OLD | NEW |
1 /* ssl/t1_enc.c */ | 1 /* ssl/t1_enc.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 1129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1140 return 0; | 1140 return 0; |
1141 } | 1141 } |
1142 | 1142 |
1143 EVP_MD_CTX_init(&ctx); | 1143 EVP_MD_CTX_init(&ctx); |
1144 EVP_MD_CTX_copy_ex(&ctx,d); | 1144 EVP_MD_CTX_copy_ex(&ctx,d); |
1145 EVP_DigestFinal_ex(&ctx,out,&ret); | 1145 EVP_DigestFinal_ex(&ctx,out,&ret); |
1146 EVP_MD_CTX_cleanup(&ctx); | 1146 EVP_MD_CTX_cleanup(&ctx); |
1147 return((int)ret); | 1147 return((int)ret); |
1148 } | 1148 } |
1149 | 1149 |
1150 /* tls1_handshake_digest calculates the current handshake hash and writes it to | |
1151 * |out|, which has space for |out_len| bytes. It returns the number of bytes | |
1152 * written or -1 in the event of an error. This function works on a copy of the | |
1153 * underlying digests so can be called multiple times and prior to the final | |
1154 * update etc. */ | |
1155 int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len) | |
1156 { | |
1157 const EVP_MD *md; | |
1158 EVP_MD_CTX ctx; | |
1159 int i, err = 0, len = 0; | |
1160 long mask; | |
1161 | |
1162 EVP_MD_CTX_init(&ctx); | |
1163 | |
1164 for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) | |
1165 { | |
1166 int hash_size; | |
1167 unsigned int digest_len; | |
1168 EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i]; | |
1169 | |
1170 if ((mask & ssl_get_algorithm2(s)) == 0) | |
1171 continue; | |
1172 | |
1173 hash_size = EVP_MD_size(md); | |
1174 if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len) | |
1175 { | |
1176 err = 1; | |
1177 break; | |
1178 } | |
1179 | |
1180 if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || | |
1181 !EVP_DigestFinal_ex(&ctx, out, &digest_len) || | |
1182 digest_len != (unsigned int)hash_size) /* internal error */ | |
1183 { | |
1184 err = 1; | |
1185 break; | |
1186 } | |
1187 out += digest_len; | |
1188 out_len -= digest_len; | |
1189 len += digest_len; | |
1190 } | |
1191 | |
1192 EVP_MD_CTX_cleanup(&ctx); | |
1193 | |
1194 if (err != 0) | |
1195 return -1; | |
1196 return len; | |
1197 } | |
1198 | |
1199 int tls1_final_finish_mac(SSL *s, | 1150 int tls1_final_finish_mac(SSL *s, |
1200 const char *str, int slen, unsigned char *out) | 1151 const char *str, int slen, unsigned char *out) |
1201 { | 1152 { |
| 1153 unsigned int i; |
| 1154 EVP_MD_CTX ctx; |
1202 unsigned char buf[2*EVP_MAX_MD_SIZE]; | 1155 unsigned char buf[2*EVP_MAX_MD_SIZE]; |
1203 » unsigned char buf2[12]; | 1156 » unsigned char *q,buf2[12]; |
| 1157 » int idx; |
| 1158 » long mask; |
1204 int err=0; | 1159 int err=0; |
1205 » int digests_len; | 1160 » const EVP_MD *md; |
1206 | 1161 |
1207 » if (s->s3->handshake_buffer) | 1162 » q=buf; |
| 1163 |
| 1164 » if (s->s3->handshake_buffer) |
1208 if (!ssl3_digest_cached_records(s)) | 1165 if (!ssl3_digest_cached_records(s)) |
1209 return 0; | 1166 return 0; |
1210 | 1167 |
1211 » digests_len = tls1_handshake_digest(s, buf, sizeof(buf)); | 1168 » EVP_MD_CTX_init(&ctx); |
1212 » if (digests_len < 0) | 1169 |
| 1170 » for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) |
1213 { | 1171 { |
1214 » » err = 1; | 1172 » » if (mask & ssl_get_algorithm2(s)) |
1215 » » digests_len = 0; | 1173 » » » { |
| 1174 » » » int hashsize = EVP_MD_size(md); |
| 1175 » » » if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_
t)(q-buf))) |
| 1176 » » » » { |
| 1177 » » » » /* internal error: 'buf' is too small for this c
ipersuite! */ |
| 1178 » » » » err = 1; |
| 1179 » » » » } |
| 1180 » » » else |
| 1181 » » » » { |
| 1182 » » » » EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[id
x]); |
| 1183 » » » » EVP_DigestFinal_ex(&ctx,q,&i); |
| 1184 » » » » if (i != (unsigned int)hashsize) /* can't really
happen */ |
| 1185 » » » » » err = 1; |
| 1186 » » » » q+=i; |
| 1187 » » » » } |
| 1188 » » » } |
1216 } | 1189 } |
1217 | 1190 » » |
1218 if (!tls1_PRF(ssl_get_algorithm2(s), | 1191 if (!tls1_PRF(ssl_get_algorithm2(s), |
1219 » » » str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0, | 1192 » » » str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, |
1220 s->session->master_key,s->session->master_key_length, | 1193 s->session->master_key,s->session->master_key_length, |
1221 out,buf2,sizeof buf2)) | 1194 out,buf2,sizeof buf2)) |
1222 err = 1; | 1195 err = 1; |
| 1196 EVP_MD_CTX_cleanup(&ctx); |
1223 | 1197 |
1224 if (err) | 1198 if (err) |
1225 return 0; | 1199 return 0; |
1226 else | 1200 else |
1227 return sizeof buf2; | 1201 return sizeof buf2; |
1228 } | 1202 } |
1229 | 1203 |
1230 int tls1_mac(SSL *ssl, unsigned char *md, int send) | 1204 int tls1_mac(SSL *ssl, unsigned char *md, int send) |
1231 { | 1205 { |
1232 SSL3_RECORD *rec; | 1206 SSL3_RECORD *rec; |
(...skipping 288 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1521 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFIC
ATE_STATUS_RESPONSE); | 1495 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFIC
ATE_STATUS_RESPONSE); |
1522 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_H
ASH_VALUE); | 1496 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_H
ASH_VALUE); |
1523 case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); | 1497 case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); |
1524 #if 0 /* not appropriate for TLS, not used for DTLS */ | 1498 #if 0 /* not appropriate for TLS, not used for DTLS */ |
1525 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return | 1499 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return |
1526 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); | 1500 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); |
1527 #endif | 1501 #endif |
1528 default: return(-1); | 1502 default: return(-1); |
1529 } | 1503 } |
1530 } | 1504 } |
OLD | NEW |