diff options
| author | ryker <> | 1998-10-05 20:13:14 +0000 |
|---|---|---|
| committer | ryker <> | 1998-10-05 20:13:14 +0000 |
| commit | fe5d0717e2760d02faf23bf5a714f17b33ae4abb (patch) | |
| tree | 8d4ad346f10a36bdd90b503d222bda6b4ecd0037 /src/lib/libssl/t1_enc.c | |
| parent | 75bf5ead4149b2b67781def7ace1ec720ae1753e (diff) | |
| parent | aeeae06a79815dc190061534d47236cec09f9e32 (diff) | |
| download | openbsd-fe5d0717e2760d02faf23bf5a714f17b33ae4abb.tar.gz openbsd-fe5d0717e2760d02faf23bf5a714f17b33ae4abb.tar.bz2 openbsd-fe5d0717e2760d02faf23bf5a714f17b33ae4abb.zip | |
This commit was generated by cvs2git to track changes on a CVS vendor
branch.
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 635 |
1 files changed, 635 insertions, 0 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c new file mode 100644 index 0000000000..fbdd3bffb5 --- /dev/null +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -0,0 +1,635 @@ | |||
| 1 | /* ssl/t1_enc.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include "evp.h" | ||
| 61 | #include "hmac.h" | ||
| 62 | #include "ssl_locl.h" | ||
| 63 | |||
| 64 | static void tls1_P_hash(md,sec,sec_len,seed,seed_len,out,olen) | ||
| 65 | EVP_MD *md; | ||
| 66 | unsigned char *sec; | ||
| 67 | int sec_len; | ||
| 68 | unsigned char *seed; | ||
| 69 | int seed_len; | ||
| 70 | unsigned char *out; | ||
| 71 | int olen; | ||
| 72 | { | ||
| 73 | int chunk,n; | ||
| 74 | unsigned int j; | ||
| 75 | HMAC_CTX ctx; | ||
| 76 | HMAC_CTX ctx_tmp; | ||
| 77 | unsigned char A1[HMAC_MAX_MD_CBLOCK]; | ||
| 78 | unsigned int A1_len; | ||
| 79 | |||
| 80 | chunk=EVP_MD_size(md); | ||
| 81 | |||
| 82 | HMAC_Init(&ctx,sec,sec_len,md); | ||
| 83 | HMAC_Update(&ctx,seed,seed_len); | ||
| 84 | HMAC_Final(&ctx,A1,&A1_len); | ||
| 85 | |||
| 86 | n=0; | ||
| 87 | for (;;) | ||
| 88 | { | ||
| 89 | HMAC_Init(&ctx,NULL,0,NULL); /* re-init */ | ||
| 90 | HMAC_Update(&ctx,A1,A1_len); | ||
| 91 | memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */ | ||
| 92 | HMAC_Update(&ctx,seed,seed_len); | ||
| 93 | |||
| 94 | if (olen > chunk) | ||
| 95 | { | ||
| 96 | HMAC_Final(&ctx,out,&j); | ||
| 97 | out+=j; | ||
| 98 | olen-=j; | ||
| 99 | HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */ | ||
| 100 | } | ||
| 101 | else /* last one */ | ||
| 102 | { | ||
| 103 | HMAC_Final(&ctx,A1,&A1_len); | ||
| 104 | memcpy(out,A1,olen); | ||
| 105 | break; | ||
| 106 | } | ||
| 107 | } | ||
| 108 | HMAC_cleanup(&ctx); | ||
| 109 | HMAC_cleanup(&ctx_tmp); | ||
| 110 | memset(A1,0,sizeof(A1)); | ||
| 111 | } | ||
| 112 | |||
| 113 | static void tls1_PRF(md5,sha1,label,label_len,sec,slen,out1,out2,olen) | ||
| 114 | EVP_MD *md5; | ||
| 115 | EVP_MD *sha1; | ||
| 116 | unsigned char *label; | ||
| 117 | int label_len; | ||
| 118 | unsigned char *sec; | ||
| 119 | int slen; | ||
| 120 | unsigned char *out1; | ||
| 121 | unsigned char *out2; | ||
| 122 | int olen; | ||
| 123 | { | ||
| 124 | int len,i; | ||
| 125 | unsigned char *S1,*S2; | ||
| 126 | |||
| 127 | len=slen/2; | ||
| 128 | S1=sec; | ||
| 129 | S2= &(sec[len]); | ||
| 130 | len+=(slen&1); /* add for odd, make longer */ | ||
| 131 | |||
| 132 | |||
| 133 | tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); | ||
| 134 | tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); | ||
| 135 | |||
| 136 | for (i=0; i<olen; i++) | ||
| 137 | out1[i]^=out2[i]; | ||
| 138 | } | ||
| 139 | |||
| 140 | static void tls1_generate_key_block(s,km,tmp,num) | ||
| 141 | SSL *s; | ||
| 142 | unsigned char *km,*tmp; | ||
| 143 | int num; | ||
| 144 | { | ||
| 145 | unsigned char *p; | ||
| 146 | unsigned char buf[SSL3_RANDOM_SIZE*2+ | ||
| 147 | TLS_MD_MAX_CONST_SIZE]; | ||
| 148 | p=buf; | ||
| 149 | |||
| 150 | memcpy(p,TLS_MD_KEY_EXPANSION_CONST, | ||
| 151 | TLS_MD_KEY_EXPANSION_CONST_SIZE); | ||
| 152 | p+=TLS_MD_KEY_EXPANSION_CONST_SIZE; | ||
| 153 | memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); | ||
| 154 | p+=SSL3_RANDOM_SIZE; | ||
| 155 | memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); | ||
| 156 | p+=SSL3_RANDOM_SIZE; | ||
| 157 | |||
| 158 | tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf, | ||
| 159 | s->session->master_key,s->session->master_key_length, | ||
| 160 | km,tmp,num); | ||
| 161 | } | ||
| 162 | |||
| 163 | int tls1_change_cipher_state(s,which) | ||
| 164 | SSL *s; | ||
| 165 | int which; | ||
| 166 | { | ||
| 167 | unsigned char *p,*key_block,*mac_secret; | ||
| 168 | unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+ | ||
| 169 | SSL3_RANDOM_SIZE*2]; | ||
| 170 | unsigned char tmp1[EVP_MAX_KEY_LENGTH]; | ||
| 171 | unsigned char tmp2[EVP_MAX_KEY_LENGTH]; | ||
| 172 | unsigned char iv1[EVP_MAX_IV_LENGTH*2]; | ||
| 173 | unsigned char iv2[EVP_MAX_IV_LENGTH*2]; | ||
| 174 | unsigned char *ms,*key,*iv,*er1,*er2; | ||
| 175 | int client_write; | ||
| 176 | EVP_CIPHER_CTX *dd; | ||
| 177 | EVP_CIPHER *c; | ||
| 178 | SSL_COMPRESSION *comp; | ||
| 179 | EVP_MD *m; | ||
| 180 | int exp,n,i,j,k,exp_label_len; | ||
| 181 | |||
| 182 | exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0; | ||
| 183 | c=s->s3->tmp.new_sym_enc; | ||
| 184 | m=s->s3->tmp.new_hash; | ||
| 185 | comp=s->s3->tmp.new_compression; | ||
| 186 | key_block=s->s3->tmp.key_block; | ||
| 187 | |||
| 188 | if (which & SSL3_CC_READ) | ||
| 189 | { | ||
| 190 | if ((s->enc_read_ctx == NULL) && | ||
| 191 | ((s->enc_read_ctx=(EVP_CIPHER_CTX *) | ||
| 192 | Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) | ||
| 193 | goto err; | ||
| 194 | dd= s->enc_read_ctx; | ||
| 195 | s->read_hash=m; | ||
| 196 | s->read_compression=comp; | ||
| 197 | memset(&(s->s3->read_sequence[0]),0,8); | ||
| 198 | mac_secret= &(s->s3->read_mac_secret[0]); | ||
| 199 | } | ||
| 200 | else | ||
| 201 | { | ||
| 202 | if ((s->enc_write_ctx == NULL) && | ||
| 203 | ((s->enc_write_ctx=(EVP_CIPHER_CTX *) | ||
| 204 | Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) | ||
| 205 | goto err; | ||
| 206 | dd= s->enc_write_ctx; | ||
| 207 | s->write_hash=m; | ||
| 208 | s->write_compression=comp; | ||
| 209 | memset(&(s->s3->write_sequence[0]),0,8); | ||
| 210 | mac_secret= &(s->s3->write_mac_secret[0]); | ||
| 211 | } | ||
| 212 | |||
| 213 | EVP_CIPHER_CTX_init(dd); | ||
| 214 | |||
| 215 | p=s->s3->tmp.key_block; | ||
| 216 | i=EVP_MD_size(m); | ||
| 217 | j=(exp)?5:EVP_CIPHER_key_length(c); | ||
| 218 | k=EVP_CIPHER_iv_length(c); | ||
| 219 | er1= &(s->s3->client_random[0]); | ||
| 220 | er2= &(s->s3->server_random[0]); | ||
| 221 | if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | ||
| 222 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) | ||
| 223 | { | ||
| 224 | ms= &(p[ 0]); n=i+i; | ||
| 225 | key= &(p[ n]); n+=j+j; | ||
| 226 | iv= &(p[ n]); n+=k+k; | ||
| 227 | exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST; | ||
| 228 | exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; | ||
| 229 | client_write=1; | ||
| 230 | } | ||
| 231 | else | ||
| 232 | { | ||
| 233 | n=i; | ||
| 234 | ms= &(p[ n]); n+=i+j; | ||
| 235 | key= &(p[ n]); n+=j+k; | ||
| 236 | iv= &(p[ n]); n+=k; | ||
| 237 | exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST; | ||
| 238 | exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; | ||
| 239 | client_write=0; | ||
| 240 | } | ||
| 241 | |||
| 242 | if (n > s->s3->tmp.key_block_length) | ||
| 243 | { | ||
| 244 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR); | ||
| 245 | goto err2; | ||
| 246 | } | ||
| 247 | |||
| 248 | memcpy(mac_secret,ms,i); | ||
| 249 | #ifdef TLS_DEBUG | ||
| 250 | printf("which = %04X\nmac key=",which); | ||
| 251 | { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); } | ||
| 252 | #endif | ||
| 253 | if (exp) | ||
| 254 | { | ||
| 255 | /* In here I set both the read and write key/iv to the | ||
| 256 | * same value since only the correct one will be used :-). | ||
| 257 | */ | ||
| 258 | p=buf; | ||
| 259 | memcpy(p,exp_label,exp_label_len); | ||
| 260 | p+=exp_label_len; | ||
| 261 | memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); | ||
| 262 | p+=SSL3_RANDOM_SIZE; | ||
| 263 | memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); | ||
| 264 | p+=SSL3_RANDOM_SIZE; | ||
| 265 | tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,key,j, | ||
| 266 | tmp1,tmp2,EVP_CIPHER_key_length(c)); | ||
| 267 | key=tmp1; | ||
| 268 | |||
| 269 | if (k > 0) | ||
| 270 | { | ||
| 271 | p=buf; | ||
| 272 | memcpy(p,TLS_MD_IV_BLOCK_CONST, | ||
| 273 | TLS_MD_IV_BLOCK_CONST_SIZE); | ||
| 274 | p+=TLS_MD_IV_BLOCK_CONST_SIZE; | ||
| 275 | memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); | ||
| 276 | p+=SSL3_RANDOM_SIZE; | ||
| 277 | memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); | ||
| 278 | p+=SSL3_RANDOM_SIZE; | ||
| 279 | tls1_PRF(s->ctx->md5,s->ctx->sha1, | ||
| 280 | buf,p-buf,"",0,iv1,iv2,k*2); | ||
| 281 | if (client_write) | ||
| 282 | iv=iv1; | ||
| 283 | else | ||
| 284 | iv= &(iv1[k]); | ||
| 285 | } | ||
| 286 | } | ||
| 287 | |||
| 288 | s->session->key_arg_length=0; | ||
| 289 | |||
| 290 | EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); | ||
| 291 | #ifdef TLS_DEBUG | ||
| 292 | printf("which = %04X\nkey=",which); | ||
| 293 | { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); } | ||
| 294 | printf("\niv="); | ||
| 295 | { int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); } | ||
| 296 | printf("\n"); | ||
| 297 | #endif | ||
| 298 | |||
| 299 | memset(tmp1,0,sizeof(tmp1)); | ||
| 300 | memset(tmp2,0,sizeof(tmp1)); | ||
| 301 | memset(iv1,0,sizeof(iv1)); | ||
| 302 | memset(iv2,0,sizeof(iv2)); | ||
| 303 | return(1); | ||
| 304 | err: | ||
| 305 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); | ||
| 306 | err2: | ||
| 307 | return(0); | ||
| 308 | } | ||
| 309 | |||
| 310 | int tls1_setup_key_block(s) | ||
| 311 | SSL *s; | ||
| 312 | { | ||
| 313 | unsigned char *p1,*p2; | ||
| 314 | EVP_CIPHER *c; | ||
| 315 | EVP_MD *hash; | ||
| 316 | int num,exp; | ||
| 317 | |||
| 318 | if (s->s3->tmp.key_block_length != 0) | ||
| 319 | return(1); | ||
| 320 | |||
| 321 | if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash)) | ||
| 322 | { | ||
| 323 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); | ||
| 324 | return(0); | ||
| 325 | } | ||
| 326 | |||
| 327 | s->s3->tmp.new_sym_enc=c; | ||
| 328 | s->s3->tmp.new_hash=hash; | ||
| 329 | |||
| 330 | exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0; | ||
| 331 | |||
| 332 | num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); | ||
| 333 | num*=2; | ||
| 334 | |||
| 335 | ssl3_cleanup_key_block(s); | ||
| 336 | |||
| 337 | if ((p1=(unsigned char *)Malloc(num)) == NULL) | ||
| 338 | goto err; | ||
| 339 | if ((p2=(unsigned char *)Malloc(num)) == NULL) | ||
| 340 | goto err; | ||
| 341 | |||
| 342 | s->s3->tmp.key_block_length=num; | ||
| 343 | s->s3->tmp.key_block=p1; | ||
| 344 | |||
| 345 | |||
| 346 | #ifdef TLS_DEBUG | ||
| 347 | printf("client random\n"); | ||
| 348 | { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); } | ||
| 349 | printf("server random\n"); | ||
| 350 | { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); } | ||
| 351 | printf("pre-master\n"); | ||
| 352 | { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } | ||
| 353 | #endif | ||
| 354 | tls1_generate_key_block(s,p1,p2,num); | ||
| 355 | memset(p2,0,num); | ||
| 356 | Free(p2); | ||
| 357 | #ifdef TLS_DEBUG | ||
| 358 | printf("\nkey block\n"); | ||
| 359 | { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } | ||
| 360 | #endif | ||
| 361 | |||
| 362 | return(1); | ||
| 363 | err: | ||
| 364 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); | ||
| 365 | return(0); | ||
| 366 | } | ||
| 367 | |||
| 368 | int tls1_enc(s,send) | ||
| 369 | SSL *s; | ||
| 370 | int send; | ||
| 371 | { | ||
| 372 | SSL3_RECORD *rec; | ||
| 373 | EVP_CIPHER_CTX *ds; | ||
| 374 | unsigned long l; | ||
| 375 | int bs,i,ii,j,k,n=0; | ||
| 376 | EVP_CIPHER *enc; | ||
| 377 | SSL_COMPRESSION *comp; | ||
| 378 | |||
| 379 | if (send) | ||
| 380 | { | ||
| 381 | if (s->write_hash != NULL) | ||
| 382 | n=EVP_MD_size(s->write_hash); | ||
| 383 | ds=s->enc_write_ctx; | ||
| 384 | rec= &(s->s3->wrec); | ||
| 385 | if (s->enc_write_ctx == NULL) | ||
| 386 | { enc=NULL; comp=NULL; } | ||
| 387 | else | ||
| 388 | { | ||
| 389 | enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | ||
| 390 | comp=s->write_compression; | ||
| 391 | } | ||
| 392 | } | ||
| 393 | else | ||
| 394 | { | ||
| 395 | if (s->read_hash != NULL) | ||
| 396 | n=EVP_MD_size(s->read_hash); | ||
| 397 | ds=s->enc_read_ctx; | ||
| 398 | rec= &(s->s3->rrec); | ||
| 399 | if (s->enc_read_ctx == NULL) | ||
| 400 | { enc=NULL; comp=NULL; } | ||
| 401 | else | ||
| 402 | { | ||
| 403 | enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); | ||
| 404 | comp=s->read_compression; | ||
| 405 | } | ||
| 406 | } | ||
| 407 | |||
| 408 | if ((s->session == NULL) || (ds == NULL) || | ||
| 409 | ((enc == NULL) && (comp == NULL))) | ||
| 410 | { | ||
| 411 | memcpy(rec->data,rec->input,rec->length); | ||
| 412 | rec->input=rec->data; | ||
| 413 | } | ||
| 414 | else | ||
| 415 | { | ||
| 416 | l=rec->length; | ||
| 417 | bs=EVP_CIPHER_block_size(ds->cipher); | ||
| 418 | |||
| 419 | if ((bs != 1) && send) | ||
| 420 | { | ||
| 421 | i=bs-((int)l%bs); | ||
| 422 | |||
| 423 | /* Add weird padding of upto 256 bytes */ | ||
| 424 | |||
| 425 | /* we need to add 'i' padding bytes of value j */ | ||
| 426 | j=i-1; | ||
| 427 | if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) | ||
| 428 | { | ||
| 429 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
| 430 | j++; | ||
| 431 | } | ||
| 432 | for (k=(int)l; k<(int)(l+i); k++) | ||
| 433 | rec->input[k]=j; | ||
| 434 | l+=i; | ||
| 435 | rec->length+=i; | ||
| 436 | } | ||
| 437 | |||
| 438 | EVP_Cipher(ds,rec->data,rec->input,l); | ||
| 439 | |||
| 440 | if ((bs != 1) && !send) | ||
| 441 | { | ||
| 442 | ii=i=rec->data[l-1]; | ||
| 443 | i++; | ||
| 444 | if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | ||
| 445 | { | ||
| 446 | /* First packet is even in size, so check */ | ||
| 447 | if ((memcmp(s->s3->read_sequence, | ||
| 448 | "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) | ||
| 449 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; | ||
| 450 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
| 451 | i--; | ||
| 452 | } | ||
| 453 | if (i > (int)rec->length) | ||
| 454 | { | ||
| 455 | SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | ||
| 456 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); | ||
| 457 | return(0); | ||
| 458 | } | ||
| 459 | for (j=(int)(l-i); j<(int)l; j++) | ||
| 460 | { | ||
| 461 | if (rec->data[j] != ii) | ||
| 462 | { | ||
| 463 | SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED); | ||
| 464 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); | ||
| 465 | return(0); | ||
| 466 | } | ||
| 467 | } | ||
| 468 | rec->length-=i; | ||
| 469 | } | ||
| 470 | } | ||
| 471 | return(1); | ||
| 472 | } | ||
| 473 | |||
| 474 | int tls1_cert_verify_mac(s,in_ctx,out) | ||
| 475 | SSL *s; | ||
| 476 | EVP_MD_CTX *in_ctx; | ||
| 477 | unsigned char *out; | ||
| 478 | { | ||
| 479 | unsigned int ret; | ||
| 480 | EVP_MD_CTX ctx; | ||
| 481 | |||
| 482 | memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX)); | ||
| 483 | EVP_DigestFinal(&ctx,out,&ret); | ||
| 484 | return((int)ret); | ||
| 485 | } | ||
| 486 | |||
| 487 | int tls1_final_finish_mac(s,in1_ctx,in2_ctx,str,slen,out) | ||
| 488 | SSL *s; | ||
| 489 | EVP_MD_CTX *in1_ctx,*in2_ctx; | ||
| 490 | unsigned char *str; | ||
| 491 | int slen; | ||
| 492 | unsigned char *out; | ||
| 493 | { | ||
| 494 | unsigned int i; | ||
| 495 | EVP_MD_CTX ctx; | ||
| 496 | unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | ||
| 497 | unsigned char *q,buf2[12]; | ||
| 498 | |||
| 499 | q=buf; | ||
| 500 | memcpy(q,str,slen); | ||
| 501 | q+=slen; | ||
| 502 | |||
| 503 | memcpy(&ctx,in1_ctx,sizeof(EVP_MD_CTX)); | ||
| 504 | EVP_DigestFinal(&ctx,q,&i); | ||
| 505 | q+=i; | ||
| 506 | memcpy(&ctx,in2_ctx,sizeof(EVP_MD_CTX)); | ||
| 507 | EVP_DigestFinal(&ctx,q,&i); | ||
| 508 | q+=i; | ||
| 509 | |||
| 510 | tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,q-buf, | ||
| 511 | s->session->master_key,s->session->master_key_length, | ||
| 512 | out,buf2,12); | ||
| 513 | memset(&ctx,0,sizeof(EVP_MD_CTX)); | ||
| 514 | |||
| 515 | return((int)12); | ||
| 516 | } | ||
| 517 | |||
| 518 | int tls1_mac(ssl,md,send) | ||
| 519 | SSL *ssl; | ||
| 520 | unsigned char *md; | ||
| 521 | int send; | ||
| 522 | { | ||
| 523 | SSL3_RECORD *rec; | ||
| 524 | unsigned char *mac_sec,*seq; | ||
| 525 | EVP_MD *hash; | ||
| 526 | unsigned int md_size; | ||
| 527 | int i; | ||
| 528 | HMAC_CTX hmac; | ||
| 529 | unsigned char buf[5]; | ||
| 530 | |||
| 531 | if (send) | ||
| 532 | { | ||
| 533 | rec= &(ssl->s3->wrec); | ||
| 534 | mac_sec= &(ssl->s3->write_mac_secret[0]); | ||
| 535 | seq= &(ssl->s3->write_sequence[0]); | ||
| 536 | hash=ssl->write_hash; | ||
| 537 | } | ||
| 538 | else | ||
| 539 | { | ||
| 540 | rec= &(ssl->s3->rrec); | ||
| 541 | mac_sec= &(ssl->s3->read_mac_secret[0]); | ||
| 542 | seq= &(ssl->s3->read_sequence[0]); | ||
| 543 | hash=ssl->read_hash; | ||
| 544 | } | ||
| 545 | |||
| 546 | md_size=EVP_MD_size(hash); | ||
| 547 | |||
| 548 | buf[0]=rec->type; | ||
| 549 | buf[1]=TLS1_VERSION_MAJOR; | ||
| 550 | buf[2]=TLS1_VERSION_MINOR; | ||
| 551 | buf[3]=rec->length>>8; | ||
| 552 | buf[4]=rec->length&0xff; | ||
| 553 | |||
| 554 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ | ||
| 555 | HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash); | ||
| 556 | HMAC_Update(&hmac,seq,8); | ||
| 557 | HMAC_Update(&hmac,buf,5); | ||
| 558 | HMAC_Update(&hmac,rec->input,rec->length); | ||
| 559 | HMAC_Final(&hmac,md,&md_size); | ||
| 560 | |||
| 561 | #ifdef TLS_DEBUG | ||
| 562 | printf("sec="); | ||
| 563 | {int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); } | ||
| 564 | printf("seq="); | ||
| 565 | {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); } | ||
| 566 | printf("buf="); | ||
| 567 | {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); } | ||
| 568 | printf("rec="); | ||
| 569 | {int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } | ||
| 570 | #endif | ||
| 571 | |||
| 572 | for (i=7; i>=0; i--) | ||
| 573 | if (++seq[i]) break; | ||
| 574 | |||
| 575 | #ifdef TLS_DEBUG | ||
| 576 | {int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); } | ||
| 577 | #endif | ||
| 578 | return(md_size); | ||
| 579 | } | ||
| 580 | |||
| 581 | int tls1_generate_master_secret(s,out,p,len) | ||
| 582 | SSL *s; | ||
| 583 | unsigned char *out; | ||
| 584 | unsigned char *p; | ||
| 585 | int len; | ||
| 586 | { | ||
| 587 | unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE]; | ||
| 588 | unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; | ||
| 589 | |||
| 590 | /* Setup the stuff to munge */ | ||
| 591 | memcpy(buf,TLS_MD_MASTER_SECRET_CONST, | ||
| 592 | TLS_MD_MASTER_SECRET_CONST_SIZE); | ||
| 593 | memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]), | ||
| 594 | s->s3->client_random,SSL3_RANDOM_SIZE); | ||
| 595 | memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]), | ||
| 596 | s->s3->server_random,SSL3_RANDOM_SIZE); | ||
| 597 | tls1_PRF(s->ctx->md5,s->ctx->sha1, | ||
| 598 | buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, | ||
| 599 | s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE); | ||
| 600 | return(SSL3_MASTER_SECRET_SIZE); | ||
| 601 | } | ||
| 602 | |||
| 603 | int tls1_alert_code(code) | ||
| 604 | int code; | ||
| 605 | { | ||
| 606 | switch (code) | ||
| 607 | { | ||
| 608 | case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY); | ||
| 609 | case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE); | ||
| 610 | case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC); | ||
| 611 | case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED); | ||
| 612 | case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW); | ||
| 613 | case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE); | ||
| 614 | case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE); | ||
| 615 | case SSL_AD_NO_CERTIFICATE: return(-1); | ||
| 616 | case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE); | ||
| 617 | case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE); | ||
| 618 | case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED); | ||
| 619 | case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED); | ||
| 620 | case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN); | ||
| 621 | case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER); | ||
| 622 | case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA); | ||
| 623 | case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED); | ||
| 624 | case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR); | ||
| 625 | case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR); | ||
| 626 | case SSL_AD_EXPORT_RESTRICION: return(TLS1_AD_EXPORT_RESTRICION); | ||
| 627 | case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION); | ||
| 628 | case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY); | ||
| 629 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); | ||
| 630 | case SSL_AD_USER_CANCLED: return(TLS1_AD_USER_CANCLED); | ||
| 631 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); | ||
| 632 | default: return(-1); | ||
| 633 | } | ||
| 634 | } | ||
| 635 | |||