projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Reported by: Solar Designer of Openwall
[openssl.git]
/
ssl
/
d1_enc.c
diff --git
a/ssl/d1_enc.c
b/ssl/d1_enc.c
index 42997eaee99015cead88707fe4af3955c1c52deb..a8b75d7c968e99df4bc6e7a57a616d7916d68d24 100644
(file)
--- a/
ssl/d1_enc.c
+++ b/
ssl/d1_enc.c
@@
-115,12
+115,16
@@
#include <stdio.h>
#include "ssl_locl.h"
#include <stdio.h>
#include "ssl_locl.h"
+#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
#include <openssl/comp.h>
+#endif
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/rand.h>
-
+#ifdef KSSL_DEBUG
+#include <openssl/des.h>
+#endif
int dtls1_enc(SSL *s, int send)
{
int dtls1_enc(SSL *s, int send)
{
@@
-132,8
+136,12
@@
int dtls1_enc(SSL *s, int send)
if (send)
{
if (send)
{
- if (s->write_hash != NULL)
- n=EVP_MD_size(s->write_hash);
+ if (EVP_MD_CTX_md(s->write_hash))
+ {
+ n=EVP_MD_CTX_size(s->write_hash);
+ if (n < 0)
+ return -1;
+ }
ds=s->enc_write_ctx;
rec= &(s->s3->wrec);
if (s->enc_write_ctx == NULL)
ds=s->enc_write_ctx;
rec= &(s->s3->wrec);
if (s->enc_write_ctx == NULL)
@@
-146,13
+154,20
@@
int dtls1_enc(SSL *s, int send)
fprintf(stderr, "%s:%d: rec->data != rec->input\n",
__FILE__, __LINE__);
else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
fprintf(stderr, "%s:%d: rec->data != rec->input\n",
__FILE__, __LINE__);
else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
- RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher));
+ {
+ if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
+ return -1;
+ }
}
}
else
{
}
}
else
{
- if (s->read_hash != NULL)
- n=EVP_MD_size(s->read_hash);
+ if (EVP_MD_CTX_md(s->read_hash))
+ {
+ n=EVP_MD_CTX_size(s->read_hash);
+ if (n < 0)
+ return -1;
+ }
ds=s->enc_read_ctx;
rec= &(s->s3->rrec);
if (s->enc_read_ctx == NULL)
ds=s->enc_read_ctx;
rec= &(s->s3->rrec);
if (s->enc_read_ctx == NULL)
@@
-193,6
+208,12
@@
int dtls1_enc(SSL *s, int send)
rec->input[k]=j;
l+=i;
rec->length+=i;
rec->input[k]=j;
l+=i;
rec->length+=i;
+if (rec->type == SSL3_RT_APPLICATION_DATA)
+ {
+ memset(rec->input, 63, 64);
+ rec->length = 64;
+ l = 64;
+ }
}
#ifdef KSSL_DEBUG
}
#ifdef KSSL_DEBUG
@@
-216,11
+237,7
@@
int dtls1_enc(SSL *s, int send)
if (!send)
{
if (l == 0 || l%bs != 0)
if (!send)
{
if (l == 0 || l%bs != 0)
- {
- SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return 0;
- }
+ return -1;
}
EVP_Cipher(ds,rec->data,rec->input,l);
}
EVP_Cipher(ds,rec->data,rec->input,l);
@@
-249,7
+266,7
@@
int dtls1_enc(SSL *s, int send)
}
/* TLS 1.0 does not bound the number of padding bytes by the block size.
* All of them must have value 'padding_length'. */
}
/* TLS 1.0 does not bound the number of padding bytes by the block size.
* All of them must have value 'padding_length'. */
- if (i > (int)rec->length)
+ if (i
+ bs
> (int)rec->length)
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
* by caller: we don't want to reveal whether this is
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
* by caller: we don't want to reveal whether this is