t1_enc.c (205128) | t1_enc.c (215697) |
---|---|
1/* ssl/t1_enc.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 111 unchanged lines hidden (view full) --- 120#ifdef KSSL_DEBUG 121#include <openssl/des.h> 122#endif 123 124static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, 125 int sec_len, unsigned char *seed, int seed_len, 126 unsigned char *out, int olen) 127 { | 1/* ssl/t1_enc.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 111 unchanged lines hidden (view full) --- 120#ifdef KSSL_DEBUG 121#include <openssl/des.h> 122#endif 123 124static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, 125 int sec_len, unsigned char *seed, int seed_len, 126 unsigned char *out, int olen) 127 { |
128 int chunk,n; | 128 int chunk; |
129 unsigned int j; 130 HMAC_CTX ctx; 131 HMAC_CTX ctx_tmp; 132 unsigned char A1[EVP_MAX_MD_SIZE]; 133 unsigned int A1_len; 134 135 chunk=EVP_MD_size(md); 136 137 HMAC_CTX_init(&ctx); 138 HMAC_CTX_init(&ctx_tmp); 139 HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 140 HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 141 HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); 142 HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); 143 HMAC_Update(&ctx,seed,seed_len); 144 HMAC_Final(&ctx,A1,&A1_len); 145 | 129 unsigned int j; 130 HMAC_CTX ctx; 131 HMAC_CTX ctx_tmp; 132 unsigned char A1[EVP_MAX_MD_SIZE]; 133 unsigned int A1_len; 134 135 chunk=EVP_MD_size(md); 136 137 HMAC_CTX_init(&ctx); 138 HMAC_CTX_init(&ctx_tmp); 139 HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 140 HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 141 HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); 142 HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); 143 HMAC_Update(&ctx,seed,seed_len); 144 HMAC_Final(&ctx,A1,&A1_len); 145 |
146 n=0; | |
147 for (;;) 148 { 149 HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ 150 HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ 151 HMAC_Update(&ctx,A1,A1_len); 152 HMAC_Update(&ctx_tmp,A1,A1_len); 153 HMAC_Update(&ctx,seed,seed_len); 154 --- 67 unchanged lines hidden (view full) --- 222 } 223 printf("\n"); } 224#endif /* KSSL_DEBUG */ 225 } 226 227int tls1_change_cipher_state(SSL *s, int which) 228 { 229 static const unsigned char empty[]=""; | 146 for (;;) 147 { 148 HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ 149 HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ 150 HMAC_Update(&ctx,A1,A1_len); 151 HMAC_Update(&ctx_tmp,A1,A1_len); 152 HMAC_Update(&ctx,seed,seed_len); 153 --- 67 unchanged lines hidden (view full) --- 221 } 222 printf("\n"); } 223#endif /* KSSL_DEBUG */ 224 } 225 226int tls1_change_cipher_state(SSL *s, int which) 227 { 228 static const unsigned char empty[]=""; |
230 unsigned char *p,*key_block,*mac_secret; | 229 unsigned char *p,*mac_secret; |
231 unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+ 232 SSL3_RANDOM_SIZE*2]; 233 unsigned char tmp1[EVP_MAX_KEY_LENGTH]; 234 unsigned char tmp2[EVP_MAX_KEY_LENGTH]; 235 unsigned char iv1[EVP_MAX_IV_LENGTH*2]; 236 unsigned char iv2[EVP_MAX_IV_LENGTH*2]; | 230 unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+ 231 SSL3_RANDOM_SIZE*2]; 232 unsigned char tmp1[EVP_MAX_KEY_LENGTH]; 233 unsigned char tmp2[EVP_MAX_KEY_LENGTH]; 234 unsigned char iv1[EVP_MAX_IV_LENGTH*2]; 235 unsigned char iv2[EVP_MAX_IV_LENGTH*2]; |
237 unsigned char *ms,*key,*iv,*er1,*er2; | 236 unsigned char *ms,*key,*iv; |
238 int client_write; 239 EVP_CIPHER_CTX *dd; 240 const EVP_CIPHER *c; 241#ifndef OPENSSL_NO_COMP 242 const SSL_COMP *comp; 243#endif 244 const EVP_MD *m; 245 int is_export,n,i,j,k,exp_label_len,cl; 246 int reuse_dd = 0; 247 248 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); 249 c=s->s3->tmp.new_sym_enc; 250 m=s->s3->tmp.new_hash; 251#ifndef OPENSSL_NO_COMP 252 comp=s->s3->tmp.new_compression; 253#endif | 237 int client_write; 238 EVP_CIPHER_CTX *dd; 239 const EVP_CIPHER *c; 240#ifndef OPENSSL_NO_COMP 241 const SSL_COMP *comp; 242#endif 243 const EVP_MD *m; 244 int is_export,n,i,j,k,exp_label_len,cl; 245 int reuse_dd = 0; 246 247 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); 248 c=s->s3->tmp.new_sym_enc; 249 m=s->s3->tmp.new_hash; 250#ifndef OPENSSL_NO_COMP 251 comp=s->s3->tmp.new_compression; 252#endif |
254 key_block=s->s3->tmp.key_block; | |
255 256#ifdef KSSL_DEBUG | 253 254#ifdef KSSL_DEBUG |
255 key_block=s->s3->tmp.key_block; 256 |
|
257 printf("tls1_change_cipher_state(which= %d) w/\n", which); 258 printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, 259 (void *)comp); 260 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c); 261 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", 262 c->nid,c->block_size,c->key_len,c->iv_len); 263 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); 264 { --- 78 unchanged lines hidden (view full) --- 343 344 p=s->s3->tmp.key_block; 345 i=EVP_MD_size(m); 346 cl=EVP_CIPHER_key_length(c); 347 j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? 348 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; 349 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ 350 k=EVP_CIPHER_iv_length(c); | 257 printf("tls1_change_cipher_state(which= %d) w/\n", which); 258 printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, 259 (void *)comp); 260 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c); 261 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", 262 c->nid,c->block_size,c->key_len,c->iv_len); 263 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); 264 { --- 78 unchanged lines hidden (view full) --- 343 344 p=s->s3->tmp.key_block; 345 i=EVP_MD_size(m); 346 cl=EVP_CIPHER_key_length(c); 347 j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? 348 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; 349 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ 350 k=EVP_CIPHER_iv_length(c); |
351 er1= &(s->s3->client_random[0]); 352 er2= &(s->s3->server_random[0]); | |
353 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || 354 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) 355 { 356 ms= &(p[ 0]); n=i+i; 357 key= &(p[ n]); n+=j+j; 358 iv= &(p[ n]); n+=k+k; 359 exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST; 360 exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; --- 169 unchanged lines hidden (view full) --- 530 return(0); 531 } 532 533int tls1_enc(SSL *s, int send) 534 { 535 SSL3_RECORD *rec; 536 EVP_CIPHER_CTX *ds; 537 unsigned long l; | 351 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || 352 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) 353 { 354 ms= &(p[ 0]); n=i+i; 355 key= &(p[ n]); n+=j+j; 356 iv= &(p[ n]); n+=k+k; 357 exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST; 358 exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; --- 169 unchanged lines hidden (view full) --- 528 return(0); 529 } 530 531int tls1_enc(SSL *s, int send) 532 { 533 SSL3_RECORD *rec; 534 EVP_CIPHER_CTX *ds; 535 unsigned long l; |
538 int bs,i,ii,j,k,n=0; | 536 int bs,i,ii,j,k; |
539 const EVP_CIPHER *enc; 540 541 if (send) 542 { | 537 const EVP_CIPHER *enc; 538 539 if (send) 540 { |
543 if (s->write_hash != NULL) 544 n=EVP_MD_size(s->write_hash); | |
545 ds=s->enc_write_ctx; 546 rec= &(s->s3->wrec); 547 if (s->enc_write_ctx == NULL) 548 enc=NULL; 549 else 550 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); 551 } 552 else 553 { | 541 ds=s->enc_write_ctx; 542 rec= &(s->s3->wrec); 543 if (s->enc_write_ctx == NULL) 544 enc=NULL; 545 else 546 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); 547 } 548 else 549 { |
554 if (s->read_hash != NULL) 555 n=EVP_MD_size(s->read_hash); | |
556 ds=s->enc_read_ctx; 557 rec= &(s->s3->rrec); 558 if (s->enc_read_ctx == NULL) 559 enc=NULL; 560 else 561 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 562 } 563 --- 309 unchanged lines hidden --- | 550 ds=s->enc_read_ctx; 551 rec= &(s->s3->rrec); 552 if (s->enc_read_ctx == NULL) 553 enc=NULL; 554 else 555 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 556 } 557 --- 309 unchanged lines hidden --- |