X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs2_enc.c;h=1d0855940776b73a95bb37bd29073f891336c6d0;hp=a9458e7fa7208f59bff980971a46c3fd4846457e;hb=77a926e6769705944e8ac8db37650cd36161be97;hpb=aa82db4fb49e8e3da38e39861837117ce12256bf diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index a9458e7fa7..1d08559407 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -57,7 +57,7 @@ */ #include "ssl_locl.h" -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 #include int ssl2_enc_init(SSL *s, int client) @@ -68,39 +68,44 @@ int ssl2_enc_init(SSL *s, int client) const EVP_MD *md; int num; - if (!ssl_cipher_get_evp(s->session,&c,&md,NULL)) + if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL, 0)) { ssl2_return_error(s,SSL2_PE_NO_CIPHER); SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); return(0); } - - s->read_hash=md; - s->write_hash=md; + ssl_replace_hash(&s->read_hash,md); + ssl_replace_hash(&s->write_hash,md); if ((s->enc_read_ctx == NULL) && ((s->enc_read_ctx=(EVP_CIPHER_CTX *) - Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) goto err; + + /* make sure it's intialized in case the malloc for enc_write_ctx fails + * and we exit with an error */ + rs= s->enc_read_ctx; + EVP_CIPHER_CTX_init(rs); + if ((s->enc_write_ctx == NULL) && ((s->enc_write_ctx=(EVP_CIPHER_CTX *) - Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) goto err; - rs= s->enc_read_ctx; ws= s->enc_write_ctx; - - EVP_CIPHER_CTX_init(rs); EVP_CIPHER_CTX_init(ws); num=c->key_len; s->s2->key_material_length=num*2; + OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material); - ssl2_generate_key_material(s); + if (ssl2_generate_key_material(s) <= 0) + return 0; - EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]), + OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg)); + EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); - EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]), + EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), s->session->key_arg); s->s2->read_key= &(s->s2->key_material[(client)?0:num]); s->s2->write_key= &(s->s2->key_material[(client)?num:0]); @@ -111,8 +116,8 @@ err: } /* read/writes from s->s2->mac_data using length for encrypt and - * decrypt. It sets the s->s2->padding, s->[rw]length and - * s->s2->pad_data ptr if we are encrypting */ + * decrypt. It sets s->s2->padding and s->[rw]length + * if we are encrypting */ void ssl2_enc(SSL *s, int send) { EVP_CIPHER_CTX *ds; @@ -169,16 +174,17 @@ void ssl2_mac(SSL *s, unsigned char *md, int send) l2n(seq,p); /* There has to be a MAC algorithm. */ - EVP_DigestInit(&c,s->read_hash); + EVP_MD_CTX_init(&c); + EVP_MD_CTX_copy(&c, s->read_hash); EVP_DigestUpdate(&c,sec, EVP_CIPHER_CTX_key_length(s->enc_read_ctx)); EVP_DigestUpdate(&c,act,len); /* the above line also does the pad data */ EVP_DigestUpdate(&c,sequence,4); - EVP_DigestFinal(&c,md,NULL); - /* some would say I should zero the md context */ + EVP_DigestFinal_ex(&c,md,NULL); + EVP_MD_CTX_cleanup(&c); } -#else /* !NO_SSL2 */ +#else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy;