OLD | NEW |
1 /* ssl/t1_enc.c */ | 1 /* ssl/t1_enc.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
52 * | 52 * |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 /* ==================================================================== | 58 /* ==================================================================== |
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
60 * | 60 * |
61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
63 * are met: | 63 * are met: |
64 * | 64 * |
65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
67 * | 67 * |
68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
103 * OF THE POSSIBILITY OF SUCH DAMAGE. | 103 * OF THE POSSIBILITY OF SUCH DAMAGE. |
104 * ==================================================================== | 104 * ==================================================================== |
105 * | 105 * |
106 * This product includes cryptographic software written by Eric Young | 106 * This product includes cryptographic software written by Eric Young |
107 * (eay@cryptsoft.com). This product includes software written by Tim | 107 * (eay@cryptsoft.com). This product includes software written by Tim |
108 * Hudson (tjh@cryptsoft.com). | 108 * Hudson (tjh@cryptsoft.com). |
109 * | 109 * |
110 */ | 110 */ |
| 111 /* ==================================================================== |
| 112 * Copyright 2005 Nokia. All rights reserved. |
| 113 * |
| 114 * The portions of the attached software ("Contribution") is developed by |
| 115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source |
| 116 * license. |
| 117 * |
| 118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of |
| 119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
| 120 * support (see RFC 4279) to OpenSSL. |
| 121 * |
| 122 * No patent licenses or other rights except those expressly stated in |
| 123 * the OpenSSL open source license shall be deemed granted or received |
| 124 * expressly, by implication, estoppel, or otherwise. |
| 125 * |
| 126 * No assurances are provided by Nokia that the Contribution does not |
| 127 * infringe the patent or other intellectual property rights of any third |
| 128 * party or that the license provides you with all the necessary rights |
| 129 * to make use of the Contribution. |
| 130 * |
| 131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
| 132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
| 133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
| 134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
| 135 * OTHERWISE. |
| 136 */ |
111 | 137 |
112 #include <stdio.h> | 138 #include <stdio.h> |
113 #include "ssl_locl.h" | 139 #include "ssl_locl.h" |
114 #ifndef OPENSSL_NO_COMP | 140 #ifndef OPENSSL_NO_COMP |
115 #include <openssl/comp.h> | 141 #include <openssl/comp.h> |
116 #endif | 142 #endif |
117 #include <openssl/evp.h> | 143 #include <openssl/evp.h> |
118 #include <openssl/hmac.h> | 144 #include <openssl/hmac.h> |
119 #include <openssl/md5.h> | 145 #include <openssl/md5.h> |
120 #ifdef KSSL_DEBUG | 146 #ifdef KSSL_DEBUG |
121 #include <openssl/des.h> | 147 #include <openssl/des.h> |
122 #endif | 148 #endif |
123 | 149 |
124 static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, | 150 /* seed1 through seed5 are virtually concatenated */ |
125 » » » int sec_len, unsigned char *seed, int seed_len, | 151 static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, |
| 152 » » » int sec_len, |
| 153 » » » const void *seed1, int seed1_len, |
| 154 » » » const void *seed2, int seed2_len, |
| 155 » » » const void *seed3, int seed3_len, |
| 156 » » » const void *seed4, int seed4_len, |
| 157 » » » const void *seed5, int seed5_len, |
126 unsigned char *out, int olen) | 158 unsigned char *out, int olen) |
127 { | 159 { |
128 » int chunk,n; | 160 » int chunk; |
129 unsigned int j; | 161 unsigned int j; |
130 HMAC_CTX ctx; | 162 HMAC_CTX ctx; |
131 HMAC_CTX ctx_tmp; | 163 HMAC_CTX ctx_tmp; |
132 unsigned char A1[EVP_MAX_MD_SIZE]; | 164 unsigned char A1[EVP_MAX_MD_SIZE]; |
133 unsigned int A1_len; | 165 unsigned int A1_len; |
| 166 int ret = 0; |
134 | 167 |
135 chunk=EVP_MD_size(md); | 168 chunk=EVP_MD_size(md); |
| 169 OPENSSL_assert(chunk >= 0); |
136 | 170 |
137 HMAC_CTX_init(&ctx); | 171 HMAC_CTX_init(&ctx); |
138 HMAC_CTX_init(&ctx_tmp); | 172 HMAC_CTX_init(&ctx_tmp); |
139 » HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | 173 » if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL)) |
140 » HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | 174 » » goto err; |
141 » HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); | 175 » if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL)) |
142 » HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); | 176 » » goto err; |
143 » HMAC_Update(&ctx,seed,seed_len); | 177 » if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len)) |
144 » HMAC_Final(&ctx,A1,&A1_len); | 178 » » goto err; |
| 179 » if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len)) |
| 180 » » goto err; |
| 181 » if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len)) |
| 182 » » goto err; |
| 183 » if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len)) |
| 184 » » goto err; |
| 185 » if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len)) |
| 186 » » goto err; |
| 187 » if (!HMAC_Final(&ctx,A1,&A1_len)) |
| 188 » » goto err; |
145 | 189 |
146 n=0; | |
147 for (;;) | 190 for (;;) |
148 { | 191 { |
149 » » HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ | 192 » » if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */ |
150 » » HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ | 193 » » » goto err; |
151 » » HMAC_Update(&ctx,A1,A1_len); | 194 » » if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */ |
152 » » HMAC_Update(&ctx_tmp,A1,A1_len); | 195 » » » goto err; |
153 » » HMAC_Update(&ctx,seed,seed_len); | 196 » » if (!HMAC_Update(&ctx,A1,A1_len)) |
| 197 » » » goto err; |
| 198 » » if (!HMAC_Update(&ctx_tmp,A1,A1_len)) |
| 199 » » » goto err; |
| 200 » » if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len)) |
| 201 » » » goto err; |
| 202 » » if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len)) |
| 203 » » » goto err; |
| 204 » » if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len)) |
| 205 » » » goto err; |
| 206 » » if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len)) |
| 207 » » » goto err; |
| 208 » » if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len)) |
| 209 » » » goto err; |
154 | 210 |
155 if (olen > chunk) | 211 if (olen > chunk) |
156 { | 212 { |
157 » » » HMAC_Final(&ctx,out,&j); | 213 » » » if (!HMAC_Final(&ctx,out,&j)) |
| 214 » » » » goto err; |
158 out+=j; | 215 out+=j; |
159 olen-=j; | 216 olen-=j; |
160 » » » HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 val
ue */ | 217 » » » if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A
1 value */ |
| 218 » » » » goto err; |
161 } | 219 } |
162 else /* last one */ | 220 else /* last one */ |
163 { | 221 { |
164 » » » HMAC_Final(&ctx,A1,&A1_len); | 222 » » » if (!HMAC_Final(&ctx,A1,&A1_len)) |
| 223 » » » » goto err; |
165 memcpy(out,A1,olen); | 224 memcpy(out,A1,olen); |
166 break; | 225 break; |
167 } | 226 } |
168 } | 227 } |
| 228 ret = 1; |
| 229 err: |
169 HMAC_CTX_cleanup(&ctx); | 230 HMAC_CTX_cleanup(&ctx); |
170 HMAC_CTX_cleanup(&ctx_tmp); | 231 HMAC_CTX_cleanup(&ctx_tmp); |
171 OPENSSL_cleanse(A1,sizeof(A1)); | 232 OPENSSL_cleanse(A1,sizeof(A1)); |
| 233 return ret; |
172 } | 234 } |
173 | 235 |
174 static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, | 236 /* seed1 through seed5 are virtually concatenated */ |
175 » » unsigned char *label, int label_len, | 237 static int tls1_PRF(long digest_mask, |
176 » » const unsigned char *sec, int slen, unsigned char *out1, | 238 » » const void *seed1, int seed1_len, |
| 239 » » const void *seed2, int seed2_len, |
| 240 » » const void *seed3, int seed3_len, |
| 241 » » const void *seed4, int seed4_len, |
| 242 » » const void *seed5, int seed5_len, |
| 243 » » const unsigned char *sec, int slen, |
| 244 » » unsigned char *out1, |
177 unsigned char *out2, int olen) | 245 unsigned char *out2, int olen) |
178 { | 246 { |
179 » int len,i; | 247 » int len,i,idx,count; |
180 » const unsigned char *S1,*S2; | 248 » const unsigned char *S1; |
| 249 » long m; |
| 250 » const EVP_MD *md; |
| 251 » int ret = 0; |
181 | 252 |
182 » len=slen/2; | 253 » /* Count number of digests and partition sec evenly */ |
| 254 » count=0; |
| 255 » for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) { |
| 256 » » if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++; |
| 257 » }» |
| 258 » len=slen/count; |
183 S1=sec; | 259 S1=sec; |
184 » S2= &(sec[len]); | 260 » memset(out1,0,olen); |
185 » len+=(slen&1); /* add for odd, make longer */ | 261 » for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) { |
186 | 262 » » if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) { |
187 » | 263 » » » if (!md) { |
188 » tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); | 264 » » » » SSLerr(SSL_F_TLS1_PRF, |
189 » tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); | 265 » » » » SSL_R_UNSUPPORTED_DIGEST_TYPE); |
190 | 266 » » » » goto err;» » » » |
191 » for (i=0; i<olen; i++) | 267 » » » } |
192 » » out1[i]^=out2[i]; | 268 » » » if (!tls1_P_hash(md ,S1,len+(slen&1), |
| 269 » » » » » seed1,seed1_len,seed2,seed2_len,seed3,se
ed3_len,seed4,seed4_len,seed5,seed5_len, |
| 270 » » » » » out2,olen)) |
| 271 » » » » goto err; |
| 272 » » » S1+=len; |
| 273 » » » for (i=0; i<olen; i++) |
| 274 » » » { |
| 275 » » » » out1[i]^=out2[i]; |
| 276 » » » } |
| 277 » » } |
193 } | 278 } |
194 | 279 » ret = 1; |
195 static void tls1_generate_key_block(SSL *s, unsigned char *km, | 280 err: |
| 281 » return ret; |
| 282 } |
| 283 static int tls1_generate_key_block(SSL *s, unsigned char *km, |
196 unsigned char *tmp, int num) | 284 unsigned char *tmp, int num) |
197 { | 285 { |
198 » unsigned char *p; | 286 » int ret; |
199 » unsigned char buf[SSL3_RANDOM_SIZE*2+ | 287 » ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2, |
200 » » TLS_MD_MAX_CONST_SIZE]; | 288 » » TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE, |
201 » p=buf; | 289 » » s->s3->server_random,SSL3_RANDOM_SIZE, |
202 | 290 » » s->s3->client_random,SSL3_RANDOM_SIZE, |
203 » memcpy(p,TLS_MD_KEY_EXPANSION_CONST, | 291 » » NULL,0,NULL,0, |
204 » » TLS_MD_KEY_EXPANSION_CONST_SIZE); | |
205 » p+=TLS_MD_KEY_EXPANSION_CONST_SIZE; | |
206 » memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); | |
207 » p+=SSL3_RANDOM_SIZE; | |
208 » memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); | |
209 » p+=SSL3_RANDOM_SIZE; | |
210 | |
211 » tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), | |
212 s->session->master_key,s->session->master_key_length, | 292 s->session->master_key,s->session->master_key_length, |
213 km,tmp,num); | 293 km,tmp,num); |
214 #ifdef KSSL_DEBUG | 294 #ifdef KSSL_DEBUG |
215 printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", | 295 printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", |
216 s->session->master_key_length); | 296 s->session->master_key_length); |
217 { | 297 { |
218 int i; | 298 int i; |
219 for (i=0; i < s->session->master_key_length; i++) | 299 for (i=0; i < s->session->master_key_length; i++) |
220 { | 300 { |
221 printf("%02X", s->session->master_key[i]); | 301 printf("%02X", s->session->master_key[i]); |
222 } | 302 } |
223 printf("\n"); } | 303 printf("\n"); } |
224 #endif /* KSSL_DEBUG */ | 304 #endif /* KSSL_DEBUG */ |
| 305 return ret; |
225 } | 306 } |
226 | 307 |
227 int tls1_change_cipher_state(SSL *s, int which) | 308 int tls1_change_cipher_state(SSL *s, int which) |
228 { | 309 { |
229 static const unsigned char empty[]=""; | 310 static const unsigned char empty[]=""; |
230 » unsigned char *p,*key_block,*mac_secret; | 311 » unsigned char *p,*mac_secret; |
231 » unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+ | 312 » unsigned char *exp_label; |
232 » » SSL3_RANDOM_SIZE*2]; | |
233 unsigned char tmp1[EVP_MAX_KEY_LENGTH]; | 313 unsigned char tmp1[EVP_MAX_KEY_LENGTH]; |
234 unsigned char tmp2[EVP_MAX_KEY_LENGTH]; | 314 unsigned char tmp2[EVP_MAX_KEY_LENGTH]; |
235 unsigned char iv1[EVP_MAX_IV_LENGTH*2]; | 315 unsigned char iv1[EVP_MAX_IV_LENGTH*2]; |
236 unsigned char iv2[EVP_MAX_IV_LENGTH*2]; | 316 unsigned char iv2[EVP_MAX_IV_LENGTH*2]; |
237 » unsigned char *ms,*key,*iv,*er1,*er2; | 317 » unsigned char *ms,*key,*iv; |
238 int client_write; | 318 int client_write; |
239 EVP_CIPHER_CTX *dd; | 319 EVP_CIPHER_CTX *dd; |
240 const EVP_CIPHER *c; | 320 const EVP_CIPHER *c; |
241 #ifndef OPENSSL_NO_COMP | 321 #ifndef OPENSSL_NO_COMP |
242 const SSL_COMP *comp; | 322 const SSL_COMP *comp; |
243 #endif | 323 #endif |
244 const EVP_MD *m; | 324 const EVP_MD *m; |
| 325 int mac_type; |
| 326 int *mac_secret_size; |
| 327 EVP_MD_CTX *mac_ctx; |
| 328 EVP_PKEY *mac_key; |
245 int is_export,n,i,j,k,exp_label_len,cl; | 329 int is_export,n,i,j,k,exp_label_len,cl; |
246 int reuse_dd = 0; | 330 int reuse_dd = 0; |
247 | 331 |
248 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); | 332 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); |
249 c=s->s3->tmp.new_sym_enc; | 333 c=s->s3->tmp.new_sym_enc; |
250 m=s->s3->tmp.new_hash; | 334 m=s->s3->tmp.new_hash; |
| 335 mac_type = s->s3->tmp.new_mac_pkey_type; |
251 #ifndef OPENSSL_NO_COMP | 336 #ifndef OPENSSL_NO_COMP |
252 comp=s->s3->tmp.new_compression; | 337 comp=s->s3->tmp.new_compression; |
253 #endif | 338 #endif |
254 key_block=s->s3->tmp.key_block; | |
255 | 339 |
256 #ifdef KSSL_DEBUG | 340 #ifdef KSSL_DEBUG |
257 printf("tls1_change_cipher_state(which= %d) w/\n", which); | 341 printf("tls1_change_cipher_state(which= %d) w/\n", which); |
258 » printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, | 342 » printf("\talg= %ld/%ld, comp= %p\n", |
259 (void *)comp); | 343 » s->s3->tmp.new_cipher->algorithm_mkey, |
260 » printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c); | 344 » s->s3->tmp.new_cipher->algorithm_auth, |
| 345 » comp); |
| 346 » printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); |
261 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", | 347 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", |
262 c->nid,c->block_size,c->key_len,c->iv_len); | 348 c->nid,c->block_size,c->key_len,c->iv_len); |
263 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); | 349 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); |
264 { | 350 { |
265 int ki; | 351 int i; |
266 for (ki=0; ki<s->s3->tmp.key_block_length; ki++) | 352 for (i=0; i<s->s3->tmp.key_block_length; i++) |
267 » » printf("%02x", key_block[ki]); printf("\n"); | 353 » » printf("%02x", key_block[i]); printf("\n"); |
268 } | 354 } |
269 #endif /* KSSL_DEBUG */ | 355 #endif /* KSSL_DEBUG */ |
270 | 356 |
271 if (which & SSL3_CC_READ) | 357 if (which & SSL3_CC_READ) |
272 { | 358 { |
| 359 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) |
| 360 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; |
| 361 else |
| 362 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; |
| 363 |
273 if (s->enc_read_ctx != NULL) | 364 if (s->enc_read_ctx != NULL) |
274 reuse_dd = 1; | 365 reuse_dd = 1; |
275 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))
) == NULL) | 366 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))
) == NULL) |
276 goto err; | 367 goto err; |
277 else | 368 else |
278 /* make sure it's intialized in case we exit later with
an error */ | 369 /* make sure it's intialized in case we exit later with
an error */ |
279 EVP_CIPHER_CTX_init(s->enc_read_ctx); | 370 EVP_CIPHER_CTX_init(s->enc_read_ctx); |
280 dd= s->enc_read_ctx; | 371 dd= s->enc_read_ctx; |
281 » » s->read_hash=m; | 372 » » mac_ctx=ssl_replace_hash(&s->read_hash,NULL); |
282 #ifndef OPENSSL_NO_COMP | 373 #ifndef OPENSSL_NO_COMP |
283 if (s->expand != NULL) | 374 if (s->expand != NULL) |
284 { | 375 { |
285 COMP_CTX_free(s->expand); | 376 COMP_CTX_free(s->expand); |
286 s->expand=NULL; | 377 s->expand=NULL; |
287 } | 378 } |
288 if (comp != NULL) | 379 if (comp != NULL) |
289 { | 380 { |
290 s->expand=COMP_CTX_new(comp->method); | 381 s->expand=COMP_CTX_new(comp->method); |
291 if (s->expand == NULL) | 382 if (s->expand == NULL) |
292 { | 383 { |
293 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMP
RESSION_LIBRARY_ERROR); | 384 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMP
RESSION_LIBRARY_ERROR); |
294 goto err2; | 385 goto err2; |
295 } | 386 } |
296 if (s->s3->rrec.comp == NULL) | 387 if (s->s3->rrec.comp == NULL) |
297 s->s3->rrec.comp=(unsigned char *) | 388 s->s3->rrec.comp=(unsigned char *) |
298 OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LEN
GTH); | 389 OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LEN
GTH); |
299 if (s->s3->rrec.comp == NULL) | 390 if (s->s3->rrec.comp == NULL) |
300 goto err; | 391 goto err; |
301 } | 392 } |
302 #endif | 393 #endif |
303 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | 394 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ |
304 if (s->version != DTLS1_VERSION) | 395 if (s->version != DTLS1_VERSION) |
305 memset(&(s->s3->read_sequence[0]),0,8); | 396 memset(&(s->s3->read_sequence[0]),0,8); |
306 mac_secret= &(s->s3->read_mac_secret[0]); | 397 mac_secret= &(s->s3->read_mac_secret[0]); |
| 398 mac_secret_size=&(s->s3->read_mac_secret_size); |
307 } | 399 } |
308 else | 400 else |
309 { | 401 { |
| 402 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) |
| 403 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; |
| 404 else |
| 405 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; |
310 if (s->enc_write_ctx != NULL) | 406 if (s->enc_write_ctx != NULL) |
311 reuse_dd = 1; | 407 reuse_dd = 1; |
312 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)
)) == NULL) | 408 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)
)) == NULL) |
313 goto err; | 409 goto err; |
314 else | 410 else |
315 /* make sure it's intialized in case we exit later with
an error */ | 411 /* make sure it's intialized in case we exit later with
an error */ |
316 EVP_CIPHER_CTX_init(s->enc_write_ctx); | 412 EVP_CIPHER_CTX_init(s->enc_write_ctx); |
317 dd= s->enc_write_ctx; | 413 dd= s->enc_write_ctx; |
318 » » s->write_hash=m; | 414 » » mac_ctx = ssl_replace_hash(&s->write_hash,NULL); |
319 #ifndef OPENSSL_NO_COMP | 415 #ifndef OPENSSL_NO_COMP |
320 if (s->compress != NULL) | 416 if (s->compress != NULL) |
321 { | 417 { |
322 COMP_CTX_free(s->compress); | 418 COMP_CTX_free(s->compress); |
323 s->compress=NULL; | 419 s->compress=NULL; |
324 } | 420 } |
325 if (comp != NULL) | 421 if (comp != NULL) |
326 { | 422 { |
327 s->compress=COMP_CTX_new(comp->method); | 423 s->compress=COMP_CTX_new(comp->method); |
328 if (s->compress == NULL) | 424 if (s->compress == NULL) |
329 { | 425 { |
330 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMP
RESSION_LIBRARY_ERROR); | 426 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMP
RESSION_LIBRARY_ERROR); |
331 goto err2; | 427 goto err2; |
332 } | 428 } |
333 } | 429 } |
334 #endif | 430 #endif |
335 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | 431 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ |
336 if (s->version != DTLS1_VERSION) | 432 if (s->version != DTLS1_VERSION) |
337 memset(&(s->s3->write_sequence[0]),0,8); | 433 memset(&(s->s3->write_sequence[0]),0,8); |
338 mac_secret= &(s->s3->write_mac_secret[0]); | 434 mac_secret= &(s->s3->write_mac_secret[0]); |
| 435 mac_secret_size = &(s->s3->write_mac_secret_size); |
339 } | 436 } |
340 | 437 |
341 if (reuse_dd) | 438 if (reuse_dd) |
342 EVP_CIPHER_CTX_cleanup(dd); | 439 EVP_CIPHER_CTX_cleanup(dd); |
343 | 440 |
344 p=s->s3->tmp.key_block; | 441 p=s->s3->tmp.key_block; |
345 » i=EVP_MD_size(m); | 442 » i=*mac_secret_size=s->s3->tmp.new_mac_secret_size; |
| 443 |
346 cl=EVP_CIPHER_key_length(c); | 444 cl=EVP_CIPHER_key_length(c); |
347 j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? | 445 j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? |
348 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; | 446 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; |
349 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ | 447 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ |
350 k=EVP_CIPHER_iv_length(c); | 448 k=EVP_CIPHER_iv_length(c); |
351 er1= &(s->s3->client_random[0]); | |
352 er2= &(s->s3->server_random[0]); | |
353 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | 449 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
354 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) | 450 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) |
355 { | 451 { |
356 ms= &(p[ 0]); n=i+i; | 452 ms= &(p[ 0]); n=i+i; |
357 key= &(p[ n]); n+=j+j; | 453 key= &(p[ n]); n+=j+j; |
358 iv= &(p[ n]); n+=k+k; | 454 iv= &(p[ n]); n+=k+k; |
359 exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST; | 455 exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST; |
360 exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; | 456 exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; |
361 client_write=1; | 457 client_write=1; |
362 } | 458 } |
363 else | 459 else |
364 { | 460 { |
365 n=i; | 461 n=i; |
366 ms= &(p[ n]); n+=i+j; | 462 ms= &(p[ n]); n+=i+j; |
367 key= &(p[ n]); n+=j+k; | 463 key= &(p[ n]); n+=j+k; |
368 iv= &(p[ n]); n+=k; | 464 iv= &(p[ n]); n+=k; |
369 exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST; | 465 exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST; |
370 exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; | 466 exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; |
371 client_write=0; | 467 client_write=0; |
372 } | 468 } |
373 | 469 |
374 if (n > s->s3->tmp.key_block_length) | 470 if (n > s->s3->tmp.key_block_length) |
375 { | 471 { |
376 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR); | 472 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR); |
377 goto err2; | 473 goto err2; |
378 } | 474 } |
379 | 475 |
380 memcpy(mac_secret,ms,i); | 476 memcpy(mac_secret,ms,i); |
| 477 mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, |
| 478 mac_secret,*mac_secret_size); |
| 479 EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key); |
| 480 EVP_PKEY_free(mac_key); |
381 #ifdef TLS_DEBUG | 481 #ifdef TLS_DEBUG |
382 printf("which = %04X\nmac key=",which); | 482 printf("which = %04X\nmac key=",which); |
383 { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); } | 483 { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); } |
384 #endif | 484 #endif |
385 if (is_export) | 485 if (is_export) |
386 { | 486 { |
387 /* In here I set both the read and write key/iv to the | 487 /* In here I set both the read and write key/iv to the |
388 * same value since only the correct one will be used :-). | 488 * same value since only the correct one will be used :-). |
389 */ | 489 */ |
390 » » p=buf; | 490 » » if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, |
391 » » memcpy(p,exp_label,exp_label_len); | 491 » » » » exp_label,exp_label_len, |
392 » » p+=exp_label_len; | 492 » » » » s->s3->client_random,SSL3_RANDOM_SIZE, |
393 » » memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); | 493 » » » » s->s3->server_random,SSL3_RANDOM_SIZE, |
394 » » p+=SSL3_RANDOM_SIZE; | 494 » » » » NULL,0,NULL,0, |
395 » » memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); | 495 » » » » key,j,tmp1,tmp2,EVP_CIPHER_key_length(c))) |
396 » » p+=SSL3_RANDOM_SIZE; | 496 » » » goto err2; |
397 » » tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j, | |
398 » » » tmp1,tmp2,EVP_CIPHER_key_length(c)); | |
399 key=tmp1; | 497 key=tmp1; |
400 | 498 |
401 if (k > 0) | 499 if (k > 0) |
402 { | 500 { |
403 » » » p=buf; | 501 » » » if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, |
404 » » » memcpy(p,TLS_MD_IV_BLOCK_CONST, | 502 » » » » » TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CO
NST_SIZE, |
405 » » » » TLS_MD_IV_BLOCK_CONST_SIZE); | 503 » » » » » s->s3->client_random,SSL3_RANDOM_SIZE, |
406 » » » p+=TLS_MD_IV_BLOCK_CONST_SIZE; | 504 » » » » » s->s3->server_random,SSL3_RANDOM_SIZE, |
407 » » » memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); | 505 » » » » » NULL,0,NULL,0, |
408 » » » p+=SSL3_RANDOM_SIZE; | 506 » » » » » empty,0,iv1,iv2,k*2)) |
409 » » » memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); | 507 » » » » goto err2; |
410 » » » p+=SSL3_RANDOM_SIZE; | |
411 » » » tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0, | |
412 » » » » iv1,iv2,k*2); | |
413 if (client_write) | 508 if (client_write) |
414 iv=iv1; | 509 iv=iv1; |
415 else | 510 else |
416 iv= &(iv1[k]); | 511 iv= &(iv1[k]); |
417 } | 512 } |
418 } | 513 } |
419 | 514 |
420 s->session->key_arg_length=0; | 515 s->session->key_arg_length=0; |
421 #ifdef KSSL_DEBUG | 516 #ifdef KSSL_DEBUG |
422 { | 517 { |
423 int ki; | 518 int i; |
424 printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); | 519 printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); |
425 » printf("\tkey= "); | 520 » printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]); |
426 » for (ki=0; ki<c->key_len; ki++) printf("%02x", key[ki]); | |
427 printf("\n"); | 521 printf("\n"); |
428 » printf("\t iv= "); | 522 » printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]); |
429 » for (ki=0; ki<c->iv_len; ki++) printf("%02x", iv[ki]); | |
430 printf("\n"); | 523 printf("\n"); |
431 } | 524 } |
432 #endif /* KSSL_DEBUG */ | 525 #endif /* KSSL_DEBUG */ |
433 | 526 |
434 EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); | 527 EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); |
435 #ifdef TLS_DEBUG | 528 #ifdef TLS_DEBUG |
436 printf("which = %04X\nkey=",which); | 529 printf("which = %04X\nkey=",which); |
437 { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1
)%16)?' ':'\n'); } | 530 { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1
)%16)?' ':'\n'); } |
438 printf("\niv="); | 531 printf("\niv="); |
439 { int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); } | 532 { int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); } |
440 printf("\n"); | 533 printf("\n"); |
441 #endif | 534 #endif |
442 | 535 |
443 OPENSSL_cleanse(tmp1,sizeof(tmp1)); | 536 OPENSSL_cleanse(tmp1,sizeof(tmp1)); |
444 OPENSSL_cleanse(tmp2,sizeof(tmp1)); | 537 OPENSSL_cleanse(tmp2,sizeof(tmp1)); |
445 OPENSSL_cleanse(iv1,sizeof(iv1)); | 538 OPENSSL_cleanse(iv1,sizeof(iv1)); |
446 OPENSSL_cleanse(iv2,sizeof(iv2)); | 539 OPENSSL_cleanse(iv2,sizeof(iv2)); |
447 return(1); | 540 return(1); |
448 err: | 541 err: |
449 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); | 542 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); |
450 err2: | 543 err2: |
451 return(0); | 544 return(0); |
452 } | 545 } |
453 | 546 |
454 int tls1_setup_key_block(SSL *s) | 547 int tls1_setup_key_block(SSL *s) |
455 { | 548 { |
456 » unsigned char *p1,*p2; | 549 » unsigned char *p1,*p2=NULL; |
457 const EVP_CIPHER *c; | 550 const EVP_CIPHER *c; |
458 const EVP_MD *hash; | 551 const EVP_MD *hash; |
459 int num; | 552 int num; |
460 SSL_COMP *comp; | 553 SSL_COMP *comp; |
| 554 int mac_type= NID_undef,mac_secret_size=0; |
| 555 int ret=0; |
461 | 556 |
462 #ifdef KSSL_DEBUG | 557 #ifdef KSSL_DEBUG |
463 printf ("tls1_setup_key_block()\n"); | 558 printf ("tls1_setup_key_block()\n"); |
464 #endif /* KSSL_DEBUG */ | 559 #endif /* KSSL_DEBUG */ |
465 | 560 |
466 if (s->s3->tmp.key_block_length != 0) | 561 if (s->s3->tmp.key_block_length != 0) |
467 return(1); | 562 return(1); |
468 | 563 |
469 » if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp)) | 564 » if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&
comp)) |
470 { | 565 { |
471 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILAB
LE); | 566 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILAB
LE); |
472 return(0); | 567 return(0); |
473 } | 568 } |
474 | 569 |
475 s->s3->tmp.new_sym_enc=c; | 570 s->s3->tmp.new_sym_enc=c; |
476 s->s3->tmp.new_hash=hash; | 571 s->s3->tmp.new_hash=hash; |
477 | 572 » s->s3->tmp.new_mac_pkey_type = mac_type; |
478 » num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); | 573 » s->s3->tmp.new_mac_secret_size = mac_secret_size; |
| 574 » num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c); |
479 num*=2; | 575 num*=2; |
480 | 576 |
481 ssl3_cleanup_key_block(s); | 577 ssl3_cleanup_key_block(s); |
482 | 578 |
483 if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL) | 579 if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL) |
| 580 { |
| 581 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); |
484 goto err; | 582 goto err; |
485 » if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) | 583 » » } |
486 » » goto err; | |
487 | 584 |
488 s->s3->tmp.key_block_length=num; | 585 s->s3->tmp.key_block_length=num; |
489 s->s3->tmp.key_block=p1; | 586 s->s3->tmp.key_block=p1; |
490 | 587 |
| 588 if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) |
| 589 { |
| 590 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); |
| 591 goto err; |
| 592 } |
491 | 593 |
492 #ifdef TLS_DEBUG | 594 #ifdef TLS_DEBUG |
493 printf("client random\n"); | 595 printf("client random\n"); |
494 { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random
[z],((z+1)%16)?' ':'\n'); } | 596 { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random
[z],((z+1)%16)?' ':'\n'); } |
495 printf("server random\n"); | 597 printf("server random\n"); |
496 { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random
[z],((z+1)%16)?' ':'\n'); } | 598 { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random
[z],((z+1)%16)?' ':'\n'); } |
497 printf("pre-master\n"); | 599 printf("pre-master\n"); |
498 { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->sess
ion->master_key[z],((z+1)%16)?' ':'\n'); } | 600 { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->sess
ion->master_key[z],((z+1)%16)?' ':'\n'); } |
499 #endif | 601 #endif |
500 » tls1_generate_key_block(s,p1,p2,num); | 602 » if (!tls1_generate_key_block(s,p1,p2,num)) |
501 » OPENSSL_cleanse(p2,num); | 603 » » goto err; |
502 » OPENSSL_free(p2); | |
503 #ifdef TLS_DEBUG | 604 #ifdef TLS_DEBUG |
504 printf("\nkey block\n"); | 605 printf("\nkey block\n"); |
505 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } | 606 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } |
506 #endif | 607 #endif |
507 | 608 |
508 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) | 609 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) |
509 { | 610 { |
510 /* enable vulnerability countermeasure for CBC ciphers with | 611 /* enable vulnerability countermeasure for CBC ciphers with |
511 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) | 612 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) |
512 */ | 613 */ |
513 s->s3->need_empty_fragments = 1; | 614 s->s3->need_empty_fragments = 1; |
514 | 615 |
515 if (s->session->cipher != NULL) | 616 if (s->session->cipher != NULL) |
516 { | 617 { |
517 » » » if ((s->session->cipher->algorithms & SSL_ENC_MASK) == S
SL_eNULL) | 618 » » » if (s->session->cipher->algorithm_enc == SSL_eNULL) |
518 s->s3->need_empty_fragments = 0; | 619 s->s3->need_empty_fragments = 0; |
519 | 620 |
520 #ifndef OPENSSL_NO_RC4 | 621 #ifndef OPENSSL_NO_RC4 |
521 » » » if ((s->session->cipher->algorithms & SSL_ENC_MASK) == S
SL_RC4) | 622 » » » if (s->session->cipher->algorithm_enc == SSL_RC4) |
522 s->s3->need_empty_fragments = 0; | 623 s->s3->need_empty_fragments = 0; |
523 #endif | 624 #endif |
524 } | 625 } |
525 } | 626 } |
526 | 627 |
527 » return(1); | 628 » ret = 1; |
528 err: | 629 err: |
529 » SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); | 630 » if (p2) |
530 » return(0); | 631 » » { |
| 632 » » OPENSSL_cleanse(p2,num); |
| 633 » » OPENSSL_free(p2); |
| 634 » » } |
| 635 » return(ret); |
531 } | 636 } |
532 | 637 |
533 int tls1_enc(SSL *s, int send) | 638 int tls1_enc(SSL *s, int send) |
534 { | 639 { |
535 SSL3_RECORD *rec; | 640 SSL3_RECORD *rec; |
536 EVP_CIPHER_CTX *ds; | 641 EVP_CIPHER_CTX *ds; |
537 unsigned long l; | 642 unsigned long l; |
538 int bs,i,ii,j,k,n=0; | 643 int bs,i,ii,j,k,n=0; |
539 const EVP_CIPHER *enc; | 644 const EVP_CIPHER *enc; |
540 | 645 |
541 if (send) | 646 if (send) |
542 { | 647 { |
543 » » if (s->write_hash != NULL) | 648 » » if (EVP_MD_CTX_md(s->write_hash)) |
544 » » » n=EVP_MD_size(s->write_hash); | 649 » » » { |
| 650 » » » n=EVP_MD_CTX_size(s->write_hash); |
| 651 » » » OPENSSL_assert(n >= 0); |
| 652 » » » } |
545 ds=s->enc_write_ctx; | 653 ds=s->enc_write_ctx; |
546 rec= &(s->s3->wrec); | 654 rec= &(s->s3->wrec); |
547 if (s->enc_write_ctx == NULL) | 655 if (s->enc_write_ctx == NULL) |
548 enc=NULL; | 656 enc=NULL; |
549 else | 657 else |
550 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | 658 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); |
551 } | 659 } |
552 else | 660 else |
553 { | 661 { |
554 » » if (s->read_hash != NULL) | 662 » » if (EVP_MD_CTX_md(s->read_hash)) |
555 » » » n=EVP_MD_size(s->read_hash); | 663 » » » { |
| 664 » » » n=EVP_MD_CTX_size(s->read_hash); |
| 665 » » » OPENSSL_assert(n >= 0); |
| 666 » » » } |
556 ds=s->enc_read_ctx; | 667 ds=s->enc_read_ctx; |
557 rec= &(s->s3->rrec); | 668 rec= &(s->s3->rrec); |
558 if (s->enc_read_ctx == NULL) | 669 if (s->enc_read_ctx == NULL) |
559 enc=NULL; | 670 enc=NULL; |
560 else | 671 else |
561 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); | 672 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); |
562 } | 673 } |
563 | 674 |
564 #ifdef KSSL_DEBUG | 675 #ifdef KSSL_DEBUG |
565 printf("tls1_enc(%d)\n", send); | 676 printf("tls1_enc(%d)\n", send); |
(...skipping 26 matching lines...) Expand all Loading... |
592 for (k=(int)l; k<(int)(l+i); k++) | 703 for (k=(int)l; k<(int)(l+i); k++) |
593 rec->input[k]=j; | 704 rec->input[k]=j; |
594 l+=i; | 705 l+=i; |
595 rec->length+=i; | 706 rec->length+=i; |
596 } | 707 } |
597 | 708 |
598 #ifdef KSSL_DEBUG | 709 #ifdef KSSL_DEBUG |
599 { | 710 { |
600 unsigned long ui; | 711 unsigned long ui; |
601 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n
", | 712 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n
", |
602 (void *)ds,rec->data,rec->input,l); | 713 ds,rec->data,rec->input,l); |
603 » » printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d i
v_len\n", | 714 » » printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_
len\n", |
604 ds->buf_len, ds->cipher->key_len, | 715 ds->buf_len, ds->cipher->key_len, |
605 (unsigned long)DES_KEY_SZ, | 716 DES_KEY_SZ, DES_SCHEDULE_SZ, |
606 » » » (unsigned long)DES_SCHEDULE_SZ, | |
607 ds->cipher->iv_len); | 717 ds->cipher->iv_len); |
608 printf("\t\tIV: "); | 718 printf("\t\tIV: "); |
609 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); | 719 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); |
610 printf("\n"); | 720 printf("\n"); |
611 printf("\trec->input="); | 721 printf("\trec->input="); |
612 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); | 722 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); |
613 printf("\n"); | 723 printf("\n"); |
614 } | 724 } |
615 #endif /* KSSL_DEBUG */ | 725 #endif /* KSSL_DEBUG */ |
616 | 726 |
617 if (!send) | 727 if (!send) |
618 { | 728 { |
619 if (l == 0 || l%bs != 0) | 729 if (l == 0 || l%bs != 0) |
620 { | 730 { |
621 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_
WRONG); | 731 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_
WRONG); |
622 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTIO
N_FAILED); | 732 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTIO
N_FAILED); |
623 return 0; | 733 return 0; |
624 } | 734 } |
625 } | 735 } |
626 | 736 |
627 EVP_Cipher(ds,rec->data,rec->input,l); | 737 EVP_Cipher(ds,rec->data,rec->input,l); |
628 | 738 |
629 #ifdef KSSL_DEBUG | 739 #ifdef KSSL_DEBUG |
630 { | 740 { |
631 unsigned long ki; | 741 unsigned long i; |
632 printf("\trec->data="); | 742 printf("\trec->data="); |
633 » » for (ki=0; ki<l; i++) | 743 » » for (i=0; i<l; i++) |
634 printf(" %02x", rec->data[ki]); printf("\n"); | 744 printf(" %02x", rec->data[i]); printf("\n"); |
635 } | 745 } |
636 #endif /* KSSL_DEBUG */ | 746 #endif /* KSSL_DEBUG */ |
637 | 747 |
638 if ((bs != 1) && !send) | 748 if ((bs != 1) && !send) |
639 { | 749 { |
640 ii=i=rec->data[l-1]; /* padding_length */ | 750 ii=i=rec->data[l-1]; /* padding_length */ |
641 i++; | 751 i++; |
642 /* NB: if compression is in operation the first packet | 752 /* NB: if compression is in operation the first packet |
643 * may not be of even length so the padding bug check | 753 * may not be of even length so the padding bug check |
644 * cannot be performed. This bug workaround has been | 754 * cannot be performed. This bug workaround has been |
(...skipping 27 matching lines...) Expand all Loading... |
672 { | 782 { |
673 /* Incorrect padding */ | 783 /* Incorrect padding */ |
674 return -1; | 784 return -1; |
675 } | 785 } |
676 } | 786 } |
677 rec->length-=i; | 787 rec->length-=i; |
678 } | 788 } |
679 } | 789 } |
680 return(1); | 790 return(1); |
681 } | 791 } |
682 | 792 int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) |
683 int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out) | |
684 { | 793 { |
685 unsigned int ret; | 794 unsigned int ret; |
686 » EVP_MD_CTX ctx; | 795 » EVP_MD_CTX ctx, *d=NULL; |
| 796 » int i; |
| 797 |
| 798 » if (s->s3->handshake_buffer) |
| 799 » » if (!ssl3_digest_cached_records(s)) |
| 800 » » » return 0; |
| 801 |
| 802 » for (i=0;i<SSL_MAX_DIGEST;i++) |
| 803 » » { |
| 804 » » if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake
_dgst[i])==md_nid) |
| 805 » » » { |
| 806 » » » d=s->s3->handshake_dgst[i]; |
| 807 » » » break; |
| 808 » » » } |
| 809 » » } |
| 810 » if (!d) { |
| 811 » » SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST); |
| 812 » » return 0; |
| 813 » }» |
687 | 814 |
688 EVP_MD_CTX_init(&ctx); | 815 EVP_MD_CTX_init(&ctx); |
689 » EVP_MD_CTX_copy_ex(&ctx,in_ctx); | 816 » EVP_MD_CTX_copy_ex(&ctx,d); |
690 EVP_DigestFinal_ex(&ctx,out,&ret); | 817 EVP_DigestFinal_ex(&ctx,out,&ret); |
691 EVP_MD_CTX_cleanup(&ctx); | 818 EVP_MD_CTX_cleanup(&ctx); |
692 return((int)ret); | 819 return((int)ret); |
693 } | 820 } |
694 | 821 |
695 int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, | 822 int tls1_final_finish_mac(SSL *s, |
696 const char *str, int slen, unsigned char *out) | 823 const char *str, int slen, unsigned char *out) |
697 { | 824 { |
698 unsigned int i; | 825 unsigned int i; |
699 EVP_MD_CTX ctx; | 826 EVP_MD_CTX ctx; |
700 » unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LEN
GTH]; | 827 » unsigned char buf[2*EVP_MAX_MD_SIZE]; |
701 unsigned char *q,buf2[12]; | 828 unsigned char *q,buf2[12]; |
| 829 int idx; |
| 830 long mask; |
| 831 int err=0; |
| 832 const EVP_MD *md; |
702 | 833 |
703 q=buf; | 834 q=buf; |
704 » memcpy(q,str,slen); | 835 |
705 » q+=slen; | 836 » if (s->s3->handshake_buffer) |
| 837 » » if (!ssl3_digest_cached_records(s)) |
| 838 » » » return 0; |
706 | 839 |
707 EVP_MD_CTX_init(&ctx); | 840 EVP_MD_CTX_init(&ctx); |
708 EVP_MD_CTX_copy_ex(&ctx,in1_ctx); | |
709 EVP_DigestFinal_ex(&ctx,q,&i); | |
710 q+=i; | |
711 EVP_MD_CTX_copy_ex(&ctx,in2_ctx); | |
712 EVP_DigestFinal_ex(&ctx,q,&i); | |
713 q+=i; | |
714 | 841 |
715 » tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf), | 842 » for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) |
716 » » s->session->master_key,s->session->master_key_length, | 843 » » { |
717 » » out,buf2,sizeof buf2); | 844 » » if (mask & s->s3->tmp.new_cipher->algorithm2) |
| 845 » » » { |
| 846 » » » int hashsize = EVP_MD_size(md); |
| 847 » » » if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_
t)(q-buf))) |
| 848 » » » » { |
| 849 » » » » /* internal error: 'buf' is too small for this c
ipersuite! */ |
| 850 » » » » err = 1; |
| 851 » » » » } |
| 852 » » » else |
| 853 » » » » { |
| 854 » » » » EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[id
x]); |
| 855 » » » » EVP_DigestFinal_ex(&ctx,q,&i); |
| 856 » » » » if (i != (unsigned int)hashsize) /* can't really
happen */ |
| 857 » » » » » err = 1; |
| 858 » » » » q+=i; |
| 859 » » » » } |
| 860 » » » } |
| 861 » » } |
| 862 » » |
| 863 » if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2, |
| 864 » » » str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, |
| 865 » » » s->session->master_key,s->session->master_key_length, |
| 866 » » » out,buf2,sizeof buf2)) |
| 867 » » err = 1; |
718 EVP_MD_CTX_cleanup(&ctx); | 868 EVP_MD_CTX_cleanup(&ctx); |
719 | 869 |
720 » return sizeof buf2; | 870 » if (err) |
| 871 » » return 0; |
| 872 » else |
| 873 » » return sizeof buf2; |
721 } | 874 } |
722 | 875 |
723 int tls1_mac(SSL *ssl, unsigned char *md, int send) | 876 int tls1_mac(SSL *ssl, unsigned char *md, int send) |
724 { | 877 { |
725 SSL3_RECORD *rec; | 878 SSL3_RECORD *rec; |
726 » unsigned char *mac_sec,*seq; | 879 » unsigned char *seq; |
727 » const EVP_MD *hash; | 880 » EVP_MD_CTX *hash; |
728 » unsigned int md_size; | 881 » size_t md_size; |
729 int i; | 882 int i; |
730 » HMAC_CTX hmac; | 883 » EVP_MD_CTX hmac, *mac_ctx; |
731 unsigned char buf[5]; | 884 unsigned char buf[5]; |
| 885 int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):
(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM)); |
| 886 int t; |
732 | 887 |
733 if (send) | 888 if (send) |
734 { | 889 { |
735 rec= &(ssl->s3->wrec); | 890 rec= &(ssl->s3->wrec); |
736 mac_sec= &(ssl->s3->write_mac_secret[0]); | |
737 seq= &(ssl->s3->write_sequence[0]); | 891 seq= &(ssl->s3->write_sequence[0]); |
738 hash=ssl->write_hash; | 892 hash=ssl->write_hash; |
739 } | 893 } |
740 else | 894 else |
741 { | 895 { |
742 rec= &(ssl->s3->rrec); | 896 rec= &(ssl->s3->rrec); |
743 mac_sec= &(ssl->s3->read_mac_secret[0]); | |
744 seq= &(ssl->s3->read_sequence[0]); | 897 seq= &(ssl->s3->read_sequence[0]); |
745 hash=ssl->read_hash; | 898 hash=ssl->read_hash; |
746 } | 899 } |
747 | 900 |
748 » md_size=EVP_MD_size(hash); | 901 » t=EVP_MD_CTX_size(hash); |
| 902 » OPENSSL_assert(t >= 0); |
| 903 » md_size=t; |
749 | 904 |
750 buf[0]=rec->type; | 905 buf[0]=rec->type; |
751 » if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VE
R) | 906 » buf[1]=(unsigned char)(ssl->version>>8); |
752 » » { | 907 » buf[2]=(unsigned char)(ssl->version); |
753 » » buf[1]=TLS1_VERSION_MAJOR; | |
754 » » buf[2]=TLS1_VERSION_MINOR; | |
755 » » } | |
756 » else» { | |
757 » » buf[1]=(unsigned char)(ssl->version>>8); | |
758 » » buf[2]=(unsigned char)(ssl->version); | |
759 » » } | |
760 | |
761 buf[3]=rec->length>>8; | 908 buf[3]=rec->length>>8; |
762 buf[4]=rec->length&0xff; | 909 buf[4]=rec->length&0xff; |
763 | 910 |
764 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ | 911 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ |
765 » HMAC_CTX_init(&hmac); | 912 » if (stream_mac) |
766 » HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); | 913 » » { |
| 914 » » » mac_ctx = hash; |
| 915 » » } |
| 916 » » else |
| 917 » » { |
| 918 » » » EVP_MD_CTX_copy(&hmac,hash); |
| 919 » » » mac_ctx = &hmac; |
| 920 » » } |
767 | 921 |
768 » if (ssl->version == DTLS1_BAD_VER || | 922 » if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) |
769 » (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_V
ER)) | |
770 { | 923 { |
771 unsigned char dtlsseq[8],*p=dtlsseq; | 924 unsigned char dtlsseq[8],*p=dtlsseq; |
| 925 |
772 s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); | 926 s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); |
773 memcpy (p,&seq[2],6); | 927 memcpy (p,&seq[2],6); |
774 | 928 |
775 » » HMAC_Update(&hmac,dtlsseq,8); | 929 » » EVP_DigestSignUpdate(mac_ctx,dtlsseq,8); |
776 } | 930 } |
777 else | 931 else |
778 » » HMAC_Update(&hmac,seq,8); | 932 » » EVP_DigestSignUpdate(mac_ctx,seq,8); |
779 | 933 |
780 » HMAC_Update(&hmac,buf,5); | 934 » EVP_DigestSignUpdate(mac_ctx,buf,5); |
781 » HMAC_Update(&hmac,rec->input,rec->length); | 935 » EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length); |
782 » HMAC_Final(&hmac,md,&md_size); | 936 » t=EVP_DigestSignFinal(mac_ctx,md,&md_size); |
783 » HMAC_CTX_cleanup(&hmac); | 937 » OPENSSL_assert(t > 0); |
784 | 938 » » |
| 939 » if (!stream_mac) EVP_MD_CTX_cleanup(&hmac); |
785 #ifdef TLS_DEBUG | 940 #ifdef TLS_DEBUG |
786 printf("sec="); | 941 printf("sec="); |
787 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\
n"); } | 942 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\
n"); } |
788 printf("seq="); | 943 printf("seq="); |
789 {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); } | 944 {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); } |
790 printf("buf="); | 945 printf("buf="); |
791 {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); } | 946 {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); } |
792 printf("rec="); | 947 printf("rec="); |
793 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\
n"); } | 948 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\
n"); } |
794 #endif | 949 #endif |
795 | 950 |
796 » if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_
VER) | 951 » if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) |
797 { | 952 { |
798 for (i=7; i>=0; i--) | 953 for (i=7; i>=0; i--) |
799 { | 954 { |
800 ++seq[i]; | 955 ++seq[i]; |
801 if (seq[i] != 0) break; | 956 if (seq[i] != 0) break; |
802 } | 957 } |
803 } | 958 } |
804 | 959 |
805 #ifdef TLS_DEBUG | 960 #ifdef TLS_DEBUG |
806 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n");
} | 961 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n");
} |
807 #endif | 962 #endif |
808 return(md_size); | 963 return(md_size); |
809 } | 964 } |
810 | 965 |
811 int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, | 966 int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, |
812 int len) | 967 int len) |
813 { | 968 { |
814 unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE]; | |
815 unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; | 969 unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; |
| 970 const void *co = NULL, *so = NULL; |
| 971 int col = 0, sol = 0; |
816 | 972 |
817 #ifdef KSSL_DEBUG | 973 #ifdef KSSL_DEBUG |
818 » printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", (void *)s,out, p
,len); | 974 » printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len); |
819 #endif /* KSSL_DEBUG */ | 975 #endif /* KSSL_DEBUG */ |
820 | 976 |
821 » /* Setup the stuff to munge */ | 977 #ifdef TLSEXT_TYPE_opaque_prf_input |
822 » memcpy(buf,TLS_MD_MASTER_SECRET_CONST, | 978 » if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_i
nput != NULL && |
823 » » TLS_MD_MASTER_SECRET_CONST_SIZE); | 979 » s->s3->client_opaque_prf_input_len > 0 && |
824 » memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]), | 980 » s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input
_len) |
825 » » s->s3->client_random,SSL3_RANDOM_SIZE); | 981 » » { |
826 » memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]), | 982 » » co = s->s3->client_opaque_prf_input; |
827 » » s->s3->server_random,SSL3_RANDOM_SIZE); | 983 » » col = s->s3->server_opaque_prf_input_len; |
828 » tls1_PRF(s->ctx->md5,s->ctx->sha1, | 984 » » so = s->s3->server_opaque_prf_input; |
829 » » buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, | 985 » » sol = s->s3->client_opaque_prf_input_len; /* must be same as col
(see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */ |
| 986 » » } |
| 987 #endif |
| 988 |
| 989 » tls1_PRF(s->s3->tmp.new_cipher->algorithm2, |
| 990 » » TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE, |
| 991 » » s->s3->client_random,SSL3_RANDOM_SIZE, |
| 992 » » co, col, |
| 993 » » s->s3->server_random,SSL3_RANDOM_SIZE, |
| 994 » » so, sol, |
| 995 » » p,len, |
830 s->session->master_key,buff,sizeof buff); | 996 s->session->master_key,buff,sizeof buff); |
| 997 |
831 #ifdef KSSL_DEBUG | 998 #ifdef KSSL_DEBUG |
832 printf ("tls1_generate_master_secret() complete\n"); | 999 printf ("tls1_generate_master_secret() complete\n"); |
833 #endif /* KSSL_DEBUG */ | 1000 #endif /* KSSL_DEBUG */ |
834 return(SSL3_MASTER_SECRET_SIZE); | 1001 return(SSL3_MASTER_SECRET_SIZE); |
835 } | 1002 } |
836 | 1003 |
837 int tls1_alert_code(int code) | 1004 int tls1_alert_code(int code) |
838 { | 1005 { |
839 switch (code) | 1006 switch (code) |
840 { | 1007 { |
(...skipping 14 matching lines...) Expand all Loading... |
855 case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA); | 1022 case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA); |
856 case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED); | 1023 case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED); |
857 case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR); | 1024 case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR); |
858 case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR); | 1025 case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR); |
859 case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION); | 1026 case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION); |
860 case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION); | 1027 case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION); |
861 case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY); | 1028 case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY); |
862 case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); | 1029 case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); |
863 case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); | 1030 case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); |
864 case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); | 1031 case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); |
865 #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | 1032 » case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION)
; |
| 1033 » case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAI
NABLE); |
| 1034 » case SSL_AD_UNRECOGNIZED_NAME:» return(TLS1_AD_UNRECOGNIZED_NAME); |
| 1035 » case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFIC
ATE_STATUS_RESPONSE); |
| 1036 » case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_H
ASH_VALUE); |
| 1037 » case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); |
| 1038 #if 0 /* not appropriate for TLS, not used for DTLS */ |
866 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return | 1039 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return |
867 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); | 1040 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); |
868 #endif | 1041 #endif |
869 default: return(-1); | 1042 default: return(-1); |
870 } | 1043 } |
871 } | 1044 } |
872 | 1045 |
OLD | NEW |