void hot_function1(unsigned char *in, unsigned char *out, long length, BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt){ register BF_LONG v0,v1,t; register int n= *num; register long l=length; BF_LONG ti[2]; unsigned char *iv,c,cc; iv=(unsigned char *)ivec; if (encrypt) { while (l--) { if (n == 0) { n2l(iv,v0); ti[0]=v0; n2l(iv,v1); ti[1]=v1; BF_encrypt((unsigned long *)ti,schedule,BF_ENCRYPT); iv=(unsigned char *)ivec; t=ti[0]; l2n(t,iv); t=ti[1]; l2n(t,iv); iv=(unsigned char *)ivec; } c= *(in++)^iv[n]; *(out++)=c; iv[n]=c; n=(n+1)&0x07; } } else { while (l--) { if (n == 0) { n2l(iv,v0); ti[0]=v0; n2l(iv,v1); ti[1]=v1; BF_encrypt((unsigned long *)ti,schedule,BF_ENCRYPT); iv=(unsigned char *)ivec; t=ti[0]; l2n(t,iv); t=ti[1]; l2n(t,iv); iv=(unsigned char *)ivec; } cc= *(in++); c=iv[n]; iv[n]=cc; *(out++)=c^cc; n=(n+1)&0x07; } } v0=v1=ti[0]=ti[1]=t=c=cc=0; *num=n; }
void BF_ecb_encrypt(const unsigned char *in,unsigned char *out,BF_KEY *ks,int encrypt) { BF_LONG l,d[2]; n2l(in,l); d[0]=l; n2l(in,l); d[1]=l; if (encrypt) BF_encrypt(d,ks); else BF_decrypt(d,ks); l=d[0]; l2n(l,out); l=d[1]; l2n(l,out); l=d[0]=d[1]=0; }
void CAST_ecb_encrypt(const uint8_t *in, uint8_t *out, const CAST_KEY *ks, int enc) { uint32_t d[2]; n2l(in, d[0]); n2l(in, d[1]); if (enc) { CAST_encrypt(d, ks); } else { CAST_decrypt(d, ks); } l2n(d[0], out); l2n(d[1], out); }
void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, CAST_KEY *ks, int enc) { CAST_LONG l,d[2]; n2l(in,l); d[0]=l; n2l(in,l); d[1]=l; if (enc) CAST_encrypt(d,ks); else CAST_decrypt(d,ks); l=d[0]; l2n(l,out); l=d[1]; l2n(l,out); l=d[0]=d[1]=0; }
void idea_ecb_encrypt (const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE * ks) { unsigned long l0, l1, d[2]; n2l (in, l0); d[0] = l0; n2l (in, l1); d[1] = l1; idea_encrypt (d, ks); l0 = d[0]; l2n (l0, out); l1 = d[1]; l2n (l1, out); l0 = l1 = d[0] = d[1] = 0; }
void ssl2_mac(SSL *s, unsigned char *md, int send) { EVP_MD_CTX c; unsigned char sequence[4], *p, *sec, *act; unsigned long seq; unsigned int len; if (send) { seq = s->s2->write_sequence; sec = s->s2->write_key; len = s->s2->wact_data_length; act = s->s2->wact_data; } else { seq = s->s2->read_sequence; sec = s->s2->read_key; len = s->s2->ract_data_length; act = s->s2->ract_data; } p = &(sequence[0]); l2n(seq, p); /* There has to be a MAC algorithm. */ EVP_MD_CTX_init(&c); EVP_MD_CTX_copy(&c, s->read_hash); EVP_DigestUpdate(&c, sec, EVP_CIPHER_CTX_key_length(s->enc_read_ctx)); EVP_DigestUpdate(&c, act, len); /* the above line also does the pad data */ EVP_DigestUpdate(&c, sequence, 4); EVP_DigestFinal_ex(&c, md, NULL); EVP_MD_CTX_cleanup(&c); }
/* * Fill a ClientRandom or ServerRandom field of length len. * Returns <= 0 on failure, 1 on success. */ int ssl_fill_hello_random(SSL *s, uint8_t *result, int len) { int send_time = 0; if (len < 4) return 0; if (s->server) send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; else send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; if (send_time) { unsigned long Time = time(NULL); uint8_t *p = result; l2n(Time, p); return RAND_bytes(p, len - 4); } else return RAND_bytes(result, len); }
/* The input and output encrypted as though 64bit ofb mode is being * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ void BF_ofb64_encrypt (const unsigned char *in, unsigned char *out, long length, const BF_KEY * schedule, unsigned char *ivec, int *num) { register BF_LONG v0, v1, t; register int n = *num; register long l = length; unsigned char d[8]; register char *dp; BF_LONG ti[2]; unsigned char *iv; int save = 0; iv = (unsigned char *) ivec; n2l (iv, v0); n2l (iv, v1); ti[0] = v0; ti[1] = v1; dp = (char *) d; l2n (v0, dp); l2n (v1, dp); while (l--) { if (n == 0) { BF_encrypt ((BF_LONG *) ti, schedule); dp = (char *) d; t = ti[0]; l2n (t, dp); t = ti[1]; l2n (t, dp); save++; } *(out++) = *(in++) ^ d[n]; n = (n + 1) & 0x07; } if (save) { v0 = ti[0]; v1 = ti[1]; iv = (unsigned char *) ivec; l2n (v0, iv); l2n (v1, iv); } t = v0 = v1 = ti[0] = ti[1] = 0; *num = n; }
/* The input and output encrypted as though 64bit ofb mode is being * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *schedule, unsigned char *ivec, int *num) { unsigned long v0,v1,t; int n= *num; long l=length; unsigned char d[8]; char *dp; unsigned long ti[2]; unsigned char *iv; int save=0; iv=(unsigned char *)ivec; n2l(iv,v0); n2l(iv,v1); ti[0]=v0; ti[1]=v1; dp=(char *)d; l2n(v0,dp); l2n(v1,dp); while (l--) { if (n == 0) { idea_encrypt((unsigned long *)ti,schedule); dp=(char *)d; t=ti[0]; l2n(t,dp); t=ti[1]; l2n(t,dp); save++; } *(out++)= *(in++)^d[n]; n=(n+1)&0x07; } if (save) { v0=ti[0]; v1=ti[1]; iv=(unsigned char *)ivec; l2n(v0,iv); l2n(v1,iv); } t=v0=v1=ti[0]=ti[1]=0; *num=n; }
/* The input and output encrypted as though 64bit ofb mode is being * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ void BF_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, BF_KEY *schedule, unsigned char *ivec, int *num) { register unsigned long v0,v1,t; register int n= *num; register long l=length; unsigned char d[8]; register unsigned char *dp; unsigned long ti[2]; unsigned char *iv; int save=0; iv=(unsigned char *)ivec; n2l(iv,v0); n2l(iv,v1); ti[0]=v0; ti[1]=v1; dp=(unsigned char *)d; l2n(v0,dp); l2n(v1,dp); while (l-- != 0) { if (n == 0) { BF_encrypt((unsigned long *)ti,schedule,BF_ENCRYPT); dp=(unsigned char *)d; t=ti[0]; l2n(t,dp); t=ti[1]; l2n(t,dp); save++; } *(out++)= (unsigned char)(*(in++)^d[n]); n=(n+1)&0x07; } if (save != 0) { v0=ti[0]; v1=ti[1]; iv=(unsigned char *)ivec; l2n(v0,iv); l2n(v1,iv); } t=v0=v1=ti[0]=ti[1]=0; *num=n; }
static int ssl23_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; int i,ch_len; unsigned long Time,l; int ssl2_compat; int version = 0, version_major, version_minor; #ifndef OPENSSL_NO_COMP int j; SSL_COMP *comp; #endif int ret; unsigned long mask, options = s->options; ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1; if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) ssl2_compat = 0; /* * SSL_OP_NO_X disables all protocols above X *if* there are * some protocols below X enabled. This is required in order * to maintain "version capability" vector contiguous. So * that if application wants to disable TLS1.0 in favour of * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. */ mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1 #if !defined(OPENSSL_NO_SSL3) |SSL_OP_NO_SSLv3 #endif #if !defined(OPENSSL_NO_SSL2) |(ssl2_compat?SSL_OP_NO_SSLv2:0) #endif ; #if !defined(OPENSSL_NO_TLS1_2_CLIENT) version = TLS1_2_VERSION; if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) version = TLS1_1_VERSION; #else version = TLS1_1_VERSION; #endif mask &= ~SSL_OP_NO_TLSv1_1; if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) version = TLS1_VERSION; mask &= ~SSL_OP_NO_TLSv1; #if !defined(OPENSSL_NO_SSL3) if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask) version = SSL3_VERSION; mask &= ~SSL_OP_NO_SSLv3; #endif #if !defined(OPENSSL_NO_SSL2) if ((options & SSL_OP_NO_SSLv3) && (options & mask) != mask) version = SSL2_VERSION; #endif #ifndef OPENSSL_NO_TLSEXT if (version != SSL2_VERSION) { /* have to disable SSL 2.0 compatibility if we need TLS extensions */ if (s->tlsext_hostname != NULL) ssl2_compat = 0; if (s->tlsext_status_type != -1) ssl2_compat = 0; #ifdef TLSEXT_TYPE_opaque_prf_input if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) ssl2_compat = 0; #endif } #endif buf=(unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { #if 0 /* don't reuse session-id's */ if (!ssl_get_new_session(s,0)) { return(-1); } #endif p=s->s3->client_random; Time=(unsigned long)time(NULL); /* Time */ l2n(Time,p); if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) return -1; if (version == TLS1_2_VERSION) { version_major = TLS1_2_VERSION_MAJOR; version_minor = TLS1_2_VERSION_MINOR; } else if (version == TLS1_1_VERSION) { version_major = TLS1_1_VERSION_MAJOR; version_minor = TLS1_1_VERSION_MINOR; } else if (version == TLS1_VERSION) { version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; } #ifdef OPENSSL_FIPS else if(FIPS_mode()) { SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); return -1; } #endif else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; version_minor = SSL3_VERSION_MINOR; } else if (version == SSL2_VERSION) { version_major = SSL2_VERSION_MAJOR; version_minor = SSL2_VERSION_MINOR; } else { SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); return(-1); } s->client_version = version; if (ssl2_compat) { /* create SSL 2.0 compatible Client Hello */ /* two byte record header will be written last */ d = &(buf[2]); p = d + 9; /* leave space for message type, version, individual length fields */ *(d++) = SSL2_MT_CLIENT_HELLO; *(d++) = version_major; *(d++) = version_minor; /* Ciphers supported */ i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); if (i == 0) { /* no ciphers */ SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); return -1; } s2n(i,d); p+=i; /* put in the session-id length (zero since there is no reuse) */ #if 0 s->session->session_id_length=0; #endif s2n(0,d); if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) ch_len=SSL2_CHALLENGE_LENGTH; else ch_len=SSL2_MAX_CHALLENGE_LENGTH; /* write out sslv2 challenge */ /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for futurproofing */ if (SSL3_RANDOM_SIZE < ch_len) i=SSL3_RANDOM_SIZE; else i=ch_len; s2n(i,d); memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) return -1; memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); p+=i; i= p- &(buf[2]); buf[0]=((i>>8)&0xff)|0x80; buf[1]=(i&0xff); /* number of bytes to write */ s->init_num=i+2; s->init_off=0; ssl3_finish_mac(s,&(buf[2]),i); } else { /* create Client Hello in SSL 3.0/TLS 1.0 format */ /* do the record header (5 bytes) and handshake message * header (4 bytes) last. Note: the final argument to * ssl_add_clienthello_tlsext below depends on the size * of this prefix. */ d = p = &(buf[9]); *(p++) = version_major; *(p++) = version_minor; /* Random stuff */ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); p += SSL3_RANDOM_SIZE; /* Session ID (zero since there is no reuse) */ *(p++) = 0; /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); if (i == 0) { SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); return -1; } #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH /* Some servers hang if client hello > 256 bytes * as hack workaround chop number of supported ciphers * to keep it well below this if we use TLS v1.2 */ if (TLS1_get_version(s) >= TLS1_2_VERSION && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; #endif s2n(i,p); p+=i; /* COMPRESSION */ #ifdef OPENSSL_NO_COMP *(p++)=1; #else if ((s->options & SSL_OP_NO_COMPRESSION) || !s->ctx->comp_methods) j=0; else j=sk_SSL_COMP_num(s->ctx->comp_methods); *(p++)=1+j; for (i=0; i<j; i++) { comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); *(p++)=comp->id; } #endif *(p++)=0; /* Add the NULL method */ #ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ if (ssl_prepare_clienthello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); return -1; } /* The buffer includes the 5 byte record header, so * subtract it to compute hlen for * ssl_add_clienthello_tlsext. */ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH, p-buf-5)) == NULL) { SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); return -1; } #endif l = p-d; /* fill in 4-byte handshake header */ d=&(buf[5]); *(d++)=SSL3_MT_CLIENT_HELLO; l2n3(l,d); l += 4; if (l > SSL3_RT_MAX_PLAIN_LENGTH) { SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); return -1; } /* fill in 5-byte record header */ d=buf; *(d++) = SSL3_RT_HANDSHAKE; *(d++) = version_major; /* Some servers hang if we use long client hellos * and a record number > TLS 1.0. */ if (TLS1_get_client_version(s) > TLS1_VERSION) *(d++) = 1; else *(d++) = version_minor; s2n((int)l,d); /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; ssl3_finish_mac(s,&(buf[5]), s->init_num - 5); } s->state=SSL23_ST_CW_CLNT_HELLO_B; s->init_off=0; }
int DES_enc_write(int fd, const void *_buf, int len, DES_key_schedule *sched, DES_cblock *iv) { #if defined(OPENSSL_NO_POSIX_IO) return (-1); #else # ifdef _LIBC extern unsigned long time(); extern int write(); # endif const unsigned char *buf = _buf; long rnum; int i, j, k, outnum; static unsigned char *outbuf = NULL; unsigned char shortbuf[8]; unsigned char *p; const unsigned char *cp; static int start = 1; if (len < 0) return -1; if (outbuf == NULL) { outbuf = OPENSSL_malloc(BSIZE + HDRSIZE); if (outbuf == NULL) return (-1); } /* * If we are sending less than 8 bytes, the same char will look the same * if we don't pad it out with random bytes */ if (start) { start = 0; } /* lets recurse if we want to send the data in small chunks */ if (len > MAXWRITE) { j = 0; for (i = 0; i < len; i += k) { k = DES_enc_write(fd, &(buf[i]), ((len - i) > MAXWRITE) ? MAXWRITE : (len - i), sched, iv); if (k < 0) return (k); else j += k; } return (j); } /* write length first */ p = outbuf; l2n(len, p); /* pad short strings */ if (len < 8) { cp = shortbuf; memcpy(shortbuf, buf, len); if (RAND_bytes(shortbuf + len, 8 - len) <= 0) return -1; rnum = 8; } else { cp = buf; rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */ } if (DES_rw_mode & DES_PCBC_MODE) DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, iv, DES_ENCRYPT); else DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, iv, DES_ENCRYPT); /* output */ outnum = rnum + HDRSIZE; for (j = 0; j < outnum; j += i) { /* * eay 26/08/92 I was not doing writing from where we got up to. */ # ifndef _WIN32 i = write(fd, (void *)&(outbuf[j]), outnum - j); # else i = _write(fd, (void *)&(outbuf[j]), outnum - j); # endif if (i == -1) { # ifdef EINTR if (errno == EINTR) i = 0; else # endif /* * This is really a bad error - very bad It will stuff-up * both ends. */ return (-1); } } return (len); #endif /* OPENSSL_NO_POSIX_IO */ }
static int ssl23_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; int i,ch_len; unsigned long Time,l; int ssl2_compat; int version = 0, version_major, version_minor; #ifndef OPENSSL_NO_COMP int j; SSL_COMP *comp; #endif int ret; ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) ssl2_compat = 0; if (!(s->options & SSL_OP_NO_TLSv1)) { version = TLS1_VERSION; } else if (!(s->options & SSL_OP_NO_SSLv3)) { version = SSL3_VERSION; } else if (!(s->options & SSL_OP_NO_SSLv2)) { version = SSL2_VERSION; } #ifndef OPENSSL_NO_TLSEXT if (version != SSL2_VERSION) { /* have to disable SSL 2.0 compatibility if we need TLS extensions */ if (s->tlsext_hostname != NULL) ssl2_compat = 0; if (s->tlsext_status_type != -1) ssl2_compat = 0; #ifdef TLSEXT_TYPE_opaque_prf_input if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) ssl2_compat = 0; #endif } #endif buf=(unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { #if 0 /* don't reuse session-id's */ if (!ssl_get_new_session(s,0)) { return(-1); } #endif p=s->s3->client_random; Time=(unsigned long)time(NULL); /* Time */ l2n(Time,p); if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) return -1; if (version == TLS1_VERSION) { version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; } else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; version_minor = SSL3_VERSION_MINOR; } else if (version == SSL2_VERSION) { version_major = SSL2_VERSION_MAJOR; version_minor = SSL2_VERSION_MINOR; } else { SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); return(-1); } s->client_version = version; if (ssl2_compat) { /* create SSL 2.0 compatible Client Hello */ /* two byte record header will be written last */ d = &(buf[2]); p = d + 9; /* leave space for message type, version, individual length fields */ *(d++) = SSL2_MT_CLIENT_HELLO; *(d++) = version_major; *(d++) = version_minor; /* Ciphers supported */ i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); if (i == 0) { /* no ciphers */ SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); return -1; } s2n(i,d); p+=i; /* put in the session-id length (zero since there is no reuse) */ #if 0 s->session->session_id_length=0; #endif s2n(0,d); if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) ch_len=SSL2_CHALLENGE_LENGTH; else ch_len=SSL2_MAX_CHALLENGE_LENGTH; /* write out sslv2 challenge */ /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for futurproofing */ if (SSL3_RANDOM_SIZE < ch_len) i=SSL3_RANDOM_SIZE; else i=ch_len; s2n(i,d); memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) return -1; memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); p+=i; i= p- &(buf[2]); buf[0]=((i>>8)&0xff)|0x80; buf[1]=(i&0xff); /* number of bytes to write */ s->init_num=i+2; s->init_off=0; ssl3_finish_mac(s,&(buf[2]),i); } else { /* create Client Hello in SSL 3.0/TLS 1.0 format */ /* do the record header (5 bytes) and handshake message header (4 bytes) last */ d = p = &(buf[9]); *(p++) = version_major; *(p++) = version_minor; /* Random stuff */ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); p += SSL3_RANDOM_SIZE; /* Session ID (zero since there is no reuse) */ *(p++) = 0; /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); if (i == 0) { SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); return -1; } s2n(i,p); p+=i; /* COMPRESSION */ #ifdef OPENSSL_NO_COMP *(p++)=1; #else if ((s->options & SSL_OP_NO_COMPRESSION) || !s->ctx->comp_methods) j=0; else j=sk_SSL_COMP_num(s->ctx->comp_methods); *(p++)=1+j; for (i=0; i<j; i++) { comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); *(p++)=comp->id; } #endif *(p++)=0; /* Add the NULL method */ #ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ if (ssl_prepare_clienthello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); return -1; } if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); return -1; } #endif l = p-d; /* fill in 4-byte handshake header */ d=&(buf[5]); *(d++)=SSL3_MT_CLIENT_HELLO; l2n3(l,d); l += 4; if (l > SSL3_RT_MAX_PLAIN_LENGTH) { SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); return -1; } /* fill in 5-byte record header */ d=buf; *(d++) = SSL3_RT_HANDSHAKE; *(d++) = version_major; *(d++) = version_minor; /* arguably we should send the *lowest* suported version here * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */ s2n((int)l,d); /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; ssl3_finish_mac(s,&(buf[5]), s->init_num - 5); } s->state=SSL23_ST_CW_CLNT_HELLO_B; s->init_off=0; }
void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, const BF_KEY *schedule, unsigned char *ivec, int encrypt) { register BF_LONG tin0, tin1; register BF_LONG tout0, tout1, xor0, xor1; register long l = length; BF_LONG tin[2]; if (encrypt) { n2l(ivec, tout0); n2l(ivec, tout1); ivec -= 8; for (l -= 8; l >= 0; l -= 8) { n2l(in, tin0); n2l(in, tin1); tin0 ^= tout0; tin1 ^= tout1; tin[0] = tin0; tin[1] = tin1; BF_encrypt(tin, schedule); tout0 = tin[0]; tout1 = tin[1]; l2n(tout0, out); l2n(tout1, out); } if (l != -8) { n2ln(in, tin0, tin1, l + 8); tin0 ^= tout0; tin1 ^= tout1; tin[0] = tin0; tin[1] = tin1; BF_encrypt(tin, schedule); tout0 = tin[0]; tout1 = tin[1]; l2n(tout0, out); l2n(tout1, out); } l2n(tout0, ivec); l2n(tout1, ivec); } else { n2l(ivec, xor0); n2l(ivec, xor1); ivec -= 8; for (l -= 8; l >= 0; l -= 8) { n2l(in, tin0); n2l(in, tin1); tin[0] = tin0; tin[1] = tin1; BF_decrypt(tin, schedule); tout0 = tin[0] ^ xor0; tout1 = tin[1] ^ xor1; l2n(tout0, out); l2n(tout1, out); xor0 = tin0; xor1 = tin1; } if (l != -8) { n2l(in, tin0); n2l(in, tin1); tin[0] = tin0; tin[1] = tin1; BF_decrypt(tin, schedule); tout0 = tin[0] ^ xor0; tout1 = tin[1] ^ xor1; l2nn(tout0, tout1, out, l + 8); xor0 = tin0; xor1 = tin1; } l2n(xor0, ivec); l2n(xor1, ivec); } tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; tin[0] = tin[1] = 0; }
void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int encrypt) { register unsigned long tin0,tin1; register unsigned long tout0,tout1,xor0,xor1; register long l=length; unsigned long tin[2]; if (encrypt) { n2l(iv,tout0); n2l(iv,tout1); iv-=8; for (l-=8; l>=0; l-=8) { n2l(in,tin0); n2l(in,tin1); tin0^=tout0; tin1^=tout1; tin[0]=tin0; tin[1]=tin1; idea_encrypt(tin,ks); tout0=tin[0]; l2n(tout0,out); tout1=tin[1]; l2n(tout1,out); } if (l != -8) { n2ln(in,tin0,tin1,l+8); tin0^=tout0; tin1^=tout1; tin[0]=tin0; tin[1]=tin1; idea_encrypt(tin,ks); tout0=tin[0]; l2n(tout0,out); tout1=tin[1]; l2n(tout1,out); } l2n(tout0,iv); l2n(tout1,iv); } else { n2l(iv,xor0); n2l(iv,xor1); iv-=8; for (l-=8; l>=0; l-=8) { n2l(in,tin0); tin[0]=tin0; n2l(in,tin1); tin[1]=tin1; idea_encrypt(tin,ks); tout0=tin[0]^xor0; tout1=tin[1]^xor1; l2n(tout0,out); l2n(tout1,out); xor0=tin0; xor1=tin1; } if (l != -8) { n2l(in,tin0); tin[0]=tin0; n2l(in,tin1); tin[1]=tin1; idea_encrypt(tin,ks); tout0=tin[0]^xor0; tout1=tin[1]^xor1; l2nn(tout0,tout1,out,l+8); xor0=tin0; xor1=tin1; } l2n(xor0,iv); l2n(xor1,iv); } tin0=tin1=tout0=tout1=xor0=xor1=0; tin[0]=tin[1]=0; }
void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *schedule, unsigned char *ivec, int *num, int encrypt) { register unsigned long v0,v1,t; register int n= *num; register long l=length; unsigned long ti[2]; unsigned char *iv,c,cc; iv=(unsigned char *)ivec; if (encrypt) { while (l--) { if (n == 0) { n2l(iv,v0); ti[0]=v0; n2l(iv,v1); ti[1]=v1; idea_encrypt((unsigned long *)ti,schedule); iv=(unsigned char *)ivec; t=ti[0]; l2n(t,iv); t=ti[1]; l2n(t,iv); iv=(unsigned char *)ivec; } c= *(in++)^iv[n]; *(out++)=c; iv[n]=c; n=(n+1)&0x07; } } else { while (l--) { if (n == 0) { n2l(iv,v0); ti[0]=v0; n2l(iv,v1); ti[1]=v1; idea_encrypt((unsigned long *)ti,schedule); iv=(unsigned char *)ivec; t=ti[0]; l2n(t,iv); t=ti[1]; l2n(t,iv); iv=(unsigned char *)ivec; } cc= *(in++); c=iv[n]; iv[n]=cc; *(out++)=c^cc; n=(n+1)&0x07; } } v0=v1=ti[0]=ti[1]=t=c=cc=0; *num=n; }