X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_enc.c;h=ea9042b1656043756dc58a4eab6eeff04efdfdfc;hp=54e48c3e1fcda54ac1de274f7589b08765b0ad43;hb=16f8d4ebf0fd4847fa83d9c61f4150273cb4f533;hpb=0f113f3ee4d629ef9a4a30911b22b224772085e5 diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 54e48c3e1f..ea9042b165 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -244,7 +244,7 @@ int ssl3_change_cipher_state(SSL *s, int which) if (s->enc_read_ctx != NULL) reuse_dd = 1; else if ((s->enc_read_ctx = - OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) + OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL) goto err; else /* @@ -253,13 +253,14 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_CIPHER_CTX_init(s->enc_read_ctx); dd = s->enc_read_ctx; - ssl_replace_hash(&s->read_hash, m); + if (!ssl_replace_hash(&s->read_hash, m)) { + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } #ifndef OPENSSL_NO_COMP /* COMPRESS */ - if (s->expand != NULL) { - COMP_CTX_free(s->expand); - s->expand = NULL; - } + COMP_CTX_free(s->expand); + s->expand = NULL; if (comp != NULL) { s->expand = COMP_CTX_new(comp); if (s->expand == NULL) { @@ -267,20 +268,17 @@ int ssl3_change_cipher_state(SSL *s, int which) SSL_R_COMPRESSION_LIBRARY_ERROR); goto err2; } - if (s->s3->rrec.comp == NULL) - s->s3->rrec.comp = (unsigned char *) - OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH); - if (s->s3->rrec.comp == NULL) + if (!RECORD_LAYER_setup_comp_buffer(&s->rlayer)) goto err; } #endif - memset(&(s->s3->read_sequence[0]), 0, 8); + RECORD_LAYER_reset_read_sequence(&s->rlayer); mac_secret = &(s->s3->read_mac_secret[0]); } else { if (s->enc_write_ctx != NULL) reuse_dd = 1; else if ((s->enc_write_ctx = - OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) + OPENSSL_malloc(sizeof(*s->enc_write_ctx))) == NULL) goto err; else /* @@ -288,13 +286,14 @@ int ssl3_change_cipher_state(SSL *s, int which) */ EVP_CIPHER_CTX_init(s->enc_write_ctx); dd = s->enc_write_ctx; - ssl_replace_hash(&s->write_hash, m); + if (!ssl_replace_hash(&s->write_hash, m)) { + SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } #ifndef OPENSSL_NO_COMP /* COMPRESS */ - if (s->compress != NULL) { - COMP_CTX_free(s->compress); - s->compress = NULL; - } + COMP_CTX_free(s->compress); + s->compress = NULL; if (comp != NULL) { s->compress = COMP_CTX_new(comp); if (s->compress == NULL) { @@ -304,7 +303,7 @@ int ssl3_change_cipher_state(SSL *s, int which) } } #endif - memset(&(s->s3->write_sequence[0]), 0, 8); + RECORD_LAYER_reset_write_sequence(&s->rlayer); mac_secret = &(s->s3->write_mac_secret[0]); } @@ -468,92 +467,14 @@ int ssl3_setup_key_block(SSL *s) void ssl3_cleanup_key_block(SSL *s) { - if (s->s3->tmp.key_block != NULL) { - OPENSSL_cleanse(s->s3->tmp.key_block, s->s3->tmp.key_block_length); - OPENSSL_free(s->s3->tmp.key_block); - s->s3->tmp.key_block = NULL; - } + OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length); + s->s3->tmp.key_block = NULL; s->s3->tmp.key_block_length = 0; } -/*- - * ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. - * - * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too - * short etc). - * 1: if the record's padding is valid / the encryption was successful. - * -1: if the record's padding is invalid or, if sending, an internal error - * occurred. - */ -int ssl3_enc(SSL *s, int send) -{ - SSL3_RECORD *rec; - EVP_CIPHER_CTX *ds; - unsigned long l; - int bs, i, mac_size = 0; - const EVP_CIPHER *enc; - - if (send) { - ds = s->enc_write_ctx; - rec = &(s->s3->wrec); - if (s->enc_write_ctx == NULL) - enc = NULL; - else - enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); - } else { - ds = s->enc_read_ctx; - rec = &(s->s3->rrec); - if (s->enc_read_ctx == NULL) - enc = NULL; - else - enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); - } - - if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { - memmove(rec->data, rec->input, rec->length); - rec->input = rec->data; - } else { - l = rec->length; - bs = EVP_CIPHER_block_size(ds->cipher); - - /* COMPRESS */ - - if ((bs != 1) && send) { - i = bs - ((int)l % bs); - - /* we need to add 'i-1' padding bytes */ - l += i; - /* - * the last of these zero bytes will be overwritten with the - * padding length. - */ - memset(&rec->input[rec->length], 0, i); - rec->length += i; - rec->input[l - 1] = (i - 1); - } - - if (!send) { - if (l == 0 || l % bs != 0) - return 0; - /* otherwise, rec->length >= bs */ - } - - if (EVP_Cipher(ds, rec->data, rec->input, l) < 1) - return -1; - - if (EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); - if ((bs != 1) && !send) - return ssl3_cbc_remove_padding(s, rec, bs, mac_size); - } - return (1); -} - void ssl3_init_finished_mac(SSL *s) { - if (s->s3->handshake_buffer) - BIO_free(s->s3->handshake_buffer); + BIO_free(s->s3->handshake_buffer); if (s->s3->handshake_dgst) ssl3_free_digest_list(s); s->s3->handshake_buffer = BIO_new(BIO_s_mem()); @@ -598,12 +519,13 @@ int ssl3_digest_cached_records(SSL *s) /* Allocate handshake_dgst array */ ssl3_free_digest_list(s); s->s3->handshake_dgst = - OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *)); + OPENSSL_malloc(sizeof(*s->s3->handshake_dgst) * SSL_MAX_DIGEST); if (s->s3->handshake_dgst == NULL) { SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); return 0; } - memset(s->s3->handshake_dgst, 0, SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *)); + memset(s->s3->handshake_dgst, 0, + sizeof(*s->s3->handshake_dgst) * SSL_MAX_DIGEST); hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); if (hdatalen <= 0) { SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH); @@ -710,111 +632,6 @@ static int ssl3_handshake_mac(SSL *s, int md_nid, return ((int)ret); } -int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) -{ - SSL3_RECORD *rec; - unsigned char *mac_sec, *seq; - EVP_MD_CTX md_ctx; - const EVP_MD_CTX *hash; - unsigned char *p, rec_char; - size_t md_size; - int npad; - int t; - - if (send) { - rec = &(ssl->s3->wrec); - mac_sec = &(ssl->s3->write_mac_secret[0]); - seq = &(ssl->s3->write_sequence[0]); - hash = ssl->write_hash; - } else { - rec = &(ssl->s3->rrec); - mac_sec = &(ssl->s3->read_mac_secret[0]); - seq = &(ssl->s3->read_sequence[0]); - hash = ssl->read_hash; - } - - t = EVP_MD_CTX_size(hash); - if (t < 0) - return -1; - md_size = t; - npad = (48 / md_size) * md_size; - - if (!send && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(hash)) { - /* - * This is a CBC-encrypted record. We must avoid leaking any - * timing-side channel information about how many blocks of data we - * are hashing because that gives an attacker a timing-oracle. - */ - - /*- - * npad is, at most, 48 bytes and that's with MD5: - * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. - * - * With SHA-1 (the largest hash speced for SSLv3) the hash size - * goes up 4, but npad goes down by 8, resulting in a smaller - * total size. */ - unsigned char header[75]; - unsigned j = 0; - memcpy(header + j, mac_sec, md_size); - j += md_size; - memcpy(header + j, ssl3_pad_1, npad); - j += npad; - memcpy(header + j, seq, 8); - j += 8; - header[j++] = rec->type; - header[j++] = rec->length >> 8; - header[j++] = rec->length & 0xff; - - /* Final param == is SSLv3 */ - ssl3_cbc_digest_record(hash, - md, &md_size, - header, rec->input, - rec->length + md_size, rec->orig_len, - mac_sec, md_size, 1); - } else { - unsigned int md_size_u; - /* Chop the digest off the end :-) */ - EVP_MD_CTX_init(&md_ctx); - - EVP_MD_CTX_copy_ex(&md_ctx, hash); - EVP_DigestUpdate(&md_ctx, mac_sec, md_size); - EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad); - EVP_DigestUpdate(&md_ctx, seq, 8); - rec_char = rec->type; - EVP_DigestUpdate(&md_ctx, &rec_char, 1); - p = md; - s2n(rec->length, p); - EVP_DigestUpdate(&md_ctx, md, 2); - EVP_DigestUpdate(&md_ctx, rec->input, rec->length); - EVP_DigestFinal_ex(&md_ctx, md, NULL); - - EVP_MD_CTX_copy_ex(&md_ctx, hash); - EVP_DigestUpdate(&md_ctx, mac_sec, md_size); - EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad); - EVP_DigestUpdate(&md_ctx, md, md_size); - EVP_DigestFinal_ex(&md_ctx, md, &md_size_u); - md_size = md_size_u; - - EVP_MD_CTX_cleanup(&md_ctx); - } - - ssl3_record_sequence_update(seq); - return (md_size); -} - -void ssl3_record_sequence_update(unsigned char *seq) -{ - int i; - - for (i = 7; i >= 0; i--) { - ++seq[i]; - if (seq[i] != 0) - break; - } -} - int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int len) { @@ -870,6 +687,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s, s->msg_callback_arg); } #endif + OPENSSL_cleanse(buf, sizeof buf); return (ret); }