1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * All rights reserved. 3d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This package is an SSL implementation written 5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * by Eric Young (eay@cryptsoft.com). 6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The implementation was written so as to conform with Netscapes SSL. 7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This library is free for commercial and non-commercial use as long as 9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the following conditions are aheared to. The following conditions 10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * apply to all code found in this distribution, be it the RC4, RSA, 11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * included with this distribution is covered by the same copyright terms 13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright remains Eric Young's, and as such any Copyright notices in 16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the code are not to be removed. 17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * If this package is used in a product, Eric Young should be given attribution 18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * as the author of the parts of the library used. 19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This can be in the form of a textual message at program startup or 20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * in documentation (online or textual) provided with the package. 21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the copyright 26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer. 27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in the 29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * documentation and/or other materials provided with the distribution. 30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this software 31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * must display the following acknowledgement: 32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes cryptographic software written by 33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Eric Young (eay@cryptsoft.com)" 34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The word 'cryptographic' can be left out if the rouines from the library 35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * being used are not cryptographic related :-). 36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. If you include any Windows specific code (or a derivative thereof) from 37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the apps directory (application code) you must include an acknowledgement: 38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SUCH DAMAGE. 51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The licence and distribution terms for any publically available version or 53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * derivative of this code cannot be changed. i.e. this code cannot simply be 54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * copied and put under another distribution licence 55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * [including the GNU Public Licence.] 56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 64d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the above copyright 65d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer. 66d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 67d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in 69d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the documentation and/or other materials provided with the 70d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * distribution. 71d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 72d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this 73d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * software must display the following acknowledgment: 74d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 75d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 76d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 77d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 78d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * endorse or promote products derived from this software without 79d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * prior written permission. For written permission, please contact 80d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * openssl-core@openssl.org. 81d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 82d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 5. Products derived from this software may not be called "OpenSSL" 83d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * nor may "OpenSSL" appear in their names without prior written 84d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * permission of the OpenSSL Project. 85d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 86d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 6. Redistributions of any form whatsoever must retain the following 87d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * acknowledgment: 88d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 89d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 90d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 91d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 92d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 93d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 94d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 95d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 96d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 97d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 98d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 99d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 100d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 101d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 103d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ==================================================================== 104d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 105d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This product includes cryptographic software written by Eric Young 106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * (eay@cryptsoft.com). This product includes software written by Tim 107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Hudson (tjh@cryptsoft.com). */ 108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 109d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ECC cipher suite support in OpenSSL originally developed by 111d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ 112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 113b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root#include <openssl/ssl.h> 114b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root 115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <assert.h> 116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <limits.h> 117d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <stdio.h> 118d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <string.h> 119d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 120d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/buf.h> 121e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#include <openssl/err.h> 122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/evp.h> 123d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/mem.h> 124d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/md5.h> 125d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/obj.h> 126d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/rand.h> 127d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/sha.h> 128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/x509.h> 129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 130e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#include "internal.h" 131d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 132d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1334139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley/* ssl3_do_write sends |ssl->init_buf| in records of type 'type' 134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC). It returns -1 on error, 1 135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * on success or zero if the transmission is still incomplete. */ 1364139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langleyint ssl3_do_write(SSL *ssl, int type) { 137d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int n; 138d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1394139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley n = ssl3_write_bytes(ssl, type, &ssl->init_buf->data[ssl->init_off], 1404139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_num); 141d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (n < 0) { 142d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return -1; 143d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 144d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1454139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (n == ssl->init_num) { 1464139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->msg_callback) { 1474139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->msg_callback(1, ssl->version, type, ssl->init_buf->data, 1484139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley (size_t)(ssl->init_off + ssl->init_num), ssl, 1494139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->msg_callback_arg); 150d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 151d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 1; 152d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 153d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1544139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_off += n; 1554139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_num -= n; 156d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 0; 157d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 158d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1594139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langleyint ssl3_send_finished(SSL *ssl, int a, int b, const char *sender, int slen) { 160d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *p; 161d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int n; 162d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1634139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->state == a) { 1644139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley p = ssl_handshake_start(ssl); 165d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1664139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley n = ssl->enc_method->final_finish_mac(ssl, sender, slen, 1674139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->s3->tmp.finish_md); 168d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (n == 0) { 169d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 0; 170d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 1714139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->s3->tmp.finish_md_len = n; 1724139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley memcpy(p, ssl->s3->tmp.finish_md, n); 173d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 174d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Log the master secret, if logging is enabled. */ 1754139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (!ssl_log_master_secret(ssl, ssl->s3->client_random, SSL3_RANDOM_SIZE, 1764139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->session->master_key, 1774139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->session->master_key_length)) { 178d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 0; 179d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 180d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 181e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* Copy the finished so we can use it for renegotiation checks */ 1824139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->server) { 183d9e397b599b13d642138480a28c14db7a136bf0Adam Langley assert(n <= EVP_MAX_MD_SIZE); 1844139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley memcpy(ssl->s3->previous_server_finished, ssl->s3->tmp.finish_md, n); 1854139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->s3->previous_server_finished_len = n; 186d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } else { 187d9e397b599b13d642138480a28c14db7a136bf0Adam Langley assert(n <= EVP_MAX_MD_SIZE); 1884139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley memcpy(ssl->s3->previous_client_finished, ssl->s3->tmp.finish_md, n); 1894139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->s3->previous_client_finished_len = n; 190d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 191d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1924139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (!ssl_set_handshake_header(ssl, SSL3_MT_FINISHED, n)) { 193e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley return 0; 194e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley } 1954139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->state = b; 196d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 197d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 198d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* SSL3_ST_SEND_xxxxxx_HELLO_B */ 1994139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley return ssl_do_write(ssl); 200d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 201d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 202f4e427204234da139fd0585def4b4e22502e33f0Adam Langley/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen 203f4e427204234da139fd0585def4b4e22502e33f0Adam Langley * so far. */ 2044139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langleystatic void ssl3_take_mac(SSL *ssl) { 205d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const char *sender; 206d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int slen; 207d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 208d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* If no new cipher setup then return immediately: other functions will set 209d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the appropriate error. */ 2104139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->s3->tmp.new_cipher == NULL) { 211d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return; 212d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 213d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2144139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->state & SSL_ST_CONNECT) { 2154139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley sender = ssl->enc_method->server_finished_label; 2164139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley slen = ssl->enc_method->server_finished_label_len; 217d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } else { 2184139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley sender = ssl->enc_method->client_finished_label; 2194139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley slen = ssl->enc_method->client_finished_label_len; 220d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 221d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2224139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->s3->tmp.peer_finish_md_len = ssl->enc_method->final_finish_mac( 2234139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl, sender, slen, ssl->s3->tmp.peer_finish_md); 224d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 225d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2264139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langleyint ssl3_get_finished(SSL *ssl, int a, int b) { 227d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int al, finished_len, ok; 228d9e397b599b13d642138480a28c14db7a136bf0Adam Langley long message_len; 229d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *p; 230d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2314139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley message_len = ssl->method->ssl_get_message( 2324139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl, a, b, SSL3_MT_FINISHED, EVP_MAX_MD_SIZE, ssl_dont_hash_message, &ok); 233d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 234d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (!ok) { 235d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return message_len; 236d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 237d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 238d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Snapshot the finished hash before incorporating the new message. */ 2394139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl3_take_mac(ssl); 2404139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (!ssl3_hash_current_message(ssl)) { 241e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley goto err; 242e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley } 243d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2444139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley p = ssl->init_msg; 2454139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley finished_len = ssl->s3->tmp.peer_finish_md_len; 246d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 247d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (finished_len != message_len) { 248d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_DECODE_ERROR; 249b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_DIGEST_LENGTH); 250d9e397b599b13d642138480a28c14db7a136bf0Adam Langley goto f_err; 251d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 252d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2534139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (CRYPTO_memcmp(p, ssl->s3->tmp.peer_finish_md, finished_len) != 0) { 254d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_DECRYPT_ERROR; 255b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED); 256d9e397b599b13d642138480a28c14db7a136bf0Adam Langley goto f_err; 257d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 258d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 259d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Copy the finished so we can use it for renegotiation checks */ 2604139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->server) { 261d9e397b599b13d642138480a28c14db7a136bf0Adam Langley assert(finished_len <= EVP_MAX_MD_SIZE); 2624139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley memcpy(ssl->s3->previous_client_finished, ssl->s3->tmp.peer_finish_md, 2634139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley finished_len); 2644139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->s3->previous_client_finished_len = finished_len; 265d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } else { 266d9e397b599b13d642138480a28c14db7a136bf0Adam Langley assert(finished_len <= EVP_MAX_MD_SIZE); 2674139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley memcpy(ssl->s3->previous_server_finished, ssl->s3->tmp.peer_finish_md, 2684139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley finished_len); 2694139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->s3->previous_server_finished_len = finished_len; 270d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 271d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 272d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 1; 273d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 274d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyf_err: 2754139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl3_send_alert(ssl, SSL3_AL_FATAL, al); 276e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyerr: 277d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 0; 278d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 279d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 280d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* for these 2 messages, we need to 2814139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley * ssl->enc_read_ctx re-init 2824139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley * ssl->s3->read_sequence zero 2834139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley * ssl->s3->read_mac_secret re-init 2844139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley * ssl->session->read_sym_enc assign 2854139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley * ssl->session->read_compression assign 2864139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley * ssl->session->read_hash assign */ 2874139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langleyint ssl3_send_change_cipher_spec(SSL *ssl, int a, int b) { 2884139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->state == a) { 2894139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley *((uint8_t *)ssl->init_buf->data) = SSL3_MT_CCS; 2904139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_num = 1; 2914139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_off = 0; 2924139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley 2934139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->state = b; 294d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 295d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 296d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* SSL3_ST_CW_CHANGE_B */ 2974139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley return ssl3_do_write(ssl, SSL3_RT_CHANGE_CIPHER_SPEC); 298d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 299d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 3004139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langleyint ssl3_output_cert_chain(SSL *ssl) { 301d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *p; 3024139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley unsigned long l = 3 + SSL_HM_HEADER_LENGTH(ssl); 303d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 3044139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (!ssl_add_cert_chain(ssl, &l)) { 305d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 0; 306d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 307d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 3084139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley l -= 3 + SSL_HM_HEADER_LENGTH(ssl); 3094139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley p = ssl_handshake_start(ssl); 310d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l2n3(l, p); 311d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l += 3; 3124139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley return ssl_set_handshake_header(ssl, SSL3_MT_CERTIFICATE, l); 313d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 314d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 315d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Obtain handshake message of message type |msg_type| (any if |msg_type| == -1), 316d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * maximum acceptable body length |max|. The first four bytes (msg_type and 3174139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley * length) are read in state |header_state|, the body is read in state 3184139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley * |body_state|. */ 3194139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langleylong ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type, 320e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley long max, enum ssl_hash_message_t hash_message, int *ok) { 321d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *p; 322d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned long l; 323d9e397b599b13d642138480a28c14db7a136bf0Adam Langley long n; 324d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int al; 325d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 3264139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->s3->tmp.reuse_message) { 327e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* A ssl_dont_hash_message call cannot be combined with reuse_message; the 328e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * ssl_dont_hash_message would have to have been applied to the previous 329e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * call. */ 330e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley assert(hash_message == ssl_hash_message); 3314139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->s3->tmp.reuse_message = 0; 3324139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (msg_type >= 0 && ssl->s3->tmp.message_type != msg_type) { 333d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_UNEXPECTED_MESSAGE; 334b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE); 335d9e397b599b13d642138480a28c14db7a136bf0Adam Langley goto f_err; 336d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 337d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *ok = 1; 3384139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->state = body_state; 3394139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_msg = (uint8_t *)ssl->init_buf->data + 4; 3404139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_num = (int)ssl->s3->tmp.message_size; 3414139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley return ssl->init_num; 342d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 343d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 3444139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley p = (uint8_t *)ssl->init_buf->data; 345d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 3464139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->state == header_state) { 3474139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley assert(ssl->init_num < 4); 348d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 349d9e397b599b13d642138480a28c14db7a136bf0Adam Langley for (;;) { 3504139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley while (ssl->init_num < 4) { 3514139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley int bytes_read = ssl3_read_bytes( 3524139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl, SSL3_RT_HANDSHAKE, &p[ssl->init_num], 4 - ssl->init_num, 0); 353d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (bytes_read <= 0) { 354d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *ok = 0; 355d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return bytes_read; 356d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 3574139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_num += bytes_read; 358d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 359d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 360d9e397b599b13d642138480a28c14db7a136bf0Adam Langley static const uint8_t kHelloRequest[4] = {SSL3_MT_HELLO_REQUEST, 0, 0, 0}; 3614139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->server || memcmp(p, kHelloRequest, sizeof(kHelloRequest)) != 0) { 362d9e397b599b13d642138480a28c14db7a136bf0Adam Langley break; 363d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 364d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 365d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* The server may always send 'Hello Request' messages -- we are doing 366d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * a handshake anyway now, so ignore them if their format is correct. 367d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Does not count for 'Finished' MAC. */ 3684139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_num = 0; 369d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 3704139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->msg_callback) { 3714139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->msg_callback(0, ssl->version, SSL3_RT_HANDSHAKE, p, 4, ssl, 3724139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->msg_callback_arg); 373d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 374d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 375d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 3764139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley /* ssl->init_num == 4 */ 377d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 378d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (msg_type >= 0 && *p != msg_type) { 379d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_UNEXPECTED_MESSAGE; 380b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE); 381d9e397b599b13d642138480a28c14db7a136bf0Adam Langley goto f_err; 382d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 3834139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->s3->tmp.message_type = *(p++); 384d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 385d9e397b599b13d642138480a28c14db7a136bf0Adam Langley n2l3(p, l); 386d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (l > (unsigned long)max) { 387d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_ILLEGAL_PARAMETER; 388b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE); 389d9e397b599b13d642138480a28c14db7a136bf0Adam Langley goto f_err; 390d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 391d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 3924139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (l && !BUF_MEM_grow_clean(ssl->init_buf, l + 4)) { 393b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); 394d9e397b599b13d642138480a28c14db7a136bf0Adam Langley goto err; 395d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 3964139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->s3->tmp.message_size = l; 3974139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->state = body_state; 398d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 3994139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_msg = (uint8_t *)ssl->init_buf->data + 4; 4004139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_num = 0; 401d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 402d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 403d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* next state (body_state) */ 4044139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley p = ssl->init_msg; 4054139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley n = ssl->s3->tmp.message_size - ssl->init_num; 406d9e397b599b13d642138480a28c14db7a136bf0Adam Langley while (n > 0) { 4074139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley int bytes_read = 4084139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl3_read_bytes(ssl, SSL3_RT_HANDSHAKE, &p[ssl->init_num], n, 0); 409d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (bytes_read <= 0) { 4104139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->rwstate = SSL_READING; 411d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *ok = 0; 412d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return bytes_read; 413d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 4144139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_num += bytes_read; 415d9e397b599b13d642138480a28c14db7a136bf0Adam Langley n -= bytes_read; 416d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 417d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 418d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Feed this message into MAC computation. */ 4194139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (hash_message == ssl_hash_message && !ssl3_hash_current_message(ssl)) { 420e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley goto err; 421d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 4224139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->msg_callback) { 4234139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->msg_callback(0, ssl->version, SSL3_RT_HANDSHAKE, ssl->init_buf->data, 4244139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley (size_t)ssl->init_num + 4, ssl, ssl->msg_callback_arg); 425d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 426d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *ok = 1; 4274139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley return ssl->init_num; 428d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 429d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyf_err: 4304139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl3_send_alert(ssl, SSL3_AL_FATAL, al); 431d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 432d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyerr: 433d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *ok = 0; 434d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return -1; 435d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 436d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 4374139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langleyint ssl3_hash_current_message(SSL *ssl) { 438d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* The handshake header (different size between DTLS and TLS) is included in 439d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the hash. */ 4404139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley size_t header_len = ssl->init_msg - (uint8_t *)ssl->init_buf->data; 4414139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley return ssl3_update_handshake_hash(ssl, (uint8_t *)ssl->init_buf->data, 4424139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->init_num + header_len); 443d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 444d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 445d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl3_cert_verify_hash is documented as needing EVP_MAX_MD_SIZE because that 446d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * is sufficient pre-TLS1.2 as well. */ 447d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_COMPILE_ASSERT(EVP_MAX_MD_SIZE > MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, 448d9e397b599b13d642138480a28c14db7a136bf0Adam Langley combined_tls_hash_fits_in_max); 449d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 4504139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langleyint ssl3_cert_verify_hash(SSL *ssl, uint8_t *out, size_t *out_len, 451b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root const EVP_MD **out_md, int pkey_type) { 452d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* For TLS v1.2 send signature algorithm and signature using 453d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * agreed digest and cached handshake records. Otherwise, use 454d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SHA1 or MD5 + SHA1 depending on key type. */ 4554139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (SSL_USE_SIGALGS(ssl)) { 456d9e397b599b13d642138480a28c14db7a136bf0Adam Langley EVP_MD_CTX mctx; 457d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned len; 458d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 459d9e397b599b13d642138480a28c14db7a136bf0Adam Langley EVP_MD_CTX_init(&mctx); 460d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (!EVP_DigestInit_ex(&mctx, *out_md, NULL) || 4614139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley !EVP_DigestUpdate(&mctx, ssl->s3->handshake_buffer->data, 4624139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->s3->handshake_buffer->length) || 463d9e397b599b13d642138480a28c14db7a136bf0Adam Langley !EVP_DigestFinal(&mctx, out, &len)) { 464b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root OPENSSL_PUT_ERROR(SSL, ERR_R_EVP_LIB); 465d9e397b599b13d642138480a28c14db7a136bf0Adam Langley EVP_MD_CTX_cleanup(&mctx); 466d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 0; 467d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 468d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *out_len = len; 469b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root } else if (pkey_type == EVP_PKEY_RSA) { 4704139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->enc_method->cert_verify_mac(ssl, NID_md5, out) == 0 || 4714139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley ssl->enc_method->cert_verify_mac(ssl, NID_sha1, 4724139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley out + MD5_DIGEST_LENGTH) == 0) { 473d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 0; 474d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 475d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *out_len = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH; 476d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *out_md = EVP_md5_sha1(); 477b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root } else if (pkey_type == EVP_PKEY_EC) { 4784139edb02e59e7ad48e0a8f4c02e45923bc8a344Adam Langley if (ssl->enc_method->cert_verify_mac(ssl, NID_sha1, out) == 0) { 479d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 0; 480d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 481d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *out_len = SHA_DIGEST_LENGTH; 482d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *out_md = EVP_sha1(); 483d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } else { 484b8494591d1b1a143f3b192d845c238bbf3bc629dKenny Root OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 485d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 0; 486d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 487d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 488d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 1; 489d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 490d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 491d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_verify_alarm_type(long type) { 492d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int al; 493d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 494d9e397b599b13d642138480a28c14db7a136bf0Adam Langley switch (type) { 495d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 496d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_UNABLE_TO_GET_CRL: 497d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 498d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_UNKNOWN_CA; 499d9e397b599b13d642138480a28c14db7a136bf0Adam Langley break; 500d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 501d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 502d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 503d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: 504d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 505d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 506d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: 507d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: 508d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_CERT_NOT_YET_VALID: 509d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_CRL_NOT_YET_VALID: 510d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_CERT_UNTRUSTED: 511d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_CERT_REJECTED: 512d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_BAD_CERTIFICATE; 513d9e397b599b13d642138480a28c14db7a136bf0Adam Langley break; 514d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 515d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_CERT_SIGNATURE_FAILURE: 516d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_CRL_SIGNATURE_FAILURE: 517d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_DECRYPT_ERROR; 518d9e397b599b13d642138480a28c14db7a136bf0Adam Langley break; 519d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 520d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_CERT_HAS_EXPIRED: 521d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_CRL_HAS_EXPIRED: 522d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_CERTIFICATE_EXPIRED; 523d9e397b599b13d642138480a28c14db7a136bf0Adam Langley break; 524d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 525d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_CERT_REVOKED: 526d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_CERTIFICATE_REVOKED; 527d9e397b599b13d642138480a28c14db7a136bf0Adam Langley break; 528d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 529d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_OUT_OF_MEM: 530d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_INTERNAL_ERROR; 531d9e397b599b13d642138480a28c14db7a136bf0Adam Langley break; 532d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 533d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 534d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 535d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 536d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: 537d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_CERT_CHAIN_TOO_LONG: 538d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_PATH_LENGTH_EXCEEDED: 539d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_INVALID_CA: 540d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_UNKNOWN_CA; 541d9e397b599b13d642138480a28c14db7a136bf0Adam Langley break; 542d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 543d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_APPLICATION_VERIFICATION: 544d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_HANDSHAKE_FAILURE; 545d9e397b599b13d642138480a28c14db7a136bf0Adam Langley break; 546d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 547d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case X509_V_ERR_INVALID_PURPOSE: 548d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_UNSUPPORTED_CERTIFICATE; 549d9e397b599b13d642138480a28c14db7a136bf0Adam Langley break; 550d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 551d9e397b599b13d642138480a28c14db7a136bf0Adam Langley default: 552d9e397b599b13d642138480a28c14db7a136bf0Adam Langley al = SSL_AD_CERTIFICATE_UNKNOWN; 553d9e397b599b13d642138480a28c14db7a136bf0Adam Langley break; 554d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 555d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 556d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return al; 557d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 558d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 559f4e427204234da139fd0585def4b4e22502e33f0Adam Langleyint ssl_fill_hello_random(uint8_t *out, size_t len, int is_server) { 560f4e427204234da139fd0585def4b4e22502e33f0Adam Langley if (is_server) { 561d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const uint32_t current_time = time(NULL); 562f4e427204234da139fd0585def4b4e22502e33f0Adam Langley uint8_t *p = out; 563d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 564d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (len < 4) { 565d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return 0; 566d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 567d9e397b599b13d642138480a28c14db7a136bf0Adam Langley p[0] = current_time >> 24; 568d9e397b599b13d642138480a28c14db7a136bf0Adam Langley p[1] = current_time >> 16; 569d9e397b599b13d642138480a28c14db7a136bf0Adam Langley p[2] = current_time >> 8; 570d9e397b599b13d642138480a28c14db7a136bf0Adam Langley p[3] = current_time; 571d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return RAND_bytes(p + 4, len - 4); 572d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } else { 573f4e427204234da139fd0585def4b4e22502e33f0Adam Langley return RAND_bytes(out, len); 574d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 575d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 576