Lines Matching refs:s
25 static int tls1_PRF(SSL *s, in tls1_PRF() argument
34 const EVP_MD *md = ssl_prf_md(s); in tls1_PRF()
43 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls1_PRF()
48 kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_PRF, s->ctx->propq); in tls1_PRF()
79 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls1_PRF()
86 static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) in tls1_generate_key_block() argument
91 ret = tls1_PRF(s, in tls1_generate_key_block()
93 TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3.server_random, in tls1_generate_key_block()
94 SSL3_RANDOM_SIZE, s->s3.client_random, SSL3_RANDOM_SIZE, in tls1_generate_key_block()
95 NULL, 0, NULL, 0, s->session->master_key, in tls1_generate_key_block()
96 s->session->master_key_length, km, num, 1); in tls1_generate_key_block()
101 int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, in tls_provider_set_tls_params() argument
119 && !s->ext.use_etm) in tls_provider_set_tls_params()
125 &s->version); in tls_provider_set_tls_params()
131 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls_provider_set_tls_params()
150 int tls1_change_cipher_state(SSL *s, int which) in tls1_change_cipher_state() argument
172 c = s->s3.tmp.new_sym_enc; in tls1_change_cipher_state()
173 m = s->s3.tmp.new_hash; in tls1_change_cipher_state()
174 mac_type = s->s3.tmp.new_mac_pkey_type; in tls1_change_cipher_state()
176 comp = s->s3.tmp.new_compression; in tls1_change_cipher_state()
180 if (s->ext.use_etm) in tls1_change_cipher_state()
181 s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; in tls1_change_cipher_state()
183 s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; in tls1_change_cipher_state()
185 if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) in tls1_change_cipher_state()
186 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; in tls1_change_cipher_state()
188 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; in tls1_change_cipher_state()
190 if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE) in tls1_change_cipher_state()
191 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE; in tls1_change_cipher_state()
193 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE; in tls1_change_cipher_state()
195 if (s->enc_read_ctx != NULL) { in tls1_change_cipher_state()
197 } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { in tls1_change_cipher_state()
198 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls1_change_cipher_state()
204 EVP_CIPHER_CTX_reset(s->enc_read_ctx); in tls1_change_cipher_state()
206 dd = s->enc_read_ctx; in tls1_change_cipher_state()
207 mac_ctx = ssl_replace_hash(&s->read_hash, NULL); in tls1_change_cipher_state()
209 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls1_change_cipher_state()
213 COMP_CTX_free(s->expand); in tls1_change_cipher_state()
214 s->expand = NULL; in tls1_change_cipher_state()
216 s->expand = COMP_CTX_new(comp->method); in tls1_change_cipher_state()
217 if (s->expand == NULL) { in tls1_change_cipher_state()
218 SSLfatal(s, SSL_AD_INTERNAL_ERROR, in tls1_change_cipher_state()
227 if (!SSL_IS_DTLS(s)) in tls1_change_cipher_state()
228 RECORD_LAYER_reset_read_sequence(&s->rlayer); in tls1_change_cipher_state()
229 mac_secret = &(s->s3.read_mac_secret[0]); in tls1_change_cipher_state()
230 mac_secret_size = &(s->s3.read_mac_secret_size); in tls1_change_cipher_state()
232 s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; in tls1_change_cipher_state()
233 if (s->ext.use_etm) in tls1_change_cipher_state()
234 s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; in tls1_change_cipher_state()
236 s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; in tls1_change_cipher_state()
238 if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) in tls1_change_cipher_state()
239 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; in tls1_change_cipher_state()
241 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; in tls1_change_cipher_state()
243 if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE) in tls1_change_cipher_state()
244 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_TLSTREE; in tls1_change_cipher_state()
246 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_TLSTREE; in tls1_change_cipher_state()
247 if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) { in tls1_change_cipher_state()
249 } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { in tls1_change_cipher_state()
250 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls1_change_cipher_state()
253 dd = s->enc_write_ctx; in tls1_change_cipher_state()
254 if (SSL_IS_DTLS(s)) { in tls1_change_cipher_state()
257 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls1_change_cipher_state()
260 s->write_hash = mac_ctx; in tls1_change_cipher_state()
262 mac_ctx = ssl_replace_hash(&s->write_hash, NULL); in tls1_change_cipher_state()
264 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls1_change_cipher_state()
269 COMP_CTX_free(s->compress); in tls1_change_cipher_state()
270 s->compress = NULL; in tls1_change_cipher_state()
272 s->compress = COMP_CTX_new(comp->method); in tls1_change_cipher_state()
273 if (s->compress == NULL) { in tls1_change_cipher_state()
274 SSLfatal(s, SSL_AD_INTERNAL_ERROR, in tls1_change_cipher_state()
283 if (!SSL_IS_DTLS(s)) in tls1_change_cipher_state()
284 RECORD_LAYER_reset_write_sequence(&s->rlayer); in tls1_change_cipher_state()
285 mac_secret = &(s->s3.write_mac_secret[0]); in tls1_change_cipher_state()
286 mac_secret_size = &(s->s3.write_mac_secret_size); in tls1_change_cipher_state()
292 p = s->s3.tmp.key_block; in tls1_change_cipher_state()
293 i = *mac_secret_size = s->s3.tmp.new_mac_secret_size; in tls1_change_cipher_state()
316 if (n > s->s3.tmp.key_block_length) { in tls1_change_cipher_state()
317 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls1_change_cipher_state()
325 mac_key = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", in tls1_change_cipher_state()
326 s->ctx->propq, mac_secret, in tls1_change_cipher_state()
339 s->ctx->libctx, s->ctx->propq, mac_key, in tls1_change_cipher_state()
342 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls1_change_cipher_state()
357 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls1_change_cipher_state()
362 if (s->s3.tmp. in tls1_change_cipher_state()
372 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls1_change_cipher_state()
377 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls1_change_cipher_state()
386 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls1_change_cipher_state()
395 && !tls_provider_set_tls_params(s, dd, c, m)) { in tls1_change_cipher_state()
401 if (s->compress || (s->options & SSL_OP_ENABLE_KTLS) == 0) in tls1_change_cipher_state()
405 if (ssl_get_max_send_fragment(s) != SSL3_RT_MAX_PLAIN_LENGTH) in tls1_change_cipher_state()
409 if (!ktls_check_supported_cipher(s, c, dd)) in tls1_change_cipher_state()
413 bio = s->wbio; in tls1_change_cipher_state()
415 bio = s->rbio; in tls1_change_cipher_state()
418 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); in tls1_change_cipher_state()
429 if ((BIO_get_ktls_send(s->wbio) && (which & SSL3_CC_WRITE)) || in tls1_change_cipher_state()
430 (BIO_get_ktls_recv(s->rbio) && (which & SSL3_CC_READ))) { in tls1_change_cipher_state()
431 SSLfatal(s, SSL_AD_NO_RENEGOTIATION, ERR_R_INTERNAL_ERROR); in tls1_change_cipher_state()
436 rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer); in tls1_change_cipher_state()
438 rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); in tls1_change_cipher_state()
440 if (!ktls_configure_crypto(s, c, dd, rl_sequence, &crypto_info, in tls1_change_cipher_state()
448 ssl3_release_write_buffer(s); in tls1_change_cipher_state()
449 SSL_set_options(s, SSL_OP_NO_RENEGOTIATION); in tls1_change_cipher_state()
454 s->statem.enc_write_state = ENC_WRITE_STATE_VALID; in tls1_change_cipher_state()
468 int tls1_setup_key_block(SSL *s) in tls1_setup_key_block() argument
478 if (s->s3.tmp.key_block_length != 0) in tls1_setup_key_block()
481 if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type, in tls1_setup_key_block()
482 &mac_secret_size, &comp, s->ext.use_etm)) { in tls1_setup_key_block()
484 SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); in tls1_setup_key_block()
488 ssl_evp_cipher_free(s->s3.tmp.new_sym_enc); in tls1_setup_key_block()
489 s->s3.tmp.new_sym_enc = c; in tls1_setup_key_block()
490 ssl_evp_md_free(s->s3.tmp.new_hash); in tls1_setup_key_block()
491 s->s3.tmp.new_hash = hash; in tls1_setup_key_block()
492 s->s3.tmp.new_mac_pkey_type = mac_type; in tls1_setup_key_block()
493 s->s3.tmp.new_mac_secret_size = mac_secret_size; in tls1_setup_key_block()
498 ssl3_cleanup_key_block(s); in tls1_setup_key_block()
501 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); in tls1_setup_key_block()
505 s->s3.tmp.key_block_length = num; in tls1_setup_key_block()
506 s->s3.tmp.key_block = p; in tls1_setup_key_block()
511 BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4); in tls1_setup_key_block()
513 BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4); in tls1_setup_key_block()
516 s->session->master_key, in tls1_setup_key_block()
517 s->session->master_key_length, 4); in tls1_setup_key_block()
520 if (!tls1_generate_key_block(s, p, num)) { in tls1_setup_key_block()
530 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) in tls1_setup_key_block()
531 && s->method->version <= TLS1_VERSION) { in tls1_setup_key_block()
536 s->s3.need_empty_fragments = 1; in tls1_setup_key_block()
538 if (s->session->cipher != NULL) { in tls1_setup_key_block()
539 if (s->session->cipher->algorithm_enc == SSL_eNULL) in tls1_setup_key_block()
540 s->s3.need_empty_fragments = 0; in tls1_setup_key_block()
542 if (s->session->cipher->algorithm_enc == SSL_RC4) in tls1_setup_key_block()
543 s->s3.need_empty_fragments = 0; in tls1_setup_key_block()
552 size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, in tls1_final_finish_mac() argument
559 if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kGOST18) in tls1_final_finish_mac()
562 if (!ssl3_digest_cached_records(s, 0)) { in tls1_final_finish_mac()
567 if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { in tls1_final_finish_mac()
572 if (!tls1_PRF(s, str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0, in tls1_final_finish_mac()
573 s->session->master_key, s->session->master_key_length, in tls1_final_finish_mac()
582 int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, in tls1_generate_master_secret() argument
585 if (s->session->flags & SSL_SESS_FLAG_EXTMS) { in tls1_generate_master_secret()
593 if (!ssl3_digest_cached_records(s, 1) in tls1_generate_master_secret()
594 || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { in tls1_generate_master_secret()
602 if (!tls1_PRF(s, in tls1_generate_master_secret()
615 if (!tls1_PRF(s, in tls1_generate_master_secret()
618 s->s3.client_random, SSL3_RANDOM_SIZE, in tls1_generate_master_secret()
620 s->s3.server_random, SSL3_RANDOM_SIZE, in tls1_generate_master_secret()
632 BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4); in tls1_generate_master_secret()
634 BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4); in tls1_generate_master_secret()
637 s->session->master_key, in tls1_generate_master_secret()
645 int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, in tls1_export_keying_material() argument
670 memcpy(val + currentvalpos, s->s3.client_random, SSL3_RANDOM_SIZE); in tls1_export_keying_material()
672 memcpy(val + currentvalpos, s->s3.server_random, SSL3_RANDOM_SIZE); in tls1_export_keying_material()
706 rv = tls1_PRF(s, in tls1_export_keying_material()
712 s->session->master_key, s->session->master_key_length, in tls1_export_keying_material()