| OLD | NEW |
|---|
| 1 /* ssl/s3_enc.c */ | 1 /* ssl/s3_enc.c */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
| 52 * | 52 * |
| 53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
| 54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
| 56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
| 57 */ | 57 */ |
| 58 /* ==================================================================== | 58 /* ==================================================================== |
| 59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
| 60 * | 60 * |
| 61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
| 62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
| 63 * are met: | 63 * are met: |
| 64 * | 64 * |
| 65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
| 66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
| 67 * | 67 * |
| 68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
| 69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 103 * OF THE POSSIBILITY OF SUCH DAMAGE. | 103 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 104 * ==================================================================== | 104 * ==================================================================== |
| 105 * | 105 * |
| 106 * This product includes cryptographic software written by Eric Young | 106 * This product includes cryptographic software written by Eric Young |
| 107 * (eay@cryptsoft.com). This product includes software written by Tim | 107 * (eay@cryptsoft.com). This product includes software written by Tim |
| 108 * Hudson (tjh@cryptsoft.com). | 108 * Hudson (tjh@cryptsoft.com). |
| 109 * | 109 * |
| 110 */ | 110 */ |
| 111 /* ==================================================================== |
| 112 * Copyright 2005 Nokia. All rights reserved. |
| 113 * |
| 114 * The portions of the attached software ("Contribution") is developed by |
| 115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source |
| 116 * license. |
| 117 * |
| 118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of |
| 119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
| 120 * support (see RFC 4279) to OpenSSL. |
| 121 * |
| 122 * No patent licenses or other rights except those expressly stated in |
| 123 * the OpenSSL open source license shall be deemed granted or received |
| 124 * expressly, by implication, estoppel, or otherwise. |
| 125 * |
| 126 * No assurances are provided by Nokia that the Contribution does not |
| 127 * infringe the patent or other intellectual property rights of any third |
| 128 * party or that the license provides you with all the necessary rights |
| 129 * to make use of the Contribution. |
| 130 * |
| 131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
| 132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
| 133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
| 134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
| 135 * OTHERWISE. |
| 136 */ |
| 111 | 137 |
| 112 #include <stdio.h> | 138 #include <stdio.h> |
| 113 #include "ssl_locl.h" | 139 #include "ssl_locl.h" |
| 114 #include "fnv1a64.h" | |
| 115 #include <openssl/evp.h> | 140 #include <openssl/evp.h> |
| 116 #include <openssl/md5.h> | 141 #include <openssl/md5.h> |
| 117 | 142 |
| 118 static unsigned char ssl3_pad_1[48]={ | 143 static unsigned char ssl3_pad_1[48]={ |
| 119 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, | 144 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, |
| 120 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, | 145 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, |
| 121 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, | 146 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, |
| 122 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, | 147 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, |
| 123 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, | 148 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, |
| 124 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 }; | 149 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 }; |
| 125 | 150 |
| 126 static unsigned char ssl3_pad_2[48]={ | 151 static unsigned char ssl3_pad_2[48]={ |
| 127 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, | 152 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, |
| 128 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, | 153 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, |
| 129 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, | 154 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, |
| 130 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, | 155 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, |
| 131 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, | 156 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c, |
| 132 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; | 157 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; |
| 133 | 158 static int ssl3_handshake_mac(SSL *s, int md_nid, |
| 134 static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, | |
| 135 const char *sender, int len, unsigned char *p); | 159 const char *sender, int len, unsigned char *p); |
| 136 | |
| 137 static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) | 160 static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) |
| 138 { | 161 { |
| 139 EVP_MD_CTX m5; | 162 EVP_MD_CTX m5; |
| 140 EVP_MD_CTX s1; | 163 EVP_MD_CTX s1; |
| 141 unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; | 164 unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; |
| 142 unsigned char c='A'; | 165 unsigned char c='A'; |
| 143 unsigned int i,j,k; | 166 unsigned int i,j,k; |
| 144 | 167 |
| 145 #ifdef CHARSET_EBCDIC | 168 #ifdef CHARSET_EBCDIC |
| 146 c = os_toascii[c]; /*'A' in ASCII */ | 169 c = os_toascii[c]; /*'A' in ASCII */ |
| 147 #endif | 170 #endif |
| 148 k=0; | 171 k=0; |
| 149 EVP_MD_CTX_init(&m5); | 172 EVP_MD_CTX_init(&m5); |
| 150 EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | |
| 151 EVP_MD_CTX_init(&s1); | 173 EVP_MD_CTX_init(&s1); |
| 152 for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH) | 174 for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH) |
| 153 { | 175 { |
| 154 k++; | 176 k++; |
| 155 if (k > sizeof buf) | 177 if (k > sizeof buf) |
| 156 { | 178 { |
| 157 /* bug: 'buf' is too small for this ciphersuite */ | 179 /* bug: 'buf' is too small for this ciphersuite */ |
| 158 SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERR
OR); | 180 SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERR
OR); |
| 159 return 0; | 181 return 0; |
| 160 } | 182 } |
| (...skipping 24 matching lines...) Expand all Loading... |
| 185 km+=MD5_DIGEST_LENGTH; | 207 km+=MD5_DIGEST_LENGTH; |
| 186 } | 208 } |
| 187 OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); | 209 OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); |
| 188 EVP_MD_CTX_cleanup(&m5); | 210 EVP_MD_CTX_cleanup(&m5); |
| 189 EVP_MD_CTX_cleanup(&s1); | 211 EVP_MD_CTX_cleanup(&s1); |
| 190 return 1; | 212 return 1; |
| 191 } | 213 } |
| 192 | 214 |
| 193 int ssl3_change_cipher_state(SSL *s, int which) | 215 int ssl3_change_cipher_state(SSL *s, int which) |
| 194 { | 216 { |
| 195 » unsigned char *p,*key_block,*mac_secret; | 217 » unsigned char *p,*mac_secret; |
| 196 unsigned char exp_key[EVP_MAX_KEY_LENGTH]; | 218 unsigned char exp_key[EVP_MAX_KEY_LENGTH]; |
| 197 unsigned char exp_iv[EVP_MAX_IV_LENGTH]; | 219 unsigned char exp_iv[EVP_MAX_IV_LENGTH]; |
| 198 unsigned char *ms,*key,*iv,*er1,*er2; | 220 unsigned char *ms,*key,*iv,*er1,*er2; |
| 199 EVP_CIPHER_CTX *dd; | 221 EVP_CIPHER_CTX *dd; |
| 200 const EVP_CIPHER *c; | 222 const EVP_CIPHER *c; |
| 201 #ifndef OPENSSL_NO_COMP | 223 #ifndef OPENSSL_NO_COMP |
| 202 COMP_METHOD *comp; | 224 COMP_METHOD *comp; |
| 203 #endif | 225 #endif |
| 204 const EVP_MD *m; | 226 const EVP_MD *m; |
| 205 EVP_MD_CTX md; | 227 EVP_MD_CTX md; |
| 206 int is_exp,n,i,j,k,cl; | 228 int is_exp,n,i,j,k,cl; |
| 207 int reuse_dd = 0; | 229 int reuse_dd = 0; |
| 208 | 230 |
| 209 is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); | 231 is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); |
| 210 c=s->s3->tmp.new_sym_enc; | 232 c=s->s3->tmp.new_sym_enc; |
| 211 m=s->s3->tmp.new_hash; | 233 m=s->s3->tmp.new_hash; |
| 234 /* m == NULL will lead to a crash later */ |
| 235 OPENSSL_assert(m); |
| 212 #ifndef OPENSSL_NO_COMP | 236 #ifndef OPENSSL_NO_COMP |
| 213 if (s->s3->tmp.new_compression == NULL) | 237 if (s->s3->tmp.new_compression == NULL) |
| 214 comp=NULL; | 238 comp=NULL; |
| 215 else | 239 else |
| 216 comp=s->s3->tmp.new_compression->method; | 240 comp=s->s3->tmp.new_compression->method; |
| 217 #endif | 241 #endif |
| 218 key_block=s->s3->tmp.key_block; | |
| 219 | 242 |
| 220 if (which & SSL3_CC_READ) | 243 if (which & SSL3_CC_READ) |
| 221 { | 244 { |
| 222 if (s->enc_read_ctx != NULL) | 245 if (s->enc_read_ctx != NULL) |
| 223 reuse_dd = 1; | 246 reuse_dd = 1; |
| 224 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))
) == NULL) | 247 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))
) == NULL) |
| 225 goto err; | 248 goto err; |
| 226 else | 249 else |
| 227 /* make sure it's intialized in case we exit later with
an error */ | 250 /* make sure it's intialized in case we exit later with
an error */ |
| 228 EVP_CIPHER_CTX_init(s->enc_read_ctx); | 251 EVP_CIPHER_CTX_init(s->enc_read_ctx); |
| 229 dd= s->enc_read_ctx; | 252 dd= s->enc_read_ctx; |
| 230 » » s->read_hash=m; | 253 |
| 254 » » ssl_replace_hash(&s->read_hash,m); |
| 231 #ifndef OPENSSL_NO_COMP | 255 #ifndef OPENSSL_NO_COMP |
| 232 /* COMPRESS */ | 256 /* COMPRESS */ |
| 233 if (s->expand != NULL) | 257 if (s->expand != NULL) |
| 234 { | 258 { |
| 235 COMP_CTX_free(s->expand); | 259 COMP_CTX_free(s->expand); |
| 236 s->expand=NULL; | 260 s->expand=NULL; |
| 237 } | 261 } |
| 238 if (comp != NULL) | 262 if (comp != NULL) |
| 239 { | 263 { |
| 240 s->expand=COMP_CTX_new(comp); | 264 s->expand=COMP_CTX_new(comp); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 256 else | 280 else |
| 257 { | 281 { |
| 258 if (s->enc_write_ctx != NULL) | 282 if (s->enc_write_ctx != NULL) |
| 259 reuse_dd = 1; | 283 reuse_dd = 1; |
| 260 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)
)) == NULL) | 284 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)
)) == NULL) |
| 261 goto err; | 285 goto err; |
| 262 else | 286 else |
| 263 /* make sure it's intialized in case we exit later with
an error */ | 287 /* make sure it's intialized in case we exit later with
an error */ |
| 264 EVP_CIPHER_CTX_init(s->enc_write_ctx); | 288 EVP_CIPHER_CTX_init(s->enc_write_ctx); |
| 265 dd= s->enc_write_ctx; | 289 dd= s->enc_write_ctx; |
| 266 » » s->write_hash=m; | 290 » » ssl_replace_hash(&s->write_hash,m); |
| 267 #ifndef OPENSSL_NO_COMP | 291 #ifndef OPENSSL_NO_COMP |
| 268 /* COMPRESS */ | 292 /* COMPRESS */ |
| 269 if (s->compress != NULL) | 293 if (s->compress != NULL) |
| 270 { | 294 { |
| 271 COMP_CTX_free(s->compress); | 295 COMP_CTX_free(s->compress); |
| 272 s->compress=NULL; | 296 s->compress=NULL; |
| 273 } | 297 } |
| 274 if (comp != NULL) | 298 if (comp != NULL) |
| 275 { | 299 { |
| 276 s->compress=COMP_CTX_new(comp); | 300 s->compress=COMP_CTX_new(comp); |
| 277 if (s->compress == NULL) | 301 if (s->compress == NULL) |
| 278 { | 302 { |
| 279 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMP
RESSION_LIBRARY_ERROR); | 303 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMP
RESSION_LIBRARY_ERROR); |
| 280 goto err2; | 304 goto err2; |
| 281 } | 305 } |
| 282 } | 306 } |
| 283 #endif | 307 #endif |
| 284 memset(&(s->s3->write_sequence[0]),0,8); | 308 memset(&(s->s3->write_sequence[0]),0,8); |
| 285 mac_secret= &(s->s3->write_mac_secret[0]); | 309 mac_secret= &(s->s3->write_mac_secret[0]); |
| 286 } | 310 } |
| 287 | 311 |
| 288 if (reuse_dd) | 312 if (reuse_dd) |
| 289 EVP_CIPHER_CTX_cleanup(dd); | 313 EVP_CIPHER_CTX_cleanup(dd); |
| 290 | 314 |
| 291 p=s->s3->tmp.key_block; | 315 p=s->s3->tmp.key_block; |
| 292 i=EVP_MD_size(m); | 316 i=EVP_MD_size(m); |
| 317 if (i < 0) |
| 318 goto err2; |
| 293 cl=EVP_CIPHER_key_length(c); | 319 cl=EVP_CIPHER_key_length(c); |
| 294 j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? | 320 j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? |
| 295 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; | 321 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; |
| 296 /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ | 322 /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ |
| 297 k=EVP_CIPHER_iv_length(c); | 323 k=EVP_CIPHER_iv_length(c); |
| 298 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | 324 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
| 299 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) | 325 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) |
| 300 { | 326 { |
| 301 ms= &(p[ 0]); n=i+i; | 327 ms= &(p[ 0]); n=i+i; |
| 302 key= &(p[ n]); n+=j+j; | 328 key= &(p[ n]); n+=j+j; |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 363 unsigned char *p; | 389 unsigned char *p; |
| 364 const EVP_CIPHER *c; | 390 const EVP_CIPHER *c; |
| 365 const EVP_MD *hash; | 391 const EVP_MD *hash; |
| 366 int num; | 392 int num; |
| 367 int ret = 0; | 393 int ret = 0; |
| 368 SSL_COMP *comp; | 394 SSL_COMP *comp; |
| 369 | 395 |
| 370 if (s->s3->tmp.key_block_length != 0) | 396 if (s->s3->tmp.key_block_length != 0) |
| 371 return(1); | 397 return(1); |
| 372 | 398 |
| 373 » if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp)) | 399 » if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp)) |
| 374 { | 400 { |
| 375 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILAB
LE); | 401 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILAB
LE); |
| 376 return(0); | 402 return(0); |
| 377 } | 403 } |
| 378 | 404 |
| 379 s->s3->tmp.new_sym_enc=c; | 405 s->s3->tmp.new_sym_enc=c; |
| 380 s->s3->tmp.new_hash=hash; | 406 s->s3->tmp.new_hash=hash; |
| 381 #ifdef OPENSSL_NO_COMP | 407 #ifdef OPENSSL_NO_COMP |
| 382 s->s3->tmp.new_compression=NULL; | 408 s->s3->tmp.new_compression=NULL; |
| 383 #else | 409 #else |
| 384 s->s3->tmp.new_compression=comp; | 410 s->s3->tmp.new_compression=comp; |
| 385 #endif | 411 #endif |
| 386 | 412 |
| 387 » num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); | 413 » num=EVP_MD_size(hash); |
| 414 » if (num < 0) |
| 415 » » return 0; |
| 416 |
| 417 » num=EVP_CIPHER_key_length(c)+num+EVP_CIPHER_iv_length(c); |
| 388 num*=2; | 418 num*=2; |
| 389 | 419 |
| 390 ssl3_cleanup_key_block(s); | 420 ssl3_cleanup_key_block(s); |
| 391 | 421 |
| 392 if ((p=OPENSSL_malloc(num)) == NULL) | 422 if ((p=OPENSSL_malloc(num)) == NULL) |
| 393 goto err; | 423 goto err; |
| 394 | 424 |
| 395 s->s3->tmp.key_block_length=num; | 425 s->s3->tmp.key_block_length=num; |
| 396 s->s3->tmp.key_block=p; | 426 s->s3->tmp.key_block=p; |
| 397 | 427 |
| 398 ret = ssl3_generate_key_block(s,p,num); | 428 ret = ssl3_generate_key_block(s,p,num); |
| 399 | 429 |
| 400 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) | 430 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) |
| 401 { | 431 { |
| 402 /* enable vulnerability countermeasure for CBC ciphers with | 432 /* enable vulnerability countermeasure for CBC ciphers with |
| 403 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) | 433 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) |
| 404 */ | 434 */ |
| 405 s->s3->need_empty_fragments = 1; | 435 s->s3->need_empty_fragments = 1; |
| 406 | 436 |
| 407 if (s->session->cipher != NULL) | 437 if (s->session->cipher != NULL) |
| 408 { | 438 { |
| 409 » » » if ((s->session->cipher->algorithms & SSL_ENC_MASK) == S
SL_eNULL) | 439 » » » if (s->session->cipher->algorithm_enc == SSL_eNULL) |
| 410 s->s3->need_empty_fragments = 0; | 440 s->s3->need_empty_fragments = 0; |
| 411 | 441 |
| 412 #ifndef OPENSSL_NO_RC4 | 442 #ifndef OPENSSL_NO_RC4 |
| 413 » » » if ((s->session->cipher->algorithms & SSL_ENC_MASK) == S
SL_RC4) | 443 » » » if (s->session->cipher->algorithm_enc == SSL_RC4) |
| 414 s->s3->need_empty_fragments = 0; | 444 s->s3->need_empty_fragments = 0; |
| 415 #endif | 445 #endif |
| 416 } | 446 } |
| 417 } | 447 } |
| 418 | 448 |
| 419 return ret; | 449 return ret; |
| 420 | 450 |
| 421 err: | 451 err: |
| 422 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); | 452 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); |
| 423 return(0); | 453 return(0); |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 474 bs=EVP_CIPHER_block_size(ds->cipher); | 504 bs=EVP_CIPHER_block_size(ds->cipher); |
| 475 | 505 |
| 476 /* COMPRESS */ | 506 /* COMPRESS */ |
| 477 | 507 |
| 478 if ((bs != 1) && send) | 508 if ((bs != 1) && send) |
| 479 { | 509 { |
| 480 i=bs-((int)l%bs); | 510 i=bs-((int)l%bs); |
| 481 | 511 |
| 482 /* we need to add 'i-1' padding bytes */ | 512 /* we need to add 'i-1' padding bytes */ |
| 483 l+=i; | 513 l+=i; |
| 514 /* the last of these zero bytes will be overwritten |
| 515 * with the padding length. */ |
| 516 memset(&rec->input[rec->length], 0, i); |
| 484 rec->length+=i; | 517 rec->length+=i; |
| 485 rec->input[l-1]=(i-1); | 518 rec->input[l-1]=(i-1); |
| 486 } | 519 } |
| 487 | 520 |
| 488 if (!send) | 521 if (!send) |
| 489 { | 522 { |
| 490 if (l == 0 || l%bs != 0) | 523 if (l == 0 || l%bs != 0) |
| 491 { | 524 { |
| 492 SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_
WRONG); | 525 SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_
WRONG); |
| 493 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTIO
N_FAILED); | 526 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTIO
N_FAILED); |
| (...skipping 19 matching lines...) Expand all Loading... |
| 513 } | 546 } |
| 514 /* now i <= bs <= rec->length */ | 547 /* now i <= bs <= rec->length */ |
| 515 rec->length-=i; | 548 rec->length-=i; |
| 516 } | 549 } |
| 517 } | 550 } |
| 518 return(1); | 551 return(1); |
| 519 } | 552 } |
| 520 | 553 |
| 521 void ssl3_init_finished_mac(SSL *s) | 554 void ssl3_init_finished_mac(SSL *s) |
| 522 { | 555 { |
| 523 » EVP_MD_CTX_set_flags(&(s->s3->finish_dgst1), | 556 » if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); |
| 524 » » EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | 557 » if (s->s3->handshake_dgst) ssl3_free_digest_list(s); |
| 525 » EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); | 558 s->s3->handshake_buffer=BIO_new(BIO_s_mem());» |
| 526 » EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); | 559 » (void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE); |
| 527 } | 560 } |
| 528 | 561 |
| 562 void ssl3_free_digest_list(SSL *s) |
| 563 { |
| 564 int i; |
| 565 if (!s->s3->handshake_dgst) return; |
| 566 for (i=0;i<SSL_MAX_DIGEST;i++) |
| 567 { |
| 568 if (s->s3->handshake_dgst[i]) |
| 569 EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]); |
| 570 } |
| 571 OPENSSL_free(s->s3->handshake_dgst); |
| 572 s->s3->handshake_dgst=NULL; |
| 573 } |
| 574 |
| 575 |
| 576 |
| 529 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) | 577 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) |
| 530 { | 578 { |
| 531 » EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len); | 579 » if (s->s3->handshake_buffer) |
| 532 » EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len); | |
| 533 » if (s->s3->snap_start_requested) | |
| 534 { | 580 { |
| 535 » » /* Compute Fowler-Noll-Vo (FNV) hash for Snap Start handshake */ | 581 » » BIO_write (s->s3->handshake_buffer,(void *)buf,len); |
| 536 » » fnv1a64_update((FNV1A64*) s->s3->response_hash, buf, len); | 582 » » } |
| 537 » » } | 583 » else |
| 584 » » { |
| 585 » » int i; |
| 586 » » for (i=0;i< SSL_MAX_DIGEST;i++) |
| 587 » » » { |
| 588 » » » if (s->s3->handshake_dgst[i]!= NULL) |
| 589 » » » EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len); |
| 590 » » » } |
| 591 » » }» |
| 538 } | 592 } |
| 539 | 593 |
| 540 int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p) | 594 int ssl3_digest_cached_records(SSL *s) |
| 541 { | 595 { |
| 542 » return(ssl3_handshake_mac(s,ctx,NULL,0,p)); | 596 » int i; |
| 597 » long mask; |
| 598 » const EVP_MD *md; |
| 599 » long hdatalen; |
| 600 » void *hdata; |
| 601 |
| 602 » /* Allocate handshake_dgst array */ |
| 603 » ssl3_free_digest_list(s); |
| 604 » s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CT
X *)); |
| 605 » memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *)); |
| 606 » hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata); |
| 607 » if (hdatalen <= 0) |
| 608 » » { |
| 609 » » SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LEN
GTH); |
| 610 » » return 0; |
| 611 » » } |
| 612 |
| 613 » /* Loop through bitso of algorithm2 field and create MD_CTX-es */ |
| 614 » for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) |
| 615 » » { |
| 616 » » if ((mask & s->s3->tmp.new_cipher->algorithm2) && md) |
| 617 » » » { |
| 618 » » » s->s3->handshake_dgst[i]=EVP_MD_CTX_create(); |
| 619 » » » EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL); |
| 620 » » » EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen
); |
| 621 » » » } |
| 622 » » else |
| 623 » » » {» |
| 624 » » » s->s3->handshake_dgst[i]=NULL; |
| 625 » » » } |
| 626 » » } |
| 627 » /* Free handshake_buffer BIO */ |
| 628 » BIO_free(s->s3->handshake_buffer); |
| 629 » s->s3->handshake_buffer = NULL; |
| 630 |
| 631 » return 1; |
| 543 } | 632 } |
| 544 | 633 |
| 545 int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, | 634 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p) |
| 635 » { |
| 636 » return(ssl3_handshake_mac(s,md_nid,NULL,0,p)); |
| 637 » } |
| 638 int ssl3_final_finish_mac(SSL *s, |
| 546 const char *sender, int len, unsigned char *p) | 639 const char *sender, int len, unsigned char *p) |
| 547 { | 640 { |
| 548 int ret; | 641 int ret; |
| 549 | 642 » ret=ssl3_handshake_mac(s,NID_md5,sender,len,p); |
| 550 » ret=ssl3_handshake_mac(s,ctx1,sender,len,p); | |
| 551 p+=ret; | 643 p+=ret; |
| 552 » ret+=ssl3_handshake_mac(s,ctx2,sender,len,p); | 644 » ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p); |
| 553 return(ret); | 645 return(ret); |
| 554 } | 646 } |
| 555 | 647 static int ssl3_handshake_mac(SSL *s, int md_nid, |
| 556 static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, | |
| 557 const char *sender, int len, unsigned char *p) | 648 const char *sender, int len, unsigned char *p) |
| 558 { | 649 { |
| 559 unsigned int ret; | 650 unsigned int ret; |
| 560 int npad,n; | 651 int npad,n; |
| 561 unsigned int i; | 652 unsigned int i; |
| 562 unsigned char md_buf[EVP_MAX_MD_SIZE]; | 653 unsigned char md_buf[EVP_MAX_MD_SIZE]; |
| 563 » EVP_MD_CTX ctx; | 654 » EVP_MD_CTX ctx,*d=NULL; |
| 564 | 655 |
| 656 if (s->s3->handshake_buffer) |
| 657 if (!ssl3_digest_cached_records(s)) |
| 658 return 0; |
| 659 |
| 660 /* Search for digest of specified type in the handshake_dgst |
| 661 * array*/ |
| 662 for (i=0;i<SSL_MAX_DIGEST;i++) |
| 663 { |
| 664 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake
_dgst[i])==md_nid) |
| 665 { |
| 666 d=s->s3->handshake_dgst[i]; |
| 667 break; |
| 668 } |
| 669 } |
| 670 if (!d) { |
| 671 SSLerr(SSL_F_SSL3_HANDSHAKE_MAC,SSL_R_NO_REQUIRED_DIGEST); |
| 672 return 0; |
| 673 } |
| 565 EVP_MD_CTX_init(&ctx); | 674 EVP_MD_CTX_init(&ctx); |
| 566 » EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | 675 » EVP_MD_CTX_copy_ex(&ctx,d); |
| 567 » EVP_MD_CTX_copy_ex(&ctx,in_ctx); | 676 » n=EVP_MD_CTX_size(&ctx); |
| 677 » if (n < 0) |
| 678 » » return 0; |
| 568 | 679 |
| 569 n=EVP_MD_CTX_size(&ctx); | |
| 570 npad=(48/n)*n; | 680 npad=(48/n)*n; |
| 571 | |
| 572 if (sender != NULL) | 681 if (sender != NULL) |
| 573 EVP_DigestUpdate(&ctx,sender,len); | 682 EVP_DigestUpdate(&ctx,sender,len); |
| 574 EVP_DigestUpdate(&ctx,s->session->master_key, | 683 EVP_DigestUpdate(&ctx,s->session->master_key, |
| 575 s->session->master_key_length); | 684 s->session->master_key_length); |
| 576 EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); | 685 EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); |
| 577 EVP_DigestFinal_ex(&ctx,md_buf,&i); | 686 EVP_DigestFinal_ex(&ctx,md_buf,&i); |
| 578 | 687 |
| 579 EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL); | 688 EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL); |
| 580 EVP_DigestUpdate(&ctx,s->session->master_key, | 689 EVP_DigestUpdate(&ctx,s->session->master_key, |
| 581 s->session->master_key_length); | 690 s->session->master_key_length); |
| 582 EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); | 691 EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); |
| 583 EVP_DigestUpdate(&ctx,md_buf,i); | 692 EVP_DigestUpdate(&ctx,md_buf,i); |
| 584 EVP_DigestFinal_ex(&ctx,p,&ret); | 693 EVP_DigestFinal_ex(&ctx,p,&ret); |
| 585 | 694 |
| 586 EVP_MD_CTX_cleanup(&ctx); | 695 EVP_MD_CTX_cleanup(&ctx); |
| 587 | 696 |
| 588 return((int)ret); | 697 return((int)ret); |
| 589 } | 698 } |
| 590 | 699 |
| 591 int ssl3_mac(SSL *ssl, unsigned char *md, int send) | 700 int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) |
| 592 { | 701 { |
| 593 SSL3_RECORD *rec; | 702 SSL3_RECORD *rec; |
| 594 unsigned char *mac_sec,*seq; | 703 unsigned char *mac_sec,*seq; |
| 595 EVP_MD_CTX md_ctx; | 704 EVP_MD_CTX md_ctx; |
| 596 » const EVP_MD *hash; | 705 » const EVP_MD_CTX *hash; |
| 597 unsigned char *p,rec_char; | 706 unsigned char *p,rec_char; |
| 598 unsigned int md_size; | 707 unsigned int md_size; |
| 599 int npad; | 708 int npad; |
| 709 int t; |
| 600 | 710 |
| 601 if (send) | 711 if (send) |
| 602 { | 712 { |
| 603 rec= &(ssl->s3->wrec); | 713 rec= &(ssl->s3->wrec); |
| 604 mac_sec= &(ssl->s3->write_mac_secret[0]); | 714 mac_sec= &(ssl->s3->write_mac_secret[0]); |
| 605 seq= &(ssl->s3->write_sequence[0]); | 715 seq= &(ssl->s3->write_sequence[0]); |
| 606 hash=ssl->write_hash; | 716 hash=ssl->write_hash; |
| 607 } | 717 } |
| 608 else | 718 else |
| 609 { | 719 { |
| 610 rec= &(ssl->s3->rrec); | 720 rec= &(ssl->s3->rrec); |
| 611 mac_sec= &(ssl->s3->read_mac_secret[0]); | 721 mac_sec= &(ssl->s3->read_mac_secret[0]); |
| 612 seq= &(ssl->s3->read_sequence[0]); | 722 seq= &(ssl->s3->read_sequence[0]); |
| 613 hash=ssl->read_hash; | 723 hash=ssl->read_hash; |
| 614 } | 724 } |
| 615 | 725 |
| 616 » md_size=EVP_MD_size(hash); | 726 » t=EVP_MD_CTX_size(hash); |
| 727 » if (t < 0) |
| 728 » » return -1; |
| 729 » md_size=t; |
| 617 npad=(48/md_size)*md_size; | 730 npad=(48/md_size)*md_size; |
| 618 | 731 |
| 619 /* Chop the digest off the end :-) */ | 732 /* Chop the digest off the end :-) */ |
| 620 EVP_MD_CTX_init(&md_ctx); | 733 EVP_MD_CTX_init(&md_ctx); |
| 621 | 734 |
| 622 » EVP_DigestInit_ex( &md_ctx,hash, NULL); | 735 » EVP_MD_CTX_copy_ex( &md_ctx,hash); |
| 623 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); | 736 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); |
| 624 EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); | 737 EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); |
| 625 EVP_DigestUpdate(&md_ctx,seq,8); | 738 EVP_DigestUpdate(&md_ctx,seq,8); |
| 626 rec_char=rec->type; | 739 rec_char=rec->type; |
| 627 EVP_DigestUpdate(&md_ctx,&rec_char,1); | 740 EVP_DigestUpdate(&md_ctx,&rec_char,1); |
| 628 p=md; | 741 p=md; |
| 629 s2n(rec->length,p); | 742 s2n(rec->length,p); |
| 630 EVP_DigestUpdate(&md_ctx,md,2); | 743 EVP_DigestUpdate(&md_ctx,md,2); |
| 631 EVP_DigestUpdate(&md_ctx,rec->input,rec->length); | 744 EVP_DigestUpdate(&md_ctx,rec->input,rec->length); |
| 632 EVP_DigestFinal_ex( &md_ctx,md,NULL); | 745 EVP_DigestFinal_ex( &md_ctx,md,NULL); |
| 633 | 746 |
| 634 » EVP_DigestInit_ex( &md_ctx,hash, NULL); | 747 » EVP_MD_CTX_copy_ex( &md_ctx,hash); |
| 635 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); | 748 EVP_DigestUpdate(&md_ctx,mac_sec,md_size); |
| 636 EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); | 749 EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); |
| 637 EVP_DigestUpdate(&md_ctx,md,md_size); | 750 EVP_DigestUpdate(&md_ctx,md,md_size); |
| 638 EVP_DigestFinal_ex( &md_ctx,md,&md_size); | 751 EVP_DigestFinal_ex( &md_ctx,md,&md_size); |
| 639 | 752 |
| 640 EVP_MD_CTX_cleanup(&md_ctx); | 753 EVP_MD_CTX_cleanup(&md_ctx); |
| 641 | 754 |
| 642 ssl3_record_sequence_update(seq); | 755 ssl3_record_sequence_update(seq); |
| 643 return(md_size); | 756 return(md_size); |
| 644 } | 757 } |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 717 case SSL_AD_UNKNOWN_CA: return(SSL3_AD_BAD_CERTIFICATE); | 830 case SSL_AD_UNKNOWN_CA: return(SSL3_AD_BAD_CERTIFICATE); |
| 718 case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE); | 831 case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 719 case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); | 832 case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 720 case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); | 833 case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 721 case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE); | 834 case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 722 case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE); | 835 case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 723 case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE); | 836 case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE); |
| 724 case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); | 837 case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 725 case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE); | 838 case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 726 case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */ | 839 case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */ |
| 840 case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 841 case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 842 case SSL_AD_UNRECOGNIZED_NAME: return(SSL3_AD_HANDSHAKE_FAILURE); |
| 843 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FA
ILURE); |
| 844 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE
); |
| 845 case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); |
| 727 default: return(-1); | 846 default: return(-1); |
| 728 } | 847 } |
| 729 } | 848 } |
| 730 | 849 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/