servers.

HEAD doesn't have that back-compat at all; a patch would be larger
there. I can certainly generate such a patch though. As soon as I'm not
in a hotel which blocks UDP traffic... :)

> Anyway, I'm mostly happy with this patch, except from d1_pkt.c, shouldn't:
>
> if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
>  ccs_hdr_len = 3;
>
> be
>
> if (s->client_version == DTLS1_BAD_VER || (s->options &
> SSL_OP_CISCO_ANYCONNECT))
>  ccs_hdr_len = 3;
Those are equivalent, I believe -- you should never hit this code path
with s->version == DTLS1_BAD_VER unless the ANYCONNECT option is set.

So it's purely a cosmetic thing -- I can change it if you prefer.

> also, the patch as an attachment would be nice.

I'm attaching the 0.9.8x patch I've been building with for the last few
months. Generating a patch against HEAD will take me a little longer
(and be less directly useful, in the foreseeable future, because
distributions are actually shipping 0.9.8x.)

--
dwmw2


Index: ssl/d1_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.3.2.10
diff -u -p -r1.3.2.10 d1_clnt.c
--- ssl/d1_clnt.c 4 Jun 2008 18:35:25 -0000 1.3.2.10
+++ ssl/d1_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s
 
 static SSL_METHOD *dtls1_get_client_method(int ver)
  {
- if (ver == DTLS1_VERSION)
+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
  return(DTLSv1_client_method());
  else
  return(NULL);
@@ -181,7 +181,8 @@ int dtls1_connect(SSL *s)
  s->server=0;
  if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
+    (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
  {
  SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
  ret = -1;
Index: ssl/d1_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_lib.c,v
retrieving revision 1.1.2.5
diff -u -p -r1.1.2.5 d1_lib.c
--- ssl/d1_lib.c 5 Oct 2007 21:05:27 -0000 1.1.2.5
+++ ssl/d1_lib.c 29 Sep 2008 08:38:49 -0000
@@ -186,7 +186,10 @@ void dtls1_free(SSL *s)
 void dtls1_clear(SSL *s)
  {
  ssl3_clear(s);
- s->version=DTLS1_VERSION;
+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ s->version=DTLS1_BAD_VER;
+ else
+ s->version=DTLS1_VERSION;
  }
 
 /*
Index: ssl/d1_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_pkt.c,v
retrieving revision 1.4.2.12
diff -u -p -r1.4.2.12 d1_pkt.c
--- ssl/d1_pkt.c 14 Sep 2008 17:57:03 -0000 1.4.2.12
+++ ssl/d1_pkt.c 29 Sep 2008 08:27:31 -0000
@@ -986,15 +986,17 @@ start:
  if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
  {
  struct ccs_header_st ccs_hdr;
+ int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
 
  dtls1_get_ccs_header(rr->data, &ccs_hdr);
 
  /* 'Change Cipher Spec' is just a single byte, so we know
  * exactly what the record payload has to look like */
  /* XDTLS: check that epoch is consistent */
- if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) ||
- (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) ||
- (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
+ if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
+ ccs_hdr_len = 3;
+
+ if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
  {
  i=SSL_AD_ILLEGAL_PARAMETER;
  SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
@@ -1310,7 +1312,7 @@ int do_dtls1_write(SSL *s, int type, con
 #if 0
  /* 'create_empty_fragment' is true only when this function calls itself */
  if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION)
+    && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
  {
  /* countermeasure against known-IV weakness in CBC ciphersuites
  * (see http://www.openssl.org/~bodo/tls-cbc.txt)
Index: ssl/s3_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.88.2.17
diff -u -p -r1.88.2.17 s3_clnt.c
--- ssl/s3_clnt.c 16 Jun 2008 16:56:41 -0000 1.88.2.17
+++ ssl/s3_clnt.c 29 Sep 2008 08:27:31 -0000
@@ -708,7 +708,7 @@ int ssl3_get_server_hello(SSL *s)
 
  if (!ok) return((int)n);
 
- if ( SSL_version(s) == DTLS1_VERSION)
+ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
  {
  if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
  {
Index: ssl/ssl.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl.h,v
retrieving revision 1.161.2.21
diff -u -p -r1.161.2.21 ssl.h
--- ssl/ssl.h 13 Aug 2008 19:44:44 -0000 1.161.2.21
+++ ssl/ssl.h 29 Sep 2008 08:39:24 -0000
@@ -510,6 +510,8 @@ typedef struct ssl_session_st
 #define SSL_OP_COOKIE_EXCHANGE              0x00002000L
 /* Don't use RFC4507 ticket extension */
 #define SSL_OP_NO_TICKET            0x00004000L
+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
+#define SSL_OP_CISCO_ANYCONNECT    0x00008000L
 
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
Index: ssl/ssl_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_lib.c,v
retrieving revision 1.133.2.15
diff -u -p -r1.133.2.15 ssl_lib.c
--- ssl/ssl_lib.c 16 Jun 2008 16:56:42 -0000 1.133.2.15
+++ ssl/ssl_lib.c 29 Sep 2008 08:37:16 -0000
@@ -993,7 +993,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
  s->max_cert_list=larg;
  return(l);
  case SSL_CTRL_SET_MTU:
- if (SSL_version(s) == DTLS1_VERSION)
+ if (SSL_version(s) == DTLS1_VERSION ||
+    SSL_version(s) == DTLS1_BAD_VER)
  {
  s->d1->mtu = larg;
  return larg;
Index: ssl/ssl_sess.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.51.2.9
diff -u -p -r1.51.2.9 ssl_sess.c
--- ssl/ssl_sess.c 4 Jun 2008 18:35:27 -0000 1.51.2.9
+++ ssl/ssl_sess.c 29 Sep 2008 08:27:31 -0000
@@ -211,6 +211,11 @@ int ssl_get_new_session(SSL *s, int sess
  ss->ssl_version=TLS1_VERSION;
  ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
  }
+ else if (s->version == DTLS1_BAD_VER)
+ {
+ ss->ssl_version=DTLS1_BAD_VER;
+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ }
  else if (s->version == DTLS1_VERSION)
  {
  ss->ssl_version=DTLS1_VERSION;
Index: ssl/t1_enc.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/t1_enc.c,v
retrieving revision 1.35.2.6
diff -u -p -r1.35.2.6 t1_enc.c
--- ssl/t1_enc.c 13 Sep 2008 18:25:36 -0000 1.35.2.6
+++ ssl/t1_enc.c 29 Sep 2008 08:35:54 -0000
@@ -757,10 +757,10 @@ int tls1_mac(SSL *ssl, unsigned char *md
  HMAC_CTX_init(&hmac);
  HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
 
- if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
+ if (ssl->version == DTLS1_BAD_VER ||
+    (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
  {
  unsigned char dtlsseq[8],*p=dtlsseq;
-
  s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
  memcpy (p,&seq[2],6);
 
@@ -785,7 +785,7 @@ printf("rec=");
 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
 
- if ( SSL_version(ssl) != DTLS1_VERSION)
+ if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
  {
  for (i=7; i>=0; i--)
  {
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

David Woodhouse-7
In reply to this post by David Woodhouse-7
On Thu, 2009-02-26 at 13:00 +0900, David Woodhouse wrote:
> Generating a patch against HEAD will take me a little longer (and be
> less directly useful, in the foreseeable future, because distributions
> are actually shipping 0.9.8x.)

I'm working on this; I've rediscovered my standalone test case and will
spend much of the next 24 hours locked in airplanes where I can poke at
it.

My current patch against HEAD isn't working yet because I still need to
add some of the existing backward-compatibility support which is in the
stable branch but not HEAD.

--
dwmw2

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

Rich Salz via RT
On Thu, 2009-02-26 at 13:00 +0900, David Woodhouse wrote:
> Generating a patch against HEAD will take me a little longer (and be
> less directly useful, in the foreseeable future, because distributions
> are actually shipping 0.9.8x.)

I'm working on this; I've rediscovered my standalone test case and will
spend much of the next 24 hours locked in airplanes where I can poke at
it.

My current patch against HEAD isn't working yet because I still need to
add some of the existing backward-compatibility support which is in the
stable branch but not HEAD.

--
dwmw2


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

David Woodhouse-7
In reply to this post by David Woodhouse-7
On Thu, 2009-02-26 at 21:03 +0900, David Woodhouse wrote:

> On Thu, 2009-02-26 at 13:00 +0900, David Woodhouse wrote:
> > Generating a patch against HEAD will take me a little longer (and be
> > less directly useful, in the foreseeable future, because distributions
> > are actually shipping 0.9.8x.)
>
> I'm working on this; I've rediscovered my standalone test case and will
> spend much of the next 24 hours locked in airplanes where I can poke at
> it.
>
> My current patch against HEAD isn't working yet because I still need to
> add some of the existing backward-compatibility support which is in the
> stable branch but not HEAD.

I finally threw away everything I'd done and started again from scratch,
and I have it working against openssl-1.0.0-beta1.

Again, this is required for interoperation with existing OpenSSL-based
deployments which are quite common "out there", and which can't be
updated to use the "real" protocol.

Index: ssl/d1_both.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_both.c,v
retrieving revision 1.14.2.4
diff -u -p -r1.14.2.4 d1_both.c
--- ssl/d1_both.c 15 Apr 2009 14:49:36 -0000 1.14.2.4
+++ ssl/d1_both.c 19 Apr 2009 18:35:41 -0000
@@ -300,7 +300,7 @@ int dtls1_do_write(SSL *s, int type)
  const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
  int xlen;
 
- if (frag_off == 0)
+ if (frag_off == 0 && s->version != DTLS1_BAD_VER)
  {
  /* reconstruct message header is if it
  * is being sent in single fragment */
@@ -407,8 +407,10 @@ long dtls1_get_message(SSL *s, int st1,
  s2n (msg_hdr->seq,p);
  l2n3(0,p);
  l2n3(msg_len,p);
- p       -= DTLS1_HM_HEADER_LENGTH;
- msg_len += DTLS1_HM_HEADER_LENGTH;
+ if (s->version != DTLS1_BAD_VER) {
+ p       -= DTLS1_HM_HEADER_LENGTH;
+ msg_len += DTLS1_HM_HEADER_LENGTH;
+ }
 
  ssl3_finish_mac(s, p, msg_len);
  if (s->msg_callback)
@@ -775,6 +777,13 @@ int dtls1_send_change_cipher_spec(SSL *s
  *p++=SSL3_MT_CCS;
  s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
  s->init_num=DTLS1_CCS_HEADER_LENGTH;
+
+ if (s->version == DTLS1_BAD_VER) {
+ s->d1->next_handshake_write_seq++;
+ s2n(s->d1->handshake_write_seq,p);
+ s->init_num+=2;
+ }
+
  s->init_off=0;
 
  dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
@@ -989,7 +998,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
  if ( is_ccs)
  {
  OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
+       ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
  }
  else
  {
Index: ssl/d1_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.16.2.3
diff -u -p -r1.16.2.3 d1_clnt.c
--- ssl/d1_clnt.c 14 Apr 2009 14:33:12 -0000 1.16.2.3
+++ ssl/d1_clnt.c 19 Apr 2009 17:42:51 -0000
@@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s
 
 static const SSL_METHOD *dtls1_get_client_method(int ver)
  {
- if (ver == DTLS1_VERSION)
+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
  return(DTLSv1_client_method());
  else
  return(NULL);
@@ -181,7 +181,8 @@ int dtls1_connect(SSL *s)
  s->server=0;
  if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
+    (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
  {
  SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
  ret = -1;
Index: ssl/d1_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_lib.c,v
retrieving revision 1.8.2.1
diff -u -p -r1.8.2.1 d1_lib.c
--- ssl/d1_lib.c 14 Apr 2009 14:20:56 -0000 1.8.2.1
+++ ssl/d1_lib.c 19 Apr 2009 17:42:51 -0000
@@ -176,7 +176,10 @@ void dtls1_free(SSL *s)
 void dtls1_clear(SSL *s)
  {
  ssl3_clear(s);
- s->version=DTLS1_VERSION;
+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ s->version=DTLS1_BAD_VER;
+ else
+ s->version=DTLS1_VERSION;
  }
 
 /*
Index: ssl/d1_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_pkt.c,v
retrieving revision 1.27.2.4
diff -u -p -r1.27.2.4 d1_pkt.c
--- ssl/d1_pkt.c 15 Apr 2009 14:49:36 -0000 1.27.2.4
+++ ssl/d1_pkt.c 19 Apr 2009 18:37:44 -0000
@@ -591,7 +591,7 @@ again:
  }
  }
 
- if ((version & 0xff00) != (DTLS1_VERSION & 0xff00))
+ if ((version & 0xff00) != (s->version & 0xff00))
  {
  SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
  goto err;
@@ -1067,13 +1067,17 @@ start:
  if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
  {
  struct ccs_header_st ccs_hdr;
+ int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
 
  dtls1_get_ccs_header(rr->data, &ccs_hdr);
 
+ if (s->version == DTLS1_BAD_VER)
+ ccs_hdr_len = 3;
+
  /* 'Change Cipher Spec' is just a single byte, so we know
  * exactly what the record payload has to look like */
  /* XDTLS: check that epoch is consistent */
- if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) ||
+ if ( (rr->length != ccs_hdr_len) ||
  (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
  {
  i=SSL_AD_ILLEGAL_PARAMETER;
@@ -1094,6 +1098,9 @@ start:
  /* do this whenever CCS is processed */
  dtls1_reset_seq_numbers(s, SSL3_CC_READ);
 
+ if (s->version == DTLS1_BAD_VER)
+ s->d1->handshake_read_seq++;
+
  goto start;
  }
 
@@ -1401,7 +1408,7 @@ int do_dtls1_write(SSL *s, int type, con
 #if 0
  /* 'create_empty_fragment' is true only when this function calls itself */
  if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION)
+    && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
  {
  /* countermeasure against known-IV weakness in CBC ciphersuites
  * (see http://www.openssl.org/~bodo/tls-cbc.txt)
@@ -1428,7 +1435,6 @@ int do_dtls1_write(SSL *s, int type, con
  s->s3->empty_fragment_done = 1;
  }
 #endif
-
  p = wb->buf + prefix_len;
 
  /* write the header */
Index: ssl/d1_srvr.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_srvr.c,v
retrieving revision 1.20.2.2
diff -u -p -r1.20.2.2 d1_srvr.c
--- ssl/d1_srvr.c 14 Apr 2009 14:33:12 -0000 1.20.2.2
+++ ssl/d1_srvr.c 19 Apr 2009 18:17:04 -0000
@@ -292,7 +292,8 @@ int dtls1_accept(SSL *s)
  s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
 
  /* HelloVerifyRequest resets Finished MAC */
- ssl3_init_finished_mac(s);
+ if (s->version != DTLS1_BAD_VER)
+ ssl3_init_finished_mac(s);
  break;
 
  case SSL3_ST_SW_SRVR_HELLO_A:
Index: ssl/dtls1.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/dtls1.h,v
retrieving revision 1.12.2.4
diff -u -p -r1.12.2.4 dtls1.h
--- ssl/dtls1.h 15 Apr 2009 14:49:36 -0000 1.12.2.4
+++ ssl/dtls1.h 19 Apr 2009 17:49:49 -0000
@@ -68,6 +68,7 @@ extern "C" {
 #endif
 
 #define DTLS1_VERSION 0xFEFF
+#define DTLS1_BAD_VER 0x0100
 
 #if 0
 /* this alert description is not specified anywhere... */
Index: ssl/s3_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.129
diff -u -p -r1.129 s3_clnt.c
--- ssl/s3_clnt.c 14 Feb 2009 21:49:38 -0000 1.129
+++ ssl/s3_clnt.c 19 Apr 2009 17:42:51 -0000
@@ -737,7 +737,7 @@ int ssl3_get_server_hello(SSL *s)
 
  if (!ok) return((int)n);
 
- if ( SSL_version(s) == DTLS1_VERSION)
+ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
  {
  if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
  {
Index: ssl/s3_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_pkt.c,v
retrieving revision 1.72.2.2
diff -u -p -r1.72.2.2 s3_pkt.c
--- ssl/s3_pkt.c 16 Apr 2009 17:22:50 -0000 1.72.2.2
+++ ssl/s3_pkt.c 19 Apr 2009 18:22:32 -0000
@@ -177,8 +177,8 @@ int ssl3_read_n(SSL *s, int n, int max,
  }
 
  /* extend reads should not span multiple packets for DTLS */
- if ( SSL_version(s) == DTLS1_VERSION &&
- extend)
+ if ( (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+     && extend)
  {
  if ( left > 0 && n > left)
  n = left;
@@ -836,7 +836,8 @@ int ssl3_write_pending(SSL *s, int type,
  return(s->s3->wpend_ret);
  }
  else if (i <= 0) {
- if (s->version == DTLS1_VERSION) {
+ if (s->version == DTLS1_VERSION ||
+    s->version == DTLS1_BAD_VER) {
  /* For DTLS, just drop it. That's kind of the whole
    point in using a datagram service */
  wb->left = 0;
Index: ssl/s3_srvr.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.171
diff -u -p -r1.171 s3_srvr.c
--- ssl/s3_srvr.c 7 Jan 2009 23:44:27 -0000 1.171
+++ ssl/s3_srvr.c 19 Apr 2009 18:23:54 -0000
@@ -1920,7 +1920,7 @@ int ssl3_get_client_key_exchange(SSL *s)
  }
 
  /* TLS and [incidentally] DTLS{0xFEFF} */
- if (s->version > SSL3_VERSION)
+ if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
  {
  n2s(p,i);
  if (n != i+2)
Index: ssl/ssl.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl.h,v
retrieving revision 1.221.2.3
diff -u -p -r1.221.2.3 ssl.h
--- ssl/ssl.h 7 Apr 2009 17:01:07 -0000 1.221.2.3
+++ ssl/ssl.h 19 Apr 2009 17:42:51 -0000
@@ -542,6 +542,8 @@ typedef struct ssl_session_st
 #define SSL_OP_COOKIE_EXCHANGE              0x00002000L
 /* Don't use RFC4507 ticket extension */
 #define SSL_OP_NO_TICKET            0x00004000L
+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
+#define SSL_OP_CISCO_ANYCONNECT    0x00008000L
 
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
Index: ssl/ssl_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_lib.c,v
retrieving revision 1.176.2.1
diff -u -p -r1.176.2.1 ssl_lib.c
--- ssl/ssl_lib.c 4 Apr 2009 17:57:33 -0000 1.176.2.1
+++ ssl/ssl_lib.c 19 Apr 2009 17:42:51 -0000
@@ -1038,7 +1038,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
  s->max_cert_list=larg;
  return(l);
  case SSL_CTRL_SET_MTU:
- if (SSL_version(s) == DTLS1_VERSION)
+ if (SSL_version(s) == DTLS1_VERSION ||
+    SSL_version(s) == DTLS1_BAD_VER)
  {
  s->d1->mtu = larg;
  return larg;
Index: ssl/ssl_sess.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.74
diff -u -p -r1.74 ssl_sess.c
--- ssl/ssl_sess.c 15 Nov 2008 17:18:11 -0000 1.74
+++ ssl/ssl_sess.c 19 Apr 2009 17:42:51 -0000
@@ -300,6 +300,11 @@ int ssl_get_new_session(SSL *s, int sess
  ss->ssl_version=TLS1_VERSION;
  ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
  }
+ else if (s->version == DTLS1_BAD_VER)
+ {
+ ss->ssl_version=DTLS1_BAD_VER;
+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ }
  else if (s->version == DTLS1_VERSION)
  {
  ss->ssl_version=DTLS1_VERSION;
Index: ssl/t1_enc.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/t1_enc.c,v
retrieving revision 1.57
diff -u -p -r1.57 t1_enc.c
--- ssl/t1_enc.c 11 Jan 2009 20:34:23 -0000 1.57
+++ ssl/t1_enc.c 19 Apr 2009 18:40:43 -0000
@@ -882,7 +882,7 @@ int tls1_mac(SSL *ssl, unsigned char *md
  mac_ctx = &hmac;
  }
 
- if (ssl->version == DTLS1_VERSION)
+ if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
  {
  unsigned char dtlsseq[8],*p=dtlsseq;
 
@@ -911,7 +911,7 @@ printf("rec=");
 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
 
- if (ssl->version != DTLS1_VERSION)
+ if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
  {
  for (i=7; i>=0; i--)
  {

--
dwmw2

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

Rich Salz via RT
On Thu, 2009-02-26 at 21:03 +0900, David Woodhouse wrote:

> On Thu, 2009-02-26 at 13:00 +0900, David Woodhouse wrote:
> > Generating a patch against HEAD will take me a little longer (and be
> > less directly useful, in the foreseeable future, because distributions
> > are actually shipping 0.9.8x.)
>
> I'm working on this; I've rediscovered my standalone test case and will
> spend much of the next 24 hours locked in airplanes where I can poke at
> it.
>
> My current patch against HEAD isn't working yet because I still need to
> add some of the existing backward-compatibility support which is in the
> stable branch but not HEAD.

I finally threw away everything I'd done and started again from scratch,
and I have it working against openssl-1.0.0-beta1.

Again, this is required for interoperation with existing OpenSSL-based
deployments which are quite common "out there", and which can't be
updated to use the "real" protocol.

Index: ssl/d1_both.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_both.c,v
retrieving revision 1.14.2.4
diff -u -p -r1.14.2.4 d1_both.c
--- ssl/d1_both.c 15 Apr 2009 14:49:36 -0000 1.14.2.4
+++ ssl/d1_both.c 19 Apr 2009 18:35:41 -0000
@@ -300,7 +300,7 @@ int dtls1_do_write(SSL *s, int type)
  const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
  int xlen;
 
- if (frag_off == 0)
+ if (frag_off == 0 && s->version != DTLS1_BAD_VER)
  {
  /* reconstruct message header is if it
  * is being sent in single fragment */
@@ -407,8 +407,10 @@ long dtls1_get_message(SSL *s, int st1,
  s2n (msg_hdr->seq,p);
  l2n3(0,p);
  l2n3(msg_len,p);
- p       -= DTLS1_HM_HEADER_LENGTH;
- msg_len += DTLS1_HM_HEADER_LENGTH;
+ if (s->version != DTLS1_BAD_VER) {
+ p       -= DTLS1_HM_HEADER_LENGTH;
+ msg_len += DTLS1_HM_HEADER_LENGTH;
+ }
 
  ssl3_finish_mac(s, p, msg_len);
  if (s->msg_callback)
@@ -775,6 +777,13 @@ int dtls1_send_change_cipher_spec(SSL *s
  *p++=SSL3_MT_CCS;
  s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
  s->init_num=DTLS1_CCS_HEADER_LENGTH;
+
+ if (s->version == DTLS1_BAD_VER) {
+ s->d1->next_handshake_write_seq++;
+ s2n(s->d1->handshake_write_seq,p);
+ s->init_num+=2;
+ }
+
  s->init_off=0;
 
  dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
@@ -989,7 +998,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
  if ( is_ccs)
  {
  OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
+       ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
  }
  else
  {
Index: ssl/d1_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.16.2.3
diff -u -p -r1.16.2.3 d1_clnt.c
--- ssl/d1_clnt.c 14 Apr 2009 14:33:12 -0000 1.16.2.3
+++ ssl/d1_clnt.c 19 Apr 2009 17:42:51 -0000
@@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s
 
 static const SSL_METHOD *dtls1_get_client_method(int ver)
  {
- if (ver == DTLS1_VERSION)
+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
  return(DTLSv1_client_method());
  else
  return(NULL);
@@ -181,7 +181,8 @@ int dtls1_connect(SSL *s)
  s->server=0;
  if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
+    (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
  {
  SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
  ret = -1;
Index: ssl/d1_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_lib.c,v
retrieving revision 1.8.2.1
diff -u -p -r1.8.2.1 d1_lib.c
--- ssl/d1_lib.c 14 Apr 2009 14:20:56 -0000 1.8.2.1
+++ ssl/d1_lib.c 19 Apr 2009 17:42:51 -0000
@@ -176,7 +176,10 @@ void dtls1_free(SSL *s)
 void dtls1_clear(SSL *s)
  {
  ssl3_clear(s);
- s->version=DTLS1_VERSION;
+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ s->version=DTLS1_BAD_VER;
+ else
+ s->version=DTLS1_VERSION;
  }
 
 /*
Index: ssl/d1_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_pkt.c,v
retrieving revision 1.27.2.4
diff -u -p -r1.27.2.4 d1_pkt.c
--- ssl/d1_pkt.c 15 Apr 2009 14:49:36 -0000 1.27.2.4
+++ ssl/d1_pkt.c 19 Apr 2009 18:37:44 -0000
@@ -591,7 +591,7 @@ again:
  }
  }
 
- if ((version & 0xff00) != (DTLS1_VERSION & 0xff00))
+ if ((version & 0xff00) != (s->version & 0xff00))
  {
  SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
  goto err;
@@ -1067,13 +1067,17 @@ start:
  if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
  {
  struct ccs_header_st ccs_hdr;
+ int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
 
  dtls1_get_ccs_header(rr->data, &ccs_hdr);
 
+ if (s->version == DTLS1_BAD_VER)
+ ccs_hdr_len = 3;
+
  /* 'Change Cipher Spec' is just a single byte, so we know
  * exactly what the record payload has to look like */
  /* XDTLS: check that epoch is consistent */
- if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) ||
+ if ( (rr->length != ccs_hdr_len) ||
  (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
  {
  i=SSL_AD_ILLEGAL_PARAMETER;
@@ -1094,6 +1098,9 @@ start:
  /* do this whenever CCS is processed */
  dtls1_reset_seq_numbers(s, SSL3_CC_READ);
 
+ if (s->version == DTLS1_BAD_VER)
+ s->d1->handshake_read_seq++;
+
  goto start;
  }
 
@@ -1401,7 +1408,7 @@ int do_dtls1_write(SSL *s, int type, con
 #if 0
  /* 'create_empty_fragment' is true only when this function calls itself */
  if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION)
+    && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
  {
  /* countermeasure against known-IV weakness in CBC ciphersuites
  * (see http://www.openssl.org/~bodo/tls-cbc.txt)
@@ -1428,7 +1435,6 @@ int do_dtls1_write(SSL *s, int type, con
  s->s3->empty_fragment_done = 1;
  }
 #endif
-
  p = wb->buf + prefix_len;
 
  /* write the header */
Index: ssl/d1_srvr.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/d1_srvr.c,v
retrieving revision 1.20.2.2
diff -u -p -r1.20.2.2 d1_srvr.c
--- ssl/d1_srvr.c 14 Apr 2009 14:33:12 -0000 1.20.2.2
+++ ssl/d1_srvr.c 19 Apr 2009 18:17:04 -0000
@@ -292,7 +292,8 @@ int dtls1_accept(SSL *s)
  s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
 
  /* HelloVerifyRequest resets Finished MAC */
- ssl3_init_finished_mac(s);
+ if (s->version != DTLS1_BAD_VER)
+ ssl3_init_finished_mac(s);
  break;
 
  case SSL3_ST_SW_SRVR_HELLO_A:
Index: ssl/dtls1.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/dtls1.h,v
retrieving revision 1.12.2.4
diff -u -p -r1.12.2.4 dtls1.h
--- ssl/dtls1.h 15 Apr 2009 14:49:36 -0000 1.12.2.4
+++ ssl/dtls1.h 19 Apr 2009 17:49:49 -0000
@@ -68,6 +68,7 @@ extern "C" {
 #endif
 
 #define DTLS1_VERSION 0xFEFF
+#define DTLS1_BAD_VER 0x0100
 
 #if 0
 /* this alert description is not specified anywhere... */
Index: ssl/s3_clnt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.129
diff -u -p -r1.129 s3_clnt.c
--- ssl/s3_clnt.c 14 Feb 2009 21:49:38 -0000 1.129
+++ ssl/s3_clnt.c 19 Apr 2009 17:42:51 -0000
@@ -737,7 +737,7 @@ int ssl3_get_server_hello(SSL *s)
 
  if (!ok) return((int)n);
 
- if ( SSL_version(s) == DTLS1_VERSION)
+ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
  {
  if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
  {
Index: ssl/s3_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_pkt.c,v
retrieving revision 1.72.2.2
diff -u -p -r1.72.2.2 s3_pkt.c
--- ssl/s3_pkt.c 16 Apr 2009 17:22:50 -0000 1.72.2.2
+++ ssl/s3_pkt.c 19 Apr 2009 18:22:32 -0000
@@ -177,8 +177,8 @@ int ssl3_read_n(SSL *s, int n, int max,
  }
 
  /* extend reads should not span multiple packets for DTLS */
- if ( SSL_version(s) == DTLS1_VERSION &&
- extend)
+ if ( (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+     && extend)
  {
  if ( left > 0 && n > left)
  n = left;
@@ -836,7 +836,8 @@ int ssl3_write_pending(SSL *s, int type,
  return(s->s3->wpend_ret);
  }
  else if (i <= 0) {
- if (s->version == DTLS1_VERSION) {
+ if (s->version == DTLS1_VERSION ||
+    s->version == DTLS1_BAD_VER) {
  /* For DTLS, just drop it. That's kind of the whole
    point in using a datagram service */
  wb->left = 0;
Index: ssl/s3_srvr.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.171
diff -u -p -r1.171 s3_srvr.c
--- ssl/s3_srvr.c 7 Jan 2009 23:44:27 -0000 1.171
+++ ssl/s3_srvr.c 19 Apr 2009 18:23:54 -0000
@@ -1920,7 +1920,7 @@ int ssl3_get_client_key_exchange(SSL *s)
  }
 
  /* TLS and [incidentally] DTLS{0xFEFF} */
- if (s->version > SSL3_VERSION)
+ if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
  {
  n2s(p,i);
  if (n != i+2)
Index: ssl/ssl.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl.h,v
retrieving revision 1.221.2.3
diff -u -p -r1.221.2.3 ssl.h
--- ssl/ssl.h 7 Apr 2009 17:01:07 -0000 1.221.2.3
+++ ssl/ssl.h 19 Apr 2009 17:42:51 -0000
@@ -542,6 +542,8 @@ typedef struct ssl_session_st
 #define SSL_OP_COOKIE_EXCHANGE              0x00002000L
 /* Don't use RFC4507 ticket extension */
 #define SSL_OP_NO_TICKET            0x00004000L
+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
+#define SSL_OP_CISCO_ANYCONNECT    0x00008000L
 
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
Index: ssl/ssl_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_lib.c,v
retrieving revision 1.176.2.1
diff -u -p -r1.176.2.1 ssl_lib.c
--- ssl/ssl_lib.c 4 Apr 2009 17:57:33 -0000 1.176.2.1
+++ ssl/ssl_lib.c 19 Apr 2009 17:42:51 -0000
@@ -1038,7 +1038,8 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
  s->max_cert_list=larg;
  return(l);
  case SSL_CTRL_SET_MTU:
- if (SSL_version(s) == DTLS1_VERSION)
+ if (SSL_version(s) == DTLS1_VERSION ||
+    SSL_version(s) == DTLS1_BAD_VER)
  {
  s->d1->mtu = larg;
  return larg;
Index: ssl/ssl_sess.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.74
diff -u -p -r1.74 ssl_sess.c
--- ssl/ssl_sess.c 15 Nov 2008 17:18:11 -0000 1.74
+++ ssl/ssl_sess.c 19 Apr 2009 17:42:51 -0000
@@ -300,6 +300,11 @@ int ssl_get_new_session(SSL *s, int sess
  ss->ssl_version=TLS1_VERSION;
  ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
  }
+ else if (s->version == DTLS1_BAD_VER)
+ {
+ ss->ssl_version=DTLS1_BAD_VER;
+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+ }
  else if (s->version == DTLS1_VERSION)
  {
  ss->ssl_version=DTLS1_VERSION;
Index: ssl/t1_enc.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/t1_enc.c,v
retrieving revision 1.57
diff -u -p -r1.57 t1_enc.c
--- ssl/t1_enc.c 11 Jan 2009 20:34:23 -0000 1.57
+++ ssl/t1_enc.c 19 Apr 2009 18:40:43 -0000
@@ -882,7 +882,7 @@ int tls1_mac(SSL *ssl, unsigned char *md
  mac_ctx = &hmac;
  }
 
- if (ssl->version == DTLS1_VERSION)
+ if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
  {
  unsigned char dtlsseq[8],*p=dtlsseq;
 
@@ -911,7 +911,7 @@ printf("rec=");
 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
 
- if (ssl->version != DTLS1_VERSION)
+ if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
  {
  for (i=7; i>=0; i--)
  {

--
dwmw2


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

David Woodhouse-7
In reply to this post by David Woodhouse-7
On Sun, 2009-04-19 at 19:44 +0100, David Woodhouse wrote:
> I finally threw away everything I'd done and started again from scratch,
> and I have it working against openssl-1.0.0-beta1.

Thanks for applying it to 0.9.8 and 1.0.0 branches. If we apply this
simple fix first, the 1.0.0 version of the patch also applies to HEAD...

Index: ssl/s3_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_pkt.c,v
retrieving revision 1.73
diff -u -p -r1.73 s3_pkt.c
--- ssl/s3_pkt.c 7 Apr 2009 16:33:26 -0000 1.73
+++ ssl/s3_pkt.c 20 Apr 2009 01:28:10 -0000
@@ -837,8 +837,7 @@ int ssl3_write_pending(SSL *s, int type,
  }
  else if (i <= 0) {
  if (s->version == DTLS1_VERSION) {
- /* For DTLS, just drop it. That's kind of the wh
-ole
+ /* For DTLS, just drop it. That's kind of the whole
    point in using a datagram service */
  wb->left = 0;
  }

--
dwmw2

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #1751] [PATCH] Support DTLS compatibility with Cisco AnyConnect VPN

Rich Salz via RT
On Sun, 2009-04-19 at 19:44 +0100, David Woodhouse wrote:
> I finally threw away everything I'd done and started again from scratch,
> and I have it working against openssl-1.0.0-beta1.

Thanks for applying it to 0.9.8 and 1.0.0 branches. If we apply this
simple fix first, the 1.0.0 version of the patch also applies to HEAD...

Index: ssl/s3_pkt.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/ssl/s3_pkt.c,v
retrieving revision 1.73
diff -u -p -r1.73 s3_pkt.c
--- ssl/s3_pkt.c 7 Apr 2009 16:33:26 -0000 1.73
+++ ssl/s3_pkt.c 20 Apr 2009 01:28:10 -0000
@@ -837,8 +837,7 @@ int ssl3_write_pending(SSL *s, int type,
  }
  else if (i <= 0) {
  if (s->version == DTLS1_VERSION) {
- /* For DTLS, just drop it. That's kind of the wh
-ole
+ /* For DTLS, just drop it. That's kind of the whole
    point in using a datagram service */
  wb->left = 0;
  }

--
dwmw2


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]