]>
Commit | Line | Data |
---|---|---|
846e33c7 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
c80149d9 | 3 | * Copyright 2005 Nokia. All rights reserved. |
82b0bf0b | 4 | * |
846e33c7 RS |
5 | * Licensed under the OpenSSL license (the "License"). You may not use |
6 | * this file except in compliance with the License. You can obtain a copy | |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
82b0bf0b | 9 | */ |
846e33c7 | 10 | |
d02b48c6 | 11 | #include <stdio.h> |
d02b48c6 | 12 | #include "ssl_locl.h" |
7b63c0fa | 13 | #include <openssl/evp.h> |
dbad1690 | 14 | #include <openssl/md5.h> |
67dc995e | 15 | #include "internal/cryptlib.h" |
d02b48c6 | 16 | |
027e257b | 17 | static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) |
0f113f3e | 18 | { |
6e59a892 RL |
19 | EVP_MD_CTX *m5; |
20 | EVP_MD_CTX *s1; | |
0f113f3e MC |
21 | unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; |
22 | unsigned char c = 'A'; | |
23 | unsigned int i, j, k; | |
6e59a892 | 24 | int ret = 0; |
58964a49 | 25 | |
ca570cfd | 26 | #ifdef CHARSET_EBCDIC |
0f113f3e | 27 | c = os_toascii[c]; /* 'A' in ASCII */ |
ca570cfd | 28 | #endif |
0f113f3e | 29 | k = 0; |
bfb0641f RL |
30 | m5 = EVP_MD_CTX_new(); |
31 | s1 = EVP_MD_CTX_new(); | |
6e59a892 RL |
32 | if (m5 == NULL || s1 == NULL) { |
33 | SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_MALLOC_FAILURE); | |
34 | goto err; | |
35 | } | |
36 | EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | |
0f113f3e MC |
37 | for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { |
38 | k++; | |
a6fd7c1d | 39 | if (k > sizeof(buf)) { |
0f113f3e MC |
40 | /* bug: 'buf' is too small for this ciphersuite */ |
41 | SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); | |
a6fd7c1d | 42 | goto err; |
0f113f3e MC |
43 | } |
44 | ||
45 | for (j = 0; j < k; j++) | |
46 | buf[j] = c; | |
47 | c++; | |
d166ed8c DSH |
48 | if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL) |
49 | || !EVP_DigestUpdate(s1, buf, k) | |
50 | || !EVP_DigestUpdate(s1, s->session->master_key, | |
51 | s->session->master_key_length) | |
52 | || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE) | |
53 | || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE) | |
54 | || !EVP_DigestFinal_ex(s1, smd, NULL) | |
55 | || !EVP_DigestInit_ex(m5, EVP_md5(), NULL) | |
56 | || !EVP_DigestUpdate(m5, s->session->master_key, | |
57 | s->session->master_key_length) | |
58 | || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) | |
59 | goto err; | |
0f113f3e | 60 | if ((int)(i + MD5_DIGEST_LENGTH) > num) { |
d166ed8c DSH |
61 | if (!EVP_DigestFinal_ex(m5, smd, NULL)) |
62 | goto err; | |
0f113f3e | 63 | memcpy(km, smd, (num - i)); |
d166ed8c DSH |
64 | } else { |
65 | if (!EVP_DigestFinal_ex(m5, km, NULL)) | |
66 | goto err; | |
67 | } | |
0f113f3e MC |
68 | |
69 | km += MD5_DIGEST_LENGTH; | |
70 | } | |
e0f9bf1d | 71 | OPENSSL_cleanse(smd, sizeof(smd)); |
6e59a892 RL |
72 | ret = 1; |
73 | err: | |
bfb0641f RL |
74 | EVP_MD_CTX_free(m5); |
75 | EVP_MD_CTX_free(s1); | |
6e59a892 | 76 | return ret; |
0f113f3e | 77 | } |
58964a49 | 78 | |
6b691a5c | 79 | int ssl3_change_cipher_state(SSL *s, int which) |
0f113f3e MC |
80 | { |
81 | unsigned char *p, *mac_secret; | |
82 | unsigned char exp_key[EVP_MAX_KEY_LENGTH]; | |
83 | unsigned char exp_iv[EVP_MAX_IV_LENGTH]; | |
361a1191 | 84 | unsigned char *ms, *key, *iv; |
0f113f3e MC |
85 | EVP_CIPHER_CTX *dd; |
86 | const EVP_CIPHER *c; | |
09b6c2ef | 87 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 88 | COMP_METHOD *comp; |
09b6c2ef | 89 | #endif |
0f113f3e | 90 | const EVP_MD *m; |
8c1a5343 MC |
91 | int mdi; |
92 | size_t n, i, j, k, cl; | |
0f113f3e MC |
93 | int reuse_dd = 0; |
94 | ||
0f113f3e MC |
95 | c = s->s3->tmp.new_sym_enc; |
96 | m = s->s3->tmp.new_hash; | |
97 | /* m == NULL will lead to a crash later */ | |
380a522f MC |
98 | if (!ossl_assert(m != NULL)) { |
99 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); | |
100 | goto err2; | |
101 | } | |
09b6c2ef | 102 | #ifndef OPENSSL_NO_COMP |
0f113f3e MC |
103 | if (s->s3->tmp.new_compression == NULL) |
104 | comp = NULL; | |
105 | else | |
106 | comp = s->s3->tmp.new_compression->method; | |
09b6c2ef | 107 | #endif |
d02b48c6 | 108 | |
0f113f3e MC |
109 | if (which & SSL3_CC_READ) { |
110 | if (s->enc_read_ctx != NULL) | |
111 | reuse_dd = 1; | |
846ec07d | 112 | else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) |
0f113f3e MC |
113 | goto err; |
114 | else | |
115 | /* | |
8483a003 | 116 | * make sure it's initialised in case we exit later with an error |
0f113f3e | 117 | */ |
846ec07d | 118 | EVP_CIPHER_CTX_reset(s->enc_read_ctx); |
0f113f3e MC |
119 | dd = s->enc_read_ctx; |
120 | ||
5f3d93e4 | 121 | if (ssl_replace_hash(&s->read_hash, m) == NULL) { |
a230b26e EK |
122 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); |
123 | goto err2; | |
69f68237 | 124 | } |
09b6c2ef | 125 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 126 | /* COMPRESS */ |
efa7dd64 RS |
127 | COMP_CTX_free(s->expand); |
128 | s->expand = NULL; | |
0f113f3e MC |
129 | if (comp != NULL) { |
130 | s->expand = COMP_CTX_new(comp); | |
131 | if (s->expand == NULL) { | |
132 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, | |
133 | SSL_R_COMPRESSION_LIBRARY_ERROR); | |
134 | goto err2; | |
135 | } | |
0f113f3e | 136 | } |
09b6c2ef | 137 | #endif |
de07f311 | 138 | RECORD_LAYER_reset_read_sequence(&s->rlayer); |
0f113f3e MC |
139 | mac_secret = &(s->s3->read_mac_secret[0]); |
140 | } else { | |
141 | if (s->enc_write_ctx != NULL) | |
142 | reuse_dd = 1; | |
846ec07d | 143 | else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) |
0f113f3e MC |
144 | goto err; |
145 | else | |
146 | /* | |
8483a003 | 147 | * make sure it's initialised in case we exit later with an error |
0f113f3e | 148 | */ |
846ec07d | 149 | EVP_CIPHER_CTX_reset(s->enc_write_ctx); |
0f113f3e | 150 | dd = s->enc_write_ctx; |
5f3d93e4 | 151 | if (ssl_replace_hash(&s->write_hash, m) == NULL) { |
a230b26e EK |
152 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); |
153 | goto err2; | |
69f68237 | 154 | } |
09b6c2ef | 155 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 156 | /* COMPRESS */ |
efa7dd64 RS |
157 | COMP_CTX_free(s->compress); |
158 | s->compress = NULL; | |
0f113f3e MC |
159 | if (comp != NULL) { |
160 | s->compress = COMP_CTX_new(comp); | |
161 | if (s->compress == NULL) { | |
162 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, | |
163 | SSL_R_COMPRESSION_LIBRARY_ERROR); | |
164 | goto err2; | |
165 | } | |
166 | } | |
09b6c2ef | 167 | #endif |
de07f311 | 168 | RECORD_LAYER_reset_write_sequence(&s->rlayer); |
0f113f3e MC |
169 | mac_secret = &(s->s3->write_mac_secret[0]); |
170 | } | |
171 | ||
172 | if (reuse_dd) | |
846ec07d | 173 | EVP_CIPHER_CTX_reset(dd); |
0f113f3e MC |
174 | |
175 | p = s->s3->tmp.key_block; | |
8c1a5343 MC |
176 | mdi = EVP_MD_size(m); |
177 | if (mdi < 0) | |
0f113f3e | 178 | goto err2; |
8c1a5343 | 179 | i = mdi; |
0f113f3e | 180 | cl = EVP_CIPHER_key_length(c); |
361a1191 | 181 | j = cl; |
0f113f3e MC |
182 | k = EVP_CIPHER_iv_length(c); |
183 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | |
184 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { | |
185 | ms = &(p[0]); | |
186 | n = i + i; | |
187 | key = &(p[n]); | |
188 | n += j + j; | |
189 | iv = &(p[n]); | |
190 | n += k + k; | |
0f113f3e MC |
191 | } else { |
192 | n = i; | |
193 | ms = &(p[n]); | |
194 | n += i + j; | |
195 | key = &(p[n]); | |
196 | n += j + k; | |
197 | iv = &(p[n]); | |
198 | n += k; | |
0f113f3e MC |
199 | } |
200 | ||
201 | if (n > s->s3->tmp.key_block_length) { | |
202 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); | |
203 | goto err2; | |
204 | } | |
205 | ||
0f113f3e | 206 | memcpy(mac_secret, ms, i); |
0f113f3e | 207 | |
a6fd7c1d BE |
208 | if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) |
209 | goto err2; | |
58964a49 | 210 | |
e0f9bf1d RS |
211 | OPENSSL_cleanse(exp_key, sizeof(exp_key)); |
212 | OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); | |
208fb891 | 213 | return 1; |
0f113f3e MC |
214 | err: |
215 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); | |
216 | err2: | |
e0f9bf1d RS |
217 | OPENSSL_cleanse(exp_key, sizeof(exp_key)); |
218 | OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); | |
0f113f3e MC |
219 | return (0); |
220 | } | |
d02b48c6 | 221 | |
6b691a5c | 222 | int ssl3_setup_key_block(SSL *s) |
0f113f3e MC |
223 | { |
224 | unsigned char *p; | |
225 | const EVP_CIPHER *c; | |
226 | const EVP_MD *hash; | |
227 | int num; | |
228 | int ret = 0; | |
229 | SSL_COMP *comp; | |
230 | ||
231 | if (s->s3->tmp.key_block_length != 0) | |
208fb891 | 232 | return 1; |
0f113f3e MC |
233 | |
234 | if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) { | |
235 | SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); | |
236 | return (0); | |
237 | } | |
238 | ||
239 | s->s3->tmp.new_sym_enc = c; | |
240 | s->s3->tmp.new_hash = hash; | |
09b6c2ef | 241 | #ifdef OPENSSL_NO_COMP |
0f113f3e | 242 | s->s3->tmp.new_compression = NULL; |
09b6c2ef | 243 | #else |
0f113f3e | 244 | s->s3->tmp.new_compression = comp; |
09b6c2ef | 245 | #endif |
d02b48c6 | 246 | |
0f113f3e MC |
247 | num = EVP_MD_size(hash); |
248 | if (num < 0) | |
249 | return 0; | |
250 | ||
251 | num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c); | |
252 | num *= 2; | |
0eab41fb | 253 | |
0f113f3e | 254 | ssl3_cleanup_key_block(s); |
d02b48c6 | 255 | |
0f113f3e MC |
256 | if ((p = OPENSSL_malloc(num)) == NULL) |
257 | goto err; | |
d02b48c6 | 258 | |
0f113f3e MC |
259 | s->s3->tmp.key_block_length = num; |
260 | s->s3->tmp.key_block = p; | |
d02b48c6 | 261 | |
0f113f3e | 262 | ret = ssl3_generate_key_block(s, p, num); |
d02b48c6 | 263 | |
0f113f3e MC |
264 | if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) { |
265 | /* | |
266 | * enable vulnerability countermeasure for CBC ciphers with known-IV | |
267 | * problem (http://www.openssl.org/~bodo/tls-cbc.txt) | |
268 | */ | |
269 | s->s3->need_empty_fragments = 1; | |
82b0bf0b | 270 | |
0f113f3e MC |
271 | if (s->session->cipher != NULL) { |
272 | if (s->session->cipher->algorithm_enc == SSL_eNULL) | |
273 | s->s3->need_empty_fragments = 0; | |
c21506ba | 274 | |
82b0bf0b | 275 | #ifndef OPENSSL_NO_RC4 |
0f113f3e MC |
276 | if (s->session->cipher->algorithm_enc == SSL_RC4) |
277 | s->s3->need_empty_fragments = 0; | |
82b0bf0b | 278 | #endif |
0f113f3e MC |
279 | } |
280 | } | |
d02b48c6 | 281 | |
0f113f3e MC |
282 | return ret; |
283 | ||
284 | err: | |
285 | SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); | |
286 | return (0); | |
287 | } | |
d02b48c6 | 288 | |
6b691a5c | 289 | void ssl3_cleanup_key_block(SSL *s) |
0f113f3e | 290 | { |
4b45c6e5 RS |
291 | OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length); |
292 | s->s3->tmp.key_block = NULL; | |
0f113f3e MC |
293 | s->s3->tmp.key_block_length = 0; |
294 | } | |
d02b48c6 | 295 | |
2c4a056f | 296 | int ssl3_init_finished_mac(SSL *s) |
0f113f3e | 297 | { |
2c4a056f MC |
298 | BIO *buf = BIO_new(BIO_s_mem()); |
299 | ||
300 | if (buf == NULL) { | |
301 | SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE); | |
302 | return 0; | |
303 | } | |
85fb6fda | 304 | ssl3_free_digest_list(s); |
2c4a056f | 305 | s->s3->handshake_buffer = buf; |
0f113f3e | 306 | (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); |
2c4a056f | 307 | return 1; |
0f113f3e MC |
308 | } |
309 | ||
c7238204 DSH |
310 | /* |
311 | * Free digest list. Also frees handshake buffer since they are always freed | |
312 | * together. | |
313 | */ | |
314 | ||
0f113f3e MC |
315 | void ssl3_free_digest_list(SSL *s) |
316 | { | |
c7238204 DSH |
317 | BIO_free(s->s3->handshake_buffer); |
318 | s->s3->handshake_buffer = NULL; | |
bfb0641f | 319 | EVP_MD_CTX_free(s->s3->handshake_dgst); |
0f113f3e MC |
320 | s->s3->handshake_dgst = NULL; |
321 | } | |
81025661 | 322 | |
7ee8627f | 323 | int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) |
0f113f3e | 324 | { |
7ee8627f MC |
325 | if (s->s3->handshake_dgst == NULL) { |
326 | int ret; | |
d166ed8c | 327 | /* Note: this writes to a memory BIO so a failure is a fatal error */ |
7ee8627f MC |
328 | if (len > INT_MAX) |
329 | return 0; | |
330 | ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len); | |
331 | return ret > 0 && ret == (int)len; | |
332 | } else { | |
d166ed8c | 333 | return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); |
7ee8627f | 334 | } |
0f113f3e | 335 | } |
6ba71a71 | 336 | |
124037fd | 337 | int ssl3_digest_cached_records(SSL *s, int keep) |
0f113f3e | 338 | { |
0f113f3e MC |
339 | const EVP_MD *md; |
340 | long hdatalen; | |
341 | void *hdata; | |
342 | ||
0f113f3e | 343 | if (s->s3->handshake_dgst == NULL) { |
124037fd DSH |
344 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); |
345 | if (hdatalen <= 0) { | |
a230b26e EK |
346 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, |
347 | SSL_R_BAD_HANDSHAKE_LENGTH); | |
124037fd DSH |
348 | return 0; |
349 | } | |
0f113f3e | 350 | |
bfb0641f | 351 | s->s3->handshake_dgst = EVP_MD_CTX_new(); |
28ba2541 DSH |
352 | if (s->s3->handshake_dgst == NULL) { |
353 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); | |
354 | return 0; | |
355 | } | |
356 | ||
357 | md = ssl_handshake_md(s); | |
a230b26e EK |
358 | if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL) |
359 | || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) { | |
28ba2541 DSH |
360 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR); |
361 | return 0; | |
0f113f3e MC |
362 | } |
363 | } | |
124037fd | 364 | if (keep == 0) { |
0f113f3e MC |
365 | BIO_free(s->s3->handshake_buffer); |
366 | s->s3->handshake_buffer = NULL; | |
367 | } | |
368 | ||
369 | return 1; | |
370 | } | |
6ba71a71 | 371 | |
6db6bc5a MC |
372 | size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, |
373 | unsigned char *p) | |
0f113f3e | 374 | { |
28ba2541 | 375 | int ret; |
6e59a892 | 376 | EVP_MD_CTX *ctx = NULL; |
0f113f3e | 377 | |
124037fd DSH |
378 | if (!ssl3_digest_cached_records(s, 0)) |
379 | return 0; | |
0f113f3e | 380 | |
28ba2541 | 381 | if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) { |
600fdc71 | 382 | SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, SSL_R_NO_REQUIRED_DIGEST); |
0f113f3e MC |
383 | return 0; |
384 | } | |
28ba2541 | 385 | |
bfb0641f | 386 | ctx = EVP_MD_CTX_new(); |
6e59a892 RL |
387 | if (ctx == NULL) { |
388 | SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE); | |
389 | return 0; | |
390 | } | |
d356dc56 MC |
391 | if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) { |
392 | SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); | |
393 | return 0; | |
394 | } | |
28ba2541 | 395 | |
6e59a892 | 396 | ret = EVP_MD_CTX_size(ctx); |
28ba2541 | 397 | if (ret < 0) { |
bfb0641f | 398 | EVP_MD_CTX_reset(ctx); |
0f113f3e | 399 | return 0; |
28ba2541 | 400 | } |
0f113f3e | 401 | |
6e59a892 | 402 | if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) |
a230b26e | 403 | || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, |
348240c6 | 404 | (int)s->session->master_key_length, |
a230b26e EK |
405 | s->session->master_key) <= 0 |
406 | || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { | |
600fdc71 | 407 | SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); |
5f3d93e4 MC |
408 | ret = 0; |
409 | } | |
0f113f3e | 410 | |
bfb0641f | 411 | EVP_MD_CTX_free(ctx); |
0f113f3e | 412 | |
28ba2541 | 413 | return ret; |
0f113f3e | 414 | } |
d02b48c6 | 415 | |
6b691a5c | 416 | int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, |
8c1a5343 | 417 | size_t len, size_t *secret_size) |
0f113f3e MC |
418 | { |
419 | static const unsigned char *salt[3] = { | |
ca570cfd | 420 | #ifndef CHARSET_EBCDIC |
0f113f3e MC |
421 | (const unsigned char *)"A", |
422 | (const unsigned char *)"BB", | |
423 | (const unsigned char *)"CCC", | |
ca570cfd | 424 | #else |
0f113f3e MC |
425 | (const unsigned char *)"\x41", |
426 | (const unsigned char *)"\x42\x42", | |
427 | (const unsigned char *)"\x43\x43\x43", | |
ca570cfd | 428 | #endif |
0f113f3e MC |
429 | }; |
430 | unsigned char buf[EVP_MAX_MD_SIZE]; | |
bfb0641f | 431 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
8c1a5343 | 432 | int i, ret = 1; |
0f113f3e | 433 | unsigned int n; |
8c1a5343 | 434 | size_t ret_secret_size = 0; |
d02b48c6 | 435 | |
6e59a892 RL |
436 | if (ctx == NULL) { |
437 | SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE); | |
438 | return 0; | |
439 | } | |
0f113f3e | 440 | for (i = 0; i < 3; i++) { |
6e59a892 | 441 | if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 |
a230b26e EK |
442 | || EVP_DigestUpdate(ctx, salt[i], |
443 | strlen((const char *)salt[i])) <= 0 | |
444 | || EVP_DigestUpdate(ctx, p, len) <= 0 | |
445 | || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]), | |
446 | SSL3_RANDOM_SIZE) <= 0 | |
447 | || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]), | |
448 | SSL3_RANDOM_SIZE) <= 0 | |
8c1a5343 | 449 | /* TODO(size_t) : convert me */ |
a230b26e EK |
450 | || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 |
451 | || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 | |
452 | || EVP_DigestUpdate(ctx, p, len) <= 0 | |
453 | || EVP_DigestUpdate(ctx, buf, n) <= 0 | |
454 | || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { | |
5f3d93e4 MC |
455 | SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); |
456 | ret = 0; | |
457 | break; | |
458 | } | |
0f113f3e | 459 | out += n; |
8c1a5343 | 460 | ret_secret_size += n; |
0f113f3e | 461 | } |
bfb0641f | 462 | EVP_MD_CTX_free(ctx); |
1cf218bc | 463 | |
e0f9bf1d | 464 | OPENSSL_cleanse(buf, sizeof(buf)); |
8c1a5343 MC |
465 | if (ret) |
466 | *secret_size = ret_secret_size; | |
467 | return ret; | |
0f113f3e | 468 | } |
d02b48c6 | 469 | |
6b691a5c | 470 | int ssl3_alert_code(int code) |
0f113f3e MC |
471 | { |
472 | switch (code) { | |
473 | case SSL_AD_CLOSE_NOTIFY: | |
474 | return (SSL3_AD_CLOSE_NOTIFY); | |
475 | case SSL_AD_UNEXPECTED_MESSAGE: | |
476 | return (SSL3_AD_UNEXPECTED_MESSAGE); | |
477 | case SSL_AD_BAD_RECORD_MAC: | |
478 | return (SSL3_AD_BAD_RECORD_MAC); | |
479 | case SSL_AD_DECRYPTION_FAILED: | |
480 | return (SSL3_AD_BAD_RECORD_MAC); | |
481 | case SSL_AD_RECORD_OVERFLOW: | |
482 | return (SSL3_AD_BAD_RECORD_MAC); | |
483 | case SSL_AD_DECOMPRESSION_FAILURE: | |
484 | return (SSL3_AD_DECOMPRESSION_FAILURE); | |
485 | case SSL_AD_HANDSHAKE_FAILURE: | |
486 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
487 | case SSL_AD_NO_CERTIFICATE: | |
488 | return (SSL3_AD_NO_CERTIFICATE); | |
489 | case SSL_AD_BAD_CERTIFICATE: | |
490 | return (SSL3_AD_BAD_CERTIFICATE); | |
491 | case SSL_AD_UNSUPPORTED_CERTIFICATE: | |
492 | return (SSL3_AD_UNSUPPORTED_CERTIFICATE); | |
493 | case SSL_AD_CERTIFICATE_REVOKED: | |
494 | return (SSL3_AD_CERTIFICATE_REVOKED); | |
495 | case SSL_AD_CERTIFICATE_EXPIRED: | |
496 | return (SSL3_AD_CERTIFICATE_EXPIRED); | |
497 | case SSL_AD_CERTIFICATE_UNKNOWN: | |
498 | return (SSL3_AD_CERTIFICATE_UNKNOWN); | |
499 | case SSL_AD_ILLEGAL_PARAMETER: | |
500 | return (SSL3_AD_ILLEGAL_PARAMETER); | |
501 | case SSL_AD_UNKNOWN_CA: | |
502 | return (SSL3_AD_BAD_CERTIFICATE); | |
503 | case SSL_AD_ACCESS_DENIED: | |
504 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
505 | case SSL_AD_DECODE_ERROR: | |
506 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
507 | case SSL_AD_DECRYPT_ERROR: | |
508 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
509 | case SSL_AD_EXPORT_RESTRICTION: | |
510 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
511 | case SSL_AD_PROTOCOL_VERSION: | |
512 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
513 | case SSL_AD_INSUFFICIENT_SECURITY: | |
514 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
515 | case SSL_AD_INTERNAL_ERROR: | |
516 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
517 | case SSL_AD_USER_CANCELLED: | |
518 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
519 | case SSL_AD_NO_RENEGOTIATION: | |
520 | return (-1); /* Don't send it :-) */ | |
521 | case SSL_AD_UNSUPPORTED_EXTENSION: | |
522 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
523 | case SSL_AD_CERTIFICATE_UNOBTAINABLE: | |
524 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
525 | case SSL_AD_UNRECOGNIZED_NAME: | |
526 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
527 | case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: | |
528 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
529 | case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: | |
530 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
531 | case SSL_AD_UNKNOWN_PSK_IDENTITY: | |
532 | return (TLS1_AD_UNKNOWN_PSK_IDENTITY); | |
533 | case SSL_AD_INAPPROPRIATE_FALLBACK: | |
534 | return (TLS1_AD_INAPPROPRIATE_FALLBACK); | |
06217867 EK |
535 | case SSL_AD_NO_APPLICATION_PROTOCOL: |
536 | return (TLS1_AD_NO_APPLICATION_PROTOCOL); | |
42c28b63 MC |
537 | case SSL_AD_CERTIFICATE_REQUIRED: |
538 | return SSL_AD_HANDSHAKE_FAILURE; | |
0f113f3e MC |
539 | default: |
540 | return (-1); | |
541 | } | |
542 | } |