Symaptic: os/ossrv/ssl/libssl/src/t1_enc.c@bde4ae8d615e (annotated)

sl@0	1	/* ssl/t1_enc.c */
sl@0	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
sl@0	3	* All rights reserved.
sl@0	4	*
sl@0	5	* This package is an SSL implementation written
sl@0	6	* by Eric Young (eay@cryptsoft.com).
sl@0	7	* The implementation was written so as to conform with Netscapes SSL.
sl@0	8	*
sl@0	9	* This library is free for commercial and non-commercial use as long as
sl@0	10	* the following conditions are aheared to. The following conditions
sl@0	11	* apply to all code found in this distribution, be it the RC4, RSA,
sl@0	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
sl@0	13	* included with this distribution is covered by the same copyright terms
sl@0	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
sl@0	15	*
sl@0	16	* Copyright remains Eric Young's, and as such any Copyright notices in
sl@0	17	* the code are not to be removed.
sl@0	18	* If this package is used in a product, Eric Young should be given attribution
sl@0	19	* as the author of the parts of the library used.
sl@0	20	* This can be in the form of a textual message at program startup or
sl@0	21	* in documentation (online or textual) provided with the package.
sl@0	22	*
sl@0	23	* Redistribution and use in source and binary forms, with or without
sl@0	24	* modification, are permitted provided that the following conditions
sl@0	25	* are met:
sl@0	26	* 1. Redistributions of source code must retain the copyright
sl@0	27	* notice, this list of conditions and the following disclaimer.
sl@0	28	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	29	* notice, this list of conditions and the following disclaimer in the
sl@0	30	* documentation and/or other materials provided with the distribution.
sl@0	31	* 3. All advertising materials mentioning features or use of this software
sl@0	32	* must display the following acknowledgement:
sl@0	33	* "This product includes cryptographic software written by
sl@0	34	* Eric Young (eay@cryptsoft.com)"
sl@0	35	* The word 'cryptographic' can be left out if the rouines from the library
sl@0	36	* being used are not cryptographic related :-).
sl@0	37	* 4. If you include any Windows specific code (or a derivative thereof) from
sl@0	38	* the apps directory (application code) you must include an acknowledgement:
sl@0	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
sl@0	40	*
sl@0	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
sl@0	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
sl@0	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0	51	* SUCH DAMAGE.
sl@0	52	*
sl@0	53	* The licence and distribution terms for any publically available version or
sl@0	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
sl@0	55	* copied and put under another distribution licence
sl@0	56	* [including the GNU Public Licence.]
sl@0	57	*/
sl@0	58	/* ====================================================================
sl@0	59	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
sl@0	60	*
sl@0	61	* Redistribution and use in source and binary forms, with or without
sl@0	62	* modification, are permitted provided that the following conditions
sl@0	63	* are met:
sl@0	64	*
sl@0	65	* 1. Redistributions of source code must retain the above copyright
sl@0	66	* notice, this list of conditions and the following disclaimer.
sl@0	67	*
sl@0	68	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	69	* notice, this list of conditions and the following disclaimer in
sl@0	70	* the documentation and/or other materials provided with the
sl@0	71	* distribution.
sl@0	72	*
sl@0	73	* 3. All advertising materials mentioning features or use of this
sl@0	74	* software must display the following acknowledgment:
sl@0	75	* "This product includes software developed by the OpenSSL Project
sl@0	76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
sl@0	77	*
sl@0	78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
sl@0	79	* endorse or promote products derived from this software without
sl@0	80	* prior written permission. For written permission, please contact
sl@0	81	* openssl-core@openssl.org.
sl@0	82	*
sl@0	83	* 5. Products derived from this software may not be called "OpenSSL"
sl@0	84	* nor may "OpenSSL" appear in their names without prior written
sl@0	85	* permission of the OpenSSL Project.
sl@0	86	*
sl@0	87	* 6. Redistributions of any form whatsoever must retain the following
sl@0	88	* acknowledgment:
sl@0	89	* "This product includes software developed by the OpenSSL Project
sl@0	90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
sl@0	91	*
sl@0	92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
sl@0	93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
sl@0	95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
sl@0	96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
sl@0	97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
sl@0	98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
sl@0	99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
sl@0	101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
sl@0	102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
sl@0	103	* OF THE POSSIBILITY OF SUCH DAMAGE.
sl@0	104	* ====================================================================
sl@0	105	*
sl@0	106	* This product includes cryptographic software written by Eric Young
sl@0	107	* (eay@cryptsoft.com). This product includes software written by Tim
sl@0	108	* Hudson (tjh@cryptsoft.com).
sl@0	109	*
sl@0	110	*/
sl@0	111
sl@0	112	#include <stdio.h>
sl@0	113	#include "ssl_locl.h"
sl@0	114	#include <openssl/comp.h>
sl@0	115	#include <openssl/evp.h>
sl@0	116	#include <openssl/hmac.h>
sl@0	117	#include <openssl/md5.h>
sl@0	118
sl@0	119	static void tls1_P_hash(const EVP_MD md, const unsigned char sec,
sl@0	120	int sec_len, unsigned char *seed, int seed_len,
sl@0	121	unsigned char *out, int olen)
sl@0	122	{
sl@0	123	int chunk,n;
sl@0	124	unsigned int j;
sl@0	125	HMAC_CTX ctx;
sl@0	126	HMAC_CTX ctx_tmp;
sl@0	127	unsigned char A1[EVP_MAX_MD_SIZE];
sl@0	128	unsigned int A1_len;
sl@0	129
sl@0	130	chunk=EVP_MD_size(md);
sl@0	131
sl@0	132	HMAC_CTX_init(&ctx);
sl@0	133	HMAC_CTX_init(&ctx_tmp);
sl@0	134	HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
sl@0	135	HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
sl@0	136	HMAC_Update(&ctx,seed,seed_len);
sl@0	137	HMAC_Final(&ctx,A1,&A1_len);
sl@0	138
sl@0	139	n=0;
sl@0	140	for (;;)
sl@0	141	{
sl@0	142	HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
sl@0	143	HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
sl@0	144	HMAC_Update(&ctx,A1,A1_len);
sl@0	145	HMAC_Update(&ctx_tmp,A1,A1_len);
sl@0	146	HMAC_Update(&ctx,seed,seed_len);
sl@0	147
sl@0	148	if (olen > chunk)
sl@0	149	{
sl@0	150	HMAC_Final(&ctx,out,&j);
sl@0	151	out+=j;
sl@0	152	olen-=j;
sl@0	153	HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
sl@0	154	}
sl@0	155	else /* last one */
sl@0	156	{
sl@0	157	HMAC_Final(&ctx,A1,&A1_len);
sl@0	158	memcpy(out,A1,olen);
sl@0	159	break;
sl@0	160	}
sl@0	161	}
sl@0	162	HMAC_CTX_cleanup(&ctx);
sl@0	163	HMAC_CTX_cleanup(&ctx_tmp);
sl@0	164	OPENSSL_cleanse(A1,sizeof(A1));
sl@0	165	}
sl@0	166
sl@0	167	static void tls1_PRF(const EVP_MD md5, const EVP_MD sha1,
sl@0	168	unsigned char *label, int label_len,
sl@0	169	const unsigned char sec, int slen, unsigned char out1,
sl@0	170	unsigned char *out2, int olen)
sl@0	171	{
sl@0	172	int len,i;
sl@0	173	const unsigned char S1,S2;
sl@0	174
sl@0	175	len=slen/2;
sl@0	176	S1=sec;
sl@0	177	S2= &(sec[len]);
sl@0	178	len+=(slen&1); /* add for odd, make longer */
sl@0	179
sl@0	180
sl@0	181	tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
sl@0	182	tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
sl@0	183
sl@0	184	for (i=0; i<olen; i++)
sl@0	185	out1[i]^=out2[i];
sl@0	186	}
sl@0	187
sl@0	188	static void tls1_generate_key_block(SSL s, unsigned char km,
sl@0	189	unsigned char *tmp, int num)
sl@0	190	{
sl@0	191	unsigned char *p;
sl@0	192	unsigned char buf[SSL3_RANDOM_SIZE*2+
sl@0	193	TLS_MD_MAX_CONST_SIZE];
sl@0	194	p=buf;
sl@0	195
sl@0	196	memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
sl@0	197	TLS_MD_KEY_EXPANSION_CONST_SIZE);
sl@0	198	p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
sl@0	199	memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
sl@0	200	p+=SSL3_RANDOM_SIZE;
sl@0	201	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
sl@0	202	p+=SSL3_RANDOM_SIZE;
sl@0	203
sl@0	204	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
sl@0	205	s->session->master_key,s->session->master_key_length,
sl@0	206	km,tmp,num);
sl@0	207	#ifdef KSSL_DEBUG
sl@0	208	printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
sl@0	209	s->session->master_key_length);
sl@0	210	{
sl@0	211	int i;
sl@0	212	for (i=0; i < s->session->master_key_length; i++)
sl@0	213	{
sl@0	214	printf("%02X", s->session->master_key[i]);
sl@0	215	}
sl@0	216	printf("\n"); }
sl@0	217	#endif /* KSSL_DEBUG */
sl@0	218	}
sl@0	219
sl@0	220	int tls1_change_cipher_state(SSL *s, int which)
sl@0	221	{
sl@0	222	static const unsigned char empty[]="";
sl@0	223	unsigned char p,key_block,*mac_secret;
sl@0	224	unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
sl@0	225	SSL3_RANDOM_SIZE*2];
sl@0	226	unsigned char tmp1[EVP_MAX_KEY_LENGTH];
sl@0	227	unsigned char tmp2[EVP_MAX_KEY_LENGTH];
sl@0	228	unsigned char iv1[EVP_MAX_IV_LENGTH*2];
sl@0	229	unsigned char iv2[EVP_MAX_IV_LENGTH*2];
sl@0	230	unsigned char ms,key,iv,er1,*er2;
sl@0	231	int client_write;
sl@0	232	EVP_CIPHER_CTX *dd;
sl@0	233	const EVP_CIPHER *c;
sl@0	234	#ifndef OPENSSL_NO_COMP
sl@0	235	const SSL_COMP *comp;
sl@0	236	#endif
sl@0	237	const EVP_MD *m;
sl@0	238	int is_export,n,i,j,k,exp_label_len,cl;
sl@0	239	int reuse_dd = 0;
sl@0	240
sl@0	241	is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
sl@0	242	c=s->s3->tmp.new_sym_enc;
sl@0	243	m=s->s3->tmp.new_hash;
sl@0	244	#ifndef OPENSSL_NO_COMP
sl@0	245	comp=s->s3->tmp.new_compression;
sl@0	246	#endif
sl@0	247	key_block=s->s3->tmp.key_block;
sl@0	248
sl@0	249	#ifdef KSSL_DEBUG
sl@0	250	printf("tls1_change_cipher_state(which= %d) w/\n", which);
sl@0	251	printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
sl@0	252	comp);
sl@0	253	printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
sl@0	254	printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
sl@0	255	c->nid,c->block_size,c->key_len,c->iv_len);
sl@0	256	printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
sl@0	257	{
sl@0	258	int i;
sl@0	259	for (i=0; i<s->s3->tmp.key_block_length; i++)
sl@0	260	printf("%02x", key_block[i]); printf("\n");
sl@0	261	}
sl@0	262	#endif /* KSSL_DEBUG */
sl@0	263
sl@0	264	if (which & SSL3_CC_READ)
sl@0	265	{
sl@0	266	if (s->enc_read_ctx != NULL)
sl@0	267	reuse_dd = 1;
sl@0	268	else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
sl@0	269	goto err;
sl@0	270	else
sl@0	271	/* make sure it's intialized in case we exit later with an error */
sl@0	272	EVP_CIPHER_CTX_init(s->enc_read_ctx);
sl@0	273	dd= s->enc_read_ctx;
sl@0	274	s->read_hash=m;
sl@0	275	#ifndef OPENSSL_NO_COMP
sl@0	276	if (s->expand != NULL)
sl@0	277	{
sl@0	278	COMP_CTX_free(s->expand);
sl@0	279	s->expand=NULL;
sl@0	280	}
sl@0	281	if (comp != NULL)
sl@0	282	{
sl@0	283	s->expand=COMP_CTX_new(comp->method);
sl@0	284	if (s->expand == NULL)
sl@0	285	{
sl@0	286	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
sl@0	287	goto err2;
sl@0	288	}
sl@0	289	if (s->s3->rrec.comp == NULL)
sl@0	290	s->s3->rrec.comp=(unsigned char *)
sl@0	291	OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
sl@0	292	if (s->s3->rrec.comp == NULL)
sl@0	293	goto err;
sl@0	294	}
sl@0	295	#endif
sl@0	296	/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
sl@0	297	if (s->version != DTLS1_VERSION)
sl@0	298	memset(&(s->s3->read_sequence[0]),0,8);
sl@0	299	mac_secret= &(s->s3->read_mac_secret[0]);
sl@0	300	}
sl@0	301	else
sl@0	302	{
sl@0	303	if (s->enc_write_ctx != NULL)
sl@0	304	reuse_dd = 1;
sl@0	305	else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
sl@0	306	goto err;
sl@0	307	else
sl@0	308	/* make sure it's intialized in case we exit later with an error */
sl@0	309	EVP_CIPHER_CTX_init(s->enc_write_ctx);
sl@0	310	dd= s->enc_write_ctx;
sl@0	311	s->write_hash=m;
sl@0	312	#ifndef OPENSSL_NO_COMP
sl@0	313	if (s->compress != NULL)
sl@0	314	{
sl@0	315	COMP_CTX_free(s->compress);
sl@0	316	s->compress=NULL;
sl@0	317	}
sl@0	318	if (comp != NULL)
sl@0	319	{
sl@0	320	s->compress=COMP_CTX_new(comp->method);
sl@0	321	if (s->compress == NULL)
sl@0	322	{
sl@0	323	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
sl@0	324	goto err2;
sl@0	325	}
sl@0	326	}
sl@0	327	#endif
sl@0	328	/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
sl@0	329	if (s->version != DTLS1_VERSION)
sl@0	330	memset(&(s->s3->write_sequence[0]),0,8);
sl@0	331	mac_secret= &(s->s3->write_mac_secret[0]);
sl@0	332	}
sl@0	333
sl@0	334	if (reuse_dd)
sl@0	335	EVP_CIPHER_CTX_cleanup(dd);
sl@0	336
sl@0	337	p=s->s3->tmp.key_block;
sl@0	338	i=EVP_MD_size(m);
sl@0	339	cl=EVP_CIPHER_key_length(c);
sl@0	340	j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
sl@0	341	cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
sl@0	342	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
sl@0	343	k=EVP_CIPHER_iv_length(c);
sl@0	344	er1= &(s->s3->client_random[0]);
sl@0	345	er2= &(s->s3->server_random[0]);
sl@0	346	if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) \|\|
sl@0	347	(which == SSL3_CHANGE_CIPHER_SERVER_READ))
sl@0	348	{
sl@0	349	ms= &(p[ 0]); n=i+i;
sl@0	350	key= &(p[ n]); n+=j+j;
sl@0	351	iv= &(p[ n]); n+=k+k;
sl@0	352	exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
sl@0	353	exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
sl@0	354	client_write=1;
sl@0	355	}
sl@0	356	else
sl@0	357	{
sl@0	358	n=i;
sl@0	359	ms= &(p[ n]); n+=i+j;
sl@0	360	key= &(p[ n]); n+=j+k;
sl@0	361	iv= &(p[ n]); n+=k;
sl@0	362	exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
sl@0	363	exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
sl@0	364	client_write=0;
sl@0	365	}
sl@0	366
sl@0	367	if (n > s->s3->tmp.key_block_length)
sl@0	368	{
sl@0	369	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
sl@0	370	goto err2;
sl@0	371	}
sl@0	372
sl@0	373	memcpy(mac_secret,ms,i);
sl@0	374	#ifdef TLS_DEBUG
sl@0	375	printf("which = %04X\nmac key=",which);
sl@0	376	{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
sl@0	377	#endif
sl@0	378	if (is_export)
sl@0	379	{
sl@0	380	/* In here I set both the read and write key/iv to the
sl@0	381	* same value since only the correct one will be used :-).
sl@0	382	*/
sl@0	383	p=buf;
sl@0	384	memcpy(p,exp_label,exp_label_len);
sl@0	385	p+=exp_label_len;
sl@0	386	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
sl@0	387	p+=SSL3_RANDOM_SIZE;
sl@0	388	memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
sl@0	389	p+=SSL3_RANDOM_SIZE;
sl@0	390	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
sl@0	391	tmp1,tmp2,EVP_CIPHER_key_length(c));
sl@0	392	key=tmp1;
sl@0	393
sl@0	394	if (k > 0)
sl@0	395	{
sl@0	396	p=buf;
sl@0	397	memcpy(p,TLS_MD_IV_BLOCK_CONST,
sl@0	398	TLS_MD_IV_BLOCK_CONST_SIZE);
sl@0	399	p+=TLS_MD_IV_BLOCK_CONST_SIZE;
sl@0	400	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
sl@0	401	p+=SSL3_RANDOM_SIZE;
sl@0	402	memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
sl@0	403	p+=SSL3_RANDOM_SIZE;
sl@0	404	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
sl@0	405	iv1,iv2,k*2);
sl@0	406	if (client_write)
sl@0	407	iv=iv1;
sl@0	408	else
sl@0	409	iv= &(iv1[k]);
sl@0	410	}
sl@0	411	}
sl@0	412
sl@0	413	s->session->key_arg_length=0;
sl@0	414	#ifdef KSSL_DEBUG
sl@0	415	{
sl@0	416	int i;
sl@0	417	printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
sl@0	418	printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
sl@0	419	printf("\n");
sl@0	420	printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
sl@0	421	printf("\n");
sl@0	422	}
sl@0	423	#endif /* KSSL_DEBUG */
sl@0	424
sl@0	425	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
sl@0	426	#ifdef TLS_DEBUG
sl@0	427	printf("which = %04X\nkey=",which);
sl@0	428	{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
sl@0	429	printf("\niv=");
sl@0	430	{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
sl@0	431	printf("\n");
sl@0	432	#endif
sl@0	433
sl@0	434	OPENSSL_cleanse(tmp1,sizeof(tmp1));
sl@0	435	OPENSSL_cleanse(tmp2,sizeof(tmp1));
sl@0	436	OPENSSL_cleanse(iv1,sizeof(iv1));
sl@0	437	OPENSSL_cleanse(iv2,sizeof(iv2));
sl@0	438	return(1);
sl@0	439	err:
sl@0	440	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
sl@0	441	err2:
sl@0	442	return(0);
sl@0	443	}
sl@0	444
sl@0	445	int tls1_setup_key_block(SSL *s)
sl@0	446	{
sl@0	447	unsigned char p1,p2;
sl@0	448	const EVP_CIPHER *c;
sl@0	449	const EVP_MD *hash;
sl@0	450	int num;
sl@0	451	SSL_COMP *comp;
sl@0	452
sl@0	453	#ifdef KSSL_DEBUG
sl@0	454	printf ("tls1_setup_key_block()\n");
sl@0	455	#endif /* KSSL_DEBUG */
sl@0	456
sl@0	457	if (s->s3->tmp.key_block_length != 0)
sl@0	458	return(1);
sl@0	459
sl@0	460	if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
sl@0	461	{
sl@0	462	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
sl@0	463	return(0);
sl@0	464	}
sl@0	465
sl@0	466	s->s3->tmp.new_sym_enc=c;
sl@0	467	s->s3->tmp.new_hash=hash;
sl@0	468
sl@0	469	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
sl@0	470	num*=2;
sl@0	471
sl@0	472	ssl3_cleanup_key_block(s);
sl@0	473
sl@0	474	if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
sl@0	475	goto err;
sl@0	476	if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
sl@0	477	goto err;
sl@0	478
sl@0	479	s->s3->tmp.key_block_length=num;
sl@0	480	s->s3->tmp.key_block=p1;
sl@0	481
sl@0	482
sl@0	483	#ifdef TLS_DEBUG
sl@0	484	printf("client random\n");
sl@0	485	{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
sl@0	486	printf("server random\n");
sl@0	487	{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
sl@0	488	printf("pre-master\n");
sl@0	489	{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
sl@0	490	#endif
sl@0	491	tls1_generate_key_block(s,p1,p2,num);
sl@0	492	OPENSSL_cleanse(p2,num);
sl@0	493	OPENSSL_free(p2);
sl@0	494	#ifdef TLS_DEBUG
sl@0	495	printf("\nkey block\n");
sl@0	496	{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
sl@0	497	#endif
sl@0	498
sl@0	499	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
sl@0	500	{
sl@0	501	/* enable vulnerability countermeasure for CBC ciphers with
sl@0	502	* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
sl@0	503	*/
sl@0	504	s->s3->need_empty_fragments = 1;
sl@0	505
sl@0	506	if (s->session->cipher != NULL)
sl@0	507	{
sl@0	508	if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
sl@0	509	s->s3->need_empty_fragments = 0;
sl@0	510
sl@0	511	#ifndef OPENSSL_NO_RC4
sl@0	512	if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
sl@0	513	s->s3->need_empty_fragments = 0;
sl@0	514	#endif
sl@0	515	}
sl@0	516	}
sl@0	517
sl@0	518	return(1);
sl@0	519	err:
sl@0	520	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
sl@0	521	return(0);
sl@0	522	}
sl@0	523
sl@0	524	int tls1_enc(SSL *s, int send)
sl@0	525	{
sl@0	526	SSL3_RECORD *rec;
sl@0	527	EVP_CIPHER_CTX *ds;
sl@0	528	unsigned long l;
sl@0	529	int bs,i,ii,j,k,n=0;
sl@0	530	const EVP_CIPHER *enc;
sl@0	531
sl@0	532	if (send)
sl@0	533	{
sl@0	534	if (s->write_hash != NULL)
sl@0	535	n=EVP_MD_size(s->write_hash);
sl@0	536	ds=s->enc_write_ctx;
sl@0	537	rec= &(s->s3->wrec);
sl@0	538	if (s->enc_write_ctx == NULL)
sl@0	539	enc=NULL;
sl@0	540	else
sl@0	541	enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
sl@0	542	}
sl@0	543	else
sl@0	544	{
sl@0	545	if (s->read_hash != NULL)
sl@0	546	n=EVP_MD_size(s->read_hash);
sl@0	547	ds=s->enc_read_ctx;
sl@0	548	rec= &(s->s3->rrec);
sl@0	549	if (s->enc_read_ctx == NULL)
sl@0	550	enc=NULL;
sl@0	551	else
sl@0	552	enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
sl@0	553	}
sl@0	554
sl@0	555	#ifdef KSSL_DEBUG
sl@0	556	printf("tls1_enc(%d)\n", send);
sl@0	557	#endif /* KSSL_DEBUG */
sl@0	558
sl@0	559	if ((s->session == NULL) \|\| (ds == NULL) \|\|
sl@0	560	(enc == NULL))
sl@0	561	{
sl@0	562	memmove(rec->data,rec->input,rec->length);
sl@0	563	rec->input=rec->data;
sl@0	564	}
sl@0	565	else
sl@0	566	{
sl@0	567	l=rec->length;
sl@0	568	bs=EVP_CIPHER_block_size(ds->cipher);
sl@0	569
sl@0	570	if ((bs != 1) && send)
sl@0	571	{
sl@0	572	i=bs-((int)l%bs);
sl@0	573
sl@0	574	/* Add weird padding of upto 256 bytes */
sl@0	575
sl@0	576	/* we need to add 'i' padding bytes of value j */
sl@0	577	j=i-1;
sl@0	578	if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
sl@0	579	{
sl@0	580	if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
sl@0	581	j++;
sl@0	582	}
sl@0	583	for (k=(int)l; k<(int)(l+i); k++)
sl@0	584	rec->input[k]=j;
sl@0	585	l+=i;
sl@0	586	rec->length+=i;
sl@0	587	}
sl@0	588
sl@0	589	#ifdef KSSL_DEBUG
sl@0	590	{
sl@0	591	unsigned long ui;
sl@0	592	printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
sl@0	593	ds,rec->data,rec->input,l);
sl@0	594	printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
sl@0	595	ds->buf_len, ds->cipher->key_len,
sl@0	596	DES_KEY_SZ, DES_SCHEDULE_SZ,
sl@0	597	ds->cipher->iv_len);
sl@0	598	printf("\t\tIV: ");
sl@0	599	for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
sl@0	600	printf("\n");
sl@0	601	printf("\trec->input=");
sl@0	602	for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
sl@0	603	printf("\n");
sl@0	604	}
sl@0	605	#endif /* KSSL_DEBUG */
sl@0	606
sl@0	607	if (!send)
sl@0	608	{
sl@0	609	if (l == 0 \|\| l%bs != 0)
sl@0	610	{
sl@0	611	SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
sl@0	612	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
sl@0	613	return 0;
sl@0	614	}
sl@0	615	}
sl@0	616
sl@0	617	EVP_Cipher(ds,rec->data,rec->input,l);
sl@0	618
sl@0	619	#ifdef KSSL_DEBUG
sl@0	620	{
sl@0	621	unsigned long i;
sl@0	622	printf("\trec->data=");
sl@0	623	for (i=0; i<l; i++)
sl@0	624	printf(" %02x", rec->data[i]); printf("\n");
sl@0	625	}
sl@0	626	#endif /* KSSL_DEBUG */
sl@0	627
sl@0	628	if ((bs != 1) && !send)
sl@0	629	{
sl@0	630	ii=i=rec->data[l-1]; /* padding_length */
sl@0	631	i++;
sl@0	632	/* NB: if compression is in operation the first packet
sl@0	633	* may not be of even length so the padding bug check
sl@0	634	* cannot be performed. This bug workaround has been
sl@0	635	* around since SSLeay so hopefully it is either fixed
sl@0	636	* now or no buggy implementation supports compression
sl@0	637	* [steve]
sl@0	638	*/
sl@0	639	if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
sl@0	640	&& !s->expand)
sl@0	641	{
sl@0	642	/* First packet is even in size, so check */
sl@0	643	if ((memcmp(s->s3->read_sequence,
sl@0	644	"\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
sl@0	645	s->s3->flags\|=TLS1_FLAGS_TLS_PADDING_BUG;
sl@0	646	if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
sl@0	647	i--;
sl@0	648	}
sl@0	649	/* TLS 1.0 does not bound the number of padding bytes by the block size.
sl@0	650	* All of them must have value 'padding_length'. */
sl@0	651	if (i > (int)rec->length)
sl@0	652	{
sl@0	653	/* Incorrect padding. SSLerr() and ssl3_alert are done
sl@0	654	* by caller: we don't want to reveal whether this is
sl@0	655	* a decryption error or a MAC verification failure
sl@0	656	* (see http://www.openssl.org/~bodo/tls-cbc.txt) */
sl@0	657	return -1;
sl@0	658	}
sl@0	659	for (j=(int)(l-i); j<(int)l; j++)
sl@0	660	{
sl@0	661	if (rec->data[j] != ii)
sl@0	662	{
sl@0	663	/* Incorrect padding */
sl@0	664	return -1;
sl@0	665	}
sl@0	666	}
sl@0	667	rec->length-=i;
sl@0	668	}
sl@0	669	}
sl@0	670	return(1);
sl@0	671	}
sl@0	672
sl@0	673	int tls1_cert_verify_mac(SSL s, EVP_MD_CTX in_ctx, unsigned char *out)
sl@0	674	{
sl@0	675	unsigned int ret;
sl@0	676	EVP_MD_CTX ctx;
sl@0	677
sl@0	678	EVP_MD_CTX_init(&ctx);
sl@0	679	EVP_MD_CTX_copy_ex(&ctx,in_ctx);
sl@0	680	EVP_DigestFinal_ex(&ctx,out,&ret);
sl@0	681	EVP_MD_CTX_cleanup(&ctx);
sl@0	682	return((int)ret);
sl@0	683	}
sl@0	684
sl@0	685	int tls1_final_finish_mac(SSL s, EVP_MD_CTX in1_ctx, EVP_MD_CTX *in2_ctx,
sl@0	686	const char str, int slen, unsigned char out)
sl@0	687	{
sl@0	688	unsigned int i;
sl@0	689	EVP_MD_CTX ctx;
sl@0	690	unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
sl@0	691	unsigned char *q,buf2[12];
sl@0	692
sl@0	693	q=buf;
sl@0	694	memcpy(q,str,slen);
sl@0	695	q+=slen;
sl@0	696
sl@0	697	EVP_MD_CTX_init(&ctx);
sl@0	698	EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
sl@0	699	EVP_DigestFinal_ex(&ctx,q,&i);
sl@0	700	q+=i;
sl@0	701	EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
sl@0	702	EVP_DigestFinal_ex(&ctx,q,&i);
sl@0	703	q+=i;
sl@0	704
sl@0	705	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
sl@0	706	s->session->master_key,s->session->master_key_length,
sl@0	707	out,buf2,sizeof buf2);
sl@0	708	EVP_MD_CTX_cleanup(&ctx);
sl@0	709
sl@0	710	return sizeof buf2;
sl@0	711	}
sl@0	712
sl@0	713	int tls1_mac(SSL ssl, unsigned char md, int send)
sl@0	714	{
sl@0	715	SSL3_RECORD *rec;
sl@0	716	unsigned char mac_sec,seq;
sl@0	717	const EVP_MD *hash;
sl@0	718	unsigned int md_size;
sl@0	719	int i;
sl@0	720	HMAC_CTX hmac;
sl@0	721	unsigned char buf[5];
sl@0	722
sl@0	723	if (send)
sl@0	724	{
sl@0	725	rec= &(ssl->s3->wrec);
sl@0	726	mac_sec= &(ssl->s3->write_mac_secret[0]);
sl@0	727	seq= &(ssl->s3->write_sequence[0]);
sl@0	728	hash=ssl->write_hash;
sl@0	729	}
sl@0	730	else
sl@0	731	{
sl@0	732	rec= &(ssl->s3->rrec);
sl@0	733	mac_sec= &(ssl->s3->read_mac_secret[0]);
sl@0	734	seq= &(ssl->s3->read_sequence[0]);
sl@0	735	hash=ssl->read_hash;
sl@0	736	}
sl@0	737
sl@0	738	md_size=EVP_MD_size(hash);
sl@0	739
sl@0	740	buf[0]=rec->type;
sl@0	741	if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER)
sl@0	742	{
sl@0	743	buf[1]=TLS1_VERSION_MAJOR;
sl@0	744	buf[2]=TLS1_VERSION_MINOR;
sl@0	745	}
sl@0	746	else {
sl@0	747	buf[1]=(unsigned char)(ssl->version>>8);
sl@0	748	buf[2]=(unsigned char)(ssl->version);
sl@0	749	}
sl@0	750
sl@0	751	buf[3]=rec->length>>8;
sl@0	752	buf[4]=rec->length&0xff;
sl@0	753
sl@0	754	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
sl@0	755	HMAC_CTX_init(&hmac);
sl@0	756	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
sl@0	757
sl@0	758	if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
sl@0	759	{
sl@0	760	unsigned char dtlsseq[8],*p=dtlsseq;
sl@0	761
sl@0	762	s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
sl@0	763	memcpy (p,&seq[2],6);
sl@0	764
sl@0	765	HMAC_Update(&hmac,dtlsseq,8);
sl@0	766	}
sl@0	767	else
sl@0	768	HMAC_Update(&hmac,seq,8);
sl@0	769
sl@0	770	HMAC_Update(&hmac,buf,5);
sl@0	771	HMAC_Update(&hmac,rec->input,rec->length);
sl@0	772	HMAC_Final(&hmac,md,&md_size);
sl@0	773	HMAC_CTX_cleanup(&hmac);
sl@0	774
sl@0	775	#ifdef TLS_DEBUG
sl@0	776	printf("sec=");
sl@0	777	{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
sl@0	778	printf("seq=");
sl@0	779	{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
sl@0	780	printf("buf=");
sl@0	781	{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
sl@0	782	printf("rec=");
sl@0	783	{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
sl@0	784	#endif
sl@0	785
sl@0	786	if ( SSL_version(ssl) != DTLS1_VERSION)
sl@0	787	{
sl@0	788	for (i=7; i>=0; i--)
sl@0	789	{
sl@0	790	++seq[i];
sl@0	791	if (seq[i] != 0) break;
sl@0	792	}
sl@0	793	}
sl@0	794
sl@0	795	#ifdef TLS_DEBUG
sl@0	796	{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
sl@0	797	#endif
sl@0	798	return(md_size);
sl@0	799	}
sl@0	800
sl@0	801	int tls1_generate_master_secret(SSL s, unsigned char out, unsigned char *p,
sl@0	802	int len)
sl@0	803	{
sl@0	804	unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
sl@0	805	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
sl@0	806
sl@0	807	#ifdef KSSL_DEBUG
sl@0	808	printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
sl@0	809	#endif /* KSSL_DEBUG */
sl@0	810
sl@0	811	/* Setup the stuff to munge */
sl@0	812	memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
sl@0	813	TLS_MD_MASTER_SECRET_CONST_SIZE);
sl@0	814	memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
sl@0	815	s->s3->client_random,SSL3_RANDOM_SIZE);
sl@0	816	memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
sl@0	817	s->s3->server_random,SSL3_RANDOM_SIZE);
sl@0	818	tls1_PRF(s->ctx->md5,s->ctx->sha1,
sl@0	819	buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
sl@0	820	s->session->master_key,buff,sizeof buff);
sl@0	821	#ifdef KSSL_DEBUG
sl@0	822	printf ("tls1_generate_master_secret() complete\n");
sl@0	823	#endif /* KSSL_DEBUG */
sl@0	824	return(SSL3_MASTER_SECRET_SIZE);
sl@0	825	}
sl@0	826
sl@0	827	int tls1_alert_code(int code)
sl@0	828	{
sl@0	829	switch (code)
sl@0	830	{
sl@0	831	case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
sl@0	832	case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
sl@0	833	case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
sl@0	834	case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED);
sl@0	835	case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW);
sl@0	836	case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
sl@0	837	case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
sl@0	838	case SSL_AD_NO_CERTIFICATE: return(-1);
sl@0	839	case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
sl@0	840	case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
sl@0	841	case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
sl@0	842	case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
sl@0	843	case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
sl@0	844	case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
sl@0	845	case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA);
sl@0	846	case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
sl@0	847	case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
sl@0	848	case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
sl@0	849	case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
sl@0	850	case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
sl@0	851	case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
sl@0	852	case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
sl@0	853	case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
sl@0	854	case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
sl@0	855	case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
sl@0	856	(DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
sl@0	857	default: return(-1);
sl@0	858	}
sl@0	859	}
sl@0	860

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--