-Wall implies -Wuninitialized.
[openssl.git] / ssl / t1_enc.c
1 /* ssl/t1_enc.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include "comp.h"
61 #include "evp.h"
62 #include "hmac.h"
63 #include "ssl_locl.h"
64
65 static void tls1_P_hash(const EVP_MD *md, unsigned char *sec, int sec_len,
66                         unsigned char *seed, int seed_len, unsigned char *out,
67                         int olen)
68         {
69         int chunk,n;
70         unsigned int j;
71         HMAC_CTX ctx;
72         HMAC_CTX ctx_tmp;
73         unsigned char A1[HMAC_MAX_MD_CBLOCK];
74         unsigned int A1_len;
75         
76         chunk=EVP_MD_size(md);
77
78         HMAC_Init(&ctx,sec,sec_len,md);
79         HMAC_Update(&ctx,seed,seed_len);
80         HMAC_Final(&ctx,A1,&A1_len);
81
82         n=0;
83         for (;;)
84                 {
85                 HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
86                 HMAC_Update(&ctx,A1,A1_len);
87                 memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */
88                 HMAC_Update(&ctx,seed,seed_len);
89
90                 if (olen > chunk)
91                         {
92                         HMAC_Final(&ctx,out,&j);
93                         out+=j;
94                         olen-=j;
95                         HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
96                         }
97                 else    /* last one */
98                         {
99                         HMAC_Final(&ctx,A1,&A1_len);
100                         memcpy(out,A1,olen);
101                         break;
102                         }
103                 }
104         HMAC_cleanup(&ctx);
105         HMAC_cleanup(&ctx_tmp);
106         memset(A1,0,sizeof(A1));
107         }
108
109 static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
110                      unsigned char *label, int label_len, unsigned char *sec,
111                      int slen, unsigned char *out1, unsigned char *out2,
112                      int olen)
113         {
114         int len,i;
115         unsigned char *S1,*S2;
116
117         len=slen/2;
118         S1=sec;
119         S2= &(sec[len]);
120         len+=(slen&1); /* add for odd, make longer */
121
122         
123         tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
124         tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
125
126         for (i=0; i<olen; i++)
127                 out1[i]^=out2[i];
128         }
129
130 static void tls1_generate_key_block(SSL *s, unsigned char *km,
131              unsigned char *tmp, int num)
132         {
133         unsigned char *p;
134         unsigned char buf[SSL3_RANDOM_SIZE*2+
135                 TLS_MD_MAX_CONST_SIZE];
136         p=buf;
137
138         memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
139                 TLS_MD_KEY_EXPANSION_CONST_SIZE);
140         p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
141         memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
142         p+=SSL3_RANDOM_SIZE;
143         memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
144         p+=SSL3_RANDOM_SIZE;
145
146         tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
147                  s->session->master_key,s->session->master_key_length,
148                  km,tmp,num);
149         }
150
151 int tls1_change_cipher_state(SSL *s, int which)
152         {
153         unsigned char *p,*key_block,*mac_secret;
154         unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
155                 SSL3_RANDOM_SIZE*2];
156         unsigned char tmp1[EVP_MAX_KEY_LENGTH];
157         unsigned char tmp2[EVP_MAX_KEY_LENGTH];
158         unsigned char iv1[EVP_MAX_IV_LENGTH*2];
159         unsigned char iv2[EVP_MAX_IV_LENGTH*2];
160         unsigned char *ms,*key,*iv,*er1,*er2;
161         int client_write;
162         EVP_CIPHER_CTX *dd;
163         const EVP_CIPHER *c;
164         const SSL_COMP *comp;
165         const EVP_MD *m;
166         int _exp,n,i,j,k,exp_label_len,cl;
167
168         _exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
169         c=s->s3->tmp.new_sym_enc;
170         m=s->s3->tmp.new_hash;
171         comp=s->s3->tmp.new_compression;
172         key_block=s->s3->tmp.key_block;
173
174         if (which & SSL3_CC_READ)
175                 {
176                 if ((s->enc_read_ctx == NULL) &&
177                         ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
178                         Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
179                         goto err;
180                 dd= s->enc_read_ctx;
181                 s->read_hash=m;
182                 if (s->expand != NULL)
183                         {
184                         COMP_CTX_free(s->expand);
185                         s->expand=NULL;
186                         }
187                 if (comp != NULL)
188                         {
189                         s->expand=COMP_CTX_new(comp->method);
190                         if (s->expand == NULL)
191                                 {
192                                 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
193                                 goto err2;
194                                 }
195                         if (s->s3->rrec.comp == NULL)
196                                 s->s3->rrec.comp=(unsigned char *)
197                                         Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
198                         if (s->s3->rrec.comp == NULL)
199                                 goto err;
200                         }
201                 memset(&(s->s3->read_sequence[0]),0,8);
202                 mac_secret= &(s->s3->read_mac_secret[0]);
203                 }
204         else
205                 {
206                 if ((s->enc_write_ctx == NULL) &&
207                         ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
208                         Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
209                         goto err;
210                 dd= s->enc_write_ctx;
211                 s->write_hash=m;
212                 if (s->compress != NULL)
213                         {
214                         COMP_CTX_free(s->compress);
215                         s->compress=NULL;
216                         }
217                 if (comp != NULL)
218                         {
219                         s->compress=COMP_CTX_new(comp->method);
220                         if (s->compress == NULL)
221                                 {
222                                 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
223                                 goto err2;
224                                 }
225                         }
226                 memset(&(s->s3->write_sequence[0]),0,8);
227                 mac_secret= &(s->s3->write_mac_secret[0]);
228                 }
229
230         EVP_CIPHER_CTX_init(dd);
231
232         p=s->s3->tmp.key_block;
233         i=EVP_MD_size(m);
234         cl=EVP_CIPHER_key_length(c);
235         j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
236                   cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
237         /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
238         k=EVP_CIPHER_iv_length(c);
239         er1= &(s->s3->client_random[0]);
240         er2= &(s->s3->server_random[0]);
241         if (    (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
242                 (which == SSL3_CHANGE_CIPHER_SERVER_READ))
243                 {
244                 ms=  &(p[ 0]); n=i+i;
245                 key= &(p[ n]); n+=j+j;
246                 iv=  &(p[ n]); n+=k+k;
247                 exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
248                 exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
249                 client_write=1;
250                 }
251         else
252                 {
253                 n=i;
254                 ms=  &(p[ n]); n+=i+j;
255                 key= &(p[ n]); n+=j+k;
256                 iv=  &(p[ n]); n+=k;
257                 exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
258                 exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
259                 client_write=0;
260                 }
261
262         if (n > s->s3->tmp.key_block_length)
263                 {
264                 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
265                 goto err2;
266                 }
267
268         memcpy(mac_secret,ms,i);
269 #ifdef TLS_DEBUG
270 printf("which = %04X\nmac key=",which);
271 { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
272 #endif
273         if (_exp)
274                 {
275                 /* In here I set both the read and write key/iv to the
276                  * same value since only the correct one will be used :-).
277                  */
278                 p=buf;
279                 memcpy(p,exp_label,exp_label_len);
280                 p+=exp_label_len;
281                 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
282                 p+=SSL3_RANDOM_SIZE;
283                 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
284                 p+=SSL3_RANDOM_SIZE;
285                 tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
286                          tmp1,tmp2,EVP_CIPHER_key_length(c));
287                 key=tmp1;
288
289                 if (k > 0)
290                         {
291                         p=buf;
292                         memcpy(p,TLS_MD_IV_BLOCK_CONST,
293                                 TLS_MD_IV_BLOCK_CONST_SIZE);
294                         p+=TLS_MD_IV_BLOCK_CONST_SIZE;
295                         memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
296                         p+=SSL3_RANDOM_SIZE;
297                         memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
298                         p+=SSL3_RANDOM_SIZE;
299                         tls1_PRF(s->ctx->md5,s->ctx->sha1,
300                                 buf,(int)(p-buf),"",0,iv1,iv2,k*2);
301                         if (client_write)
302                                 iv=iv1;
303                         else
304                                 iv= &(iv1[k]);
305                         }
306                 }
307
308         s->session->key_arg_length=0;
309
310         EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
311 #ifdef TLS_DEBUG
312 printf("which = %04X\nkey=",which);
313 { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
314 printf("\niv=");
315 { int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
316 printf("\n");
317 #endif
318
319         memset(tmp1,0,sizeof(tmp1));
320         memset(tmp2,0,sizeof(tmp1));
321         memset(iv1,0,sizeof(iv1));
322         memset(iv2,0,sizeof(iv2));
323         return(1);
324 err:
325         SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
326 err2:
327         return(0);
328         }
329
330 int tls1_setup_key_block(SSL *s)
331         {
332         unsigned char *p1,*p2;
333         const EVP_CIPHER *c;
334         const EVP_MD *hash;
335         int num;
336         SSL_COMP *comp;
337
338         if (s->s3->tmp.key_block_length != 0)
339                 return(1);
340
341         if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
342                 {
343                 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
344                 return(0);
345                 }
346
347         s->s3->tmp.new_sym_enc=c;
348         s->s3->tmp.new_hash=hash;
349
350         num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
351         num*=2;
352
353         ssl3_cleanup_key_block(s);
354
355         if ((p1=(unsigned char *)Malloc(num)) == NULL)
356                 goto err;
357         if ((p2=(unsigned char *)Malloc(num)) == NULL)
358                 goto err;
359
360         s->s3->tmp.key_block_length=num;
361         s->s3->tmp.key_block=p1;
362
363
364 #ifdef TLS_DEBUG
365 printf("client random\n");
366 { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
367 printf("server random\n");
368 { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
369 printf("pre-master\n");
370 { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
371 #endif
372         tls1_generate_key_block(s,p1,p2,num);
373         memset(p2,0,num);
374         Free(p2);
375 #ifdef TLS_DEBUG
376 printf("\nkey block\n");
377 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
378 #endif
379
380         return(1);
381 err:
382         SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
383         return(0);
384         }
385
386 int tls1_enc(SSL *s, int send)
387         {
388         SSL3_RECORD *rec;
389         EVP_CIPHER_CTX *ds;
390         unsigned long l;
391         int bs,i,ii,j,k,n=0;
392         const EVP_CIPHER *enc;
393
394         if (send)
395                 {
396                 if (s->write_hash != NULL)
397                         n=EVP_MD_size(s->write_hash);
398                 ds=s->enc_write_ctx;
399                 rec= &(s->s3->wrec);
400                 if (s->enc_write_ctx == NULL)
401                         enc=NULL;
402                 else
403                         enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
404                 }
405         else
406                 {
407                 if (s->read_hash != NULL)
408                         n=EVP_MD_size(s->read_hash);
409                 ds=s->enc_read_ctx;
410                 rec= &(s->s3->rrec);
411                 if (s->enc_read_ctx == NULL)
412                         enc=NULL;
413                 else
414                         enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
415                 }
416
417         if ((s->session == NULL) || (ds == NULL) ||
418                 (enc == NULL))
419                 {
420                 memcpy(rec->data,rec->input,rec->length);
421                 rec->input=rec->data;
422                 }
423         else
424                 {
425                 l=rec->length;
426                 bs=EVP_CIPHER_block_size(ds->cipher);
427
428                 if ((bs != 1) && send)
429                         {
430                         i=bs-((int)l%bs);
431
432                         /* Add weird padding of upto 256 bytes */
433
434                         /* we need to add 'i' padding bytes of value j */
435                         j=i-1;
436                         if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
437                                 {
438                                 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
439                                         j++;
440                                 }
441                         for (k=(int)l; k<(int)(l+i); k++)
442                                 rec->input[k]=j;
443                         l+=i;
444                         rec->length+=i;
445                         }
446
447                 EVP_Cipher(ds,rec->data,rec->input,l);
448
449                 if ((bs != 1) && !send)
450                         {
451                         ii=i=rec->data[l-1];
452                         i++;
453                         if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
454                                 {
455                                 /* First packet is even in size, so check */
456                                 if ((memcmp(s->s3->read_sequence,
457                                         "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
458                                         s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
459                                 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
460                                         i--;
461                                 }
462                         if (i > (int)rec->length)
463                                 {
464                                 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
465                                 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
466                                 return(0);
467                                 }
468                         for (j=(int)(l-i); j<(int)l; j++)
469                                 {
470                                 if (rec->data[j] != ii)
471                                         {
472                                         SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
473                                         ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
474                                         return(0);
475                                         }
476                                 }
477                         rec->length-=i;
478                         }
479                 }
480         return(1);
481         }
482
483 int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
484         {
485         unsigned int ret;
486         EVP_MD_CTX ctx;
487
488         EVP_MD_CTX_copy(&ctx,in_ctx);
489         EVP_DigestFinal(&ctx,out,&ret);
490         return((int)ret);
491         }
492
493 int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
494              unsigned char *str, int slen, unsigned char *out)
495         {
496         unsigned int i;
497         EVP_MD_CTX ctx;
498         unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
499         unsigned char *q,buf2[12];
500
501         q=buf;
502         memcpy(q,str,slen);
503         q+=slen;
504
505         EVP_MD_CTX_copy(&ctx,in1_ctx);
506         EVP_DigestFinal(&ctx,q,&i);
507         q+=i;
508         EVP_MD_CTX_copy(&ctx,in2_ctx);
509         EVP_DigestFinal(&ctx,q,&i);
510         q+=i;
511
512         tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
513                 s->session->master_key,s->session->master_key_length,
514                 out,buf2,12);
515         memset(&ctx,0,sizeof(EVP_MD_CTX));
516
517         return((int)12);
518         }
519
520 int tls1_mac(SSL *ssl, unsigned char *md, int send)
521         {
522         SSL3_RECORD *rec;
523         unsigned char *mac_sec,*seq;
524         const EVP_MD *hash;
525         unsigned int md_size;
526         int i;
527         HMAC_CTX hmac;
528         unsigned char buf[5]; 
529
530         if (send)
531                 {
532                 rec= &(ssl->s3->wrec);
533                 mac_sec= &(ssl->s3->write_mac_secret[0]);
534                 seq= &(ssl->s3->write_sequence[0]);
535                 hash=ssl->write_hash;
536                 }
537         else
538                 {
539                 rec= &(ssl->s3->rrec);
540                 mac_sec= &(ssl->s3->read_mac_secret[0]);
541                 seq= &(ssl->s3->read_sequence[0]);
542                 hash=ssl->read_hash;
543                 }
544
545         md_size=EVP_MD_size(hash);
546
547         buf[0]=rec->type;
548         buf[1]=TLS1_VERSION_MAJOR;
549         buf[2]=TLS1_VERSION_MINOR;
550         buf[3]=rec->length>>8;
551         buf[4]=rec->length&0xff;
552
553         /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
554         HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
555         HMAC_Update(&hmac,seq,8);
556         HMAC_Update(&hmac,buf,5);
557         HMAC_Update(&hmac,rec->input,rec->length);
558         HMAC_Final(&hmac,md,&md_size);
559
560 #ifdef TLS_DEBUG
561 printf("sec=");
562 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
563 printf("seq=");
564 {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
565 printf("buf=");
566 {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
567 printf("rec=");
568 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
569 #endif
570
571         for (i=7; i>=0; i--)
572                 if (++seq[i]) break; 
573
574 #ifdef TLS_DEBUG
575 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
576 #endif
577         return(md_size);
578         }
579
580 int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
581              int len)
582         {
583         unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
584         unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
585
586         /* Setup the stuff to munge */
587         memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
588                 TLS_MD_MASTER_SECRET_CONST_SIZE);
589         memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
590                 s->s3->client_random,SSL3_RANDOM_SIZE);
591         memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
592                 s->s3->server_random,SSL3_RANDOM_SIZE);
593         tls1_PRF(s->ctx->md5,s->ctx->sha1,
594                 buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
595                 s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
596         return(SSL3_MASTER_SECRET_SIZE);
597         }
598
599 int tls1_alert_code(int code)
600         {
601         switch (code)
602                 {
603         case SSL_AD_CLOSE_NOTIFY:       return(SSL3_AD_CLOSE_NOTIFY);
604         case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
605         case SSL_AD_BAD_RECORD_MAC:     return(SSL3_AD_BAD_RECORD_MAC);
606         case SSL_AD_DECRYPTION_FAILED:  return(TLS1_AD_DECRYPTION_FAILED);
607         case SSL_AD_RECORD_OVERFLOW:    return(TLS1_AD_RECORD_OVERFLOW);
608         case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
609         case SSL_AD_HANDSHAKE_FAILURE:  return(SSL3_AD_HANDSHAKE_FAILURE);
610         case SSL_AD_NO_CERTIFICATE:     return(-1);
611         case SSL_AD_BAD_CERTIFICATE:    return(SSL3_AD_BAD_CERTIFICATE);
612         case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
613         case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
614         case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
615         case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
616         case SSL_AD_ILLEGAL_PARAMETER:  return(SSL3_AD_ILLEGAL_PARAMETER);
617         case SSL_AD_UNKNOWN_CA:         return(TLS1_AD_UNKNOWN_CA);
618         case SSL_AD_ACCESS_DENIED:      return(TLS1_AD_ACCESS_DENIED);
619         case SSL_AD_DECODE_ERROR:       return(TLS1_AD_DECODE_ERROR);
620         case SSL_AD_DECRYPT_ERROR:      return(TLS1_AD_DECRYPT_ERROR);
621         case SSL_AD_EXPORT_RESTRICION:  return(TLS1_AD_EXPORT_RESTRICION);
622         case SSL_AD_PROTOCOL_VERSION:   return(TLS1_AD_PROTOCOL_VERSION);
623         case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
624         case SSL_AD_INTERNAL_ERROR:     return(TLS1_AD_INTERNAL_ERROR);
625         case SSL_AD_USER_CANCLED:       return(TLS1_AD_USER_CANCLED);
626         case SSL_AD_NO_RENEGOTIATION:   return(TLS1_AD_NO_RENEGOTIATION);
627         default:                        return(-1);
628                 }
629         }
630