X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_enc.c;h=6d9f986d58e003b6ee614636b5aedd99680ae283;hp=2fbfead2cf554d3c53b0d8d7238f6e44219f9ee1;hb=287973746edec466d6e9cac72e27cf2978da8629;hpb=323f289c480b0a8eb15ed3be2befbcc0f86e8904 diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 2fbfead2cf..6d9f986d58 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -59,6 +59,7 @@ #include #include #include "ssl_locl.h" +#include static unsigned char ssl3_pad_1[48]={ 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, @@ -91,6 +92,8 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) c = os_toascii[c]; /*'A' in ASCII */ #endif k=0; + EVP_MD_CTX_init(&m5); + EVP_MD_CTX_init(&s1); for (i=0; isession->master_key, s->session->master_key_length); EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); - EVP_DigestFinal(&s1,smd,NULL); + EVP_DigestFinal_ex(&s1,smd,NULL); - EVP_DigestInit(&m5,EVP_md5()); + EVP_DigestInit_ex(&m5,EVP_md5(), NULL); EVP_DigestUpdate(&m5,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); if ((i+MD5_DIGEST_LENGTH) > num) { - EVP_DigestFinal(&m5,smd,NULL); + EVP_DigestFinal_ex(&m5,smd,NULL); memcpy(km,smd,(num-i)); } else - EVP_DigestFinal(&m5,km,NULL); + EVP_DigestFinal_ex(&m5,km,NULL); km+=MD5_DIGEST_LENGTH; } memset(smd,0,SHA_DIGEST_LENGTH); + EVP_MD_CTX_cleanup(&m5); + EVP_MD_CTX_cleanup(&s1); return 1; } @@ -142,6 +147,7 @@ int ssl3_change_cipher_state(SSL *s, int which) const EVP_MD *m; EVP_MD_CTX md; int exp,n,i,j,k,cl; + int reuse_dd = 0; exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c=s->s3->tmp.new_sym_enc; @@ -154,9 +160,9 @@ int ssl3_change_cipher_state(SSL *s, int which) if (which & SSL3_CC_READ) { - if ((s->enc_read_ctx == NULL) && - ((s->enc_read_ctx=(EVP_CIPHER_CTX *) - OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + if (s->enc_read_ctx != NULL) + reuse_dd = 1; + else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) goto err; dd= s->enc_read_ctx; s->read_hash=m; @@ -185,9 +191,9 @@ int ssl3_change_cipher_state(SSL *s, int which) } else { - if ((s->enc_write_ctx == NULL) && - ((s->enc_write_ctx=(EVP_CIPHER_CTX *) - OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + if (s->enc_write_ctx != NULL) + reuse_dd = 1; + else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) goto err; dd= s->enc_write_ctx; s->write_hash=m; @@ -210,6 +216,8 @@ int ssl3_change_cipher_state(SSL *s, int which) mac_secret= &(s->s3->write_mac_secret[0]); } + if (reuse_dd) + EVP_CIPHER_CTX_cleanup(dd); EVP_CIPHER_CTX_init(dd); p=s->s3->tmp.key_block; @@ -244,35 +252,37 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err2; } + EVP_MD_CTX_init(&md); memcpy(mac_secret,ms,i); if (exp) { /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). */ - EVP_DigestInit(&md,EVP_md5()); + EVP_DigestInit_ex(&md,EVP_md5(), NULL); EVP_DigestUpdate(&md,key,j); EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); - EVP_DigestFinal(&md,&(exp_key[0]),NULL); + EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL); key= &(exp_key[0]); if (k > 0) { - EVP_DigestInit(&md,EVP_md5()); + EVP_DigestInit_ex(&md,EVP_md5(), NULL); EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); - EVP_DigestFinal(&md,&(exp_iv[0]),NULL); + EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL); iv= &(exp_iv[0]); } } s->session->key_arg_length=0; - EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); + EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); memset(&(exp_key[0]),0,sizeof(exp_key)); memset(&(exp_iv[0]),0,sizeof(exp_iv)); + EVP_MD_CTX_cleanup(&md); return(1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); @@ -386,8 +396,8 @@ int ssl3_enc(SSL *s, int send) if (l == 0 || l%bs != 0) { SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); - return(0); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); + return 0; } } @@ -400,9 +410,11 @@ int ssl3_enc(SSL *s, int send) * padding bytes (except that last) are arbitrary */ if (i > bs) { - SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); - return(0); + /* Incorrect padding. SSLerr() and ssl3_alert are done + * by caller: we don't want to reveal whether this is + * a decryption error or a MAC verification failure + * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ + return -1; } rec->length-=i; } @@ -412,8 +424,8 @@ int ssl3_enc(SSL *s, int send) void ssl3_init_finished_mac(SSL *s) { - EVP_DigestInit(&(s->s3->finish_dgst1),s->ctx->md5); - EVP_DigestInit(&(s->s3->finish_dgst2),s->ctx->sha1); + EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); + EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); } void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) @@ -447,7 +459,8 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char md_buf[EVP_MAX_MD_SIZE]; EVP_MD_CTX ctx; - EVP_MD_CTX_copy(&ctx,in_ctx); + EVP_MD_CTX_init(&ctx); + EVP_MD_CTX_copy_ex(&ctx,in_ctx); n=EVP_MD_CTX_size(&ctx); npad=(48/n)*n; @@ -457,16 +470,16 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, EVP_DigestUpdate(&ctx,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); - EVP_DigestFinal(&ctx,md_buf,&i); + EVP_DigestFinal_ex(&ctx,md_buf,&i); - EVP_DigestInit(&ctx,EVP_MD_CTX_md(&ctx)); + EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL); EVP_DigestUpdate(&ctx,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); EVP_DigestUpdate(&ctx,md_buf,i); - EVP_DigestFinal(&ctx,p,&ret); + EVP_DigestFinal_ex(&ctx,p,&ret); - memset(&ctx,0,sizeof(EVP_MD_CTX)); + EVP_MD_CTX_cleanup(&ctx); return((int)ret); } @@ -500,8 +513,9 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send) npad=(48/md_size)*md_size; /* Chop the digest off the end :-) */ + EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit( &md_ctx,hash); + EVP_DigestInit_ex( &md_ctx,hash, NULL); EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); EVP_DigestUpdate(&md_ctx,seq,8); @@ -511,13 +525,15 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send) s2n(rec->length,p); EVP_DigestUpdate(&md_ctx,md,2); EVP_DigestUpdate(&md_ctx,rec->input,rec->length); - EVP_DigestFinal( &md_ctx,md,NULL); + EVP_DigestFinal_ex( &md_ctx,md,NULL); - EVP_DigestInit( &md_ctx,hash); + EVP_DigestInit_ex( &md_ctx,hash, NULL); EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); EVP_DigestUpdate(&md_ctx,md,md_size); - EVP_DigestFinal( &md_ctx,md,&md_size); + EVP_DigestFinal_ex( &md_ctx,md,&md_size); + + EVP_MD_CTX_cleanup(&md_ctx); for (i=7; i>=0; i--) { @@ -547,24 +563,26 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int i,ret=0; unsigned int n; + EVP_MD_CTX_init(&ctx); for (i=0; i<3; i++) { - EVP_DigestInit(&ctx,s->ctx->sha1); + EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL); EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i])); EVP_DigestUpdate(&ctx,p,len); EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]), SSL3_RANDOM_SIZE); EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]), SSL3_RANDOM_SIZE); - EVP_DigestFinal(&ctx,buf,&n); + EVP_DigestFinal_ex(&ctx,buf,&n); - EVP_DigestInit(&ctx,s->ctx->md5); + EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL); EVP_DigestUpdate(&ctx,p,len); EVP_DigestUpdate(&ctx,buf,n); - EVP_DigestFinal(&ctx,out,&n); + EVP_DigestFinal_ex(&ctx,out,&n); out+=n; ret+=n; } + EVP_MD_CTX_cleanup(&ctx); return(ret); }