summaryrefslogtreecommitdiff
path: root/app/openssl/ssl/t1_enc.c
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-09-23 18:10:57 +0200
committerParménides GV <parmegv@sdf.org>2014-09-23 18:10:57 +0200
commitd0e7ba3029b2fd42582413aa95773fe7dbdede90 (patch)
tree733b8601d6e3a070fc54bde280526e16d0c69507 /app/openssl/ssl/t1_enc.c
parent248ce016ac2f33df9673e90277733abfd854f27d (diff)
Updated native subprojects from ics-openvpn.
Diffstat (limited to 'app/openssl/ssl/t1_enc.c')
-rw-r--r--app/openssl/ssl/t1_enc.c99
1 files changed, 60 insertions, 39 deletions
diff --git a/app/openssl/ssl/t1_enc.c b/app/openssl/ssl/t1_enc.c
index 2ed2e076..22dd3cab 100644
--- a/app/openssl/ssl/t1_enc.c
+++ b/app/openssl/ssl/t1_enc.c
@@ -895,54 +895,79 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
return((int)ret);
}
+/* tls1_handshake_digest calculates the current handshake hash and writes it to
+ * |out|, which has space for |out_len| bytes. It returns the number of bytes
+ * written or -1 in the event of an error. This function works on a copy of the
+ * underlying digests so can be called multiple times and prior to the final
+ * update etc. */
+int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len)
+ {
+ const EVP_MD *md;
+ EVP_MD_CTX ctx;
+ int i, err = 0, len = 0;
+ long mask;
+
+ EVP_MD_CTX_init(&ctx);
+
+ for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++)
+ {
+ int hash_size;
+ unsigned int digest_len;
+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i];
+
+ if ((mask & ssl_get_algorithm2(s)) == 0)
+ continue;
+
+ hash_size = EVP_MD_size(md);
+ if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len)
+ {
+ err = 1;
+ break;
+ }
+
+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
+ !EVP_DigestFinal_ex(&ctx, out, &digest_len) ||
+ digest_len != (unsigned int)hash_size) /* internal error */
+ {
+ err = 1;
+ break;
+ }
+ out += digest_len;
+ out_len -= digest_len;
+ len += digest_len;
+ }
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ if (err != 0)
+ return -1;
+ return len;
+ }
+
int tls1_final_finish_mac(SSL *s,
const char *str, int slen, unsigned char *out)
{
- unsigned int i;
- EVP_MD_CTX ctx;
unsigned char buf[2*EVP_MAX_MD_SIZE];
- unsigned char *q,buf2[12];
- int idx;
- long mask;
+ unsigned char buf2[12];
int err=0;
- const EVP_MD *md;
+ int digests_len;
- q=buf;
-
- if (s->s3->handshake_buffer)
+ if (s->s3->handshake_buffer)
if (!ssl3_digest_cached_records(s))
return 0;
- EVP_MD_CTX_init(&ctx);
-
- for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
+ digests_len = tls1_handshake_digest(s, buf, sizeof(buf));
+ if (digests_len < 0)
{
- if (mask & ssl_get_algorithm2(s))
- {
- int hashsize = EVP_MD_size(md);
- EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
- if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
- {
- /* internal error: 'buf' is too small for this cipersuite! */
- err = 1;
- }
- else
- {
- if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
- !EVP_DigestFinal_ex(&ctx,q,&i) ||
- (i != (unsigned int)hashsize))
- err = 1;
- q+=hashsize;
- }
- }
+ err = 1;
+ digests_len = 0;
}
-
+
if (!tls1_PRF(ssl_get_algorithm2(s),
- str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
+ str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0,
s->session->master_key,s->session->master_key_length,
out,buf2,sizeof buf2))
err = 1;
- EVP_MD_CTX_cleanup(&ctx);
if (err)
return 0;
@@ -1048,14 +1073,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
if (!stream_mac)
EVP_MD_CTX_cleanup(&hmac);
#ifdef TLS_DEBUG
-printf("sec=");
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
printf("seq=");
{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
-printf("buf=");
-{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",rec->data[z]); printf("\n"); }
#endif
if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
@@ -1185,7 +1206,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
- rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ rv = tls1_PRF(ssl_get_algorithm2(s),
val, vallen,
NULL, 0,
NULL, 0,