2016-05-18 02:18:30 +08:00
|
|
|
/*
|
2024-03-20 20:07:54 +08:00
|
|
|
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
2017-06-20 22:14:36 +08:00
|
|
|
* Copyright 2005 Nokia. All rights reserved.
|
2002-04-14 06:47:20 +08:00
|
|
|
*
|
2018-12-06 20:08:51 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 02:18:30 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
2002-04-14 06:47:20 +08:00
|
|
|
*/
|
2016-05-18 02:18:30 +08:00
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
#include <stdio.h>
|
2019-09-28 06:45:40 +08:00
|
|
|
#include "ssl_local.h"
|
2002-07-10 15:01:54 +08:00
|
|
|
#include <openssl/evp.h>
|
2001-07-31 07:57:25 +08:00
|
|
|
#include <openssl/md5.h>
|
2019-04-11 18:27:59 +08:00
|
|
|
#include <openssl/core_names.h>
|
2017-08-02 21:46:31 +08:00
|
|
|
#include "internal/cryptlib.h"
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
static int ssl3_generate_key_block(SSL_CONNECTION *s, unsigned char *km, int num)
|
1998-12-21 18:56:39 +08:00
|
|
|
{
|
2020-04-21 00:04:57 +08:00
|
|
|
const EVP_MD *md5 = NULL, *sha1 = NULL;
|
2015-11-27 21:02:12 +08:00
|
|
|
EVP_MD_CTX *m5;
|
|
|
|
|
EVP_MD_CTX *s1;
|
2001-04-08 13:41:42 +08:00
|
|
|
unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
|
1998-12-21 18:56:39 +08:00
|
|
|
unsigned char c = 'A';
|
2020-08-11 19:51:04 +08:00
|
|
|
unsigned int i, k;
|
2015-11-27 21:02:12 +08:00
|
|
|
int ret = 0;
|
2022-06-20 23:11:28 +08:00
|
|
|
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
|
1998-12-21 18:56:39 +08:00
|
|
|
|
1999-06-05 05:54:13 +08:00
|
|
|
#ifdef CHARSET_EBCDIC
|
|
|
|
|
c = os_toascii[c]; /* 'A' in ASCII */
|
|
|
|
|
#endif
|
1998-12-21 18:56:39 +08:00
|
|
|
k = 0;
|
2022-06-20 23:11:28 +08:00
|
|
|
md5 = ssl_evp_md_fetch(sctx->libctx, NID_md5, sctx->propq);
|
|
|
|
|
sha1 = ssl_evp_md_fetch(sctx->libctx, NID_sha1, sctx->propq);
|
2015-12-02 07:49:35 +08:00
|
|
|
m5 = EVP_MD_CTX_new();
|
|
|
|
|
s1 = EVP_MD_CTX_new();
|
2020-04-21 00:04:57 +08:00
|
|
|
if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) {
|
2022-09-29 19:57:34 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
|
2015-11-27 21:02:12 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2003-10-30 04:24:15 +08:00
|
|
|
for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
|
1998-12-21 18:56:39 +08:00
|
|
|
k++;
|
2017-01-01 08:43:20 +08:00
|
|
|
if (k > sizeof(buf)) {
|
2001-04-08 21:47:51 +08:00
|
|
|
/* bug: 'buf' is too small for this ciphersuite */
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2017-01-01 08:43:20 +08:00
|
|
|
goto err;
|
2001-04-08 21:47:51 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2020-08-11 19:51:04 +08:00
|
|
|
memset(buf, c, k);
|
1998-12-21 18:56:39 +08:00
|
|
|
c++;
|
2020-04-21 00:04:57 +08:00
|
|
|
if (!EVP_DigestInit_ex(s1, sha1, NULL)
|
2016-06-18 22:46:13 +08:00
|
|
|
|| !EVP_DigestUpdate(s1, buf, k)
|
|
|
|
|
|| !EVP_DigestUpdate(s1, s->session->master_key,
|
|
|
|
|
s->session->master_key_length)
|
2018-12-13 02:09:50 +08:00
|
|
|
|| !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE)
|
|
|
|
|
|| !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE)
|
2016-06-18 22:46:13 +08:00
|
|
|
|| !EVP_DigestFinal_ex(s1, smd, NULL)
|
2019-10-11 00:49:28 +08:00
|
|
|
|| !EVP_DigestInit_ex(m5, md5, NULL)
|
2016-06-18 22:46:13 +08:00
|
|
|
|| !EVP_DigestUpdate(m5, s->session->master_key,
|
|
|
|
|
s->session->master_key_length)
|
2017-11-23 18:37:51 +08:00
|
|
|
|| !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2016-06-18 22:46:13 +08:00
|
|
|
goto err;
|
2017-11-23 18:37:51 +08:00
|
|
|
}
|
2003-10-30 04:24:15 +08:00
|
|
|
if ((int)(i + MD5_DIGEST_LENGTH) > num) {
|
2017-11-23 18:37:51 +08:00
|
|
|
if (!EVP_DigestFinal_ex(m5, smd, NULL)) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2016-06-18 22:46:13 +08:00
|
|
|
goto err;
|
2017-11-23 18:37:51 +08:00
|
|
|
}
|
1998-12-21 18:56:39 +08:00
|
|
|
memcpy(km, smd, (num - i));
|
2016-06-18 22:46:13 +08:00
|
|
|
} else {
|
2017-11-23 18:37:51 +08:00
|
|
|
if (!EVP_DigestFinal_ex(m5, km, NULL)) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2016-06-18 22:46:13 +08:00
|
|
|
goto err;
|
2017-11-23 18:37:51 +08:00
|
|
|
}
|
2016-06-18 22:46:13 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
1998-12-21 18:56:39 +08:00
|
|
|
km += MD5_DIGEST_LENGTH;
|
|
|
|
|
}
|
2015-05-30 00:22:43 +08:00
|
|
|
OPENSSL_cleanse(smd, sizeof(smd));
|
2015-11-27 21:02:12 +08:00
|
|
|
ret = 1;
|
|
|
|
|
err:
|
2015-12-02 07:49:35 +08:00
|
|
|
EVP_MD_CTX_free(m5);
|
|
|
|
|
EVP_MD_CTX_free(s1);
|
2020-01-16 20:14:27 +08:00
|
|
|
ssl_evp_md_free(md5);
|
2020-04-21 00:04:57 +08:00
|
|
|
ssl_evp_md_free(sha1);
|
2015-11-27 21:02:12 +08:00
|
|
|
return ret;
|
1998-12-21 18:56:39 +08:00
|
|
|
}
|
|
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
int ssl3_change_cipher_state(SSL_CONNECTION *s, int which)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
2010-06-12 22:13:23 +08:00
|
|
|
unsigned char *p, *mac_secret;
|
2022-04-28 23:57:07 +08:00
|
|
|
size_t md_len;
|
|
|
|
|
unsigned char *key, *iv;
|
|
|
|
|
const EVP_CIPHER *ciph;
|
2022-05-18 21:30:24 +08:00
|
|
|
const SSL_COMP *comp = NULL;
|
2022-04-28 23:57:07 +08:00
|
|
|
const EVP_MD *md;
|
2016-10-04 06:22:07 +08:00
|
|
|
int mdi;
|
2022-04-28 23:57:07 +08:00
|
|
|
size_t n, iv_len, key_len;
|
2022-08-19 23:54:09 +08:00
|
|
|
int direction = (which & SSL3_CC_READ) != 0 ? OSSL_RECORD_DIRECTION_READ
|
|
|
|
|
: OSSL_RECORD_DIRECTION_WRITE;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-04-28 23:57:07 +08:00
|
|
|
ciph = s->s3.tmp.new_sym_enc;
|
|
|
|
|
md = s->s3.tmp.new_hash;
|
2008-12-29 19:54:56 +08:00
|
|
|
/* m == NULL will lead to a crash later */
|
2022-04-28 23:57:07 +08:00
|
|
|
if (!ossl_assert(md != NULL)) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2017-11-22 01:18:43 +08:00
|
|
|
goto err;
|
2017-05-19 16:35:19 +08:00
|
|
|
}
|
2005-10-01 07:35:33 +08:00
|
|
|
#ifndef OPENSSL_NO_COMP
|
2022-04-28 23:57:07 +08:00
|
|
|
comp = s->s3.tmp.new_compression;
|
2005-10-01 07:35:33 +08:00
|
|
|
#endif
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2018-12-13 02:09:50 +08:00
|
|
|
p = s->s3.tmp.key_block;
|
2022-04-28 23:57:07 +08:00
|
|
|
mdi = EVP_MD_get_size(md);
|
2017-11-22 01:18:43 +08:00
|
|
|
if (mdi < 0) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2017-11-22 01:18:43 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2022-04-28 23:57:07 +08:00
|
|
|
md_len = (size_t)mdi;
|
|
|
|
|
key_len = EVP_CIPHER_get_key_length(ciph);
|
|
|
|
|
iv_len = EVP_CIPHER_get_iv_length(ciph);
|
2023-12-10 02:40:01 +08:00
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
|
|
|
|
|
(which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
|
2022-04-28 23:57:07 +08:00
|
|
|
mac_secret = &(p[0]);
|
|
|
|
|
n = md_len + md_len;
|
1998-12-21 18:52:47 +08:00
|
|
|
key = &(p[n]);
|
2022-04-28 23:57:07 +08:00
|
|
|
n += key_len + key_len;
|
1998-12-21 18:52:47 +08:00
|
|
|
iv = &(p[n]);
|
2022-04-28 23:57:07 +08:00
|
|
|
n += iv_len + iv_len;
|
1998-12-21 18:52:47 +08:00
|
|
|
} else {
|
2022-04-28 23:57:07 +08:00
|
|
|
n = md_len;
|
|
|
|
|
mac_secret = &(p[n]);
|
|
|
|
|
n += md_len + key_len;
|
1998-12-21 18:52:47 +08:00
|
|
|
key = &(p[n]);
|
2022-04-28 23:57:07 +08:00
|
|
|
n += key_len + iv_len;
|
1998-12-21 18:52:47 +08:00
|
|
|
iv = &(p[n]);
|
2022-04-28 23:57:07 +08:00
|
|
|
n += iv_len;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2018-12-13 02:09:50 +08:00
|
|
|
if (n > s->s3.tmp.key_block_length) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2017-11-22 01:18:43 +08:00
|
|
|
goto err;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-08-19 23:54:09 +08:00
|
|
|
if (!ssl_set_new_record_layer(s, SSL3_VERSION,
|
|
|
|
|
direction,
|
|
|
|
|
OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
|
2022-11-14 22:19:53 +08:00
|
|
|
NULL, 0, key, key_len, iv, iv_len, mac_secret,
|
|
|
|
|
md_len, ciph, 0, NID_undef, md, comp, NULL)) {
|
2022-08-19 23:54:09 +08:00
|
|
|
/* SSLfatal already called */
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
2022-04-28 23:57:07 +08:00
|
|
|
|
2017-10-09 19:05:58 +08:00
|
|
|
return 1;
|
1998-12-21 18:52:47 +08:00
|
|
|
err:
|
2017-10-17 22:04:09 +08:00
|
|
|
return 0;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
int ssl3_setup_key_block(SSL_CONNECTION *s)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
|
unsigned char *p;
|
1999-04-18 05:25:43 +08:00
|
|
|
const EVP_CIPHER *c;
|
|
|
|
|
const EVP_MD *hash;
|
1999-02-22 04:03:24 +08:00
|
|
|
int num;
|
2002-04-14 06:47:20 +08:00
|
|
|
int ret = 0;
|
Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Fix so that the version number in the master secret, when passed
via RSA, checks that if TLS was proposed, but we roll back to SSLv3
(because the server will not accept higher), that the version number
is 0x03,0x01, not 0x03,0x00
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Submitted by:
Reviewed by:
PR:
1999-02-16 17:22:21 +08:00
|
|
|
SSL_COMP *comp;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2018-12-13 02:09:50 +08:00
|
|
|
if (s->s3.tmp.key_block_length != 0)
|
2017-10-09 19:05:58 +08:00
|
|
|
return 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash,
|
|
|
|
|
NULL, NULL, &comp, 0)) {
|
2020-11-21 06:07:56 +08:00
|
|
|
/* Error is already recorded */
|
|
|
|
|
SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
|
2017-10-17 22:04:09 +08:00
|
|
|
return 0;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2020-01-16 20:14:27 +08:00
|
|
|
ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
|
2018-12-13 02:09:50 +08:00
|
|
|
s->s3.tmp.new_sym_enc = c;
|
2020-01-16 20:14:27 +08:00
|
|
|
ssl_evp_md_free(s->s3.tmp.new_hash);
|
2018-12-13 02:09:50 +08:00
|
|
|
s->s3.tmp.new_hash = hash;
|
2005-10-01 07:35:33 +08:00
|
|
|
#ifdef OPENSSL_NO_COMP
|
2018-12-13 02:09:50 +08:00
|
|
|
s->s3.tmp.new_compression = NULL;
|
2005-10-01 07:35:33 +08:00
|
|
|
#else
|
2018-12-13 02:09:50 +08:00
|
|
|
s->s3.tmp.new_compression = comp;
|
2005-10-01 07:35:33 +08:00
|
|
|
#endif
|
1998-12-21 18:52:47 +08:00
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
num = EVP_MD_get_size(hash);
|
2008-12-30 00:11:58 +08:00
|
|
|
if (num < 0)
|
|
|
|
|
return 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
num = EVP_CIPHER_get_key_length(c) + num + EVP_CIPHER_get_iv_length(c);
|
2015-01-22 11:40:55 +08:00
|
|
|
num *= 2;
|
2008-12-30 00:11:58 +08:00
|
|
|
|
|
|
|
|
ssl3_cleanup_key_block(s);
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2017-11-22 01:18:43 +08:00
|
|
|
if ((p = OPENSSL_malloc(num)) == NULL) {
|
2022-09-29 19:57:34 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
|
2017-11-22 01:18:43 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2018-12-13 02:09:50 +08:00
|
|
|
s->s3.tmp.key_block_length = num;
|
|
|
|
|
s->s3.tmp.key_block = p;
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2017-11-23 18:37:51 +08:00
|
|
|
/* Calls SSLfatal() as required */
|
1998-12-21 18:52:47 +08:00
|
|
|
ret = ssl3_generate_key_block(s, p, num);
|
|
|
|
|
|
2002-04-14 06:47:20 +08:00
|
|
|
return ret;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
void ssl3_cleanup_key_block(SSL_CONNECTION *s)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
2018-12-13 02:09:50 +08:00
|
|
|
OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length);
|
|
|
|
|
s->s3.tmp.key_block = NULL;
|
|
|
|
|
s->s3.tmp.key_block_length = 0;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
int ssl3_init_finished_mac(SSL_CONNECTION *s)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
2016-06-03 18:59:19 +08:00
|
|
|
BIO *buf = BIO_new(BIO_s_mem());
|
|
|
|
|
|
|
|
|
|
if (buf == NULL) {
|
2022-09-29 19:57:34 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BIO_LIB);
|
2016-06-03 18:59:19 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2015-06-20 22:37:22 +08:00
|
|
|
ssl3_free_digest_list(s);
|
2018-12-13 02:09:50 +08:00
|
|
|
s->s3.handshake_buffer = buf;
|
|
|
|
|
(void)BIO_set_close(s->s3.handshake_buffer, BIO_CLOSE);
|
2016-06-03 18:59:19 +08:00
|
|
|
return 1;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2015-06-20 22:44:03 +08:00
|
|
|
/*
|
|
|
|
|
* Free digest list. Also frees handshake buffer since they are always freed
|
|
|
|
|
* together.
|
|
|
|
|
*/
|
|
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
void ssl3_free_digest_list(SSL_CONNECTION *s)
|
2007-08-31 20:42:53 +08:00
|
|
|
{
|
2018-12-13 02:09:50 +08:00
|
|
|
BIO_free(s->s3.handshake_buffer);
|
|
|
|
|
s->s3.handshake_buffer = NULL;
|
|
|
|
|
EVP_MD_CTX_free(s->s3.handshake_dgst);
|
|
|
|
|
s->s3.handshake_dgst = NULL;
|
2007-08-31 20:42:53 +08:00
|
|
|
}
|
|
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
int ssl3_finish_mac(SSL_CONNECTION *s, const unsigned char *buf, size_t len)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
2017-11-22 01:18:43 +08:00
|
|
|
int ret;
|
|
|
|
|
|
2018-12-13 02:09:50 +08:00
|
|
|
if (s->s3.handshake_dgst == NULL) {
|
2016-06-18 22:46:13 +08:00
|
|
|
/* Note: this writes to a memory BIO so a failure is a fatal error */
|
2017-11-22 01:18:43 +08:00
|
|
|
if (len > INT_MAX) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_OVERFLOW_ERROR);
|
2016-09-07 18:34:39 +08:00
|
|
|
return 0;
|
2017-11-22 01:18:43 +08:00
|
|
|
}
|
2018-12-13 02:09:50 +08:00
|
|
|
ret = BIO_write(s->s3.handshake_buffer, (void *)buf, (int)len);
|
2017-11-22 01:18:43 +08:00
|
|
|
if (ret <= 0 || ret != (int)len) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2017-11-22 01:18:43 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2016-09-07 18:34:39 +08:00
|
|
|
} else {
|
2018-12-13 02:09:50 +08:00
|
|
|
ret = EVP_DigestUpdate(s->s3.handshake_dgst, buf, len);
|
2017-11-22 01:18:43 +08:00
|
|
|
if (!ret) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2017-11-22 01:18:43 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2016-09-07 18:34:39 +08:00
|
|
|
}
|
2017-11-22 01:18:43 +08:00
|
|
|
return 1;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2008-12-27 10:00:38 +08:00
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep)
|
2007-08-31 20:42:53 +08:00
|
|
|
{
|
2008-12-27 10:00:38 +08:00
|
|
|
const EVP_MD *md;
|
|
|
|
|
long hdatalen;
|
|
|
|
|
void *hdata;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2018-12-13 02:09:50 +08:00
|
|
|
if (s->s3.handshake_dgst == NULL) {
|
|
|
|
|
hdatalen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata);
|
2015-06-16 21:44:29 +08:00
|
|
|
if (hdatalen <= 0) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH);
|
2015-06-16 21:44:29 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2018-12-13 02:09:50 +08:00
|
|
|
s->s3.handshake_dgst = EVP_MD_CTX_new();
|
|
|
|
|
if (s->s3.handshake_dgst == NULL) {
|
2022-09-29 19:57:34 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
|
2015-11-26 02:20:50 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
md = ssl_handshake_md(s);
|
2020-08-27 23:19:27 +08:00
|
|
|
if (md == NULL) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
2020-08-27 23:19:27 +08:00
|
|
|
SSL_R_NO_SUITABLE_DIGEST_ALGORITHM);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (!EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL)
|
2018-12-13 02:09:50 +08:00
|
|
|
|| !EVP_DigestUpdate(s->s3.handshake_dgst, hdata, hdatalen)) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2015-11-26 02:20:50 +08:00
|
|
|
return 0;
|
2007-08-31 20:42:53 +08:00
|
|
|
}
|
2008-12-27 10:00:38 +08:00
|
|
|
}
|
2015-06-16 21:44:29 +08:00
|
|
|
if (keep == 0) {
|
2018-12-13 02:09:50 +08:00
|
|
|
BIO_free(s->s3.handshake_buffer);
|
|
|
|
|
s->s3.handshake_buffer = NULL;
|
2011-05-20 22:56:29 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2008-12-27 10:00:38 +08:00
|
|
|
return 1;
|
2007-08-31 20:42:53 +08:00
|
|
|
}
|
2008-12-27 10:00:38 +08:00
|
|
|
|
2019-04-11 18:27:59 +08:00
|
|
|
void ssl3_digest_master_key_set_params(const SSL_SESSION *session,
|
|
|
|
|
OSSL_PARAM params[])
|
|
|
|
|
{
|
|
|
|
|
int n = 0;
|
2019-06-07 10:05:23 +08:00
|
|
|
params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
|
|
|
|
|
(void *)session->master_key,
|
2019-06-24 12:43:55 +08:00
|
|
|
session->master_key_length);
|
2019-04-11 18:27:59 +08:00
|
|
|
params[n++] = OSSL_PARAM_construct_end();
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender, size_t len,
|
2016-10-05 04:14:24 +08:00
|
|
|
unsigned char *p)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
2015-11-26 02:20:50 +08:00
|
|
|
int ret;
|
2015-11-27 21:02:12 +08:00
|
|
|
EVP_MD_CTX *ctx = NULL;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2017-11-23 18:37:51 +08:00
|
|
|
if (!ssl3_digest_cached_records(s, 0)) {
|
|
|
|
|
/* SSLfatal() already called */
|
2015-06-16 21:44:29 +08:00
|
|
|
return 0;
|
2017-11-23 18:37:51 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
if (EVP_MD_CTX_get_type(s->s3.handshake_dgst) != NID_md5_sha1) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_REQUIRED_DIGEST);
|
2007-08-31 20:42:53 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2015-11-26 02:20:50 +08:00
|
|
|
|
2015-12-02 07:49:35 +08:00
|
|
|
ctx = EVP_MD_CTX_new();
|
2015-11-27 21:02:12 +08:00
|
|
|
if (ctx == NULL) {
|
2022-09-29 19:57:34 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
|
2015-11-27 21:02:12 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2018-12-13 02:09:50 +08:00
|
|
|
if (!EVP_MD_CTX_copy_ex(ctx, s->s3.handshake_dgst)) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2018-09-02 19:07:58 +08:00
|
|
|
ret = 0;
|
|
|
|
|
goto err;
|
2016-06-10 23:51:39 +08:00
|
|
|
}
|
2015-11-26 02:20:50 +08:00
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
ret = EVP_MD_CTX_get_size(ctx);
|
2015-11-26 02:20:50 +08:00
|
|
|
if (ret < 0) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2018-09-02 19:07:58 +08:00
|
|
|
ret = 0;
|
|
|
|
|
goto err;
|
2015-11-26 02:20:50 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2019-04-11 18:27:59 +08:00
|
|
|
if (sender != NULL) {
|
|
|
|
|
OSSL_PARAM digest_cmd_params[3];
|
|
|
|
|
|
|
|
|
|
ssl3_digest_master_key_set_params(s->session, digest_cmd_params);
|
2019-06-07 10:05:23 +08:00
|
|
|
|
2019-04-11 18:27:59 +08:00
|
|
|
if (EVP_DigestUpdate(ctx, sender, len) <= 0
|
|
|
|
|
|| EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0
|
|
|
|
|
|| EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2019-04-11 18:27:59 +08:00
|
|
|
ret = 0;
|
|
|
|
|
}
|
2015-11-07 00:31:21 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2018-09-02 19:07:58 +08:00
|
|
|
err:
|
2015-12-02 07:49:35 +08:00
|
|
|
EVP_MD_CTX_free(ctx);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2015-11-26 02:20:50 +08:00
|
|
|
return ret;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
|
2022-06-20 23:11:28 +08:00
|
|
|
int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
|
|
|
|
|
unsigned char *p,
|
2016-10-04 06:22:07 +08:00
|
|
|
size_t len, size_t *secret_size)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
2024-02-01 15:45:15 +08:00
|
|
|
static const unsigned char *const salt[3] = {
|
1999-06-05 05:54:13 +08:00
|
|
|
#ifndef CHARSET_EBCDIC
|
1999-04-18 05:25:43 +08:00
|
|
|
(const unsigned char *)"A",
|
|
|
|
|
(const unsigned char *)"BB",
|
|
|
|
|
(const unsigned char *)"CCC",
|
1999-06-05 05:54:13 +08:00
|
|
|
#else
|
|
|
|
|
(const unsigned char *)"\x41",
|
|
|
|
|
(const unsigned char *)"\x42\x42",
|
|
|
|
|
(const unsigned char *)"\x43\x43\x43",
|
|
|
|
|
#endif
|
1998-12-21 18:52:47 +08:00
|
|
|
};
|
|
|
|
|
unsigned char buf[EVP_MAX_MD_SIZE];
|
2015-12-02 07:49:35 +08:00
|
|
|
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
|
2016-10-04 06:22:07 +08:00
|
|
|
int i, ret = 1;
|
1998-12-21 18:52:47 +08:00
|
|
|
unsigned int n;
|
2016-10-04 06:22:07 +08:00
|
|
|
size_t ret_secret_size = 0;
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2015-11-27 21:02:12 +08:00
|
|
|
if (ctx == NULL) {
|
2022-09-29 19:57:34 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
|
2015-11-27 21:02:12 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
for (i = 0; i < 3; i++) {
|
2022-06-20 23:11:28 +08:00
|
|
|
if (EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->sha1, NULL) <= 0
|
2016-08-06 01:03:17 +08:00
|
|
|
|| EVP_DigestUpdate(ctx, salt[i],
|
|
|
|
|
strlen((const char *)salt[i])) <= 0
|
|
|
|
|
|| EVP_DigestUpdate(ctx, p, len) <= 0
|
2018-12-13 02:09:50 +08:00
|
|
|
|| EVP_DigestUpdate(ctx, &(s->s3.client_random[0]),
|
2016-08-06 01:03:17 +08:00
|
|
|
SSL3_RANDOM_SIZE) <= 0
|
2018-12-13 02:09:50 +08:00
|
|
|
|| EVP_DigestUpdate(ctx, &(s->s3.server_random[0]),
|
2016-08-06 01:03:17 +08:00
|
|
|
SSL3_RANDOM_SIZE) <= 0
|
|
|
|
|
|| EVP_DigestFinal_ex(ctx, buf, &n) <= 0
|
2022-06-20 23:11:28 +08:00
|
|
|
|| EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->md5, NULL) <= 0
|
2016-08-06 01:03:17 +08:00
|
|
|
|| EVP_DigestUpdate(ctx, p, len) <= 0
|
|
|
|
|
|| EVP_DigestUpdate(ctx, buf, n) <= 0
|
|
|
|
|
|| EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
|
2020-11-04 21:39:57 +08:00
|
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
2015-11-07 00:31:21 +08:00
|
|
|
ret = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
out += n;
|
2016-10-04 06:22:07 +08:00
|
|
|
ret_secret_size += n;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
2015-12-02 07:49:35 +08:00
|
|
|
EVP_MD_CTX_free(ctx);
|
2012-08-29 07:17:28 +08:00
|
|
|
|
2015-05-30 00:22:43 +08:00
|
|
|
OPENSSL_cleanse(buf, sizeof(buf));
|
2016-10-04 06:22:07 +08:00
|
|
|
if (ret)
|
|
|
|
|
*secret_size = ret_secret_size;
|
|
|
|
|
return ret;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
|
1999-04-20 05:31:43 +08:00
|
|
|
int ssl3_alert_code(int code)
|
1998-12-21 18:56:39 +08:00
|
|
|
{
|
|
|
|
|
switch (code) {
|
|
|
|
|
case SSL_AD_CLOSE_NOTIFY:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_CLOSE_NOTIFY;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_UNEXPECTED_MESSAGE:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_UNEXPECTED_MESSAGE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_BAD_RECORD_MAC:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_BAD_RECORD_MAC;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_DECRYPTION_FAILED:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_BAD_RECORD_MAC;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_RECORD_OVERFLOW:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_BAD_RECORD_MAC;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_DECOMPRESSION_FAILURE:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_DECOMPRESSION_FAILURE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_HANDSHAKE_FAILURE:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_NO_CERTIFICATE:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_NO_CERTIFICATE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_BAD_CERTIFICATE:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_BAD_CERTIFICATE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_UNSUPPORTED_CERTIFICATE:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_UNSUPPORTED_CERTIFICATE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_CERTIFICATE_REVOKED:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_CERTIFICATE_REVOKED;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_CERTIFICATE_EXPIRED:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_CERTIFICATE_EXPIRED;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_CERTIFICATE_UNKNOWN:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_CERTIFICATE_UNKNOWN;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_ILLEGAL_PARAMETER:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_ILLEGAL_PARAMETER;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_UNKNOWN_CA:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_BAD_CERTIFICATE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_ACCESS_DENIED:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_DECODE_ERROR:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_DECRYPT_ERROR:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
2000-02-04 07:23:24 +08:00
|
|
|
case SSL_AD_EXPORT_RESTRICTION:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_PROTOCOL_VERSION:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_INSUFFICIENT_SECURITY:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_INTERNAL_ERROR:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
2000-02-04 07:23:24 +08:00
|
|
|
case SSL_AD_USER_CANCELLED:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
1998-12-21 18:56:39 +08:00
|
|
|
case SSL_AD_NO_RENEGOTIATION:
|
2017-10-17 22:04:09 +08:00
|
|
|
return -1; /* Don't send it :-) */
|
2006-01-08 04:33:16 +08:00
|
|
|
case SSL_AD_UNSUPPORTED_EXTENSION:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
2006-01-08 04:33:16 +08:00
|
|
|
case SSL_AD_CERTIFICATE_UNOBTAINABLE:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
2006-01-08 04:29:50 +08:00
|
|
|
case SSL_AD_UNRECOGNIZED_NAME:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
2006-01-08 04:33:16 +08:00
|
|
|
case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
2006-01-08 04:33:16 +08:00
|
|
|
case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
|
2017-10-17 22:04:09 +08:00
|
|
|
return SSL3_AD_HANDSHAKE_FAILURE;
|
2006-03-11 07:06:27 +08:00
|
|
|
case SSL_AD_UNKNOWN_PSK_IDENTITY:
|
2017-10-17 22:04:09 +08:00
|
|
|
return TLS1_AD_UNKNOWN_PSK_IDENTITY;
|
2014-10-15 10:03:28 +08:00
|
|
|
case SSL_AD_INAPPROPRIATE_FALLBACK:
|
2017-10-17 22:04:09 +08:00
|
|
|
return TLS1_AD_INAPPROPRIATE_FALLBACK;
|
2015-09-22 21:20:26 +08:00
|
|
|
case SSL_AD_NO_APPLICATION_PROTOCOL:
|
2017-10-17 22:04:09 +08:00
|
|
|
return TLS1_AD_NO_APPLICATION_PROTOCOL;
|
2017-03-10 23:09:24 +08:00
|
|
|
case SSL_AD_CERTIFICATE_REQUIRED:
|
|
|
|
|
return SSL_AD_HANDSHAKE_FAILURE;
|
2021-05-22 01:25:00 +08:00
|
|
|
case TLS13_AD_MISSING_EXTENSION:
|
|
|
|
|
return SSL_AD_HANDSHAKE_FAILURE;
|
1998-12-21 18:56:39 +08:00
|
|
|
default:
|
2017-10-17 22:04:09 +08:00
|
|
|
return -1;
|
1998-12-21 18:56:39 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
