OLD | NEW |
1 /* ssl/s3_enc.c */ | 1 /* ssl/s3_enc.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
52 * | 52 * |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 /* ==================================================================== | 58 /* ==================================================================== |
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
60 * | 60 * |
61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
63 * are met: | 63 * are met: |
64 * | 64 * |
65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
67 * | 67 * |
68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
103 * OF THE POSSIBILITY OF SUCH DAMAGE. | 103 * OF THE POSSIBILITY OF SUCH DAMAGE. |
104 * ==================================================================== | 104 * ==================================================================== |
105 * | 105 * |
106 * This product includes cryptographic software written by Eric Young | 106 * This product includes cryptographic software written by Eric Young |
107 * (eay@cryptsoft.com). This product includes software written by Tim | 107 * (eay@cryptsoft.com). This product includes software written by Tim |
108 * Hudson (tjh@cryptsoft.com). | 108 * Hudson (tjh@cryptsoft.com). |
109 * | 109 * |
110 */ | 110 */ |
| 111 /* ==================================================================== |
| 112 * Copyright 2005 Nokia. All rights reserved. |
| 113 * |
| 114 * The portions of the attached software ("Contribution") is developed by |
| 115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source |
| 116 * license. |
| 117 * |
| 118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of |
| 119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
| 120 * support (see RFC 4279) to OpenSSL. |
| 121 * |
| 122 * No patent licenses or other rights except those expressly stated in |
| 123 * the OpenSSL open source license shall be deemed granted or received |
| 124 * expressly, by implication, estoppel, or otherwise. |
| 125 * |
| 126 * No assurances are provided by Nokia that the Contribution does not |
| 127 * infringe the patent or other intellectual property rights of any third |
| 128 * party or that the license provides you with all the necessary rights |
| 129 * to make use of the Contribution. |
| 130 * |
| 131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
| 132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
| 133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
| 134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
| 135 * OTHERWISE. |
| 136 */ |
111 | 137 |
112 #include <stdio.h> | 138 #include <stdio.h> |
113 #include "ssl_locl.h" | 139 #include "ssl_locl.h" |
114 #include "fnv1a64.h" | |
115 #include <openssl/evp.h> | 140 #include <openssl/evp.h> |
116 #include <openssl/md5.h> | 141 #include <openssl/md5.h> |
117 | 142 |
118 static unsigned char ssl3_pad_1[48]={ | 143 static unsigned char ssl3_pad_1[48]={ |
119 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, | 144 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, |
120 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, | 145 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, |
121 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, | 146 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, |
122 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, | 147 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, |
123 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, | 148 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, |
124 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 }; | 149 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 }; |
125 | 150 |
126 static unsigned char ssl3_pad_2[48]={ | 151 static unsigned char ssl3_pad_2[48]={ |
127 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, | 152 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, |
128 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, | 153 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, |
129 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, | 154 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, |
130 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, | 155 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, |
131 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, | 156 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, |
132 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; | 157 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; |
133 | 158 static int ssl3_handshake_mac(SSL *s, int md_nid, |
134 static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, | |
135 const char *sender, int len, unsigned char *p); | 159 const char *sender, int len, unsigned char *p); |
136 | |
137 static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) | 160 static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) |
138 { | 161 { |
139 EVP_MD_CTX m5; | 162 EVP_MD_CTX m5; |
140 EVP_MD_CTX s1; | 163 EVP_MD_CTX s1; |
141 unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; | 164 unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; |
142 unsigned char c='A'; | 165 unsigned char c='A'; |
143 unsigned int i,j,k; | 166 unsigned int i,j,k; |
144 | 167 |
145 #ifdef CHARSET_EBCDIC | 168 #ifdef CHARSET_EBCDIC |
146 c = os_toascii[c]; /*'A' in ASCII */ | 169 c = os_toascii[c]; /*'A' in ASCII */ |
147 #endif | 170 #endif |
148 k=0; | 171 k=0; |
149 EVP_MD_CTX_init(&m5); | 172 EVP_MD_CTX_init(&m5); |
150 EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | |
151 EVP_MD_CTX_init(&s1); | 173 EVP_MD_CTX_init(&s1); |
152 for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH) | 174 for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH) |
153 { | 175 { |
154 k++; | 176 k++; |
155 if (k > sizeof buf) | 177 if (k > sizeof buf) |
156 { | 178 { |
157 /* bug: 'buf' is too small for this ciphersuite */ | 179 /* bug: 'buf' is too small for this ciphersuite */ |
158 SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERR
OR); | 180 SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERR
OR); |
159 return 0; | 181 return 0; |
160 } | 182 } |
(...skipping 24 matching lines...) Expand all Loading... |
185 km+=MD5_DIGEST_LENGTH; | 207 km+=MD5_DIGEST_LENGTH; |
186 } | 208 } |
187 OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); | 209 OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); |
188 EVP_MD_CTX_cleanup(&m5); | 210 EVP_MD_CTX_cleanup(&m5); |
189 EVP_MD_CTX_cleanup(&s1); | 211 EVP_MD_CTX_cleanup(&s1); |
190 return 1; | 212 return 1; |
191 } | 213 } |
192 | 214 |
193 int ssl3_change_cipher_state(SSL *s, int which) | 215 int ssl3_change_cipher_state(SSL *s, int which) |
194 { | 216 { |
195 » unsigned char *p,*key_block,*mac_secret; | 217 » unsigned char *p,*mac_secret; |
196 unsigned char exp_key[EVP_MAX_KEY_LENGTH]; | 218 unsigned char exp_key[EVP_MAX_KEY_LENGTH]; |
197 unsigned char exp_iv[EVP_MAX_IV_LENGTH]; | 219 unsigned char exp_iv[EVP_MAX_IV_LENGTH]; |
198 unsigned char *ms,*key,*iv,*er1,*er2; | 220 unsigned char *ms,*key,*iv,*er1,*er2; |
199 EVP_CIPHER_CTX *dd; | 221 EVP_CIPHER_CTX *dd; |
200 const EVP_CIPHER *c; | 222 const EVP_CIPHER *c; |
201 #ifndef OPENSSL_NO_COMP | 223 #ifndef OPENSSL_NO_COMP |
202 COMP_METHOD *comp; | 224 COMP_METHOD *comp; |
203 #endif | 225 #endif |
204 const EVP_MD *m; | 226 const EVP_MD *m; |
205 EVP_MD_CTX md; | 227 EVP_MD_CTX md; |
206 int is_exp,n,i,j,k,cl; | 228 int is_exp,n,i,j,k,cl; |
207 int reuse_dd = 0; | 229 int reuse_dd = 0; |
208 | 230 |
209 is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); | 231 is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); |
210 c=s->s3->tmp.new_sym_enc; | 232 c=s->s3->tmp.new_sym_enc; |
211 m=s->s3->tmp.new_hash; | 233 m=s->s3->tmp.new_hash; |
| 234 /* m == NULL will lead to a crash later */ |
| 235 OPENSSL_assert(m); |
212 #ifndef OPENSSL_NO_COMP | 236 #ifndef OPENSSL_NO_COMP |
213 if (s->s3->tmp.new_compression == NULL) | 237 if (s->s3->tmp.new_compression == NULL) |
214 comp=NULL; | 238 comp=NULL; |
215 else | 239 else |
216 comp=s->s3->tmp.new_compression->method; | 240 comp=s->s3->tmp.new_compression->method; |
217 #endif | 241 #endif |
218 key_block=s->s3->tmp.key_block; | |
219 | 242 |
220 if (which & SSL3_CC_READ) | 243 if (which & SSL3_CC_READ) |
221 { | 244 { |
222 if (s->enc_read_ctx != NULL) | 245 if (s->enc_read_ctx != NULL) |
223 reuse_dd = 1; | 246 reuse_dd = 1; |
224 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))
) == NULL) | 247 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))
) == NULL) |
225 goto err; | 248 goto err; |
226 else | 249 else |
227 /* make sure it's intialized in case we exit later with
an error */ | 250 /* make sure it's intialized in case we exit later with
an error */ |
228 EVP_CIPHER_CTX_init(s->enc_read_ctx); | 251 EVP_CIPHER_CTX_init(s->enc_read_ctx); |
229 dd= s->enc_read_ctx; | 252 dd= s->enc_read_ctx; |
230 » » s->read_hash=m; | 253 |
| 254 » » ssl_replace_hash(&s->read_hash,m); |
231 #ifndef OPENSSL_NO_COMP | 255 #ifndef OPENSSL_NO_COMP |
232 /* COMPRESS */ | 256 /* COMPRESS */ |
233 if (s->expand != NULL) | 257 if (s->expand != NULL) |
234 { | 258 { |
235 COMP_CTX_free(s->expand); | 259 COMP_CTX_free(s->expand); |
236 s->expand=NULL; | 260 s->expand=NULL; |
237 } | 261 } |
238 if (comp != NULL) | 262 if (comp != NULL) |
239 { | 263 { |
240 s->expand=COMP_CTX_new(comp); | 264 s->expand=COMP_CTX_new(comp); |
(...skipping 15 matching lines...) Expand all Loading... |
256 else | 280 else |
257 { | 281 { |
258 if (s->enc_write_ctx != NULL) | 282 if (s->enc_write_ctx != NULL) |
259 reuse_dd = 1; | 283 reuse_dd = 1; |
260 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)
)) == NULL) | 284 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)
)) == NULL) |
261 goto err; | 285 goto err; |
262 else | 286 else |
263 /* make sure it's intialized in case we exit later with
an error */ | 287 /* make sure it's intialized in case we exit later with
an error */ |
264 EVP_CIPHER_CTX_init(s->enc_write_ctx); | 288 EVP_CIPHER_CTX_init(s->enc_write_ctx); |
265 dd= s->enc_write_ctx; | 289 dd= s->enc_write_ctx; |
266 » » s->write_hash=m; | 290 » » ssl_replace_hash(&s->write_hash,m); |
267 #ifndef OPENSSL_NO_COMP | 291 #ifndef OPENSSL_NO_COMP |
268 /* COMPRESS */ | 292 /* COMPRESS */ |
269 if (s->compress != NULL) | 293 if (s->compress != NULL) |
270 { | 294 { |
271 COMP_CTX_free(s->compress); | 295 COMP_CTX_free(s->compress); |
272 s->compress=NULL; | 296 s->compress=NULL; |
273 } | 297 } |
274 if (comp != NULL) | 298 if (comp != NULL) |
275 { | 299 { |
276 s->compress=COMP_CTX_new(comp); | 300 s->compress=COMP_CTX_new(comp); |
277 if (s->compress == NULL) | 301 if (s->compress == NULL) |
278 { | 302 { |
279 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMP
RESSION_LIBRARY_ERROR); | 303 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMP
RESSION_LIBRARY_ERROR); |
280 goto err2; | 304 goto err2; |
281 } | 305 } |
282 } | 306 } |
283 #endif | 307 #endif |
284 memset(&(s->s3->write_sequence[0]),0,8); | 308 memset(&(s->s3->write_sequence[0]),0,8); |
285 mac_secret= &(s->s3->write_mac_secret[0]); | 309 mac_secret= &(s->s3->write_mac_secret[0]); |
286 } | 310 } |
287 | 311 |
288 if (reuse_dd) | 312 if (reuse_dd) |
289 EVP_CIPHER_CTX_cleanup(dd); | 313 EVP_CIPHER_CTX_cleanup(dd); |
290 | 314 |
291 p=s->s3->tmp.key_block; | 315 p=s->s3->tmp.key_block; |
292 i=EVP_MD_size(m); | 316 i=EVP_MD_size(m); |
| 317 if (i < 0) |
| 318 goto err2; |
293 cl=EVP_CIPHER_key_length(c); | 319 cl=EVP_CIPHER_key_length(c); |
294 j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? | 320 j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? |
295 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; | 321 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; |
296 /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ | 322 /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ |
297 k=EVP_CIPHER_iv_length(c); | 323 k=EVP_CIPHER_iv_length(c); |
298 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | 324 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
299 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) | 325 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) |
300 { | 326 { |
301 ms= &(p[ 0]); n=i+i; | 327 ms= &(p[ 0]); n=i+i; |
302 key= &(p[ n]); n+=j+j; | 328 key= &(p[ n]); n+=j+j; |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
363 unsigned char *p; | 389 unsigned char *p; |
364 const EVP_CIPHER *c; | 390 const EVP_CIPHER *c; |
365 const EVP_MD *hash; | 391 const EVP_MD *hash; |
366 int num; | 392 int num; |
367 int ret = 0; | 393 int ret = 0; |
368 SSL_COMP *comp; | 394 SSL_COMP *comp; |
369 | 395 |
370 if (s->s3->tmp.key_block_length != 0) | 396 if (s->s3->tmp.key_block_length != 0) |
371 return(1); | 397 return(1); |
372 | 398 |
373 » if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp)) | 399 » if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp)) |
374 { | 400 { |
375 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILAB
LE); | 401 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILAB
LE); |
376 return(0); | 402 return(0); |
377 } | 403 } |
378 | 404 |
379 s->s3->tmp.new_sym_enc=c; | 405 s->s3->tmp.new_sym_enc=c; |
380 s->s3->tmp.new_hash=hash; | 406 s->s3->tmp.new_hash=hash; |
381 #ifdef OPENSSL_NO_COMP | 407 #ifdef OPENSSL_NO_COMP |
382 s->s3->tmp.new_compression=NULL; | 408 s->s3->tmp.new_compression=NULL; |
383 #else | 409 #else |
384 s->s3->tmp.new_compression=comp; | 410 s->s3->tmp.new_compression=comp; |
385 #endif | 411 #endif |
386 | 412 |
387 » num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); | 413 » num=EVP_MD_size(hash); |
| 414 » if (num < 0) |
| 415 » » return 0; |
| 416 |
| 417 » num=EVP_CIPHER_key_length(c)+num+EVP_CIPHER_iv_length(c); |
388 num*=2; | 418 num*=2; |
389 | 419 |
390 ssl3_cleanup_key_block(s); | 420 ssl3_cleanup_key_block(s); |
391 | 421 |
392 if ((p=OPENSSL_malloc(num)) == NULL) | 422 if ((p=OPENSSL_malloc(num)) == NULL) |
393 goto err; | 423 goto err; |
394 | 424 |
395 s->s3->tmp.key_block_length=num; | 425 s->s3->tmp.key_block_length=num; |
396 s->s3->tmp.key_block=p; | 426 s->s3->tmp.key_block=p; |
397 | 427 |
398 ret = ssl3_generate_key_block(s,p,num); | 428 ret = ssl3_generate_key_block(s,p,num); |
399 | 429 |
400 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) | 430 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) |
401 { | 431 { |
402 /* enable vulnerability countermeasure for CBC ciphers with | 432 /* enable vulnerability countermeasure for CBC ciphers with |
403 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) | 433 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) |
404 */ | 434 */ |
405 s->s3->need_empty_fragments = 1; | 435 s->s3->need_empty_fragments = 1; |
406 | 436 |
407 if (s->session->cipher != NULL) | 437 if (s->session->cipher != NULL) |
408 { | 438 { |
409 » » » if ((s->session->cipher->algorithms & SSL_ENC_MASK) == S
SL_eNULL) | 439 » » » if (s->session->cipher->algorithm_enc == SSL_eNULL) |
410 s->s3->need_empty_fragments = 0; | 440 s->s3->need_empty_fragments = 0; |
411 | 441 |
412 #ifndef OPENSSL_NO_RC4 | 442 #ifndef OPENSSL_NO_RC4 |
413 » » » if ((s->session->cipher->algorithms & SSL_ENC_MASK) == S
SL_RC4) | 443 » » » if (s->session->cipher->algorithm_enc == SSL_RC4) |
414 s->s3->need_empty_fragments = 0; | 444 s->s3->need_empty_fragments = 0; |
415 #endif | 445 #endif |
416 } | 446 } |
417 } | 447 } |
418 | 448 |
419 return ret; | 449 return ret; |
420 | 450 |
421 err: | 451 err: |
422 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); | 452 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); |
423 return(0); | 453 return(0); |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
474 bs=EVP_CIPHER_block_size(ds->cipher); | 504 bs=EVP_CIPHER_block_size(ds->cipher); |
475 | 505 |
476 /* COMPRESS */ | 506 /* COMPRESS */ |
477 | 507 |
478 if ((bs != 1) && send) | 508 if ((bs != 1) && send) |
479 { | 509 { |
480 i=bs-((int)l%bs); | 510 i=bs-((int)l%bs); |
481 | 511 |
482 /* we need to add 'i-1' padding bytes */ | 512 /* we need to add 'i-1' padding bytes */ |
483 l+=i; | 513 l+=i; |
| 514 /* the last of these zero bytes will be overwritten |
| 515 * with the padding length. */ |
| 516 memset(&rec->input[rec->length], 0, i); |
484 rec->length+=i; | 517 rec->length+=i; |
485 rec->input[l-1]=(i-1); | 518 rec->input[l-1]=(i-1); |
486 } | 519 } |
487 | 520 |
488 if (!send) | 521 if (!send) |
489 { | 522 { |
490 if (l == 0 || l%bs != 0) | 523 if (l == 0 || l%bs != 0) |
491 { | 524 { |
492 SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_
WRONG); | 525 SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_
WRONG); |
493 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTIO
N_FAILED); | 526 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTIO
N_FAILED); |
(...skipping 19 matching lines...) Expand all Loading... |
513 } | 546 } |
514 /* now i <= bs <= rec->length */ | 547 /* now i <= bs <= rec->length */ |
515 rec->length-=i; | 548 rec->length-=i; |
516 } | 549 } |
517 } | 550 } |
518 return(1); | 551 return(1); |
519 } | 552 } |
520 | 553 |
521 void ssl3_init_finished_mac(SSL *s) | 554 void ssl3_init_finished_mac(SSL *s) |
522 { | 555 { |
523 » EVP_MD_CTX_set_flags(&(s->s3->finish_dgst1), | 556 » if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); |
524 » » EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | 557 » if (s->s3->handshake_dgst) ssl3_free_digest_list(s); |
525 » EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); | 558 s->s3->handshake_buffer=BIO_new(BIO_s_mem());» |
526 » EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); | 559 » (void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE); |
527 } | 560 } |
528 | 561 |
| 562 void ssl3_free_digest_list(SSL *s) |
| 563 { |
| 564 int i; |
| 565 if (!s->s3->handshake_dgst) return; |
| 566 for (i=0;i<SSL_MAX_DIGEST;i++) |
| 567 { |
| 568 if (s->s3->handshake_dgst[i]) |
| 569 EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]); |
| 570 } |
| 571 OPENSSL_free(s->s3->handshake_dgst); |
| 572 s->s3->handshake_dgst=NULL; |
| 573 } |
| 574 |
| 575 |
| 576 |
529 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) | 577 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) |
530 { | 578 { |
531 » EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len); | 579 » if (s->s3->handshake_buffer) |
532 » EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len); | |
533 » if (s->s3->snap_start_requested) | |
534 { | 580 { |
535 » » /* Compute Fowler-Noll-Vo (FNV) hash for Snap Start handshake */ | 581 » » BIO_write (s->s3->handshake_buffer,(void *)buf,len); |
536 » » fnv1a64_update((FNV1A64*) s->s3->response_hash, buf, len); | 582 » » } |
537 » » } | 583 » else |
| 584 » » { |
| 585 » » int i; |
| 586 » » for (i=0;i< SSL_MAX_DIGEST;i++) |
| 587 » » » { |
| 588 » » » if (s->s3->handshake_dgst[i]!= NULL) |
| 589 » » » EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len); |
| 590 » » » } |
| 591 » » }» |
538 } | 592 } |
539 | 593 |
540 int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p) | 594 int ssl3_digest_cached_records(SSL *s) |
541 { | 595 { |
542 » return(ssl3_handshake_mac(s,ctx,NULL,0,p)); | 596 » int i; |
| 597 » long mask; |
| 598 » const EVP_MD *md; |
| 599 » long hdatalen; |
| 600 » void *hdata; |
| 601 |
| 602 » /* Allocate handshake_dgst array */ |
| 603 » ssl3_free_digest_list(s); |
| 604 » s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CT
X *)); |
| 605 » memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *)); |
| 606 » hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata); |
| 607 » if (hdatalen <= 0) |
| 608 » » { |
| 609 » » SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LEN
GTH); |
| 610 » » return 0; |
| 611 » » } |
| 612 |
| 613 » /* Loop through bitso of algorithm2 field and create MD_CTX-es */ |
| 614 » for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) |
| 615 » » { |
| 616 » » if ((mask & s->s3->tmp.new_cipher->algorithm2) && md) |
| 617 » » » { |
| 618 » » » s->s3->handshake_dgst[i]=EVP_MD_CTX_create(); |
| 619 » » » EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL); |
| 620 » » » EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen
); |
| 621 » » » } |
| 622 » » else |
| 623 » » » {» |
| 624 » » » s->s3->handshake_dgst[i]=NULL; |
| 625 » » » } |
| 626 » » } |
| 627 » /* Free handshake_buffer BIO */ |
| 628 » BIO_free(s->s3->handshake_buffer); |
| 629 » s->s3->handshake_buffer = NULL; |
| 630 |
| 631 » return 1; |
543 } | 632 } |
544 | 633 |
545 int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, | 634 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p) |
| 635 » { |
| 636 » return(ssl3_handshake_mac(s,md_nid,NULL,0,p)); |
| 637 » } |
| 638 int ssl3_final_finish_mac(SSL *s, |
546 const char *sender, int len, unsigned char *p) | 639 const char *sender, int len, unsigned char *p) |
547 { | 640 { |
548 int ret; | 641 int ret; |
549 | 642 » ret=ssl3_handshake_mac(s,NID_md5,sender,len,p); |
550 » ret=ssl3_handshake_mac(s,ctx1,sender,len,p); | |
551 p+=ret; | 643 p+=ret; |
552 » ret+=ssl3_handshake_mac(s,ctx2,sender,len,p); | 644 » ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p); |
553 return(ret); | 645 return(ret); |
554 } | 646 } |
555 | 647 static int ssl3_handshake_mac(SSL *s, int md_nid, |
556 static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, | |
557 const char *sender, int len, unsigned char *p) | 648 const char *sender, int len, unsigned char *p) |
558 { | 649 { |
559 unsigned int ret; | 650 unsigned int ret; |
560 int npad,n; | 651 int npad,n; |
561 unsigned int i; | 652 unsigned int i; |
562 unsigned char md_buf[EVP_MAX_MD_SIZE]; | 653 unsigned char md_buf[EVP_MAX_MD_SIZE]; |
563 » EVP_MD_CTX ctx; | 654 » EVP_MD_CTX ctx,*d=NULL; |
564 | 655 |
| 656 if (s->s3->handshake_buffer) |
| 657 if (!ssl3_digest_cached_records(s)) |
| 658 return 0; |
| 659 |
| 660 /* Search for digest of specified type in the handshake_dgst |
| 661 * array*/ |
| 662 for (i=0;i<SSL_MAX_DIGEST;i++) |
| 663 { |
| 664 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake
_dgst[i])==md_nid) |
| 665 { |
| 666 d=s->s3->handshake_dgst[i]; |
| 667 break; |
| 668 } |
| 669 } |
| 670 if (!d) { |
| 671 SSLerr(SSL_F_SSL3_HANDSHAKE_MAC,SSL_R_NO_REQUIRED_DIGEST); |
| 672 return 0; |
| 673 } |
565 EVP_MD_CTX_init(&ctx); | 674 EVP_MD_CTX_init(&ctx); |
566 » EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | 675 » EVP_MD_CTX_copy_ex(&ctx,d); |
567 » EVP_MD_CTX_copy_ex(&ctx,in_ctx); | 676 » n=EVP_MD_CTX_size(&ctx); |
| 677 » if (n < 0) |
| 678 » » return 0; |
568 | 679 |
569 n=EVP_MD_CTX_size(&ctx); | |
570 npad=(48/n)*n; | 680 npad=(48/n)*n; |
571 | |
572 if (sender != NULL) | 681 if (sender != NULL) |
573 EVP_DigestUpdate(&ctx,sender,len); | 682 EVP_DigestUpdate(&ctx,sender,len); |
574 EVP_DigestUpdate(&ctx,s->session->master_key, | 683 EVP_DigestUpdate(&ctx,s->session->master_key, |
575 s->session->master_key_length); | 684 s->session->master_key_length); |
576 EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); | 685 EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); |
577 EVP_DigestFinal_ex(&ctx,md_buf,&i); | 686 EVP_DigestFinal_ex(&ctx,md_buf,&i); |
578 | 687 |
579 EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL); | 688 EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL); |
580 EVP_DigestUpdate(&ctx,s->session->master_key, | 689 EVP_DigestUpdate(&ctx,s->session->master_key, |
581 s->session->master_key_length); | 690 s->session->master_key_length); |
582 EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); | 691 EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); |
583 EVP_DigestUpdate(&ctx,md_buf,i); | 692 EVP_DigestUpdate(&ctx,md_buf,i); |
584 EVP_DigestFinal_ex(&ctx,p,&ret); | 693 EVP_DigestFinal_ex(&ctx,p,&ret); |
585 | 694 |
586 EVP_MD_CTX_cleanup(&ctx); | 695 EVP_MD_CTX_cleanup(&ctx); |
587 | 696 |
588 return((int)ret); | 697 return((int)ret); |
589 } | 698 } |
590 | 699 |
591 int ssl3_mac(SSL *ssl, unsigned char *md, int send) | 700 int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) |
592 { | 701 { |
593 SSL3_RECORD *rec; | 702 SSL3_RECORD *rec; |
594 unsigned char *mac_sec,*seq; | 703 unsigned char *mac_sec,*seq; |
595 EVP_MD_CTX md_ctx; | 704 EVP_MD_CTX md_ctx; |
596 » const EVP_MD *hash; | 705 » const EVP_MD_CTX *hash; |
597 unsigned char *p,rec_char; | 706 unsigned char *p,rec_char; |
598 unsigned int md_size; | 707 unsigned int md_size; |
599 int npad; | 708 int npad; |
| 709 int t; |
600 | 710 |
601 if (send) | 711 if (send) |
602 { | 712 { |
603 rec= &(ssl->s3->wrec); | 713 rec= &(ssl->s3->wrec); |
604 mac_sec= &(ssl->s3->write_mac_secret[0]); | 714 mac_sec= &(ssl->s3->write_mac_secret[0]); |
605 seq= &(ssl->s3->write_sequence[0]); | 715 seq= &(ssl->s3->write_sequence[0]); |
606 hash=ssl->write_hash; | 716 hash=ssl->write_hash; |
607 } | 717 } |
608 else | 718 else |
609 { | 719 { |
610 rec= &(ssl->s3->rrec); | 720 rec= &(ssl->s3->rrec); |
611 mac_sec= &(ssl->s3->read_mac_secret[0]); | 721 mac_sec= &(ssl->s3->read_mac_secret[0]); |
612 seq= &(ssl->s3->read_sequence[0]); | 722 seq= &(ssl->s3->read_sequence[0]); |
613 hash=ssl->read_hash; | 723 hash=ssl->read_hash; |
614 } | 724 } |
615 | 725 |
616 » md_size=EVP_MD_size(hash); | 726 » t=EVP_MD_CTX_size(hash); |
| 727 » if (t < 0) |
| 728 » » return -1; |
| 729 » md_size=t; |
617 npad=(48/md_size)*md_size; | 730 npad=(48/md_size)*md_size; |
618 | 731 |
619 /* Chop the digest off the end :-) */ | 732 /* Chop the digest off the end :-) */ |
620 EVP_MD_CTX_init(&md_ctx); | 733 EVP_MD_CTX_init(&md_ctx); |
621 | 734 |
622 » EVP_DigestInit_ex( &md_ctx,hash, NULL); | 735 » EVP_MD_CTX_copy_ex( &md_ctx,hash); |
623 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); | 736 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); |
624 EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); | 737 EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); |
625 EVP_DigestUpdate(&md_ctx,seq,8); | 738 EVP_DigestUpdate(&md_ctx,seq,8); |
626 rec_char=rec->type; | 739 rec_char=rec->type; |
627 EVP_DigestUpdate(&md_ctx,&rec_char,1); | 740 EVP_DigestUpdate(&md_ctx,&rec_char,1); |
628 p=md; | 741 p=md; |
629 s2n(rec->length,p); | 742 s2n(rec->length,p); |
630 EVP_DigestUpdate(&md_ctx,md,2); | 743 EVP_DigestUpdate(&md_ctx,md,2); |
631 EVP_DigestUpdate(&md_ctx,rec->input,rec->length); | 744 EVP_DigestUpdate(&md_ctx,rec->input,rec->length); |
632 EVP_DigestFinal_ex( &md_ctx,md,NULL); | 745 EVP_DigestFinal_ex( &md_ctx,md,NULL); |
633 | 746 |
634 » EVP_DigestInit_ex( &md_ctx,hash, NULL); | 747 » EVP_MD_CTX_copy_ex( &md_ctx,hash); |
635 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); | 748 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); |
636 EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); | 749 EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); |
637 EVP_DigestUpdate(&md_ctx,md,md_size); | 750 EVP_DigestUpdate(&md_ctx,md,md_size); |
638 EVP_DigestFinal_ex( &md_ctx,md,&md_size); | 751 EVP_DigestFinal_ex( &md_ctx,md,&md_size); |
639 | 752 |
640 EVP_MD_CTX_cleanup(&md_ctx); | 753 EVP_MD_CTX_cleanup(&md_ctx); |
641 | 754 |
642 ssl3_record_sequence_update(seq); | 755 ssl3_record_sequence_update(seq); |
643 return(md_size); | 756 return(md_size); |
644 } | 757 } |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
717 case SSL_AD_UNKNOWN_CA: return(SSL3_AD_BAD_CERTIFICATE); | 830 case SSL_AD_UNKNOWN_CA: return(SSL3_AD_BAD_CERTIFICATE); |
718 case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE); | 831 case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE); |
719 case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); | 832 case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); |
720 case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); | 833 case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); |
721 case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE); | 834 case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE); |
722 case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE); | 835 case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE); |
723 case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE); | 836 case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE); |
724 case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); | 837 case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); |
725 case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE); | 838 case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE); |
726 case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */ | 839 case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */ |
| 840 case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 841 case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 842 case SSL_AD_UNRECOGNIZED_NAME: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 843 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FA
ILURE); |
| 844 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE
); |
| 845 case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); |
727 default: return(-1); | 846 default: return(-1); |
728 } | 847 } |
729 } | 848 } |
730 | 849 |
OLD | NEW |