X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs2_enc.c;h=18882bf70487f56bf73abff5b6b3a36ccaf849b4;hp=63ebf2874887cf83d846cf2180b98bc95fb70bcc;hb=ce92b6eb9c9f4fa570564ec2dd9cbce68d9983f3;hpb=413c4f45ed0508d2242638696b7665f499d68265

diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index 63ebf28748..18882bf704 100644
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -56,17 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
 #include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+#include <stdio.h>
 
-int ssl2_enc_init(s, client)
-SSL *s;
-int client;
+int ssl2_enc_init(SSL *s, int client)
 	{
 	/* Max number of bytes needed */
 	EVP_CIPHER_CTX *rs,*ws;
-	EVP_CIPHER *c;
-	EVP_MD *md;
+	const EVP_CIPHER *c;
+	const EVP_MD *md;
 	int num;
 
 	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
@@ -81,11 +80,11 @@ int client;
 
 	if ((s->enc_read_ctx == NULL) &&
 		((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-		Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
 		goto err;
 	if ((s->enc_write_ctx == NULL) &&
 		((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-		Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
 		goto err;
 
 	rs= s->enc_read_ctx;
@@ -96,12 +95,15 @@ int client;
 
 	num=c->key_len;
 	s->s2->key_material_length=num*2;
+	OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
 
-	ssl2_generate_key_material(s);
+	if (ssl2_generate_key_material(s) <= 0)
+		return 0;
 
-	EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+	OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));
+	EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
 		s->session->key_arg);
-	EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
+	EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
 		s->session->key_arg);
 	s->s2->read_key=  &(s->s2->key_material[(client)?0:num]);
 	s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
@@ -112,11 +114,9 @@ err:
 	}
 
 /* read/writes from s->s2->mac_data using length for encrypt and 
- * decrypt.  It sets the s->s2->padding, s->[rw]length and
- * s->s2->pad_data ptr if we are encrypting */
-void ssl2_enc(s,send)
-SSL *s;
-int send;
+ * decrypt.  It sets s->s2->padding and s->[rw]length
+ * if we are encrypting */
+void ssl2_enc(SSL *s, int send)
 	{
 	EVP_CIPHER_CTX *ds;
 	unsigned long l;
@@ -146,10 +146,7 @@ int send;
 	EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
 	}
 
-void ssl2_mac(s, md,send)
-SSL *s;
-unsigned char *md;
-int send;
+void ssl2_mac(SSL *s, unsigned char *md, int send)
 	{
 	EVP_MD_CTX c;
 	unsigned char sequence[4],*p,*sec,*act;
@@ -175,13 +172,20 @@ int send;
 	l2n(seq,p);
 
 	/* There has to be a MAC algorithm. */
-	EVP_DigestInit(&c,s->read_hash);
+	EVP_MD_CTX_init(&c);
+	EVP_DigestInit_ex(&c, s->read_hash, NULL);
 	EVP_DigestUpdate(&c,sec,
 		EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
 	EVP_DigestUpdate(&c,act,len); 
 	/* the above line also does the pad data */
 	EVP_DigestUpdate(&c,sequence,4); 
-	EVP_DigestFinal(&c,md,NULL);
-	/* some would say I should zero the md context */
+	EVP_DigestFinal_ex(&c,md,NULL);
+	EVP_MD_CTX_cleanup(&c);
 	}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 
+#endif