Lines Matching +full:num +full:- +full:macs
2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
48 kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_PRF, s->ctx->propq); in tls1_PRF()
86 static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) in tls1_generate_key_block() argument
93 TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3.server_random, in tls1_generate_key_block()
94 SSL3_RANDOM_SIZE, s->s3.client_random, SSL3_RANDOM_SIZE, in tls1_generate_key_block()
95 NULL, 0, NULL, 0, s->session->master_key, in tls1_generate_key_block()
96 s->session->master_key_length, km, num, 1); in tls1_generate_key_block()
111 int imacsize = -1; in tls_provider_set_tls_params()
115 * We look at s->ext.use_etm instead of SSL_READ_ETM() or in tls_provider_set_tls_params()
119 && !s->ext.use_etm) in tls_provider_set_tls_params()
125 &s->version); in tls_provider_set_tls_params()
172 c = s->s3.tmp.new_sym_enc; in tls1_change_cipher_state()
173 m = s->s3.tmp.new_hash; in tls1_change_cipher_state()
174 mac_type = s->s3.tmp.new_mac_pkey_type; in tls1_change_cipher_state()
176 comp = s->s3.tmp.new_compression; in tls1_change_cipher_state()
180 if (s->ext.use_etm) in tls1_change_cipher_state()
181 s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; in tls1_change_cipher_state()
183 s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; in tls1_change_cipher_state()
185 if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) in tls1_change_cipher_state()
186 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; in tls1_change_cipher_state()
188 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; in tls1_change_cipher_state()
190 if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE) in tls1_change_cipher_state()
191 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_TLSTREE; in tls1_change_cipher_state()
193 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_TLSTREE; in tls1_change_cipher_state()
195 if (s->enc_read_ctx != NULL) { in tls1_change_cipher_state()
197 } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { in tls1_change_cipher_state()
204 EVP_CIPHER_CTX_reset(s->enc_read_ctx); in tls1_change_cipher_state()
206 dd = s->enc_read_ctx; in tls1_change_cipher_state()
207 mac_ctx = ssl_replace_hash(&s->read_hash, NULL); in tls1_change_cipher_state()
213 COMP_CTX_free(s->expand); in tls1_change_cipher_state()
214 s->expand = NULL; in tls1_change_cipher_state()
216 s->expand = COMP_CTX_new(comp->method); in tls1_change_cipher_state()
217 if (s->expand == NULL) { in tls1_change_cipher_state()
228 RECORD_LAYER_reset_read_sequence(&s->rlayer); in tls1_change_cipher_state()
229 mac_secret = &(s->s3.read_mac_secret[0]); in tls1_change_cipher_state()
230 mac_secret_size = &(s->s3.read_mac_secret_size); in tls1_change_cipher_state()
232 s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; in tls1_change_cipher_state()
233 if (s->ext.use_etm) in tls1_change_cipher_state()
234 s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; in tls1_change_cipher_state()
236 s->s3.flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; in tls1_change_cipher_state()
238 if (s->s3.tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) in tls1_change_cipher_state()
239 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; in tls1_change_cipher_state()
241 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; in tls1_change_cipher_state()
243 if (s->s3.tmp.new_cipher->algorithm2 & TLS1_TLSTREE) in tls1_change_cipher_state()
244 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_TLSTREE; in tls1_change_cipher_state()
246 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_TLSTREE; in tls1_change_cipher_state()
247 if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) { in tls1_change_cipher_state()
249 } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { in tls1_change_cipher_state()
253 dd = s->enc_write_ctx; in tls1_change_cipher_state()
260 s->write_hash = mac_ctx; in tls1_change_cipher_state()
262 mac_ctx = ssl_replace_hash(&s->write_hash, NULL); in tls1_change_cipher_state()
269 COMP_CTX_free(s->compress); in tls1_change_cipher_state()
270 s->compress = NULL; in tls1_change_cipher_state()
272 s->compress = COMP_CTX_new(comp->method); in tls1_change_cipher_state()
273 if (s->compress == NULL) { in tls1_change_cipher_state()
284 RECORD_LAYER_reset_write_sequence(&s->rlayer); in tls1_change_cipher_state()
285 mac_secret = &(s->s3.write_mac_secret[0]); in tls1_change_cipher_state()
286 mac_secret_size = &(s->s3.write_mac_secret_size); in tls1_change_cipher_state()
292 p = s->s3.tmp.key_block; in tls1_change_cipher_state()
293 i = *mac_secret_size = s->s3.tmp.new_mac_secret_size; in tls1_change_cipher_state()
316 if (n > s->s3.tmp.key_block_length) { in tls1_change_cipher_state()
325 mac_key = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", in tls1_change_cipher_state()
326 s->ctx->propq, mac_secret, in tls1_change_cipher_state()
331 * the GOST MACs, so we need to use the old style way of creating in tls1_change_cipher_state()
339 s->ctx->libctx, s->ctx->propq, mac_key, in tls1_change_cipher_state()
362 if (s->s3.tmp. in tls1_change_cipher_state()
363 new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) in tls1_change_cipher_state()
371 || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) { in tls1_change_cipher_state()
381 /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ in tls1_change_cipher_state()
401 if (s->compress || (s->options & SSL_OP_ENABLE_KTLS) == 0) in tls1_change_cipher_state()
413 bio = s->wbio; in tls1_change_cipher_state()
415 bio = s->rbio; in tls1_change_cipher_state()
429 if ((BIO_get_ktls_send(s->wbio) && (which & SSL3_CC_WRITE)) || in tls1_change_cipher_state()
430 (BIO_get_ktls_recv(s->rbio) && (which & SSL3_CC_READ))) { in tls1_change_cipher_state()
436 rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer); in tls1_change_cipher_state()
438 rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); in tls1_change_cipher_state()
454 s->statem.enc_write_state = ENC_WRITE_STATE_VALID; in tls1_change_cipher_state()
475 size_t num, mac_secret_size = 0; in tls1_setup_key_block() local
478 if (s->s3.tmp.key_block_length != 0) in tls1_setup_key_block()
481 if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type, in tls1_setup_key_block()
482 &mac_secret_size, &comp, s->ext.use_etm)) { in tls1_setup_key_block()
488 ssl_evp_cipher_free(s->s3.tmp.new_sym_enc); in tls1_setup_key_block()
489 s->s3.tmp.new_sym_enc = c; in tls1_setup_key_block()
490 ssl_evp_md_free(s->s3.tmp.new_hash); in tls1_setup_key_block()
491 s->s3.tmp.new_hash = hash; in tls1_setup_key_block()
492 s->s3.tmp.new_mac_pkey_type = mac_type; in tls1_setup_key_block()
493 s->s3.tmp.new_mac_secret_size = mac_secret_size; in tls1_setup_key_block()
494 num = mac_secret_size + EVP_CIPHER_get_key_length(c) in tls1_setup_key_block()
496 num *= 2; in tls1_setup_key_block()
500 if ((p = OPENSSL_malloc(num)) == NULL) { in tls1_setup_key_block()
505 s->s3.tmp.key_block_length = num; in tls1_setup_key_block()
506 s->s3.tmp.key_block = p; in tls1_setup_key_block()
509 BIO_printf(trc_out, "key block length: %zu\n", num); in tls1_setup_key_block()
511 BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4); in tls1_setup_key_block()
513 BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4); in tls1_setup_key_block()
516 s->session->master_key, in tls1_setup_key_block()
517 s->session->master_key_length, 4); in tls1_setup_key_block()
520 if (!tls1_generate_key_block(s, p, num)) { in tls1_setup_key_block()
527 BIO_dump_indent(trc_out, p, num, 4); in tls1_setup_key_block()
530 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) in tls1_setup_key_block()
531 && s->method->version <= TLS1_VERSION) { in tls1_setup_key_block()
533 * enable vulnerability countermeasure for CBC ciphers with known-IV in tls1_setup_key_block()
534 * problem (http://www.openssl.org/~bodo/tls-cbc.txt) in tls1_setup_key_block()
536 s->s3.need_empty_fragments = 1; in tls1_setup_key_block()
538 if (s->session->cipher != NULL) { in tls1_setup_key_block()
539 if (s->session->cipher->algorithm_enc == SSL_eNULL) in tls1_setup_key_block()
540 s->s3.need_empty_fragments = 0; in tls1_setup_key_block()
542 if (s->session->cipher->algorithm_enc == SSL_RC4) in tls1_setup_key_block()
543 s->s3.need_empty_fragments = 0; in tls1_setup_key_block()
559 if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_kGOST18) in tls1_final_finish_mac()
573 s->session->master_key, s->session->master_key_length, in tls1_final_finish_mac()
585 if (s->session->flags & SSL_SESS_FLAG_EXTMS) { in tls1_generate_master_secret()
618 s->s3.client_random, SSL3_RANDOM_SIZE, in tls1_generate_master_secret()
620 s->s3.server_random, SSL3_RANDOM_SIZE, in tls1_generate_master_secret()
632 BIO_dump_indent(trc_out, s->s3.client_random, SSL3_RANDOM_SIZE, 4); in tls1_generate_master_secret()
634 BIO_dump_indent(trc_out, s->s3.server_random, SSL3_RANDOM_SIZE, 4); in tls1_generate_master_secret()
637 s->session->master_key, in tls1_generate_master_secret()
670 memcpy(val + currentvalpos, s->s3.client_random, SSL3_RANDOM_SIZE); in tls1_export_keying_material()
672 memcpy(val + currentvalpos, s->s3.server_random, SSL3_RANDOM_SIZE); in tls1_export_keying_material()
712 s->session->master_key, s->session->master_key_length, in tls1_export_keying_material()
746 return -1; in tls1_alert_code()
800 return -1; in tls1_alert_code()