From 2928cb4c82d6516d9e65ede4901a5957d8c39c32 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Wed, 30 Jan 2013 16:56:30 +0000 Subject: [PATCH] Fixups. --- crypto/evp/c_allc.c | 1 - ssl/d1_enc.c | 8 ++++---- ssl/d1_pkt.c | 1 + ssl/s3_cbc.c | 13 ++++++------- ssl/s3_enc.c | 8 ++++---- ssl/s3_pkt.c | 2 +- ssl/ssl_locl.h | 4 ++-- ssl/t1_enc.c | 29 ++++++++++++++--------------- 8 files changed, 32 insertions(+), 34 deletions(-) diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 354090f21f..e45cee8ab0 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -194,7 +194,6 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); #endif -#endif #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_ecb()); diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index 0ff1b41ae1..ab8ccd1f6b 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -136,9 +136,9 @@ int dtls1_enc(SSL *s, int send) if (send) { - if (EVP_MD_CTX_md(s->write_hash)) + if (s->write_hash) { - mac_size=EVP_MD_CTX_size(s->write_hash); + mac_size=EVP_MD_size(s->write_hash); if (mac_size < 0) return -1; } @@ -162,9 +162,9 @@ int dtls1_enc(SSL *s, int send) } else { - if (EVP_MD_CTX_md(s->read_hash)) + if (s->read_hash) { - mac_size=EVP_MD_CTX_size(s->read_hash); + mac_size=EVP_MD_size(s->read_hash); if (mac_size < 0) return -1; } diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 8e9ee5a77e..cdbbe347d9 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -336,6 +336,7 @@ dtls1_process_record(SSL *s) unsigned char md[EVP_MAX_MD_SIZE]; int decryption_failed_or_bad_record_mac = 0; unsigned char *mac = NULL; + int i; rr= &(s->s3->rrec); diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index e9b112c1b5..a29ff66b79 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -139,8 +139,7 @@ int tls1_cbc_remove_padding(const SSL* s, unsigned mac_size) { unsigned padding_length, good, to_check, i; - const char has_explicit_iv = - s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION; + const char has_explicit_iv = s->version == DTLS1_VERSION; const unsigned overhead = 1 /* padding length byte */ + mac_size + (has_explicit_iv ? block_size : 0); @@ -366,9 +365,9 @@ static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out) /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function * which ssl3_cbc_digest_record supports. */ -char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) +char ssl3_cbc_record_digest_supported(const EVP_MD *digest) { - switch (ctx->digest->type) + switch (digest->type) { case NID_md5: case NID_sha1: @@ -402,7 +401,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) * a padding byte and MAC. (If the padding was invalid, it might contain the * padding too. ) */ void ssl3_cbc_digest_record( - const EVP_MD_CTX *ctx, + const EVP_MD *digest, unsigned char* md_out, size_t* md_out_size, const unsigned char header[13], @@ -436,7 +435,7 @@ void ssl3_cbc_digest_record( * many possible overflows later in this function. */ OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); - switch (ctx->digest->type) + switch (digest->type) { case NID_md5: MD5_Init((MD5_CTX*)md_state); @@ -670,7 +669,7 @@ void ssl3_cbc_digest_record( } EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */); + EVP_DigestInit_ex(&md_ctx, digest, NULL /* engine */); if (is_sslv3) { /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 845557bb75..6471ac4901 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -501,8 +501,8 @@ int ssl3_enc(SSL *s, int send) rec->orig_len = rec->length; - if (EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); + if (s->read_hash != NULL) + mac_size = EVP_MD_size(s->read_hash); if ((bs != 1) && !send) return ssl3_cbc_remove_padding(s, rec, bs, mac_size); } @@ -643,7 +643,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send) /* Chop the digest off the end :-) */ EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_copy_ex( &md_ctx,hash); + EVP_DigestInit_ex( &md_ctx,hash, NULL); EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); EVP_DigestUpdate(&md_ctx,seq,8); @@ -655,7 +655,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send) EVP_DigestUpdate(&md_ctx,rec->input,rec->length); EVP_DigestFinal_ex( &md_ctx,md,NULL); - EVP_MD_CTX_copy_ex( &md_ctx,hash); + EVP_DigestInit_ex( &md_ctx,hash, NULL); EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); EVP_DigestUpdate(&md_ctx,md,md_size); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index dabcfd2464..0d27f514af 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -377,7 +377,7 @@ printf("\n"); /* !clear => s->read_hash != NULL => mac_size != -1 */ unsigned char *mac = NULL; unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - mac_size=EVP_MD_CTX_size(s->read_hash); + mac_size=EVP_MD_size(s->read_hash); OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); /* orig_len is the length of the record before any padding was diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index fefc0bcc8f..4136b2459f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1023,9 +1023,9 @@ int tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, unsigned mac_size); -char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); +char ssl3_cbc_record_digest_supported(const EVP_MD *hash); void ssl3_cbc_digest_record( - const EVP_MD_CTX *ctx, + const EVP_MD *hash, unsigned char* md_out, size_t* md_out_size, const unsigned char header[13], diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index bb0cae15a4..6d6046b337 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -631,8 +631,8 @@ int tls1_enc(SSL *s, int send) rec->orig_len = rec->length; ret = 1; - if (EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); + if (s->read_hash != NULL) + mac_size = EVP_MD_size(s->read_hash); if ((bs != 1) && !send) ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); if (pad && !send) @@ -686,12 +686,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) SSL3_RECORD *rec; unsigned char *mac_sec,*seq; const EVP_MD *hash; - unsigned int md_size; + size_t md_size; int i; - EVP_MD_CTX hmac, *mac_ctx; + HMAC_CTX hmac; unsigned char header[13]; - int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM)); - int t; if (send) { @@ -734,31 +732,32 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) if (!send && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(mac_ctx)) + ssl3_cbc_record_digest_supported(hash)) { /* This is a CBC-encrypted record. We must avoid leaking any * timing-side channel information about how many blocks of * data we are hashing because that gives an attacker a * timing-oracle. */ ssl3_cbc_digest_record( - mac_ctx, + hash, md, &md_size, header, rec->input, rec->length + md_size, rec->orig_len, ssl->s3->read_mac_secret, - ssl->s3->read_mac_secret_size, + EVP_MD_size(ssl->read_hash), 0 /* not SSLv3 */); } else { - EVP_DigestSignUpdate(mac_ctx,header,sizeof(header)); - EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length); - t=EVP_DigestSignFinal(mac_ctx,md,&md_size); - OPENSSL_assert(t > 0); + unsigned mds; + + HMAC_Update(&hmac,header,sizeof(header)); + HMAC_Update(&hmac,rec->input,rec->length); + HMAC_Final(&hmac,md,&mds); + md_size = mds; } - if (!stream_mac) - EVP_MD_CTX_cleanup(&hmac); + HMAC_CTX_cleanup(&hmac); #ifdef TLS_DEBUG printf("sec="); {unsigned int z; for (z=0; z