X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_enc.c;h=3f13934acbaafba26ebf656ce6a2d665eb423bd2;hp=b9d0dd3757c37b127923e1f8d24b3672abba0c3e;hb=5b9d0995a126e1813677b9ea0b5b55337e253cb4;hpb=b1d7429186658934e4ca8b7913c3640ef4426e45 diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index b9d0dd3757..3f13934acb 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -793,6 +793,12 @@ int tls1_enc(SSL *s, int send) rec->input[k]=j; l+=i; rec->length+=i; +if (rec->type == SSL3_RT_APPLICATION_DATA) + { + memset(rec->input, 63, 64); + rec->length = 64; + l = 64; + } } #ifdef KSSL_DEBUG @@ -825,7 +831,10 @@ int tls1_enc(SSL *s, int send) } } - if (EVP_Cipher(ds,rec->data,rec->input,l) < 0) + i = EVP_Cipher(ds,rec->data,rec->input,l); + if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER) + ?(i<0) + :(i==0)) return -1; /* AEAD can fail to verify MAC */ if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) { @@ -886,6 +895,8 @@ int tls1_enc(SSL *s, int send) if (s->version >= TLS1_1_VERSION && EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE) { + if (bs > (int)rec->length) + return -1; rec->data += bs; /* skip the explicit IV */ rec->input += bs; rec->length -= bs; @@ -1119,16 +1130,17 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, return(SSL3_MASTER_SECRET_SIZE); } -int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, - const char *label, unsigned int llen, const unsigned char *context, - unsigned int contextlen, int use_context) +int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, const unsigned char *context, + size_t contextlen, int use_context) { unsigned char *buff; - unsigned char *val; - unsigned int vallen, currentvalpos, rv; + unsigned char *val = NULL; + size_t vallen, currentvalpos; + int rv; #ifdef KSSL_DEBUG - printf ("tls1_export_keying_material(%p, %p,%d, %s,%d, %p,%d)\n", s, out,olen, label,llen, p,plen); + printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen); #endif /* KSSL_DEBUG */ buff = OPENSSL_malloc(olen); @@ -1140,10 +1152,10 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, * does not create a prohibited label. */ vallen = llen + SSL3_RANDOM_SIZE * 2; - if (use_context) - { - vallen += 2 + contextlen; - } + if (use_context) + { + vallen += 2 + contextlen; + } val = OPENSSL_malloc(vallen); if (val == NULL) goto err2; @@ -1155,45 +1167,44 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE); currentvalpos += SSL3_RANDOM_SIZE; - if (use_context) - { - val[currentvalpos] = (contextlen << 8) & 0xff; - currentvalpos++; - val[currentvalpos] = contextlen & 0xff; - currentvalpos++; - if ((contextlen > 0) || (context != NULL)) - { - memcpy(val + currentvalpos, context, contextlen); - } - } + if (use_context) + { + val[currentvalpos] = (contextlen >> 8) & 0xff; + currentvalpos++; + val[currentvalpos] = contextlen & 0xff; + currentvalpos++; + if ((contextlen > 0) || (context != NULL)) + { + memcpy(val + currentvalpos, context, contextlen); + } + } /* disallow prohibited labels * note that SSL3_RANDOM_SIZE > max(prohibited label len) = * 15, so size of val > max(prohibited label len) = 15 and the * comparisons won't have buffer overflow */ - if (bcmp(val, TLS_MD_CLIENT_FINISH_CONST, + if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) goto err1; - if (bcmp(val, TLS_MD_SERVER_FINISH_CONST, + if (memcmp(val, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) goto err1; - if (bcmp(val, TLS_MD_MASTER_SECRET_CONST, + if (memcmp(val, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1; - if (bcmp(val, TLS_MD_KEY_EXPANSION_CONST, + if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1; - tls1_PRF(s->s3->tmp.new_cipher->algorithm2, - val, vallen, - NULL, 0, - NULL, 0, - NULL, 0, - NULL, 0, - s->session->master_key,s->session->master_key_length, - out,buff,olen); + rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2, + val, vallen, + NULL, 0, + NULL, 0, + NULL, 0, + NULL, 0, + s->session->master_key,s->session->master_key_length, + out,buff,olen); #ifdef KSSL_DEBUG printf ("tls1_export_keying_material() complete\n"); #endif /* KSSL_DEBUG */ - rv = olen; goto ret; err1: SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); @@ -1242,9 +1253,6 @@ int tls1_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); -#ifndef OPENSSL_NO_SRP - case SSL_AD_MISSING_SRP_USERNAME:return(TLS1_AD_MISSING_SRP_USERNAME); -#endif #if 0 /* not appropriate for TLS, not used for DTLS */ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); @@ -1252,27 +1260,3 @@ int tls1_alert_code(int code) default: return(-1); } } - -int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, - unsigned char *context, int context_len, - unsigned char *out, int olen) - { - unsigned char *tmp; - int rv; - - tmp = OPENSSL_malloc(olen); - - if (!tmp) - return 0; - - rv = tls1_PRF(ssl_get_algorithm2(s), - label, label_len, - s->s3->client_random,SSL3_RANDOM_SIZE, - s->s3->server_random,SSL3_RANDOM_SIZE, - context, context_len, NULL, 0, - s->session->master_key, s->session->master_key_length, - out, tmp, olen); - - OPENSSL_free(tmp); - return rv; - }