1 files changed, 165 insertions, 344 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 9719541f2b..7cb3e29a41 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -108,32 +108,6 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
 #include <stdio.h>
 #include "ssl_locl.h"
@@ -147,14 +121,8 @@
 #include <openssl/des.h>
 #endif
-/* seed1 through seed5 are virtually concatenated */
+static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
-static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+                        int sec_len, unsigned char *seed, int seed_len,
-                        int sec_len,
-                        const void *seed1, int seed1_len,
-                        const void *seed2, int seed2_len,
-                        const void *seed3, int seed3_len,
-                        const void *seed4, int seed4_len,
-                        const void *seed5, int seed5_len,
                        unsigned char *out, int olen)
        {
        int chunk,n;
@@ -163,133 +131,84 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
        HMAC_CTX ctx_tmp;
        unsigned char A1[EVP_MAX_MD_SIZE];
        unsigned int A1_len;
-        int ret = 0;
        
        chunk=EVP_MD_size(md);
-        OPENSSL_assert(chunk >= 0);
        HMAC_CTX_init(&ctx);
        HMAC_CTX_init(&ctx_tmp);
-        if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL))
+        HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-                goto err;
+        HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL))
+        HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
-                goto err;
+        HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
-        if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
+        HMAC_Update(&ctx,seed,seed_len);
-                goto err;
+        HMAC_Final(&ctx,A1,&A1_len);
-        if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
-                goto err;
-        if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
-                goto err;
-        if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
-                goto err;
-        if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
-                goto err;
-        if (!HMAC_Final(&ctx,A1,&A1_len))
-                goto err;
        n=0;
        for (;;)
                {
-                if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */
+                HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
-                        goto err;
+                HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
-                if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */
+                HMAC_Update(&ctx,A1,A1_len);
-                        goto err;
+                HMAC_Update(&ctx_tmp,A1,A1_len);
-                if (!HMAC_Update(&ctx,A1,A1_len))
+                HMAC_Update(&ctx,seed,seed_len);
-                        goto err;
-                if (!HMAC_Update(&ctx_tmp,A1,A1_len))
-                        goto err;
-                if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
-                        goto err;
-                if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
-                        goto err;
-                if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
-                        goto err;
-                if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
-                        goto err;
-                if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
-                        goto err;
                if (olen > chunk)
                        {
-                        if (!HMAC_Final(&ctx,out,&j))
+                        HMAC_Final(&ctx,out,&j);
-                                goto err;
                        out+=j;
                        olen-=j;
-                        if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */
+                        HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
-                                goto err;
                        }
                else    /* last one */
                        {
-                        if (!HMAC_Final(&ctx,A1,&A1_len))
+                        HMAC_Final(&ctx,A1,&A1_len);
-                                goto err;
                        memcpy(out,A1,olen);
                        break;
                        }
                }
-        ret = 1;
-err:
        HMAC_CTX_cleanup(&ctx);
        HMAC_CTX_cleanup(&ctx_tmp);
        OPENSSL_cleanse(A1,sizeof(A1));
-        return ret;
        }
-/* seed1 through seed5 are virtually concatenated */
+static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
-static int tls1_PRF(long digest_mask,
+                     unsigned char *label, int label_len,
-                     const void *seed1, int seed1_len,
+                     const unsigned char *sec, int slen, unsigned char *out1,
-                     const void *seed2, int seed2_len,
-                     const void *seed3, int seed3_len,
-                     const void *seed4, int seed4_len,
-                     const void *seed5, int seed5_len,
-                     const unsigned char *sec, int slen,
-                     unsigned char *out1,
                     unsigned char *out2, int olen)
        {
-        int len,i,idx,count;
+        int len,i;
-        const unsigned char *S1;
+        const unsigned char *S1,*S2;
-        long m;
-        const EVP_MD *md;
+        len=slen/2;
-        int ret = 0;
-        /* Count number of digests and partition sec evenly */
-        count=0;
-        for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
-                if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++;
-        }       
-        len=slen/count;
        S1=sec;
-        memset(out1,0,olen);
+        S2= &(sec[len]);
-        for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
+        len+=(slen&1); /* add for odd, make longer */
-                if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) {
-                        if (!md) {
+        
-                                SSLerr(SSL_F_TLS1_PRF,
+        tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
-                                SSL_R_UNSUPPORTED_DIGEST_TYPE);
+        tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
-                                goto err;                               
-                        }
+        for (i=0; i<olen; i++)
-                        if (!tls1_P_hash(md ,S1,len+(slen&1),
+                out1[i]^=out2[i];
-                                        seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
-                                        out2,olen))
-                                goto err;
-                        S1+=len;
-                        for (i=0; i<olen; i++)
-                        {
-                                out1[i]^=out2[i];
-                        }
-                }
        }
-        ret = 1;
-err:
+static void tls1_generate_key_block(SSL *s, unsigned char *km,
-        return ret;
-}
-static int tls1_generate_key_block(SSL *s, unsigned char *km,
             unsigned char *tmp, int num)
        {
-        int ret;
+        unsigned char *p;
-        ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+        unsigned char buf[SSL3_RANDOM_SIZE*2+
-                 TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,
+                TLS_MD_MAX_CONST_SIZE];
-                 s->s3->server_random,SSL3_RANDOM_SIZE,
+        p=buf;
-                 s->s3->client_random,SSL3_RANDOM_SIZE,
-                 NULL,0,NULL,0,
+        memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
+                TLS_MD_KEY_EXPANSION_CONST_SIZE);
+        p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
+        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
                 s->session->master_key,s->session->master_key_length,
                 km,tmp,num);
 #ifdef KSSL_DEBUG
@@ -303,14 +222,14 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km,
                }
        printf("\n");  }
 #endif    /* KSSL_DEBUG */
-        return ret;
        }
 int tls1_change_cipher_state(SSL *s, int which)
        {
        static const unsigned char empty[]="";
        unsigned char *p,*key_block,*mac_secret;
-        unsigned char *exp_label;
+        unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
+                SSL3_RANDOM_SIZE*2];
        unsigned char tmp1[EVP_MAX_KEY_LENGTH];
        unsigned char tmp2[EVP_MAX_KEY_LENGTH];
        unsigned char iv1[EVP_MAX_IV_LENGTH*2];
@@ -323,17 +242,12 @@ int tls1_change_cipher_state(SSL *s, int which)
        const SSL_COMP *comp;
 #endif
        const EVP_MD *m;
-        int mac_type;
-        int *mac_secret_size;
-        EVP_MD_CTX *mac_ctx;
-        EVP_PKEY *mac_key;
        int is_export,n,i,j,k,exp_label_len,cl;
        int reuse_dd = 0;
        is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
        c=s->s3->tmp.new_sym_enc;
        m=s->s3->tmp.new_hash;
-        mac_type = s->s3->tmp.new_mac_pkey_type;
 #ifndef OPENSSL_NO_COMP
        comp=s->s3->tmp.new_compression;
 #endif
@@ -341,28 +255,21 @@ int tls1_change_cipher_state(SSL *s, int which)
 #ifdef KSSL_DEBUG
        printf("tls1_change_cipher_state(which= %d) w/\n", which);
-        printf("\talg= %ld/%ld, comp= %p\n",
+        printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
-               s->s3->tmp.new_cipher->algorithm_mkey,
+                (void *)comp);
-               s->s3->tmp.new_cipher->algorithm_auth,
+        printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c);
-               comp);
-        printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
        printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
                c->nid,c->block_size,c->key_len,c->iv_len);
        printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
        {
-        int i;
+        int ki;
-        for (i=0; i<s->s3->tmp.key_block_length; i++)
+        for (ki=0; ki<s->s3->tmp.key_block_length; ki++)
-                printf("%02x", key_block[i]);  printf("\n");
+                printf("%02x", key_block[ki]);  printf("\n");
        }
 #endif  /* KSSL_DEBUG */
        if (which & SSL3_CC_READ)
                {
-                if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
-                        s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
-                        else
-                        s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
                if (s->enc_read_ctx != NULL)
                        reuse_dd = 1;
                else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
@@ -371,7 +278,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                        /* make sure it's intialized in case we exit later with an error */
                        EVP_CIPHER_CTX_init(s->enc_read_ctx);
                dd= s->enc_read_ctx;
-                mac_ctx=ssl_replace_hash(&s->read_hash,NULL);
+                s->read_hash=m;
 #ifndef OPENSSL_NO_COMP
                if (s->expand != NULL)
                        {
@@ -397,14 +304,9 @@ int tls1_change_cipher_state(SSL *s, int which)
                if (s->version != DTLS1_VERSION)
                        memset(&(s->s3->read_sequence[0]),0,8);
                mac_secret= &(s->s3->read_mac_secret[0]);
-                mac_secret_size=&(s->s3->read_mac_secret_size);
                }
        else
                {
-                if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
-                        s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
-                        else
-                        s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
                if (s->enc_write_ctx != NULL)
                        reuse_dd = 1;
                else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
@@ -413,7 +315,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                        /* make sure it's intialized in case we exit later with an error */
                        EVP_CIPHER_CTX_init(s->enc_write_ctx);
                dd= s->enc_write_ctx;
-                mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+                s->write_hash=m;
 #ifndef OPENSSL_NO_COMP
                if (s->compress != NULL)
                        {
@@ -434,15 +336,13 @@ int tls1_change_cipher_state(SSL *s, int which)
                if (s->version != DTLS1_VERSION)
                        memset(&(s->s3->write_sequence[0]),0,8);
                mac_secret= &(s->s3->write_mac_secret[0]);
-                mac_secret_size = &(s->s3->write_mac_secret_size);
                }
        if (reuse_dd)
                EVP_CIPHER_CTX_cleanup(dd);
        p=s->s3->tmp.key_block;
-        i=*mac_secret_size=s->s3->tmp.new_mac_secret_size;
+        i=EVP_MD_size(m);
        cl=EVP_CIPHER_key_length(c);
        j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
                       cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
@@ -478,10 +378,6 @@ int tls1_change_cipher_state(SSL *s, int which)
                }
        memcpy(mac_secret,ms,i);
-        mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
-                        mac_secret,*mac_secret_size);
-        EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key);
-        EVP_PKEY_free(mac_key);
 #ifdef TLS_DEBUG
 printf("which = %04X\nmac key=",which);
 { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
@@ -491,24 +387,29 @@ printf("which = %04X\nmac key=",which);
                /* In here I set both the read and write key/iv to the
                 * same value since only the correct one will be used :-).
                 */
-                if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+                p=buf;
-                                exp_label,exp_label_len,
+                memcpy(p,exp_label,exp_label_len);
-                                s->s3->client_random,SSL3_RANDOM_SIZE,
+                p+=exp_label_len;
-                                s->s3->server_random,SSL3_RANDOM_SIZE,
+                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-                                NULL,0,NULL,0,
+                p+=SSL3_RANDOM_SIZE;
-                                key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)))
+                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
-                        goto err2;
+                p+=SSL3_RANDOM_SIZE;
+                tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
+                         tmp1,tmp2,EVP_CIPHER_key_length(c));
                key=tmp1;
                if (k > 0)
                        {
-                        if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+                        p=buf;
-                                        TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
+                        memcpy(p,TLS_MD_IV_BLOCK_CONST,
-                                        s->s3->client_random,SSL3_RANDOM_SIZE,
+                                TLS_MD_IV_BLOCK_CONST_SIZE);
-                                        s->s3->server_random,SSL3_RANDOM_SIZE,
+                        p+=TLS_MD_IV_BLOCK_CONST_SIZE;
-                                        NULL,0,NULL,0,
+                        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-                                        empty,0,iv1,iv2,k*2))
+                        p+=SSL3_RANDOM_SIZE;
-                                goto err2;
+                        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                        p+=SSL3_RANDOM_SIZE;
+                        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
+                                 iv1,iv2,k*2);
                        if (client_write)
                                iv=iv1;
                        else
@@ -519,11 +420,13 @@ printf("which = %04X\nmac key=",which);
        s->session->key_arg_length=0;
 #ifdef KSSL_DEBUG
        {
-        int i;
+        int ki;
        printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
-        printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
+        printf("\tkey= ");
+        for (ki=0; ki<c->key_len; ki++) printf("%02x", key[ki]);
        printf("\n");
-        printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
+        printf("\t iv= ");
+        for (ki=0; ki<c->iv_len; ki++) printf("%02x", iv[ki]);
        printf("\n");
        }
 #endif  /* KSSL_DEBUG */
@@ -550,13 +453,11 @@ err2:
 int tls1_setup_key_block(SSL *s)
        {
-        unsigned char *p1,*p2=NULL;
+        unsigned char *p1,*p2;
        const EVP_CIPHER *c;
        const EVP_MD *hash;
        int num;
        SSL_COMP *comp;
-        int mac_type= NID_undef,mac_secret_size=0;
-        int ret=0;
 #ifdef KSSL_DEBUG
        printf ("tls1_setup_key_block()\n");
@@ -565,7 +466,7 @@ int tls1_setup_key_block(SSL *s)
        if (s->s3->tmp.key_block_length != 0)
                return(1);
-        if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&comp))
+        if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
                {
                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
                return(0);
@@ -573,27 +474,20 @@ int tls1_setup_key_block(SSL *s)
        s->s3->tmp.new_sym_enc=c;
        s->s3->tmp.new_hash=hash;
-        s->s3->tmp.new_mac_pkey_type = mac_type;
-        s->s3->tmp.new_mac_secret_size = mac_secret_size;
+        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
-        num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c);
        num*=2;
        ssl3_cleanup_key_block(s);
        if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                {
-                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
                goto err;
-                }
+        if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+                goto err;
        s->s3->tmp.key_block_length=num;
        s->s3->tmp.key_block=p1;
-        if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                {
-                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
 #ifdef TLS_DEBUG
 printf("client random\n");
@@ -603,8 +497,9 @@ printf("server random\n");
 printf("pre-master\n");
 { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
 #endif
-        if (!tls1_generate_key_block(s,p1,p2,num))
+        tls1_generate_key_block(s,p1,p2,num);
-                goto err;
+        OPENSSL_cleanse(p2,num);
+        OPENSSL_free(p2);
 #ifdef TLS_DEBUG
 printf("\nkey block\n");
 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
@@ -619,24 +514,20 @@ printf("\nkey block\n");
                if (s->session->cipher != NULL)
                        {
-                        if (s->session->cipher->algorithm_enc == SSL_eNULL)
+                        if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
                                s->s3->need_empty_fragments = 0;
                        
 #ifndef OPENSSL_NO_RC4
-                        if (s->session->cipher->algorithm_enc == SSL_RC4)
+                        if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
                                s->s3->need_empty_fragments = 0;
 #endif
                        }
                }
                
-        ret = 1;
+        return(1);
 err:
-        if (p2)
+        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
-                {
+        return(0);
-                OPENSSL_cleanse(p2,num);
-                OPENSSL_free(p2);
-                }
-        return(ret);
        }
 int tls1_enc(SSL *s, int send)
@@ -649,11 +540,8 @@ int tls1_enc(SSL *s, int send)
        if (send)
                {
-                if (EVP_MD_CTX_md(s->write_hash))
+                if (s->write_hash != NULL)
-                        {
+                        n=EVP_MD_size(s->write_hash);
-                        n=EVP_MD_CTX_size(s->write_hash);
-                        OPENSSL_assert(n >= 0);
-                        }
                ds=s->enc_write_ctx;
                rec= &(s->s3->wrec);
                if (s->enc_write_ctx == NULL)
@@ -663,11 +551,8 @@ int tls1_enc(SSL *s, int send)
                }
        else
                {
-                if (EVP_MD_CTX_md(s->read_hash))
+                if (s->read_hash != NULL)
-                        {
+                        n=EVP_MD_size(s->read_hash);
-                        n=EVP_MD_CTX_size(s->read_hash);
-                        OPENSSL_assert(n >= 0);
-                        }
                ds=s->enc_read_ctx;
                rec= &(s->s3->rrec);
                if (s->enc_read_ctx == NULL)
@@ -714,10 +599,11 @@ int tls1_enc(SSL *s, int send)
                {
                unsigned long ui;
                printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
-                        ds,rec->data,rec->input,l);
+                        (void *)ds,rec->data,rec->input,l);
-                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
                        ds->buf_len, ds->cipher->key_len,
-                        DES_KEY_SZ, DES_SCHEDULE_SZ,
+                        (unsigned long)DES_KEY_SZ,
+                        (unsigned long)DES_SCHEDULE_SZ,
                        ds->cipher->iv_len);
                printf("\t\tIV: ");
                for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
@@ -742,10 +628,10 @@ int tls1_enc(SSL *s, int send)
 #ifdef KSSL_DEBUG
                {
-                unsigned long i;
+                unsigned long ki;
                printf("\trec->data=");
-                for (i=0; i<l; i++)
+                for (ki=0; ki<l; i++)
-                        printf(" %02x", rec->data[i]);  printf("\n");
+                        printf(" %02x", rec->data[ki]);  printf("\n");
                }
 #endif  /* KSSL_DEBUG */
@@ -793,101 +679,56 @@ int tls1_enc(SSL *s, int send)
                }
        return(1);
        }
-int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
+int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
        {
        unsigned int ret;
-        EVP_MD_CTX ctx, *d=NULL;
+        EVP_MD_CTX ctx;
-        int i;
-        if (s->s3->handshake_buffer) 
-                if (!ssl3_digest_cached_records(s))
-                        return 0;
-        for (i=0;i<SSL_MAX_DIGEST;i++) 
-                {
-                  if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) 
-                        {
-                        d=s->s3->handshake_dgst[i];
-                        break;
-                        }
-                }
-        if (!d) {
-                SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST);
-                return 0;
-        }       
        EVP_MD_CTX_init(&ctx);
-        EVP_MD_CTX_copy_ex(&ctx,d);
+        EVP_MD_CTX_copy_ex(&ctx,in_ctx);
        EVP_DigestFinal_ex(&ctx,out,&ret);
        EVP_MD_CTX_cleanup(&ctx);
        return((int)ret);
        }
-int tls1_final_finish_mac(SSL *s,
+int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
             const char *str, int slen, unsigned char *out)
        {
        unsigned int i;
        EVP_MD_CTX ctx;
-        unsigned char buf[2*EVP_MAX_MD_SIZE];
+        unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
        unsigned char *q,buf2[12];
-        int idx;
-        long mask;
-        int err=0;
-        const EVP_MD *md; 
        q=buf;
+        memcpy(q,str,slen);
-        if (s->s3->handshake_buffer) 
+        q+=slen;
-                if (!ssl3_digest_cached_records(s))
-                        return 0;
        EVP_MD_CTX_init(&ctx);
+        EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
-        for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
+        EVP_DigestFinal_ex(&ctx,q,&i);
-                {
+        q+=i;
-                if (mask & s->s3->tmp.new_cipher->algorithm2)
+        EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
-                        {
+        EVP_DigestFinal_ex(&ctx,q,&i);
-                        int hashsize = EVP_MD_size(md);
+        q+=i;
-                        if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
-                                {
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
-                                /* internal error: 'buf' is too small for this cipersuite! */
+                s->session->master_key,s->session->master_key_length,
-                                err = 1;
+                out,buf2,sizeof buf2);
-                                }
-                        else
-                                {
-                                EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
-                                EVP_DigestFinal_ex(&ctx,q,&i);
-                                if (i != (unsigned int)hashsize) /* can't really happen */
-                                        err = 1;
-                                q+=i;
-                                }
-                        }
-                }
-                
-        if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
-                        str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
-                        s->session->master_key,s->session->master_key_length,
-                        out,buf2,sizeof buf2))
-                err = 1;
        EVP_MD_CTX_cleanup(&ctx);
-        if (err)
+        return sizeof buf2;
-                return 0;
-        else
-                return sizeof buf2;
        }
 int tls1_mac(SSL *ssl, unsigned char *md, int send)
        {
        SSL3_RECORD *rec;
        unsigned char *mac_sec,*seq;
-        EVP_MD_CTX *hash;
+        const EVP_MD *hash;
-        size_t md_size;
+        unsigned int md_size;
        int i;
-        EVP_MD_CTX hmac, *mac_ctx;
+        HMAC_CTX hmac;
        unsigned char buf[5]; 
-        int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
-        int t;
        if (send)
                {
@@ -904,45 +745,43 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                hash=ssl->read_hash;
                }
-        t=EVP_MD_CTX_size(hash);
+        md_size=EVP_MD_size(hash);
-        OPENSSL_assert(t >= 0);
-        md_size=t;
        buf[0]=rec->type;
-        buf[1]=(unsigned char)(ssl->version>>8);
+        if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER)
-        buf[2]=(unsigned char)(ssl->version);
+                {
+                buf[1]=TLS1_VERSION_MAJOR;
+                buf[2]=TLS1_VERSION_MINOR;
+                }
+        else    {
+                buf[1]=(unsigned char)(ssl->version>>8);
+                buf[2]=(unsigned char)(ssl->version);
+                }
        buf[3]=rec->length>>8;
        buf[4]=rec->length&0xff;
        /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
-        if (stream_mac) 
+        HMAC_CTX_init(&hmac);
-                {
+        HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
-                        mac_ctx = hash;
-                }
-                else
-                {
-                        EVP_MD_CTX_copy(&hmac,hash);
-                        mac_ctx = &hmac;
-                }
-        if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
+        if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
                {
                unsigned char dtlsseq[8],*p=dtlsseq;
                s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
                memcpy (p,&seq[2],6);
-                EVP_DigestSignUpdate(mac_ctx,dtlsseq,8);
+                HMAC_Update(&hmac,dtlsseq,8);
                }
        else
-                EVP_DigestSignUpdate(mac_ctx,seq,8);
+                HMAC_Update(&hmac,seq,8);
+        HMAC_Update(&hmac,buf,5);
+        HMAC_Update(&hmac,rec->input,rec->length);
+        HMAC_Final(&hmac,md,&md_size);
+        HMAC_CTX_cleanup(&hmac);
-        EVP_DigestSignUpdate(mac_ctx,buf,5);
-        EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
-        t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
-        OPENSSL_assert(t > 0);
-                
-        if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
 #ifdef TLS_DEBUG
 printf("sec=");
 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
@@ -954,7 +793,7 @@ printf("rec=");
 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
-        if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
+        if ( SSL_version(ssl) != DTLS1_VERSION)
                {
                for (i=7; i>=0; i--)
                        {
@@ -972,35 +811,23 @@ printf("rec=");
 int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
             int len)
        {
+        unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
        unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
-        const void *co = NULL, *so = NULL;
-        int col = 0, sol = 0;
 #ifdef KSSL_DEBUG
-        printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
+        printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", (void *)s,out, p,len);
 #endif  /* KSSL_DEBUG */
-#ifdef TLSEXT_TYPE_opaque_prf_input
+        /* Setup the stuff to munge */
-        if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
+        memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
-            s->s3->client_opaque_prf_input_len > 0 &&
+                TLS_MD_MASTER_SECRET_CONST_SIZE);
-            s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input_len)
+        memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
-                {
+                s->s3->client_random,SSL3_RANDOM_SIZE);
-                co = s->s3->client_opaque_prf_input;
+        memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
-                col = s->s3->server_opaque_prf_input_len;
+                s->s3->server_random,SSL3_RANDOM_SIZE);
-                so = s->s3->server_opaque_prf_input;
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,
-                sol = s->s3->client_opaque_prf_input_len; /* must be same as col (see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */
+                buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
-                }
-#endif
-        tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
-                TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE,
-                s->s3->client_random,SSL3_RANDOM_SIZE,
-                co, col,
-                s->s3->server_random,SSL3_RANDOM_SIZE,
-                so, sol,
-                p,len,
                s->session->master_key,buff,sizeof buff);
 #ifdef KSSL_DEBUG
        printf ("tls1_generate_master_secret() complete\n");
 #endif  /* KSSL_DEBUG */
@@ -1035,13 +862,7 @@ int tls1_alert_code(int code)
        case SSL_AD_INTERNAL_ERROR:     return(TLS1_AD_INTERNAL_ERROR);
        case SSL_AD_USER_CANCELLED:     return(TLS1_AD_USER_CANCELLED);
        case SSL_AD_NO_RENEGOTIATION:   return(TLS1_AD_NO_RENEGOTIATION);
-        case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION);
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-        case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE);
-        case SSL_AD_UNRECOGNIZED_NAME:  return(TLS1_AD_UNRECOGNIZED_NAME);
-        case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
-        case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
-        case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
-#if 0 /* not appropriate for TLS, not used for DTLS */
        case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 
                                          (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
 #endif