]>
Commit | Line | Data |
---|---|---|
846e33c7 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
82b0bf0b | 3 | * |
846e33c7 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
82b0bf0b | 8 | */ |
846e33c7 | 9 | |
ddac1974 NL |
10 | /* ==================================================================== |
11 | * Copyright 2005 Nokia. All rights reserved. | |
12 | * | |
13 | * The portions of the attached software ("Contribution") is developed by | |
14 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | |
15 | * license. | |
16 | * | |
17 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | |
18 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | |
19 | * support (see RFC 4279) to OpenSSL. | |
20 | * | |
21 | * No patent licenses or other rights except those expressly stated in | |
22 | * the OpenSSL open source license shall be deemed granted or received | |
23 | * expressly, by implication, estoppel, or otherwise. | |
24 | * | |
25 | * No assurances are provided by Nokia that the Contribution does not | |
26 | * infringe the patent or other intellectual property rights of any third | |
27 | * party or that the license provides you with all the necessary rights | |
28 | * to make use of the Contribution. | |
29 | * | |
30 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | |
31 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | |
32 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | |
33 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | |
34 | * OTHERWISE. | |
35 | */ | |
d02b48c6 RE |
36 | |
37 | #include <stdio.h> | |
d02b48c6 | 38 | #include "ssl_locl.h" |
7b63c0fa | 39 | #include <openssl/evp.h> |
dbad1690 | 40 | #include <openssl/md5.h> |
d02b48c6 | 41 | |
027e257b | 42 | static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) |
0f113f3e | 43 | { |
6e59a892 RL |
44 | EVP_MD_CTX *m5; |
45 | EVP_MD_CTX *s1; | |
0f113f3e MC |
46 | unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; |
47 | unsigned char c = 'A'; | |
48 | unsigned int i, j, k; | |
6e59a892 | 49 | int ret = 0; |
58964a49 | 50 | |
ca570cfd | 51 | #ifdef CHARSET_EBCDIC |
0f113f3e | 52 | c = os_toascii[c]; /* 'A' in ASCII */ |
ca570cfd | 53 | #endif |
0f113f3e | 54 | k = 0; |
bfb0641f RL |
55 | m5 = EVP_MD_CTX_new(); |
56 | s1 = EVP_MD_CTX_new(); | |
6e59a892 RL |
57 | if (m5 == NULL || s1 == NULL) { |
58 | SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_MALLOC_FAILURE); | |
59 | goto err; | |
60 | } | |
61 | EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | |
0f113f3e MC |
62 | for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { |
63 | k++; | |
64 | if (k > sizeof buf) { | |
65 | /* bug: 'buf' is too small for this ciphersuite */ | |
66 | SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); | |
67 | return 0; | |
68 | } | |
69 | ||
70 | for (j = 0; j < k; j++) | |
71 | buf[j] = c; | |
72 | c++; | |
d166ed8c DSH |
73 | if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL) |
74 | || !EVP_DigestUpdate(s1, buf, k) | |
75 | || !EVP_DigestUpdate(s1, s->session->master_key, | |
76 | s->session->master_key_length) | |
77 | || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE) | |
78 | || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE) | |
79 | || !EVP_DigestFinal_ex(s1, smd, NULL) | |
80 | || !EVP_DigestInit_ex(m5, EVP_md5(), NULL) | |
81 | || !EVP_DigestUpdate(m5, s->session->master_key, | |
82 | s->session->master_key_length) | |
83 | || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) | |
84 | goto err; | |
0f113f3e | 85 | if ((int)(i + MD5_DIGEST_LENGTH) > num) { |
d166ed8c DSH |
86 | if (!EVP_DigestFinal_ex(m5, smd, NULL)) |
87 | goto err; | |
0f113f3e | 88 | memcpy(km, smd, (num - i)); |
d166ed8c DSH |
89 | } else { |
90 | if (!EVP_DigestFinal_ex(m5, km, NULL)) | |
91 | goto err; | |
92 | } | |
0f113f3e MC |
93 | |
94 | km += MD5_DIGEST_LENGTH; | |
95 | } | |
e0f9bf1d | 96 | OPENSSL_cleanse(smd, sizeof(smd)); |
6e59a892 RL |
97 | ret = 1; |
98 | err: | |
bfb0641f RL |
99 | EVP_MD_CTX_free(m5); |
100 | EVP_MD_CTX_free(s1); | |
6e59a892 | 101 | return ret; |
0f113f3e | 102 | } |
58964a49 | 103 | |
6b691a5c | 104 | int ssl3_change_cipher_state(SSL *s, int which) |
0f113f3e MC |
105 | { |
106 | unsigned char *p, *mac_secret; | |
107 | unsigned char exp_key[EVP_MAX_KEY_LENGTH]; | |
108 | unsigned char exp_iv[EVP_MAX_IV_LENGTH]; | |
361a1191 | 109 | unsigned char *ms, *key, *iv; |
0f113f3e MC |
110 | EVP_CIPHER_CTX *dd; |
111 | const EVP_CIPHER *c; | |
09b6c2ef | 112 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 113 | COMP_METHOD *comp; |
09b6c2ef | 114 | #endif |
0f113f3e | 115 | const EVP_MD *m; |
361a1191 | 116 | int n, i, j, k, cl; |
0f113f3e MC |
117 | int reuse_dd = 0; |
118 | ||
0f113f3e MC |
119 | c = s->s3->tmp.new_sym_enc; |
120 | m = s->s3->tmp.new_hash; | |
121 | /* m == NULL will lead to a crash later */ | |
122 | OPENSSL_assert(m); | |
09b6c2ef | 123 | #ifndef OPENSSL_NO_COMP |
0f113f3e MC |
124 | if (s->s3->tmp.new_compression == NULL) |
125 | comp = NULL; | |
126 | else | |
127 | comp = s->s3->tmp.new_compression->method; | |
09b6c2ef | 128 | #endif |
d02b48c6 | 129 | |
0f113f3e MC |
130 | if (which & SSL3_CC_READ) { |
131 | if (s->enc_read_ctx != NULL) | |
132 | reuse_dd = 1; | |
846ec07d | 133 | else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) |
0f113f3e MC |
134 | goto err; |
135 | else | |
136 | /* | |
8483a003 | 137 | * make sure it's initialised in case we exit later with an error |
0f113f3e | 138 | */ |
846ec07d | 139 | EVP_CIPHER_CTX_reset(s->enc_read_ctx); |
0f113f3e MC |
140 | dd = s->enc_read_ctx; |
141 | ||
5f3d93e4 | 142 | if (ssl_replace_hash(&s->read_hash, m) == NULL) { |
a230b26e EK |
143 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); |
144 | goto err2; | |
69f68237 | 145 | } |
09b6c2ef | 146 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 147 | /* COMPRESS */ |
efa7dd64 RS |
148 | COMP_CTX_free(s->expand); |
149 | s->expand = NULL; | |
0f113f3e MC |
150 | if (comp != NULL) { |
151 | s->expand = COMP_CTX_new(comp); | |
152 | if (s->expand == NULL) { | |
153 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, | |
154 | SSL_R_COMPRESSION_LIBRARY_ERROR); | |
155 | goto err2; | |
156 | } | |
0f113f3e | 157 | } |
09b6c2ef | 158 | #endif |
de07f311 | 159 | RECORD_LAYER_reset_read_sequence(&s->rlayer); |
0f113f3e MC |
160 | mac_secret = &(s->s3->read_mac_secret[0]); |
161 | } else { | |
162 | if (s->enc_write_ctx != NULL) | |
163 | reuse_dd = 1; | |
846ec07d | 164 | else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) |
0f113f3e MC |
165 | goto err; |
166 | else | |
167 | /* | |
8483a003 | 168 | * make sure it's initialised in case we exit later with an error |
0f113f3e | 169 | */ |
846ec07d | 170 | EVP_CIPHER_CTX_reset(s->enc_write_ctx); |
0f113f3e | 171 | dd = s->enc_write_ctx; |
5f3d93e4 | 172 | if (ssl_replace_hash(&s->write_hash, m) == NULL) { |
a230b26e EK |
173 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); |
174 | goto err2; | |
69f68237 | 175 | } |
09b6c2ef | 176 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 177 | /* COMPRESS */ |
efa7dd64 RS |
178 | COMP_CTX_free(s->compress); |
179 | s->compress = NULL; | |
0f113f3e MC |
180 | if (comp != NULL) { |
181 | s->compress = COMP_CTX_new(comp); | |
182 | if (s->compress == NULL) { | |
183 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, | |
184 | SSL_R_COMPRESSION_LIBRARY_ERROR); | |
185 | goto err2; | |
186 | } | |
187 | } | |
09b6c2ef | 188 | #endif |
de07f311 | 189 | RECORD_LAYER_reset_write_sequence(&s->rlayer); |
0f113f3e MC |
190 | mac_secret = &(s->s3->write_mac_secret[0]); |
191 | } | |
192 | ||
193 | if (reuse_dd) | |
846ec07d | 194 | EVP_CIPHER_CTX_reset(dd); |
0f113f3e MC |
195 | |
196 | p = s->s3->tmp.key_block; | |
197 | i = EVP_MD_size(m); | |
198 | if (i < 0) | |
199 | goto err2; | |
200 | cl = EVP_CIPHER_key_length(c); | |
361a1191 | 201 | j = cl; |
0f113f3e MC |
202 | k = EVP_CIPHER_iv_length(c); |
203 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | |
204 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { | |
205 | ms = &(p[0]); | |
206 | n = i + i; | |
207 | key = &(p[n]); | |
208 | n += j + j; | |
209 | iv = &(p[n]); | |
210 | n += k + k; | |
0f113f3e MC |
211 | } else { |
212 | n = i; | |
213 | ms = &(p[n]); | |
214 | n += i + j; | |
215 | key = &(p[n]); | |
216 | n += j + k; | |
217 | iv = &(p[n]); | |
218 | n += k; | |
0f113f3e MC |
219 | } |
220 | ||
221 | if (n > s->s3->tmp.key_block_length) { | |
222 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); | |
223 | goto err2; | |
224 | } | |
225 | ||
0f113f3e | 226 | memcpy(mac_secret, ms, i); |
0f113f3e MC |
227 | |
228 | EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); | |
58964a49 | 229 | |
1cf218bc | 230 | #ifdef OPENSSL_SSL_TRACE_CRYPTO |
0f113f3e MC |
231 | if (s->msg_callback) { |
232 | ||
233 | int wh = which & SSL3_CC_WRITE ? | |
234 | TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ; | |
235 | s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC, | |
236 | mac_secret, EVP_MD_size(m), s, s->msg_callback_arg); | |
237 | if (c->key_len) | |
238 | s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY, | |
239 | key, c->key_len, s, s->msg_callback_arg); | |
240 | if (k) { | |
241 | s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV, | |
242 | iv, k, s, s->msg_callback_arg); | |
243 | } | |
244 | } | |
1cf218bc DSH |
245 | #endif |
246 | ||
e0f9bf1d RS |
247 | OPENSSL_cleanse(exp_key, sizeof(exp_key)); |
248 | OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); | |
0f113f3e MC |
249 | return (1); |
250 | err: | |
251 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); | |
252 | err2: | |
e0f9bf1d RS |
253 | OPENSSL_cleanse(exp_key, sizeof(exp_key)); |
254 | OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); | |
0f113f3e MC |
255 | return (0); |
256 | } | |
d02b48c6 | 257 | |
6b691a5c | 258 | int ssl3_setup_key_block(SSL *s) |
0f113f3e MC |
259 | { |
260 | unsigned char *p; | |
261 | const EVP_CIPHER *c; | |
262 | const EVP_MD *hash; | |
263 | int num; | |
264 | int ret = 0; | |
265 | SSL_COMP *comp; | |
266 | ||
267 | if (s->s3->tmp.key_block_length != 0) | |
268 | return (1); | |
269 | ||
270 | if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) { | |
271 | SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); | |
272 | return (0); | |
273 | } | |
274 | ||
275 | s->s3->tmp.new_sym_enc = c; | |
276 | s->s3->tmp.new_hash = hash; | |
09b6c2ef | 277 | #ifdef OPENSSL_NO_COMP |
0f113f3e | 278 | s->s3->tmp.new_compression = NULL; |
09b6c2ef | 279 | #else |
0f113f3e | 280 | s->s3->tmp.new_compression = comp; |
09b6c2ef | 281 | #endif |
d02b48c6 | 282 | |
0f113f3e MC |
283 | num = EVP_MD_size(hash); |
284 | if (num < 0) | |
285 | return 0; | |
286 | ||
287 | num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c); | |
288 | num *= 2; | |
0eab41fb | 289 | |
0f113f3e | 290 | ssl3_cleanup_key_block(s); |
d02b48c6 | 291 | |
0f113f3e MC |
292 | if ((p = OPENSSL_malloc(num)) == NULL) |
293 | goto err; | |
d02b48c6 | 294 | |
0f113f3e MC |
295 | s->s3->tmp.key_block_length = num; |
296 | s->s3->tmp.key_block = p; | |
d02b48c6 | 297 | |
0f113f3e | 298 | ret = ssl3_generate_key_block(s, p, num); |
d02b48c6 | 299 | |
0f113f3e MC |
300 | if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) { |
301 | /* | |
302 | * enable vulnerability countermeasure for CBC ciphers with known-IV | |
303 | * problem (http://www.openssl.org/~bodo/tls-cbc.txt) | |
304 | */ | |
305 | s->s3->need_empty_fragments = 1; | |
82b0bf0b | 306 | |
0f113f3e MC |
307 | if (s->session->cipher != NULL) { |
308 | if (s->session->cipher->algorithm_enc == SSL_eNULL) | |
309 | s->s3->need_empty_fragments = 0; | |
c21506ba | 310 | |
82b0bf0b | 311 | #ifndef OPENSSL_NO_RC4 |
0f113f3e MC |
312 | if (s->session->cipher->algorithm_enc == SSL_RC4) |
313 | s->s3->need_empty_fragments = 0; | |
82b0bf0b | 314 | #endif |
0f113f3e MC |
315 | } |
316 | } | |
d02b48c6 | 317 | |
0f113f3e MC |
318 | return ret; |
319 | ||
320 | err: | |
321 | SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); | |
322 | return (0); | |
323 | } | |
d02b48c6 | 324 | |
6b691a5c | 325 | void ssl3_cleanup_key_block(SSL *s) |
0f113f3e | 326 | { |
4b45c6e5 RS |
327 | OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length); |
328 | s->s3->tmp.key_block = NULL; | |
0f113f3e MC |
329 | s->s3->tmp.key_block_length = 0; |
330 | } | |
d02b48c6 | 331 | |
2c4a056f | 332 | int ssl3_init_finished_mac(SSL *s) |
0f113f3e | 333 | { |
2c4a056f MC |
334 | BIO *buf = BIO_new(BIO_s_mem()); |
335 | ||
336 | if (buf == NULL) { | |
337 | SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE); | |
338 | return 0; | |
339 | } | |
85fb6fda | 340 | ssl3_free_digest_list(s); |
2c4a056f | 341 | s->s3->handshake_buffer = buf; |
0f113f3e | 342 | (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); |
2c4a056f | 343 | return 1; |
0f113f3e MC |
344 | } |
345 | ||
c7238204 DSH |
346 | /* |
347 | * Free digest list. Also frees handshake buffer since they are always freed | |
348 | * together. | |
349 | */ | |
350 | ||
0f113f3e MC |
351 | void ssl3_free_digest_list(SSL *s) |
352 | { | |
c7238204 DSH |
353 | BIO_free(s->s3->handshake_buffer); |
354 | s->s3->handshake_buffer = NULL; | |
bfb0641f | 355 | EVP_MD_CTX_free(s->s3->handshake_dgst); |
0f113f3e MC |
356 | s->s3->handshake_dgst = NULL; |
357 | } | |
81025661 | 358 | |
7ee8627f | 359 | int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) |
0f113f3e | 360 | { |
7ee8627f MC |
361 | if (s->s3->handshake_dgst == NULL) { |
362 | int ret; | |
d166ed8c | 363 | /* Note: this writes to a memory BIO so a failure is a fatal error */ |
7ee8627f MC |
364 | if (len > INT_MAX) |
365 | return 0; | |
366 | ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len); | |
367 | return ret > 0 && ret == (int)len; | |
368 | } else { | |
d166ed8c | 369 | return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); |
7ee8627f | 370 | } |
0f113f3e | 371 | } |
6ba71a71 | 372 | |
124037fd | 373 | int ssl3_digest_cached_records(SSL *s, int keep) |
0f113f3e | 374 | { |
0f113f3e MC |
375 | const EVP_MD *md; |
376 | long hdatalen; | |
377 | void *hdata; | |
378 | ||
0f113f3e | 379 | if (s->s3->handshake_dgst == NULL) { |
124037fd DSH |
380 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); |
381 | if (hdatalen <= 0) { | |
a230b26e EK |
382 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, |
383 | SSL_R_BAD_HANDSHAKE_LENGTH); | |
124037fd DSH |
384 | return 0; |
385 | } | |
0f113f3e | 386 | |
bfb0641f | 387 | s->s3->handshake_dgst = EVP_MD_CTX_new(); |
28ba2541 DSH |
388 | if (s->s3->handshake_dgst == NULL) { |
389 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); | |
390 | return 0; | |
391 | } | |
392 | ||
393 | md = ssl_handshake_md(s); | |
a230b26e EK |
394 | if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL) |
395 | || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) { | |
28ba2541 DSH |
396 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR); |
397 | return 0; | |
0f113f3e MC |
398 | } |
399 | } | |
124037fd | 400 | if (keep == 0) { |
0f113f3e MC |
401 | BIO_free(s->s3->handshake_buffer); |
402 | s->s3->handshake_buffer = NULL; | |
403 | } | |
404 | ||
405 | return 1; | |
406 | } | |
6ba71a71 | 407 | |
28ba2541 | 408 | int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) |
0f113f3e | 409 | { |
28ba2541 | 410 | int ret; |
6e59a892 | 411 | EVP_MD_CTX *ctx = NULL; |
0f113f3e | 412 | |
124037fd DSH |
413 | if (!ssl3_digest_cached_records(s, 0)) |
414 | return 0; | |
0f113f3e | 415 | |
28ba2541 | 416 | if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) { |
600fdc71 | 417 | SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, SSL_R_NO_REQUIRED_DIGEST); |
0f113f3e MC |
418 | return 0; |
419 | } | |
28ba2541 | 420 | |
bfb0641f | 421 | ctx = EVP_MD_CTX_new(); |
6e59a892 RL |
422 | if (ctx == NULL) { |
423 | SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE); | |
424 | return 0; | |
425 | } | |
d356dc56 MC |
426 | if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) { |
427 | SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); | |
428 | return 0; | |
429 | } | |
28ba2541 | 430 | |
6e59a892 | 431 | ret = EVP_MD_CTX_size(ctx); |
28ba2541 | 432 | if (ret < 0) { |
bfb0641f | 433 | EVP_MD_CTX_reset(ctx); |
0f113f3e | 434 | return 0; |
28ba2541 | 435 | } |
0f113f3e | 436 | |
6e59a892 | 437 | if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) |
a230b26e EK |
438 | || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, |
439 | s->session->master_key_length, | |
440 | s->session->master_key) <= 0 | |
441 | || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { | |
600fdc71 | 442 | SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); |
5f3d93e4 MC |
443 | ret = 0; |
444 | } | |
0f113f3e | 445 | |
bfb0641f | 446 | EVP_MD_CTX_free(ctx); |
0f113f3e | 447 | |
28ba2541 | 448 | return ret; |
0f113f3e | 449 | } |
d02b48c6 | 450 | |
6b691a5c | 451 | int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, |
0f113f3e MC |
452 | int len) |
453 | { | |
454 | static const unsigned char *salt[3] = { | |
ca570cfd | 455 | #ifndef CHARSET_EBCDIC |
0f113f3e MC |
456 | (const unsigned char *)"A", |
457 | (const unsigned char *)"BB", | |
458 | (const unsigned char *)"CCC", | |
ca570cfd | 459 | #else |
0f113f3e MC |
460 | (const unsigned char *)"\x41", |
461 | (const unsigned char *)"\x42\x42", | |
462 | (const unsigned char *)"\x43\x43\x43", | |
ca570cfd | 463 | #endif |
0f113f3e MC |
464 | }; |
465 | unsigned char buf[EVP_MAX_MD_SIZE]; | |
bfb0641f | 466 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
0f113f3e MC |
467 | int i, ret = 0; |
468 | unsigned int n; | |
81f57e5a | 469 | #ifdef OPENSSL_SSL_TRACE_CRYPTO |
0f113f3e | 470 | unsigned char *tmpout = out; |
1cf218bc | 471 | #endif |
d02b48c6 | 472 | |
6e59a892 RL |
473 | if (ctx == NULL) { |
474 | SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE); | |
475 | return 0; | |
476 | } | |
0f113f3e | 477 | for (i = 0; i < 3; i++) { |
6e59a892 | 478 | if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 |
a230b26e EK |
479 | || EVP_DigestUpdate(ctx, salt[i], |
480 | strlen((const char *)salt[i])) <= 0 | |
481 | || EVP_DigestUpdate(ctx, p, len) <= 0 | |
482 | || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]), | |
483 | SSL3_RANDOM_SIZE) <= 0 | |
484 | || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]), | |
485 | SSL3_RANDOM_SIZE) <= 0 | |
486 | || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 | |
487 | || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 | |
488 | || EVP_DigestUpdate(ctx, p, len) <= 0 | |
489 | || EVP_DigestUpdate(ctx, buf, n) <= 0 | |
490 | || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { | |
5f3d93e4 MC |
491 | SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); |
492 | ret = 0; | |
493 | break; | |
494 | } | |
0f113f3e MC |
495 | out += n; |
496 | ret += n; | |
497 | } | |
bfb0641f | 498 | EVP_MD_CTX_free(ctx); |
1cf218bc | 499 | |
81f57e5a | 500 | #ifdef OPENSSL_SSL_TRACE_CRYPTO |
5f3d93e4 | 501 | if (ret > 0 && s->msg_callback) { |
0f113f3e MC |
502 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER, |
503 | p, len, s, s->msg_callback_arg); | |
504 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM, | |
505 | s->s3->client_random, SSL3_RANDOM_SIZE, | |
506 | s, s->msg_callback_arg); | |
507 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM, | |
508 | s->s3->server_random, SSL3_RANDOM_SIZE, | |
509 | s, s->msg_callback_arg); | |
510 | s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER, | |
511 | tmpout, SSL3_MASTER_SECRET_SIZE, | |
512 | s, s->msg_callback_arg); | |
513 | } | |
1cf218bc | 514 | #endif |
e0f9bf1d | 515 | OPENSSL_cleanse(buf, sizeof(buf)); |
0f113f3e MC |
516 | return (ret); |
517 | } | |
d02b48c6 | 518 | |
6b691a5c | 519 | int ssl3_alert_code(int code) |
0f113f3e MC |
520 | { |
521 | switch (code) { | |
522 | case SSL_AD_CLOSE_NOTIFY: | |
523 | return (SSL3_AD_CLOSE_NOTIFY); | |
524 | case SSL_AD_UNEXPECTED_MESSAGE: | |
525 | return (SSL3_AD_UNEXPECTED_MESSAGE); | |
526 | case SSL_AD_BAD_RECORD_MAC: | |
527 | return (SSL3_AD_BAD_RECORD_MAC); | |
528 | case SSL_AD_DECRYPTION_FAILED: | |
529 | return (SSL3_AD_BAD_RECORD_MAC); | |
530 | case SSL_AD_RECORD_OVERFLOW: | |
531 | return (SSL3_AD_BAD_RECORD_MAC); | |
532 | case SSL_AD_DECOMPRESSION_FAILURE: | |
533 | return (SSL3_AD_DECOMPRESSION_FAILURE); | |
534 | case SSL_AD_HANDSHAKE_FAILURE: | |
535 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
536 | case SSL_AD_NO_CERTIFICATE: | |
537 | return (SSL3_AD_NO_CERTIFICATE); | |
538 | case SSL_AD_BAD_CERTIFICATE: | |
539 | return (SSL3_AD_BAD_CERTIFICATE); | |
540 | case SSL_AD_UNSUPPORTED_CERTIFICATE: | |
541 | return (SSL3_AD_UNSUPPORTED_CERTIFICATE); | |
542 | case SSL_AD_CERTIFICATE_REVOKED: | |
543 | return (SSL3_AD_CERTIFICATE_REVOKED); | |
544 | case SSL_AD_CERTIFICATE_EXPIRED: | |
545 | return (SSL3_AD_CERTIFICATE_EXPIRED); | |
546 | case SSL_AD_CERTIFICATE_UNKNOWN: | |
547 | return (SSL3_AD_CERTIFICATE_UNKNOWN); | |
548 | case SSL_AD_ILLEGAL_PARAMETER: | |
549 | return (SSL3_AD_ILLEGAL_PARAMETER); | |
550 | case SSL_AD_UNKNOWN_CA: | |
551 | return (SSL3_AD_BAD_CERTIFICATE); | |
552 | case SSL_AD_ACCESS_DENIED: | |
553 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
554 | case SSL_AD_DECODE_ERROR: | |
555 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
556 | case SSL_AD_DECRYPT_ERROR: | |
557 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
558 | case SSL_AD_EXPORT_RESTRICTION: | |
559 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
560 | case SSL_AD_PROTOCOL_VERSION: | |
561 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
562 | case SSL_AD_INSUFFICIENT_SECURITY: | |
563 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
564 | case SSL_AD_INTERNAL_ERROR: | |
565 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
566 | case SSL_AD_USER_CANCELLED: | |
567 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
568 | case SSL_AD_NO_RENEGOTIATION: | |
569 | return (-1); /* Don't send it :-) */ | |
570 | case SSL_AD_UNSUPPORTED_EXTENSION: | |
571 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
572 | case SSL_AD_CERTIFICATE_UNOBTAINABLE: | |
573 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
574 | case SSL_AD_UNRECOGNIZED_NAME: | |
575 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
576 | case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: | |
577 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
578 | case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: | |
579 | return (SSL3_AD_HANDSHAKE_FAILURE); | |
580 | case SSL_AD_UNKNOWN_PSK_IDENTITY: | |
581 | return (TLS1_AD_UNKNOWN_PSK_IDENTITY); | |
582 | case SSL_AD_INAPPROPRIATE_FALLBACK: | |
583 | return (TLS1_AD_INAPPROPRIATE_FALLBACK); | |
06217867 EK |
584 | case SSL_AD_NO_APPLICATION_PROTOCOL: |
585 | return (TLS1_AD_NO_APPLICATION_PROTOCOL); | |
0f113f3e MC |
586 | default: |
587 | return (-1); | |
588 | } | |
589 | } |