* [including the GNU Public Licence.]
*/
-#include <stdio.h>
#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+#include <stdio.h>
-int ssl2_enc_init(s, client)
-SSL *s;
-int client;
+int ssl2_enc_init(SSL *s, int client)
{
/* Max number of bytes needed */
EVP_CIPHER_CTX *rs,*ws;
- EVP_CIPHER *c;
- EVP_MD *md;
+ const EVP_CIPHER *c;
+ const EVP_MD *md;
int num;
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
+ if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL, 0))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
return(0);
}
-
- s->read_hash=md;
- s->write_hash=md;
+ ssl_replace_hash(&s->read_hash,md);
+ ssl_replace_hash(&s->write_hash,md);
if ((s->enc_read_ctx == NULL) &&
((s->enc_read_ctx=(EVP_CIPHER_CTX *)
- Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+ OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
goto err;
+
+ /* make sure it's intialized in case the malloc for enc_write_ctx fails
+ * and we exit with an error */
+ rs= s->enc_read_ctx;
+ EVP_CIPHER_CTX_init(rs);
+
if ((s->enc_write_ctx == NULL) &&
((s->enc_write_ctx=(EVP_CIPHER_CTX *)
- Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+ OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
goto err;
- rs= s->enc_read_ctx;
ws= s->enc_write_ctx;
-
- EVP_CIPHER_CTX_init(rs);
EVP_CIPHER_CTX_init(ws);
num=c->key_len;
s->s2->key_material_length=num*2;
+ OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
- ssl2_generate_key_material(s);
+ if (ssl2_generate_key_material(s) <= 0)
+ return 0;
- EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+ OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));
+ EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
s->session->key_arg);
- EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
+ EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
s->session->key_arg);
s->s2->read_key= &(s->s2->key_material[(client)?0:num]);
s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
}
/* read/writes from s->s2->mac_data using length for encrypt and
- * decrypt. It sets the s->s2->padding, s->[rw]length and
- * s->s2->pad_data ptr if we are encrypting */
-void ssl2_enc(s,send)
-SSL *s;
-int send;
+ * decrypt. It sets s->s2->padding and s->[rw]length
+ * if we are encrypting */
+void ssl2_enc(SSL *s, int send)
{
EVP_CIPHER_CTX *ds;
unsigned long l;
EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
}
-void ssl2_mac(s, md,send)
-SSL *s;
-unsigned char *md;
-int send;
+void ssl2_mac(SSL *s, unsigned char *md, int send)
{
EVP_MD_CTX c;
unsigned char sequence[4],*p,*sec,*act;
l2n(seq,p);
/* There has to be a MAC algorithm. */
- EVP_DigestInit(&c,s->read_hash);
+ EVP_MD_CTX_init(&c);
+ EVP_MD_CTX_copy(&c, s->read_hash);
EVP_DigestUpdate(&c,sec,
EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
EVP_DigestUpdate(&c,act,len);
/* the above line also does the pad data */
EVP_DigestUpdate(&c,sequence,4);
- EVP_DigestFinal(&c,md,NULL);
- /* some would say I should zero the md context */
+ EVP_DigestFinal_ex(&c,md,NULL);
+ EVP_MD_CTX_cleanup(&c);
}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+#endif
projects / openssl.git / blobdiff