#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/rand.h>
-#ifdef KSSL_DEBUG
-#include <openssl/des.h>
-#endif
/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
*
enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
}
-#ifdef KSSL_DEBUG
- printf("dtls1_enc(%d)\n", send);
-#endif /* KSSL_DEBUG */
if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
memmove(rec->data, rec->input, rec->length);
rec->length += i;
}
-#ifdef KSSL_DEBUG
- {
- unsigned long ui;
- printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
- ds, rec->data, rec->input, l);
- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
- ds->buf_len, ds->cipher->key_len,
- DES_KEY_SZ, DES_SCHEDULE_SZ,
- ds->cipher->iv_len);
- printf("\t\tIV: ");
- for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
- printf("\n");
- printf("\trec->input=");
- for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
if (!send) {
if (l == 0 || l % bs != 0)
EVP_Cipher(ds, rec->data, rec->input, l);
-#ifdef KSSL_DEBUG
- {
- unsigned long i;
- printf("\trec->data=");
- for (i = 0; i < l; i++)
- printf(" %02x", rec->data[i]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
if ((bs != 1) && !send)
return tls1_cbc_remove_padding(s, rec, bs, mac_size);
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
? 0 : 1;
-#ifdef KSSL_DEBUG
- printf("pkey, x = %p, %p\n", pkey, x);
- printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey));
- printf("cipher, alg, nc = %s, %lx, %lx, %d\n",
- s->s3->tmp.new_cipher->name, s->s3->tmp.new_cipher->algorithm_mkey,
- s->s3->tmp.new_cipher->algorithm_auth, need_cert);
-#endif /* KSSL_DEBUG */
if (need_cert && ((pkey == NULL) ||
EVP_PKEY_missing_parameters(pkey))) {
emask_k = cert->export_mask_k;
emask_a = cert->export_mask_a;
-#ifdef KSSL_DEBUG
-/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
-#endif /* KSSL_DEBUG */
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/rand.h>
-#ifdef KSSL_DEBUG
-#include <openssl/des.h>
-#endif
/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
*
enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
}
-#ifdef KSSL_DEBUG
- printf("dtls1_enc(%d)\n", send);
-#endif /* KSSL_DEBUG */
if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
memmove(rec->data, rec->input, rec->length);
rec->length += i;
}
-#ifdef KSSL_DEBUG
- {
- unsigned long ui;
- printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
- ds, rec->data, rec->input, l);
- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
- ds->buf_len, ds->cipher->key_len,
- DES_KEY_SZ, DES_SCHEDULE_SZ,
- ds->cipher->iv_len);
- printf("\t\tIV: ");
- for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
- printf("\n");
- printf("\trec->input=");
- for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
if (!send) {
if (l == 0 || l % bs != 0)
EVP_Cipher(ds, rec->data, rec->input, l);
-#ifdef KSSL_DEBUG
- {
- unsigned long i;
- printf("\trec->data=");
- for (i = 0; i < l; i++)
- printf(" %02x", rec->data[i]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
if ((bs != 1) && !send)
return tls1_cbc_remove_padding(s, rec, bs, mac_size);
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
? 0 : 1;
-#ifdef KSSL_DEBUG
- printf("pkey, x = %p, %p\n", pkey, x);
- printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey));
- printf("cipher, alg, nc = %s, %lx, %lx, %d\n",
- s->s3->tmp.new_cipher->name, s->s3->tmp.new_cipher->algorithm_mkey,
- s->s3->tmp.new_cipher->algorithm_auth, need_cert);
-#endif /* KSSL_DEBUG */
if (need_cert && ((pkey == NULL) ||
EVP_PKEY_missing_parameters(pkey))) {
emask_k = cert->export_mask_k;
emask_a = cert->export_mask_a;
-#ifdef KSSL_DEBUG
-/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
-#endif /* KSSL_DEBUG */
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0;
co_list_num++;
-#ifdef KSSL_DEBUG
- printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth);
-#endif /* KSSL_DEBUG */
/*
if (!sk_push(ca_list,(char *)c)) goto err;
*/
* it is used for allocation.
*/
num_of_ciphers = ssl_method->num_ciphers();
-#ifdef KSSL_DEBUG
- printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
-#endif /* KSSL_DEBUG */
co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER));
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
const char *ver, *exp_str;
const char *kx, *au, *enc, *mac;
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
-#ifdef KSSL_DEBUG
- static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
-#else
static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-#endif /* KSSL_DEBUG */
alg_mkey = cipher->algorithm_mkey;
alg_auth = cipher->algorithm_auth;
} else if (len < 128)
return("Buffer too small");
-#ifdef KSSL_DEBUG
- l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl);
-#else
l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str);
-#endif /* KSSL_DEBUG */
if (l >= len || l == -1)
return("Buffer too small");
else
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/rand.h>
-#ifdef KSSL_DEBUG
-#include <openssl/des.h>
-#endif
/* seed1 through seed5 are virtually concatenated */
static int
NULL, 0, NULL, 0,
s->session->master_key, s->session->master_key_length,
km, tmp, num);
-#ifdef KSSL_DEBUG
- printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
- s->session->master_key_length);
- {
- int i;
- for (i = 0; i < s->session->master_key_length; i++) {
- printf("%02X", s->session->master_key[i]);
- }
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
return ret;
}
comp = s->s3->tmp.new_compression;
#endif
-#ifdef KSSL_DEBUG
- printf("tls1_change_cipher_state(which= %d) w/\n", which);
- printf("\talg= %ld/%ld, comp= %p\n",
- s->s3->tmp.new_cipher->algorithm_mkey,
- s->s3->tmp.new_cipher->algorithm_auth,
- comp);
- printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
- printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
- c->nid, c->block_size, c->key_len, c->iv_len);
- printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
- {
- int i;
- for (i = 0; i < s->s3->tmp.key_block_length; i++)
- printf("%02x", s->s3->tmp.key_block[i]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
if (which & SSL3_CC_READ) {
if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
}
}
-#ifdef KSSL_DEBUG
- {
- int i;
- printf("EVP_CipherInit_ex(dd, c, key=, iv=, which)\n");
- printf("\tkey= "); for (i = 0; i<c->key_len; i++) printf("%02x", key[i]);
- printf("\n");
- printf("\t iv= "); for (i = 0; i<c->iv_len; i++) printf("%02x", iv[i]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE));
int mac_type = NID_undef, mac_secret_size = 0;
int ret = 0;
-#ifdef KSSL_DEBUG
- printf ("tls1_setup_key_block()\n");
-#endif /* KSSL_DEBUG */
if (s->s3->tmp.key_block_length != 0)
return (1);
enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
}
-#ifdef KSSL_DEBUG
- printf("tls1_enc(%d)\n", send);
-#endif /* KSSL_DEBUG */
if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
memmove(rec->data, rec->input, rec->length);
rec->length += i;
}
-#ifdef KSSL_DEBUG
- {
- unsigned long ui;
- printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
- ds, rec->data, rec->input, l);
- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
- ds->buf_len, ds->cipher->key_len,
- DES_KEY_SZ, DES_SCHEDULE_SZ,
- ds->cipher->iv_len);
- printf("\t\tIV: ");
- for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
- printf("\n");
- printf("\trec->input=");
- for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
if (!send) {
if (l == 0 || l % bs != 0)
rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
}
-#ifdef KSSL_DEBUG
- {
- unsigned long i;
- printf("\trec->data=");
- for (i = 0; i < l; i++)
- printf(" %02x", rec->data[i]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
ret = 1;
if (EVP_MD_CTX_md(s->read_hash) != NULL)
int col = 0, sol = 0;
-#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p, len);
-#endif /* KSSL_DEBUG */
#ifdef TLSEXT_TYPE_opaque_prf_input
if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
#endif
-#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret() complete\n");
-#endif /* KSSL_DEBUG */
return (SSL3_MASTER_SECRET_SIZE);
}
size_t vallen, currentvalpos;
int rv;
-#ifdef KSSL_DEBUG
- printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen);
-#endif /* KSSL_DEBUG */
buff = malloc(olen);
if (buff == NULL)
s->session->master_key, s->session->master_key_length,
out, buff, olen);
-#ifdef KSSL_DEBUG
- printf ("tls1_export_keying_material() complete\n");
-#endif /* KSSL_DEBUG */
goto ret;
err1:
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0;
co_list_num++;
-#ifdef KSSL_DEBUG
- printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth);
-#endif /* KSSL_DEBUG */
/*
if (!sk_push(ca_list,(char *)c)) goto err;
*/
* it is used for allocation.
*/
num_of_ciphers = ssl_method->num_ciphers();
-#ifdef KSSL_DEBUG
- printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
-#endif /* KSSL_DEBUG */
co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER));
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
const char *ver, *exp_str;
const char *kx, *au, *enc, *mac;
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
-#ifdef KSSL_DEBUG
- static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
-#else
static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-#endif /* KSSL_DEBUG */
alg_mkey = cipher->algorithm_mkey;
alg_auth = cipher->algorithm_auth;
} else if (len < 128)
return("Buffer too small");
-#ifdef KSSL_DEBUG
- l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl);
-#else
l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str);
-#endif /* KSSL_DEBUG */
if (l >= len || l == -1)
return("Buffer too small");
else
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/rand.h>
-#ifdef KSSL_DEBUG
-#include <openssl/des.h>
-#endif
/* seed1 through seed5 are virtually concatenated */
static int
NULL, 0, NULL, 0,
s->session->master_key, s->session->master_key_length,
km, tmp, num);
-#ifdef KSSL_DEBUG
- printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
- s->session->master_key_length);
- {
- int i;
- for (i = 0; i < s->session->master_key_length; i++) {
- printf("%02X", s->session->master_key[i]);
- }
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
return ret;
}
comp = s->s3->tmp.new_compression;
#endif
-#ifdef KSSL_DEBUG
- printf("tls1_change_cipher_state(which= %d) w/\n", which);
- printf("\talg= %ld/%ld, comp= %p\n",
- s->s3->tmp.new_cipher->algorithm_mkey,
- s->s3->tmp.new_cipher->algorithm_auth,
- comp);
- printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
- printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
- c->nid, c->block_size, c->key_len, c->iv_len);
- printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
- {
- int i;
- for (i = 0; i < s->s3->tmp.key_block_length; i++)
- printf("%02x", s->s3->tmp.key_block[i]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
if (which & SSL3_CC_READ) {
if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
}
}
-#ifdef KSSL_DEBUG
- {
- int i;
- printf("EVP_CipherInit_ex(dd, c, key=, iv=, which)\n");
- printf("\tkey= "); for (i = 0; i<c->key_len; i++) printf("%02x", key[i]);
- printf("\n");
- printf("\t iv= "); for (i = 0; i<c->iv_len; i++) printf("%02x", iv[i]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE));
int mac_type = NID_undef, mac_secret_size = 0;
int ret = 0;
-#ifdef KSSL_DEBUG
- printf ("tls1_setup_key_block()\n");
-#endif /* KSSL_DEBUG */
if (s->s3->tmp.key_block_length != 0)
return (1);
enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
}
-#ifdef KSSL_DEBUG
- printf("tls1_enc(%d)\n", send);
-#endif /* KSSL_DEBUG */
if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
memmove(rec->data, rec->input, rec->length);
rec->length += i;
}
-#ifdef KSSL_DEBUG
- {
- unsigned long ui;
- printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
- ds, rec->data, rec->input, l);
- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
- ds->buf_len, ds->cipher->key_len,
- DES_KEY_SZ, DES_SCHEDULE_SZ,
- ds->cipher->iv_len);
- printf("\t\tIV: ");
- for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
- printf("\n");
- printf("\trec->input=");
- for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
if (!send) {
if (l == 0 || l % bs != 0)
rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
}
-#ifdef KSSL_DEBUG
- {
- unsigned long i;
- printf("\trec->data=");
- for (i = 0; i < l; i++)
- printf(" %02x", rec->data[i]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
ret = 1;
if (EVP_MD_CTX_md(s->read_hash) != NULL)
int col = 0, sol = 0;
-#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p, len);
-#endif /* KSSL_DEBUG */
#ifdef TLSEXT_TYPE_opaque_prf_input
if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
#endif
-#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret() complete\n");
-#endif /* KSSL_DEBUG */
return (SSL3_MASTER_SECRET_SIZE);
}
size_t vallen, currentvalpos;
int rv;
-#ifdef KSSL_DEBUG
- printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen);
-#endif /* KSSL_DEBUG */
buff = malloc(olen);
if (buff == NULL)
s->session->master_key, s->session->master_key_length,
out, buff, olen);
-#ifdef KSSL_DEBUG
- printf ("tls1_export_keying_material() complete\n");
-#endif /* KSSL_DEBUG */
goto ret;
err1:
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
projects / openbsd / commitdiff