diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_clnt.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_enc.c | 67 | ||||
| -rw-r--r-- | src/lib/libssl/t1_clnt.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 67 |
4 files changed, 84 insertions, 74 deletions
diff --git a/src/lib/libssl/src/ssl/t1_clnt.c b/src/lib/libssl/src/ssl/t1_clnt.c index fa333259ae..180843c1f5 100644 --- a/src/lib/libssl/src/ssl/t1_clnt.c +++ b/src/lib/libssl/src/ssl/t1_clnt.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * | 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * | 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. |
| 22 | * | 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 25 | * are met: |
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * | 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. |
| 52 | * | 52 | * |
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index fc7a23fb4b..579eaa6ce4 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * | 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * | 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. |
| 22 | * | 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 25 | * are met: |
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * | 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. |
| 52 | * | 52 | * |
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| @@ -63,7 +63,7 @@ | |||
| 63 | * are met: | 63 | * are met: |
| 64 | * | 64 | * |
| 65 | * 1. Redistributions of source code must retain the above copyright | 65 | * 1. Redistributions of source code must retain the above copyright |
| 66 | * notice, this list of conditions and the following disclaimer. | 66 | * notice, this list of conditions and the following disclaimer. |
| 67 | * | 67 | * |
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | 68 | * 2. Redistributions in binary form must reproduce the above copyright |
| 69 | * notice, this list of conditions and the following disclaimer in | 69 | * notice, this list of conditions and the following disclaimer in |
| @@ -228,6 +228,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, | |||
| 228 | } | 228 | } |
| 229 | } | 229 | } |
| 230 | ret = 1; | 230 | ret = 1; |
| 231 | |||
| 231 | err: | 232 | err: |
| 232 | EVP_PKEY_free(mac_key); | 233 | EVP_PKEY_free(mac_key); |
| 233 | EVP_MD_CTX_cleanup(&ctx); | 234 | EVP_MD_CTX_cleanup(&ctx); |
| @@ -264,7 +265,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, | |||
| 264 | if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) { | 265 | if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) { |
| 265 | if (!md) { | 266 | if (!md) { |
| 266 | SSLerr(SSL_F_TLS1_PRF, | 267 | SSLerr(SSL_F_TLS1_PRF, |
| 267 | SSL_R_UNSUPPORTED_DIGEST_TYPE); | 268 | SSL_R_UNSUPPORTED_DIGEST_TYPE); |
| 268 | goto err; | 269 | goto err; |
| 269 | 270 | ||
| 270 | } | 271 | } |
| @@ -279,6 +280,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, | |||
| 279 | } | 280 | } |
| 280 | } | 281 | } |
| 281 | ret = 1; | 282 | ret = 1; |
| 283 | |||
| 282 | err: | 284 | err: |
| 283 | return ret; | 285 | return ret; |
| 284 | } | 286 | } |
| @@ -297,7 +299,7 @@ tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num) | |||
| 297 | km, tmp, num); | 299 | km, tmp, num); |
| 298 | #ifdef KSSL_DEBUG | 300 | #ifdef KSSL_DEBUG |
| 299 | printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", | 301 | printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", |
| 300 | s->session->master_key_length); | 302 | s->session->master_key_length); |
| 301 | { | 303 | { |
| 302 | int i; | 304 | int i; |
| 303 | for (i = 0; i < s->session->master_key_length; i++) { | 305 | for (i = 0; i < s->session->master_key_length; i++) { |
| @@ -345,12 +347,12 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 345 | #ifdef KSSL_DEBUG | 347 | #ifdef KSSL_DEBUG |
| 346 | printf("tls1_change_cipher_state(which= %d) w/\n", which); | 348 | printf("tls1_change_cipher_state(which= %d) w/\n", which); |
| 347 | printf("\talg= %ld/%ld, comp= %p\n", | 349 | printf("\talg= %ld/%ld, comp= %p\n", |
| 348 | s->s3->tmp.new_cipher->algorithm_mkey, | 350 | s->s3->tmp.new_cipher->algorithm_mkey, |
| 349 | s->s3->tmp.new_cipher->algorithm_auth, | 351 | s->s3->tmp.new_cipher->algorithm_auth, |
| 350 | comp); | 352 | comp); |
| 351 | printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); | 353 | printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); |
| 352 | printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", | 354 | printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", |
| 353 | c->nid, c->block_size, c->key_len, c->iv_len); | 355 | c->nid, c->block_size, c->key_len, c->iv_len); |
| 354 | printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); | 356 | printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); |
| 355 | { | 357 | { |
| 356 | int i; | 358 | int i; |
| @@ -450,7 +452,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 450 | else | 452 | else |
| 451 | k = EVP_CIPHER_iv_length(c); | 453 | k = EVP_CIPHER_iv_length(c); |
| 452 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | 454 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
| 453 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { | 455 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { |
| 454 | ms = &(p[0]); | 456 | ms = &(p[0]); |
| 455 | n = i + i; | 457 | n = i + i; |
| 456 | key = &(p[n]); | 458 | key = &(p[n]); |
| @@ -482,7 +484,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 482 | 484 | ||
| 483 | if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { | 485 | if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { |
| 484 | mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, | 486 | mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, |
| 485 | mac_secret, *mac_secret_size); | 487 | mac_secret, *mac_secret_size); |
| 486 | EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key); | 488 | EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key); |
| 487 | EVP_PKEY_free(mac_key); | 489 | EVP_PKEY_free(mac_key); |
| 488 | } | 490 | } |
| @@ -498,8 +500,8 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 498 | exp_label, exp_label_len, | 500 | exp_label, exp_label_len, |
| 499 | s->s3->client_random, SSL3_RANDOM_SIZE, | 501 | s->s3->client_random, SSL3_RANDOM_SIZE, |
| 500 | s->s3->server_random, SSL3_RANDOM_SIZE, | 502 | s->s3->server_random, SSL3_RANDOM_SIZE, |
| 501 | NULL, 0, NULL, 0, | 503 | NULL, 0, NULL, 0, key, j, tmp1, tmp2, |
| 502 | key, j, tmp1, tmp2, EVP_CIPHER_key_length(c))) | 504 | EVP_CIPHER_key_length(c))) |
| 503 | goto err2; | 505 | goto err2; |
| 504 | key = tmp1; | 506 | key = tmp1; |
| 505 | 507 | ||
| @@ -508,8 +510,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 508 | TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE, | 510 | TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE, |
| 509 | s->s3->client_random, SSL3_RANDOM_SIZE, | 511 | s->s3->client_random, SSL3_RANDOM_SIZE, |
| 510 | s->s3->server_random, SSL3_RANDOM_SIZE, | 512 | s->s3->server_random, SSL3_RANDOM_SIZE, |
| 511 | NULL, 0, NULL, 0, | 513 | NULL, 0, NULL, 0, empty, 0, iv1, iv2, k*2)) |
| 512 | empty, 0, iv1, iv2, k*2)) | ||
| 513 | goto err2; | 514 | goto err2; |
| 514 | if (client_write) | 515 | if (client_write) |
| 515 | iv = iv1; | 516 | iv = iv1; |
| @@ -531,10 +532,10 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 531 | #endif /* KSSL_DEBUG */ | 532 | #endif /* KSSL_DEBUG */ |
| 532 | 533 | ||
| 533 | if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { | 534 | if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { |
| 534 | EVP_CipherInit_ex(dd, c, NULL, key, NULL,(which & SSL3_CC_WRITE)); | 535 | EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)); |
| 535 | EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv); | 536 | EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv); |
| 536 | } else | 537 | } else |
| 537 | EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE)); | 538 | EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); |
| 538 | 539 | ||
| 539 | /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ | 540 | /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ |
| 540 | if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size) | 541 | if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size) |
| @@ -554,6 +555,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 554 | OPENSSL_cleanse(iv1, sizeof(iv1)); | 555 | OPENSSL_cleanse(iv1, sizeof(iv1)); |
| 555 | OPENSSL_cleanse(iv2, sizeof(iv2)); | 556 | OPENSSL_cleanse(iv2, sizeof(iv2)); |
| 556 | return (1); | 557 | return (1); |
| 558 | |||
| 557 | err: | 559 | err: |
| 558 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); | 560 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); |
| 559 | err2: | 561 | err2: |
| @@ -771,11 +773,11 @@ tls1_enc(SSL *s, int send) | |||
| 771 | { | 773 | { |
| 772 | unsigned long ui; | 774 | unsigned long ui; |
| 773 | printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n", | 775 | printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n", |
| 774 | ds, rec->data, rec->input, l); | 776 | ds, rec->data, rec->input, l); |
| 775 | printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", | 777 | printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", |
| 776 | ds->buf_len, ds->cipher->key_len, | 778 | ds->buf_len, ds->cipher->key_len, |
| 777 | DES_KEY_SZ, DES_SCHEDULE_SZ, | 779 | DES_KEY_SZ, DES_SCHEDULE_SZ, |
| 778 | ds->cipher->iv_len); | 780 | ds->cipher->iv_len); |
| 779 | printf("\t\tIV: "); | 781 | printf("\t\tIV: "); |
| 780 | for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); | 782 | for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); |
| 781 | printf("\n"); | 783 | printf("\n"); |
| @@ -791,8 +793,8 @@ tls1_enc(SSL *s, int send) | |||
| 791 | } | 793 | } |
| 792 | 794 | ||
| 793 | i = EVP_Cipher(ds, rec->data, rec->input, l); | 795 | i = EVP_Cipher(ds, rec->data, rec->input, l); |
| 794 | if ((EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_CUSTOM_CIPHER) ? | 796 | if ((EVP_CIPHER_flags(ds->cipher) & |
| 795 | (i < 0) : (i == 0)) | 797 | EVP_CIPH_FLAG_CUSTOM_CIPHER) ? (i < 0) : (i == 0)) |
| 796 | return -1; /* AEAD can fail to verify MAC */ | 798 | return -1; /* AEAD can fail to verify MAC */ |
| 797 | if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) { | 799 | if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) { |
| 798 | rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN; | 800 | rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN; |
| @@ -889,7 +891,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) | |||
| 889 | } | 891 | } |
| 890 | } | 892 | } |
| 891 | 893 | ||
| 892 | if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf,(int)(q - buf), | 894 | if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf, (int)(q - buf), |
| 893 | NULL, 0, NULL, 0, NULL, 0, | 895 | NULL, 0, NULL, 0, NULL, 0, |
| 894 | s->session->master_key, s->session->master_key_length, | 896 | s->session->master_key, s->session->master_key_length, |
| 895 | out, buf2, sizeof buf2)) | 897 | out, buf2, sizeof buf2)) |
| @@ -912,7 +914,9 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 912 | int i; | 914 | int i; |
| 913 | EVP_MD_CTX hmac, *mac_ctx; | 915 | EVP_MD_CTX hmac, *mac_ctx; |
| 914 | unsigned char header[13]; | 916 | unsigned char header[13]; |
| 915 | int stream_mac = (send ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) : (ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM)); | 917 | int stream_mac = (send ? |
| 918 | (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) : | ||
| 919 | (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM)); | ||
| 916 | int t; | 920 | int t; |
| 917 | 921 | ||
| 918 | if (send) { | 922 | if (send) { |
| @@ -956,9 +960,10 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 956 | header[9] = (unsigned char)(ssl->version >> 8); | 960 | header[9] = (unsigned char)(ssl->version >> 8); |
| 957 | header[10] = (unsigned char)(ssl->version); | 961 | header[10] = (unsigned char)(ssl->version); |
| 958 | header[11] = (rec->length) >> 8; | 962 | header[11] = (rec->length) >> 8; |
| 959 | header[12] = (rec->length)&0xff; | 963 | header[12] = (rec->length) & 0xff; |
| 960 | 964 | ||
| 961 | if (!send && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && | 965 | if (!send && |
| 966 | EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && | ||
| 962 | ssl3_cbc_record_digest_supported(mac_ctx)) { | 967 | ssl3_cbc_record_digest_supported(mac_ctx)) { |
| 963 | /* This is a CBC-encrypted record. We must avoid leaking any | 968 | /* This is a CBC-encrypted record. We must avoid leaking any |
| 964 | * timing-side channel information about how many blocks of | 969 | * timing-side channel information about how many blocks of |
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c index fa333259ae..180843c1f5 100644 --- a/src/lib/libssl/t1_clnt.c +++ b/src/lib/libssl/t1_clnt.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * | 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * | 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. |
| 22 | * | 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 25 | * are met: |
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * | 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. |
| 52 | * | 52 | * |
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index fc7a23fb4b..579eaa6ce4 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -5,21 +5,21 @@ | |||
| 5 | * This package is an SSL implementation written | 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). | 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. | 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * | 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as | 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions | 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms | 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * | 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. | 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution | 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. | 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or | 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. | 21 | * in documentation (online or textual) provided with the package. |
| 22 | * | 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without | 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 25 | * are met: |
| @@ -34,10 +34,10 @@ | |||
| 34 | * Eric Young (eay@cryptsoft.com)" | 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). | 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * | 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| @@ -49,7 +49,7 @@ | |||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. | 51 | * SUCH DAMAGE. |
| 52 | * | 52 | * |
| 53 | * The licence and distribution terms for any publically available version or | 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| @@ -63,7 +63,7 @@ | |||
| 63 | * are met: | 63 | * are met: |
| 64 | * | 64 | * |
| 65 | * 1. Redistributions of source code must retain the above copyright | 65 | * 1. Redistributions of source code must retain the above copyright |
| 66 | * notice, this list of conditions and the following disclaimer. | 66 | * notice, this list of conditions and the following disclaimer. |
| 67 | * | 67 | * |
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | 68 | * 2. Redistributions in binary form must reproduce the above copyright |
| 69 | * notice, this list of conditions and the following disclaimer in | 69 | * notice, this list of conditions and the following disclaimer in |
| @@ -228,6 +228,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, | |||
| 228 | } | 228 | } |
| 229 | } | 229 | } |
| 230 | ret = 1; | 230 | ret = 1; |
| 231 | |||
| 231 | err: | 232 | err: |
| 232 | EVP_PKEY_free(mac_key); | 233 | EVP_PKEY_free(mac_key); |
| 233 | EVP_MD_CTX_cleanup(&ctx); | 234 | EVP_MD_CTX_cleanup(&ctx); |
| @@ -264,7 +265,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, | |||
| 264 | if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) { | 265 | if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) { |
| 265 | if (!md) { | 266 | if (!md) { |
| 266 | SSLerr(SSL_F_TLS1_PRF, | 267 | SSLerr(SSL_F_TLS1_PRF, |
| 267 | SSL_R_UNSUPPORTED_DIGEST_TYPE); | 268 | SSL_R_UNSUPPORTED_DIGEST_TYPE); |
| 268 | goto err; | 269 | goto err; |
| 269 | 270 | ||
| 270 | } | 271 | } |
| @@ -279,6 +280,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, | |||
| 279 | } | 280 | } |
| 280 | } | 281 | } |
| 281 | ret = 1; | 282 | ret = 1; |
| 283 | |||
| 282 | err: | 284 | err: |
| 283 | return ret; | 285 | return ret; |
| 284 | } | 286 | } |
| @@ -297,7 +299,7 @@ tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num) | |||
| 297 | km, tmp, num); | 299 | km, tmp, num); |
| 298 | #ifdef KSSL_DEBUG | 300 | #ifdef KSSL_DEBUG |
| 299 | printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", | 301 | printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", |
| 300 | s->session->master_key_length); | 302 | s->session->master_key_length); |
| 301 | { | 303 | { |
| 302 | int i; | 304 | int i; |
| 303 | for (i = 0; i < s->session->master_key_length; i++) { | 305 | for (i = 0; i < s->session->master_key_length; i++) { |
| @@ -345,12 +347,12 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 345 | #ifdef KSSL_DEBUG | 347 | #ifdef KSSL_DEBUG |
| 346 | printf("tls1_change_cipher_state(which= %d) w/\n", which); | 348 | printf("tls1_change_cipher_state(which= %d) w/\n", which); |
| 347 | printf("\talg= %ld/%ld, comp= %p\n", | 349 | printf("\talg= %ld/%ld, comp= %p\n", |
| 348 | s->s3->tmp.new_cipher->algorithm_mkey, | 350 | s->s3->tmp.new_cipher->algorithm_mkey, |
| 349 | s->s3->tmp.new_cipher->algorithm_auth, | 351 | s->s3->tmp.new_cipher->algorithm_auth, |
| 350 | comp); | 352 | comp); |
| 351 | printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); | 353 | printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); |
| 352 | printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", | 354 | printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", |
| 353 | c->nid, c->block_size, c->key_len, c->iv_len); | 355 | c->nid, c->block_size, c->key_len, c->iv_len); |
| 354 | printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); | 356 | printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); |
| 355 | { | 357 | { |
| 356 | int i; | 358 | int i; |
| @@ -450,7 +452,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 450 | else | 452 | else |
| 451 | k = EVP_CIPHER_iv_length(c); | 453 | k = EVP_CIPHER_iv_length(c); |
| 452 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | 454 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
| 453 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { | 455 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { |
| 454 | ms = &(p[0]); | 456 | ms = &(p[0]); |
| 455 | n = i + i; | 457 | n = i + i; |
| 456 | key = &(p[n]); | 458 | key = &(p[n]); |
| @@ -482,7 +484,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 482 | 484 | ||
| 483 | if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { | 485 | if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { |
| 484 | mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, | 486 | mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, |
| 485 | mac_secret, *mac_secret_size); | 487 | mac_secret, *mac_secret_size); |
| 486 | EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key); | 488 | EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key); |
| 487 | EVP_PKEY_free(mac_key); | 489 | EVP_PKEY_free(mac_key); |
| 488 | } | 490 | } |
| @@ -498,8 +500,8 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 498 | exp_label, exp_label_len, | 500 | exp_label, exp_label_len, |
| 499 | s->s3->client_random, SSL3_RANDOM_SIZE, | 501 | s->s3->client_random, SSL3_RANDOM_SIZE, |
| 500 | s->s3->server_random, SSL3_RANDOM_SIZE, | 502 | s->s3->server_random, SSL3_RANDOM_SIZE, |
| 501 | NULL, 0, NULL, 0, | 503 | NULL, 0, NULL, 0, key, j, tmp1, tmp2, |
| 502 | key, j, tmp1, tmp2, EVP_CIPHER_key_length(c))) | 504 | EVP_CIPHER_key_length(c))) |
| 503 | goto err2; | 505 | goto err2; |
| 504 | key = tmp1; | 506 | key = tmp1; |
| 505 | 507 | ||
| @@ -508,8 +510,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 508 | TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE, | 510 | TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE, |
| 509 | s->s3->client_random, SSL3_RANDOM_SIZE, | 511 | s->s3->client_random, SSL3_RANDOM_SIZE, |
| 510 | s->s3->server_random, SSL3_RANDOM_SIZE, | 512 | s->s3->server_random, SSL3_RANDOM_SIZE, |
| 511 | NULL, 0, NULL, 0, | 513 | NULL, 0, NULL, 0, empty, 0, iv1, iv2, k*2)) |
| 512 | empty, 0, iv1, iv2, k*2)) | ||
| 513 | goto err2; | 514 | goto err2; |
| 514 | if (client_write) | 515 | if (client_write) |
| 515 | iv = iv1; | 516 | iv = iv1; |
| @@ -531,10 +532,10 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 531 | #endif /* KSSL_DEBUG */ | 532 | #endif /* KSSL_DEBUG */ |
| 532 | 533 | ||
| 533 | if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { | 534 | if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { |
| 534 | EVP_CipherInit_ex(dd, c, NULL, key, NULL,(which & SSL3_CC_WRITE)); | 535 | EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)); |
| 535 | EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv); | 536 | EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv); |
| 536 | } else | 537 | } else |
| 537 | EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE)); | 538 | EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); |
| 538 | 539 | ||
| 539 | /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ | 540 | /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ |
| 540 | if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size) | 541 | if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size) |
| @@ -554,6 +555,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 554 | OPENSSL_cleanse(iv1, sizeof(iv1)); | 555 | OPENSSL_cleanse(iv1, sizeof(iv1)); |
| 555 | OPENSSL_cleanse(iv2, sizeof(iv2)); | 556 | OPENSSL_cleanse(iv2, sizeof(iv2)); |
| 556 | return (1); | 557 | return (1); |
| 558 | |||
| 557 | err: | 559 | err: |
| 558 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); | 560 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); |
| 559 | err2: | 561 | err2: |
| @@ -771,11 +773,11 @@ tls1_enc(SSL *s, int send) | |||
| 771 | { | 773 | { |
| 772 | unsigned long ui; | 774 | unsigned long ui; |
| 773 | printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n", | 775 | printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n", |
| 774 | ds, rec->data, rec->input, l); | 776 | ds, rec->data, rec->input, l); |
| 775 | printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", | 777 | printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", |
| 776 | ds->buf_len, ds->cipher->key_len, | 778 | ds->buf_len, ds->cipher->key_len, |
| 777 | DES_KEY_SZ, DES_SCHEDULE_SZ, | 779 | DES_KEY_SZ, DES_SCHEDULE_SZ, |
| 778 | ds->cipher->iv_len); | 780 | ds->cipher->iv_len); |
| 779 | printf("\t\tIV: "); | 781 | printf("\t\tIV: "); |
| 780 | for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); | 782 | for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); |
| 781 | printf("\n"); | 783 | printf("\n"); |
| @@ -791,8 +793,8 @@ tls1_enc(SSL *s, int send) | |||
| 791 | } | 793 | } |
| 792 | 794 | ||
| 793 | i = EVP_Cipher(ds, rec->data, rec->input, l); | 795 | i = EVP_Cipher(ds, rec->data, rec->input, l); |
| 794 | if ((EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_CUSTOM_CIPHER) ? | 796 | if ((EVP_CIPHER_flags(ds->cipher) & |
| 795 | (i < 0) : (i == 0)) | 797 | EVP_CIPH_FLAG_CUSTOM_CIPHER) ? (i < 0) : (i == 0)) |
| 796 | return -1; /* AEAD can fail to verify MAC */ | 798 | return -1; /* AEAD can fail to verify MAC */ |
| 797 | if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) { | 799 | if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) { |
| 798 | rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN; | 800 | rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN; |
| @@ -889,7 +891,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) | |||
| 889 | } | 891 | } |
| 890 | } | 892 | } |
| 891 | 893 | ||
| 892 | if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf,(int)(q - buf), | 894 | if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf, (int)(q - buf), |
| 893 | NULL, 0, NULL, 0, NULL, 0, | 895 | NULL, 0, NULL, 0, NULL, 0, |
| 894 | s->session->master_key, s->session->master_key_length, | 896 | s->session->master_key, s->session->master_key_length, |
| 895 | out, buf2, sizeof buf2)) | 897 | out, buf2, sizeof buf2)) |
| @@ -912,7 +914,9 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 912 | int i; | 914 | int i; |
| 913 | EVP_MD_CTX hmac, *mac_ctx; | 915 | EVP_MD_CTX hmac, *mac_ctx; |
| 914 | unsigned char header[13]; | 916 | unsigned char header[13]; |
| 915 | int stream_mac = (send ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) : (ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM)); | 917 | int stream_mac = (send ? |
| 918 | (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) : | ||
| 919 | (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM)); | ||
| 916 | int t; | 920 | int t; |
| 917 | 921 | ||
| 918 | if (send) { | 922 | if (send) { |
| @@ -956,9 +960,10 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 956 | header[9] = (unsigned char)(ssl->version >> 8); | 960 | header[9] = (unsigned char)(ssl->version >> 8); |
| 957 | header[10] = (unsigned char)(ssl->version); | 961 | header[10] = (unsigned char)(ssl->version); |
| 958 | header[11] = (rec->length) >> 8; | 962 | header[11] = (rec->length) >> 8; |
| 959 | header[12] = (rec->length)&0xff; | 963 | header[12] = (rec->length) & 0xff; |
| 960 | 964 | ||
| 961 | if (!send && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && | 965 | if (!send && |
| 966 | EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && | ||
| 962 | ssl3_cbc_record_digest_supported(mac_ctx)) { | 967 | ssl3_cbc_record_digest_supported(mac_ctx)) { |
| 963 | /* This is a CBC-encrypted record. We must avoid leaking any | 968 | /* This is a CBC-encrypted record. We must avoid leaking any |
| 964 | * timing-side channel information about how many blocks of | 969 | * timing-side channel information about how many blocks of |