diff options
| author | djm <> | 2009-01-09 12:14:11 +0000 |
|---|---|---|
| committer | djm <> | 2009-01-09 12:14:11 +0000 |
| commit | a0fdc9ec41594852f67ec77dfad9cb06bacc4186 (patch) | |
| tree | c43f6b3a4d93ad2cb3dcf93275295679d895a033 /src/lib/libssl/t1_enc.c | |
| parent | 5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (diff) | |
| download | openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.gz openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.bz2 openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.zip | |
import openssl-0.9.8j
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 42 |
1 files changed, 27 insertions, 15 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index ed5a4a7255..7cb3e29a41 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -111,10 +111,15 @@ | |||
| 111 | 111 | ||
| 112 | #include <stdio.h> | 112 | #include <stdio.h> |
| 113 | #include "ssl_locl.h" | 113 | #include "ssl_locl.h" |
| 114 | #ifndef OPENSSL_NO_COMP | ||
| 114 | #include <openssl/comp.h> | 115 | #include <openssl/comp.h> |
| 116 | #endif | ||
| 115 | #include <openssl/evp.h> | 117 | #include <openssl/evp.h> |
| 116 | #include <openssl/hmac.h> | 118 | #include <openssl/hmac.h> |
| 117 | #include <openssl/md5.h> | 119 | #include <openssl/md5.h> |
| 120 | #ifdef KSSL_DEBUG | ||
| 121 | #include <openssl/des.h> | ||
| 122 | #endif | ||
| 118 | 123 | ||
| 119 | static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, | 124 | static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, |
| 120 | int sec_len, unsigned char *seed, int seed_len, | 125 | int sec_len, unsigned char *seed, int seed_len, |
| @@ -131,6 +136,8 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, | |||
| 131 | 136 | ||
| 132 | HMAC_CTX_init(&ctx); | 137 | HMAC_CTX_init(&ctx); |
| 133 | HMAC_CTX_init(&ctx_tmp); | 138 | HMAC_CTX_init(&ctx_tmp); |
| 139 | HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 140 | HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 134 | HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); | 141 | HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); |
| 135 | HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); | 142 | HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); |
| 136 | HMAC_Update(&ctx,seed,seed_len); | 143 | HMAC_Update(&ctx,seed,seed_len); |
| @@ -249,15 +256,15 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 249 | #ifdef KSSL_DEBUG | 256 | #ifdef KSSL_DEBUG |
| 250 | printf("tls1_change_cipher_state(which= %d) w/\n", which); | 257 | printf("tls1_change_cipher_state(which= %d) w/\n", which); |
| 251 | printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, | 258 | printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, |
| 252 | comp); | 259 | (void *)comp); |
| 253 | printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); | 260 | printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c); |
| 254 | printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", | 261 | printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", |
| 255 | c->nid,c->block_size,c->key_len,c->iv_len); | 262 | c->nid,c->block_size,c->key_len,c->iv_len); |
| 256 | printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); | 263 | printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); |
| 257 | { | 264 | { |
| 258 | int i; | 265 | int ki; |
| 259 | for (i=0; i<s->s3->tmp.key_block_length; i++) | 266 | for (ki=0; ki<s->s3->tmp.key_block_length; ki++) |
| 260 | printf("%02x", key_block[i]); printf("\n"); | 267 | printf("%02x", key_block[ki]); printf("\n"); |
| 261 | } | 268 | } |
| 262 | #endif /* KSSL_DEBUG */ | 269 | #endif /* KSSL_DEBUG */ |
| 263 | 270 | ||
| @@ -413,11 +420,13 @@ printf("which = %04X\nmac key=",which); | |||
| 413 | s->session->key_arg_length=0; | 420 | s->session->key_arg_length=0; |
| 414 | #ifdef KSSL_DEBUG | 421 | #ifdef KSSL_DEBUG |
| 415 | { | 422 | { |
| 416 | int i; | 423 | int ki; |
| 417 | printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); | 424 | printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); |
| 418 | printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]); | 425 | printf("\tkey= "); |
| 426 | for (ki=0; ki<c->key_len; ki++) printf("%02x", key[ki]); | ||
| 419 | printf("\n"); | 427 | printf("\n"); |
| 420 | printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]); | 428 | printf("\t iv= "); |
| 429 | for (ki=0; ki<c->iv_len; ki++) printf("%02x", iv[ki]); | ||
| 421 | printf("\n"); | 430 | printf("\n"); |
| 422 | } | 431 | } |
| 423 | #endif /* KSSL_DEBUG */ | 432 | #endif /* KSSL_DEBUG */ |
| @@ -590,10 +599,11 @@ int tls1_enc(SSL *s, int send) | |||
| 590 | { | 599 | { |
| 591 | unsigned long ui; | 600 | unsigned long ui; |
| 592 | printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", | 601 | printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", |
| 593 | ds,rec->data,rec->input,l); | 602 | (void *)ds,rec->data,rec->input,l); |
| 594 | printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", | 603 | printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n", |
| 595 | ds->buf_len, ds->cipher->key_len, | 604 | ds->buf_len, ds->cipher->key_len, |
| 596 | DES_KEY_SZ, DES_SCHEDULE_SZ, | 605 | (unsigned long)DES_KEY_SZ, |
| 606 | (unsigned long)DES_SCHEDULE_SZ, | ||
| 597 | ds->cipher->iv_len); | 607 | ds->cipher->iv_len); |
| 598 | printf("\t\tIV: "); | 608 | printf("\t\tIV: "); |
| 599 | for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); | 609 | for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); |
| @@ -618,10 +628,10 @@ int tls1_enc(SSL *s, int send) | |||
| 618 | 628 | ||
| 619 | #ifdef KSSL_DEBUG | 629 | #ifdef KSSL_DEBUG |
| 620 | { | 630 | { |
| 621 | unsigned long i; | 631 | unsigned long ki; |
| 622 | printf("\trec->data="); | 632 | printf("\trec->data="); |
| 623 | for (i=0; i<l; i++) | 633 | for (ki=0; ki<l; i++) |
| 624 | printf(" %02x", rec->data[i]); printf("\n"); | 634 | printf(" %02x", rec->data[ki]); printf("\n"); |
| 625 | } | 635 | } |
| 626 | #endif /* KSSL_DEBUG */ | 636 | #endif /* KSSL_DEBUG */ |
| 627 | 637 | ||
| @@ -805,7 +815,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, | |||
| 805 | unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; | 815 | unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; |
| 806 | 816 | ||
| 807 | #ifdef KSSL_DEBUG | 817 | #ifdef KSSL_DEBUG |
| 808 | printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len); | 818 | printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", (void *)s,out, p,len); |
| 809 | #endif /* KSSL_DEBUG */ | 819 | #endif /* KSSL_DEBUG */ |
| 810 | 820 | ||
| 811 | /* Setup the stuff to munge */ | 821 | /* Setup the stuff to munge */ |
| @@ -852,8 +862,10 @@ int tls1_alert_code(int code) | |||
| 852 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); | 862 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); |
| 853 | case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); | 863 | case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); |
| 854 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); | 864 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); |
| 865 | #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | ||
| 855 | case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return | 866 | case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return |
| 856 | (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); | 867 | (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); |
| 868 | #endif | ||
| 857 | default: return(-1); | 869 | default: return(-1); |
| 858 | } | 870 | } |
| 859 | } | 871 | } |