projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
PR: 1958
[openssl.git]
/
ssl
/
t1_enc.c
diff --git
a/ssl/t1_enc.c
b/ssl/t1_enc.c
index 011ef3aacaa97dc68c1ef17da10c303cab7db2ba..d9cb059d0c21685d8b0e9c7c2cba816fe4b70350 100644
(file)
--- a/
ssl/t1_enc.c
+++ b/
ssl/t1_enc.c
@@
-137,10
+137,15
@@
#include <stdio.h>
#include "ssl_locl.h"
#include <stdio.h>
#include "ssl_locl.h"
+#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
#include <openssl/comp.h>
+#endif
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
+#ifdef KSSL_DEBUG
+#include <openssl/des.h>
+#endif
/* seed1 through seed5 are virtually concatenated */
static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
/* seed1 through seed5 are virtually concatenated */
static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
@@
-160,6
+165,7
@@
static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
unsigned int A1_len;
chunk=EVP_MD_size(md);
unsigned int A1_len;
chunk=EVP_MD_size(md);
+ OPENSSL_assert(chunk >= 0);
HMAC_CTX_init(&ctx);
HMAC_CTX_init(&ctx_tmp);
HMAC_CTX_init(&ctx);
HMAC_CTX_init(&ctx_tmp);
@@
-602,7
+608,10
@@
int tls1_enc(SSL *s, int send)
if (send)
{
if (EVP_MD_CTX_md(s->write_hash))
if (send)
{
if (EVP_MD_CTX_md(s->write_hash))
+ {
n=EVP_MD_CTX_size(s->write_hash);
n=EVP_MD_CTX_size(s->write_hash);
+ OPENSSL_assert(n >= 0);
+ }
ds=s->enc_write_ctx;
rec= &(s->s3->wrec);
if (s->enc_write_ctx == NULL)
ds=s->enc_write_ctx;
rec= &(s->s3->wrec);
if (s->enc_write_ctx == NULL)
@@
-613,7
+622,10
@@
int tls1_enc(SSL *s, int send)
else
{
if (EVP_MD_CTX_md(s->read_hash))
else
{
if (EVP_MD_CTX_md(s->read_hash))
+ {
n=EVP_MD_CTX_size(s->read_hash);
n=EVP_MD_CTX_size(s->read_hash);
+ OPENSSL_assert(n >= 0);
+ }
ds=s->enc_read_ctx;
rec= &(s->s3->rrec);
if (s->enc_read_ctx == NULL)
ds=s->enc_read_ctx;
rec= &(s->s3->rrec);
if (s->enc_read_ctx == NULL)
@@
-746,7
+758,9
@@
int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
int i;
if (s->s3->handshake_buffer)
int i;
if (s->s3->handshake_buffer)
- ssl3_digest_cached_records(s);
+ if (!ssl3_digest_cached_records(s))
+ return 0;
+
for (i=0;i<SSL_MAX_DIGEST;i++)
{
if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)
for (i=0;i<SSL_MAX_DIGEST;i++)
{
if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)
@@
-781,17
+795,18
@@
int tls1_final_finish_mac(SSL *s,
q=buf;
q=buf;
- EVP_MD_CTX_init(&ctx);
-
if (s->s3->handshake_buffer)
if (s->s3->handshake_buffer)
- ssl3_digest_cached_records(s);
+ if (!ssl3_digest_cached_records(s))
+ return 0;
+
+ EVP_MD_CTX_init(&ctx);
for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
{
if (mask & s->s3->tmp.new_cipher->algorithm2)
{
int hashsize = EVP_MD_size(md);
for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
{
if (mask & s->s3->tmp.new_cipher->algorithm2)
{
int hashsize = EVP_MD_size(md);
- if (
(size_t)hashsize >
(sizeof buf - (size_t)(q-buf)))
+ if (
hashsize < 0 || hashsize > (int)
(sizeof buf - (size_t)(q-buf)))
{
/* internal error: 'buf' is too small for this cipersuite! */
err = 1;
{
/* internal error: 'buf' is too small for this cipersuite! */
err = 1;
@@
-800,7
+815,7
@@
int tls1_final_finish_mac(SSL *s,
{
EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
EVP_DigestFinal_ex(&ctx,q,&i);
{
EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
EVP_DigestFinal_ex(&ctx,q,&i);
- if (i != hashsize) /* can't really happen */
+ if (i !=
(unsigned int)
hashsize) /* can't really happen */
err = 1;
q+=i;
}
err = 1;
q+=i;
}
@@
-829,6
+844,7
@@
int tls1_mac(SSL *ssl, unsigned char *md, int send)
EVP_MD_CTX hmac, *mac_ctx;
unsigned char buf[5];
int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
EVP_MD_CTX hmac, *mac_ctx;
unsigned char buf[5];
int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
+ int t;
if (send)
{
if (send)
{
@@
-845,7
+861,9
@@
int tls1_mac(SSL *ssl, unsigned char *md, int send)
hash=ssl->read_hash;
}
hash=ssl->read_hash;
}
- md_size=EVP_MD_CTX_size(hash);
+ t=EVP_MD_CTX_size(hash);
+ OPENSSL_assert(t >= 0);
+ md_size=t;
buf[0]=rec->type;
buf[1]=(unsigned char)(ssl->version>>8);
buf[0]=rec->type;
buf[1]=(unsigned char)(ssl->version>>8);
@@
-864,7
+882,7
@@
int tls1_mac(SSL *ssl, unsigned char *md, int send)
mac_ctx = &hmac;
}
mac_ctx = &hmac;
}
- if (ssl->version == DTLS1_VERSION)
+ if (ssl->version == DTLS1_VERSION
|| ssl->version == DTLS1_BAD_VER
)
{
unsigned char dtlsseq[8],*p=dtlsseq;
{
unsigned char dtlsseq[8],*p=dtlsseq;
@@
-878,9
+896,10
@@
int tls1_mac(SSL *ssl, unsigned char *md, int send)
EVP_DigestSignUpdate(mac_ctx,buf,5);
EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
EVP_DigestSignUpdate(mac_ctx,buf,5);
EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
- if (stream_mac) EVP_MD_CTX_copy(&hmac,hash);
- EVP_DigestSignFinal(&hmac,md,&md_size);
- EVP_MD_CTX_cleanup(&hmac);
+ t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
+ OPENSSL_assert(t > 0);
+
+ if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
#ifdef TLS_DEBUG
printf("sec=");
{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
#ifdef TLS_DEBUG
printf("sec=");
{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
@@
-892,7
+911,7
@@
printf("rec=");
{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
#endif
{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
#endif
- if (ssl->version != DTLS1_VERSION)
+ if (ssl->version != DTLS1_VERSION
&& ssl->version != DTLS1_BAD_VER
)
{
for (i=7; i>=0; i--)
{
{
for (i=7; i>=0; i--)
{