/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
#include <stdio.h>
#include "ssl_locl.h"
#include <openssl/evp.h>
#include <openssl/md5.h>
+#include "internal/cryptlib.h"
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
{
c = s->s3->tmp.new_sym_enc;
m = s->s3->tmp.new_hash;
/* m == NULL will lead to a crash later */
- OPENSSL_assert(m);
+ if (!ossl_assert(m != NULL)) {
+ SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ goto err2;
+ }
#ifndef OPENSSL_NO_COMP
if (s->s3->tmp.new_compression == NULL)
comp = NULL;
if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
goto err2;
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
- if (s->msg_callback) {
-
- int wh = which & SSL3_CC_WRITE ?
- TLS1_RT_CRYPTO_WRITE : TLS1_RT_CRYPTO_READ;
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
- mac_secret, EVP_MD_size(m), s, s->msg_callback_arg);
- if (c->key_len)
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
- key, c->key_len, s, s->msg_callback_arg);
- if (k) {
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_IV,
- iv, k, s, s->msg_callback_arg);
- }
- }
-#endif
-
OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
- return (1);
+ return 1;
err:
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
err2:
OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
- return (0);
+ return 0;
}
int ssl3_setup_key_block(SSL *s)
SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0)
- return (1);
+ return 1;
if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) {
SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
- return (0);
+ return 0;
}
s->s3->tmp.new_sym_enc = c;
err:
SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
- return (0);
+ return 0;
}
void ssl3_cleanup_key_block(SSL *s)
BIO *buf = BIO_new(BIO_s_mem());
if (buf == NULL) {
- SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC,
+ ERR_R_MALLOC_FAILURE);
return 0;
}
ssl3_free_digest_list(s);
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
int i, ret = 1;
unsigned int n;
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
- unsigned char *tmpout = out;
-#endif
size_t ret_secret_size = 0;
if (ctx == NULL) {
}
EVP_MD_CTX_free(ctx);
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
- if (ret && s->msg_callback) {
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
- p, len, s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
- tmpout, SSL3_MASTER_SECRET_SIZE,
- s, s->msg_callback_arg);
- }
-#endif
OPENSSL_cleanse(buf, sizeof(buf));
if (ret)
*secret_size = ret_secret_size;
{
switch (code) {
case SSL_AD_CLOSE_NOTIFY:
- return (SSL3_AD_CLOSE_NOTIFY);
+ return SSL3_AD_CLOSE_NOTIFY;
case SSL_AD_UNEXPECTED_MESSAGE:
- return (SSL3_AD_UNEXPECTED_MESSAGE);
+ return SSL3_AD_UNEXPECTED_MESSAGE;
case SSL_AD_BAD_RECORD_MAC:
- return (SSL3_AD_BAD_RECORD_MAC);
+ return SSL3_AD_BAD_RECORD_MAC;
case SSL_AD_DECRYPTION_FAILED:
- return (SSL3_AD_BAD_RECORD_MAC);
+ return SSL3_AD_BAD_RECORD_MAC;
case SSL_AD_RECORD_OVERFLOW:
- return (SSL3_AD_BAD_RECORD_MAC);
+ return SSL3_AD_BAD_RECORD_MAC;
case SSL_AD_DECOMPRESSION_FAILURE:
- return (SSL3_AD_DECOMPRESSION_FAILURE);
+ return SSL3_AD_DECOMPRESSION_FAILURE;
case SSL_AD_HANDSHAKE_FAILURE:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_NO_CERTIFICATE:
- return (SSL3_AD_NO_CERTIFICATE);
+ return SSL3_AD_NO_CERTIFICATE;
case SSL_AD_BAD_CERTIFICATE:
- return (SSL3_AD_BAD_CERTIFICATE);
+ return SSL3_AD_BAD_CERTIFICATE;
case SSL_AD_UNSUPPORTED_CERTIFICATE:
- return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
+ return SSL3_AD_UNSUPPORTED_CERTIFICATE;
case SSL_AD_CERTIFICATE_REVOKED:
- return (SSL3_AD_CERTIFICATE_REVOKED);
+ return SSL3_AD_CERTIFICATE_REVOKED;
case SSL_AD_CERTIFICATE_EXPIRED:
- return (SSL3_AD_CERTIFICATE_EXPIRED);
+ return SSL3_AD_CERTIFICATE_EXPIRED;
case SSL_AD_CERTIFICATE_UNKNOWN:
- return (SSL3_AD_CERTIFICATE_UNKNOWN);
+ return SSL3_AD_CERTIFICATE_UNKNOWN;
case SSL_AD_ILLEGAL_PARAMETER:
- return (SSL3_AD_ILLEGAL_PARAMETER);
+ return SSL3_AD_ILLEGAL_PARAMETER;
case SSL_AD_UNKNOWN_CA:
- return (SSL3_AD_BAD_CERTIFICATE);
+ return SSL3_AD_BAD_CERTIFICATE;
case SSL_AD_ACCESS_DENIED:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_DECODE_ERROR:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_DECRYPT_ERROR:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_EXPORT_RESTRICTION:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_PROTOCOL_VERSION:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_INSUFFICIENT_SECURITY:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_INTERNAL_ERROR:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_USER_CANCELLED:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_NO_RENEGOTIATION:
- return (-1); /* Don't send it :-) */
+ return -1; /* Don't send it :-) */
case SSL_AD_UNSUPPORTED_EXTENSION:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_CERTIFICATE_UNOBTAINABLE:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_UNRECOGNIZED_NAME:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
- return (SSL3_AD_HANDSHAKE_FAILURE);
+ return SSL3_AD_HANDSHAKE_FAILURE;
case SSL_AD_UNKNOWN_PSK_IDENTITY:
- return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
+ return TLS1_AD_UNKNOWN_PSK_IDENTITY;
case SSL_AD_INAPPROPRIATE_FALLBACK:
- return (TLS1_AD_INAPPROPRIATE_FALLBACK);
+ return TLS1_AD_INAPPROPRIATE_FALLBACK;
case SSL_AD_NO_APPLICATION_PROTOCOL:
- return (TLS1_AD_NO_APPLICATION_PROTOCOL);
+ return TLS1_AD_NO_APPLICATION_PROTOCOL;
case SSL_AD_CERTIFICATE_REQUIRED:
return SSL_AD_HANDSHAKE_FAILURE;
default:
- return (-1);
+ return -1;
}
}