]>
Commit | Line | Data |
---|---|---|
846e33c7 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
c80149d9 | 3 | * Copyright 2005 Nokia. All rights reserved. |
82b0bf0b | 4 | * |
846e33c7 RS |
5 | * Licensed under the OpenSSL license (the "License"). You may not use |
6 | * this file except in compliance with the License. You can obtain a copy | |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
82b0bf0b | 9 | */ |
846e33c7 | 10 | |
d02b48c6 | 11 | #include <stdio.h> |
d02b48c6 | 12 | #include "ssl_locl.h" |
7b63c0fa | 13 | #include <openssl/evp.h> |
dbad1690 | 14 | #include <openssl/md5.h> |
67dc995e | 15 | #include "internal/cryptlib.h" |
d02b48c6 | 16 | |
027e257b | 17 | static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) |
0f113f3e | 18 | { |
6e59a892 RL |
19 | EVP_MD_CTX *m5; |
20 | EVP_MD_CTX *s1; | |
0f113f3e MC |
21 | unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; |
22 | unsigned char c = 'A'; | |
23 | unsigned int i, j, k; | |
6e59a892 | 24 | int ret = 0; |
58964a49 | 25 | |
ca570cfd | 26 | #ifdef CHARSET_EBCDIC |
0f113f3e | 27 | c = os_toascii[c]; /* 'A' in ASCII */ |
ca570cfd | 28 | #endif |
0f113f3e | 29 | k = 0; |
bfb0641f RL |
30 | m5 = EVP_MD_CTX_new(); |
31 | s1 = EVP_MD_CTX_new(); | |
6e59a892 | 32 | if (m5 == NULL || s1 == NULL) { |
d4d2f3a4 MC |
33 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, |
34 | ERR_R_MALLOC_FAILURE); | |
6e59a892 RL |
35 | goto err; |
36 | } | |
37 | EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | |
0f113f3e MC |
38 | for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { |
39 | k++; | |
a6fd7c1d | 40 | if (k > sizeof(buf)) { |
0f113f3e | 41 | /* bug: 'buf' is too small for this ciphersuite */ |
d4d2f3a4 MC |
42 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, |
43 | ERR_R_INTERNAL_ERROR); | |
a6fd7c1d | 44 | goto err; |
0f113f3e MC |
45 | } |
46 | ||
47 | for (j = 0; j < k; j++) | |
48 | buf[j] = c; | |
49 | c++; | |
d166ed8c DSH |
50 | if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL) |
51 | || !EVP_DigestUpdate(s1, buf, k) | |
52 | || !EVP_DigestUpdate(s1, s->session->master_key, | |
53 | s->session->master_key_length) | |
54 | || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE) | |
55 | || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE) | |
56 | || !EVP_DigestFinal_ex(s1, smd, NULL) | |
57 | || !EVP_DigestInit_ex(m5, EVP_md5(), NULL) | |
58 | || !EVP_DigestUpdate(m5, s->session->master_key, | |
59 | s->session->master_key_length) | |
d4d2f3a4 MC |
60 | || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) { |
61 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, | |
62 | ERR_R_INTERNAL_ERROR); | |
d166ed8c | 63 | goto err; |
d4d2f3a4 | 64 | } |
0f113f3e | 65 | if ((int)(i + MD5_DIGEST_LENGTH) > num) { |
d4d2f3a4 MC |
66 | if (!EVP_DigestFinal_ex(m5, smd, NULL)) { |
67 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, | |
68 | SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); | |
d166ed8c | 69 | goto err; |
d4d2f3a4 | 70 | } |
0f113f3e | 71 | memcpy(km, smd, (num - i)); |
d166ed8c | 72 | } else { |
d4d2f3a4 MC |
73 | if (!EVP_DigestFinal_ex(m5, km, NULL)) { |
74 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, | |
75 | SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); | |
d166ed8c | 76 | goto err; |
d4d2f3a4 | 77 | } |
d166ed8c | 78 | } |
0f113f3e MC |
79 | |
80 | km += MD5_DIGEST_LENGTH; | |
81 | } | |
e0f9bf1d | 82 | OPENSSL_cleanse(smd, sizeof(smd)); |
6e59a892 RL |
83 | ret = 1; |
84 | err: | |
bfb0641f RL |
85 | EVP_MD_CTX_free(m5); |
86 | EVP_MD_CTX_free(s1); | |
6e59a892 | 87 | return ret; |
0f113f3e | 88 | } |
58964a49 | 89 | |
6b691a5c | 90 | int ssl3_change_cipher_state(SSL *s, int which) |
0f113f3e MC |
91 | { |
92 | unsigned char *p, *mac_secret; | |
93 | unsigned char exp_key[EVP_MAX_KEY_LENGTH]; | |
94 | unsigned char exp_iv[EVP_MAX_IV_LENGTH]; | |
361a1191 | 95 | unsigned char *ms, *key, *iv; |
0f113f3e MC |
96 | EVP_CIPHER_CTX *dd; |
97 | const EVP_CIPHER *c; | |
09b6c2ef | 98 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 99 | COMP_METHOD *comp; |
09b6c2ef | 100 | #endif |
0f113f3e | 101 | const EVP_MD *m; |
8c1a5343 MC |
102 | int mdi; |
103 | size_t n, i, j, k, cl; | |
0f113f3e MC |
104 | int reuse_dd = 0; |
105 | ||
0f113f3e MC |
106 | c = s->s3->tmp.new_sym_enc; |
107 | m = s->s3->tmp.new_hash; | |
108 | /* m == NULL will lead to a crash later */ | |
380a522f | 109 | if (!ossl_assert(m != NULL)) { |
f63a17d6 MC |
110 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
111 | ERR_R_INTERNAL_ERROR); | |
112 | goto err; | |
380a522f | 113 | } |
09b6c2ef | 114 | #ifndef OPENSSL_NO_COMP |
0f113f3e MC |
115 | if (s->s3->tmp.new_compression == NULL) |
116 | comp = NULL; | |
117 | else | |
118 | comp = s->s3->tmp.new_compression->method; | |
09b6c2ef | 119 | #endif |
d02b48c6 | 120 | |
0f113f3e | 121 | if (which & SSL3_CC_READ) { |
f63a17d6 | 122 | if (s->enc_read_ctx != NULL) { |
0f113f3e | 123 | reuse_dd = 1; |
f63a17d6 MC |
124 | } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { |
125 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, | |
126 | ERR_R_MALLOC_FAILURE); | |
0f113f3e | 127 | goto err; |
f63a17d6 | 128 | } else { |
0f113f3e | 129 | /* |
8483a003 | 130 | * make sure it's initialised in case we exit later with an error |
0f113f3e | 131 | */ |
846ec07d | 132 | EVP_CIPHER_CTX_reset(s->enc_read_ctx); |
f63a17d6 | 133 | } |
0f113f3e MC |
134 | dd = s->enc_read_ctx; |
135 | ||
5f3d93e4 | 136 | if (ssl_replace_hash(&s->read_hash, m) == NULL) { |
f63a17d6 MC |
137 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
138 | ERR_R_INTERNAL_ERROR); | |
139 | goto err; | |
69f68237 | 140 | } |
09b6c2ef | 141 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 142 | /* COMPRESS */ |
efa7dd64 RS |
143 | COMP_CTX_free(s->expand); |
144 | s->expand = NULL; | |
0f113f3e MC |
145 | if (comp != NULL) { |
146 | s->expand = COMP_CTX_new(comp); | |
147 | if (s->expand == NULL) { | |
f63a17d6 MC |
148 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
149 | SSL_F_SSL3_CHANGE_CIPHER_STATE, | |
dd5a4279 | 150 | SSL_R_COMPRESSION_LIBRARY_ERROR); |
f63a17d6 | 151 | goto err; |
0f113f3e | 152 | } |
0f113f3e | 153 | } |
09b6c2ef | 154 | #endif |
de07f311 | 155 | RECORD_LAYER_reset_read_sequence(&s->rlayer); |
0f113f3e MC |
156 | mac_secret = &(s->s3->read_mac_secret[0]); |
157 | } else { | |
d4ef4fbf | 158 | s->statem.invalid_enc_write_ctx = 1; |
f63a17d6 | 159 | if (s->enc_write_ctx != NULL) { |
0f113f3e | 160 | reuse_dd = 1; |
f63a17d6 MC |
161 | } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { |
162 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, | |
163 | ERR_R_MALLOC_FAILURE); | |
0f113f3e | 164 | goto err; |
f63a17d6 | 165 | } else { |
0f113f3e | 166 | /* |
8483a003 | 167 | * make sure it's initialised in case we exit later with an error |
0f113f3e | 168 | */ |
846ec07d | 169 | EVP_CIPHER_CTX_reset(s->enc_write_ctx); |
f63a17d6 | 170 | } |
d91f4568 | 171 | EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_SET_DRBG, 0, s->drbg); |
0f113f3e | 172 | dd = s->enc_write_ctx; |
5f3d93e4 | 173 | if (ssl_replace_hash(&s->write_hash, m) == NULL) { |
f63a17d6 MC |
174 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
175 | ERR_R_MALLOC_FAILURE); | |
176 | goto err; | |
69f68237 | 177 | } |
09b6c2ef | 178 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 179 | /* COMPRESS */ |
efa7dd64 RS |
180 | COMP_CTX_free(s->compress); |
181 | s->compress = NULL; | |
0f113f3e MC |
182 | if (comp != NULL) { |
183 | s->compress = COMP_CTX_new(comp); | |
184 | if (s->compress == NULL) { | |
f63a17d6 MC |
185 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
186 | SSL_F_SSL3_CHANGE_CIPHER_STATE, | |
187 | SSL_R_COMPRESSION_LIBRARY_ERROR); | |
188 | goto err; | |
0f113f3e MC |
189 | } |
190 | } | |
09b6c2ef | 191 | #endif |
de07f311 | 192 | RECORD_LAYER_reset_write_sequence(&s->rlayer); |
0f113f3e MC |
193 | mac_secret = &(s->s3->write_mac_secret[0]); |
194 | } | |
195 | ||
196 | if (reuse_dd) | |
846ec07d | 197 | EVP_CIPHER_CTX_reset(dd); |
0f113f3e MC |
198 | |
199 | p = s->s3->tmp.key_block; | |
8c1a5343 | 200 | mdi = EVP_MD_size(m); |
f63a17d6 MC |
201 | if (mdi < 0) { |
202 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, | |
203 | ERR_R_INTERNAL_ERROR); | |
204 | goto err; | |
205 | } | |
8c1a5343 | 206 | i = mdi; |
0f113f3e | 207 | cl = EVP_CIPHER_key_length(c); |
361a1191 | 208 | j = cl; |
0f113f3e MC |
209 | k = EVP_CIPHER_iv_length(c); |
210 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | |
211 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { | |
212 | ms = &(p[0]); | |
213 | n = i + i; | |
214 | key = &(p[n]); | |
215 | n += j + j; | |
216 | iv = &(p[n]); | |
217 | n += k + k; | |
0f113f3e MC |
218 | } else { |
219 | n = i; | |
220 | ms = &(p[n]); | |
221 | n += i + j; | |
222 | key = &(p[n]); | |
223 | n += j + k; | |
224 | iv = &(p[n]); | |
225 | n += k; | |
0f113f3e MC |
226 | } |
227 | ||
228 | if (n > s->s3->tmp.key_block_length) { | |
f63a17d6 MC |
229 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
230 | ERR_R_INTERNAL_ERROR); | |
231 | goto err; | |
0f113f3e MC |
232 | } |
233 | ||
0f113f3e | 234 | memcpy(mac_secret, ms, i); |
0f113f3e | 235 | |
f63a17d6 MC |
236 | if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { |
237 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, | |
238 | ERR_R_INTERNAL_ERROR); | |
239 | goto err; | |
240 | } | |
58964a49 | 241 | |
d4ef4fbf | 242 | s->statem.invalid_enc_write_ctx = 0; |
e0f9bf1d RS |
243 | OPENSSL_cleanse(exp_key, sizeof(exp_key)); |
244 | OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); | |
208fb891 | 245 | return 1; |
0f113f3e | 246 | err: |
e0f9bf1d RS |
247 | OPENSSL_cleanse(exp_key, sizeof(exp_key)); |
248 | OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); | |
26a7d938 | 249 | return 0; |
0f113f3e | 250 | } |
d02b48c6 | 251 | |
6b691a5c | 252 | int ssl3_setup_key_block(SSL *s) |
0f113f3e MC |
253 | { |
254 | unsigned char *p; | |
255 | const EVP_CIPHER *c; | |
256 | const EVP_MD *hash; | |
257 | int num; | |
258 | int ret = 0; | |
259 | SSL_COMP *comp; | |
260 | ||
261 | if (s->s3->tmp.key_block_length != 0) | |
208fb891 | 262 | return 1; |
0f113f3e MC |
263 | |
264 | if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) { | |
f63a17d6 MC |
265 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, |
266 | SSL_R_CIPHER_OR_HASH_UNAVAILABLE); | |
26a7d938 | 267 | return 0; |
0f113f3e MC |
268 | } |
269 | ||
270 | s->s3->tmp.new_sym_enc = c; | |
271 | s->s3->tmp.new_hash = hash; | |
09b6c2ef | 272 | #ifdef OPENSSL_NO_COMP |
0f113f3e | 273 | s->s3->tmp.new_compression = NULL; |
09b6c2ef | 274 | #else |
0f113f3e | 275 | s->s3->tmp.new_compression = comp; |
09b6c2ef | 276 | #endif |
d02b48c6 | 277 | |
0f113f3e MC |
278 | num = EVP_MD_size(hash); |
279 | if (num < 0) | |
280 | return 0; | |
281 | ||
282 | num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c); | |
283 | num *= 2; | |
0eab41fb | 284 | |
0f113f3e | 285 | ssl3_cleanup_key_block(s); |
d02b48c6 | 286 | |
f63a17d6 MC |
287 | if ((p = OPENSSL_malloc(num)) == NULL) { |
288 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, | |
289 | ERR_R_MALLOC_FAILURE); | |
290 | return 0; | |
291 | } | |
d02b48c6 | 292 | |
0f113f3e MC |
293 | s->s3->tmp.key_block_length = num; |
294 | s->s3->tmp.key_block = p; | |
d02b48c6 | 295 | |
d4d2f3a4 | 296 | /* Calls SSLfatal() as required */ |
0f113f3e | 297 | ret = ssl3_generate_key_block(s, p, num); |
d02b48c6 | 298 | |
0f113f3e MC |
299 | if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) { |
300 | /* | |
301 | * enable vulnerability countermeasure for CBC ciphers with known-IV | |
302 | * problem (http://www.openssl.org/~bodo/tls-cbc.txt) | |
303 | */ | |
304 | s->s3->need_empty_fragments = 1; | |
82b0bf0b | 305 | |
0f113f3e MC |
306 | if (s->session->cipher != NULL) { |
307 | if (s->session->cipher->algorithm_enc == SSL_eNULL) | |
308 | s->s3->need_empty_fragments = 0; | |
c21506ba | 309 | |
82b0bf0b | 310 | #ifndef OPENSSL_NO_RC4 |
0f113f3e MC |
311 | if (s->session->cipher->algorithm_enc == SSL_RC4) |
312 | s->s3->need_empty_fragments = 0; | |
82b0bf0b | 313 | #endif |
0f113f3e MC |
314 | } |
315 | } | |
d02b48c6 | 316 | |
0f113f3e | 317 | return ret; |
0f113f3e | 318 | } |
d02b48c6 | 319 | |
6b691a5c | 320 | void ssl3_cleanup_key_block(SSL *s) |
0f113f3e | 321 | { |
4b45c6e5 RS |
322 | OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length); |
323 | s->s3->tmp.key_block = NULL; | |
0f113f3e MC |
324 | s->s3->tmp.key_block_length = 0; |
325 | } | |
d02b48c6 | 326 | |
2c4a056f | 327 | int ssl3_init_finished_mac(SSL *s) |
0f113f3e | 328 | { |
2c4a056f MC |
329 | BIO *buf = BIO_new(BIO_s_mem()); |
330 | ||
331 | if (buf == NULL) { | |
4752c5de MC |
332 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC, |
333 | ERR_R_MALLOC_FAILURE); | |
2c4a056f MC |
334 | return 0; |
335 | } | |
85fb6fda | 336 | ssl3_free_digest_list(s); |
2c4a056f | 337 | s->s3->handshake_buffer = buf; |
0f113f3e | 338 | (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); |
2c4a056f | 339 | return 1; |
0f113f3e MC |
340 | } |
341 | ||
c7238204 DSH |
342 | /* |
343 | * Free digest list. Also frees handshake buffer since they are always freed | |
344 | * together. | |
345 | */ | |
346 | ||
0f113f3e MC |
347 | void ssl3_free_digest_list(SSL *s) |
348 | { | |
c7238204 DSH |
349 | BIO_free(s->s3->handshake_buffer); |
350 | s->s3->handshake_buffer = NULL; | |
bfb0641f | 351 | EVP_MD_CTX_free(s->s3->handshake_dgst); |
0f113f3e MC |
352 | s->s3->handshake_dgst = NULL; |
353 | } | |
81025661 | 354 | |
7ee8627f | 355 | int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) |
0f113f3e | 356 | { |
f63a17d6 MC |
357 | int ret; |
358 | ||
7ee8627f | 359 | if (s->s3->handshake_dgst == NULL) { |
d166ed8c | 360 | /* Note: this writes to a memory BIO so a failure is a fatal error */ |
f63a17d6 MC |
361 | if (len > INT_MAX) { |
362 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, | |
363 | SSL_R_OVERFLOW_ERROR); | |
7ee8627f | 364 | return 0; |
f63a17d6 | 365 | } |
7ee8627f | 366 | ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len); |
f63a17d6 MC |
367 | if (ret <= 0 || ret != (int)len) { |
368 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, | |
369 | ERR_R_INTERNAL_ERROR); | |
370 | return 0; | |
371 | } | |
7ee8627f | 372 | } else { |
f63a17d6 MC |
373 | ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); |
374 | if (!ret) { | |
375 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, | |
376 | ERR_R_INTERNAL_ERROR); | |
377 | return 0; | |
378 | } | |
7ee8627f | 379 | } |
f63a17d6 | 380 | return 1; |
0f113f3e | 381 | } |
6ba71a71 | 382 | |
124037fd | 383 | int ssl3_digest_cached_records(SSL *s, int keep) |
0f113f3e | 384 | { |
0f113f3e MC |
385 | const EVP_MD *md; |
386 | long hdatalen; | |
387 | void *hdata; | |
388 | ||
0f113f3e | 389 | if (s->s3->handshake_dgst == NULL) { |
124037fd DSH |
390 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); |
391 | if (hdatalen <= 0) { | |
f63a17d6 MC |
392 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, |
393 | SSL_R_BAD_HANDSHAKE_LENGTH); | |
124037fd DSH |
394 | return 0; |
395 | } | |
0f113f3e | 396 | |
bfb0641f | 397 | s->s3->handshake_dgst = EVP_MD_CTX_new(); |
28ba2541 | 398 | if (s->s3->handshake_dgst == NULL) { |
f63a17d6 MC |
399 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, |
400 | ERR_R_MALLOC_FAILURE); | |
28ba2541 DSH |
401 | return 0; |
402 | } | |
403 | ||
404 | md = ssl_handshake_md(s); | |
a230b26e EK |
405 | if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL) |
406 | || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) { | |
f63a17d6 MC |
407 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, |
408 | ERR_R_INTERNAL_ERROR); | |
28ba2541 | 409 | return 0; |
0f113f3e MC |
410 | } |
411 | } | |
124037fd | 412 | if (keep == 0) { |
0f113f3e MC |
413 | BIO_free(s->s3->handshake_buffer); |
414 | s->s3->handshake_buffer = NULL; | |
415 | } | |
416 | ||
417 | return 1; | |
418 | } | |
6ba71a71 | 419 | |
6db6bc5a MC |
420 | size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, |
421 | unsigned char *p) | |
0f113f3e | 422 | { |
28ba2541 | 423 | int ret; |
6e59a892 | 424 | EVP_MD_CTX *ctx = NULL; |
0f113f3e | 425 | |
d4d2f3a4 MC |
426 | if (!ssl3_digest_cached_records(s, 0)) { |
427 | /* SSLfatal() already called */ | |
124037fd | 428 | return 0; |
d4d2f3a4 | 429 | } |
0f113f3e | 430 | |
28ba2541 | 431 | if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) { |
d4d2f3a4 MC |
432 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, |
433 | SSL_R_NO_REQUIRED_DIGEST); | |
0f113f3e MC |
434 | return 0; |
435 | } | |
28ba2541 | 436 | |
bfb0641f | 437 | ctx = EVP_MD_CTX_new(); |
6e59a892 | 438 | if (ctx == NULL) { |
d4d2f3a4 MC |
439 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, |
440 | ERR_R_MALLOC_FAILURE); | |
6e59a892 RL |
441 | return 0; |
442 | } | |
d356dc56 | 443 | if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) { |
d4d2f3a4 MC |
444 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, |
445 | ERR_R_INTERNAL_ERROR); | |
d356dc56 MC |
446 | return 0; |
447 | } | |
28ba2541 | 448 | |
6e59a892 | 449 | ret = EVP_MD_CTX_size(ctx); |
28ba2541 | 450 | if (ret < 0) { |
d4d2f3a4 MC |
451 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, |
452 | ERR_R_INTERNAL_ERROR); | |
bfb0641f | 453 | EVP_MD_CTX_reset(ctx); |
0f113f3e | 454 | return 0; |
28ba2541 | 455 | } |
0f113f3e | 456 | |
6e59a892 | 457 | if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) |
a230b26e | 458 | || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, |
348240c6 | 459 | (int)s->session->master_key_length, |
a230b26e EK |
460 | s->session->master_key) <= 0 |
461 | || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { | |
d4d2f3a4 MC |
462 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, |
463 | ERR_R_INTERNAL_ERROR); | |
5f3d93e4 MC |
464 | ret = 0; |
465 | } | |
0f113f3e | 466 | |
bfb0641f | 467 | EVP_MD_CTX_free(ctx); |
0f113f3e | 468 | |
28ba2541 | 469 | return ret; |
0f113f3e | 470 | } |
d02b48c6 | 471 | |
6b691a5c | 472 | int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, |
8c1a5343 | 473 | size_t len, size_t *secret_size) |
0f113f3e MC |
474 | { |
475 | static const unsigned char *salt[3] = { | |
ca570cfd | 476 | #ifndef CHARSET_EBCDIC |
0f113f3e MC |
477 | (const unsigned char *)"A", |
478 | (const unsigned char *)"BB", | |
479 | (const unsigned char *)"CCC", | |
ca570cfd | 480 | #else |
0f113f3e MC |
481 | (const unsigned char *)"\x41", |
482 | (const unsigned char *)"\x42\x42", | |
483 | (const unsigned char *)"\x43\x43\x43", | |
ca570cfd | 484 | #endif |
0f113f3e MC |
485 | }; |
486 | unsigned char buf[EVP_MAX_MD_SIZE]; | |
bfb0641f | 487 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
8c1a5343 | 488 | int i, ret = 1; |
0f113f3e | 489 | unsigned int n; |
8c1a5343 | 490 | size_t ret_secret_size = 0; |
d02b48c6 | 491 | |
6e59a892 | 492 | if (ctx == NULL) { |
f63a17d6 MC |
493 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET, |
494 | ERR_R_MALLOC_FAILURE); | |
6e59a892 RL |
495 | return 0; |
496 | } | |
0f113f3e | 497 | for (i = 0; i < 3; i++) { |
6e59a892 | 498 | if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 |
a230b26e EK |
499 | || EVP_DigestUpdate(ctx, salt[i], |
500 | strlen((const char *)salt[i])) <= 0 | |
501 | || EVP_DigestUpdate(ctx, p, len) <= 0 | |
502 | || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]), | |
503 | SSL3_RANDOM_SIZE) <= 0 | |
504 | || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]), | |
505 | SSL3_RANDOM_SIZE) <= 0 | |
8c1a5343 | 506 | /* TODO(size_t) : convert me */ |
a230b26e EK |
507 | || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 |
508 | || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 | |
509 | || EVP_DigestUpdate(ctx, p, len) <= 0 | |
510 | || EVP_DigestUpdate(ctx, buf, n) <= 0 | |
511 | || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { | |
f63a17d6 MC |
512 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
513 | SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); | |
5f3d93e4 MC |
514 | ret = 0; |
515 | break; | |
516 | } | |
0f113f3e | 517 | out += n; |
8c1a5343 | 518 | ret_secret_size += n; |
0f113f3e | 519 | } |
bfb0641f | 520 | EVP_MD_CTX_free(ctx); |
1cf218bc | 521 | |
e0f9bf1d | 522 | OPENSSL_cleanse(buf, sizeof(buf)); |
8c1a5343 MC |
523 | if (ret) |
524 | *secret_size = ret_secret_size; | |
525 | return ret; | |
0f113f3e | 526 | } |
d02b48c6 | 527 | |
6b691a5c | 528 | int ssl3_alert_code(int code) |
0f113f3e MC |
529 | { |
530 | switch (code) { | |
531 | case SSL_AD_CLOSE_NOTIFY: | |
26a7d938 | 532 | return SSL3_AD_CLOSE_NOTIFY; |
0f113f3e | 533 | case SSL_AD_UNEXPECTED_MESSAGE: |
26a7d938 | 534 | return SSL3_AD_UNEXPECTED_MESSAGE; |
0f113f3e | 535 | case SSL_AD_BAD_RECORD_MAC: |
26a7d938 | 536 | return SSL3_AD_BAD_RECORD_MAC; |
0f113f3e | 537 | case SSL_AD_DECRYPTION_FAILED: |
26a7d938 | 538 | return SSL3_AD_BAD_RECORD_MAC; |
0f113f3e | 539 | case SSL_AD_RECORD_OVERFLOW: |
26a7d938 | 540 | return SSL3_AD_BAD_RECORD_MAC; |
0f113f3e | 541 | case SSL_AD_DECOMPRESSION_FAILURE: |
26a7d938 | 542 | return SSL3_AD_DECOMPRESSION_FAILURE; |
0f113f3e | 543 | case SSL_AD_HANDSHAKE_FAILURE: |
26a7d938 | 544 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 545 | case SSL_AD_NO_CERTIFICATE: |
26a7d938 | 546 | return SSL3_AD_NO_CERTIFICATE; |
0f113f3e | 547 | case SSL_AD_BAD_CERTIFICATE: |
26a7d938 | 548 | return SSL3_AD_BAD_CERTIFICATE; |
0f113f3e | 549 | case SSL_AD_UNSUPPORTED_CERTIFICATE: |
26a7d938 | 550 | return SSL3_AD_UNSUPPORTED_CERTIFICATE; |
0f113f3e | 551 | case SSL_AD_CERTIFICATE_REVOKED: |
26a7d938 | 552 | return SSL3_AD_CERTIFICATE_REVOKED; |
0f113f3e | 553 | case SSL_AD_CERTIFICATE_EXPIRED: |
26a7d938 | 554 | return SSL3_AD_CERTIFICATE_EXPIRED; |
0f113f3e | 555 | case SSL_AD_CERTIFICATE_UNKNOWN: |
26a7d938 | 556 | return SSL3_AD_CERTIFICATE_UNKNOWN; |
0f113f3e | 557 | case SSL_AD_ILLEGAL_PARAMETER: |
26a7d938 | 558 | return SSL3_AD_ILLEGAL_PARAMETER; |
0f113f3e | 559 | case SSL_AD_UNKNOWN_CA: |
26a7d938 | 560 | return SSL3_AD_BAD_CERTIFICATE; |
0f113f3e | 561 | case SSL_AD_ACCESS_DENIED: |
26a7d938 | 562 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 563 | case SSL_AD_DECODE_ERROR: |
26a7d938 | 564 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 565 | case SSL_AD_DECRYPT_ERROR: |
26a7d938 | 566 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 567 | case SSL_AD_EXPORT_RESTRICTION: |
26a7d938 | 568 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 569 | case SSL_AD_PROTOCOL_VERSION: |
26a7d938 | 570 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 571 | case SSL_AD_INSUFFICIENT_SECURITY: |
26a7d938 | 572 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 573 | case SSL_AD_INTERNAL_ERROR: |
26a7d938 | 574 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 575 | case SSL_AD_USER_CANCELLED: |
26a7d938 | 576 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 577 | case SSL_AD_NO_RENEGOTIATION: |
26a7d938 | 578 | return -1; /* Don't send it :-) */ |
0f113f3e | 579 | case SSL_AD_UNSUPPORTED_EXTENSION: |
26a7d938 | 580 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 581 | case SSL_AD_CERTIFICATE_UNOBTAINABLE: |
26a7d938 | 582 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 583 | case SSL_AD_UNRECOGNIZED_NAME: |
26a7d938 | 584 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 585 | case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: |
26a7d938 | 586 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 587 | case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: |
26a7d938 | 588 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 589 | case SSL_AD_UNKNOWN_PSK_IDENTITY: |
26a7d938 | 590 | return TLS1_AD_UNKNOWN_PSK_IDENTITY; |
0f113f3e | 591 | case SSL_AD_INAPPROPRIATE_FALLBACK: |
26a7d938 | 592 | return TLS1_AD_INAPPROPRIATE_FALLBACK; |
06217867 | 593 | case SSL_AD_NO_APPLICATION_PROTOCOL: |
26a7d938 | 594 | return TLS1_AD_NO_APPLICATION_PROTOCOL; |
42c28b63 MC |
595 | case SSL_AD_CERTIFICATE_REQUIRED: |
596 | return SSL_AD_HANDSHAKE_FAILURE; | |
0f113f3e | 597 | default: |
26a7d938 | 598 | return -1; |
0f113f3e MC |
599 | } |
600 | } |