+#include <openssl/evp.h>
+#include <openssl/md5.h>
+
+static const unsigned char ssl3_pad_1[48] = {
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+};
+
+static const unsigned char ssl3_pad_2[48] = {
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
+};
+
+static int ssl3_handshake_mac(SSL *s, int md_nid,
+ const char *sender, int len, unsigned char *p);
+static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
+{
+ EVP_MD_CTX m5;
+ EVP_MD_CTX s1;
+ unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
+ unsigned char c = 'A';
+ unsigned int i, j, k;
+
+#ifdef CHARSET_EBCDIC
+ c = os_toascii[c]; /* 'A' in ASCII */
+#endif
+ k = 0;
+ EVP_MD_CTX_init(&m5);
+ EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_MD_CTX_init(&s1);
+ for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
+ k++;
+ if (k > sizeof buf) {
+ /* bug: 'buf' is too small for this ciphersuite */
+ SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ for (j = 0; j < k; j++)
+ buf[j] = c;
+ c++;
+ EVP_DigestInit_ex(&s1, EVP_sha1(), NULL);
+ EVP_DigestUpdate(&s1, buf, k);
+ EVP_DigestUpdate(&s1, s->session->master_key,
+ s->session->master_key_length);
+ EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE);
+ EVP_DigestFinal_ex(&s1, smd, NULL);
+
+ EVP_DigestInit_ex(&m5, EVP_md5(), NULL);
+ EVP_DigestUpdate(&m5, s->session->master_key,
+ s->session->master_key_length);
+ EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH);
+ if ((int)(i + MD5_DIGEST_LENGTH) > num) {
+ EVP_DigestFinal_ex(&m5, smd, NULL);
+ memcpy(km, smd, (num - i));
+ } else
+ EVP_DigestFinal_ex(&m5, km, NULL);
+
+ km += MD5_DIGEST_LENGTH;
+ }
+ OPENSSL_cleanse(smd, sizeof(smd));
+ EVP_MD_CTX_cleanup(&m5);
+ EVP_MD_CTX_cleanup(&s1);
+ return 1;
+}