diff options
| author | djm <> | 2008-09-06 12:17:54 +0000 |
|---|---|---|
| committer | djm <> | 2008-09-06 12:17:54 +0000 |
| commit | 38ce604e3cc97706b876b0525ddff0121115456d (patch) | |
| tree | 7ccc28afe1789ea3dbedf72365f955d5b8e105b5 /src/lib/libssl/t1_enc.c | |
| parent | 12867252827c8efaa8ddd1fa3b3d6e321e2bcdef (diff) | |
| download | openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.gz openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.bz2 openbsd-38ce604e3cc97706b876b0525ddff0121115456d.zip | |
resolve conflicts
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 80 |
1 files changed, 62 insertions, 18 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 2c6246abf5..ed5a4a7255 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -115,7 +115,6 @@ | |||
| 115 | #include <openssl/evp.h> | 115 | #include <openssl/evp.h> |
| 116 | #include <openssl/hmac.h> | 116 | #include <openssl/hmac.h> |
| 117 | #include <openssl/md5.h> | 117 | #include <openssl/md5.h> |
| 118 | #include <openssl/fips.h> | ||
| 119 | 118 | ||
| 120 | static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, | 119 | static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, |
| 121 | int sec_len, unsigned char *seed, int seed_len, | 120 | int sec_len, unsigned char *seed, int seed_len, |
| @@ -132,8 +131,6 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, | |||
| 132 | 131 | ||
| 133 | HMAC_CTX_init(&ctx); | 132 | HMAC_CTX_init(&ctx); |
| 134 | HMAC_CTX_init(&ctx_tmp); | 133 | HMAC_CTX_init(&ctx_tmp); |
| 135 | HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 136 | HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 137 | HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); | 134 | HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); |
| 138 | HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); | 135 | HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); |
| 139 | HMAC_Update(&ctx,seed,seed_len); | 136 | HMAC_Update(&ctx,seed,seed_len); |
| @@ -180,6 +177,7 @@ static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, | |||
| 180 | S2= &(sec[len]); | 177 | S2= &(sec[len]); |
| 181 | len+=(slen&1); /* add for odd, make longer */ | 178 | len+=(slen&1); /* add for odd, make longer */ |
| 182 | 179 | ||
| 180 | |||
| 183 | tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); | 181 | tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); |
| 184 | tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); | 182 | tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); |
| 185 | 183 | ||
| @@ -233,7 +231,9 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 233 | int client_write; | 231 | int client_write; |
| 234 | EVP_CIPHER_CTX *dd; | 232 | EVP_CIPHER_CTX *dd; |
| 235 | const EVP_CIPHER *c; | 233 | const EVP_CIPHER *c; |
| 234 | #ifndef OPENSSL_NO_COMP | ||
| 236 | const SSL_COMP *comp; | 235 | const SSL_COMP *comp; |
| 236 | #endif | ||
| 237 | const EVP_MD *m; | 237 | const EVP_MD *m; |
| 238 | int is_export,n,i,j,k,exp_label_len,cl; | 238 | int is_export,n,i,j,k,exp_label_len,cl; |
| 239 | int reuse_dd = 0; | 239 | int reuse_dd = 0; |
| @@ -241,7 +241,9 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 241 | is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); | 241 | is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); |
| 242 | c=s->s3->tmp.new_sym_enc; | 242 | c=s->s3->tmp.new_sym_enc; |
| 243 | m=s->s3->tmp.new_hash; | 243 | m=s->s3->tmp.new_hash; |
| 244 | #ifndef OPENSSL_NO_COMP | ||
| 244 | comp=s->s3->tmp.new_compression; | 245 | comp=s->s3->tmp.new_compression; |
| 246 | #endif | ||
| 245 | key_block=s->s3->tmp.key_block; | 247 | key_block=s->s3->tmp.key_block; |
| 246 | 248 | ||
| 247 | #ifdef KSSL_DEBUG | 249 | #ifdef KSSL_DEBUG |
| @@ -265,8 +267,12 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 265 | reuse_dd = 1; | 267 | reuse_dd = 1; |
| 266 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | 268 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) |
| 267 | goto err; | 269 | goto err; |
| 270 | else | ||
| 271 | /* make sure it's intialized in case we exit later with an error */ | ||
| 272 | EVP_CIPHER_CTX_init(s->enc_read_ctx); | ||
| 268 | dd= s->enc_read_ctx; | 273 | dd= s->enc_read_ctx; |
| 269 | s->read_hash=m; | 274 | s->read_hash=m; |
| 275 | #ifndef OPENSSL_NO_COMP | ||
| 270 | if (s->expand != NULL) | 276 | if (s->expand != NULL) |
| 271 | { | 277 | { |
| 272 | COMP_CTX_free(s->expand); | 278 | COMP_CTX_free(s->expand); |
| @@ -286,7 +292,10 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 286 | if (s->s3->rrec.comp == NULL) | 292 | if (s->s3->rrec.comp == NULL) |
| 287 | goto err; | 293 | goto err; |
| 288 | } | 294 | } |
| 289 | memset(&(s->s3->read_sequence[0]),0,8); | 295 | #endif |
| 296 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | ||
| 297 | if (s->version != DTLS1_VERSION) | ||
| 298 | memset(&(s->s3->read_sequence[0]),0,8); | ||
| 290 | mac_secret= &(s->s3->read_mac_secret[0]); | 299 | mac_secret= &(s->s3->read_mac_secret[0]); |
| 291 | } | 300 | } |
| 292 | else | 301 | else |
| @@ -295,12 +304,12 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 295 | reuse_dd = 1; | 304 | reuse_dd = 1; |
| 296 | else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | 305 | else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) |
| 297 | goto err; | 306 | goto err; |
| 298 | if ((s->enc_write_ctx == NULL) && | 307 | else |
| 299 | ((s->enc_write_ctx=(EVP_CIPHER_CTX *) | 308 | /* make sure it's intialized in case we exit later with an error */ |
| 300 | OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) | 309 | EVP_CIPHER_CTX_init(s->enc_write_ctx); |
| 301 | goto err; | ||
| 302 | dd= s->enc_write_ctx; | 310 | dd= s->enc_write_ctx; |
| 303 | s->write_hash=m; | 311 | s->write_hash=m; |
| 312 | #ifndef OPENSSL_NO_COMP | ||
| 304 | if (s->compress != NULL) | 313 | if (s->compress != NULL) |
| 305 | { | 314 | { |
| 306 | COMP_CTX_free(s->compress); | 315 | COMP_CTX_free(s->compress); |
| @@ -315,13 +324,15 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 315 | goto err2; | 324 | goto err2; |
| 316 | } | 325 | } |
| 317 | } | 326 | } |
| 318 | memset(&(s->s3->write_sequence[0]),0,8); | 327 | #endif |
| 328 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | ||
| 329 | if (s->version != DTLS1_VERSION) | ||
| 330 | memset(&(s->s3->write_sequence[0]),0,8); | ||
| 319 | mac_secret= &(s->s3->write_mac_secret[0]); | 331 | mac_secret= &(s->s3->write_mac_secret[0]); |
| 320 | } | 332 | } |
| 321 | 333 | ||
| 322 | if (reuse_dd) | 334 | if (reuse_dd) |
| 323 | EVP_CIPHER_CTX_cleanup(dd); | 335 | EVP_CIPHER_CTX_cleanup(dd); |
| 324 | EVP_CIPHER_CTX_init(dd); | ||
| 325 | 336 | ||
| 326 | p=s->s3->tmp.key_block; | 337 | p=s->s3->tmp.key_block; |
| 327 | i=EVP_MD_size(m); | 338 | i=EVP_MD_size(m); |
| @@ -503,7 +514,7 @@ printf("\nkey block\n"); | |||
| 503 | #endif | 514 | #endif |
| 504 | } | 515 | } |
| 505 | } | 516 | } |
| 506 | 517 | ||
| 507 | return(1); | 518 | return(1); |
| 508 | err: | 519 | err: |
| 509 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); | 520 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); |
| @@ -618,7 +629,15 @@ int tls1_enc(SSL *s, int send) | |||
| 618 | { | 629 | { |
| 619 | ii=i=rec->data[l-1]; /* padding_length */ | 630 | ii=i=rec->data[l-1]; /* padding_length */ |
| 620 | i++; | 631 | i++; |
| 621 | if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | 632 | /* NB: if compression is in operation the first packet |
| 633 | * may not be of even length so the padding bug check | ||
| 634 | * cannot be performed. This bug workaround has been | ||
| 635 | * around since SSLeay so hopefully it is either fixed | ||
| 636 | * now or no buggy implementation supports compression | ||
| 637 | * [steve] | ||
| 638 | */ | ||
| 639 | if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | ||
| 640 | && !s->expand) | ||
| 622 | { | 641 | { |
| 623 | /* First packet is even in size, so check */ | 642 | /* First packet is even in size, so check */ |
| 624 | if ((memcmp(s->s3->read_sequence, | 643 | if ((memcmp(s->s3->read_sequence, |
| @@ -719,15 +738,35 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 719 | md_size=EVP_MD_size(hash); | 738 | md_size=EVP_MD_size(hash); |
| 720 | 739 | ||
| 721 | buf[0]=rec->type; | 740 | buf[0]=rec->type; |
| 722 | buf[1]=TLS1_VERSION_MAJOR; | 741 | if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER) |
| 723 | buf[2]=TLS1_VERSION_MINOR; | 742 | { |
| 743 | buf[1]=TLS1_VERSION_MAJOR; | ||
| 744 | buf[2]=TLS1_VERSION_MINOR; | ||
| 745 | } | ||
| 746 | else { | ||
| 747 | buf[1]=(unsigned char)(ssl->version>>8); | ||
| 748 | buf[2]=(unsigned char)(ssl->version); | ||
| 749 | } | ||
| 750 | |||
| 724 | buf[3]=rec->length>>8; | 751 | buf[3]=rec->length>>8; |
| 725 | buf[4]=rec->length&0xff; | 752 | buf[4]=rec->length&0xff; |
| 726 | 753 | ||
| 727 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ | 754 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ |
| 728 | HMAC_CTX_init(&hmac); | 755 | HMAC_CTX_init(&hmac); |
| 729 | HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); | 756 | HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); |
| 730 | HMAC_Update(&hmac,seq,8); | 757 | |
| 758 | if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER) | ||
| 759 | { | ||
| 760 | unsigned char dtlsseq[8],*p=dtlsseq; | ||
| 761 | |||
| 762 | s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); | ||
| 763 | memcpy (p,&seq[2],6); | ||
| 764 | |||
| 765 | HMAC_Update(&hmac,dtlsseq,8); | ||
| 766 | } | ||
| 767 | else | ||
| 768 | HMAC_Update(&hmac,seq,8); | ||
| 769 | |||
| 731 | HMAC_Update(&hmac,buf,5); | 770 | HMAC_Update(&hmac,buf,5); |
| 732 | HMAC_Update(&hmac,rec->input,rec->length); | 771 | HMAC_Update(&hmac,rec->input,rec->length); |
| 733 | HMAC_Final(&hmac,md,&md_size); | 772 | HMAC_Final(&hmac,md,&md_size); |
| @@ -744,10 +783,13 @@ printf("rec="); | |||
| 744 | {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } | 783 | {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } |
| 745 | #endif | 784 | #endif |
| 746 | 785 | ||
| 747 | for (i=7; i>=0; i--) | 786 | if ( SSL_version(ssl) != DTLS1_VERSION) |
| 748 | { | 787 | { |
| 749 | ++seq[i]; | 788 | for (i=7; i>=0; i--) |
| 750 | if (seq[i] != 0) break; | 789 | { |
| 790 | ++seq[i]; | ||
| 791 | if (seq[i] != 0) break; | ||
| 792 | } | ||
| 751 | } | 793 | } |
| 752 | 794 | ||
| 753 | #ifdef TLS_DEBUG | 795 | #ifdef TLS_DEBUG |
| @@ -810,6 +852,8 @@ int tls1_alert_code(int code) | |||
| 810 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); | 852 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); |
| 811 | case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); | 853 | case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); |
| 812 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); | 854 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); |
| 855 | case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return | ||
| 856 | (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); | ||
| 813 | default: return(-1); | 857 | default: return(-1); |
| 814 | } | 858 | } |
| 815 | } | 859 | } |