X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Fs2_enc.c;h=a35968f63a7f7d7e30e70ea224754d10411ed73c;hb=aae3233e1e08e9f11742f8f351af5c98cd8add16;hp=b915f099e55a73b4e94d106697b5dec03059d126;hpb=b7896b3cb86d80206af14a14d69b0717786f2729;p=openssl.git diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index b915f099e5..a35968f63a 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -1,5 +1,5 @@ /* ssl/s2_enc.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -56,52 +56,56 @@ * [including the GNU Public Licence.] */ -#include #include "ssl_locl.h" +#ifndef OPENSSL_NO_SSL2 +#include -#define RS 0 -#define WS 1 - -int ssl2_enc_init(s, client) -SSL *s; -int client; +int ssl2_enc_init(SSL *s, int client) { /* Max number of bytes needed */ EVP_CIPHER_CTX *rs,*ws; - EVP_CIPHER *c; - EVP_MD *md; + const EVP_CIPHER *c; + const EVP_MD *md; int num; - if (!ssl_cipher_get_evp(s->session->cipher,&c,&md)) + if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL)) { ssl2_return_error(s,SSL2_PE_NO_CIPHER); SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); return(0); } - - s->read_hash=md; - s->write_hash=md; + ssl_replace_hash(&s->read_hash,md); + ssl_replace_hash(&s->write_hash,md); if ((s->enc_read_ctx == NULL) && ((s->enc_read_ctx=(EVP_CIPHER_CTX *) - Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) goto err; + + /* make sure it's intialized in case the malloc for enc_write_ctx fails + * and we exit with an error */ + rs= s->enc_read_ctx; + EVP_CIPHER_CTX_init(rs); + if ((s->enc_write_ctx == NULL) && ((s->enc_write_ctx=(EVP_CIPHER_CTX *) - Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) goto err; - rs= s->enc_read_ctx; ws= s->enc_write_ctx; + EVP_CIPHER_CTX_init(ws); num=c->key_len; s->s2->key_material_length=num*2; + OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material); - ssl2_generate_key_material(s); + if (ssl2_generate_key_material(s) <= 0) + return 0; - EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]), + OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg)); + EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); - EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]), + EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), s->session->key_arg); s->s2->read_key= &(s->s2->key_material[(client)?0:num]); s->s2->write_key= &(s->s2->key_material[(client)?num:0]); @@ -112,11 +116,10 @@ err: } /* read/writes from s->s2->mac_data using length for encrypt and - * decrypt. It sets the s->s2->padding, s->[rw]length and - * s->s2->pad_data ptr if we are encrypting */ -void ssl2_enc(s,send) -SSL *s; -int send; + * decrypt. It sets s->s2->padding and s->[rw]length + * if we are encrypting + * Returns 0 on error and 1 on success */ +int ssl2_enc(SSL *s, int send) { EVP_CIPHER_CTX *ds; unsigned long l; @@ -134,7 +137,7 @@ int send; } /* check for NULL cipher */ - if (ds == NULL) return; + if (ds == NULL) return 1; bs=ds->cipher->block_size; @@ -143,13 +146,13 @@ int send; if (bs == 8) l=(l+7)/8*8; - EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l); + if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1) + return 0; + + return 1; } -void ssl2_mac(s, md,send) -SSL *s; -unsigned char *md; -int send; +void ssl2_mac(SSL *s, unsigned char *md, int send) { EVP_MD_CTX c; unsigned char sequence[4],*p,*sec,*act; @@ -175,13 +178,20 @@ int send; l2n(seq,p); /* There has to be a MAC algorithm. */ - EVP_DigestInit(&c,s->read_hash); + EVP_MD_CTX_init(&c); + EVP_MD_CTX_copy(&c, s->read_hash); EVP_DigestUpdate(&c,sec, EVP_CIPHER_CTX_key_length(s->enc_read_ctx)); EVP_DigestUpdate(&c,act,len); /* the above line also does the pad data */ EVP_DigestUpdate(&c,sequence,4); - EVP_DigestFinal(&c,md,NULL); - /* some would say I should zero the md context */ + EVP_DigestFinal_ex(&c,md,NULL); + EVP_MD_CTX_cleanup(&c); } +#else /* !OPENSSL_NO_SSL2 */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif +#endif