1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libssl/src/d1_enc.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,281 @@
1.4 +/* ssl/d1_enc.c */
1.5 +/*
1.6 + * DTLS implementation written by Nagendra Modadugu
1.7 + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
1.8 + */
1.9 +/* ====================================================================
1.10 + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
1.11 + *
1.12 + * Redistribution and use in source and binary forms, with or without
1.13 + * modification, are permitted provided that the following conditions
1.14 + * are met:
1.15 + *
1.16 + * 1. Redistributions of source code must retain the above copyright
1.17 + * notice, this list of conditions and the following disclaimer.
1.18 + *
1.19 + * 2. Redistributions in binary form must reproduce the above copyright
1.20 + * notice, this list of conditions and the following disclaimer in
1.21 + * the documentation and/or other materials provided with the
1.22 + * distribution.
1.23 + *
1.24 + * 3. All advertising materials mentioning features or use of this
1.25 + * software must display the following acknowledgment:
1.26 + * "This product includes software developed by the OpenSSL Project
1.27 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
1.28 + *
1.29 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.30 + * endorse or promote products derived from this software without
1.31 + * prior written permission. For written permission, please contact
1.32 + * openssl-core@openssl.org.
1.33 + *
1.34 + * 5. Products derived from this software may not be called "OpenSSL"
1.35 + * nor may "OpenSSL" appear in their names without prior written
1.36 + * permission of the OpenSSL Project.
1.37 + *
1.38 + * 6. Redistributions of any form whatsoever must retain the following
1.39 + * acknowledgment:
1.40 + * "This product includes software developed by the OpenSSL Project
1.41 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
1.42 + *
1.43 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.44 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.45 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.46 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.47 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.48 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.49 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.50 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.52 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.53 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.54 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.55 + * ====================================================================
1.56 + *
1.57 + * This product includes cryptographic software written by Eric Young
1.58 + * (eay@cryptsoft.com). This product includes software written by Tim
1.59 + * Hudson (tjh@cryptsoft.com).
1.60 + *
1.61 + */
1.62 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.63 + * All rights reserved.
1.64 + *
1.65 + * This package is an SSL implementation written
1.66 + * by Eric Young (eay@cryptsoft.com).
1.67 + * The implementation was written so as to conform with Netscapes SSL.
1.68 + *
1.69 + * This library is free for commercial and non-commercial use as long as
1.70 + * the following conditions are aheared to. The following conditions
1.71 + * apply to all code found in this distribution, be it the RC4, RSA,
1.72 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.73 + * included with this distribution is covered by the same copyright terms
1.74 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.75 + *
1.76 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.77 + * the code are not to be removed.
1.78 + * If this package is used in a product, Eric Young should be given attribution
1.79 + * as the author of the parts of the library used.
1.80 + * This can be in the form of a textual message at program startup or
1.81 + * in documentation (online or textual) provided with the package.
1.82 + *
1.83 + * Redistribution and use in source and binary forms, with or without
1.84 + * modification, are permitted provided that the following conditions
1.85 + * are met:
1.86 + * 1. Redistributions of source code must retain the copyright
1.87 + * notice, this list of conditions and the following disclaimer.
1.88 + * 2. Redistributions in binary form must reproduce the above copyright
1.89 + * notice, this list of conditions and the following disclaimer in the
1.90 + * documentation and/or other materials provided with the distribution.
1.91 + * 3. All advertising materials mentioning features or use of this software
1.92 + * must display the following acknowledgement:
1.93 + * "This product includes cryptographic software written by
1.94 + * Eric Young (eay@cryptsoft.com)"
1.95 + * The word 'cryptographic' can be left out if the rouines from the library
1.96 + * being used are not cryptographic related :-).
1.97 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.98 + * the apps directory (application code) you must include an acknowledgement:
1.99 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.100 + *
1.101 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.102 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.103 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.104 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.105 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.106 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.107 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.108 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.109 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.110 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.111 + * SUCH DAMAGE.
1.112 + *
1.113 + * The licence and distribution terms for any publically available version or
1.114 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.115 + * copied and put under another distribution licence
1.116 + * [including the GNU Public Licence.]
1.117 + */
1.118 +
1.119 +#include <stdio.h>
1.120 +#include "ssl_locl.h"
1.121 +#include <openssl/comp.h>
1.122 +#include <openssl/evp.h>
1.123 +#include <openssl/hmac.h>
1.124 +#include <openssl/md5.h>
1.125 +#include <openssl/rand.h>
1.126 +
1.127 +
1.128 +int dtls1_enc(SSL *s, int send)
1.129 + {
1.130 + SSL3_RECORD *rec;
1.131 + EVP_CIPHER_CTX *ds;
1.132 + unsigned long l;
1.133 + int bs,i,ii,j,k,n=0;
1.134 + const EVP_CIPHER *enc;
1.135 +
1.136 + if (send)
1.137 + {
1.138 + if (s->write_hash != NULL)
1.139 + n=EVP_MD_size(s->write_hash);
1.140 + ds=s->enc_write_ctx;
1.141 + rec= &(s->s3->wrec);
1.142 + if (s->enc_write_ctx == NULL)
1.143 + enc=NULL;
1.144 + else
1.145 + {
1.146 + enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
1.147 + if ( rec->data != rec->input)
1.148 + /* we can't write into the input stream */
1.149 + fprintf(stderr, "%s:%d: rec->data != rec->input\n",
1.150 + __FILE__, __LINE__);
1.151 + else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
1.152 + {
1.153 + if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
1.154 + return -1;
1.155 + }
1.156 + }
1.157 + }
1.158 + else
1.159 + {
1.160 + if (s->read_hash != NULL)
1.161 + n=EVP_MD_size(s->read_hash);
1.162 + ds=s->enc_read_ctx;
1.163 + rec= &(s->s3->rrec);
1.164 + if (s->enc_read_ctx == NULL)
1.165 + enc=NULL;
1.166 + else
1.167 + enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
1.168 + }
1.169 +
1.170 +#ifdef KSSL_DEBUG
1.171 + printf("dtls1_enc(%d)\n", send);
1.172 +#endif /* KSSL_DEBUG */
1.173 +
1.174 + if ((s->session == NULL) || (ds == NULL) ||
1.175 + (enc == NULL))
1.176 + {
1.177 + memmove(rec->data,rec->input,rec->length);
1.178 + rec->input=rec->data;
1.179 + }
1.180 + else
1.181 + {
1.182 + l=rec->length;
1.183 + bs=EVP_CIPHER_block_size(ds->cipher);
1.184 +
1.185 + if ((bs != 1) && send)
1.186 + {
1.187 + i=bs-((int)l%bs);
1.188 +
1.189 + /* Add weird padding of upto 256 bytes */
1.190 +
1.191 + /* we need to add 'i' padding bytes of value j */
1.192 + j=i-1;
1.193 + if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
1.194 + {
1.195 + if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
1.196 + j++;
1.197 + }
1.198 + for (k=(int)l; k<(int)(l+i); k++)
1.199 + rec->input[k]=j;
1.200 + l+=i;
1.201 + rec->length+=i;
1.202 + }
1.203 +
1.204 +#ifdef KSSL_DEBUG
1.205 + {
1.206 + unsigned long ui;
1.207 + printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
1.208 + ds,rec->data,rec->input,l);
1.209 + printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
1.210 + ds->buf_len, ds->cipher->key_len,
1.211 + DES_KEY_SZ, DES_SCHEDULE_SZ,
1.212 + ds->cipher->iv_len);
1.213 + printf("\t\tIV: ");
1.214 + for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
1.215 + printf("\n");
1.216 + printf("\trec->input=");
1.217 + for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
1.218 + printf("\n");
1.219 + }
1.220 +#endif /* KSSL_DEBUG */
1.221 +
1.222 + if (!send)
1.223 + {
1.224 + if (l == 0 || l%bs != 0)
1.225 + {
1.226 + SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
1.227 + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
1.228 + return 0;
1.229 + }
1.230 + }
1.231 +
1.232 + EVP_Cipher(ds,rec->data,rec->input,l);
1.233 +
1.234 +#ifdef KSSL_DEBUG
1.235 + {
1.236 + unsigned long i;
1.237 + printf("\trec->data=");
1.238 + for (i=0; i<l; i++)
1.239 + printf(" %02x", rec->data[i]); printf("\n");
1.240 + }
1.241 +#endif /* KSSL_DEBUG */
1.242 +
1.243 + if ((bs != 1) && !send)
1.244 + {
1.245 + ii=i=rec->data[l-1]; /* padding_length */
1.246 + i++;
1.247 + if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
1.248 + {
1.249 + /* First packet is even in size, so check */
1.250 + if ((memcmp(s->s3->read_sequence,
1.251 + "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
1.252 + s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
1.253 + if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
1.254 + i--;
1.255 + }
1.256 + /* TLS 1.0 does not bound the number of padding bytes by the block size.
1.257 + * All of them must have value 'padding_length'. */
1.258 + if (i > (int)rec->length)
1.259 + {
1.260 + /* Incorrect padding. SSLerr() and ssl3_alert are done
1.261 + * by caller: we don't want to reveal whether this is
1.262 + * a decryption error or a MAC verification failure
1.263 + * (see http://www.openssl.org/~bodo/tls-cbc.txt)
1.264 + */
1.265 + return -1;
1.266 + }
1.267 + for (j=(int)(l-i); j<(int)l; j++)
1.268 + {
1.269 + if (rec->data[j] != ii)
1.270 + {
1.271 + /* Incorrect padding */
1.272 + return -1;
1.273 + }
1.274 + }
1.275 + rec->length-=i;
1.276 +
1.277 + rec->data += bs; /* skip the implicit IV */
1.278 + rec->input += bs;
1.279 + rec->length -= bs;
1.280 + }
1.281 + }
1.282 + return(1);
1.283 + }
1.284 +