1 | /* |
2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | * Copyright 2005 Nokia. All rights reserved. |
4 | * |
5 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
6 | * this file except in compliance with the License. You can obtain a copy |
7 | * in the file LICENSE in the source distribution or at |
8 | * https://www.openssl.org/source/license.html |
9 | */ |
10 | |
11 | #include <stdio.h> |
12 | #include "ssl_local.h" |
13 | #include <openssl/evp.h> |
14 | #include <openssl/md5.h> |
15 | #include <openssl/core_names.h> |
16 | #include "internal/cryptlib.h" |
17 | |
18 | static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) |
19 | { |
20 | EVP_MD *md5; |
21 | EVP_MD_CTX *m5; |
22 | EVP_MD_CTX *s1; |
23 | unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; |
24 | unsigned char c = 'A'; |
25 | unsigned int i, j, k; |
26 | int ret = 0; |
27 | |
28 | #ifdef CHARSET_EBCDIC |
29 | c = os_toascii[c]; /* 'A' in ASCII */ |
30 | #endif |
31 | k = 0; |
32 | md5 = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "-fips" ); |
33 | m5 = EVP_MD_CTX_new(); |
34 | s1 = EVP_MD_CTX_new(); |
35 | if (md5 == NULL || m5 == NULL || s1 == NULL) { |
36 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, |
37 | ERR_R_MALLOC_FAILURE); |
38 | goto err; |
39 | } |
40 | for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { |
41 | k++; |
42 | if (k > sizeof(buf)) { |
43 | /* bug: 'buf' is too small for this ciphersuite */ |
44 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, |
45 | ERR_R_INTERNAL_ERROR); |
46 | goto err; |
47 | } |
48 | |
49 | for (j = 0; j < k; j++) |
50 | buf[j] = c; |
51 | c++; |
52 | if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL) |
53 | || !EVP_DigestUpdate(s1, buf, k) |
54 | || !EVP_DigestUpdate(s1, s->session->master_key, |
55 | s->session->master_key_length) |
56 | || !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE) |
57 | || !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE) |
58 | || !EVP_DigestFinal_ex(s1, smd, NULL) |
59 | || !EVP_DigestInit_ex(m5, md5, NULL) |
60 | || !EVP_DigestUpdate(m5, s->session->master_key, |
61 | s->session->master_key_length) |
62 | || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) { |
63 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, |
64 | ERR_R_INTERNAL_ERROR); |
65 | goto err; |
66 | } |
67 | if ((int)(i + MD5_DIGEST_LENGTH) > num) { |
68 | if (!EVP_DigestFinal_ex(m5, smd, NULL)) { |
69 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
70 | SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); |
71 | goto err; |
72 | } |
73 | memcpy(km, smd, (num - i)); |
74 | } else { |
75 | if (!EVP_DigestFinal_ex(m5, km, NULL)) { |
76 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
77 | SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); |
78 | goto err; |
79 | } |
80 | } |
81 | |
82 | km += MD5_DIGEST_LENGTH; |
83 | } |
84 | OPENSSL_cleanse(smd, sizeof(smd)); |
85 | ret = 1; |
86 | err: |
87 | EVP_MD_CTX_free(m5); |
88 | EVP_MD_CTX_free(s1); |
89 | EVP_MD_free(md5); |
90 | return ret; |
91 | } |
92 | |
93 | int ssl3_change_cipher_state(SSL *s, int which) |
94 | { |
95 | unsigned char *p, *mac_secret; |
96 | unsigned char *ms, *key, *iv; |
97 | EVP_CIPHER_CTX *dd; |
98 | const EVP_CIPHER *c; |
99 | #ifndef OPENSSL_NO_COMP |
100 | COMP_METHOD *comp; |
101 | #endif |
102 | const EVP_MD *m; |
103 | int mdi; |
104 | size_t n, i, j, k, cl; |
105 | int reuse_dd = 0; |
106 | |
107 | c = s->s3.tmp.new_sym_enc; |
108 | m = s->s3.tmp.new_hash; |
109 | /* m == NULL will lead to a crash later */ |
110 | if (!ossl_assert(m != NULL)) { |
111 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
112 | ERR_R_INTERNAL_ERROR); |
113 | goto err; |
114 | } |
115 | #ifndef OPENSSL_NO_COMP |
116 | if (s->s3.tmp.new_compression == NULL) |
117 | comp = NULL; |
118 | else |
119 | comp = s->s3.tmp.new_compression->method; |
120 | #endif |
121 | |
122 | if (which & SSL3_CC_READ) { |
123 | if (s->enc_read_ctx != NULL) { |
124 | reuse_dd = 1; |
125 | } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { |
126 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
127 | ERR_R_MALLOC_FAILURE); |
128 | goto err; |
129 | } else { |
130 | /* |
131 | * make sure it's initialised in case we exit later with an error |
132 | */ |
133 | EVP_CIPHER_CTX_reset(s->enc_read_ctx); |
134 | } |
135 | dd = s->enc_read_ctx; |
136 | |
137 | if (ssl_replace_hash(&s->read_hash, m) == NULL) { |
138 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
139 | ERR_R_INTERNAL_ERROR); |
140 | goto err; |
141 | } |
142 | #ifndef OPENSSL_NO_COMP |
143 | /* COMPRESS */ |
144 | COMP_CTX_free(s->expand); |
145 | s->expand = NULL; |
146 | if (comp != NULL) { |
147 | s->expand = COMP_CTX_new(comp); |
148 | if (s->expand == NULL) { |
149 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
150 | SSL_F_SSL3_CHANGE_CIPHER_STATE, |
151 | SSL_R_COMPRESSION_LIBRARY_ERROR); |
152 | goto err; |
153 | } |
154 | } |
155 | #endif |
156 | RECORD_LAYER_reset_read_sequence(&s->rlayer); |
157 | mac_secret = &(s->s3.read_mac_secret[0]); |
158 | } else { |
159 | s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; |
160 | if (s->enc_write_ctx != NULL) { |
161 | reuse_dd = 1; |
162 | } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { |
163 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
164 | ERR_R_MALLOC_FAILURE); |
165 | goto err; |
166 | } else { |
167 | /* |
168 | * make sure it's initialised in case we exit later with an error |
169 | */ |
170 | EVP_CIPHER_CTX_reset(s->enc_write_ctx); |
171 | } |
172 | dd = s->enc_write_ctx; |
173 | if (ssl_replace_hash(&s->write_hash, m) == NULL) { |
174 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
175 | ERR_R_MALLOC_FAILURE); |
176 | goto err; |
177 | } |
178 | #ifndef OPENSSL_NO_COMP |
179 | /* COMPRESS */ |
180 | COMP_CTX_free(s->compress); |
181 | s->compress = NULL; |
182 | if (comp != NULL) { |
183 | s->compress = COMP_CTX_new(comp); |
184 | if (s->compress == NULL) { |
185 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
186 | SSL_F_SSL3_CHANGE_CIPHER_STATE, |
187 | SSL_R_COMPRESSION_LIBRARY_ERROR); |
188 | goto err; |
189 | } |
190 | } |
191 | #endif |
192 | RECORD_LAYER_reset_write_sequence(&s->rlayer); |
193 | mac_secret = &(s->s3.write_mac_secret[0]); |
194 | } |
195 | |
196 | if (reuse_dd) |
197 | EVP_CIPHER_CTX_reset(dd); |
198 | |
199 | p = s->s3.tmp.key_block; |
200 | mdi = EVP_MD_size(m); |
201 | if (mdi < 0) { |
202 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
203 | ERR_R_INTERNAL_ERROR); |
204 | goto err; |
205 | } |
206 | i = mdi; |
207 | cl = EVP_CIPHER_key_length(c); |
208 | j = cl; |
209 | k = EVP_CIPHER_iv_length(c); |
210 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
211 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { |
212 | ms = &(p[0]); |
213 | n = i + i; |
214 | key = &(p[n]); |
215 | n += j + j; |
216 | iv = &(p[n]); |
217 | n += k + k; |
218 | } else { |
219 | n = i; |
220 | ms = &(p[n]); |
221 | n += i + j; |
222 | key = &(p[n]); |
223 | n += j + k; |
224 | iv = &(p[n]); |
225 | n += k; |
226 | } |
227 | |
228 | if (n > s->s3.tmp.key_block_length) { |
229 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
230 | ERR_R_INTERNAL_ERROR); |
231 | goto err; |
232 | } |
233 | |
234 | memcpy(mac_secret, ms, i); |
235 | |
236 | if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { |
237 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, |
238 | ERR_R_INTERNAL_ERROR); |
239 | goto err; |
240 | } |
241 | |
242 | s->statem.enc_write_state = ENC_WRITE_STATE_VALID; |
243 | return 1; |
244 | err: |
245 | return 0; |
246 | } |
247 | |
248 | int ssl3_setup_key_block(SSL *s) |
249 | { |
250 | unsigned char *p; |
251 | const EVP_CIPHER *c; |
252 | const EVP_MD *hash; |
253 | int num; |
254 | int ret = 0; |
255 | SSL_COMP *comp; |
256 | |
257 | if (s->s3.tmp.key_block_length != 0) |
258 | return 1; |
259 | |
260 | if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) { |
261 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, |
262 | SSL_R_CIPHER_OR_HASH_UNAVAILABLE); |
263 | return 0; |
264 | } |
265 | |
266 | s->s3.tmp.new_sym_enc = c; |
267 | s->s3.tmp.new_hash = hash; |
268 | #ifdef OPENSSL_NO_COMP |
269 | s->s3.tmp.new_compression = NULL; |
270 | #else |
271 | s->s3.tmp.new_compression = comp; |
272 | #endif |
273 | |
274 | num = EVP_MD_size(hash); |
275 | if (num < 0) |
276 | return 0; |
277 | |
278 | num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c); |
279 | num *= 2; |
280 | |
281 | ssl3_cleanup_key_block(s); |
282 | |
283 | if ((p = OPENSSL_malloc(num)) == NULL) { |
284 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, |
285 | ERR_R_MALLOC_FAILURE); |
286 | return 0; |
287 | } |
288 | |
289 | s->s3.tmp.key_block_length = num; |
290 | s->s3.tmp.key_block = p; |
291 | |
292 | /* Calls SSLfatal() as required */ |
293 | ret = ssl3_generate_key_block(s, p, num); |
294 | |
295 | if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) { |
296 | /* |
297 | * enable vulnerability countermeasure for CBC ciphers with known-IV |
298 | * problem (http://www.openssl.org/~bodo/tls-cbc.txt) |
299 | */ |
300 | s->s3.need_empty_fragments = 1; |
301 | |
302 | if (s->session->cipher != NULL) { |
303 | if (s->session->cipher->algorithm_enc == SSL_eNULL) |
304 | s->s3.need_empty_fragments = 0; |
305 | |
306 | #ifndef OPENSSL_NO_RC4 |
307 | if (s->session->cipher->algorithm_enc == SSL_RC4) |
308 | s->s3.need_empty_fragments = 0; |
309 | #endif |
310 | } |
311 | } |
312 | |
313 | return ret; |
314 | } |
315 | |
316 | void ssl3_cleanup_key_block(SSL *s) |
317 | { |
318 | OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length); |
319 | s->s3.tmp.key_block = NULL; |
320 | s->s3.tmp.key_block_length = 0; |
321 | } |
322 | |
323 | int ssl3_init_finished_mac(SSL *s) |
324 | { |
325 | BIO *buf = BIO_new(BIO_s_mem()); |
326 | |
327 | if (buf == NULL) { |
328 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC, |
329 | ERR_R_MALLOC_FAILURE); |
330 | return 0; |
331 | } |
332 | ssl3_free_digest_list(s); |
333 | s->s3.handshake_buffer = buf; |
334 | (void)BIO_set_close(s->s3.handshake_buffer, BIO_CLOSE); |
335 | return 1; |
336 | } |
337 | |
338 | /* |
339 | * Free digest list. Also frees handshake buffer since they are always freed |
340 | * together. |
341 | */ |
342 | |
343 | void ssl3_free_digest_list(SSL *s) |
344 | { |
345 | BIO_free(s->s3.handshake_buffer); |
346 | s->s3.handshake_buffer = NULL; |
347 | EVP_MD_CTX_free(s->s3.handshake_dgst); |
348 | s->s3.handshake_dgst = NULL; |
349 | } |
350 | |
351 | int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) |
352 | { |
353 | int ret; |
354 | |
355 | if (s->s3.handshake_dgst == NULL) { |
356 | /* Note: this writes to a memory BIO so a failure is a fatal error */ |
357 | if (len > INT_MAX) { |
358 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, |
359 | SSL_R_OVERFLOW_ERROR); |
360 | return 0; |
361 | } |
362 | ret = BIO_write(s->s3.handshake_buffer, (void *)buf, (int)len); |
363 | if (ret <= 0 || ret != (int)len) { |
364 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, |
365 | ERR_R_INTERNAL_ERROR); |
366 | return 0; |
367 | } |
368 | } else { |
369 | ret = EVP_DigestUpdate(s->s3.handshake_dgst, buf, len); |
370 | if (!ret) { |
371 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, |
372 | ERR_R_INTERNAL_ERROR); |
373 | return 0; |
374 | } |
375 | } |
376 | return 1; |
377 | } |
378 | |
379 | int ssl3_digest_cached_records(SSL *s, int keep) |
380 | { |
381 | const EVP_MD *md; |
382 | long hdatalen; |
383 | void *hdata; |
384 | |
385 | if (s->s3.handshake_dgst == NULL) { |
386 | hdatalen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata); |
387 | if (hdatalen <= 0) { |
388 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, |
389 | SSL_R_BAD_HANDSHAKE_LENGTH); |
390 | return 0; |
391 | } |
392 | |
393 | s->s3.handshake_dgst = EVP_MD_CTX_new(); |
394 | if (s->s3.handshake_dgst == NULL) { |
395 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, |
396 | ERR_R_MALLOC_FAILURE); |
397 | return 0; |
398 | } |
399 | |
400 | md = ssl_handshake_md(s); |
401 | if (md == NULL || !EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL) |
402 | || !EVP_DigestUpdate(s->s3.handshake_dgst, hdata, hdatalen)) { |
403 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, |
404 | ERR_R_INTERNAL_ERROR); |
405 | return 0; |
406 | } |
407 | } |
408 | if (keep == 0) { |
409 | BIO_free(s->s3.handshake_buffer); |
410 | s->s3.handshake_buffer = NULL; |
411 | } |
412 | |
413 | return 1; |
414 | } |
415 | |
416 | void ssl3_digest_master_key_set_params(const SSL_SESSION *session, |
417 | OSSL_PARAM params[]) |
418 | { |
419 | int n = 0; |
420 | params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, |
421 | (void *)session->master_key, |
422 | session->master_key_length); |
423 | params[n++] = OSSL_PARAM_construct_end(); |
424 | } |
425 | |
426 | size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, |
427 | unsigned char *p) |
428 | { |
429 | int ret; |
430 | EVP_MD_CTX *ctx = NULL; |
431 | |
432 | if (!ssl3_digest_cached_records(s, 0)) { |
433 | /* SSLfatal() already called */ |
434 | return 0; |
435 | } |
436 | |
437 | if (EVP_MD_CTX_type(s->s3.handshake_dgst) != NID_md5_sha1) { |
438 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, |
439 | SSL_R_NO_REQUIRED_DIGEST); |
440 | return 0; |
441 | } |
442 | |
443 | ctx = EVP_MD_CTX_new(); |
444 | if (ctx == NULL) { |
445 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, |
446 | ERR_R_MALLOC_FAILURE); |
447 | return 0; |
448 | } |
449 | if (!EVP_MD_CTX_copy_ex(ctx, s->s3.handshake_dgst)) { |
450 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, |
451 | ERR_R_INTERNAL_ERROR); |
452 | ret = 0; |
453 | goto err; |
454 | } |
455 | |
456 | ret = EVP_MD_CTX_size(ctx); |
457 | if (ret < 0) { |
458 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, |
459 | ERR_R_INTERNAL_ERROR); |
460 | ret = 0; |
461 | goto err; |
462 | } |
463 | |
464 | if (sender != NULL) { |
465 | OSSL_PARAM digest_cmd_params[3]; |
466 | |
467 | ssl3_digest_master_key_set_params(s->session, digest_cmd_params); |
468 | |
469 | if (EVP_DigestUpdate(ctx, sender, len) <= 0 |
470 | || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0 |
471 | || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { |
472 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, |
473 | ERR_R_INTERNAL_ERROR); |
474 | ret = 0; |
475 | } |
476 | } |
477 | |
478 | err: |
479 | EVP_MD_CTX_free(ctx); |
480 | |
481 | return ret; |
482 | } |
483 | |
484 | int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, |
485 | size_t len, size_t *secret_size) |
486 | { |
487 | static const unsigned char *salt[3] = { |
488 | #ifndef CHARSET_EBCDIC |
489 | (const unsigned char *)"A" , |
490 | (const unsigned char *)"BB" , |
491 | (const unsigned char *)"CCC" , |
492 | #else |
493 | (const unsigned char *)"\x41" , |
494 | (const unsigned char *)"\x42\x42" , |
495 | (const unsigned char *)"\x43\x43\x43" , |
496 | #endif |
497 | }; |
498 | unsigned char buf[EVP_MAX_MD_SIZE]; |
499 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
500 | int i, ret = 1; |
501 | unsigned int n; |
502 | size_t ret_secret_size = 0; |
503 | |
504 | if (ctx == NULL) { |
505 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET, |
506 | ERR_R_MALLOC_FAILURE); |
507 | return 0; |
508 | } |
509 | for (i = 0; i < 3; i++) { |
510 | if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 |
511 | || EVP_DigestUpdate(ctx, salt[i], |
512 | strlen((const char *)salt[i])) <= 0 |
513 | || EVP_DigestUpdate(ctx, p, len) <= 0 |
514 | || EVP_DigestUpdate(ctx, &(s->s3.client_random[0]), |
515 | SSL3_RANDOM_SIZE) <= 0 |
516 | || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]), |
517 | SSL3_RANDOM_SIZE) <= 0 |
518 | /* TODO(size_t) : convert me */ |
519 | || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 |
520 | || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 |
521 | || EVP_DigestUpdate(ctx, p, len) <= 0 |
522 | || EVP_DigestUpdate(ctx, buf, n) <= 0 |
523 | || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { |
524 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
525 | SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); |
526 | ret = 0; |
527 | break; |
528 | } |
529 | out += n; |
530 | ret_secret_size += n; |
531 | } |
532 | EVP_MD_CTX_free(ctx); |
533 | |
534 | OPENSSL_cleanse(buf, sizeof(buf)); |
535 | if (ret) |
536 | *secret_size = ret_secret_size; |
537 | return ret; |
538 | } |
539 | |
540 | int ssl3_alert_code(int code) |
541 | { |
542 | switch (code) { |
543 | case SSL_AD_CLOSE_NOTIFY: |
544 | return SSL3_AD_CLOSE_NOTIFY; |
545 | case SSL_AD_UNEXPECTED_MESSAGE: |
546 | return SSL3_AD_UNEXPECTED_MESSAGE; |
547 | case SSL_AD_BAD_RECORD_MAC: |
548 | return SSL3_AD_BAD_RECORD_MAC; |
549 | case SSL_AD_DECRYPTION_FAILED: |
550 | return SSL3_AD_BAD_RECORD_MAC; |
551 | case SSL_AD_RECORD_OVERFLOW: |
552 | return SSL3_AD_BAD_RECORD_MAC; |
553 | case SSL_AD_DECOMPRESSION_FAILURE: |
554 | return SSL3_AD_DECOMPRESSION_FAILURE; |
555 | case SSL_AD_HANDSHAKE_FAILURE: |
556 | return SSL3_AD_HANDSHAKE_FAILURE; |
557 | case SSL_AD_NO_CERTIFICATE: |
558 | return SSL3_AD_NO_CERTIFICATE; |
559 | case SSL_AD_BAD_CERTIFICATE: |
560 | return SSL3_AD_BAD_CERTIFICATE; |
561 | case SSL_AD_UNSUPPORTED_CERTIFICATE: |
562 | return SSL3_AD_UNSUPPORTED_CERTIFICATE; |
563 | case SSL_AD_CERTIFICATE_REVOKED: |
564 | return SSL3_AD_CERTIFICATE_REVOKED; |
565 | case SSL_AD_CERTIFICATE_EXPIRED: |
566 | return SSL3_AD_CERTIFICATE_EXPIRED; |
567 | case SSL_AD_CERTIFICATE_UNKNOWN: |
568 | return SSL3_AD_CERTIFICATE_UNKNOWN; |
569 | case SSL_AD_ILLEGAL_PARAMETER: |
570 | return SSL3_AD_ILLEGAL_PARAMETER; |
571 | case SSL_AD_UNKNOWN_CA: |
572 | return SSL3_AD_BAD_CERTIFICATE; |
573 | case SSL_AD_ACCESS_DENIED: |
574 | return SSL3_AD_HANDSHAKE_FAILURE; |
575 | case SSL_AD_DECODE_ERROR: |
576 | return SSL3_AD_HANDSHAKE_FAILURE; |
577 | case SSL_AD_DECRYPT_ERROR: |
578 | return SSL3_AD_HANDSHAKE_FAILURE; |
579 | case SSL_AD_EXPORT_RESTRICTION: |
580 | return SSL3_AD_HANDSHAKE_FAILURE; |
581 | case SSL_AD_PROTOCOL_VERSION: |
582 | return SSL3_AD_HANDSHAKE_FAILURE; |
583 | case SSL_AD_INSUFFICIENT_SECURITY: |
584 | return SSL3_AD_HANDSHAKE_FAILURE; |
585 | case SSL_AD_INTERNAL_ERROR: |
586 | return SSL3_AD_HANDSHAKE_FAILURE; |
587 | case SSL_AD_USER_CANCELLED: |
588 | return SSL3_AD_HANDSHAKE_FAILURE; |
589 | case SSL_AD_NO_RENEGOTIATION: |
590 | return -1; /* Don't send it :-) */ |
591 | case SSL_AD_UNSUPPORTED_EXTENSION: |
592 | return SSL3_AD_HANDSHAKE_FAILURE; |
593 | case SSL_AD_CERTIFICATE_UNOBTAINABLE: |
594 | return SSL3_AD_HANDSHAKE_FAILURE; |
595 | case SSL_AD_UNRECOGNIZED_NAME: |
596 | return SSL3_AD_HANDSHAKE_FAILURE; |
597 | case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: |
598 | return SSL3_AD_HANDSHAKE_FAILURE; |
599 | case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: |
600 | return SSL3_AD_HANDSHAKE_FAILURE; |
601 | case SSL_AD_UNKNOWN_PSK_IDENTITY: |
602 | return TLS1_AD_UNKNOWN_PSK_IDENTITY; |
603 | case SSL_AD_INAPPROPRIATE_FALLBACK: |
604 | return TLS1_AD_INAPPROPRIATE_FALLBACK; |
605 | case SSL_AD_NO_APPLICATION_PROTOCOL: |
606 | return TLS1_AD_NO_APPLICATION_PROTOCOL; |
607 | case SSL_AD_CERTIFICATE_REQUIRED: |
608 | return SSL_AD_HANDSHAKE_FAILURE; |
609 | default: |
610 | return -1; |
611 | } |
612 | } |
613 | |