26 static int tls1_PRF(SSL_CONNECTION *s,  in tls1_PRF()  argument
35     const EVP_MD *md = ssl_prf_md(s);  in tls1_PRF()
44             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);  in tls1_PRF()
49     kdf = EVP_KDF_fetch(SSL_CONNECTION_GET_CTX(s)->libctx,  in tls1_PRF()
51                         SSL_CONNECTION_GET_CTX(s)->propq);  in tls1_PRF()
82         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);  in tls1_PRF()
89 static int tls1_generate_key_block(SSL_CONNECTION *s, unsigned char *km,  in tls1_generate_key_block()  argument
95     ret = tls1_PRF(s,  in tls1_generate_key_block()
97                    TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3.server_random,  in tls1_generate_key_block()
98                    SSL3_RANDOM_SIZE, s->s3.client_random, SSL3_RANDOM_SIZE,  in tls1_generate_key_block()
99                    NULL, 0, NULL, 0, s->session->master_key,  in tls1_generate_key_block()
100                    s->session->master_key_length, km, num, 1);  in tls1_generate_key_block()
116 int tls1_change_cipher_state(SSL_CONNECTION *s, int which)  in tls1_change_cipher_state()  argument
134     c = s->s3.tmp.new_sym_enc;  in tls1_change_cipher_state()
135     m = s->s3.tmp.new_hash;  in tls1_change_cipher_state()
136     mac_type = s->s3.tmp.new_mac_pkey_type;  in tls1_change_cipher_state()
138     comp = s->s3.tmp.new_compression;  in tls1_change_cipher_state()
141     p = s->s3.tmp.key_block;  in tls1_change_cipher_state()
142     i = mac_secret_size = s->s3.tmp.new_mac_secret_size;  in tls1_change_cipher_state()
148         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);  in tls1_change_cipher_state()
170     if (n > s->s3.tmp.key_block_length) {  in tls1_change_cipher_state()
171         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);  in tls1_change_cipher_state()
180         if ((s->s3.tmp.new_cipher->algorithm_enc  in tls1_change_cipher_state()
191             taglen = s->s3.tmp.new_mac_secret_size;  in tls1_change_cipher_state()
197         if (s->ext.use_etm)  in tls1_change_cipher_state()
198             s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;  in tls1_change_cipher_state()
200             s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;  in tls1_change_cipher_state()
202         if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)  in tls1_change_cipher_state()
203             s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;  in tls1_change_cipher_state()
205             s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;  in tls1_change_cipher_state()
207         if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE)  in tls1_change_cipher_state()
208             s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE;  in tls1_change_cipher_state()
210             s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE;  in tls1_change_cipher_state()
214         if (s->ext.use_etm)  in tls1_change_cipher_state()
215             s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;  in tls1_change_cipher_state()
217             s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;  in tls1_change_cipher_state()
219         if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)  in tls1_change_cipher_state()
220             s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;  in tls1_change_cipher_state()
222             s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;  in tls1_change_cipher_state()
224         if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE)  in tls1_change_cipher_state()
225             s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_TLSTREE;  in tls1_change_cipher_state()
227             s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_TLSTREE;  in tls1_change_cipher_state()
232     if (SSL_CONNECTION_IS_DTLS(s))  in tls1_change_cipher_state()
233         dtls1_increment_epoch(s, which);  in tls1_change_cipher_state()
235     if (!ssl_set_new_record_layer(s, s->version, direction,  in tls1_change_cipher_state()
256 int tls1_setup_key_block(SSL_CONNECTION *s)  in tls1_setup_key_block()  argument
267     if (s->s3.tmp.key_block_length != 0)  in tls1_setup_key_block()
270     if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash,  in tls1_setup_key_block()
272                             s->ext.use_etm)) {  in tls1_setup_key_block()
274         SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);  in tls1_setup_key_block()
278     ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);  in tls1_setup_key_block()
279     s->s3.tmp.new_sym_enc = c;  in tls1_setup_key_block()
280     ssl_evp_md_free(s->s3.tmp.new_hash);  in tls1_setup_key_block()
281     s->s3.tmp.new_hash = hash;  in tls1_setup_key_block()
282     s->s3.tmp.new_mac_pkey_type = mac_type;  in tls1_setup_key_block()
283     s->s3.tmp.new_mac_secret_size = mac_secret_size;  in tls1_setup_key_block()
286         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);  in tls1_setup_key_block()
292     ssl3_cleanup_key_block(s);  in tls1_setup_key_block()
295         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);  in tls1_setup_key_block()
299     s->s3.tmp.key_block_length = num;  in tls1_setup_key_block()
300     s->s3.tmp.key_block = p;  in tls1_setup_key_block()
305         BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4);  in tls1_setup_key_block()
307         BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4);  in tls1_setup_key_block()
310                         s->session->master_key,  in tls1_setup_key_block()
311                         s->session->master_key_length, 4);  in tls1_setup_key_block()
314     if (!tls1_generate_key_block(s, p, num)) {  in tls1_setup_key_block()
329 size_t tls1_final_finish_mac(SSL_CONNECTION *s, const char *str,  in tls1_final_finish_mac()  argument
336     if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kGOST18)  in tls1_final_finish_mac()
339     if (!ssl3_digest_cached_records(s, 0)) {  in tls1_final_finish_mac()
344     if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {  in tls1_final_finish_mac()
349     if (!tls1_PRF(s, str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0,  in tls1_final_finish_mac()
350                   s->session->master_key, s->session->master_key_length,  in tls1_final_finish_mac()
359 int tls1_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,  in tls1_generate_master_secret()  argument
363     if (s->session->flags & SSL_SESS_FLAG_EXTMS) {  in tls1_generate_master_secret()
371         if (!ssl3_digest_cached_records(s, 1)  in tls1_generate_master_secret()
372                 || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {  in tls1_generate_master_secret()
380         if (!tls1_PRF(s,  in tls1_generate_master_secret()
393         if (!tls1_PRF(s,  in tls1_generate_master_secret()
396                       s->s3.client_random, SSL3_RANDOM_SIZE,  in tls1_generate_master_secret()
398                       s->s3.server_random, SSL3_RANDOM_SIZE,  in tls1_generate_master_secret()
410         BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4);  in tls1_generate_master_secret()
412         BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4);  in tls1_generate_master_secret()
415                         s->session->master_key,  in tls1_generate_master_secret()
423 int tls1_export_keying_material(SSL_CONNECTION *s, unsigned char *out,  in tls1_export_keying_material()  argument
457     memcpy(val + currentvalpos, s->s3.client_random, SSL3_RANDOM_SIZE);  in tls1_export_keying_material()
459     memcpy(val + currentvalpos, s->s3.server_random, SSL3_RANDOM_SIZE);  in tls1_export_keying_material()
493     rv = tls1_PRF(s,  in tls1_export_keying_material()
499                   s->session->master_key, s->session->master_key_length,  in tls1_export_keying_material()

Last Index update Thu Feb 27 18:04:10 UTC 2025

Dedicated to & Maintained by Room-11