X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Ft1_enc.c;h=ae33bda78fc096f0a318a95ad6def63d8d97b55d;hb=cc85ec447b65509070a50414664d62d397701df9;hp=914b7434987fc286e3f29086cd5c6b99160148ef;hpb=d02f751ce1d13183a0c0e5528ec89f76587ed989;p=openssl.git

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 914b743498..ae33bda78f 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -148,6 +148,17 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km,
 	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
 		 s->session->master_key,s->session->master_key_length,
 		 km,tmp,num);
+#ifdef KSSL_DEBUG
+	printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
+                s->session->master_key_length);
+	{
+        int i;
+        for (i=0; i < s->session->master_key_length; i++)
+                {
+                printf("%02X", s->session->master_key[i]);
+                }
+        printf("\n");  }
+#endif    /* KSSL_DEBUG */
 	}
 
 int tls1_change_cipher_state(SSL *s, int which)
@@ -174,11 +185,26 @@ int tls1_change_cipher_state(SSL *s, int which)
 	comp=s->s3->tmp.new_compression;
 	key_block=s->s3->tmp.key_block;
 
+#ifdef KSSL_DEBUG
+	printf("tls1_change_cipher_state(which= %d) w/\n", which);
+	printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
+                comp);
+	printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
+	printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
+                c->nid,c->block_size,c->key_len,c->iv_len);
+	printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
+	{
+        int i;
+        for (i=0; i<s->s3->tmp.key_block_length; i++)
+		printf("%02x", key_block[i]);  printf("\n");
+        }
+#endif	/* KSSL_DEBUG */
+
 	if (which & SSL3_CC_READ)
 		{
 		if ((s->enc_read_ctx == NULL) &&
 			((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-			Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+			OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
 			goto err;
 		dd= s->enc_read_ctx;
 		s->read_hash=m;
@@ -197,7 +223,7 @@ int tls1_change_cipher_state(SSL *s, int which)
 				}
 			if (s->s3->rrec.comp == NULL)
 				s->s3->rrec.comp=(unsigned char *)
-					Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+					OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
 			if (s->s3->rrec.comp == NULL)
 				goto err;
 			}
@@ -208,7 +234,7 @@ int tls1_change_cipher_state(SSL *s, int which)
 		{
 		if ((s->enc_write_ctx == NULL) &&
 			((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-			Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+			OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
 			goto err;
 		dd= s->enc_write_ctx;
 		s->write_hash=m;
@@ -309,6 +335,16 @@ printf("which = %04X\nmac key=",which);
 		}
 
 	s->session->key_arg_length=0;
+#ifdef KSSL_DEBUG
+	{
+        int i;
+	printf("EVP_CipherInit(dd,c,key=,iv=,which)\n");
+	printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
+	printf("\n");
+	printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
+	printf("\n");
+	}
+#endif	/* KSSL_DEBUG */
 
 	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
 #ifdef TLS_DEBUG
@@ -338,6 +374,10 @@ int tls1_setup_key_block(SSL *s)
 	int num;
 	SSL_COMP *comp;
 
+#ifdef KSSL_DEBUG
+	printf ("tls1_setup_key_block()\n");
+#endif	/* KSSL_DEBUG */
+
 	if (s->s3->tmp.key_block_length != 0)
 		return(1);
 
@@ -355,9 +395,9 @@ int tls1_setup_key_block(SSL *s)
 
 	ssl3_cleanup_key_block(s);
 
-	if ((p1=(unsigned char *)Malloc(num)) == NULL)
+	if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
 		goto err;
-	if ((p2=(unsigned char *)Malloc(num)) == NULL)
+	if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
 		goto err;
 
 	s->s3->tmp.key_block_length=num;
@@ -374,7 +414,7 @@ printf("pre-master\n");
 #endif
 	tls1_generate_key_block(s,p1,p2,num);
 	memset(p2,0,num);
-	Free(p2);
+	OPENSSL_free(p2);
 #ifdef TLS_DEBUG
 printf("\nkey block\n");
 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
@@ -417,6 +457,10 @@ int tls1_enc(SSL *s, int send)
 			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
 		}
 
+#ifdef KSSL_DEBUG
+	printf("tls1_enc(%d)\n", send);
+#endif    /* KSSL_DEBUG */
+
 	if ((s->session == NULL) || (ds == NULL) ||
 		(enc == NULL))
 		{
@@ -447,8 +491,35 @@ int tls1_enc(SSL *s, int send)
 			rec->length+=i;
 			}
 
+#ifdef KSSL_DEBUG
+		{
+                unsigned long i;
+		printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+                        ds,rec->data,rec->input,l);
+		printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+                        ds->buf_len, ds->cipher->key_len,
+                        DES_KEY_SZ, DES_SCHEDULE_SZ,
+                        ds->cipher->iv_len);
+		printf("\t\tIV: ");
+		for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
+		printf("\n");
+		printf("\trec->input=");
+		for (i=0; i<l; i++) printf(" %02x", rec->input[i]);
+		printf("\n");
+		}
+#endif	/* KSSL_DEBUG */
+
 		EVP_Cipher(ds,rec->data,rec->input,l);
 
+#ifdef KSSL_DEBUG
+		{
+                unsigned long i;
+                printf("\trec->data=");
+		for (i=0; i<l; i++)
+                        printf(" %02x", rec->data[i]);  printf("\n");
+                }
+#endif	/* KSSL_DEBUG */
+
 		if ((bs != 1) && !send)
 			{
 			ii=i=rec->data[l-1];
@@ -494,7 +565,7 @@ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
 	}
 
 int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
-	     unsigned char *str, int slen, unsigned char *out)
+	     const char *str, int slen, unsigned char *out)
 	{
 	unsigned int i;
 	EVP_MD_CTX ctx;
@@ -586,6 +657,10 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 	unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
 	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
 
+#ifdef KSSL_DEBUG
+	printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
+#endif	/* KSSL_DEBUG */
+
 	/* Setup the stuff to munge */
 	memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
 		TLS_MD_MASTER_SECRET_CONST_SIZE);
@@ -596,6 +671,9 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 	tls1_PRF(s->ctx->md5,s->ctx->sha1,
 		buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
 		s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
+#ifdef KSSL_DEBUG
+	printf ("tls1_generate_master_secret() complete\n");
+#endif	/* KSSL_DEBUG */
 	return(SSL3_MASTER_SECRET_SIZE);
 	}
 
@@ -621,11 +699,11 @@ int tls1_alert_code(int code)
 	case SSL_AD_ACCESS_DENIED:	return(TLS1_AD_ACCESS_DENIED);
 	case SSL_AD_DECODE_ERROR:	return(TLS1_AD_DECODE_ERROR);
 	case SSL_AD_DECRYPT_ERROR:	return(TLS1_AD_DECRYPT_ERROR);
-	case SSL_AD_EXPORT_RESTRICION:	return(TLS1_AD_EXPORT_RESTRICION);
+	case SSL_AD_EXPORT_RESTRICTION:	return(TLS1_AD_EXPORT_RESTRICTION);
 	case SSL_AD_PROTOCOL_VERSION:	return(TLS1_AD_PROTOCOL_VERSION);
 	case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
 	case SSL_AD_INTERNAL_ERROR:	return(TLS1_AD_INTERNAL_ERROR);
-	case SSL_AD_USER_CANCLED:	return(TLS1_AD_USER_CANCLED);
+	case SSL_AD_USER_CANCELLED:	return(TLS1_AD_USER_CANCELLED);
 	case SSL_AD_NO_RENEGOTIATION:	return(TLS1_AD_NO_RENEGOTIATION);
 	default:			return(-1);
 		}