[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Tue Jun 23 21:44:23 UTC 2015
The branch master has been updated
via a16ca4e8aeef1178ce013569058afcec1f6ac77c (commit)
via 547dba74f3c07a5d3bdac3e6436207061d781118 (commit)
via 52f782698df6970e0b56373c3fb4e357f2deb04f (commit)
via c72382048f8e6bfea1fbe1b2e25a0423182bb4f0 (commit)
via 124037fdc0571b5bd9022412348e9979a1726a31 (commit)
from 74924dcb3802640d7e2ae2e80ca6515d0a53de7a (commit)
- Log -----------------------------------------------------------------
commit a16ca4e8aeef1178ce013569058afcec1f6ac77c
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Mon Jun 22 14:03:08 2015 +0100
Fix PSK client handling.
The PSK identity hint should be stored in the SSL_SESSION structure
and not in the parent context (which will overwrite values used
by other SSL structures with the same SSL_CTX).
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 547dba74f3c07a5d3bdac3e6436207061d781118
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Jun 17 14:47:53 2015 +0100
Add PSK GCM ciphersuites from RFC5487
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 52f782698df6970e0b56373c3fb4e357f2deb04f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Jun 17 14:47:27 2015 +0100
PSK trace keyex fixes.
Reviewed-by: Matt Caswell <matt at openssl.org>
commit c72382048f8e6bfea1fbe1b2e25a0423182bb4f0
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Jun 20 15:44:03 2015 +0100
Avoid duplication.
We always free the handshake buffer when digests are freed so move
it into ssl_free_digest_list()
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 124037fdc0571b5bd9022412348e9979a1726a31
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Jun 16 14:44:29 2015 +0100
Tidy up ssl3_digest_cached_records logic.
Rewrite ssl3_digest_cached_records handling. Only digest cached records
if digest array is NULL: this means it is safe to call
ssl3_digest_cached_records multiple times (subsequent calls are no op).
Remove flag TLS1_FLAGS_KEEP_HANDSHAKE instead only update handshake buffer
if digest array is NULL.
Add additional "keep" parameter to ssl3_digest_cached_records to indicate
if the handshake buffer should be retained after digesting cached records
(needed for TLS 1.2 client authentication).
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
include/openssl/ssl3.h | 1 -
include/openssl/tls1.h | 8 ++++++
ssl/d1_srvr.c | 9 +++----
ssl/s3_clnt.c | 51 ++++++++----------------------------
ssl/s3_enc.c | 71 ++++++++++++++++++++++++++------------------------
ssl/s3_lib.c | 37 +++++++++++++++++++++++---
ssl/s3_srvr.c | 32 +++++++++--------------
ssl/ssl_locl.h | 2 +-
ssl/t1_enc.c | 28 ++++++++------------
ssl/t1_trce.c | 14 ++++++++++
10 files changed, 131 insertions(+), 122 deletions(-)
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 138b80c..d56105e 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -365,7 +365,6 @@ extern "C" {
/* Removed from OpenSSL 1.1.0 */
# define TLS1_FLAGS_TLS_PADDING_BUG 0x0
# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
-# define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
/*
* Set when the handshake is ready to process peer's ChangeCipherSpec message.
* Cleared after the message has been processed.
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 40205e1..a172af3 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -480,6 +480,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
+/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */
+# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8
+# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9
+
/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA
# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB
@@ -736,6 +740,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
+/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384"
+
/* Camellia-CBC ciphersuites from RFC6367 */
# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256"
# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384"
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index dfdc573..7a40d66 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -640,12 +640,9 @@ int dtls1_accept(SSL *s)
* For sigalgs freeze the handshake buffer. If we support
* extms we've done this already.
*/
- if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) {
- s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
- if (!ssl3_digest_cached_records(s)) {
- s->state = SSL_ST_ERR;
- return -1;
- }
+ if (!ssl3_digest_cached_records(s, 1)) {
+ s->state = SSL_ST_ERR;
+ return -1;
}
} else {
s->state = SSL3_ST_SR_CERT_VRFY_A;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 6b4c860..f912f2c 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1168,7 +1168,7 @@ int ssl3_get_server_hello(SSL *s)
* Don't digest cached records if no sigalgs: we may need them for client
* authentication.
*/
- if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s))
+ if (!SSL_USE_SIGALGS(s) && !ssl3_digest_cached_records(s, 0))
goto f_err;
/* lets get the compression algorithm */
/* COMPRESSION */
@@ -1431,17 +1431,7 @@ int ssl3_get_key_exchange(SSL *s)
al = SSL_AD_UNEXPECTED_MESSAGE;
goto f_err;
}
-#ifndef OPENSSL_NO_PSK
- /*
- * In plain PSK ciphersuite, ServerKeyExchange can be omitted if no
- * identity hint is sent. Set session->sess_cert anyway to avoid
- * problems later.
- */
- if (alg_k & SSL_kPSK) {
- OPENSSL_free(s->ctx->psk_identity_hint);
- s->ctx->psk_identity_hint = NULL;
- }
-#endif
+
s->s3->tmp.reuse_message = 1;
return (1);
}
@@ -1504,9 +1494,9 @@ int ssl3_get_key_exchange(SSL *s)
*/
memcpy(tmp_id_hint, p, i);
memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
- OPENSSL_free(s->ctx->psk_identity_hint);
- s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
- if (s->ctx->psk_identity_hint == NULL) {
+ OPENSSL_free(s->session->psk_identity_hint);
+ s->session->psk_identity_hint = BUF_strdup(tmp_id_hint);
+ if (s->session->psk_identity_hint == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto f_err;
@@ -2030,10 +2020,8 @@ int ssl3_get_certificate_request(SSL *s)
* If we get here we don't need any cached handshake records as we
* wont be doing client auth.
*/
- if (s->s3->handshake_buffer) {
- if (!ssl3_digest_cached_records(s))
- goto err;
- }
+ if (!ssl3_digest_cached_records(s, 0))
+ goto err;
return (1);
}
@@ -2832,7 +2820,7 @@ int ssl3_send_client_key_exchange(SSL *s)
if (!pms)
goto memerr;
- psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
+ psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
identity, sizeof(identity) - 1,
pms, pmslen);
if (psk_len > PSK_MAX_PSK_LEN) {
@@ -2861,16 +2849,6 @@ int ssl3_send_client_key_exchange(SSL *s)
t += psk_len;
s2n(psk_len, t);
- OPENSSL_free(s->session->psk_identity_hint);
- s->session->psk_identity_hint =
- BUF_strdup(s->ctx->psk_identity_hint);
- if (s->ctx->psk_identity_hint != NULL
- && s->session->psk_identity_hint == NULL) {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_MALLOC_FAILURE);
- goto psk_err;
- }
-
OPENSSL_free(s->session->psk_identity);
s->session->psk_identity = BUF_strdup(identity);
if (s->session->psk_identity == NULL) {
@@ -3026,15 +3004,8 @@ int ssl3_send_client_verify(SSL *s)
}
s2n(u, p);
n = u + 4;
- /*
- * For extended master secret we've already digested cached
- * records.
- */
- if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
- BIO_free(s->s3->handshake_buffer);
- s->s3->handshake_buffer = NULL;
- s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
- } else if (!ssl3_digest_cached_records(s))
+ /* Digest cached records and discard handshake buffer */
+ if (!ssl3_digest_cached_records(s, 0))
goto err;
} else
#ifndef OPENSSL_NO_RSA
@@ -3216,7 +3187,7 @@ int ssl3_send_client_certificate(SSL *s)
return (1);
} else {
s->s3->tmp.cert_req = 2;
- if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s)) {
+ if (!ssl3_digest_cached_records(s, 0)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
s->state = SSL_ST_ERR;
return 0;
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index bde19e1..02e07ba 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -476,15 +476,21 @@ void ssl3_cleanup_key_block(SSL *s)
void ssl3_init_finished_mac(SSL *s)
{
- BIO_free(s->s3->handshake_buffer);
ssl3_free_digest_list(s);
s->s3->handshake_buffer = BIO_new(BIO_s_mem());
(void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
}
+/*
+ * Free digest list. Also frees handshake buffer since they are always freed
+ * together.
+ */
+
void ssl3_free_digest_list(SSL *s)
{
int i;
+ BIO_free(s->s3->handshake_buffer);
+ s->s3->handshake_buffer = NULL;
if (!s->s3->handshake_dgst)
return;
for (i = 0; i < SSL_MAX_DIGEST; i++) {
@@ -497,8 +503,7 @@ void ssl3_free_digest_list(SSL *s)
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
{
- if (s->s3->handshake_buffer
- && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
+ if (s->s3->handshake_dgst == NULL) {
BIO_write(s->s3->handshake_buffer, (void *)buf, len);
} else {
int i;
@@ -509,7 +514,7 @@ void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
}
}
-int ssl3_digest_cached_records(SSL *s)
+int ssl3_digest_cached_records(SSL *s, int keep)
{
int i;
long mask;
@@ -517,38 +522,37 @@ int ssl3_digest_cached_records(SSL *s)
long hdatalen;
void *hdata;
- /* Allocate handshake_dgst array */
- ssl3_free_digest_list(s);
- s->s3->handshake_dgst =
- OPENSSL_malloc(sizeof(*s->s3->handshake_dgst) * SSL_MAX_DIGEST);
if (s->s3->handshake_dgst == NULL) {
- SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- memset(s->s3->handshake_dgst, 0,
- sizeof(*s->s3->handshake_dgst) * SSL_MAX_DIGEST);
- hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
- if (hdatalen <= 0) {
- SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
- return 0;
- }
+ /* Allocate handshake_dgst array */
+ s->s3->handshake_dgst =
+ OPENSSL_malloc(sizeof(*s->s3->handshake_dgst) * SSL_MAX_DIGEST);
+ if (s->s3->handshake_dgst == NULL) {
+ SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+ if (hdatalen <= 0) {
+ SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
+ return 0;
+ }
- /* Loop through bitso of algorithm2 field and create MD_CTX-es */
- for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
- if ((mask & ssl_get_algorithm2(s)) && md) {
- s->s3->handshake_dgst[i] = EVP_MD_CTX_create();
- if (EVP_MD_nid(md) == NID_md5) {
- EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
- EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ /* Loop through bits of algorithm2 field and create MD_CTX-es */
+ for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
+ if ((mask & ssl_get_algorithm2(s)) && md) {
+ s->s3->handshake_dgst[i] = EVP_MD_CTX_create();
+ if (EVP_MD_nid(md) == NID_md5) {
+ EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
+ EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL);
+ EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen);
+ } else {
+ s->s3->handshake_dgst[i] = NULL;
}
- EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL);
- EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen);
- } else {
- s->s3->handshake_dgst[i] = NULL;
}
+
}
- if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
- /* Free handshake_buffer BIO */
+ if (keep == 0) {
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
}
@@ -588,9 +592,8 @@ static int ssl3_handshake_mac(SSL *s, int md_nid,
unsigned char md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx, *d = NULL;
- if (s->s3->handshake_buffer)
- if (!ssl3_digest_cached_records(s))
- return 0;
+ if (!ssl3_digest_cached_records(s, 0))
+ return 0;
/*
* Search for digest of specified type in the handshake_dgst array
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 6febd4e..0550471 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1612,6 +1612,40 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
+#ifndef OPENSSL_NO_PSK
+ /* Cipher A8 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher A9 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+#endif
#ifndef OPENSSL_NO_CAMELLIA
/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
@@ -2911,7 +2945,6 @@ void ssl3_free(SSL *s)
OPENSSL_free(s->s3->tmp.ciphers_raw);
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
OPENSSL_free(s->s3->tmp.peer_sigalgs);
- BIO_free(s->s3->handshake_buffer);
ssl3_free_digest_list(s);
OPENSSL_free(s->s3->alpn_selected);
@@ -2955,8 +2988,6 @@ void ssl3_clear(SSL *s)
#endif /* !OPENSSL_NO_EC */
init_extra = s->s3->init_extra;
- BIO_free(s->s3->handshake_buffer);
- s->s3->handshake_buffer = NULL;
ssl3_free_digest_list(s);
if (s->s3->alpn_selected) {
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b98beac..203e894 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -507,11 +507,9 @@ int ssl3_accept(SSL *s)
skip = 1;
s->s3->tmp.cert_request = 0;
s->state = SSL3_ST_SW_SRVR_DONE_A;
- if (s->s3->handshake_buffer) {
- if (!ssl3_digest_cached_records(s)) {
- s->state = SSL_ST_ERR;
- return -1;
- }
+ if (!ssl3_digest_cached_records(s, 0)) {
+ s->state = SSL_ST_ERR;
+ return -1;
}
} else {
s->s3->tmp.cert_request = 1;
@@ -598,14 +596,11 @@ int ssl3_accept(SSL *s)
}
/*
* For sigalgs freeze the handshake buffer. If we support
- * extms we've done this already.
+ * extms we've done this already so this is a no-op
*/
- if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) {
- s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
- if (!ssl3_digest_cached_records(s)) {
- s->state = SSL_ST_ERR;
- return -1;
- }
+ if (!ssl3_digest_cached_records(s, 1)) {
+ s->state = SSL_ST_ERR;
+ return -1;
}
} else {
int offset = 0;
@@ -620,11 +615,9 @@ int ssl3_accept(SSL *s)
* CertificateVerify should be generalized. But it is next
* step
*/
- if (s->s3->handshake_buffer) {
- if (!ssl3_digest_cached_records(s)) {
- s->state = SSL_ST_ERR;
- return -1;
- }
+ if (!ssl3_digest_cached_records(s, 0)) {
+ s->state = SSL_ST_ERR;
+ return -1;
}
for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++)
if (s->s3->handshake_dgst[dgst_num]) {
@@ -1538,7 +1531,7 @@ int ssl3_get_client_hello(SSL *s)
}
if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) {
- if (!ssl3_digest_cached_records(s))
+ if (!ssl3_digest_cached_records(s, 0))
goto f_err;
}
@@ -3055,7 +3048,6 @@ int ssl3_get_cert_verify(SSL *s)
end:
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
- s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
EVP_MD_CTX_cleanup(&mctx);
EVP_PKEY_free(pkey);
return (ret);
@@ -3163,7 +3155,7 @@ int ssl3_get_client_certificate(SSL *s)
goto f_err;
}
/* No client certificate so digest cached records */
- if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s)) {
+ if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, 0)) {
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index f1046c5..8f8d997 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1922,7 +1922,7 @@ void ssl3_free_digest_list(SSL *s);
__owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
__owur SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *srvr);
-__owur int ssl3_digest_cached_records(SSL *s);
+__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
__owur int ssl3_accept(SSL *s);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index e865341..9942bb4 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -679,9 +679,8 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
EVP_MD_CTX ctx, *d = NULL;
int i;
- if (s->s3->handshake_buffer)
- if (!ssl3_digest_cached_records(s))
- return 0;
+ if (!ssl3_digest_cached_records(s, 0))
+ return 0;
for (i = 0; i < SSL_MAX_DIGEST; i++) {
if (s->s3->handshake_dgst[i]
@@ -709,9 +708,8 @@ int tls1_final_finish_mac(SSL *s, const char *str, int slen,
unsigned char hash[2 * EVP_MAX_MD_SIZE];
unsigned char buf2[12];
- if (s->s3->handshake_buffer)
- if (!ssl3_digest_cached_records(s))
- return 0;
+ if (!ssl3_digest_cached_records(s, 0))
+ return 0;
hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
@@ -736,17 +734,13 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
unsigned char hash[EVP_MAX_MD_SIZE * 2];
int hashlen;
- /* If we don't have any digests cache records */
- if (s->s3->handshake_buffer) {
- /*
- * keep record buffer: this wont affect client auth because we're
- * freezing the buffer at the same point (after client key
- * exchange and before certificate verify)
- */
- s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
- if (!ssl3_digest_cached_records(s))
- return -1;
- }
+ /* Digest cached records keeping record buffer (if present):
+ * this wont affect client auth because we're freezing the buffer
+ * at the same point (after client key exchange and before certificate
+ * verify)
+ */
+ if (!ssl3_digest_cached_records(s, 1))
+ return -1;
hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
#ifdef SSL_DEBUG
fprintf(stderr, "Handshake hashes:\n");
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 97170cd..40c5beb 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -986,6 +986,13 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen))
return 0;
break;
+
+ case SSL_kPSK:
+ if (!ssl_print_hexbuf(bio, indent + 2,
+ "psk_identity", 2, &msg, &msglen))
+ return 0;
+ break;
+
}
return 1;
@@ -1049,6 +1056,13 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
return 0;
}
break;
+
+ case SSL_kPSK:
+ if (!ssl_print_hexbuf(bio, indent + 2,
+ "psk_identity_hint", 2, &msg, &msglen))
+ return 0;
+ /* No signature */
+ return 1;
}
return ssl_print_signature(bio, indent, ssl, &msg, &msglen);
}
More information about the openssl-commits
mailing list