diff -up openssl-1.0.1e/crypto/bio/bio.h.sctp openssl-1.0.1e/crypto/bio/bio.h
--- openssl-1.0.1e/crypto/bio/bio.h.sctp 2016-04-07 13:54:03.296270801 +0200
+++ openssl-1.0.1e/crypto/bio/bio.h 2016-04-07 14:02:53.436214294 +0200
@@ -175,6 +175,8 @@ extern "C" {
#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to
* adjust socket timeouts */
+#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49
+
#ifndef OPENSSL_NO_SCTP
/* SCTP stuff */
#define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
@@ -607,6 +609,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
#define BIO_dgram_set_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+#define BIO_dgram_get_mtu_overhead(b) \
+ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
/* These two aren't currently implemented */
/* int BIO_get_ex_num(BIO *bio); */
diff -up openssl-1.0.1e/crypto/bio/bss_dgram.c.sctp openssl-1.0.1e/crypto/bio/bss_dgram.c
--- openssl-1.0.1e/crypto/bio/bss_dgram.c.sctp 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/bio/bss_dgram.c 2016-04-07 14:02:53.437214317 +0200
@@ -454,6 +454,36 @@ static int dgram_write(BIO *b, const cha
return(ret);
}
+static long dgram_get_mtu_overhead(bio_dgram_data *data)
+ {
+ long ret;
+
+ switch (data->peer.sa.sa_family)
+ {
+ case AF_INET:
+ /* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+ ret = 28;
+ break;
+#if OPENSSL_USE_IPV6
+ case AF_INET6:
+#ifdef IN6_IS_ADDR_V4MAPPED
+ if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
+ /* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+ ret = 28;
+ else
+#endif
+ /* Assume this is UDP - 40 bytes for IP, 8 bytes for UDP */
+ ret = 48;
+ break;
+#endif
+ default:
+ /* We don't know. Go with the historical default */
+ ret = 28;
+ break;
+ }
+ return ret;
+ }
+
static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret=1;
@@ -630,23 +660,24 @@ static long dgram_ctrl(BIO *b, int cmd,
#endif
break;
case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+ ret = -dgram_get_mtu_overhead(data);
switch (data->peer.sa.sa_family)
{
case AF_INET:
- ret = 576 - 20 - 8;
+ ret += 576;
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
#ifdef IN6_IS_ADDR_V4MAPPED
if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
- ret = 576 - 20 - 8;
+ ret += 576;
else
#endif
- ret = 1280 - 40 - 8;
+ ret += 1280;
break;
#endif
default:
- ret = 576 - 20 - 8;
+ ret += 576;
break;
}
break;
@@ -847,6 +878,9 @@ static long dgram_ctrl(BIO *b, int cmd,
ret = 0;
break;
#endif
+ case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+ ret = dgram_get_mtu_overhead(data);
+ break;
default:
ret=0;
break;
@@ -906,8 +940,8 @@ BIO *BIO_new_dgram_sctp(int fd, int clos
memset(authchunks, 0, sizeof(sockopt_len));
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
OPENSSL_assert(ret >= 0);
-
- for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+
+ for (p = (unsigned char*) authchunks->gauth_chunks;
p < (unsigned char*) authchunks + sockopt_len;
p += sizeof(uint8_t))
{
@@ -1197,7 +1231,7 @@ static int dgram_sctp_read(BIO *b, char
ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
OPENSSL_assert(ii >= 0);
- for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+ for (p = (unsigned char*) authchunks->gauth_chunks;
p < (unsigned char*) authchunks + optlen;
p += sizeof(uint8_t))
{
@@ -1367,6 +1401,10 @@ static long dgram_sctp_ctrl(BIO *b, int
* Returns always 1.
*/
break;
+ case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+ /* We allow transport protocol fragmentation so this is irrelevant */
+ ret = 0;
+ break;
case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
if (num > 0)
data->in_handshake = 1;
@@ -1399,6 +1437,7 @@ static long dgram_sctp_ctrl(BIO *b, int
memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, sockopt_len);
+ OPENSSL_free(authkey);
if (ret < 0) break;
/* Reset active key */
diff -up openssl-1.0.1e/ssl/d1_both.c.sctp openssl-1.0.1e/ssl/d1_both.c
--- openssl-1.0.1e/ssl/d1_both.c.sctp 2016-04-07 14:09:35.193261496 +0200
+++ openssl-1.0.1e/ssl/d1_both.c 2016-04-07 14:11:18.838592357 +0200
@@ -1458,14 +1458,17 @@ int dtls1_shutdown(SSL *s)
{
int ret;
#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+ BIO *wbio;
+
+ wbio = SSL_get_wbio(s);
+ if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
!(s->shutdown & SSL_SENT_SHUTDOWN))
{
- ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+ ret = BIO_dgram_sctp_wait_for_dry(wbio);
if (ret < 0) return -1;
if (ret == 0)
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
+ BIO_ctrl(wbio, BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
}
#endif
ret = ssl3_shutdown(s);
diff -up openssl-1.0.1e/ssl/d1_clnt.c.sctp openssl-1.0.1e/ssl/d1_clnt.c
--- openssl-1.0.1e/ssl/d1_clnt.c.sctp 2016-04-07 13:54:03.505275509 +0200
+++ openssl-1.0.1e/ssl/d1_clnt.c 2016-04-07 14:06:48.581511870 +0200
@@ -338,9 +338,13 @@ int dtls1_connect(SSL *s)
snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0)
+ {
+ ret = -1;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -479,9 +483,13 @@ int dtls1_connect(SSL *s)
snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0)
+ {
+ ret = -1;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -538,13 +546,6 @@ int dtls1_connect(SSL *s)
SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_SCTP
- /* Change to new shared key of SCTP-Auth,
- * will be ignored if no SCTP used.
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
-
s->state=SSL3_ST_CW_FINISHED_A;
s->init_num=0;
@@ -571,6 +572,16 @@ int dtls1_connect(SSL *s)
goto end;
}
+#ifndef OPENSSL_NO_SCTP
+ if (s->hit)
+ {
+ /* Change to new shared key of SCTP-Auth,
+ * will be ignored if no SCTP used.
+ */
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+ }
+#endif
+
dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
break;
@@ -613,6 +624,13 @@ int dtls1_connect(SSL *s)
}
else
{
+#ifndef OPENSSL_NO_SCTP
+ /* Change to new shared key of SCTP-Auth,
+ * will be ignored if no SCTP used.
+ */
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+
#ifndef OPENSSL_NO_TLSEXT
/* Allow NewSessionTicket if ticket expected */
if (s->tlsext_ticket_expected)
diff -up openssl-1.0.1e/ssl/d1_srvr.c.sctp openssl-1.0.1e/ssl/d1_srvr.c
--- openssl-1.0.1e/ssl/d1_srvr.c.sctp 2016-04-07 13:54:03.529276050 +0200
+++ openssl-1.0.1e/ssl/d1_srvr.c 2016-04-07 14:08:56.110382568 +0200
@@ -395,9 +395,13 @@ int dtls1_accept(SSL *s)
snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0)
+ {
+ ret = -1;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -609,9 +613,13 @@ int dtls1_accept(SSL *s)
snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0)
+ {
+ ret = -1;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -713,10 +721,13 @@ int dtls1_accept(SSL *s)
if (ret <= 0) goto end;
#ifndef OPENSSL_NO_SCTP
- /* Change to new shared key of SCTP-Auth,
- * will be ignored if no SCTP used.
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+ if (!s->hit)
+ {
+ /* Change to new shared key of SCTP-Auth,
+ * will be ignored if no SCTP used.
+ */
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+ }
#endif
s->state=SSL3_ST_SW_FINISHED_A;
@@ -741,7 +752,16 @@ int dtls1_accept(SSL *s)
if (ret <= 0) goto end;
s->state=SSL3_ST_SW_FLUSH;
if (s->hit)
+ {
s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+
+#ifndef OPENSSL_NO_SCTP
+ /* Change to new shared key of SCTP-Auth,
+ * will be ignored if no SCTP used.
+ */
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+ }
else
{
s->s3->tmp.next_state=SSL_ST_OK;