#include <stdio.h>
#include <openssl/comp.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include "ssl_locl.h"
+#include <openssl/md5.h>
static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
int sec_len, unsigned char *seed, int seed_len,
chunk=EVP_MD_size(md);
+ HMAC_CTX_init(&ctx);
+ HMAC_CTX_init(&ctx_tmp);
HMAC_Init(&ctx,sec,sec_len,md);
+ HMAC_Init(&ctx_tmp,sec,sec_len,md);
HMAC_Update(&ctx,seed,seed_len);
HMAC_Final(&ctx,A1,&A1_len);
for (;;)
{
HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
+ HMAC_Init(&ctx_tmp,NULL,0,NULL); /* re-init */
HMAC_Update(&ctx,A1,A1_len);
- memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */
+ HMAC_Update(&ctx_tmp,A1,A1_len);
HMAC_Update(&ctx,seed,seed_len);
if (olen > chunk)
break;
}
}
- HMAC_cleanup(&ctx);
- HMAC_cleanup(&ctx_tmp);
+ HMAC_CTX_cleanup(&ctx);
+ HMAC_CTX_cleanup(&ctx_tmp);
memset(A1,0,sizeof(A1));
}
const EVP_CIPHER *c;
const SSL_COMP *comp;
const EVP_MD *m;
- int _exp,n,i,j,k,exp_label_len,cl;
+ int is_export,n,i,j,k,exp_label_len,cl;
+ int reuse_dd = 0;
- _exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+ is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
comp=s->s3->tmp.new_compression;
if (which & SSL3_CC_READ)
{
- if ((s->enc_read_ctx == NULL) &&
- ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+ if (s->enc_read_ctx != NULL)
+ reuse_dd = 1;
+ else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
goto err;
dd= s->enc_read_ctx;
s->read_hash=m;
}
else
{
+ if (s->enc_write_ctx != NULL)
+ reuse_dd = 1;
+ else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+ goto err;
if ((s->enc_write_ctx == NULL) &&
((s->enc_write_ctx=(EVP_CIPHER_CTX *)
OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
mac_secret= &(s->s3->write_mac_secret[0]);
}
+ if (reuse_dd)
+ EVP_CIPHER_CTX_cleanup(dd);
EVP_CIPHER_CTX_init(dd);
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
cl=EVP_CIPHER_key_length(c);
- j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+ j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+ cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
k=EVP_CIPHER_iv_length(c);
er1= &(s->s3->client_random[0]);
if (n > s->s3->tmp.key_block_length)
{
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
goto err2;
}
printf("which = %04X\nmac key=",which);
{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
#endif
- if (_exp)
+ if (is_export)
{
/* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-).
#ifdef KSSL_DEBUG
{
int i;
- printf("EVP_CipherInit(dd,c,key=,iv=,which)\n");
+ printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
printf("\n");
printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
}
#endif /* KSSL_DEBUG */
- EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+ EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
#ifdef TLS_DEBUG
printf("which = %04X\nkey=",which);
{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
if ((s->session == NULL) || (ds == NULL) ||
(enc == NULL))
{
- memcpy(rec->data,rec->input,rec->length);
+ memmove(rec->data,rec->input,rec->length);
rec->input=rec->data;
}
else
#ifdef KSSL_DEBUG
{
- unsigned long i;
+ unsigned long ui;
printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
ds,rec->data,rec->input,l);
printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
printf("\n");
printf("\trec->input=");
- for (i=0; i<l; i++) printf(" %02x", rec->input[i]);
+ for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
printf("\n");
}
#endif /* KSSL_DEBUG */
+ if (!send)
+ {
+ if (l == 0 || l%bs != 0)
+ {
+ SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+ return 0;
+ }
+ }
+
EVP_Cipher(ds,rec->data,rec->input,l);
#ifdef KSSL_DEBUG
if ((bs != 1) && !send)
{
- ii=i=rec->data[l-1];
+ ii=i=rec->data[l-1]; /* padding_length */
i++;
if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
{
if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
i--;
}
+ /* TLS 1.0 does not bound the number of padding bytes by the block size.
+ * All of them must have value 'padding_length'. */
if (i > (int)rec->length)
{
- SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return(0);
+ /* Incorrect padding. SSLerr() and ssl3_alert are done
+ * by caller: we don't want to reveal whether this is
+ * a decryption error or a MAC verification failure
+ * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+ return -1;
}
for (j=(int)(l-i); j<(int)l; j++)
{
if (rec->data[j] != ii)
{
- SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return(0);
+ /* Incorrect padding */
+ return -1;
}
}
rec->length-=i;
unsigned int ret;
EVP_MD_CTX ctx;
- EVP_MD_CTX_copy(&ctx,in_ctx);
- EVP_DigestFinal(&ctx,out,&ret);
+ EVP_MD_CTX_init(&ctx);
+ EVP_MD_CTX_copy_ex(&ctx,in_ctx);
+ EVP_DigestFinal_ex(&ctx,out,&ret);
+ EVP_MD_CTX_cleanup(&ctx);
return((int)ret);
}
memcpy(q,str,slen);
q+=slen;
- EVP_MD_CTX_copy(&ctx,in1_ctx);
- EVP_DigestFinal(&ctx,q,&i);
+ EVP_MD_CTX_init(&ctx);
+ EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
+ EVP_DigestFinal_ex(&ctx,q,&i);
q+=i;
- EVP_MD_CTX_copy(&ctx,in2_ctx);
- EVP_DigestFinal(&ctx,q,&i);
+ EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
+ EVP_DigestFinal_ex(&ctx,q,&i);
q+=i;
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
s->session->master_key,s->session->master_key_length,
out,buf2,12);
- memset(&ctx,0,sizeof(EVP_MD_CTX));
+ EVP_MD_CTX_cleanup(&ctx);
return((int)12);
}
buf[4]=rec->length&0xff;
/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+ HMAC_CTX_init(&hmac);
HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
HMAC_Update(&hmac,seq,8);
HMAC_Update(&hmac,buf,5);
HMAC_Update(&hmac,rec->input,rec->length);
HMAC_Final(&hmac,md,&md_size);
+ HMAC_CTX_cleanup(&hmac);
#ifdef TLS_DEBUG
printf("sec=");
#endif
for (i=7; i>=0; i--)
- if (++seq[i]) break;
+ {
+ ++seq[i];
+ if (seq[i] != 0) break;
+ }
#ifdef TLS_DEBUG
{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
projects / openssl.git / blobdiff