1 files changed, 0 insertions, 648 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
deleted file mode 100644
index a0758e9261..0000000000
--- a/src/lib/libssl/t1_enc.c
+++ /dev/null
@@ -1,648 +0,0 @@
-/* ssl/t1_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <openssl/comp.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include "ssl_locl.h"
-static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
-                        int sec_len, unsigned char *seed, int seed_len,
-                        unsigned char *out, int olen)
-        {
-        int chunk,n;
-        unsigned int j;
-        HMAC_CTX ctx;
-        HMAC_CTX ctx_tmp;
-        unsigned char A1[HMAC_MAX_MD_CBLOCK];
-        unsigned int A1_len;
-        
-        chunk=EVP_MD_size(md);
-        HMAC_Init(&ctx,sec,sec_len,md);
-        HMAC_Update(&ctx,seed,seed_len);
-        HMAC_Final(&ctx,A1,&A1_len);
-        n=0;
-        for (;;)
-                {
-                HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
-                HMAC_Update(&ctx,A1,A1_len);
-                memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */
-                HMAC_Update(&ctx,seed,seed_len);
-                if (olen > chunk)
-                        {
-                        HMAC_Final(&ctx,out,&j);
-                        out+=j;
-                        olen-=j;
-                        HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
-                        }
-                else    /* last one */
-                        {
-                        HMAC_Final(&ctx,A1,&A1_len);
-                        memcpy(out,A1,olen);
-                        break;
-                        }
-                }
-        HMAC_cleanup(&ctx);
-        HMAC_cleanup(&ctx_tmp);
-        memset(A1,0,sizeof(A1));
-        }
-static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
-                     unsigned char *label, int label_len,
-                     const unsigned char *sec, int slen, unsigned char *out1,
-                     unsigned char *out2, int olen)
-        {
-        int len,i;
-        const unsigned char *S1,*S2;
-        len=slen/2;
-        S1=sec;
-        S2= &(sec[len]);
-        len+=(slen&1); /* add for odd, make longer */
-        
-        tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
-        tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
-        for (i=0; i<olen; i++)
-                out1[i]^=out2[i];
-        }
-static void tls1_generate_key_block(SSL *s, unsigned char *km,
-             unsigned char *tmp, int num)
-        {
-        unsigned char *p;
-        unsigned char buf[SSL3_RANDOM_SIZE*2+
-                TLS_MD_MAX_CONST_SIZE];
-        p=buf;
-        memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
-                TLS_MD_KEY_EXPANSION_CONST_SIZE);
-        p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
-        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
-        p+=SSL3_RANDOM_SIZE;
-        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-        p+=SSL3_RANDOM_SIZE;
-        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
-                 s->session->master_key,s->session->master_key_length,
-                 km,tmp,num);
-        }
-int tls1_change_cipher_state(SSL *s, int which)
-        {
-        static const unsigned char empty[]="";
-        unsigned char *p,*key_block,*mac_secret;
-        unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
-                SSL3_RANDOM_SIZE*2];
-        unsigned char tmp1[EVP_MAX_KEY_LENGTH];
-        unsigned char tmp2[EVP_MAX_KEY_LENGTH];
-        unsigned char iv1[EVP_MAX_IV_LENGTH*2];
-        unsigned char iv2[EVP_MAX_IV_LENGTH*2];
-        unsigned char *ms,*key,*iv,*er1,*er2;
-        int client_write;
-        EVP_CIPHER_CTX *dd;
-        const EVP_CIPHER *c;
-        const SSL_COMP *comp;
-        const EVP_MD *m;
-        int _exp,n,i,j,k,exp_label_len,cl;
-        _exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
-        c=s->s3->tmp.new_sym_enc;
-        m=s->s3->tmp.new_hash;
-        comp=s->s3->tmp.new_compression;
-        key_block=s->s3->tmp.key_block;
-        if (which & SSL3_CC_READ)
-                {
-                if ((s->enc_read_ctx == NULL) &&
-                        ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-                        OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
-                        goto err;
-                dd= s->enc_read_ctx;
-                s->read_hash=m;
-                if (s->expand != NULL)
-                        {
-                        COMP_CTX_free(s->expand);
-                        s->expand=NULL;
-                        }
-                if (comp != NULL)
-                        {
-                        s->expand=COMP_CTX_new(comp->method);
-                        if (s->expand == NULL)
-                                {
-                                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
-                                goto err2;
-                                }
-                        if (s->s3->rrec.comp == NULL)
-                                s->s3->rrec.comp=(unsigned char *)
-                                        OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
-                        if (s->s3->rrec.comp == NULL)
-                                goto err;
-                        }
-                memset(&(s->s3->read_sequence[0]),0,8);
-                mac_secret= &(s->s3->read_mac_secret[0]);
-                }
-        else
-                {
-                if ((s->enc_write_ctx == NULL) &&
-                        ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-                        OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
-                        goto err;
-                dd= s->enc_write_ctx;
-                s->write_hash=m;
-                if (s->compress != NULL)
-                        {
-                        COMP_CTX_free(s->compress);
-                        s->compress=NULL;
-                        }
-                if (comp != NULL)
-                        {
-                        s->compress=COMP_CTX_new(comp->method);
-                        if (s->compress == NULL)
-                                {
-                                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
-                                goto err2;
-                                }
-                        }
-                memset(&(s->s3->write_sequence[0]),0,8);
-                mac_secret= &(s->s3->write_mac_secret[0]);
-                }
-        EVP_CIPHER_CTX_init(dd);
-        p=s->s3->tmp.key_block;
-        i=EVP_MD_size(m);
-        cl=EVP_CIPHER_key_length(c);
-        j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
-                  cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
-        /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
-        k=EVP_CIPHER_iv_length(c);
-        er1= &(s->s3->client_random[0]);
-        er2= &(s->s3->server_random[0]);
-        if (    (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
-                (which == SSL3_CHANGE_CIPHER_SERVER_READ))
-                {
-                ms=  &(p[ 0]); n=i+i;
-                key= &(p[ n]); n+=j+j;
-                iv=  &(p[ n]); n+=k+k;
-                exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
-                exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
-                client_write=1;
-                }
-        else
-                {
-                n=i;
-                ms=  &(p[ n]); n+=i+j;
-                key= &(p[ n]); n+=j+k;
-                iv=  &(p[ n]); n+=k;
-                exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
-                exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
-                client_write=0;
-                }
-        if (n > s->s3->tmp.key_block_length)
-                {
-                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
-                goto err2;
-                }
-        memcpy(mac_secret,ms,i);
-#ifdef TLS_DEBUG
-printf("which = %04X\nmac key=",which);
-{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
-#endif
-        if (_exp)
-                {
-                /* In here I set both the read and write key/iv to the
-                 * same value since only the correct one will be used :-).
-                 */
-                p=buf;
-                memcpy(p,exp_label,exp_label_len);
-                p+=exp_label_len;
-                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-                p+=SSL3_RANDOM_SIZE;
-                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
-                p+=SSL3_RANDOM_SIZE;
-                tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
-                         tmp1,tmp2,EVP_CIPHER_key_length(c));
-                key=tmp1;
-                if (k > 0)
-                        {
-                        p=buf;
-                        memcpy(p,TLS_MD_IV_BLOCK_CONST,
-                                TLS_MD_IV_BLOCK_CONST_SIZE);
-                        p+=TLS_MD_IV_BLOCK_CONST_SIZE;
-                        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-                        p+=SSL3_RANDOM_SIZE;
-                        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
-                        p+=SSL3_RANDOM_SIZE;
-                        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
-                                 iv1,iv2,k*2);
-                        if (client_write)
-                                iv=iv1;
-                        else
-                                iv= &(iv1[k]);
-                        }
-                }
-        s->session->key_arg_length=0;
-        EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
-#ifdef TLS_DEBUG
-printf("which = %04X\nkey=",which);
-{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
-printf("\niv=");
-{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-        memset(tmp1,0,sizeof(tmp1));
-        memset(tmp2,0,sizeof(tmp1));
-        memset(iv1,0,sizeof(iv1));
-        memset(iv2,0,sizeof(iv2));
-        return(1);
-err:
-        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
-err2:
-        return(0);
-        }
-int tls1_setup_key_block(SSL *s)
-        {
-        unsigned char *p1,*p2;
-        const EVP_CIPHER *c;
-        const EVP_MD *hash;
-        int num;
-        SSL_COMP *comp;
-        if (s->s3->tmp.key_block_length != 0)
-                return(1);
-        if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
-                {
-                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
-                return(0);
-                }
-        s->s3->tmp.new_sym_enc=c;
-        s->s3->tmp.new_hash=hash;
-        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
-        num*=2;
-        ssl3_cleanup_key_block(s);
-        if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                goto err;
-        if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                goto err;
-        s->s3->tmp.key_block_length=num;
-        s->s3->tmp.key_block=p1;
-#ifdef TLS_DEBUG
-printf("client random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
-printf("server random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
-printf("pre-master\n");
-{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
-#endif
-        tls1_generate_key_block(s,p1,p2,num);
-        memset(p2,0,num);
-        OPENSSL_free(p2);
-#ifdef TLS_DEBUG
-printf("\nkey block\n");
-{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
-#endif
-        return(1);
-err:
-        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
-        return(0);
-        }
-int tls1_enc(SSL *s, int send)
-        {
-        SSL3_RECORD *rec;
-        EVP_CIPHER_CTX *ds;
-        unsigned long l;
-        int bs,i,ii,j,k,n=0;
-        const EVP_CIPHER *enc;
-        if (send)
-                {
-                if (s->write_hash != NULL)
-                        n=EVP_MD_size(s->write_hash);
-                ds=s->enc_write_ctx;
-                rec= &(s->s3->wrec);
-                if (s->enc_write_ctx == NULL)
-                        enc=NULL;
-                else
-                        enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-                }
-        else
-                {
-                if (s->read_hash != NULL)
-                        n=EVP_MD_size(s->read_hash);
-                ds=s->enc_read_ctx;
-                rec= &(s->s3->rrec);
-                if (s->enc_read_ctx == NULL)
-                        enc=NULL;
-                else
-                        enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-                }
-        if ((s->session == NULL) || (ds == NULL) ||
-                (enc == NULL))
-                {
-                memmove(rec->data,rec->input,rec->length);
-                rec->input=rec->data;
-                }
-        else
-                {
-                l=rec->length;
-                bs=EVP_CIPHER_block_size(ds->cipher);
-                if ((bs != 1) && send)
-                        {
-                        i=bs-((int)l%bs);
-                        /* Add weird padding of upto 256 bytes */
-                        /* we need to add 'i' padding bytes of value j */
-                        j=i-1;
-                        if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
-                                {
-                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
-                                        j++;
-                                }
-                        for (k=(int)l; k<(int)(l+i); k++)
-                                rec->input[k]=j;
-                        l+=i;
-                        rec->length+=i;
-                        }
-                if (!send)
-                        {
-                        if (l == 0 || l%bs != 0)
-                                {
-                                SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
-                                return(0);
-                                }
-                        }
-                
-                EVP_Cipher(ds,rec->data,rec->input,l);
-                if ((bs != 1) && !send)
-                        {
-                        ii=i=rec->data[l-1]; /* padding_length */
-                        i++;
-                        if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
-                                {
-                                /* First packet is even in size, so check */
-                                if ((memcmp(s->s3->read_sequence,
-                                        "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
-                                        s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
-                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
-                                        i--;
-                                }
-                        /* TLS 1.0 does not bound the number of padding bytes by the block size.
-                         * All of them must have value 'padding_length'. */
-                        if (i > (int)rec->length)
-                                {
-                                SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-                                return(0);
-                                }
-                        for (j=(int)(l-i); j<(int)l; j++)
-                                {
-                                if (rec->data[j] != ii)
-                                        {
-                                        SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
-                                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-                                        return(0);
-                                        }
-                                }
-                        rec->length-=i;
-                        }
-                }
-        return(1);
-        }
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
-        {
-        unsigned int ret;
-        EVP_MD_CTX ctx;
-        EVP_MD_CTX_copy(&ctx,in_ctx);
-        EVP_DigestFinal(&ctx,out,&ret);
-        return((int)ret);
-        }
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
-             const char *str, int slen, unsigned char *out)
-        {
-        unsigned int i;
-        EVP_MD_CTX ctx;
-        unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
-        unsigned char *q,buf2[12];
-        q=buf;
-        memcpy(q,str,slen);
-        q+=slen;
-        EVP_MD_CTX_copy(&ctx,in1_ctx);
-        EVP_DigestFinal(&ctx,q,&i);
-        q+=i;
-        EVP_MD_CTX_copy(&ctx,in2_ctx);
-        EVP_DigestFinal(&ctx,q,&i);
-        q+=i;
-        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
-                s->session->master_key,s->session->master_key_length,
-                out,buf2,12);
-        memset(&ctx,0,sizeof(EVP_MD_CTX));
-        return((int)12);
-        }
-int tls1_mac(SSL *ssl, unsigned char *md, int send)
-        {
-        SSL3_RECORD *rec;
-        unsigned char *mac_sec,*seq;
-        const EVP_MD *hash;
-        unsigned int md_size;
-        int i;
-        HMAC_CTX hmac;
-        unsigned char buf[5]; 
-        if (send)
-                {
-                rec= &(ssl->s3->wrec);
-                mac_sec= &(ssl->s3->write_mac_secret[0]);
-                seq= &(ssl->s3->write_sequence[0]);
-                hash=ssl->write_hash;
-                }
-        else
-                {
-                rec= &(ssl->s3->rrec);
-                mac_sec= &(ssl->s3->read_mac_secret[0]);
-                seq= &(ssl->s3->read_sequence[0]);
-                hash=ssl->read_hash;
-                }
-        md_size=EVP_MD_size(hash);
-        buf[0]=rec->type;
-        buf[1]=TLS1_VERSION_MAJOR;
-        buf[2]=TLS1_VERSION_MINOR;
-        buf[3]=rec->length>>8;
-        buf[4]=rec->length&0xff;
-        /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
-        HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
-        HMAC_Update(&hmac,seq,8);
-        HMAC_Update(&hmac,buf,5);
-        HMAC_Update(&hmac,rec->input,rec->length);
-        HMAC_Final(&hmac,md,&md_size);
-#ifdef TLS_DEBUG
-printf("sec=");
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
-printf("seq=");
-{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
-printf("buf=");
-{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
-printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
-#endif
-        for (i=7; i>=0; i--)
-                {
-                ++seq[i];
-                if (seq[i] != 0) break; 
-                }
-#ifdef TLS_DEBUG
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
-#endif
-        return(md_size);
-        }
-int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
-             int len)
-        {
-        unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
-        unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
-        /* Setup the stuff to munge */
-        memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
-                TLS_MD_MASTER_SECRET_CONST_SIZE);
-        memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
-                s->s3->client_random,SSL3_RANDOM_SIZE);
-        memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
-                s->s3->server_random,SSL3_RANDOM_SIZE);
-        tls1_PRF(s->ctx->md5,s->ctx->sha1,
-                buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
-                s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
-        return(SSL3_MASTER_SECRET_SIZE);
-        }
-int tls1_alert_code(int code)
-        {
-        switch (code)
-                {
-        case SSL_AD_CLOSE_NOTIFY:       return(SSL3_AD_CLOSE_NOTIFY);
-        case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
-        case SSL_AD_BAD_RECORD_MAC:     return(SSL3_AD_BAD_RECORD_MAC);
-        case SSL_AD_DECRYPTION_FAILED:  return(TLS1_AD_DECRYPTION_FAILED);
-        case SSL_AD_RECORD_OVERFLOW:    return(TLS1_AD_RECORD_OVERFLOW);
-        case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
-        case SSL_AD_HANDSHAKE_FAILURE:  return(SSL3_AD_HANDSHAKE_FAILURE);
-        case SSL_AD_NO_CERTIFICATE:     return(-1);
-        case SSL_AD_BAD_CERTIFICATE:    return(SSL3_AD_BAD_CERTIFICATE);
-        case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
-        case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
-        case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
-        case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
-        case SSL_AD_ILLEGAL_PARAMETER:  return(SSL3_AD_ILLEGAL_PARAMETER);
-        case SSL_AD_UNKNOWN_CA:         return(TLS1_AD_UNKNOWN_CA);
-        case SSL_AD_ACCESS_DENIED:      return(TLS1_AD_ACCESS_DENIED);
-        case SSL_AD_DECODE_ERROR:       return(TLS1_AD_DECODE_ERROR);
-        case SSL_AD_DECRYPT_ERROR:      return(TLS1_AD_DECRYPT_ERROR);
-        case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
-        case SSL_AD_PROTOCOL_VERSION:   return(TLS1_AD_PROTOCOL_VERSION);
-        case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
-        case SSL_AD_INTERNAL_ERROR:     return(TLS1_AD_INTERNAL_ERROR);
-        case SSL_AD_USER_CANCELLED:     return(TLS1_AD_USER_CANCELLED);
-        case SSL_AD_NO_RENEGOTIATION:   return(TLS1_AD_NO_RENEGOTIATION);
-        default:                        return(-1);
-                }
-        }

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c deleted file mode 100644 index a0758e9261..0000000000 --- a/src/lib/libssl/t1_enc.c +++ /dev/null
@@ -1,648 +0,0 @@
1	/* ssl/t1_enc.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60	#include <openssl/comp.h>
61	#include <openssl/md5.h>
62	#include <openssl/sha.h>
63	#include <openssl/evp.h>
64	#include <openssl/hmac.h>
65	#include "ssl_locl.h"
66
67	static void tls1_P_hash(const EVP_MD md, const unsigned char sec,
68	int sec_len, unsigned char *seed, int seed_len,
69	unsigned char *out, int olen)
70	{
71	int chunk,n;
72	unsigned int j;
73	HMAC_CTX ctx;
74	HMAC_CTX ctx_tmp;
75	unsigned char A1[HMAC_MAX_MD_CBLOCK];
76	unsigned int A1_len;
77
78	chunk=EVP_MD_size(md);
79
80	HMAC_Init(&ctx,sec,sec_len,md);
81	HMAC_Update(&ctx,seed,seed_len);
82	HMAC_Final(&ctx,A1,&A1_len);
83
84	n=0;
85	for (;;)
86	{
87	HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
88	HMAC_Update(&ctx,A1,A1_len);
89	memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 / / not needed for last one */
90	HMAC_Update(&ctx,seed,seed_len);
91
92	if (olen > chunk)
93	{
94	HMAC_Final(&ctx,out,&j);
95	out+=j;
96	olen-=j;
97	HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
98	}
99	else /* last one */
100	{
101	HMAC_Final(&ctx,A1,&A1_len);
102	memcpy(out,A1,olen);
103	break;
104	}
105	}
106	HMAC_cleanup(&ctx);
107	HMAC_cleanup(&ctx_tmp);
108	memset(A1,0,sizeof(A1));
109	}
110
111	static void tls1_PRF(const EVP_MD md5, const EVP_MD sha1,
112	unsigned char *label, int label_len,
113	const unsigned char sec, int slen, unsigned char out1,
114	unsigned char *out2, int olen)
115	{
116	int len,i;
117	const unsigned char S1,S2;
118
119	len=slen/2;
120	S1=sec;
121	S2= &(sec[len]);
122	len+=(slen&1); /* add for odd, make longer */
123
124
125	tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
126	tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
127
128	for (i=0; i<olen; i++)
129	out1[i]^=out2[i];
130	}
131
132	static void tls1_generate_key_block(SSL s, unsigned char km,
133	unsigned char *tmp, int num)
134	{
135	unsigned char *p;
136	unsigned char buf[SSL3_RANDOM_SIZE*2+
137	TLS_MD_MAX_CONST_SIZE];
138	p=buf;
139
140	memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
141	TLS_MD_KEY_EXPANSION_CONST_SIZE);
142	p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
143	memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
144	p+=SSL3_RANDOM_SIZE;
145	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
146	p+=SSL3_RANDOM_SIZE;
147
148	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
149	s->session->master_key,s->session->master_key_length,
150	km,tmp,num);
151	}
152
153	int tls1_change_cipher_state(SSL *s, int which)
154	{
155	static const unsigned char empty[]="";
156	unsigned char p,key_block,*mac_secret;
157	unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
158	SSL3_RANDOM_SIZE*2];
159	unsigned char tmp1[EVP_MAX_KEY_LENGTH];
160	unsigned char tmp2[EVP_MAX_KEY_LENGTH];
161	unsigned char iv1[EVP_MAX_IV_LENGTH*2];
162	unsigned char iv2[EVP_MAX_IV_LENGTH*2];
163	unsigned char ms,key,iv,er1,*er2;
164	int client_write;
165	EVP_CIPHER_CTX *dd;
166	const EVP_CIPHER *c;
167	const SSL_COMP *comp;
168	const EVP_MD *m;
169	int _exp,n,i,j,k,exp_label_len,cl;
170
171	_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
172	c=s->s3->tmp.new_sym_enc;
173	m=s->s3->tmp.new_hash;
174	comp=s->s3->tmp.new_compression;
175	key_block=s->s3->tmp.key_block;
176
177	if (which & SSL3_CC_READ)
178	{
179	if ((s->enc_read_ctx == NULL) &&
180	((s->enc_read_ctx=(EVP_CIPHER_CTX *)
181	OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
182	goto err;
183	dd= s->enc_read_ctx;
184	s->read_hash=m;
185	if (s->expand != NULL)
186	{
187	COMP_CTX_free(s->expand);
188	s->expand=NULL;
189	}
190	if (comp != NULL)
191	{
192	s->expand=COMP_CTX_new(comp->method);
193	if (s->expand == NULL)
194	{
195	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
196	goto err2;
197	}
198	if (s->s3->rrec.comp == NULL)
199	s->s3->rrec.comp=(unsigned char *)
200	OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
201	if (s->s3->rrec.comp == NULL)
202	goto err;
203	}
204	memset(&(s->s3->read_sequence[0]),0,8);
205	mac_secret= &(s->s3->read_mac_secret[0]);
206	}
207	else
208	{
209	if ((s->enc_write_ctx == NULL) &&
210	((s->enc_write_ctx=(EVP_CIPHER_CTX *)
211	OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
212	goto err;
213	dd= s->enc_write_ctx;
214	s->write_hash=m;
215	if (s->compress != NULL)
216	{
217	COMP_CTX_free(s->compress);
218	s->compress=NULL;
219	}
220	if (comp != NULL)
221	{
222	s->compress=COMP_CTX_new(comp->method);
223	if (s->compress == NULL)
224	{
225	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
226	goto err2;
227	}
228	}
229	memset(&(s->s3->write_sequence[0]),0,8);
230	mac_secret= &(s->s3->write_mac_secret[0]);
231	}
232
233	EVP_CIPHER_CTX_init(dd);
234
235	p=s->s3->tmp.key_block;
236	i=EVP_MD_size(m);
237	cl=EVP_CIPHER_key_length(c);
238	j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
239	cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
240	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
241	k=EVP_CIPHER_iv_length(c);
242	er1= &(s->s3->client_random[0]);
243	er2= &(s->s3->server_random[0]);
244	if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) \|\|
245	(which == SSL3_CHANGE_CIPHER_SERVER_READ))
246	{
247	ms= &(p[ 0]); n=i+i;
248	key= &(p[ n]); n+=j+j;
249	iv= &(p[ n]); n+=k+k;
250	exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
251	exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
252	client_write=1;
253	}
254	else
255	{
256	n=i;
257	ms= &(p[ n]); n+=i+j;
258	key= &(p[ n]); n+=j+k;
259	iv= &(p[ n]); n+=k;
260	exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
261	exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
262	client_write=0;
263	}
264
265	if (n > s->s3->tmp.key_block_length)
266	{
267	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
268	goto err2;
269	}
270
271	memcpy(mac_secret,ms,i);
272	#ifdef TLS_DEBUG
273	printf("which = %04X\nmac key=",which);
274	{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
275	#endif
276	if (_exp)
277	{
278	/* In here I set both the read and write key/iv to the
279	* same value since only the correct one will be used :-).
280	*/
281	p=buf;
282	memcpy(p,exp_label,exp_label_len);
283	p+=exp_label_len;
284	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
285	p+=SSL3_RANDOM_SIZE;
286	memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
287	p+=SSL3_RANDOM_SIZE;
288	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
289	tmp1,tmp2,EVP_CIPHER_key_length(c));
290	key=tmp1;
291
292	if (k > 0)
293	{
294	p=buf;
295	memcpy(p,TLS_MD_IV_BLOCK_CONST,
296	TLS_MD_IV_BLOCK_CONST_SIZE);
297	p+=TLS_MD_IV_BLOCK_CONST_SIZE;
298	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
299	p+=SSL3_RANDOM_SIZE;
300	memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
301	p+=SSL3_RANDOM_SIZE;
302	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
303	iv1,iv2,k*2);
304	if (client_write)
305	iv=iv1;
306	else
307	iv= &(iv1[k]);
308	}
309	}
310
311	s->session->key_arg_length=0;
312
313	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
314	#ifdef TLS_DEBUG
315	printf("which = %04X\nkey=",which);
316	{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
317	printf("\niv=");
318	{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
319	printf("\n");
320	#endif
321
322	memset(tmp1,0,sizeof(tmp1));
323	memset(tmp2,0,sizeof(tmp1));
324	memset(iv1,0,sizeof(iv1));
325	memset(iv2,0,sizeof(iv2));
326	return(1);
327	err:
328	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
329	err2:
330	return(0);
331	}
332
333	int tls1_setup_key_block(SSL *s)
334	{
335	unsigned char p1,p2;
336	const EVP_CIPHER *c;
337	const EVP_MD *hash;
338	int num;
339	SSL_COMP *comp;
340
341	if (s->s3->tmp.key_block_length != 0)
342	return(1);
343
344	if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
345	{
346	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
347	return(0);
348	}
349
350	s->s3->tmp.new_sym_enc=c;
351	s->s3->tmp.new_hash=hash;
352
353	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
354	num*=2;
355
356	ssl3_cleanup_key_block(s);
357
358	if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
359	goto err;
360	if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
361	goto err;
362
363	s->s3->tmp.key_block_length=num;
364	s->s3->tmp.key_block=p1;
365
366
367	#ifdef TLS_DEBUG
368	printf("client random\n");
369	{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
370	printf("server random\n");
371	{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
372	printf("pre-master\n");
373	{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
374	#endif
375	tls1_generate_key_block(s,p1,p2,num);
376	memset(p2,0,num);
377	OPENSSL_free(p2);
378	#ifdef TLS_DEBUG
379	printf("\nkey block\n");
380	{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
381	#endif
382
383	return(1);
384	err:
385	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
386	return(0);
387	}
388
389	int tls1_enc(SSL *s, int send)
390	{
391	SSL3_RECORD *rec;
392	EVP_CIPHER_CTX *ds;
393	unsigned long l;
394	int bs,i,ii,j,k,n=0;
395	const EVP_CIPHER *enc;
396
397	if (send)
398	{
399	if (s->write_hash != NULL)
400	n=EVP_MD_size(s->write_hash);
401	ds=s->enc_write_ctx;
402	rec= &(s->s3->wrec);
403	if (s->enc_write_ctx == NULL)
404	enc=NULL;
405	else
406	enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
407	}
408	else
409	{
410	if (s->read_hash != NULL)
411	n=EVP_MD_size(s->read_hash);
412	ds=s->enc_read_ctx;
413	rec= &(s->s3->rrec);
414	if (s->enc_read_ctx == NULL)
415	enc=NULL;
416	else
417	enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
418	}
419
420	if ((s->session == NULL) \|\| (ds == NULL) \|\|
421	(enc == NULL))
422	{
423	memmove(rec->data,rec->input,rec->length);
424	rec->input=rec->data;
425	}
426	else
427	{
428	l=rec->length;
429	bs=EVP_CIPHER_block_size(ds->cipher);
430
431	if ((bs != 1) && send)
432	{
433	i=bs-((int)l%bs);
434
435	/* Add weird padding of upto 256 bytes */
436
437	/* we need to add 'i' padding bytes of value j */
438	j=i-1;
439	if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
440	{
441	if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
442	j++;
443	}
444	for (k=(int)l; k<(int)(l+i); k++)
445	rec->input[k]=j;
446	l+=i;
447	rec->length+=i;
448	}
449
450	if (!send)
451	{
452	if (l == 0 \|\| l%bs != 0)
453	{
454	SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
455	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
456	return(0);
457	}
458	}
459
460	EVP_Cipher(ds,rec->data,rec->input,l);
461
462	if ((bs != 1) && !send)
463	{
464	ii=i=rec->data[l-1]; /* padding_length */
465	i++;
466	if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
467	{
468	/* First packet is even in size, so check */
469	if ((memcmp(s->s3->read_sequence,
470	"\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
471	s->s3->flags\|=TLS1_FLAGS_TLS_PADDING_BUG;
472	if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
473	i--;
474	}
475	/* TLS 1.0 does not bound the number of padding bytes by the block size.
476	* All of them must have value 'padding_length'. */
477	if (i > (int)rec->length)
478	{
479	SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
480	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
481	return(0);
482	}
483	for (j=(int)(l-i); j<(int)l; j++)
484	{
485	if (rec->data[j] != ii)
486	{
487	SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
488	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
489	return(0);
490	}
491	}
492	rec->length-=i;
493	}
494	}
495	return(1);
496	}
497
498	int tls1_cert_verify_mac(SSL s, EVP_MD_CTX in_ctx, unsigned char *out)
499	{
500	unsigned int ret;
501	EVP_MD_CTX ctx;
502
503	EVP_MD_CTX_copy(&ctx,in_ctx);
504	EVP_DigestFinal(&ctx,out,&ret);
505	return((int)ret);
506	}
507
508	int tls1_final_finish_mac(SSL s, EVP_MD_CTX in1_ctx, EVP_MD_CTX *in2_ctx,
509	const char str, int slen, unsigned char out)
510	{
511	unsigned int i;
512	EVP_MD_CTX ctx;
513	unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
514	unsigned char *q,buf2[12];
515
516	q=buf;
517	memcpy(q,str,slen);
518	q+=slen;
519
520	EVP_MD_CTX_copy(&ctx,in1_ctx);
521	EVP_DigestFinal(&ctx,q,&i);
522	q+=i;
523	EVP_MD_CTX_copy(&ctx,in2_ctx);
524	EVP_DigestFinal(&ctx,q,&i);
525	q+=i;
526
527	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
528	s->session->master_key,s->session->master_key_length,
529	out,buf2,12);
530	memset(&ctx,0,sizeof(EVP_MD_CTX));
531
532	return((int)12);
533	}
534
535	int tls1_mac(SSL ssl, unsigned char md, int send)
536	{
537	SSL3_RECORD *rec;
538	unsigned char mac_sec,seq;
539	const EVP_MD *hash;
540	unsigned int md_size;
541	int i;
542	HMAC_CTX hmac;
543	unsigned char buf[5];
544
545	if (send)
546	{
547	rec= &(ssl->s3->wrec);
548	mac_sec= &(ssl->s3->write_mac_secret[0]);
549	seq= &(ssl->s3->write_sequence[0]);
550	hash=ssl->write_hash;
551	}
552	else
553	{
554	rec= &(ssl->s3->rrec);
555	mac_sec= &(ssl->s3->read_mac_secret[0]);
556	seq= &(ssl->s3->read_sequence[0]);
557	hash=ssl->read_hash;
558	}
559
560	md_size=EVP_MD_size(hash);
561
562	buf[0]=rec->type;
563	buf[1]=TLS1_VERSION_MAJOR;
564	buf[2]=TLS1_VERSION_MINOR;
565	buf[3]=rec->length>>8;
566	buf[4]=rec->length&0xff;
567
568	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
569	HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
570	HMAC_Update(&hmac,seq,8);
571	HMAC_Update(&hmac,buf,5);
572	HMAC_Update(&hmac,rec->input,rec->length);
573	HMAC_Final(&hmac,md,&md_size);
574
575	#ifdef TLS_DEBUG
576	printf("sec=");
577	{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
578	printf("seq=");
579	{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
580	printf("buf=");
581	{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
582	printf("rec=");
583	{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
584	#endif
585
586	for (i=7; i>=0; i--)
587	{
588	++seq[i];
589	if (seq[i] != 0) break;
590	}
591
592	#ifdef TLS_DEBUG
593	{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
594	#endif
595	return(md_size);
596	}
597
598	int tls1_generate_master_secret(SSL s, unsigned char out, unsigned char *p,
599	int len)
600	{
601	unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
602	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
603
604	/* Setup the stuff to munge */
605	memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
606	TLS_MD_MASTER_SECRET_CONST_SIZE);
607	memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
608	s->s3->client_random,SSL3_RANDOM_SIZE);
609	memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
610	s->s3->server_random,SSL3_RANDOM_SIZE);
611	tls1_PRF(s->ctx->md5,s->ctx->sha1,
612	buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
613	s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
614	return(SSL3_MASTER_SECRET_SIZE);
615	}
616
617	int tls1_alert_code(int code)
618	{
619	switch (code)
620	{
621	case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
622	case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
623	case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
624	case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED);
625	case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW);
626	case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
627	case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
628	case SSL_AD_NO_CERTIFICATE: return(-1);
629	case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
630	case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
631	case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
632	case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
633	case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
634	case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
635	case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA);
636	case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
637	case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
638	case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
639	case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
640	case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
641	case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
642	case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
643	case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
644	case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
645	default: return(-1);
646	}
647	}
648