OLD | NEW |
1 /* ssl/t1_enc.c */ | 1 /* ssl/t1_enc.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 1129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1140 return 0; | 1140 return 0; |
1141 } | 1141 } |
1142 | 1142 |
1143 EVP_MD_CTX_init(&ctx); | 1143 EVP_MD_CTX_init(&ctx); |
1144 EVP_MD_CTX_copy_ex(&ctx,d); | 1144 EVP_MD_CTX_copy_ex(&ctx,d); |
1145 EVP_DigestFinal_ex(&ctx,out,&ret); | 1145 EVP_DigestFinal_ex(&ctx,out,&ret); |
1146 EVP_MD_CTX_cleanup(&ctx); | 1146 EVP_MD_CTX_cleanup(&ctx); |
1147 return((int)ret); | 1147 return((int)ret); |
1148 } | 1148 } |
1149 | 1149 |
| 1150 /* tls1_handshake_digest calculates the current handshake hash and writes it to |
| 1151 * |out|, which has space for |out_len| bytes. It returns the number of bytes |
| 1152 * written or -1 in the event of an error. This function works on a copy of the |
| 1153 * underlying digests so can be called multiple times and prior to the final |
| 1154 * update etc. */ |
| 1155 int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len) |
| 1156 { |
| 1157 const EVP_MD *md; |
| 1158 EVP_MD_CTX ctx; |
| 1159 int i, err = 0, len = 0; |
| 1160 long mask; |
| 1161 |
| 1162 EVP_MD_CTX_init(&ctx); |
| 1163 |
| 1164 for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) |
| 1165 { |
| 1166 int hash_size; |
| 1167 unsigned int digest_len; |
| 1168 EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i]; |
| 1169 |
| 1170 if ((mask & ssl_get_algorithm2(s)) == 0) |
| 1171 continue; |
| 1172 |
| 1173 hash_size = EVP_MD_size(md); |
| 1174 if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len) |
| 1175 { |
| 1176 err = 1; |
| 1177 break; |
| 1178 } |
| 1179 |
| 1180 if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || |
| 1181 !EVP_DigestFinal_ex(&ctx, out, &digest_len) || |
| 1182 digest_len != (unsigned int)hash_size) /* internal error */ |
| 1183 { |
| 1184 err = 1; |
| 1185 break; |
| 1186 } |
| 1187 out += digest_len; |
| 1188 out_len -= digest_len; |
| 1189 len += digest_len; |
| 1190 } |
| 1191 |
| 1192 EVP_MD_CTX_cleanup(&ctx); |
| 1193 |
| 1194 if (err != 0) |
| 1195 return -1; |
| 1196 return len; |
| 1197 } |
| 1198 |
1150 int tls1_final_finish_mac(SSL *s, | 1199 int tls1_final_finish_mac(SSL *s, |
1151 const char *str, int slen, unsigned char *out) | 1200 const char *str, int slen, unsigned char *out) |
1152 { | 1201 { |
1153 unsigned int i; | |
1154 EVP_MD_CTX ctx; | |
1155 unsigned char buf[2*EVP_MAX_MD_SIZE]; | 1202 unsigned char buf[2*EVP_MAX_MD_SIZE]; |
1156 » unsigned char *q,buf2[12]; | 1203 » unsigned char buf2[12]; |
1157 » int idx; | |
1158 » long mask; | |
1159 int err=0; | 1204 int err=0; |
1160 » const EVP_MD *md; | 1205 » int digests_len; |
1161 | 1206 |
1162 » q=buf; | 1207 » if (s->s3->handshake_buffer) |
1163 | |
1164 » if (s->s3->handshake_buffer) | |
1165 if (!ssl3_digest_cached_records(s)) | 1208 if (!ssl3_digest_cached_records(s)) |
1166 return 0; | 1209 return 0; |
1167 | 1210 |
1168 » EVP_MD_CTX_init(&ctx); | 1211 » digests_len = tls1_handshake_digest(s, buf, sizeof(buf)); |
| 1212 » if (digests_len < 0) |
| 1213 » » { |
| 1214 » » err = 1; |
| 1215 » » digests_len = 0; |
| 1216 » » } |
1169 | 1217 |
1170 for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) | |
1171 { | |
1172 if (mask & ssl_get_algorithm2(s)) | |
1173 { | |
1174 int hashsize = EVP_MD_size(md); | |
1175 if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_
t)(q-buf))) | |
1176 { | |
1177 /* internal error: 'buf' is too small for this c
ipersuite! */ | |
1178 err = 1; | |
1179 } | |
1180 else | |
1181 { | |
1182 EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[id
x]); | |
1183 EVP_DigestFinal_ex(&ctx,q,&i); | |
1184 if (i != (unsigned int)hashsize) /* can't really
happen */ | |
1185 err = 1; | |
1186 q+=i; | |
1187 } | |
1188 } | |
1189 } | |
1190 | |
1191 if (!tls1_PRF(ssl_get_algorithm2(s), | 1218 if (!tls1_PRF(ssl_get_algorithm2(s), |
1192 » » » str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, | 1219 » » » str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0, |
1193 s->session->master_key,s->session->master_key_length, | 1220 s->session->master_key,s->session->master_key_length, |
1194 out,buf2,sizeof buf2)) | 1221 out,buf2,sizeof buf2)) |
1195 err = 1; | 1222 err = 1; |
1196 EVP_MD_CTX_cleanup(&ctx); | |
1197 | 1223 |
1198 if (err) | 1224 if (err) |
1199 return 0; | 1225 return 0; |
1200 else | 1226 else |
1201 return sizeof buf2; | 1227 return sizeof buf2; |
1202 } | 1228 } |
1203 | 1229 |
1204 int tls1_mac(SSL *ssl, unsigned char *md, int send) | 1230 int tls1_mac(SSL *ssl, unsigned char *md, int send) |
1205 { | 1231 { |
1206 SSL3_RECORD *rec; | 1232 SSL3_RECORD *rec; |
(...skipping 288 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1495 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFIC
ATE_STATUS_RESPONSE); | 1521 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFIC
ATE_STATUS_RESPONSE); |
1496 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_H
ASH_VALUE); | 1522 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_H
ASH_VALUE); |
1497 case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); | 1523 case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); |
1498 #if 0 /* not appropriate for TLS, not used for DTLS */ | 1524 #if 0 /* not appropriate for TLS, not used for DTLS */ |
1499 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return | 1525 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return |
1500 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); | 1526 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); |
1501 #endif | 1527 #endif |
1502 default: return(-1); | 1528 default: return(-1); |
1503 } | 1529 } |
1504 } | 1530 } |
OLD | NEW |