aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/tls/tls_record.cpp34
-rw-r--r--src/tls/tls_record.h7
2 files changed, 19 insertions, 22 deletions
diff --git a/src/tls/tls_record.cpp b/src/tls/tls_record.cpp
index dc3b68c8e..9a439b86d 100644
--- a/src/tls/tls_record.cpp
+++ b/src/tls/tls_record.cpp
@@ -19,11 +19,11 @@ namespace Botan {
namespace TLS {
-Connection_Cipher_State::Connection_Cipher_State(
- Protocol_Version version,
- Connection_Side side,
- const Ciphersuite& suite,
- const Session_Keys& keys)
+Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
+ Connection_Side side,
+ const Ciphersuite& suite,
+ const Session_Keys& keys) :
+ m_is_ssl3(version == Protocol_Version::SSL_V3)
{
SymmetricKey mac_key, cipher_key;
InitializationVector iv;
@@ -108,7 +108,7 @@ void write_record(std::vector<byte>& output,
cipherstate->mac()->update_be(msg_sequence_number);
cipherstate->mac()->update(msg_type);
- if(version != Protocol_Version::SSL_V3)
+ if(cipherstate->mac_includes_record_version())
{
cipherstate->mac()->update(version.major_version());
cipherstate->mac()->update(version.minor_version());
@@ -228,7 +228,7 @@ size_t fill_buffer_to(std::vector<byte>& readbuf,
* Also returns 0 if block_size == 0, so can be safely called with a
* stream cipher in use.
*/
-size_t tls_padding_check(Protocol_Version version,
+size_t tls_padding_check(bool sslv3_padding,
size_t block_size,
const byte record[],
size_t record_len)
@@ -245,7 +245,7 @@ size_t tls_padding_check(Protocol_Version version,
* SSL v3 requires that the padding be less than the block size
* but not does specify the value of the padding bytes.
*/
- if(version == Protocol_Version::SSL_V3)
+ if(sslv3_padding)
{
if(padding_length > 0 && padding_length < block_size)
return (padding_length + 1);
@@ -274,7 +274,6 @@ size_t read_record(std::vector<byte>& readbuf,
byte& msg_type,
std::vector<byte>& msg,
u64bit msg_sequence,
- Protocol_Version negotiated_version,
Connection_Cipher_State* cipherstate)
{
consumed = 0;
@@ -293,10 +292,6 @@ size_t read_record(std::vector<byte>& readbuf,
// Possible SSLv2 format client hello
if((!cipherstate) && (readbuf[0] & 0x80) && (readbuf[2] == 1))
{
- if(negotiated_version.is_datagram_protocol())
- throw TLS_Exception(Alert::PROTOCOL_VERSION,
- "Client sent SSLv2-style DTLS hello");
-
if(readbuf[3] == 0 && readbuf[4] == 2)
throw TLS_Exception(Alert::PROTOCOL_VERSION,
"Client claims to only support SSLv2, rejecting");
@@ -393,9 +388,6 @@ size_t read_record(std::vector<byte>& readbuf,
return 0; // got a full record
}
- BOTAN_ASSERT(negotiated_version.valid(),
- "We know what version we are using");
-
// Otherwise, decrypt, check MAC, return plaintext
const size_t block_size = cipherstate->block_size();
const size_t iv_size = cipherstate->iv_size();
@@ -442,8 +434,8 @@ size_t read_record(std::vector<byte>& readbuf,
* padding_length fields are padding from our perspective.
*/
const size_t pad_size =
- tls_padding_check(negotiated_version, block_size,
- record_contents, record_len);
+ tls_padding_check(cipherstate->cipher_padding_single_byte(),
+ block_size, record_contents, record_len);
const size_t mac_pad_iv_size = mac_size + pad_size + iv_size;
@@ -453,10 +445,10 @@ size_t read_record(std::vector<byte>& readbuf,
cipherstate->mac()->update_be(msg_sequence);
cipherstate->mac()->update(readbuf[0]); // msg_type
- if(negotiated_version != Protocol_Version::SSL_V3)
+ if(cipherstate->mac_includes_record_version())
{
- cipherstate->mac()->update(negotiated_version.major_version());
- cipherstate->mac()->update(negotiated_version.minor_version());
+ cipherstate->mac()->update(record_version.major_version());
+ cipherstate->mac()->update(record_version.minor_version());
}
const u16bit plain_length = record_len - mac_pad_iv_size;
diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h
index 09e247032..2b415edb8 100644
--- a/src/tls/tls_record.h
+++ b/src/tls/tls_record.h
@@ -50,6 +50,10 @@ class Connection_Cipher_State
size_t mac_size() const { return m_mac->output_length(); }
size_t iv_size() const { return m_iv_size; }
+
+ bool mac_includes_record_version() const { return !m_is_ssl3; }
+
+ bool cipher_padding_single_byte() const { return m_is_ssl3; }
private:
std::unique_ptr<BlockCipher> m_block_cipher;
secure_vector<byte> m_block_cipher_cbc_state;
@@ -57,6 +61,7 @@ class Connection_Cipher_State
std::unique_ptr<MessageAuthenticationCode> m_mac;
size_t m_block_size = 0;
size_t m_iv_size = 0;
+ bool m_is_ssl3 = false;
};
/**
@@ -90,7 +95,7 @@ size_t read_record(std::vector<byte>& read_buffer,
byte& msg_type,
std::vector<byte>& msg,
u64bit msg_sequence,
- Protocol_Version version,
+ Protocol_Version& record_version,
Connection_Cipher_State* cipherstate);
}