X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs2_enc.c;h=1d0855940776b73a95bb37bd29073f891336c6d0;hp=b915f099e55a73b4e94d106697b5dec03059d126;hb=ded18639d7f8ffacea10a24938cf091a0efbca40;hpb=d02b48c63a58ea4367a0e905979f140b7d090f86 diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index b915f099e5..1d08559407 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -1,5 +1,5 @@ /* ssl/s2_enc.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -56,52 +56,56 @@ * [including the GNU Public Licence.] */ -#include #include "ssl_locl.h" +#ifndef OPENSSL_NO_SSL2 +#include -#define RS 0 -#define WS 1 - -int ssl2_enc_init(s, client) -SSL *s; -int client; +int ssl2_enc_init(SSL *s, int client) { /* Max number of bytes needed */ EVP_CIPHER_CTX *rs,*ws; - EVP_CIPHER *c; - EVP_MD *md; + const EVP_CIPHER *c; + const EVP_MD *md; int num; - if (!ssl_cipher_get_evp(s->session->cipher,&c,&md)) + if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL, 0)) { ssl2_return_error(s,SSL2_PE_NO_CIPHER); SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS); return(0); } - - s->read_hash=md; - s->write_hash=md; + ssl_replace_hash(&s->read_hash,md); + ssl_replace_hash(&s->write_hash,md); if ((s->enc_read_ctx == NULL) && ((s->enc_read_ctx=(EVP_CIPHER_CTX *) - Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) goto err; + + /* make sure it's intialized in case the malloc for enc_write_ctx fails + * and we exit with an error */ + rs= s->enc_read_ctx; + EVP_CIPHER_CTX_init(rs); + if ((s->enc_write_ctx == NULL) && ((s->enc_write_ctx=(EVP_CIPHER_CTX *) - Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) goto err; - rs= s->enc_read_ctx; ws= s->enc_write_ctx; + EVP_CIPHER_CTX_init(ws); num=c->key_len; s->s2->key_material_length=num*2; + OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material); - ssl2_generate_key_material(s); + if (ssl2_generate_key_material(s) <= 0) + return 0; - EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]), + OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg)); + EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); - EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]), + EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), s->session->key_arg); s->s2->read_key= &(s->s2->key_material[(client)?0:num]); s->s2->write_key= &(s->s2->key_material[(client)?num:0]); @@ -112,11 +116,9 @@ err: } /* read/writes from s->s2->mac_data using length for encrypt and - * decrypt. It sets the s->s2->padding, s->[rw]length and - * s->s2->pad_data ptr if we are encrypting */ -void ssl2_enc(s,send) -SSL *s; -int send; + * decrypt. It sets s->s2->padding and s->[rw]length + * if we are encrypting */ +void ssl2_enc(SSL *s, int send) { EVP_CIPHER_CTX *ds; unsigned long l; @@ -146,10 +148,7 @@ int send; EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l); } -void ssl2_mac(s, md,send) -SSL *s; -unsigned char *md; -int send; +void ssl2_mac(SSL *s, unsigned char *md, int send) { EVP_MD_CTX c; unsigned char sequence[4],*p,*sec,*act; @@ -175,13 +174,20 @@ int send; l2n(seq,p); /* There has to be a MAC algorithm. */ - EVP_DigestInit(&c,s->read_hash); + EVP_MD_CTX_init(&c); + EVP_MD_CTX_copy(&c, s->read_hash); EVP_DigestUpdate(&c,sec, EVP_CIPHER_CTX_key_length(s->enc_read_ctx)); EVP_DigestUpdate(&c,act,len); /* the above line also does the pad data */ EVP_DigestUpdate(&c,sequence,4); - EVP_DigestFinal(&c,md,NULL); - /* some would say I should zero the md context */ + EVP_DigestFinal_ex(&c,md,NULL); + EVP_MD_CTX_cleanup(&c); } +#else /* !OPENSSL_NO_SSL2 */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif +#endif