Loading include/openssl/ssl.h +0 −2 Original line number Diff line number Diff line Loading @@ -636,9 +636,7 @@ __owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); int SSL_SRP_CTX_free(SSL *ctx); int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); __owur int SSL_srp_server_param_with_username(SSL *s, int *ad); __owur int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); __owur int SRP_Calc_A_param(SSL *s); __owur int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); # endif Loading ssl/s3_clnt.c +3 −13 Original line number Diff line number Diff line Loading @@ -2891,13 +2891,10 @@ int ssl3_send_client_key_exchange(SSL *s) if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { /* * If everything written generate master key: no need to save PMS as * SRP_generate_client_master_secret generates it internally. * srp_generate_client_master_secret generates it internally. */ if (n > 0) { if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) { if (!srp_generate_client_master_secret(s)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; Loading @@ -2920,14 +2917,7 @@ int ssl3_send_client_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto err; } s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, pms, pmslen); OPENSSL_clear_free(pms, pmslen); s->s3->tmp.pms = NULL; if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, pms, pmslen, 1)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; Loading ssl/s3_lib.c +15 −0 Original line number Diff line number Diff line Loading @@ -4291,3 +4291,18 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) } else return RAND_bytes(result, len); } int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms) { s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, pms, pmslen); if (free_pms) OPENSSL_clear_free(pms, pmslen); else OPENSSL_cleanse(pms, pmslen); if (s->server == 0) s->s3->tmp.pms = NULL; return s->session->master_key_length >= 0; } ssl/s3_srvr.c +11 −45 Original line number Diff line number Diff line Loading @@ -2381,15 +2381,7 @@ int ssl3_get_client_key_exchange(SSL *s) rand_premaster_secret[j]); } s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, p, sizeof (rand_premaster_secret)); OPENSSL_cleanse(p, sizeof(rand_premaster_secret)); if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, p, sizeof(rand_premaster_secret), 0)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; Loading Loading @@ -2480,13 +2472,7 @@ int ssl3_get_client_key_exchange(SSL *s) else BN_clear_free(pub); pub = NULL; s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, p, i); OPENSSL_cleanse(p, i); if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, p, i, 0)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; Loading Loading @@ -2618,15 +2604,7 @@ int ssl3_get_client_key_exchange(SSL *s) EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; /* Compute the master secret */ s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, p, i); OPENSSL_cleanse(p, i); if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, p, i, 0)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; Loading Loading @@ -2707,22 +2685,17 @@ int ssl3_get_client_key_exchange(SSL *s) goto psk_err; } s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, psk_or_pre_ms, pre_ms_len); if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, psk_or_pre_ms, pre_ms_len, 0)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto psk_err; goto f_err; } psk_err = 0; psk_err: if (psk_err != 0) { OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); if (psk_err != 0) goto f_err; } } else #endif #ifndef OPENSSL_NO_SRP Loading Loading @@ -2755,9 +2728,7 @@ int ssl3_get_client_key_exchange(SSL *s) goto err; } if ((s->session->master_key_length = SRP_generate_server_master_secret(s, s->session->master_key)) < 0) { if (!srp_generate_server_master_secret(s)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } Loading Loading @@ -2813,13 +2784,8 @@ int ssl3_get_client_key_exchange(SSL *s) goto gerr; } /* Generate master secret */ s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, premaster_secret, 32); OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret)); if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, premaster_secret, sizeof(premaster_secret), 0)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; Loading ssl/ssl_locl.h +4 −0 Original line number Diff line number Diff line Loading @@ -1890,6 +1890,8 @@ __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms); __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); Loading Loading @@ -2159,6 +2161,8 @@ void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len, size_t orig_len); __owur int srp_generate_server_master_secret(SSL *s); __owur int srp_generate_client_master_secret(SSL *s); __owur int srp_verify_server_param(SSL *s, int *al); /* t1_ext.c */ Loading Loading
include/openssl/ssl.h +0 −2 Original line number Diff line number Diff line Loading @@ -636,9 +636,7 @@ __owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); int SSL_SRP_CTX_free(SSL *ctx); int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); __owur int SSL_srp_server_param_with_username(SSL *s, int *ad); __owur int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); __owur int SRP_Calc_A_param(SSL *s); __owur int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); # endif Loading
ssl/s3_clnt.c +3 −13 Original line number Diff line number Diff line Loading @@ -2891,13 +2891,10 @@ int ssl3_send_client_key_exchange(SSL *s) if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { /* * If everything written generate master key: no need to save PMS as * SRP_generate_client_master_secret generates it internally. * srp_generate_client_master_secret generates it internally. */ if (n > 0) { if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) { if (!srp_generate_client_master_secret(s)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; Loading @@ -2920,14 +2917,7 @@ int ssl3_send_client_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto err; } s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, pms, pmslen); OPENSSL_clear_free(pms, pmslen); s->s3->tmp.pms = NULL; if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, pms, pmslen, 1)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; Loading
ssl/s3_lib.c +15 −0 Original line number Diff line number Diff line Loading @@ -4291,3 +4291,18 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) } else return RAND_bytes(result, len); } int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms) { s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, pms, pmslen); if (free_pms) OPENSSL_clear_free(pms, pmslen); else OPENSSL_cleanse(pms, pmslen); if (s->server == 0) s->s3->tmp.pms = NULL; return s->session->master_key_length >= 0; }
ssl/s3_srvr.c +11 −45 Original line number Diff line number Diff line Loading @@ -2381,15 +2381,7 @@ int ssl3_get_client_key_exchange(SSL *s) rand_premaster_secret[j]); } s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, p, sizeof (rand_premaster_secret)); OPENSSL_cleanse(p, sizeof(rand_premaster_secret)); if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, p, sizeof(rand_premaster_secret), 0)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; Loading Loading @@ -2480,13 +2472,7 @@ int ssl3_get_client_key_exchange(SSL *s) else BN_clear_free(pub); pub = NULL; s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, p, i); OPENSSL_cleanse(p, i); if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, p, i, 0)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; Loading Loading @@ -2618,15 +2604,7 @@ int ssl3_get_client_key_exchange(SSL *s) EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; /* Compute the master secret */ s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, p, i); OPENSSL_cleanse(p, i); if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, p, i, 0)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; Loading Loading @@ -2707,22 +2685,17 @@ int ssl3_get_client_key_exchange(SSL *s) goto psk_err; } s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, psk_or_pre_ms, pre_ms_len); if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, psk_or_pre_ms, pre_ms_len, 0)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto psk_err; goto f_err; } psk_err = 0; psk_err: if (psk_err != 0) { OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); if (psk_err != 0) goto f_err; } } else #endif #ifndef OPENSSL_NO_SRP Loading Loading @@ -2755,9 +2728,7 @@ int ssl3_get_client_key_exchange(SSL *s) goto err; } if ((s->session->master_key_length = SRP_generate_server_master_secret(s, s->session->master_key)) < 0) { if (!srp_generate_server_master_secret(s)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } Loading Loading @@ -2813,13 +2784,8 @@ int ssl3_get_client_key_exchange(SSL *s) goto gerr; } /* Generate master secret */ s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s-> session->master_key, premaster_secret, 32); OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret)); if (s->session->master_key_length < 0) { if (!ssl_generate_master_secret(s, premaster_secret, sizeof(premaster_secret), 0)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; Loading
ssl/ssl_locl.h +4 −0 Original line number Diff line number Diff line Loading @@ -1890,6 +1890,8 @@ __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms); __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); Loading Loading @@ -2159,6 +2161,8 @@ void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len, size_t orig_len); __owur int srp_generate_server_master_secret(SSL *s); __owur int srp_generate_client_master_secret(SSL *s); __owur int srp_verify_server_param(SSL *s, int *al); /* t1_ext.c */ Loading
Matt Caswell <matt@openssl.org>Matt Caswell <matt@openssl.org>