File openssl-kdf-tls-selftest.patch of Package openssl-1_0_0.21013
Index: openssl-1.0.2p/crypto/fips/fips.h
===================================================================
--- openssl-1.0.2p.orig/crypto/fips/fips.h 2020-12-08 14:20:21.290368009 +0100
+++ openssl-1.0.2p/crypto/fips/fips.h 2020-12-08 14:20:23.058378604 +0100
@@ -107,6 +107,7 @@ extern "C" {
int FIPS_selftest_drbg(void);
int FIPS_selftest_drbg_all(void);
int FIPS_selftest_cmac(void);
+ int FIPS_selftest_tls(void);
void NONFIPS_selftest_check(void);
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
Index: openssl-1.0.2p/crypto/fips/fips_post.c
===================================================================
--- openssl-1.0.2p.orig/crypto/fips/fips_post.c 2020-12-08 14:20:21.294368033 +0100
+++ openssl-1.0.2p/crypto/fips/fips_post.c 2020-12-08 14:20:23.058378604 +0100
@@ -103,6 +103,8 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_ecdh())
rv = 0;
+ if (!FIPS_selftest_tls())
+ rv = 0;
return rv;
}
Index: openssl-1.0.2p/crypto/fips/fips_tls_selftest.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2p/crypto/fips/fips_tls_selftest.c 2020-12-08 14:20:23.058378604 +0100
@@ -0,0 +1,108 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../ssl/ssl_locl.h"
+
+
+#ifdef OPENSSL_FIPS
+
+#define TLS1_PRF_DGST_SHIFT 10
+#define SSL_HANDSHAKE_MAC_SHA256 0x80
+#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
+#define SSL_MD_SHA256_IDX 4
+#define SSL_MD_NUM_IDX 6
+
+extern const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX];
+extern int ssl_mac_secret_size[SSL_MD_NUM_IDX];
+
+int private_tls1_PRF(long digest_mask,
+ const void *seed1, int seed1_len,
+ const void *seed2, int seed2_len,
+ const void *seed3, int seed3_len,
+ const void *seed4, int seed4_len,
+ const void *seed5, int seed5_len,
+ const unsigned char *sec, int slen,
+ unsigned char *out1, unsigned char *out2, int olen);
+
+
+int FIPS_selftest_tls(void)
+{
+
+ ssl_digest_methods[SSL_MD_SHA256_IDX] = EVP_sha256();
+ ssl_mac_secret_size[SSL_MD_SHA256_IDX] =
+ EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
+
+ const char *seed = "seed";
+ const char *secret = "secret";
+ unsigned char out[16], dummy[16];
+ const unsigned char expected[sizeof(out)] = {
+ 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
+ 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
+ };
+ long digest_mask = TLS1_PRF_SHA256;
+ int ret = 1; /* success */
+
+ private_tls1_PRF(digest_mask,
+ seed, strlen(seed),
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ secret, strlen(secret),
+ out, dummy, sizeof(out));
+
+ if ( memcmp(out, expected, sizeof(expected))) {
+ ret = 0; /* failure */
+ }
+ return ret;
+}
+
+
+#endif
Index: openssl-1.0.2p/crypto/fips/Makefile
===================================================================
--- openssl-1.0.2p.orig/crypto/fips/Makefile 2020-12-08 14:20:23.058378604 +0100
+++ openssl-1.0.2p/crypto/fips/Makefile 2020-12-08 14:21:35.726814065 +0100
@@ -38,14 +38,14 @@ LIBSRC=fips_aes_selftest.c fips_des_self
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c \
- fips_dh_selftest.c
+ fips_dh_selftest.c fips_tls_selftest.c
LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o \
- fips_dh_selftest.o
+ fips_dh_selftest.o fips_tls_selftest.o
SRC= $(LIBSRC) fips_standalone_hmac.c fips_err.c $(CAVS_SRC)
@@ -441,6 +441,21 @@ fips_sha_selftest.o: ../../include/opens
fips_sha_selftest.o: ../../include/openssl/safestack.h
fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
+fips_tls_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_tls_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_tls_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_tls_selftest.o: ../../include/openssl/err.h
+fips_tls_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_tls_selftest.o: ../../include/openssl/lhash.h
+fips_tls_selftest.o: ../../include/openssl/obj_mac.h
+fips_tls_selftest.o: ../../include/openssl/objects.h
+fips_tls_selftest.o: ../../include/openssl/opensslconf.h
+fips_tls_selftest.o: ../../include/openssl/opensslv.h
+fips_tls_selftest.o: ../../include/openssl/ossl_typ.h
+fips_tls_selftest.o: ../../include/openssl/safestack.h
+fips_tls_selftest.o: ../../include/openssl/stack.h
+fips_tls_selftest.o: ../../include/openssl/symhacks.h fips_tls_selftest.c
+fips_tls_selftest.o: fips_locl.h
fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h
fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_aesavs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
Index: openssl-1.0.2p/crypto/evp/digest.c
===================================================================
--- openssl-1.0.2p.orig/crypto/evp/digest.c 2020-12-08 14:20:21.294368033 +0100
+++ openssl-1.0.2p/crypto/evp/digest.c 2020-12-08 14:20:23.058378604 +0100
@@ -122,6 +122,32 @@
# include "evp_locl.h"
#endif
+#define TLS1_PRF_DGST_SHIFT 10
+# define SSL_F_TLS1_PRF 284
+# define SSL_R_UNSUPPORTED_DIGEST_TYPE 326
+#define SSL_MD_NUM_IDX 6
+
+# define SSL_HANDSHAKE_MAC_MD5 0x10
+# define SSL_HANDSHAKE_MAC_SHA 0x20
+# define SSL_HANDSHAKE_MAC_GOST94 0x40
+# define SSL_HANDSHAKE_MAC_SHA256 0x80
+# define SSL_HANDSHAKE_MAC_SHA384 0x100
+
+
+static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
+ SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
+ SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
+ SSL_HANDSHAKE_MAC_SHA384
+};
+
+int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
+ 0, 0, 0, 0, 0, 0
+};
+
+const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
+ NULL, NULL, NULL, NULL, NULL, NULL
+};
+
void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{
memset(ctx, '\0', sizeof(*ctx));
@@ -437,3 +463,178 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
return 1;
}
+
+static int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
+{
+ if (idx < 0 || idx >= SSL_MD_NUM_IDX) {
+ return 0;
+ }
+ *mask = ssl_handshake_digest_flag[idx];
+ if (*mask)
+ *md = ssl_digest_methods[idx];
+ else
+ *md = NULL;
+ return 1;
+}
+
+/* seed1 through seed5 are virtually concatenated */
+static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+ int sec_len,
+ const void *seed1, int seed1_len,
+ const void *seed2, int seed2_len,
+ const void *seed3, int seed3_len,
+ const void *seed4, int seed4_len,
+ const void *seed5, int seed5_len,
+ unsigned char *out, int olen)
+{
+ int chunk;
+ size_t j;
+ EVP_MD_CTX ctx, ctx_tmp, ctx_init;
+ EVP_PKEY *mac_key;
+ unsigned char A1[EVP_MAX_MD_SIZE];
+ size_t A1_len;
+ int ret = 0;
+
+ chunk = EVP_MD_size(md);
+ OPENSSL_assert(chunk >= 0);
+
+ EVP_MD_CTX_init(&ctx);
+ EVP_MD_CTX_init(&ctx_tmp);
+ EVP_MD_CTX_init(&ctx_init);
+ EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
+ if (!mac_key)
+ goto err;
+ if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key))
+ goto err;
+ if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
+ goto err;
+ if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
+ goto err;
+ if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
+ goto err;
+ if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
+ goto err;
+ if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
+ goto err;
+ if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
+ goto err;
+ if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
+ goto err;
+
+ for (;;) {
+ /* Reinit mac contexts */
+ if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
+ goto err;
+ if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
+ goto err;
+ if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx))
+ goto err;
+ if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
+ goto err;
+ if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
+ goto err;
+ if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
+ goto err;
+ if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
+ goto err;
+ if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
+ goto err;
+
+ if (olen > chunk) {
+ if (!EVP_DigestSignFinal(&ctx, out, &j))
+ goto err;
+ out += j;
+ olen -= j;
+ /* calc the next A1 value */
+ if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
+ goto err;
+ } else { /* last one */
+
+ if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
+ goto err;
+ memcpy(out, A1, olen);
+ break;
+ }
+ }
+ ret = 1;
+ err:
+ EVP_PKEY_free(mac_key);
+ EVP_MD_CTX_cleanup(&ctx);
+ EVP_MD_CTX_cleanup(&ctx_tmp);
+ EVP_MD_CTX_cleanup(&ctx_init);
+ OPENSSL_cleanse(A1, sizeof(A1));
+ return ret;
+}
+
+
+/* seed1 through seed5 are virtually concatenated */
+static int tls1_PRF(long digest_mask,
+ const void *seed1, int seed1_len,
+ const void *seed2, int seed2_len,
+ const void *seed3, int seed3_len,
+ const void *seed4, int seed4_len,
+ const void *seed5, int seed5_len,
+ const unsigned char *sec, int slen,
+ unsigned char *out1, unsigned char *out2, int olen)
+{
+ int len, i, idx, count;
+ const unsigned char *S1;
+ long m;
+ const EVP_MD *md;
+ int ret = 0;
+
+ /* Count number of digests and partition sec evenly */
+ count = 0;
+ for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
+ if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
+ count++;
+ }
+ if (!count) {
+ /* Should never happen */
+ SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ len = slen / count;
+ if (count == 1)
+ slen = 0;
+ S1 = sec;
+ memset(out1, 0, olen);
+ for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
+ if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
+ if (!md) {
+ SSLerr(SSL_F_TLS1_PRF, SSL_R_UNSUPPORTED_DIGEST_TYPE);
+ goto err;
+ }
+ if (!tls1_P_hash(md, S1, len + (slen & 1),
+ seed1, seed1_len, seed2, seed2_len, seed3,
+ seed3_len, seed4, seed4_len, seed5, seed5_len,
+ out2, olen))
+ goto err;
+ S1 += len;
+ for (i = 0; i < olen; i++) {
+ out1[i] ^= out2[i];
+ }
+ }
+ }
+ ret = 1;
+ err:
+ return ret;
+}
+
+int private_tls1_PRF(long digest_mask,
+ const void *seed1, int seed1_len,
+ const void *seed2, int seed2_len,
+ const void *seed3, int seed3_len,
+ const void *seed4, int seed4_len,
+ const void *seed5, int seed5_len,
+ const unsigned char *sec, int slen,
+ unsigned char *out1, unsigned char *out2, int olen)
+{
+ return tls1_PRF(digest_mask,
+ seed1, seed1_len,
+ seed2, seed2_len,
+ seed3, seed3_len,
+ seed4, seed4_len,
+ seed5, seed5_len, sec, slen, out1, out2, olen);
+}
Index: openssl-1.0.2p/ssl/t1_enc.c
===================================================================
--- openssl-1.0.2p.orig/ssl/t1_enc.c 2020-12-08 14:20:21.294368033 +0100
+++ openssl-1.0.2p/ssl/t1_enc.c 2020-12-08 14:20:23.058378604 +0100
@@ -148,150 +148,6 @@
# include <openssl/des.h>
#endif
-/* seed1 through seed5 are virtually concatenated */
-static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
- int sec_len,
- const void *seed1, int seed1_len,
- const void *seed2, int seed2_len,
- const void *seed3, int seed3_len,
- const void *seed4, int seed4_len,
- const void *seed5, int seed5_len,
- unsigned char *out, int olen)
-{
- int chunk;
- size_t j;
- EVP_MD_CTX ctx, ctx_tmp, ctx_init;
- EVP_PKEY *mac_key;
- unsigned char A1[EVP_MAX_MD_SIZE];
- size_t A1_len;
- int ret = 0;
-
- chunk = EVP_MD_size(md);
- OPENSSL_assert(chunk >= 0);
-
- EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_init(&ctx_tmp);
- EVP_MD_CTX_init(&ctx_init);
- EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
- if (!mac_key)
- goto err;
- if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key))
- goto err;
- if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
- goto err;
- if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
- goto err;
- if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
- goto err;
- if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
- goto err;
- if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
- goto err;
- if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
- goto err;
- if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
- goto err;
-
- for (;;) {
- /* Reinit mac contexts */
- if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
- goto err;
- if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
- goto err;
- if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx))
- goto err;
- if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
- goto err;
- if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
- goto err;
- if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
- goto err;
- if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
- goto err;
- if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
- goto err;
-
- if (olen > chunk) {
- if (!EVP_DigestSignFinal(&ctx, out, &j))
- goto err;
- out += j;
- olen -= j;
- /* calc the next A1 value */
- if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
- goto err;
- } else { /* last one */
-
- if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
- goto err;
- memcpy(out, A1, olen);
- break;
- }
- }
- ret = 1;
- err:
- EVP_PKEY_free(mac_key);
- EVP_MD_CTX_cleanup(&ctx);
- EVP_MD_CTX_cleanup(&ctx_tmp);
- EVP_MD_CTX_cleanup(&ctx_init);
- OPENSSL_cleanse(A1, sizeof(A1));
- return ret;
-}
-
-/* seed1 through seed5 are virtually concatenated */
-static int tls1_PRF(long digest_mask,
- const void *seed1, int seed1_len,
- const void *seed2, int seed2_len,
- const void *seed3, int seed3_len,
- const void *seed4, int seed4_len,
- const void *seed5, int seed5_len,
- const unsigned char *sec, int slen,
- unsigned char *out1, unsigned char *out2, int olen)
-{
- int len, i, idx, count;
- const unsigned char *S1;
- long m;
- const EVP_MD *md;
- int ret = 0;
-
- /* Count number of digests and partition sec evenly */
- count = 0;
- for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
- if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
- count++;
- }
- if (!count) {
- /* Should never happen */
- SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- len = slen / count;
- if (count == 1)
- slen = 0;
- S1 = sec;
- memset(out1, 0, olen);
- for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
- if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
- if (!md) {
- SSLerr(SSL_F_TLS1_PRF, SSL_R_UNSUPPORTED_DIGEST_TYPE);
- goto err;
- }
- if (!tls1_P_hash(md, S1, len + (slen & 1),
- seed1, seed1_len, seed2, seed2_len, seed3,
- seed3_len, seed4, seed4_len, seed5, seed5_len,
- out2, olen))
- goto err;
- S1 += len;
- for (i = 0; i < olen; i++) {
- out1[i] ^= out2[i];
- }
- }
- }
- ret = 1;
- err:
- return ret;
-}
-
int private_tls1_PRF(long digest_mask,
const void *seed1, int seed1_len,
const void *seed2, int seed2_len,
@@ -299,21 +155,15 @@ int private_tls1_PRF(long digest_mask,
const void *seed4, int seed4_len,
const void *seed5, int seed5_len,
const unsigned char *sec, int slen,
- unsigned char *out1, unsigned char *out2, int olen)
-{
- return tls1_PRF(digest_mask,
- seed1, seed1_len,
- seed2, seed2_len,
- seed3, seed3_len,
- seed4, seed4_len,
- seed5, seed5_len, sec, slen, out1, out2, olen);
-}
+ unsigned char *out1, unsigned char *out2, int olen);
+
+
static int tls1_generate_key_block(SSL *s, unsigned char *km,
unsigned char *tmp, int num)
{
int ret;
- ret = tls1_PRF(ssl_get_algorithm2(s),
+ ret = private_tls1_PRF(ssl_get_algorithm2(s),
TLS_MD_KEY_EXPANSION_CONST,
TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random,
SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE,
@@ -542,7 +392,7 @@ int tls1_change_cipher_state(SSL *s, int
* In here I set both the read and write key/iv to the same value
* since only the correct one will be used :-).
*/
- if (!tls1_PRF(ssl_get_algorithm2(s),
+ if (!private_tls1_PRF(ssl_get_algorithm2(s),
exp_label, exp_label_len,
s->s3->client_random, SSL3_RANDOM_SIZE,
s->s3->server_random, SSL3_RANDOM_SIZE,
@@ -552,7 +402,7 @@ int tls1_change_cipher_state(SSL *s, int
key = tmp1;
if (k > 0) {
- if (!tls1_PRF(ssl_get_algorithm2(s),
+ if (!private_tls1_PRF(ssl_get_algorithm2(s),
TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
s->s3->client_random, SSL3_RANDOM_SIZE,
s->s3->server_random, SSL3_RANDOM_SIZE,
@@ -1004,7 +854,7 @@ int tls1_final_finish_mac(SSL *s,
}
}
- if (!tls1_PRF(ssl_get_algorithm2(s),
+ if (!private_tls1_PRF(ssl_get_algorithm2(s),
str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0,
s->session->master_key, s->session->master_key_length,
out, buf2, sizeof(buf2)))
@@ -1177,7 +1027,7 @@ int tls1_generate_master_secret(SSL *s,
}
#endif
- tls1_PRF(ssl_get_algorithm2(s),
+ private_tls1_PRF(ssl_get_algorithm2(s),
TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
s->s3->client_random, SSL3_RANDOM_SIZE,
co, col,
@@ -1286,7 +1136,7 @@ int tls1_export_keying_material(SSL *s,
TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
goto err1;
- rv = tls1_PRF(ssl_get_algorithm2(s),
+ rv = private_tls1_PRF(ssl_get_algorithm2(s),
val, vallen,
NULL, 0,
NULL, 0,
Index: openssl-1.0.2p/ssl/ssl_ciph.c
===================================================================
--- openssl-1.0.2p.orig/ssl/ssl_ciph.c 2020-12-08 14:20:21.298368058 +0100
+++ openssl-1.0.2p/ssl/ssl_ciph.c 2020-12-08 14:20:23.058378604 +0100
@@ -188,10 +188,8 @@ static STACK_OF(SSL_COMP) *ssl_comp_meth
* in the ssl_locl.h
*/
#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
-static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
- NULL, NULL, NULL, NULL, NULL, NULL
-};
+extern const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX];
/*
* PKEY_TYPE for GOST89MAC is known in advance, but, because implementation
* is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is
@@ -202,9 +200,7 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_ID
EVP_PKEY_HMAC, EVP_PKEY_HMAC
};
-static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
- 0, 0, 0, 0, 0, 0
-};
+extern int ssl_mac_secret_size[SSL_MD_NUM_IDX];
static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,