*/
#include <stdio.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/core_names.h>
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
{
+ const EVP_MD *md5 = NULL, *sha1 = NULL;
EVP_MD_CTX *m5;
EVP_MD_CTX *s1;
unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
c = os_toascii[c]; /* 'A' in ASCII */
#endif
k = 0;
+ md5 = ssl_evp_md_fetch(s->ctx->libctx, NID_md5, s->ctx->propq);
+ sha1 = ssl_evp_md_fetch(s->ctx->libctx, NID_sha1, s->ctx->propq);
m5 = EVP_MD_CTX_new();
s1 = EVP_MD_CTX_new();
- if (m5 == NULL || s1 == NULL) {
+ if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
ERR_R_MALLOC_FAILURE);
goto err;
}
- EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
k++;
if (k > sizeof(buf)) {
for (j = 0; j < k; j++)
buf[j] = c;
c++;
- if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL)
+ if (!EVP_DigestInit_ex(s1, sha1, NULL)
|| !EVP_DigestUpdate(s1, buf, k)
|| !EVP_DigestUpdate(s1, s->session->master_key,
s->session->master_key_length)
|| !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE)
|| !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE)
|| !EVP_DigestFinal_ex(s1, smd, NULL)
- || !EVP_DigestInit_ex(m5, EVP_md5(), NULL)
+ || !EVP_DigestInit_ex(m5, md5, NULL)
|| !EVP_DigestUpdate(m5, s->session->master_key,
s->session->master_key_length)
|| !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) {
err:
EVP_MD_CTX_free(m5);
EVP_MD_CTX_free(s1);
+ ssl_evp_md_free(md5);
+ ssl_evp_md_free(sha1);
return ret;
}
if (s->s3.tmp.key_block_length != 0)
return 1;
- if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) {
+ if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp,
+ 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return 0;
}
+ ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
s->s3.tmp.new_sym_enc = c;
+ ssl_evp_md_free(s->s3.tmp.new_hash);
s->s3.tmp.new_hash = hash;
#ifdef OPENSSL_NO_COMP
s->s3.tmp.new_compression = NULL;
OSSL_PARAM params[])
{
int n = 0;
- int cmd = EVP_CTRL_SSL3_MASTER_SECRET;
-
- params[n++] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_CMD, &cmd,
- NULL);
- params[n++] = OSSL_PARAM_construct_octet_ptr(OSSL_DIGEST_PARAM_MSG,
- (void **)&session->master_key,
- session->master_key_length,
- NULL);
+ params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
+ (void *)session->master_key,
+ session->master_key_length);
params[n++] = OSSL_PARAM_construct_end();
}
OSSL_PARAM digest_cmd_params[3];
ssl3_digest_master_key_set_params(s->session, digest_cmd_params);
+
if (EVP_DigestUpdate(ctx, sender, len) <= 0
|| EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0
|| EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {