j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
- /* If GCM mode only part of IV comes from PRF */
+ /* If GCM/CCM mode only part of IV comes from PRF */
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
k = EVP_GCM_TLS_FIXED_IV_LEN;
+ else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
+ k = EVP_CCM_TLS_FIXED_IV_LEN;
else
k = EVP_CIPHER_iv_length(c);
if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
+ } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
+ int taglen;
+ if (s->s3->tmp.new_cipher->algorithm_enc & (SSL_AES128CCM8|SSL_AES256CCM8))
+ taglen = 8;
+ else
+ taglen = 16;
+ if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
+ || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
+ || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
+ || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, k, iv)
+ || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
+ SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ goto err2;
+ }
} else {
if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
EVP_MD_CTX ctx, *d = NULL;
int i;
- if (s->s3->handshake_buffer)
- if (!ssl3_digest_cached_records(s))
- return 0;
+ if (!ssl3_digest_cached_records(s, 0))
+ return 0;
for (i = 0; i < SSL_MAX_DIGEST; i++) {
if (s->s3->handshake_dgst[i]
unsigned char hash[2 * EVP_MAX_MD_SIZE];
unsigned char buf2[12];
- if (s->s3->handshake_buffer)
- if (!ssl3_digest_cached_records(s))
- return 0;
+ if (!ssl3_digest_cached_records(s, 0))
+ return 0;
hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
unsigned char hash[EVP_MAX_MD_SIZE * 2];
int hashlen;
- /* If we don't have any digests cache records */
- if (s->s3->handshake_buffer) {
- /*
- * keep record buffer: this wont affect client auth because we're
- * freezing the buffer at the same point (after client key
- * exchange and before certificate verify)
- */
- s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
- if (!ssl3_digest_cached_records(s))
- return -1;
- }
+ /* Digest cached records keeping record buffer (if present):
+ * this wont affect client auth because we're freezing the buffer
+ * at the same point (after client key exchange and before certificate
+ * verify)
+ */
+ if (!ssl3_digest_cached_records(s, 1))
+ return -1;
hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
#ifdef SSL_DEBUG
fprintf(stderr, "Handshake hashes:\n");
{
unsigned char *buff;
unsigned char *val = NULL;
- size_t vallen, currentvalpos;
+ size_t vallen = 0, currentvalpos;
int rv;
buff = OPENSSL_malloc(olen);