X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Ft1_enc.c;h=ae33bda78fc096f0a318a95ad6def63d8d97b55d;hb=65e8167079b9d7d3195436a78d6520ff47cf6780;hp=0f5cbd326a2474ca7be58703084f8931fdd03300;hpb=06ab81f9f7b055a4456798cb9ef3266160438a08;p=openssl.git diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 0f5cbd326a..ae33bda78f 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -57,19 +57,16 @@ */ #include -#include "comp.h" -#include "evp.h" -#include "hmac.h" +#include +#include +#include +#include +#include #include "ssl_locl.h" -static void tls1_P_hash(md,sec,sec_len,seed,seed_len,out,olen) -EVP_MD *md; -unsigned char *sec; -int sec_len; -unsigned char *seed; -int seed_len; -unsigned char *out; -int olen; +static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, + int sec_len, unsigned char *seed, int seed_len, + unsigned char *out, int olen) { int chunk,n; unsigned int j; @@ -111,19 +108,13 @@ int olen; memset(A1,0,sizeof(A1)); } -static void tls1_PRF(md5,sha1,label,label_len,sec,slen,out1,out2,olen) -EVP_MD *md5; -EVP_MD *sha1; -unsigned char *label; -int label_len; -unsigned char *sec; -int slen; -unsigned char *out1; -unsigned char *out2; -int olen; +static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, + unsigned char *label, int label_len, + const unsigned char *sec, int slen, unsigned char *out1, + unsigned char *out2, int olen) { int len,i; - unsigned char *S1,*S2; + const unsigned char *S1,*S2; len=slen/2; S1=sec; @@ -138,10 +129,8 @@ int olen; out1[i]^=out2[i]; } -static void tls1_generate_key_block(s,km,tmp,num) -SSL *s; -unsigned char *km,*tmp; -int num; +static void tls1_generate_key_block(SSL *s, unsigned char *km, + unsigned char *tmp, int num) { unsigned char *p; unsigned char buf[SSL3_RANDOM_SIZE*2+ @@ -157,14 +146,24 @@ int num; p+=SSL3_RANDOM_SIZE; tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), - s->session->master_key,s->session->master_key_length, - km,tmp,num); + s->session->master_key,s->session->master_key_length, + km,tmp,num); +#ifdef KSSL_DEBUG + printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", + s->session->master_key_length); + { + int i; + for (i=0; i < s->session->master_key_length; i++) + { + printf("%02X", s->session->master_key[i]); + } + printf("\n"); } +#endif /* KSSL_DEBUG */ } -int tls1_change_cipher_state(s,which) -SSL *s; -int which; +int tls1_change_cipher_state(SSL *s, int which) { + static const unsigned char empty[]=""; unsigned char *p,*key_block,*mac_secret; unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+ SSL3_RANDOM_SIZE*2]; @@ -175,9 +174,9 @@ int which; unsigned char *ms,*key,*iv,*er1,*er2; int client_write; EVP_CIPHER_CTX *dd; - EVP_CIPHER *c; - SSL_COMP *comp; - EVP_MD *m; + const EVP_CIPHER *c; + const SSL_COMP *comp; + const EVP_MD *m; int _exp,n,i,j,k,exp_label_len,cl; _exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); @@ -186,11 +185,26 @@ int which; comp=s->s3->tmp.new_compression; key_block=s->s3->tmp.key_block; +#ifdef KSSL_DEBUG + printf("tls1_change_cipher_state(which= %d) w/\n", which); + printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, + comp); + printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); + printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", + c->nid,c->block_size,c->key_len,c->iv_len); + printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); + { + int i; + for (i=0; is3->tmp.key_block_length; i++) + printf("%02x", key_block[i]); printf("\n"); + } +#endif /* KSSL_DEBUG */ + if (which & SSL3_CC_READ) { if ((s->enc_read_ctx == NULL) && ((s->enc_read_ctx=(EVP_CIPHER_CTX *) - Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) goto err; dd= s->enc_read_ctx; s->read_hash=m; @@ -209,7 +223,7 @@ int which; } if (s->s3->rrec.comp == NULL) s->s3->rrec.comp=(unsigned char *) - Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH); + OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH); if (s->s3->rrec.comp == NULL) goto err; } @@ -220,7 +234,7 @@ int which; { if ((s->enc_write_ctx == NULL) && ((s->enc_write_ctx=(EVP_CIPHER_CTX *) - Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) goto err; dd= s->enc_write_ctx; s->write_hash=m; @@ -311,8 +325,8 @@ printf("which = %04X\nmac key=",which); p+=SSL3_RANDOM_SIZE; memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; - tls1_PRF(s->ctx->md5,s->ctx->sha1, - buf,(int)(p-buf),"",0,iv1,iv2,k*2); + tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0, + iv1,iv2,k*2); if (client_write) iv=iv1; else @@ -321,6 +335,16 @@ printf("which = %04X\nmac key=",which); } s->session->key_arg_length=0; +#ifdef KSSL_DEBUG + { + int i; + printf("EVP_CipherInit(dd,c,key=,iv=,which)\n"); + printf("\tkey= "); for (i=0; ikey_len; i++) printf("%02x", key[i]); + printf("\n"); + printf("\t iv= "); for (i=0; iiv_len; i++) printf("%02x", iv[i]); + printf("\n"); + } +#endif /* KSSL_DEBUG */ EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); #ifdef TLS_DEBUG @@ -342,15 +366,18 @@ err2: return(0); } -int tls1_setup_key_block(s) -SSL *s; +int tls1_setup_key_block(SSL *s) { unsigned char *p1,*p2; - EVP_CIPHER *c; - EVP_MD *hash; + const EVP_CIPHER *c; + const EVP_MD *hash; int num; SSL_COMP *comp; +#ifdef KSSL_DEBUG + printf ("tls1_setup_key_block()\n"); +#endif /* KSSL_DEBUG */ + if (s->s3->tmp.key_block_length != 0) return(1); @@ -368,9 +395,9 @@ SSL *s; ssl3_cleanup_key_block(s); - if ((p1=(unsigned char *)Malloc(num)) == NULL) + if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL) goto err; - if ((p2=(unsigned char *)Malloc(num)) == NULL) + if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) goto err; s->s3->tmp.key_block_length=num; @@ -387,7 +414,7 @@ printf("pre-master\n"); #endif tls1_generate_key_block(s,p1,p2,num); memset(p2,0,num); - Free(p2); + OPENSSL_free(p2); #ifdef TLS_DEBUG printf("\nkey block\n"); { int z; for (z=0; zenc_read_ctx); } +#ifdef KSSL_DEBUG + printf("tls1_enc(%d)\n", send); +#endif /* KSSL_DEBUG */ + if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { @@ -462,8 +491,35 @@ int send; rec->length+=i; } +#ifdef KSSL_DEBUG + { + unsigned long i; + printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", + ds,rec->data,rec->input,l); + printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", + ds->buf_len, ds->cipher->key_len, + DES_KEY_SZ, DES_SCHEDULE_SZ, + ds->cipher->iv_len); + printf("\t\tIV: "); + for (i=0; icipher->iv_len; i++) printf("%02X", ds->iv[i]); + printf("\n"); + printf("\trec->input="); + for (i=0; iinput[i]); + printf("\n"); + } +#endif /* KSSL_DEBUG */ + EVP_Cipher(ds,rec->data,rec->input,l); +#ifdef KSSL_DEBUG + { + unsigned long i; + printf("\trec->data="); + for (i=0; idata[i]); printf("\n"); + } +#endif /* KSSL_DEBUG */ + if ((bs != 1) && !send) { ii=i=rec->data[l-1]; @@ -498,10 +554,7 @@ int send; return(1); } -int tls1_cert_verify_mac(s,in_ctx,out) -SSL *s; -EVP_MD_CTX *in_ctx; -unsigned char *out; +int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out) { unsigned int ret; EVP_MD_CTX ctx; @@ -511,12 +564,8 @@ unsigned char *out; return((int)ret); } -int tls1_final_finish_mac(s,in1_ctx,in2_ctx,str,slen,out) -SSL *s; -EVP_MD_CTX *in1_ctx,*in2_ctx; -unsigned char *str; -int slen; -unsigned char *out; +int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, + const char *str, int slen, unsigned char *out) { unsigned int i; EVP_MD_CTX ctx; @@ -542,14 +591,11 @@ unsigned char *out; return((int)12); } -int tls1_mac(ssl,md,send) -SSL *ssl; -unsigned char *md; -int send; +int tls1_mac(SSL *ssl, unsigned char *md, int send) { SSL3_RECORD *rec; unsigned char *mac_sec,*seq; - EVP_MD *hash; + const EVP_MD *hash; unsigned int md_size; int i; HMAC_CTX hmac; @@ -605,15 +651,16 @@ printf("rec="); return(md_size); } -int tls1_generate_master_secret(s,out,p,len) -SSL *s; -unsigned char *out; -unsigned char *p; -int len; +int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, + int len) { unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE]; unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; +#ifdef KSSL_DEBUG + printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len); +#endif /* KSSL_DEBUG */ + /* Setup the stuff to munge */ memcpy(buf,TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE); @@ -624,11 +671,13 @@ int len; tls1_PRF(s->ctx->md5,s->ctx->sha1, buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE); +#ifdef KSSL_DEBUG + printf ("tls1_generate_master_secret() complete\n"); +#endif /* KSSL_DEBUG */ return(SSL3_MASTER_SECRET_SIZE); } -int tls1_alert_code(code) -int code; +int tls1_alert_code(int code) { switch (code) { @@ -650,11 +699,11 @@ int code; case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED); case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR); case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR); - case SSL_AD_EXPORT_RESTRICION: return(TLS1_AD_EXPORT_RESTRICION); + case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION); case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION); case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY); case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); - case SSL_AD_USER_CANCLED: return(TLS1_AD_USER_CANCLED); + case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); default: return(-1); }