1 files changed, 635 insertions, 0 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
new file mode 100644
index 0000000000..fbdd3bffb5
--- /dev/null
+++ b/src/lib/libssl/t1_enc.c
@@ -0,0 +1,635 @@
+/* ssl/t1_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "evp.h"
+#include "hmac.h"
+#include "ssl_locl.h"
+static void tls1_P_hash(md,sec,sec_len,seed,seed_len,out,olen)
+EVP_MD *md;
+unsigned char *sec;
+int sec_len;
+unsigned char *seed;
+int seed_len;
+unsigned char *out;
+int olen;
+        {
+        int chunk,n;
+        unsigned int j;
+        HMAC_CTX ctx;
+        HMAC_CTX ctx_tmp;
+        unsigned char A1[HMAC_MAX_MD_CBLOCK];
+        unsigned int A1_len;
+        
+        chunk=EVP_MD_size(md);
+        HMAC_Init(&ctx,sec,sec_len,md);
+        HMAC_Update(&ctx,seed,seed_len);
+        HMAC_Final(&ctx,A1,&A1_len);
+        n=0;
+        for (;;)
+                {
+                HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
+                HMAC_Update(&ctx,A1,A1_len);
+                memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */
+                HMAC_Update(&ctx,seed,seed_len);
+                if (olen > chunk)
+                        {
+                        HMAC_Final(&ctx,out,&j);
+                        out+=j;
+                        olen-=j;
+                        HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
+                        }
+                else    /* last one */
+                        {
+                        HMAC_Final(&ctx,A1,&A1_len);
+                        memcpy(out,A1,olen);
+                        break;
+                        }
+                }
+        HMAC_cleanup(&ctx);
+        HMAC_cleanup(&ctx_tmp);
+        memset(A1,0,sizeof(A1));
+        }
+static void tls1_PRF(md5,sha1,label,label_len,sec,slen,out1,out2,olen)
+EVP_MD *md5;
+EVP_MD *sha1;
+unsigned char *label;
+int label_len;
+unsigned char *sec;
+int slen;
+unsigned char *out1;
+unsigned char *out2;
+int olen;
+        {
+        int len,i;
+        unsigned char *S1,*S2;
+        len=slen/2;
+        S1=sec;
+        S2= &(sec[len]);
+        len+=(slen&1); /* add for odd, make longer */
+        
+        tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
+        tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
+        for (i=0; i<olen; i++)
+                out1[i]^=out2[i];
+        }
+static void tls1_generate_key_block(s,km,tmp,num)
+SSL *s;
+unsigned char *km,*tmp;
+int num;
+        {
+        unsigned char *p;
+        unsigned char buf[SSL3_RANDOM_SIZE*2+
+                TLS_MD_MAX_CONST_SIZE];
+        p=buf;
+        memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
+                TLS_MD_KEY_EXPANSION_CONST_SIZE);
+        p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
+        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+        p+=SSL3_RANDOM_SIZE;
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,
+                s->session->master_key,s->session->master_key_length,
+                km,tmp,num);
+        }
+int tls1_change_cipher_state(s,which)
+SSL *s;
+int which;
+        {
+        unsigned char *p,*key_block,*mac_secret;
+        unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
+                SSL3_RANDOM_SIZE*2];
+        unsigned char tmp1[EVP_MAX_KEY_LENGTH];
+        unsigned char tmp2[EVP_MAX_KEY_LENGTH];
+        unsigned char iv1[EVP_MAX_IV_LENGTH*2];
+        unsigned char iv2[EVP_MAX_IV_LENGTH*2];
+        unsigned char *ms,*key,*iv,*er1,*er2;
+        int client_write;
+        EVP_CIPHER_CTX *dd;
+        EVP_CIPHER *c;
+        SSL_COMPRESSION *comp;
+        EVP_MD *m;
+        int exp,n,i,j,k,exp_label_len;
+        exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
+        c=s->s3->tmp.new_sym_enc;
+        m=s->s3->tmp.new_hash;
+        comp=s->s3->tmp.new_compression;
+        key_block=s->s3->tmp.key_block;
+        if (which & SSL3_CC_READ)
+                {
+                if ((s->enc_read_ctx == NULL) &&
+                        ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
+                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        goto err;
+                dd= s->enc_read_ctx;
+                s->read_hash=m;
+                s->read_compression=comp;
+                memset(&(s->s3->read_sequence[0]),0,8);
+                mac_secret= &(s->s3->read_mac_secret[0]);
+                }
+        else
+                {
+                if ((s->enc_write_ctx == NULL) &&
+                        ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
+                        Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                        goto err;
+                dd= s->enc_write_ctx;
+                s->write_hash=m;
+                s->write_compression=comp;
+                memset(&(s->s3->write_sequence[0]),0,8);
+                mac_secret= &(s->s3->write_mac_secret[0]);
+                }
+        EVP_CIPHER_CTX_init(dd);
+        p=s->s3->tmp.key_block;
+        i=EVP_MD_size(m);
+        j=(exp)?5:EVP_CIPHER_key_length(c);
+        k=EVP_CIPHER_iv_length(c);
+        er1= &(s->s3->client_random[0]);
+        er2= &(s->s3->server_random[0]);
+        if (    (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+                (which == SSL3_CHANGE_CIPHER_SERVER_READ))
+                {
+                ms=  &(p[ 0]); n=i+i;
+                key= &(p[ n]); n+=j+j;
+                iv=  &(p[ n]); n+=k+k;
+                exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
+                exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
+                client_write=1;
+                }
+        else
+                {
+                n=i;
+                ms=  &(p[ n]); n+=i+j;
+                key= &(p[ n]); n+=j+k;
+                iv=  &(p[ n]); n+=k;
+                exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
+                exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
+                client_write=0;
+                }
+        if (n > s->s3->tmp.key_block_length)
+                {
+                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
+                goto err2;
+                }
+        memcpy(mac_secret,ms,i);
+#ifdef TLS_DEBUG
+printf("which = %04X\nmac key=",which);
+{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
+#endif
+        if (exp)
+                {
+                /* In here I set both the read and write key/iv to the
+                 * same value since only the correct one will be used :-).
+                 */
+                p=buf;
+                memcpy(p,exp_label,exp_label_len);
+                p+=exp_label_len;
+                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                p+=SSL3_RANDOM_SIZE;
+                tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,key,j,
+                        tmp1,tmp2,EVP_CIPHER_key_length(c));
+                key=tmp1;
+                if (k > 0)
+                        {
+                        p=buf;
+                        memcpy(p,TLS_MD_IV_BLOCK_CONST,
+                                TLS_MD_IV_BLOCK_CONST_SIZE);
+                        p+=TLS_MD_IV_BLOCK_CONST_SIZE;
+                        memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
+                        p+=SSL3_RANDOM_SIZE;
+                        memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
+                        p+=SSL3_RANDOM_SIZE;
+                        tls1_PRF(s->ctx->md5,s->ctx->sha1,
+                                buf,p-buf,"",0,iv1,iv2,k*2);
+                        if (client_write)
+                                iv=iv1;
+                        else
+                                iv= &(iv1[k]);
+                        }
+                }
+        s->session->key_arg_length=0;
+        EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+#ifdef TLS_DEBUG
+printf("which = %04X\nkey=",which);
+{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
+printf("\niv=");
+{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
+printf("\n");
+#endif
+        memset(tmp1,0,sizeof(tmp1));
+        memset(tmp2,0,sizeof(tmp1));
+        memset(iv1,0,sizeof(iv1));
+        memset(iv2,0,sizeof(iv2));
+        return(1);
+err:
+        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+err2:
+        return(0);
+        }
+int tls1_setup_key_block(s)
+SSL *s;
+        {
+        unsigned char *p1,*p2;
+        EVP_CIPHER *c;
+        EVP_MD *hash;
+        int num,exp;
+        if (s->s3->tmp.key_block_length != 0)
+                return(1);
+        if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
+                {
+                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+                return(0);
+                }
+        s->s3->tmp.new_sym_enc=c;
+        s->s3->tmp.new_hash=hash;
+        exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
+        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
+        num*=2;
+        ssl3_cleanup_key_block(s);
+        if ((p1=(unsigned char *)Malloc(num)) == NULL)
+                goto err;
+        if ((p2=(unsigned char *)Malloc(num)) == NULL)
+                goto err;
+        s->s3->tmp.key_block_length=num;
+        s->s3->tmp.key_block=p1;
+#ifdef TLS_DEBUG
+printf("client random\n");
+{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
+printf("server random\n");
+{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
+printf("pre-master\n");
+{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+#endif
+        tls1_generate_key_block(s,p1,p2,num);
+        memset(p2,0,num);
+        Free(p2);
+#ifdef TLS_DEBUG
+printf("\nkey block\n");
+{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
+#endif
+        return(1);
+err:
+        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
+int tls1_enc(s,send)
+SSL *s;
+int send;
+        {
+        SSL3_RECORD *rec;
+        EVP_CIPHER_CTX *ds;
+        unsigned long l;
+        int bs,i,ii,j,k,n=0;
+        EVP_CIPHER *enc;
+        SSL_COMPRESSION *comp;
+        if (send)
+                {
+                if (s->write_hash != NULL)
+                        n=EVP_MD_size(s->write_hash);
+                ds=s->enc_write_ctx;
+                rec= &(s->s3->wrec);
+                if (s->enc_write_ctx == NULL)
+                        { enc=NULL; comp=NULL; }
+                else
+                        {
+                        enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+                        comp=s->write_compression;
+                        }
+                }
+        else
+                {
+                if (s->read_hash != NULL)
+                        n=EVP_MD_size(s->read_hash);
+                ds=s->enc_read_ctx;
+                rec= &(s->s3->rrec);
+                if (s->enc_read_ctx == NULL)
+                        { enc=NULL; comp=NULL; }
+                else
+                        {
+                        enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+                        comp=s->read_compression;
+                        }
+                }
+        if ((s->session == NULL) || (ds == NULL) ||
+                ((enc == NULL) && (comp == NULL)))
+                {
+                memcpy(rec->data,rec->input,rec->length);
+                rec->input=rec->data;
+                }
+        else
+                {
+                l=rec->length;
+                bs=EVP_CIPHER_block_size(ds->cipher);
+                if ((bs != 1) && send)
+                        {
+                        i=bs-((int)l%bs);
+                        /* Add weird padding of upto 256 bytes */
+                        /* we need to add 'i' padding bytes of value j */
+                        j=i-1;
+                        if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
+                                {
+                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+                                        j++;
+                                }
+                        for (k=(int)l; k<(int)(l+i); k++)
+                                rec->input[k]=j;
+                        l+=i;
+                        rec->length+=i;
+                        }
+                EVP_Cipher(ds,rec->data,rec->input,l);
+                if ((bs != 1) && !send)
+                        {
+                        ii=i=rec->data[l-1];
+                        i++;
+                        if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+                                {
+                                /* First packet is even in size, so check */
+                                if ((memcmp(s->s3->read_sequence,
+                                        "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
+                                        s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
+                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+                                        i--;
+                                }
+                        if (i > (int)rec->length)
+                                {
+                                SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+                                return(0);
+                                }
+                        for (j=(int)(l-i); j<(int)l; j++)
+                                {
+                                if (rec->data[j] != ii)
+                                        {
+                                        SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
+                                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+                                        return(0);
+                                        }
+                                }
+                        rec->length-=i;
+                        }
+                }
+        return(1);
+        }
+int tls1_cert_verify_mac(s,in_ctx,out)
+SSL *s;
+EVP_MD_CTX *in_ctx;
+unsigned char *out;
+        {
+        unsigned int ret;
+        EVP_MD_CTX ctx;
+        memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
+        EVP_DigestFinal(&ctx,out,&ret);
+        return((int)ret);
+        }
+int tls1_final_finish_mac(s,in1_ctx,in2_ctx,str,slen,out)
+SSL *s;
+EVP_MD_CTX *in1_ctx,*in2_ctx;
+unsigned char *str;
+int slen;
+unsigned char *out;
+        {
+        unsigned int i;
+        EVP_MD_CTX ctx;
+        unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+        unsigned char *q,buf2[12];
+        q=buf;
+        memcpy(q,str,slen);
+        q+=slen;
+        memcpy(&ctx,in1_ctx,sizeof(EVP_MD_CTX));
+        EVP_DigestFinal(&ctx,q,&i);
+        q+=i;
+        memcpy(&ctx,in2_ctx,sizeof(EVP_MD_CTX));
+        EVP_DigestFinal(&ctx,q,&i);
+        q+=i;
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,q-buf,
+                s->session->master_key,s->session->master_key_length,
+                out,buf2,12);
+        memset(&ctx,0,sizeof(EVP_MD_CTX));
+        return((int)12);
+        }
+int tls1_mac(ssl,md,send)
+SSL *ssl;
+unsigned char *md;
+int send;
+        {
+        SSL3_RECORD *rec;
+        unsigned char *mac_sec,*seq;
+        EVP_MD *hash;
+        unsigned int md_size;
+        int i;
+        HMAC_CTX hmac;
+        unsigned char buf[5]; 
+        if (send)
+                {
+                rec= &(ssl->s3->wrec);
+                mac_sec= &(ssl->s3->write_mac_secret[0]);
+                seq= &(ssl->s3->write_sequence[0]);
+                hash=ssl->write_hash;
+                }
+        else
+                {
+                rec= &(ssl->s3->rrec);
+                mac_sec= &(ssl->s3->read_mac_secret[0]);
+                seq= &(ssl->s3->read_sequence[0]);
+                hash=ssl->read_hash;
+                }
+        md_size=EVP_MD_size(hash);
+        buf[0]=rec->type;
+        buf[1]=TLS1_VERSION_MAJOR;
+        buf[2]=TLS1_VERSION_MINOR;
+        buf[3]=rec->length>>8;
+        buf[4]=rec->length&0xff;
+        /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+        HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
+        HMAC_Update(&hmac,seq,8);
+        HMAC_Update(&hmac,buf,5);
+        HMAC_Update(&hmac,rec->input,rec->length);
+        HMAC_Final(&hmac,md,&md_size);
+#ifdef TLS_DEBUG
+printf("sec=");
+{int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
+printf("seq=");
+{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
+printf("buf=");
+{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
+printf("rec=");
+{int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
+#endif
+        for (i=7; i>=0; i--)
+                if (++seq[i]) break; 
+#ifdef TLS_DEBUG
+{int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
+#endif
+        return(md_size);
+        }
+int tls1_generate_master_secret(s,out,p,len)
+SSL *s;
+unsigned char *out;
+unsigned char *p;
+int len;
+        {
+        unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
+        unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
+        /* Setup the stuff to munge */
+        memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
+                TLS_MD_MASTER_SECRET_CONST_SIZE);
+        memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
+                s->s3->client_random,SSL3_RANDOM_SIZE);
+        memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
+                s->s3->server_random,SSL3_RANDOM_SIZE);
+        tls1_PRF(s->ctx->md5,s->ctx->sha1,
+                buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
+                s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
+        return(SSL3_MASTER_SECRET_SIZE);
+        }
+int tls1_alert_code(code)
+int code;
+        {
+        switch (code)
+                {
+        case SSL_AD_CLOSE_NOTIFY:       return(SSL3_AD_CLOSE_NOTIFY);
+        case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
+        case SSL_AD_BAD_RECORD_MAC:     return(SSL3_AD_BAD_RECORD_MAC);
+        case SSL_AD_DECRYPTION_FAILED:  return(TLS1_AD_DECRYPTION_FAILED);
+        case SSL_AD_RECORD_OVERFLOW:    return(TLS1_AD_RECORD_OVERFLOW);
+        case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
+        case SSL_AD_HANDSHAKE_FAILURE:  return(SSL3_AD_HANDSHAKE_FAILURE);
+        case SSL_AD_NO_CERTIFICATE:     return(-1);
+        case SSL_AD_BAD_CERTIFICATE:    return(SSL3_AD_BAD_CERTIFICATE);
+        case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
+        case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
+        case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
+        case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
+        case SSL_AD_ILLEGAL_PARAMETER:  return(SSL3_AD_ILLEGAL_PARAMETER);
+        case SSL_AD_UNKNOWN_CA:         return(TLS1_AD_UNKNOWN_CA);
+        case SSL_AD_ACCESS_DENIED:      return(TLS1_AD_ACCESS_DENIED);
+        case SSL_AD_DECODE_ERROR:       return(TLS1_AD_DECODE_ERROR);
+        case SSL_AD_DECRYPT_ERROR:      return(TLS1_AD_DECRYPT_ERROR);
+        case SSL_AD_EXPORT_RESTRICION:  return(TLS1_AD_EXPORT_RESTRICION);
+        case SSL_AD_PROTOCOL_VERSION:   return(TLS1_AD_PROTOCOL_VERSION);
+        case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
+        case SSL_AD_INTERNAL_ERROR:     return(TLS1_AD_INTERNAL_ERROR);
+        case SSL_AD_USER_CANCLED:       return(TLS1_AD_USER_CANCLED);
+        case SSL_AD_NO_RENEGOTIATION:   return(TLS1_AD_NO_RENEGOTIATION);
+        default:                        return(-1);
+                }
+        }

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c new file mode 100644 index 0000000000..fbdd3bffb5 --- /dev/null +++ b/src/lib/libssl/t1_enc.c
@@ -0,0 +1,635 @@
	1	/* ssl/t1_enc.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include "evp.h"
	61	#include "hmac.h"
	62	#include "ssl_locl.h"
	63
	64	static void tls1_P_hash(md,sec,sec_len,seed,seed_len,out,olen)
	65	EVP_MD *md;
	66	unsigned char *sec;
	67	int sec_len;
	68	unsigned char *seed;
	69	int seed_len;
	70	unsigned char *out;
	71	int olen;
	72	{
	73	int chunk,n;
	74	unsigned int j;
	75	HMAC_CTX ctx;
	76	HMAC_CTX ctx_tmp;
	77	unsigned char A1[HMAC_MAX_MD_CBLOCK];
	78	unsigned int A1_len;
	79
	80	chunk=EVP_MD_size(md);
	81
	82	HMAC_Init(&ctx,sec,sec_len,md);
	83	HMAC_Update(&ctx,seed,seed_len);
	84	HMAC_Final(&ctx,A1,&A1_len);
	85
	86	n=0;
	87	for (;;)
	88	{
	89	HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
	90	HMAC_Update(&ctx,A1,A1_len);
	91	memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 / / not needed for last one */
	92	HMAC_Update(&ctx,seed,seed_len);
	93
	94	if (olen > chunk)
	95	{
	96	HMAC_Final(&ctx,out,&j);
	97	out+=j;
	98	olen-=j;
	99	HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
	100	}
	101	else /* last one */
	102	{
	103	HMAC_Final(&ctx,A1,&A1_len);
	104	memcpy(out,A1,olen);
	105	break;
	106	}
	107	}
	108	HMAC_cleanup(&ctx);
	109	HMAC_cleanup(&ctx_tmp);
	110	memset(A1,0,sizeof(A1));
	111	}
	112
	113	static void tls1_PRF(md5,sha1,label,label_len,sec,slen,out1,out2,olen)
	114	EVP_MD *md5;
	115	EVP_MD *sha1;
	116	unsigned char *label;
	117	int label_len;
	118	unsigned char *sec;
	119	int slen;
	120	unsigned char *out1;
	121	unsigned char *out2;
	122	int olen;
	123	{
	124	int len,i;
	125	unsigned char S1,S2;
	126
	127	len=slen/2;
	128	S1=sec;
	129	S2= &(sec[len]);
	130	len+=(slen&1); /* add for odd, make longer */
	131
	132
	133	tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
	134	tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
	135
	136	for (i=0; i<olen; i++)
	137	out1[i]^=out2[i];
	138	}
	139
	140	static void tls1_generate_key_block(s,km,tmp,num)
	141	SSL *s;
	142	unsigned char km,tmp;
	143	int num;
	144	{
	145	unsigned char *p;
	146	unsigned char buf[SSL3_RANDOM_SIZE*2+
	147	TLS_MD_MAX_CONST_SIZE];
	148	p=buf;
	149
	150	memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
	151	TLS_MD_KEY_EXPANSION_CONST_SIZE);
	152	p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
	153	memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
	154	p+=SSL3_RANDOM_SIZE;
	155	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
	156	p+=SSL3_RANDOM_SIZE;
	157
	158	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,
	159	s->session->master_key,s->session->master_key_length,
	160	km,tmp,num);
	161	}
	162
	163	int tls1_change_cipher_state(s,which)
	164	SSL *s;
	165	int which;
	166	{
	167	unsigned char p,key_block,*mac_secret;
	168	unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
	169	SSL3_RANDOM_SIZE*2];
	170	unsigned char tmp1[EVP_MAX_KEY_LENGTH];
	171	unsigned char tmp2[EVP_MAX_KEY_LENGTH];
	172	unsigned char iv1[EVP_MAX_IV_LENGTH*2];
	173	unsigned char iv2[EVP_MAX_IV_LENGTH*2];
	174	unsigned char ms,key,iv,er1,*er2;
	175	int client_write;
	176	EVP_CIPHER_CTX *dd;
	177	EVP_CIPHER *c;
	178	SSL_COMPRESSION *comp;
	179	EVP_MD *m;
	180	int exp,n,i,j,k,exp_label_len;
	181
	182	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
	183	c=s->s3->tmp.new_sym_enc;
	184	m=s->s3->tmp.new_hash;
	185	comp=s->s3->tmp.new_compression;
	186	key_block=s->s3->tmp.key_block;
	187
	188	if (which & SSL3_CC_READ)
	189	{
	190	if ((s->enc_read_ctx == NULL) &&
	191	((s->enc_read_ctx=(EVP_CIPHER_CTX *)
	192	Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
	193	goto err;
	194	dd= s->enc_read_ctx;
	195	s->read_hash=m;
	196	s->read_compression=comp;
	197	memset(&(s->s3->read_sequence[0]),0,8);
	198	mac_secret= &(s->s3->read_mac_secret[0]);
	199	}
	200	else
	201	{
	202	if ((s->enc_write_ctx == NULL) &&
	203	((s->enc_write_ctx=(EVP_CIPHER_CTX *)
	204	Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
	205	goto err;
	206	dd= s->enc_write_ctx;
	207	s->write_hash=m;
	208	s->write_compression=comp;
	209	memset(&(s->s3->write_sequence[0]),0,8);
	210	mac_secret= &(s->s3->write_mac_secret[0]);
	211	}
	212
	213	EVP_CIPHER_CTX_init(dd);
	214
	215	p=s->s3->tmp.key_block;
	216	i=EVP_MD_size(m);
	217	j=(exp)?5:EVP_CIPHER_key_length(c);
	218	k=EVP_CIPHER_iv_length(c);
	219	er1= &(s->s3->client_random[0]);
	220	er2= &(s->s3->server_random[0]);
	221	if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) \|\|
	222	(which == SSL3_CHANGE_CIPHER_SERVER_READ))
	223	{
	224	ms= &(p[ 0]); n=i+i;
	225	key= &(p[ n]); n+=j+j;
	226	iv= &(p[ n]); n+=k+k;
	227	exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
	228	exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
	229	client_write=1;
	230	}
	231	else
	232	{
	233	n=i;
	234	ms= &(p[ n]); n+=i+j;
	235	key= &(p[ n]); n+=j+k;
	236	iv= &(p[ n]); n+=k;
	237	exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
	238	exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
	239	client_write=0;
	240	}
	241
	242	if (n > s->s3->tmp.key_block_length)
	243	{
	244	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
	245	goto err2;
	246	}
	247
	248	memcpy(mac_secret,ms,i);
	249	#ifdef TLS_DEBUG
	250	printf("which = %04X\nmac key=",which);
	251	{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
	252	#endif
	253	if (exp)
	254	{
	255	/* In here I set both the read and write key/iv to the
	256	* same value since only the correct one will be used :-).
	257	*/
	258	p=buf;
	259	memcpy(p,exp_label,exp_label_len);
	260	p+=exp_label_len;
	261	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
	262	p+=SSL3_RANDOM_SIZE;
	263	memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
	264	p+=SSL3_RANDOM_SIZE;
	265	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,key,j,
	266	tmp1,tmp2,EVP_CIPHER_key_length(c));
	267	key=tmp1;
	268
	269	if (k > 0)
	270	{
	271	p=buf;
	272	memcpy(p,TLS_MD_IV_BLOCK_CONST,
	273	TLS_MD_IV_BLOCK_CONST_SIZE);
	274	p+=TLS_MD_IV_BLOCK_CONST_SIZE;
	275	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
	276	p+=SSL3_RANDOM_SIZE;
	277	memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
	278	p+=SSL3_RANDOM_SIZE;
	279	tls1_PRF(s->ctx->md5,s->ctx->sha1,
	280	buf,p-buf,"",0,iv1,iv2,k*2);
	281	if (client_write)
	282	iv=iv1;
	283	else
	284	iv= &(iv1[k]);
	285	}
	286	}
	287
	288	s->session->key_arg_length=0;
	289
	290	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
	291	#ifdef TLS_DEBUG
	292	printf("which = %04X\nkey=",which);
	293	{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
	294	printf("\niv=");
	295	{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
	296	printf("\n");
	297	#endif
	298
	299	memset(tmp1,0,sizeof(tmp1));
	300	memset(tmp2,0,sizeof(tmp1));
	301	memset(iv1,0,sizeof(iv1));
	302	memset(iv2,0,sizeof(iv2));
	303	return(1);
	304	err:
	305	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
	306	err2:
	307	return(0);
	308	}
	309
	310	int tls1_setup_key_block(s)
	311	SSL *s;
	312	{
	313	unsigned char p1,p2;
	314	EVP_CIPHER *c;
	315	EVP_MD *hash;
	316	int num,exp;
	317
	318	if (s->s3->tmp.key_block_length != 0)
	319	return(1);
	320
	321	if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
	322	{
	323	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
	324	return(0);
	325	}
	326
	327	s->s3->tmp.new_sym_enc=c;
	328	s->s3->tmp.new_hash=hash;
	329
	330	exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
	331
	332	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
	333	num*=2;
	334
	335	ssl3_cleanup_key_block(s);
	336
	337	if ((p1=(unsigned char *)Malloc(num)) == NULL)
	338	goto err;
	339	if ((p2=(unsigned char *)Malloc(num)) == NULL)
	340	goto err;
	341
	342	s->s3->tmp.key_block_length=num;
	343	s->s3->tmp.key_block=p1;
	344
	345
	346	#ifdef TLS_DEBUG
	347	printf("client random\n");
	348	{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
	349	printf("server random\n");
	350	{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
	351	printf("pre-master\n");
	352	{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
	353	#endif
	354	tls1_generate_key_block(s,p1,p2,num);
	355	memset(p2,0,num);
	356	Free(p2);
	357	#ifdef TLS_DEBUG
	358	printf("\nkey block\n");
	359	{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
	360	#endif
	361
	362	return(1);
	363	err:
	364	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
	365	return(0);
	366	}
	367
	368	int tls1_enc(s,send)
	369	SSL *s;
	370	int send;
	371	{
	372	SSL3_RECORD *rec;
	373	EVP_CIPHER_CTX *ds;
	374	unsigned long l;
	375	int bs,i,ii,j,k,n=0;
	376	EVP_CIPHER *enc;
	377	SSL_COMPRESSION *comp;
	378
	379	if (send)
	380	{
	381	if (s->write_hash != NULL)
	382	n=EVP_MD_size(s->write_hash);
	383	ds=s->enc_write_ctx;
	384	rec= &(s->s3->wrec);
	385	if (s->enc_write_ctx == NULL)
	386	{ enc=NULL; comp=NULL; }
	387	else
	388	{
	389	enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
	390	comp=s->write_compression;
	391	}
	392	}
	393	else
	394	{
	395	if (s->read_hash != NULL)
	396	n=EVP_MD_size(s->read_hash);
	397	ds=s->enc_read_ctx;
	398	rec= &(s->s3->rrec);
	399	if (s->enc_read_ctx == NULL)
	400	{ enc=NULL; comp=NULL; }
	401	else
	402	{
	403	enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
	404	comp=s->read_compression;
	405	}
	406	}
	407
	408	if ((s->session == NULL) \|\| (ds == NULL) \|\|
	409	((enc == NULL) && (comp == NULL)))
	410	{
	411	memcpy(rec->data,rec->input,rec->length);
	412	rec->input=rec->data;
	413	}
	414	else
	415	{
	416	l=rec->length;
	417	bs=EVP_CIPHER_block_size(ds->cipher);
	418
	419	if ((bs != 1) && send)
	420	{
	421	i=bs-((int)l%bs);
	422
	423	/* Add weird padding of upto 256 bytes */
	424
	425	/* we need to add 'i' padding bytes of value j */
	426	j=i-1;
	427	if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
	428	{
	429	if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
	430	j++;
	431	}
	432	for (k=(int)l; k<(int)(l+i); k++)
	433	rec->input[k]=j;
	434	l+=i;
	435	rec->length+=i;
	436	}
	437
	438	EVP_Cipher(ds,rec->data,rec->input,l);
	439
	440	if ((bs != 1) && !send)
	441	{
	442	ii=i=rec->data[l-1];
	443	i++;
	444	if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
	445	{
	446	/* First packet is even in size, so check */
	447	if ((memcmp(s->s3->read_sequence,
	448	"\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
	449	s->s3->flags\|=TLS1_FLAGS_TLS_PADDING_BUG;
	450	if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
	451	i--;
	452	}
	453	if (i > (int)rec->length)
	454	{
	455	SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
	456	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
	457	return(0);
	458	}
	459	for (j=(int)(l-i); j<(int)l; j++)
	460	{
	461	if (rec->data[j] != ii)
	462	{
	463	SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
	464	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
	465	return(0);
	466	}
	467	}
	468	rec->length-=i;
	469	}
	470	}
	471	return(1);
	472	}
	473
	474	int tls1_cert_verify_mac(s,in_ctx,out)
	475	SSL *s;
	476	EVP_MD_CTX *in_ctx;
	477	unsigned char *out;
	478	{
	479	unsigned int ret;
	480	EVP_MD_CTX ctx;
	481
	482	memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
	483	EVP_DigestFinal(&ctx,out,&ret);
	484	return((int)ret);
	485	}
	486
	487	int tls1_final_finish_mac(s,in1_ctx,in2_ctx,str,slen,out)
	488	SSL *s;
	489	EVP_MD_CTX in1_ctx,in2_ctx;
	490	unsigned char *str;
	491	int slen;
	492	unsigned char *out;
	493	{
	494	unsigned int i;
	495	EVP_MD_CTX ctx;
	496	unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
	497	unsigned char *q,buf2[12];
	498
	499	q=buf;
	500	memcpy(q,str,slen);
	501	q+=slen;
	502
	503	memcpy(&ctx,in1_ctx,sizeof(EVP_MD_CTX));
	504	EVP_DigestFinal(&ctx,q,&i);
	505	q+=i;
	506	memcpy(&ctx,in2_ctx,sizeof(EVP_MD_CTX));
	507	EVP_DigestFinal(&ctx,q,&i);
	508	q+=i;
	509
	510	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,q-buf,
	511	s->session->master_key,s->session->master_key_length,
	512	out,buf2,12);
	513	memset(&ctx,0,sizeof(EVP_MD_CTX));
	514
	515	return((int)12);
	516	}
	517
	518	int tls1_mac(ssl,md,send)
	519	SSL *ssl;
	520	unsigned char *md;
	521	int send;
	522	{
	523	SSL3_RECORD *rec;
	524	unsigned char mac_sec,seq;
	525	EVP_MD *hash;
	526	unsigned int md_size;
	527	int i;
	528	HMAC_CTX hmac;
	529	unsigned char buf[5];
	530
	531	if (send)
	532	{
	533	rec= &(ssl->s3->wrec);
	534	mac_sec= &(ssl->s3->write_mac_secret[0]);
	535	seq= &(ssl->s3->write_sequence[0]);
	536	hash=ssl->write_hash;
	537	}
	538	else
	539	{
	540	rec= &(ssl->s3->rrec);
	541	mac_sec= &(ssl->s3->read_mac_secret[0]);
	542	seq= &(ssl->s3->read_sequence[0]);
	543	hash=ssl->read_hash;
	544	}
	545
	546	md_size=EVP_MD_size(hash);
	547
	548	buf[0]=rec->type;
	549	buf[1]=TLS1_VERSION_MAJOR;
	550	buf[2]=TLS1_VERSION_MINOR;
	551	buf[3]=rec->length>>8;
	552	buf[4]=rec->length&0xff;
	553
	554	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
	555	HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
	556	HMAC_Update(&hmac,seq,8);
	557	HMAC_Update(&hmac,buf,5);
	558	HMAC_Update(&hmac,rec->input,rec->length);
	559	HMAC_Final(&hmac,md,&md_size);
	560
	561	#ifdef TLS_DEBUG
	562	printf("sec=");
	563	{int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
	564	printf("seq=");
	565	{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
	566	printf("buf=");
	567	{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
	568	printf("rec=");
	569	{int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
	570	#endif
	571
	572	for (i=7; i>=0; i--)
	573	if (++seq[i]) break;
	574
	575	#ifdef TLS_DEBUG
	576	{int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
	577	#endif
	578	return(md_size);
	579	}
	580
	581	int tls1_generate_master_secret(s,out,p,len)
	582	SSL *s;
	583	unsigned char *out;
	584	unsigned char *p;
	585	int len;
	586	{
	587	unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
	588	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
	589
	590	/* Setup the stuff to munge */
	591	memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
	592	TLS_MD_MASTER_SECRET_CONST_SIZE);
	593	memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
	594	s->s3->client_random,SSL3_RANDOM_SIZE);
	595	memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
	596	s->s3->server_random,SSL3_RANDOM_SIZE);
	597	tls1_PRF(s->ctx->md5,s->ctx->sha1,
	598	buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
	599	s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
	600	return(SSL3_MASTER_SECRET_SIZE);
	601	}
	602
	603	int tls1_alert_code(code)
	604	int code;
	605	{
	606	switch (code)
	607	{
	608	case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
	609	case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
	610	case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
	611	case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED);
	612	case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW);
	613	case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
	614	case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
	615	case SSL_AD_NO_CERTIFICATE: return(-1);
	616	case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
	617	case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
	618	case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
	619	case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
	620	case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
	621	case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
	622	case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA);
	623	case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
	624	case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
	625	case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
	626	case SSL_AD_EXPORT_RESTRICION: return(TLS1_AD_EXPORT_RESTRICION);
	627	case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
	628	case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
	629	case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
	630	case SSL_AD_USER_CANCLED: return(TLS1_AD_USER_CANCLED);
	631	case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
	632	default: return(-1);
	633	}
	634	}
	635