diff options
author | jsing <jsing@openbsd.org> | 2015-09-11 17:54:23 +0000 |
---|---|---|
committer | jsing <jsing@openbsd.org> | 2015-09-11 17:54:23 +0000 |
commit | 99a27067a2c18161a2fc08c765a23302322404c4 (patch) | |
tree | 484011f8bc169480ee286c3f5dc0fcbb8965969f /lib/libssl/t1_enc.c | |
parent | Hoist all the GPT header checks into gpt_chk_header(). Tweak remaining (diff) | |
download | wireguard-openbsd-99a27067a2c18161a2fc08c765a23302322404c4.tar.xz wireguard-openbsd-99a27067a2c18161a2fc08c765a23302322404c4.zip |
Merge the remnants of s3_enc.c into t1_enc.c.
ok beck@
Diffstat (limited to 'lib/libssl/t1_enc.c')
-rw-r--r-- | lib/libssl/t1_enc.c | 124 |
1 files changed, 123 insertions, 1 deletions
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 5d2b8eaf896..892fc317961 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.81 2015/09/10 15:56:26 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.82 2015/09/11 17:54:23 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -143,6 +143,128 @@ #include <openssl/hmac.h> #include <openssl/md5.h> +void +ssl3_cleanup_key_block(SSL *s) +{ + if (s->s3->tmp.key_block != NULL) { + explicit_bzero(s->s3->tmp.key_block, + s->s3->tmp.key_block_length); + free(s->s3->tmp.key_block); + s->s3->tmp.key_block = NULL; + } + s->s3->tmp.key_block_length = 0; +} + +int +ssl3_init_finished_mac(SSL *s) +{ + BIO_free(s->s3->handshake_buffer); + ssl3_free_digest_list(s); + + s->s3->handshake_buffer = BIO_new(BIO_s_mem()); + if (s->s3->handshake_buffer == NULL) + return (0); + + (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); + + return (1); +} + +void +ssl3_free_digest_list(SSL *s) +{ + int i; + + if (s == NULL) + return; + + if (s->s3->handshake_dgst == NULL) + return; + for (i = 0; i < SSL_MAX_DIGEST; i++) { + if (s->s3->handshake_dgst[i]) + EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]); + } + free(s->s3->handshake_dgst); + s->s3->handshake_dgst = NULL; +} + +void +ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) +{ + if (s->s3->handshake_buffer && + !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { + BIO_write(s->s3->handshake_buffer, (void *)buf, len); + } else { + int i; + for (i = 0; i < SSL_MAX_DIGEST; i++) { + if (s->s3->handshake_dgst[i]!= NULL) + EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len); + } + } +} + +int +ssl3_digest_cached_records(SSL *s) +{ + int i; + long mask; + const EVP_MD *md; + long hdatalen; + void *hdata; + + ssl3_free_digest_list(s); + + s->s3->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *)); + if (s->s3->handshake_dgst == NULL) { + SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); + return 0; + } + hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); + if (hdatalen <= 0) { + SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, + SSL_R_BAD_HANDSHAKE_LENGTH); + return 0; + } + + /* Loop through bits of the algorithm2 field and create MD contexts. */ + for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { + if ((mask & ssl_get_algorithm2(s)) && md) { + s->s3->handshake_dgst[i] = EVP_MD_CTX_create(); + if (s->s3->handshake_dgst[i] == NULL) { + SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, + ERR_R_MALLOC_FAILURE); + return 0; + } + if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], + md, NULL)) { + EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]); + return 0; + } + if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, + hdatalen)) + return 0; + } + } + + if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { + BIO_free(s->s3->handshake_buffer); + s->s3->handshake_buffer = NULL; + } + + return 1; +} + +void +ssl3_record_sequence_increment(unsigned char *seq) +{ + int i; + + for (i = SSL3_SEQUENCE_SIZE - 1; i >= 0; i--) { + if (++seq[i] != 0) + break; + } +} + /* seed1 through seed5 are virtually concatenated */ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, |