This repository has been archived by the owner on Feb 2, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathdjwj-openssl-patch
155 lines (145 loc) · 5.09 KB
/
djwj-openssl-patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
diff -ruN orig/ssl/s3_pkt.c new/ssl/s3_pkt.c
--- orig/ssl/s3_pkt.c 2002-07-10 06:57:49.000000000 +0000
+++ new/ssl/s3_pkt.c 2020-02-13 10:52:07.146401030 +0000
@@ -354,6 +354,7 @@
goto err;
/* otherwise enc_err == -1 */
+ printf("djwj: Decryption Failed or Bad Record MAC. At ssl/s3_pkt.c:357 => Decryption Failed. tls3_enc() returned with enc_err=%d.\n", enc_err);
goto decryption_failed_or_bad_record_mac;
}
@@ -380,6 +381,7 @@
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
+ printf("djwj: Decryption Failed or Bad Record MAC. At ssl/s3_pkt.c:384 => MAC'd message length too long.");
goto decryption_failed_or_bad_record_mac;
#endif
}
@@ -391,6 +393,7 @@
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err;
#else
+ printf("djwj: Decryption Failed or Bad Record MAC. At ssl/s3_pkt.c:396 => MAC'd message shorter than expected.\n");
goto decryption_failed_or_bad_record_mac;
#endif
}
@@ -398,6 +401,7 @@
i=s->method->ssl3_enc->mac(s,md,0);
if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
{
+ printf("djwj: Decryption Failed or Bad Record MAC. At ssl/s3_pkt.c:404 => MAC in message and computed MAC are not equal.\n");
goto decryption_failed_or_bad_record_mac;
}
}
diff -ruN orig/ssl/s3_srvr.c new/ssl/s3_srvr.c
--- orig/ssl/s3_srvr.c 2002-11-29 11:31:51.000000000 +0000
+++ new/ssl/s3_srvr.c 2020-02-13 10:55:33.088817021 +0000
@@ -125,6 +125,7 @@
#include <openssl/md5.h>
#include "cryptlib.h"
+
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
static int ssl3_check_client_hello(SSL *s);
@@ -1362,6 +1363,8 @@
static int ssl3_get_client_key_exchange(SSL *s)
{
+ printf("djwj: Processing Client Key Exchange message.\n");
+
int i,al,ok;
long n;
unsigned long l;
@@ -1440,7 +1443,34 @@
n=i;
}
+ // djwj: start
+ unsigned start_cycles_high, start_cycles_low;
+ unsigned end_cycles_high, end_cycles_low;
+
+ asm volatile (
+ "CPUID;"
+ "RDTSC;"
+ "mov %%edx, %0;"
+ "mov %%eax, %1;"
+ : "=r" (start_cycles_high), "=r" (start_cycles_low)
+ :
+ : "%rax", "%rbx", "%rcx", "%rdx"
+ );
i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+ asm volatile(
+ "RDTSCP;"
+ "mov %%edx, %0;"
+ "mov %%eax, %1;"
+ "CPUID;"
+ : "=r" (end_cycles_high), "=r" (end_cycles_low)
+ :
+ : "%rax", "%rbx", "%rcx", "%rdx"
+ );
+ unsigned long long start = ((unsigned long long)start_cycles_high << 32) | start_cycles_low;
+ unsigned long long end = ((unsigned long long)end_cycles_high << 32) | end_cycles_low;
+
+ printf("djwj: internal measurement: time=%llu, p(hex)=", end-start); int dani; for (dani = 0; dani < (int)n; dani++) {printf("%02X", p[dani]);} printf("\n");
+ // djwj: end
al = -1;
@@ -1481,6 +1511,7 @@
* "Chosen Ciphertext Attacks Against Protocols Based on the RSA
* Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
*/
+ printf("djwj: Decryption failed of Pre-Master Secret from Client Key Exchange message. Replacing with random bytes instead. \n");
ERR_clear_error();
i = SSL_MAX_MASTER_KEY_LENGTH;
p[0] = s->client_version >> 8;
@@ -1494,6 +1525,10 @@
s->session->master_key,
p,i);
OPENSSL_cleanse(p,i);
+
+ printf("djwj: Derived master key ");
+ int i; for (i = 0; i < s->session->master_key_length; i++) {printf("%02X", s->session->master_key[i]);} printf(".\n");
+
}
else
#endif
@@ -1727,6 +1762,7 @@
return(1);
f_err:
+ printf("djwj: Sending Alert (level=Fatal) message. \n");
ssl3_send_alert(s,SSL3_AL_FATAL,al);
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
err:
@@ -2054,3 +2090,4 @@
/* SSL3_ST_SW_CERT_B */
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
}
+
diff -ruN orig/ssl/t1_enc.c new/ssl/t1_enc.c
--- orig/ssl/t1_enc.c 2002-11-28 08:09:03.000000000 +0000
+++ new/ssl/t1_enc.c 2020-02-13 10:52:07.146401030 +0000
@@ -616,6 +616,12 @@
{
ii=i=rec->data[l-1]; /* padding_length */
i++;
+
+ printf("djwj: ssl/t1_enc.c:619, tls3_enc: bs=%d, (padding_size)ii=%d, l=%u, (int)rec->length=%d", bs, i, l, (int)rec->length);
+ printf(", rec->input="); int j; for (j = 0; j < (int)rec->length; j++) {printf("%02X", rec->input[j]);}
+ printf(", rec->data="); for (j = 0; j < (int)rec->length; j++) {printf("%02X", rec->data[j]);}
+ printf("\n");
+
if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
{
/* First packet is even in size, so check */
diff -ruN orig/crypto/rsa/rsa_eay.c new/crypto/rsa/rsa_eay.c
--- orig/crypto/rsa/rsa_eay.c 2002-11-28 08:08:48.000000000 +0000
+++ new/crypto/rsa/rsa_eay.c 2020-03-07 22:47:58.186184189 +0000
@@ -318,8 +318,12 @@
if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
RSA_blinding_on(rsa,ctx);
- if (rsa->flags & RSA_FLAG_BLINDING)
+ if (rsa->flags & RSA_FLAG_BLINDING) {
+ printf("djwj: blinding=on\n");
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+ } else {
+ printf("djwj: blinding=off\n");
+ }
/* do the decrypt */
if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||