{
int chunk;
size_t j;
- EVP_MD_CTX ctx, ctx_tmp, ctx_init;
- EVP_PKEY *mac_key;
+ EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL;
+ EVP_PKEY *mac_key = NULL;
unsigned char A1[EVP_MAX_MD_SIZE];
size_t A1_len;
int ret = 0;
chunk = EVP_MD_size(md);
OPENSSL_assert(chunk >= 0);
- EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_init(&ctx_tmp);
- EVP_MD_CTX_init(&ctx_init);
- EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ ctx = EVP_MD_CTX_new();
+ ctx_tmp = EVP_MD_CTX_new();
+ ctx_init = EVP_MD_CTX_new();
+ if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
+ goto err;
+ EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
if (!mac_key)
goto err;
- if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key))
+ if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
goto err;
- if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
+ if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
goto err;
- if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
+ if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len))
goto err;
- if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
+ if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len))
goto err;
- if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
+ if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len))
goto err;
- if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
+ if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len))
goto err;
- if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
+ if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len))
goto err;
- if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
+ if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
goto err;
for (;;) {
/* Reinit mac contexts */
- if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init))
+ if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
goto err;
- if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
+ if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
goto err;
- if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx))
+ if (olen > chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
goto err;
- if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
+ if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len))
goto err;
- if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
+ if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len))
goto err;
- if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
+ if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len))
goto err;
- if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
+ if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len))
goto err;
- if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
+ if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len))
goto err;
if (olen > chunk) {
- if (!EVP_DigestSignFinal(&ctx, out, &j))
+ if (!EVP_DigestSignFinal(ctx, out, &j))
goto err;
out += j;
olen -= j;
/* calc the next A1 value */
- if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
+ if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len))
goto err;
} else { /* last one */
- if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
+ if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
goto err;
memcpy(out, A1, olen);
break;
ret = 1;
err:
EVP_PKEY_free(mac_key);
- EVP_MD_CTX_cleanup(&ctx);
- EVP_MD_CTX_cleanup(&ctx_tmp);
- EVP_MD_CTX_cleanup(&ctx_init);
+ EVP_MD_CTX_free(ctx);
+ EVP_MD_CTX_free(ctx_tmp);
+ EVP_MD_CTX_free(ctx_init);
OPENSSL_cleanse(A1, sizeof(A1));
return ret;
}
int tls1_change_cipher_state(SSL *s, int which)
{
- static const unsigned char empty[] = "";
unsigned char *p, *mac_secret;
- unsigned char *exp_label;
unsigned char tmp1[EVP_MAX_KEY_LENGTH];
unsigned char tmp2[EVP_MAX_KEY_LENGTH];
unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
unsigned char *ms, *key, *iv;
- int client_write;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
#ifndef OPENSSL_NO_COMP
int *mac_secret_size;
EVP_MD_CTX *mac_ctx;
EVP_PKEY *mac_key;
- int is_export, n, i, j, k, exp_label_len, cl;
+ int n, i, j, k, cl;
int reuse_dd = 0;
- is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c = s->s3->tmp.new_sym_enc;
m = s->s3->tmp.new_hash;
mac_type = s->s3->tmp.new_mac_pkey_type;
goto err;
dd = s->enc_write_ctx;
if (SSL_IS_DTLS(s)) {
- mac_ctx = EVP_MD_CTX_create();
+ mac_ctx = EVP_MD_CTX_new();
if (mac_ctx == NULL)
goto err;
s->write_hash = mac_ctx;
i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
cl = EVP_CIPHER_key_length(c);
- j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+ j = cl;
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
/* If GCM/CCM mode only part of IV comes from PRF */
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
n += j + j;
iv = &(p[n]);
n += k + k;
- exp_label = (unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
- exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
- client_write = 1;
} else {
n = i;
ms = &(p[n]);
n += j + k;
iv = &(p[n]);
n += k;
- exp_label = (unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
- exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
- client_write = 0;
}
if (n > s->s3->tmp.key_block_length) {
printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n');
}
#endif
- if (is_export) {
- /*
- * In here I set both the read and write key/iv to the same value
- * since only the correct one will be used :-).
- */
- if (!tls1_PRF(s,
- exp_label, exp_label_len,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- NULL, 0, NULL, 0,
- key, j, tmp1, tmp2, EVP_CIPHER_key_length(c)))
- goto err2;
- key = tmp1;
-
- if (k > 0) {
- if (!tls1_PRF(s,
- TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- NULL, 0, NULL, 0, empty, 0, iv1, iv2, k * 2))
- goto err2;
- if (client_write)
- iv = iv1;
- else
- iv = &(iv1[k]);
- }
- }
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))