]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
4333b89f | 2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. |
c80149d9 | 3 | * Copyright 2005 Nokia. All rights reserved. |
82b0bf0b | 4 | * |
2c18d164 | 5 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
6 | * this file except in compliance with the License. You can obtain a copy |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
82b0bf0b | 9 | */ |
846e33c7 | 10 | |
d02b48c6 | 11 | #include <stdio.h> |
706457b7 | 12 | #include "ssl_local.h" |
7b63c0fa | 13 | #include <openssl/evp.h> |
dbad1690 | 14 | #include <openssl/md5.h> |
d5e5e2ff | 15 | #include <openssl/core_names.h> |
67dc995e | 16 | #include "internal/cryptlib.h" |
d02b48c6 | 17 | |
38b051a1 | 18 | static int ssl3_generate_key_block(SSL_CONNECTION *s, unsigned char *km, int num) |
0f113f3e | 19 | { |
62ba8345 | 20 | const EVP_MD *md5 = NULL, *sha1 = NULL; |
6e59a892 RL |
21 | EVP_MD_CTX *m5; |
22 | EVP_MD_CTX *s1; | |
0f113f3e MC |
23 | unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; |
24 | unsigned char c = 'A'; | |
c19e6da9 | 25 | unsigned int i, k; |
6e59a892 | 26 | int ret = 0; |
38b051a1 | 27 | SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); |
58964a49 | 28 | |
ca570cfd | 29 | #ifdef CHARSET_EBCDIC |
0f113f3e | 30 | c = os_toascii[c]; /* 'A' in ASCII */ |
ca570cfd | 31 | #endif |
0f113f3e | 32 | k = 0; |
38b051a1 TM |
33 | md5 = ssl_evp_md_fetch(sctx->libctx, NID_md5, sctx->propq); |
34 | sha1 = ssl_evp_md_fetch(sctx->libctx, NID_sha1, sctx->propq); | |
bfb0641f RL |
35 | m5 = EVP_MD_CTX_new(); |
36 | s1 = EVP_MD_CTX_new(); | |
62ba8345 | 37 | if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) { |
e077455e | 38 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); |
6e59a892 RL |
39 | goto err; |
40 | } | |
0f113f3e MC |
41 | for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { |
42 | k++; | |
a6fd7c1d | 43 | if (k > sizeof(buf)) { |
0f113f3e | 44 | /* bug: 'buf' is too small for this ciphersuite */ |
c48ffbcc | 45 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
a6fd7c1d | 46 | goto err; |
0f113f3e MC |
47 | } |
48 | ||
c19e6da9 | 49 | memset(buf, c, k); |
0f113f3e | 50 | c++; |
62ba8345 | 51 | if (!EVP_DigestInit_ex(s1, sha1, NULL) |
d166ed8c DSH |
52 | || !EVP_DigestUpdate(s1, buf, k) |
53 | || !EVP_DigestUpdate(s1, s->session->master_key, | |
54 | s->session->master_key_length) | |
555cbb32 TS |
55 | || !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE) |
56 | || !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE) | |
d166ed8c | 57 | || !EVP_DigestFinal_ex(s1, smd, NULL) |
47b4ccea | 58 | || !EVP_DigestInit_ex(m5, md5, NULL) |
d166ed8c DSH |
59 | || !EVP_DigestUpdate(m5, s->session->master_key, |
60 | s->session->master_key_length) | |
d4d2f3a4 | 61 | || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) { |
c48ffbcc | 62 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
d166ed8c | 63 | goto err; |
d4d2f3a4 | 64 | } |
0f113f3e | 65 | if ((int)(i + MD5_DIGEST_LENGTH) > num) { |
d4d2f3a4 | 66 | if (!EVP_DigestFinal_ex(m5, smd, NULL)) { |
c48ffbcc | 67 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
d166ed8c | 68 | goto err; |
d4d2f3a4 | 69 | } |
0f113f3e | 70 | memcpy(km, smd, (num - i)); |
d166ed8c | 71 | } else { |
d4d2f3a4 | 72 | if (!EVP_DigestFinal_ex(m5, km, NULL)) { |
c48ffbcc | 73 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
d166ed8c | 74 | goto err; |
d4d2f3a4 | 75 | } |
d166ed8c | 76 | } |
0f113f3e MC |
77 | |
78 | km += MD5_DIGEST_LENGTH; | |
79 | } | |
e0f9bf1d | 80 | OPENSSL_cleanse(smd, sizeof(smd)); |
6e59a892 RL |
81 | ret = 1; |
82 | err: | |
bfb0641f RL |
83 | EVP_MD_CTX_free(m5); |
84 | EVP_MD_CTX_free(s1); | |
c8f6c28a | 85 | ssl_evp_md_free(md5); |
62ba8345 | 86 | ssl_evp_md_free(sha1); |
6e59a892 | 87 | return ret; |
0f113f3e | 88 | } |
58964a49 | 89 | |
38b051a1 | 90 | int ssl3_change_cipher_state(SSL_CONNECTION *s, int which) |
0f113f3e MC |
91 | { |
92 | unsigned char *p, *mac_secret; | |
10560aed MC |
93 | size_t md_len; |
94 | unsigned char *key, *iv; | |
0f113f3e | 95 | EVP_CIPHER_CTX *dd; |
10560aed | 96 | const EVP_CIPHER *ciph; |
976b263d | 97 | const SSL_COMP *comp = NULL; |
10560aed | 98 | const EVP_MD *md; |
8c1a5343 | 99 | int mdi; |
10560aed | 100 | size_t n, iv_len, key_len; |
0f113f3e | 101 | int reuse_dd = 0; |
2b71b042 MC |
102 | int direction = (which & SSL3_CC_READ) != 0 ? OSSL_RECORD_DIRECTION_READ |
103 | : OSSL_RECORD_DIRECTION_WRITE; | |
0f113f3e | 104 | |
10560aed MC |
105 | ciph = s->s3.tmp.new_sym_enc; |
106 | md = s->s3.tmp.new_hash; | |
0f113f3e | 107 | /* m == NULL will lead to a crash later */ |
10560aed | 108 | if (!ossl_assert(md != NULL)) { |
c48ffbcc | 109 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
f63a17d6 | 110 | goto err; |
380a522f | 111 | } |
09b6c2ef | 112 | #ifndef OPENSSL_NO_COMP |
10560aed | 113 | comp = s->s3.tmp.new_compression; |
09b6c2ef | 114 | #endif |
0f113f3e | 115 | |
555cbb32 | 116 | p = s->s3.tmp.key_block; |
10560aed | 117 | mdi = EVP_MD_get_size(md); |
f63a17d6 | 118 | if (mdi < 0) { |
c48ffbcc | 119 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
f63a17d6 MC |
120 | goto err; |
121 | } | |
10560aed MC |
122 | md_len = (size_t)mdi; |
123 | key_len = EVP_CIPHER_get_key_length(ciph); | |
124 | iv_len = EVP_CIPHER_get_iv_length(ciph); | |
0f113f3e MC |
125 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
126 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { | |
10560aed MC |
127 | mac_secret = &(p[0]); |
128 | n = md_len + md_len; | |
0f113f3e | 129 | key = &(p[n]); |
10560aed | 130 | n += key_len + key_len; |
0f113f3e | 131 | iv = &(p[n]); |
10560aed | 132 | n += iv_len + iv_len; |
0f113f3e | 133 | } else { |
10560aed MC |
134 | n = md_len; |
135 | mac_secret = &(p[n]); | |
136 | n += md_len + key_len; | |
0f113f3e | 137 | key = &(p[n]); |
10560aed | 138 | n += key_len + iv_len; |
0f113f3e | 139 | iv = &(p[n]); |
10560aed | 140 | n += iv_len; |
0f113f3e MC |
141 | } |
142 | ||
555cbb32 | 143 | if (n > s->s3.tmp.key_block_length) { |
c48ffbcc | 144 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
f63a17d6 | 145 | goto err; |
0f113f3e MC |
146 | } |
147 | ||
2b71b042 MC |
148 | if (!ssl_set_new_record_layer(s, SSL3_VERSION, |
149 | direction, | |
150 | OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, | |
151 | key, key_len, iv, iv_len, mac_secret, | |
152 | md_len, ciph, 0, NID_undef, md, comp)) { | |
153 | /* SSLfatal already called */ | |
154 | goto err; | |
155 | } | |
10560aed | 156 | |
2b71b042 | 157 | if (which & SSL3_CC_READ) { |
10560aed MC |
158 | s->statem.enc_write_state = ENC_WRITE_STATE_VALID; |
159 | return 1; | |
160 | } | |
161 | ||
162 | s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; | |
163 | if (s->enc_write_ctx != NULL) { | |
164 | reuse_dd = 1; | |
165 | } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { | |
e077455e | 166 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); |
10560aed MC |
167 | goto err; |
168 | } else { | |
169 | /* make sure it's initialised in case we exit later with an error */ | |
170 | EVP_CIPHER_CTX_reset(s->enc_write_ctx); | |
171 | } | |
172 | dd = s->enc_write_ctx; | |
173 | if (ssl_replace_hash(&s->write_hash, md) == NULL) { | |
e077455e | 174 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB); |
10560aed MC |
175 | goto err; |
176 | } | |
177 | #ifndef OPENSSL_NO_COMP | |
178 | /* COMPRESS */ | |
179 | COMP_CTX_free(s->compress); | |
180 | s->compress = NULL; | |
181 | if (comp != NULL) { | |
182 | s->compress = COMP_CTX_new(comp->method); | |
183 | if (s->compress == NULL) { | |
184 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, | |
185 | SSL_R_COMPRESSION_LIBRARY_ERROR); | |
186 | goto err; | |
187 | } | |
188 | } | |
189 | #endif | |
190 | RECORD_LAYER_reset_write_sequence(&s->rlayer); | |
191 | memcpy(&(s->s3.write_mac_secret[0]), mac_secret, md_len); | |
192 | ||
193 | if (reuse_dd) | |
194 | EVP_CIPHER_CTX_reset(dd); | |
0f113f3e | 195 | |
10560aed | 196 | if (!EVP_CipherInit_ex(dd, ciph, NULL, key, iv, (which & SSL3_CC_WRITE))) { |
c48ffbcc | 197 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
f63a17d6 MC |
198 | goto err; |
199 | } | |
58964a49 | 200 | |
10560aed MC |
201 | if (EVP_CIPHER_get0_provider(ciph) != NULL |
202 | && !tls_provider_set_tls_params(s, dd, ciph, md)) { | |
b5588178 MC |
203 | /* SSLfatal already called */ |
204 | goto err; | |
205 | } | |
206 | ||
7426cd34 | 207 | s->statem.enc_write_state = ENC_WRITE_STATE_VALID; |
208fb891 | 208 | return 1; |
0f113f3e | 209 | err: |
26a7d938 | 210 | return 0; |
0f113f3e | 211 | } |
d02b48c6 | 212 | |
38b051a1 | 213 | int ssl3_setup_key_block(SSL_CONNECTION *s) |
0f113f3e MC |
214 | { |
215 | unsigned char *p; | |
216 | const EVP_CIPHER *c; | |
217 | const EVP_MD *hash; | |
218 | int num; | |
219 | int ret = 0; | |
220 | SSL_COMP *comp; | |
221 | ||
555cbb32 | 222 | if (s->s3.tmp.key_block_length != 0) |
208fb891 | 223 | return 1; |
0f113f3e | 224 | |
38b051a1 TM |
225 | if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash, |
226 | NULL, NULL, &comp, 0)) { | |
5a2d0ef3 RL |
227 | /* Error is already recorded */ |
228 | SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); | |
26a7d938 | 229 | return 0; |
0f113f3e MC |
230 | } |
231 | ||
c8f6c28a | 232 | ssl_evp_cipher_free(s->s3.tmp.new_sym_enc); |
555cbb32 | 233 | s->s3.tmp.new_sym_enc = c; |
c8f6c28a | 234 | ssl_evp_md_free(s->s3.tmp.new_hash); |
555cbb32 | 235 | s->s3.tmp.new_hash = hash; |
09b6c2ef | 236 | #ifdef OPENSSL_NO_COMP |
555cbb32 | 237 | s->s3.tmp.new_compression = NULL; |
09b6c2ef | 238 | #else |
555cbb32 | 239 | s->s3.tmp.new_compression = comp; |
09b6c2ef | 240 | #endif |
d02b48c6 | 241 | |
ed576acd | 242 | num = EVP_MD_get_size(hash); |
0f113f3e MC |
243 | if (num < 0) |
244 | return 0; | |
245 | ||
ed576acd | 246 | num = EVP_CIPHER_get_key_length(c) + num + EVP_CIPHER_get_iv_length(c); |
0f113f3e | 247 | num *= 2; |
0eab41fb | 248 | |
0f113f3e | 249 | ssl3_cleanup_key_block(s); |
d02b48c6 | 250 | |
f63a17d6 | 251 | if ((p = OPENSSL_malloc(num)) == NULL) { |
e077455e | 252 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); |
f63a17d6 MC |
253 | return 0; |
254 | } | |
d02b48c6 | 255 | |
555cbb32 TS |
256 | s->s3.tmp.key_block_length = num; |
257 | s->s3.tmp.key_block = p; | |
d02b48c6 | 258 | |
d4d2f3a4 | 259 | /* Calls SSLfatal() as required */ |
0f113f3e | 260 | ret = ssl3_generate_key_block(s, p, num); |
d02b48c6 | 261 | |
0f113f3e | 262 | return ret; |
0f113f3e | 263 | } |
d02b48c6 | 264 | |
38b051a1 | 265 | void ssl3_cleanup_key_block(SSL_CONNECTION *s) |
0f113f3e | 266 | { |
555cbb32 TS |
267 | OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length); |
268 | s->s3.tmp.key_block = NULL; | |
269 | s->s3.tmp.key_block_length = 0; | |
0f113f3e | 270 | } |
d02b48c6 | 271 | |
38b051a1 | 272 | int ssl3_init_finished_mac(SSL_CONNECTION *s) |
0f113f3e | 273 | { |
2c4a056f MC |
274 | BIO *buf = BIO_new(BIO_s_mem()); |
275 | ||
276 | if (buf == NULL) { | |
e077455e | 277 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BIO_LIB); |
2c4a056f MC |
278 | return 0; |
279 | } | |
85fb6fda | 280 | ssl3_free_digest_list(s); |
555cbb32 TS |
281 | s->s3.handshake_buffer = buf; |
282 | (void)BIO_set_close(s->s3.handshake_buffer, BIO_CLOSE); | |
2c4a056f | 283 | return 1; |
0f113f3e MC |
284 | } |
285 | ||
c7238204 DSH |
286 | /* |
287 | * Free digest list. Also frees handshake buffer since they are always freed | |
288 | * together. | |
289 | */ | |
290 | ||
38b051a1 | 291 | void ssl3_free_digest_list(SSL_CONNECTION *s) |
0f113f3e | 292 | { |
555cbb32 TS |
293 | BIO_free(s->s3.handshake_buffer); |
294 | s->s3.handshake_buffer = NULL; | |
295 | EVP_MD_CTX_free(s->s3.handshake_dgst); | |
296 | s->s3.handshake_dgst = NULL; | |
0f113f3e | 297 | } |
81025661 | 298 | |
38b051a1 | 299 | int ssl3_finish_mac(SSL_CONNECTION *s, const unsigned char *buf, size_t len) |
0f113f3e | 300 | { |
f63a17d6 MC |
301 | int ret; |
302 | ||
555cbb32 | 303 | if (s->s3.handshake_dgst == NULL) { |
d166ed8c | 304 | /* Note: this writes to a memory BIO so a failure is a fatal error */ |
f63a17d6 | 305 | if (len > INT_MAX) { |
c48ffbcc | 306 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_OVERFLOW_ERROR); |
7ee8627f | 307 | return 0; |
f63a17d6 | 308 | } |
555cbb32 | 309 | ret = BIO_write(s->s3.handshake_buffer, (void *)buf, (int)len); |
f63a17d6 | 310 | if (ret <= 0 || ret != (int)len) { |
c48ffbcc | 311 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
f63a17d6 MC |
312 | return 0; |
313 | } | |
7ee8627f | 314 | } else { |
555cbb32 | 315 | ret = EVP_DigestUpdate(s->s3.handshake_dgst, buf, len); |
f63a17d6 | 316 | if (!ret) { |
c48ffbcc | 317 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
f63a17d6 MC |
318 | return 0; |
319 | } | |
7ee8627f | 320 | } |
f63a17d6 | 321 | return 1; |
0f113f3e | 322 | } |
6ba71a71 | 323 | |
38b051a1 | 324 | int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep) |
0f113f3e | 325 | { |
0f113f3e MC |
326 | const EVP_MD *md; |
327 | long hdatalen; | |
328 | void *hdata; | |
329 | ||
555cbb32 TS |
330 | if (s->s3.handshake_dgst == NULL) { |
331 | hdatalen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata); | |
124037fd | 332 | if (hdatalen <= 0) { |
c48ffbcc | 333 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH); |
124037fd DSH |
334 | return 0; |
335 | } | |
0f113f3e | 336 | |
555cbb32 TS |
337 | s->s3.handshake_dgst = EVP_MD_CTX_new(); |
338 | if (s->s3.handshake_dgst == NULL) { | |
e077455e | 339 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); |
28ba2541 DSH |
340 | return 0; |
341 | } | |
342 | ||
343 | md = ssl_handshake_md(s); | |
7cd1420b | 344 | if (md == NULL) { |
c48ffbcc | 345 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
7cd1420b MC |
346 | SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); |
347 | return 0; | |
348 | } | |
349 | if (!EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL) | |
555cbb32 | 350 | || !EVP_DigestUpdate(s->s3.handshake_dgst, hdata, hdatalen)) { |
c48ffbcc | 351 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
28ba2541 | 352 | return 0; |
0f113f3e MC |
353 | } |
354 | } | |
124037fd | 355 | if (keep == 0) { |
555cbb32 TS |
356 | BIO_free(s->s3.handshake_buffer); |
357 | s->s3.handshake_buffer = NULL; | |
0f113f3e MC |
358 | } |
359 | ||
360 | return 1; | |
361 | } | |
6ba71a71 | 362 | |
d5e5e2ff SL |
363 | void ssl3_digest_master_key_set_params(const SSL_SESSION *session, |
364 | OSSL_PARAM params[]) | |
365 | { | |
366 | int n = 0; | |
83b4a243 SL |
367 | params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, |
368 | (void *)session->master_key, | |
4e7991b4 | 369 | session->master_key_length); |
d5e5e2ff SL |
370 | params[n++] = OSSL_PARAM_construct_end(); |
371 | } | |
372 | ||
38b051a1 | 373 | size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender, size_t len, |
6db6bc5a | 374 | unsigned char *p) |
0f113f3e | 375 | { |
28ba2541 | 376 | int ret; |
6e59a892 | 377 | EVP_MD_CTX *ctx = NULL; |
0f113f3e | 378 | |
d4d2f3a4 MC |
379 | if (!ssl3_digest_cached_records(s, 0)) { |
380 | /* SSLfatal() already called */ | |
124037fd | 381 | return 0; |
d4d2f3a4 | 382 | } |
0f113f3e | 383 | |
ed576acd | 384 | if (EVP_MD_CTX_get_type(s->s3.handshake_dgst) != NID_md5_sha1) { |
c48ffbcc | 385 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_REQUIRED_DIGEST); |
0f113f3e MC |
386 | return 0; |
387 | } | |
28ba2541 | 388 | |
bfb0641f | 389 | ctx = EVP_MD_CTX_new(); |
6e59a892 | 390 | if (ctx == NULL) { |
e077455e | 391 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); |
6e59a892 RL |
392 | return 0; |
393 | } | |
555cbb32 | 394 | if (!EVP_MD_CTX_copy_ex(ctx, s->s3.handshake_dgst)) { |
c48ffbcc | 395 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
7d0effea AP |
396 | ret = 0; |
397 | goto err; | |
d356dc56 | 398 | } |
28ba2541 | 399 | |
ed576acd | 400 | ret = EVP_MD_CTX_get_size(ctx); |
28ba2541 | 401 | if (ret < 0) { |
c48ffbcc | 402 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
7d0effea AP |
403 | ret = 0; |
404 | goto err; | |
28ba2541 | 405 | } |
0f113f3e | 406 | |
d5e5e2ff SL |
407 | if (sender != NULL) { |
408 | OSSL_PARAM digest_cmd_params[3]; | |
409 | ||
410 | ssl3_digest_master_key_set_params(s->session, digest_cmd_params); | |
83b4a243 | 411 | |
d5e5e2ff SL |
412 | if (EVP_DigestUpdate(ctx, sender, len) <= 0 |
413 | || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0 | |
414 | || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { | |
c48ffbcc | 415 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
d5e5e2ff SL |
416 | ret = 0; |
417 | } | |
5f3d93e4 | 418 | } |
0f113f3e | 419 | |
7d0effea | 420 | err: |
bfb0641f | 421 | EVP_MD_CTX_free(ctx); |
0f113f3e | 422 | |
28ba2541 | 423 | return ret; |
0f113f3e | 424 | } |
d02b48c6 | 425 | |
38b051a1 TM |
426 | int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, |
427 | unsigned char *p, | |
8c1a5343 | 428 | size_t len, size_t *secret_size) |
0f113f3e MC |
429 | { |
430 | static const unsigned char *salt[3] = { | |
ca570cfd | 431 | #ifndef CHARSET_EBCDIC |
0f113f3e MC |
432 | (const unsigned char *)"A", |
433 | (const unsigned char *)"BB", | |
434 | (const unsigned char *)"CCC", | |
ca570cfd | 435 | #else |
0f113f3e MC |
436 | (const unsigned char *)"\x41", |
437 | (const unsigned char *)"\x42\x42", | |
438 | (const unsigned char *)"\x43\x43\x43", | |
ca570cfd | 439 | #endif |
0f113f3e MC |
440 | }; |
441 | unsigned char buf[EVP_MAX_MD_SIZE]; | |
bfb0641f | 442 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
8c1a5343 | 443 | int i, ret = 1; |
0f113f3e | 444 | unsigned int n; |
8c1a5343 | 445 | size_t ret_secret_size = 0; |
d02b48c6 | 446 | |
6e59a892 | 447 | if (ctx == NULL) { |
e077455e | 448 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); |
6e59a892 RL |
449 | return 0; |
450 | } | |
0f113f3e | 451 | for (i = 0; i < 3; i++) { |
38b051a1 | 452 | if (EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->sha1, NULL) <= 0 |
a230b26e EK |
453 | || EVP_DigestUpdate(ctx, salt[i], |
454 | strlen((const char *)salt[i])) <= 0 | |
455 | || EVP_DigestUpdate(ctx, p, len) <= 0 | |
555cbb32 | 456 | || EVP_DigestUpdate(ctx, &(s->s3.client_random[0]), |
a230b26e | 457 | SSL3_RANDOM_SIZE) <= 0 |
555cbb32 | 458 | || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]), |
a230b26e EK |
459 | SSL3_RANDOM_SIZE) <= 0 |
460 | || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 | |
38b051a1 | 461 | || EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->md5, NULL) <= 0 |
a230b26e EK |
462 | || EVP_DigestUpdate(ctx, p, len) <= 0 |
463 | || EVP_DigestUpdate(ctx, buf, n) <= 0 | |
464 | || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { | |
c48ffbcc | 465 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
5f3d93e4 MC |
466 | ret = 0; |
467 | break; | |
468 | } | |
0f113f3e | 469 | out += n; |
8c1a5343 | 470 | ret_secret_size += n; |
0f113f3e | 471 | } |
bfb0641f | 472 | EVP_MD_CTX_free(ctx); |
1cf218bc | 473 | |
e0f9bf1d | 474 | OPENSSL_cleanse(buf, sizeof(buf)); |
8c1a5343 MC |
475 | if (ret) |
476 | *secret_size = ret_secret_size; | |
477 | return ret; | |
0f113f3e | 478 | } |
d02b48c6 | 479 | |
6b691a5c | 480 | int ssl3_alert_code(int code) |
0f113f3e MC |
481 | { |
482 | switch (code) { | |
483 | case SSL_AD_CLOSE_NOTIFY: | |
26a7d938 | 484 | return SSL3_AD_CLOSE_NOTIFY; |
0f113f3e | 485 | case SSL_AD_UNEXPECTED_MESSAGE: |
26a7d938 | 486 | return SSL3_AD_UNEXPECTED_MESSAGE; |
0f113f3e | 487 | case SSL_AD_BAD_RECORD_MAC: |
26a7d938 | 488 | return SSL3_AD_BAD_RECORD_MAC; |
0f113f3e | 489 | case SSL_AD_DECRYPTION_FAILED: |
26a7d938 | 490 | return SSL3_AD_BAD_RECORD_MAC; |
0f113f3e | 491 | case SSL_AD_RECORD_OVERFLOW: |
26a7d938 | 492 | return SSL3_AD_BAD_RECORD_MAC; |
0f113f3e | 493 | case SSL_AD_DECOMPRESSION_FAILURE: |
26a7d938 | 494 | return SSL3_AD_DECOMPRESSION_FAILURE; |
0f113f3e | 495 | case SSL_AD_HANDSHAKE_FAILURE: |
26a7d938 | 496 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 497 | case SSL_AD_NO_CERTIFICATE: |
26a7d938 | 498 | return SSL3_AD_NO_CERTIFICATE; |
0f113f3e | 499 | case SSL_AD_BAD_CERTIFICATE: |
26a7d938 | 500 | return SSL3_AD_BAD_CERTIFICATE; |
0f113f3e | 501 | case SSL_AD_UNSUPPORTED_CERTIFICATE: |
26a7d938 | 502 | return SSL3_AD_UNSUPPORTED_CERTIFICATE; |
0f113f3e | 503 | case SSL_AD_CERTIFICATE_REVOKED: |
26a7d938 | 504 | return SSL3_AD_CERTIFICATE_REVOKED; |
0f113f3e | 505 | case SSL_AD_CERTIFICATE_EXPIRED: |
26a7d938 | 506 | return SSL3_AD_CERTIFICATE_EXPIRED; |
0f113f3e | 507 | case SSL_AD_CERTIFICATE_UNKNOWN: |
26a7d938 | 508 | return SSL3_AD_CERTIFICATE_UNKNOWN; |
0f113f3e | 509 | case SSL_AD_ILLEGAL_PARAMETER: |
26a7d938 | 510 | return SSL3_AD_ILLEGAL_PARAMETER; |
0f113f3e | 511 | case SSL_AD_UNKNOWN_CA: |
26a7d938 | 512 | return SSL3_AD_BAD_CERTIFICATE; |
0f113f3e | 513 | case SSL_AD_ACCESS_DENIED: |
26a7d938 | 514 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 515 | case SSL_AD_DECODE_ERROR: |
26a7d938 | 516 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 517 | case SSL_AD_DECRYPT_ERROR: |
26a7d938 | 518 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 519 | case SSL_AD_EXPORT_RESTRICTION: |
26a7d938 | 520 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 521 | case SSL_AD_PROTOCOL_VERSION: |
26a7d938 | 522 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 523 | case SSL_AD_INSUFFICIENT_SECURITY: |
26a7d938 | 524 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 525 | case SSL_AD_INTERNAL_ERROR: |
26a7d938 | 526 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 527 | case SSL_AD_USER_CANCELLED: |
26a7d938 | 528 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 529 | case SSL_AD_NO_RENEGOTIATION: |
26a7d938 | 530 | return -1; /* Don't send it :-) */ |
0f113f3e | 531 | case SSL_AD_UNSUPPORTED_EXTENSION: |
26a7d938 | 532 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 533 | case SSL_AD_CERTIFICATE_UNOBTAINABLE: |
26a7d938 | 534 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 535 | case SSL_AD_UNRECOGNIZED_NAME: |
26a7d938 | 536 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 537 | case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: |
26a7d938 | 538 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 539 | case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: |
26a7d938 | 540 | return SSL3_AD_HANDSHAKE_FAILURE; |
0f113f3e | 541 | case SSL_AD_UNKNOWN_PSK_IDENTITY: |
26a7d938 | 542 | return TLS1_AD_UNKNOWN_PSK_IDENTITY; |
0f113f3e | 543 | case SSL_AD_INAPPROPRIATE_FALLBACK: |
26a7d938 | 544 | return TLS1_AD_INAPPROPRIATE_FALLBACK; |
06217867 | 545 | case SSL_AD_NO_APPLICATION_PROTOCOL: |
26a7d938 | 546 | return TLS1_AD_NO_APPLICATION_PROTOCOL; |
42c28b63 MC |
547 | case SSL_AD_CERTIFICATE_REQUIRED: |
548 | return SSL_AD_HANDSHAKE_FAILURE; | |
1376708c BK |
549 | case TLS13_AD_MISSING_EXTENSION: |
550 | return SSL_AD_HANDSHAKE_FAILURE; | |
0f113f3e | 551 | default: |
26a7d938 | 552 | return -1; |
0f113f3e MC |
553 | } |
554 | } |