/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
#include <stdio.h>
#include "ssl_locl.h"
#include <openssl/comp.h>
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0
|| EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) <= 0
- || EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, slen) <= 0)
+ || EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, (int)slen) <= 0)
goto err;
- if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, seed1_len) <= 0)
+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, (int)seed1_len) <= 0)
goto err;
- if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, seed2_len) <= 0)
+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, (int)seed2_len) <= 0)
goto err;
- if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, seed3_len) <= 0)
+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, (int)seed3_len) <= 0)
goto err;
- if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, seed4_len) <= 0)
+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, (int)seed4_len) <= 0)
goto err;
- if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, seed5_len) <= 0)
+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, (int)seed5_len) <= 0)
goto err;
if (EVP_PKEY_derive(pctx, out, &olen) <= 0)
#endif
if (which & SSL3_CC_READ) {
+ if (s->ext.use_etm)
+ s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+ else
+ s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+
if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
else
mac_secret = &(s->s3->read_mac_secret[0]);
mac_secret_size = &(s->s3->read_mac_secret_size);
} else {
+ if (s->ext.use_etm)
+ s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+ else
+ s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+
if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
else
memcpy(mac_secret, ms, i);
if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
+ /* TODO(size_t): Convert this function */
mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
- mac_secret, *mac_secret_size);
+ mac_secret, (int)*mac_secret_size);
if (mac_key == NULL
|| EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
EVP_PKEY_free(mac_key);
#ifdef SSL_DEBUG
printf("which = %04X\nmac key=", which);
{
- int z;
+ size_t z;
for (z = 0; z < i; z++)
printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n');
}
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
- || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) {
+ || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
+ iv)) {
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
int taglen;
if (s->s3->tmp.
new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
- taglen = 8;
+ taglen = EVP_CCM8_TLS_TAG_LEN;
else
- taglen = 16;
+ taglen = EVP_CCM_TLS_TAG_LEN;
if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
- || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, k, iv)
+ || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv)
|| !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
&& !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
- *mac_secret_size, mac_secret)) {
+ (int)*mac_secret_size, mac_secret)) {
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
- if (s->msg_callback) {
- int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0;
- if (*mac_secret_size)
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_MAC,
- mac_secret, *mac_secret_size,
- s, s->msg_callback_arg);
- if (c->key_len)
- s->msg_callback(2, s->version, wh | TLS1_RT_CRYPTO_KEY,
- key, c->key_len, s, s->msg_callback_arg);
- if (k) {
- if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
- wh |= TLS1_RT_CRYPTO_FIXED_IV;
- else
- wh |= TLS1_RT_CRYPTO_IV;
- s->msg_callback(2, s->version, wh, iv, k, s, s->msg_callback_arg);
- }
- }
-#endif
#ifdef SSL_DEBUG
printf("which = %04X\nkey=", which);
}
printf("\niv=");
{
- int z;
+ size_t z;
for (z = 0; z < k; z++)
printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n');
}
if (s->s3->tmp.key_block_length != 0)
return (1);
- if (!ssl_cipher_get_evp
- (s->session, &c, &hash, &mac_type, &mac_secret_size, &comp,
- SSL_USE_ETM(s))) {
+ if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, &mac_secret_size,
+ &comp, s->ext.use_etm)) {
SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return (0);
}
SSL3_MASTER_SECRET_SIZE);
#endif
-#ifdef OPENSSL_SSL_TRACE_CRYPTO
- if (s->msg_callback) {
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_PREMASTER,
- p, len, s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_CLIENT_RANDOM,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_SERVER_RANDOM,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- s, s->msg_callback_arg);
- s->msg_callback(2, s->version, TLS1_RT_CRYPTO_MASTER,
- s->session->master_key,
- SSL3_MASTER_SECRET_SIZE, s, s->msg_callback_arg);
- }
-#endif
-
*secret_size = SSL3_MASTER_SECRET_SIZE;
return 1;
}
return (TLS1_AD_INAPPROPRIATE_FALLBACK);
case SSL_AD_NO_APPLICATION_PROTOCOL:
return (TLS1_AD_NO_APPLICATION_PROTOCOL);
+ case SSL_AD_CERTIFICATE_REQUIRED:
+ return SSL_AD_HANDSHAKE_FAILURE;
default:
return (-1);
}