projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix memory leak.
[openssl.git]
/
ssl
/
t1_enc.c
diff --git
a/ssl/t1_enc.c
b/ssl/t1_enc.c
index 81583ecae9f770c60f6bb96cae3644682f4c1056..11cd1b6e8233a94c9368da11735c0e7222f21b2e 100644
(file)
--- a/
ssl/t1_enc.c
+++ b/
ssl/t1_enc.c
@@
-180,9
+180,10
@@
int tls1_change_cipher_state(SSL *s, int which)
const EVP_CIPHER *c;
const SSL_COMP *comp;
const EVP_MD *m;
const EVP_CIPHER *c;
const SSL_COMP *comp;
const EVP_MD *m;
- int _exp,n,i,j,k,exp_label_len,cl;
+ int is_export,n,i,j,k,exp_label_len,cl;
+ int reuse_dd = 0;
-
_exp
=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+
is_export
=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
comp=s->s3->tmp.new_compression;
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
comp=s->s3->tmp.new_compression;
@@
-205,9
+206,9
@@
int tls1_change_cipher_state(SSL *s, int which)
if (which & SSL3_CC_READ)
{
if (which & SSL3_CC_READ)
{
- if (
(s->enc_read_ctx == NULL) &&
- ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-
OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
)
+ if (
s->enc_read_ctx != NULL)
+ reuse_dd = 1;
+
else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL
)
goto err;
dd= s->enc_read_ctx;
s->read_hash=m;
goto err;
dd= s->enc_read_ctx;
s->read_hash=m;
@@
-235,6
+236,10
@@
int tls1_change_cipher_state(SSL *s, int which)
}
else
{
}
else
{
+ if (s->enc_write_ctx != NULL)
+ reuse_dd = 1;
+ else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+ goto err;
if ((s->enc_write_ctx == NULL) &&
((s->enc_write_ctx=(EVP_CIPHER_CTX *)
OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
if ((s->enc_write_ctx == NULL) &&
((s->enc_write_ctx=(EVP_CIPHER_CTX *)
OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
@@
-259,13
+264,15
@@
int tls1_change_cipher_state(SSL *s, int which)
mac_secret= &(s->s3->write_mac_secret[0]);
}
mac_secret= &(s->s3->write_mac_secret[0]);
}
+ if (reuse_dd)
+ EVP_CIPHER_CTX_cleanup(dd);
EVP_CIPHER_CTX_init(dd);
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c);
EVP_CIPHER_CTX_init(dd);
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c);
- j=
_exp
? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+ j=
is_export
? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c);
er1= &(s->s3->client_random[0]);
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c);
er1= &(s->s3->client_random[0]);
@@
-302,7
+309,7
@@
int tls1_change_cipher_state(SSL *s, int which)
printf("which = %04X\nmac key=",which);
{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
#endif
printf("which = %04X\nmac key=",which);
{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
#endif
- if (
_exp
)
+ if (
is_export
)
{
/* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-).
{
/* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-).
@@
-341,7
+348,7
@@
printf("which = %04X\nmac key=",which);
#ifdef KSSL_DEBUG
{
int i;
#ifdef KSSL_DEBUG
{
int i;
- printf("EVP_CipherInit(dd,c,key=,iv=,which)\n");
+ printf("EVP_CipherInit
_ex
(dd,c,key=,iv=,which)\n");
printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
printf("\n");
printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
printf("\n");
printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
@@
-349,7
+356,7
@@
printf("which = %04X\nmac key=",which);
}
#endif /* KSSL_DEBUG */
}
#endif /* KSSL_DEBUG */
- EVP_CipherInit
(dd,c
,key,iv,(which & SSL3_CC_WRITE));
+ EVP_CipherInit
_ex(dd,c,NULL
,key,iv,(which & SSL3_CC_WRITE));
#ifdef TLS_DEBUG
printf("which = %04X\nkey=",which);
{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
#ifdef TLS_DEBUG
printf("which = %04X\nkey=",which);
{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
@@
-552,7
+559,8
@@
int tls1_enc(SSL *s, int send)
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
* by caller: we don't want to reveal whether this is
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
* by caller: we don't want to reveal whether this is
- * a decryption error or a MAC verification failure. */
+ * a decryption error or a MAC verification failure
+ * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
return -1;
}
for (j=(int)(l-i); j<(int)l; j++)
return -1;
}
for (j=(int)(l-i); j<(int)l; j++)
@@
-575,8
+583,8
@@
int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_copy(&ctx,in_ctx);
- EVP_DigestFinal(&ctx,out,&ret);
+ EVP_MD_CTX_copy
_ex
(&ctx,in_ctx);
+ EVP_DigestFinal
_ex
(&ctx,out,&ret);
EVP_MD_CTX_cleanup(&ctx);
return((int)ret);
}
EVP_MD_CTX_cleanup(&ctx);
return((int)ret);
}
@@
-594,11
+602,11
@@
int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
q+=slen;
EVP_MD_CTX_init(&ctx);
q+=slen;
EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_copy(&ctx,in1_ctx);
- EVP_DigestFinal(&ctx,q,&i);
+ EVP_MD_CTX_copy
_ex
(&ctx,in1_ctx);
+ EVP_DigestFinal
_ex
(&ctx,q,&i);
q+=i;
q+=i;
- EVP_MD_CTX_copy(&ctx,in2_ctx);
- EVP_DigestFinal(&ctx,q,&i);
+ EVP_MD_CTX_copy
_ex
(&ctx,in2_ctx);
+ EVP_DigestFinal
_ex
(&ctx,q,&i);
q+=i;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
q+=i;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),