Add information on 0.9.6a (in a form such that the list can be

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index fd0edf2895c39a438907a3bce80d8860d5474410..b27e9562b96cb2580c99013ecb415237fa1b1897 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -81,11 +81,11 @@ static unsigned char ssl3_pad_2[48]={
 static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
        const char *sender, int len, unsigned char *p);
 
-static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
+static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
        {
        MD5_CTX m5;
        SHA_CTX s1;
-       unsigned char buf[8],smd[SHA_DIGEST_LENGTH];
+       unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
        unsigned char c='A';
        int i,j,k;
 
@@ -96,6 +96,13 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
        for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
                {
                k++;
+               if (k > sizeof buf)
+                       {
+                       /* bug: 'buf' is too small for this ciphersuite */
+                       SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+                       return 0;
+                       }
+               
                for (j=0; j<k; j++)
                        buf[j]=c;
                c++;
@@ -122,6 +129,7 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
                km+=MD5_DIGEST_LENGTH;
                }
        memset(smd,0,SHA_DIGEST_LENGTH);
+       return 1;
        }
 
 int ssl3_change_cipher_state(SSL *s, int which)
@@ -150,7 +158,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                {
                if ((s->enc_read_ctx == NULL) &&
                        ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-                       Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                       OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                        goto err;
                dd= s->enc_read_ctx;
                s->read_hash=m;
@@ -170,7 +178,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                                }
                        if (s->s3->rrec.comp == NULL)
                                s->s3->rrec.comp=(unsigned char *)
-                                       Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
+                                       OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);
                        if (s->s3->rrec.comp == NULL)
                                goto err;
                        }
@@ -181,7 +189,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                {
                if ((s->enc_write_ctx == NULL) &&
                        ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-                       Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+                       OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                        goto err;
                dd= s->enc_write_ctx;
                s->write_hash=m;
@@ -234,7 +242,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
        if (n > s->s3->tmp.key_block_length)
                {
-               SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
+               SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
                goto err2;
                }
 
@@ -300,15 +308,14 @@ int ssl3_setup_key_block(SSL *s)
 
        ssl3_cleanup_key_block(s);
 
-       if ((p=(unsigned char *)Malloc(num)) == NULL)
+       if ((p=OPENSSL_malloc(num)) == NULL)
                goto err;
 
        s->s3->tmp.key_block_length=num;
        s->s3->tmp.key_block=p;
 
-       ssl3_generate_key_block(s,p,num);
+       return ssl3_generate_key_block(s,p,num);
 
-       return(1);
 err:
        SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
        return(0);
@@ -320,7 +327,7 @@ void ssl3_cleanup_key_block(SSL *s)
                {
                memset(s->s3->tmp.key_block,0,
                        s->s3->tmp.key_block_length);
-               Free(s->s3->tmp.key_block);
+               OPENSSL_free(s->s3->tmp.key_block);
                s->s3->tmp.key_block=NULL;
                }
        s->s3->tmp.key_block_length=0;
@@ -443,7 +450,7 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
        EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
        EVP_DigestFinal(&ctx,md_buf,&i);
 
-       EVP_DigestInit(&ctx,EVP_MD_CTX_type(&ctx));
+       EVP_DigestInit(&ctx,EVP_MD_CTX_md(&ctx));
        EVP_DigestUpdate(&ctx,s->session->master_key,
                s->session->master_key_length);
        EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
@@ -504,7 +511,10 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
        EVP_DigestFinal( &md_ctx,md,&md_size);
 
        for (i=7; i>=0; i--)
-               if (++seq[i]) break; 
+               {
+               ++seq[i];
+               if (seq[i] != 0) break; 
+               }
 
        return(md_size);
        }