(linenum→info "unix/slp.c:2238")

openssl/0.9.8g/ssl/t1_enc.c

    1: /* ssl/t1_enc.c */
    2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
    3:  * All rights reserved.
    4:  *
    5:  * This package is an SSL implementation written
    6:  * by Eric Young (eay@cryptsoft.com).
    7:  * The implementation was written so as to conform with Netscapes SSL.
    8:  * 
    9:  * This library is free for commercial and non-commercial use as long as
   10:  * the following conditions are aheared to.  The following conditions
   11:  * apply to all code found in this distribution, be it the RC4, RSA,
   12:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   13:  * included with this distribution is covered by the same copyright terms
   14:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   15:  * 
   16:  * Copyright remains Eric Young's, and as such any Copyright notices in
   17:  * the code are not to be removed.
   18:  * If this package is used in a product, Eric Young should be given attribution
   19:  * as the author of the parts of the library used.
   20:  * This can be in the form of a textual message at program startup or
   21:  * in documentation (online or textual) provided with the package.
   22:  * 
   23:  * Redistribution and use in source and binary forms, with or without
   24:  * modification, are permitted provided that the following conditions
   25:  * are met:
   26:  * 1. Redistributions of source code must retain the copyright
   27:  *    notice, this list of conditions and the following disclaimer.
   28:  * 2. Redistributions in binary form must reproduce the above copyright
   29:  *    notice, this list of conditions and the following disclaimer in the
   30:  *    documentation and/or other materials provided with the distribution.
   31:  * 3. All advertising materials mentioning features or use of this software
   32:  *    must display the following acknowledgement:
   33:  *    "This product includes cryptographic software written by
   34:  *     Eric Young (eay@cryptsoft.com)"
   35:  *    The word 'cryptographic' can be left out if the rouines from the library
   36:  *    being used are not cryptographic related :-).
   37:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   38:  *    the apps directory (application code) you must include an acknowledgement:
   39:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   40:  * 
   41:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   42:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   43:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   44:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   45:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   46:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   47:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   48:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   49:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   50:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   51:  * SUCH DAMAGE.
   52:  * 
   53:  * The licence and distribution terms for any publically available version or
   54:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
   55:  * copied and put under another distribution licence
   56:  * [including the GNU Public Licence.]
   57:  */
   58: /* ====================================================================
   59:  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
   60:  *
   61:  * Redistribution and use in source and binary forms, with or without
   62:  * modification, are permitted provided that the following conditions
   63:  * are met:
   64:  *
   65:  * 1. Redistributions of source code must retain the above copyright
   66:  *    notice, this list of conditions and the following disclaimer. 
   67:  *
   68:  * 2. Redistributions in binary form must reproduce the above copyright
   69:  *    notice, this list of conditions and the following disclaimer in
   70:  *    the documentation and/or other materials provided with the
   71:  *    distribution.
   72:  *
   73:  * 3. All advertising materials mentioning features or use of this
   74:  *    software must display the following acknowledgment:
   75:  *    "This product includes software developed by the OpenSSL Project
   76:  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
   77:  *
   78:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   79:  *    endorse or promote products derived from this software without
   80:  *    prior written permission. For written permission, please contact
   81:  *    openssl-core@openssl.org.
   82:  *
   83:  * 5. Products derived from this software may not be called "OpenSSL"
   84:  *    nor may "OpenSSL" appear in their names without prior written
   85:  *    permission of the OpenSSL Project.
   86:  *
   87:  * 6. Redistributions of any form whatsoever must retain the following
   88:  *    acknowledgment:
   89:  *    "This product includes software developed by the OpenSSL Project
   90:  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
   91:  *
   92:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   93:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   94:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   95:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   96:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   97:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   98:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   99:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103:  * OF THE POSSIBILITY OF SUCH DAMAGE.
  104:  * ====================================================================
  105:  *
  106:  * This product includes cryptographic software written by Eric Young
  107:  * (eay@cryptsoft.com).  This product includes software written by Tim
  108:  * Hudson (tjh@cryptsoft.com).
  109:  *
  110:  */
  111: 
  112: #include <stdio.h>
  113: #include "ssl_locl.h"
  114: #include <openssl/comp.h>
  115: #include <openssl/evp.h>
  116: #include <openssl/hmac.h>
  117: #include <openssl/md5.h>
  118: 
  119: static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
  120:                         int sec_len, unsigned char *seed, int seed_len,
  121:                         unsigned char *out, int olen)
  122:         {
  123:         int chunk,n;
  124:         unsigned int j;
  125:         HMAC_CTX ctx;
  126:         HMAC_CTX ctx_tmp;
  127:         unsigned char A1[EVP_MAX_MD_SIZE];
  128:         unsigned int A1_len;
  129:         
  130:         chunk=EVP_MD_size(md);
  131: 
  132:         HMAC_CTX_init(&ctx);
  133:         HMAC_CTX_init(&ctx_tmp);
  134:         HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
  135:         HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
  136:         HMAC_Update(&ctx,seed,seed_len);
  137:         HMAC_Final(&ctx,A1,&A1_len);
  138: 
  139:         n=0;
  140:         for (;;)
  141:                 {
  142:                 HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
  143:                 HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
  144:                 HMAC_Update(&ctx,A1,A1_len);
  145:                 HMAC_Update(&ctx_tmp,A1,A1_len);
  146:                 HMAC_Update(&ctx,seed,seed_len);
  147: 
  148:                 if (olen > chunk)
  149:                         {
  150:                         HMAC_Final(&ctx,out,&j);
  151:                         out+=j;
  152:                         olen-=j;
  153:                         HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
  154:                         }
  155:                 else  /* last one */
  156:                         {
  157:                         HMAC_Final(&ctx,A1,&A1_len);
  158:                         memcpy(out,A1,olen);
  159:                         break;
  160:                         }
  161:                 }
  162:         HMAC_CTX_cleanup(&ctx);
  163:         HMAC_CTX_cleanup(&ctx_tmp);
  164:         OPENSSL_cleanse(A1,sizeof(A1));
  165:         }
  166: 
  167: static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
  168:                      unsigned char *label, int label_len,
  169:                      const unsigned char *sec, int slen, unsigned char *out1,
  170:                      unsigned char *out2, int olen)
  171:         {
  172:         int len,i;
  173:         const unsigned char *S1,*S2;
  174: 
  175:         len=slen/2;
  176:         S1=sec;
  177:         S2= &(sec[len]);
  178:         len+=(slen&1); /* add for odd, make longer */
  179: 
  180:         
  181:         tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
  182:         tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
  183: 
  184:         for (i=0; i<olen; i++)
  185:                 out1[i]^=out2[i];
  186:         }
  187: 
  188: static void tls1_generate_key_block(SSL *s, unsigned char *km,
  189:              unsigned char *tmp, int num)
  190:         {
  191:         unsigned char *p;
  192:         unsigned char buf[SSL3_RANDOM_SIZE*2+
  193:                 TLS_MD_MAX_CONST_SIZE];
  194:         p=buf;
  195: 
  196:         memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
  197:                 TLS_MD_KEY_EXPANSION_CONST_SIZE);
  198:         p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
  199:         memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
  200:         p+=SSL3_RANDOM_SIZE;
  201:         memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
  202:         p+=SSL3_RANDOM_SIZE;
  203: 
  204:         tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
  205:                  s->session->master_key,s->session->master_key_length,
  206:                  km,tmp,num);
  207: #ifdef KSSL_DEBUG
  208:         printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
  209:                 s->session->master_key_length);
  210:         {
  211:         int i;
  212:         for (i=0; i < s->session->master_key_length; i++)
  213:                 {
  214:                 printf("%02X", s->session->master_key[i]);
  215:                 }
  216:         printf("\n");  }
  217: #endif    /* KSSL_DEBUG */
  218:         }
  219: 
  220: int tls1_change_cipher_state(SSL *s, int which)
  221:         {
  222:         static const unsigned char empty[]="";
  223:         unsigned char *p,*key_block,*mac_secret;
  224:         unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
  225:                 SSL3_RANDOM_SIZE*2];
  226:         unsigned char tmp1[EVP_MAX_KEY_LENGTH];
  227:         unsigned char tmp2[EVP_MAX_KEY_LENGTH];
  228:         unsigned char iv1[EVP_MAX_IV_LENGTH*2];
  229:         unsigned char iv2[EVP_MAX_IV_LENGTH*2];
  230:         unsigned char *ms,*key,*iv,*er1,*er2;
  231:         int client_write;
  232:         EVP_CIPHER_CTX *dd;
  233:         const EVP_CIPHER *c;
  234: #ifndef OPENSSL_NO_COMP
  235:         const SSL_COMP *comp;
  236: #endif
  237:         const EVP_MD *m;
  238:         int is_export,n,i,j,k,exp_label_len,cl;
  239:         int reuse_dd = 0;
  240: 
  241:         is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
  242:         c=s->s3->tmp.new_sym_enc;
  243:         m=s->s3->tmp.new_hash;
  244: #ifndef OPENSSL_NO_COMP
  245:         comp=s->s3->tmp.new_compression;
  246: #endif
  247:         key_block=s->s3->tmp.key_block;
  248: 
  249: #ifdef KSSL_DEBUG
  250:         printf("tls1_change_cipher_state(which= %d) w/\n", which);
  251:         printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
  252:                 comp);
  253:         printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
  254:         printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
  255:                 c->nid,c->block_size,c->key_len,c->iv_len);
  256:         printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
  257:         {
  258:         int i;
  259:         for (i=0; i<s->s3->tmp.key_block_length; i++)
  260:                 printf("%02x", key_block[i]);  printf("\n");
  261:         }
  262: #endif  /* KSSL_DEBUG */
  263: 
  264:         if (which & SSL3_CC_READ)
  265:                 {
  266:                 if (s->enc_read_ctx != NULL)
  267:                         reuse_dd = 1;
  268:                 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
  269:                         goto err;
  270:                 else
  271:                         /* make sure it's intialized in case we exit later with an error */
  272:                         EVP_CIPHER_CTX_init(s->enc_read_ctx);
  273:                 dd= s->enc_read_ctx;
  274:                 s->read_hash=m;
  275: #ifndef OPENSSL_NO_COMP
  276:                 if (s->expand != NULL)
  277:                         {
  278:                         COMP_CTX_free(s->expand);
  279:                         s->expand=NULL;
  280:                         }
  281:                 if (comp != NULL)
  282:                         {
  283:                         s->expand=COMP_CTX_new(comp->method);
  284:                         if (s->expand == NULL)
  285:                                 {
  286:                                 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
  287:                                 goto err2;
  288:                                 }
  289:                         if (s->s3->rrec.comp == NULL)
  290:                                 s->s3->rrec.comp=(unsigned char *)
  291:                                         OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
  292:                         if (s->s3->rrec.comp == NULL)
  293:                                 goto err;
  294:                         }
  295: #endif
  296:                 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
  297:                 if (s->version != DTLS1_VERSION)
  298:                         memset(&(s->s3->read_sequence[0]),0,8);
  299:                 mac_secret= &(s->s3->read_mac_secret[0]);
  300:                 }
  301:         else
  302:                 {
  303:                 if (s->enc_write_ctx != NULL)
  304:                         reuse_dd = 1;
  305:                 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
  306:                         goto err;
  307:                 else
  308:                         /* make sure it's intialized in case we exit later with an error */
  309:                         EVP_CIPHER_CTX_init(s->enc_write_ctx);
  310:                 dd= s->enc_write_ctx;
  311:                 s->write_hash=m;
  312: #ifndef OPENSSL_NO_COMP
  313:                 if (s->compress != NULL)
  314:                         {
  315:                         COMP_CTX_free(s->compress);
  316:                         s->compress=NULL;
  317:                         }
  318:                 if (comp != NULL)
  319:                         {
  320:                         s->compress=COMP_CTX_new(comp->method);
  321:                         if (s->compress == NULL)
  322:                                 {
  323:                                 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
  324:                                 goto err2;
  325:                                 }
  326:                         }
  327: #endif
  328:                 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
  329:                 if (s->version != DTLS1_VERSION)
  330:                         memset(&(s->s3->write_sequence[0]),0,8);
  331:                 mac_secret= &(s->s3->write_mac_secret[0]);
  332:                 }
  333: 
  334:         if (reuse_dd)
  335:                 EVP_CIPHER_CTX_cleanup(dd);
  336: 
  337:         p=s->s3->tmp.key_block;
  338:         i=EVP_MD_size(m);
  339:         cl=EVP_CIPHER_key_length(c);
  340:         j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
  341:                        cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
  342:         /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
  343:         k=EVP_CIPHER_iv_length(c);
  344:         er1= &(s->s3->client_random[0]);
  345:         er2= &(s->s3->server_random[0]);
  346:         if (   (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
  347:                 (which == SSL3_CHANGE_CIPHER_SERVER_READ))
  348:                 {
  349:                 ms=  &(p[ 0]); n=i+i;
  350:                 key= &(p[ n]); n+=j+j;
  351:                 iv=  &(p[ n]); n+=k+k;
  352:                 exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
  353:                 exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
  354:                 client_write=1;
  355:                 }
  356:         else
  357:                 {
  358:                 n=i;
  359:                 ms=  &(p[ n]); n+=i+j;
  360:                 key= &(p[ n]); n+=j+k;
  361:                 iv=  &(p[ n]); n+=k;
  362:                 exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
  363:                 exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
  364:                 client_write=0;
  365:                 }
  366: 
  367:         if (n > s->s3->tmp.key_block_length)
  368:                 {
  369:                 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
  370:                 goto err2;
  371:                 }
  372: 
  373:         memcpy(mac_secret,ms,i);
  374: #ifdef TLS_DEBUG
  375: printf("which = %04X\nmac key=",which);
  376: { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
  377: #endif
  378:         if (is_export)
  379:                 {
  380:                 /* In here I set both the read and write key/iv to the
  381:                  * same value since only the correct one will be used :-).
  382:                  */
  383:                 p=buf;
  384:                 memcpy(p,exp_label,exp_label_len);
  385:                 p+=exp_label_len;
  386:                 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
  387:                 p+=SSL3_RANDOM_SIZE;
  388:                 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
  389:                 p+=SSL3_RANDOM_SIZE;
  390:                 tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
  391:                          tmp1,tmp2,EVP_CIPHER_key_length(c));
  392:                 key=tmp1;
  393: 
  394:                 if (k > 0)
  395:                         {
  396:                         p=buf;
  397:                         memcpy(p,TLS_MD_IV_BLOCK_CONST,
  398:                                 TLS_MD_IV_BLOCK_CONST_SIZE);
  399:                         p+=TLS_MD_IV_BLOCK_CONST_SIZE;
  400:                         memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
  401:                         p+=SSL3_RANDOM_SIZE;
  402:                         memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
  403:                         p+=SSL3_RANDOM_SIZE;
  404:                         tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
  405:                                  iv1,iv2,k*2);
  406:                         if (client_write)
  407:                                 iv=iv1;
  408:                         else
  409:                                 iv= &(iv1[k]);
  410:                         }
  411:                 }
  412: 
  413:         s->session->key_arg_length=0;
  414: #ifdef KSSL_DEBUG
  415:         {
  416:         int i;
  417:         printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
  418:         printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
  419:         printf("\n");
  420:         printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
  421:         printf("\n");
  422:         }
  423: #endif  /* KSSL_DEBUG */
  424: 
  425:         EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
  426: #ifdef TLS_DEBUG
  427: printf("which = %04X\nkey=",which);
  428: { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
  429: printf("\niv=");
  430: { int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
  431: printf("\n");
  432: #endif
  433: 
  434:         OPENSSL_cleanse(tmp1,sizeof(tmp1));
  435:         OPENSSL_cleanse(tmp2,sizeof(tmp1));
  436:         OPENSSL_cleanse(iv1,sizeof(iv1));
  437:         OPENSSL_cleanse(iv2,sizeof(iv2));
  438:         return(1);
  439: err:
  440:         SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
  441: err2:
  442:         return(0);
  443:         }
  444: 
  445: int tls1_setup_key_block(SSL *s)
  446:         {
  447:         unsigned char *p1,*p2;
  448:         const EVP_CIPHER *c;
  449:         const EVP_MD *hash;
  450:         int num;
  451:         SSL_COMP *comp;
  452: 
  453: #ifdef KSSL_DEBUG
  454:         printf ("tls1_setup_key_block()\n");
  455: #endif  /* KSSL_DEBUG */
  456: 
  457:         if (s->s3->tmp.key_block_length != 0)
  458:                 return(1);
  459: 
  460:         if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
  461:                 {
  462:                 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
  463:                 return(0);
  464:                 }
  465: 
  466:         s->s3->tmp.new_sym_enc=c;
  467:         s->s3->tmp.new_hash=hash;
  468: 
  469:         num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
  470:         num*=2;
  471: 
  472:         ssl3_cleanup_key_block(s);
  473: 
  474:         if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
  475:                 goto err;
  476:         if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
  477:                 goto err;
  478: 
  479:         s->s3->tmp.key_block_length=num;
  480:         s->s3->tmp.key_block=p1;
  481: 
  482: 
  483: #ifdef TLS_DEBUG
  484: printf("client random\n");
  485: { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
  486: printf("server random\n");
  487: { int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
  488: printf("pre-master\n");
  489: { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
  490: #endif
  491:         tls1_generate_key_block(s,p1,p2,num);
  492:         OPENSSL_cleanse(p2,num);
  493:         OPENSSL_free(p2);
  494: #ifdef TLS_DEBUG
  495: printf("\nkey block\n");
  496: { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
  497: #endif
  498: 
  499:         if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
  500:                 {
  501:                 /* enable vulnerability countermeasure for CBC ciphers with
  502:                  * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
  503:                  */
  504:                 s->s3->need_empty_fragments = 1;
  505: 
  506:                 if (s->session->cipher != NULL)
  507:                         {
  508:                         if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
  509:                                 s->s3->need_empty_fragments = 0;
  510:                         
  511: #ifndef OPENSSL_NO_RC4
  512:                         if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
  513:                                 s->s3->need_empty_fragments = 0;
  514: #endif
  515:                         }
  516:                 }
  517: