X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=sidebyside;f=ssl%2Fs3_lib.c;h=524f5308f3d123ceabda55c63d4d5a8a29eaa968;hb=baae2cbc92accf4fa53a7b8faaf3df1153c943f5;hp=8925717a62ca3297fd645ef32d3e9efa7255d1d9;hpb=a230b26e0959dc5f072fbbdadcc9ed45e904c50c;p=oweals%2Fopenssl.git diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8925717a62..524f5308f3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -57,7 +57,7 @@ #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) /* - * The list of available ciphers, organized into the following + * The list of available ciphers, mostly organized into the following * groups: * Always there * EC @@ -97,6 +97,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, @@ -107,7 +108,7 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_MEDIUM | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -137,7 +138,7 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_MEDIUM | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -157,6 +158,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +#endif { 1, TLS1_TXT_RSA_WITH_AES_128_SHA, @@ -832,6 +834,21 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, + { + 1, + TLS1_3_TXT_AES_128_GCM_SHA256, + TLS1_3_CK_AES_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, #ifndef OPENSSL_NO_EC { @@ -849,6 +866,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, @@ -859,11 +877,12 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_MEDIUM | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, +# endif { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, @@ -909,6 +928,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, @@ -919,11 +939,12 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_MEDIUM | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, +# endif { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, @@ -969,6 +990,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, @@ -984,6 +1006,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +# endif { 1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, @@ -1182,6 +1205,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, @@ -1192,11 +1216,12 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_MEDIUM | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, +# endif { 1, TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, @@ -1227,6 +1252,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, @@ -1237,11 +1263,12 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_MEDIUM | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, +# endif { 1, TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, @@ -1272,6 +1299,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, @@ -1282,11 +1310,12 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_MEDIUM | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, +# endif { 1, TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, @@ -1588,6 +1617,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, }, # ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, @@ -1598,11 +1628,12 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_MEDIUM | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, +# endif { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, @@ -1712,6 +1743,7 @@ static SSL_CIPHER ssl3_ciphers[] = { #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, @@ -1722,7 +1754,7 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -1737,7 +1769,7 @@ static SSL_CIPHER ssl3_ciphers[] = { SSL_SHA1, SSL3_VERSION, TLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, - SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -1757,6 +1789,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +# endif { 1, TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, @@ -2723,7 +2756,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { ssl3_generate_master_secret, ssl3_change_cipher_state, ssl3_final_finish_mac, - MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, SSL3_MD_CLIENT_FINISHED_CONST, 4, SSL3_MD_SERVER_FINISHED_CONST, 4, ssl3_alert_code, @@ -2731,8 +2763,8 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { size_t, const unsigned char *, size_t, int use_context))ssl_undefined_function, 0, - SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, + tls_close_construct_packet, ssl3_handshake_write }; @@ -2758,13 +2790,16 @@ const SSL_CIPHER *ssl3_get_cipher(unsigned int u) return (NULL); } -int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) +int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype) { - unsigned char *p = (unsigned char *)s->init_buf->data; - *(p++) = htype; - l2n3(len, p); - s->init_num = (int)len + SSL3_HM_HEADER_LENGTH; - s->init_off = 0; + /* No header in the event of a CCS */ + if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) + return 1; + + /* Set the content type and 3 bytes for the message len */ + if (!WPACKET_put_bytes_u8(pkt, htype) + || !WPACKET_start_sub_packet_u24(pkt)) + return 0; return 1; } @@ -2934,8 +2969,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, &nid, 1); } break; @@ -3000,7 +3035,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: *(unsigned char **)parg = s->tlsext_ocsp_resp; - return s->tlsext_ocsp_resplen; + if (s->tlsext_ocsp_resplen == 0 + || s->tlsext_ocsp_resplen > LONG_MAX) + return -1; + return (long)s->tlsext_ocsp_resplen; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: OPENSSL_free(s->tlsext_ocsp_resp); @@ -3011,23 +3049,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_HEARTBEATS case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT: - if (SSL_IS_DTLS(s)) - ret = dtls1_heartbeat(s); - break; - case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING: - if (SSL_IS_DTLS(s)) - ret = s->tlsext_hb_pending; - break; - case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS: - if (SSL_IS_DTLS(s)) { - if (larg) - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS; - else - s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS; - ret = 1; - } break; #endif @@ -3074,20 +3097,21 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl_cert_set_current(s->cert, larg); #ifndef OPENSSL_NO_EC - case SSL_CTRL_GET_CURVES: + case SSL_CTRL_GET_GROUPS: { unsigned char *clist; size_t clistlen; if (!s->session) return 0; - clist = s->session->tlsext_ellipticcurvelist; - clistlen = s->session->tlsext_ellipticcurvelist_length / 2; + clist = s->session->tlsext_supportedgroupslist; + clistlen = s->session->tlsext_supportedgroupslist_length / 2; if (parg) { size_t i; int *cptr = parg; unsigned int cid, nid; for (i = 0; i < clistlen; i++) { n2s(clist, cid); + /* TODO(TLS1.3): Handle DH groups here */ nid = tls1_ec_curve_id2nid(cid, NULL); if (nid != 0) cptr[i] = nid; @@ -3098,16 +3122,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (int)clistlen; } - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, parg, larg); + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, parg, larg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, parg); + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, parg); - case SSL_CTRL_GET_SHARED_CURVE: - return tls1_shared_curve(s, larg); + case SSL_CTRL_GET_SHARED_GROUP: + return tls1_shared_group(s, larg); #endif case SSL_CTRL_SET_SIGALGS: @@ -3282,8 +3306,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, &nid, 1); } /* break; */ @@ -3379,14 +3403,14 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) #endif #ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, parg, larg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, parg); #endif case SSL_CTRL_SET_SIGALGS: @@ -3535,18 +3559,18 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) return cp; } -int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) +int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) { - long l; - - if (p != NULL) { - l = c->id; - if ((l & 0xff000000) != 0x03000000) - return (0); - p[0] = ((unsigned char)(l >> 8L)) & 0xFF; - p[1] = ((unsigned char)(l)) & 0xFF; + if ((c->id & 0xff000000) != 0x03000000) { + *len = 0; + return 1; } - return (2); + + if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff)) + return 0; + + *len = 2; + return 1; } /* @@ -3672,15 +3696,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, return (ret); } -int ssl3_get_req_cert_type(SSL *s, unsigned char *p) +int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) { - int ret = 0; uint32_t alg_k, alg_a = 0; /* If we have custom certificate types set, use them */ if (s->cert->ctypes) { - memcpy(p, s->cert->ctypes, s->cert->ctype_num); - return (int)s->cert->ctype_num; + return WPACKET_memcpy(pkt, s->cert->ctypes, s->cert->ctype_num); } /* Get mask of algorithms disabled by signature list */ ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK); @@ -3688,45 +3710,43 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; #ifndef OPENSSL_NO_GOST - if (s->version >= TLS1_VERSION) { - if (alg_k & SSL_kGOST) { - p[ret++] = TLS_CT_GOST01_SIGN; - p[ret++] = TLS_CT_GOST12_SIGN; - p[ret++] = TLS_CT_GOST12_512_SIGN; - return (ret); - } - } + if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST)) + return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN) + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN) + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN); #endif if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { #ifndef OPENSSL_NO_DH # ifndef OPENSSL_NO_RSA - p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; + if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH)) + return 0; # endif # ifndef OPENSSL_NO_DSA - p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; + if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) + return 0; # endif #endif /* !OPENSSL_NO_DH */ } #ifndef OPENSSL_NO_RSA - if (!(alg_a & SSL_aRSA)) - p[ret++] = SSL3_CT_RSA_SIGN; + if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN)) + return 0; #endif #ifndef OPENSSL_NO_DSA - if (!(alg_a & SSL_aDSS)) - p[ret++] = SSL3_CT_DSS_SIGN; + if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN)) + return 0; #endif #ifndef OPENSSL_NO_EC /* * ECDSA certs can be used with RSA cipher suites too so we don't * need to check for SSL_kECDH or SSL_kECDHE */ - if (s->version >= TLS1_VERSION) { - if (!(alg_a & SSL_aECDSA)) - p[ret++] = TLS_CT_ECDSA_SIGN; - } + if (s->version >= TLS1_VERSION + && !(alg_a & SSL_aECDSA) + && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN)) + return 0; #endif - return (ret); + return 1; } static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) @@ -3779,12 +3799,13 @@ int ssl3_shutdown(SSL *s) return (ret); } } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + size_t readbytes; /* * If we are waiting for a close from our peer, we are closed */ - s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0); + s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes); if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return (-1); /* return WANT_READ */ + return -1; /* return WANT_READ */ } } @@ -3795,16 +3816,18 @@ int ssl3_shutdown(SSL *s) return (0); } -int ssl3_write(SSL *s, const void *buf, int len) +int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written) { clear_sys_error(); if (s->s3->renegotiate) ssl3_renegotiate_check(s); - return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len); + return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, + written); } -static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) +static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, + size_t *readbytes) { int ret; @@ -3814,7 +3837,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) s->s3->in_read_app_data = 1; ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, - peek); + peek, readbytes); if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->handshake_func, which called @@ -3826,22 +3849,22 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) ossl_statem_set_in_handshake(s, 1); ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, - len, peek); + len, peek, readbytes); ossl_statem_set_in_handshake(s, 0); } else s->s3->in_read_app_data = 0; - return (ret); + return ret; } -int ssl3_read(SSL *s, void *buf, int len) +int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes) { - return ssl3_read_internal(s, buf, len, 0); + return ssl3_read_internal(s, buf, len, 0, readbytes); } -int ssl3_peek(SSL *s, void *buf, int len) +int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes) { - return ssl3_read_internal(s, buf, len, 1); + return ssl3_read_internal(s, buf, len, 1, readbytes); } int ssl3_renegotiate(SSL *s) @@ -3905,7 +3928,7 @@ long ssl_get_algorithm2(SSL *s) * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on * failure, 1 on success. */ -int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) +int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len) { int send_time = 0; @@ -3919,15 +3942,18 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) unsigned long Time = (unsigned long)time(NULL); unsigned char *p = result; l2n(Time, p); - return RAND_bytes(p, len - 4); + /* TODO(size_t): Convert this */ + return RAND_bytes(p, (int)(len - 4)); } else - return RAND_bytes(result, len); + return RAND_bytes(result, (int)len); } int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms) { unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + int ret = 0; + if (alg_k & SSL_PSK) { #ifndef OPENSSL_NO_PSK unsigned char *pskpms, *t; @@ -3942,10 +3968,8 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, pskpmslen = 4 + pmslen + psklen; pskpms = OPENSSL_malloc(pskpmslen); - if (pskpms == NULL) { - s->session->master_key_length = 0; + if (pskpms == NULL) goto err; - } t = pskpms; s2n(pmslen, t); if (alg_k & SSL_kPSK) @@ -3958,23 +3982,23 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, OPENSSL_clear_free(s->s3->tmp.psk, psklen); s->s3->tmp.psk = NULL; - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - pskpms, pskpmslen); + if (!s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key,pskpms, pskpmslen, + &s->session->master_key_length)) + goto err; OPENSSL_clear_free(pskpms, pskpmslen); #else /* Should never happen */ - s->session->master_key_length = 0; goto err; #endif } else { - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - pms, pmslen); + if (!s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, pms, pmslen, + &s->session->master_key_length)) + goto err; } + ret = 1; err: if (pms) { if (free_pms) @@ -3984,7 +4008,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, } if (s->server == 0) s->s3->tmp.pms = NULL; - return s->session->master_key_length >= 0; + return ret; } /* Generate a private key from parameters */ @@ -4043,8 +4067,8 @@ EVP_PKEY *ssl_generate_pkey_curve(int id) } #endif -/* Derive premaster or master secret for ECDH/DH */ -int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey) +/* Derive secrets for ECDH/DH */ +int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) { int rv = 0; unsigned char *pms = NULL; @@ -4069,12 +4093,23 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey) if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) goto err; - if (s->server) { - /* For server generate master secret and discard premaster */ - rv = ssl_generate_master_secret(s, pms, pmslen, 1); + if (gensecret) { + if (SSL_IS_TLS13(s)) { + /* + * TODO(TLS1.3): For now we just use the default early_secret, this + * will need to change later when other early_secrets will be + * possible. + */ + rv = tls13_generate_early_secret(s, NULL, 0) + && tls13_generate_handshake_secret(s, pms, pmslen); + OPENSSL_free(pms); + } else { + /* Generate master secret and discard premaster */ + rv = ssl_generate_master_secret(s, pms, pmslen, 1); + } pms = NULL; } else { - /* For client just save premaster secret */ + /* Save premaster secret */ s->s3->tmp.pms = pms; s->s3->tmp.pmslen = pmslen; pms = NULL;