X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_enc.c;h=a6502772e8cd3fd79e08e5e083a900abaa71c611;hp=97d92cacd03e6af14040ca2784b0fcb62a4f8366;hb=965b6dad4497ea5cd9a988ccb641996b393af9b3;hpb=323f289c480b0a8eb15ed3be2befbcc0f86e8904

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 97d92cacd0..a6502772e8 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -61,6 +61,7 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include "ssl_locl.h"
+#include <openssl/md5.h>
 
 static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 			int sec_len, unsigned char *seed, int seed_len,
@@ -75,6 +76,8 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 	
 	chunk=EVP_MD_size(md);
 
+	HMAC_CTX_init(&ctx);
+	HMAC_CTX_init(&ctx_tmp);
 	HMAC_Init(&ctx,sec,sec_len,md);
 	HMAC_Init(&ctx_tmp,sec,sec_len,md);
 	HMAC_Update(&ctx,seed,seed_len);
@@ -103,8 +106,8 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 			break;
 			}
 		}
-	HMAC_cleanup(&ctx);
-	HMAC_cleanup(&ctx_tmp);
+	HMAC_CTX_cleanup(&ctx);
+	HMAC_CTX_cleanup(&ctx_tmp);
 	memset(A1,0,sizeof(A1));
 	}
 
@@ -493,7 +496,7 @@ int tls1_enc(SSL *s, int send)
 
 #ifdef KSSL_DEBUG
 		{
-                unsigned long i;
+                unsigned long ui;
 		printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
                         ds,rec->data,rec->input,l);
 		printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
@@ -504,7 +507,7 @@ int tls1_enc(SSL *s, int send)
 		for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
 		printf("\n");
 		printf("\trec->input=");
-		for (i=0; i<l; i++) printf(" %02x", rec->input[i]);
+		for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
 		printf("\n");
 		}
 #endif	/* KSSL_DEBUG */
@@ -514,8 +517,8 @@ int tls1_enc(SSL *s, int send)
 			if (l == 0 || l%bs != 0)
 				{
 				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
-				return(0);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+				return 0;
 				}
 			}
 		
@@ -547,17 +550,18 @@ int tls1_enc(SSL *s, int send)
 			 * All of them must have value 'padding_length'. */
 			if (i > (int)rec->length)
 				{
-				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-				return(0);
+				/* Incorrect padding. SSLerr() and ssl3_alert are done
+				 * by caller: we don't want to reveal whether this is
+				 * a decryption error or a MAC verification failure
+				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+				return -1;
 				}
 			for (j=(int)(l-i); j<(int)l; j++)
 				{
 				if (rec->data[j] != ii)
 					{
-					SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
-					ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-					return(0);
+					/* Incorrect padding */
+					return -1;
 					}
 				}
 			rec->length-=i;
@@ -571,8 +575,10 @@ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
 	unsigned int ret;
 	EVP_MD_CTX ctx;
 
+	EVP_MD_CTX_init(&ctx);
 	EVP_MD_CTX_copy(&ctx,in_ctx);
 	EVP_DigestFinal(&ctx,out,&ret);
+	EVP_MD_CTX_cleanup(&ctx);
 	return((int)ret);
 	}
 
@@ -588,6 +594,7 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
 	memcpy(q,str,slen);
 	q+=slen;
 
+	EVP_MD_CTX_init(&ctx);
 	EVP_MD_CTX_copy(&ctx,in1_ctx);
 	EVP_DigestFinal(&ctx,q,&i);
 	q+=i;
@@ -598,7 +605,7 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
 	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
 		s->session->master_key,s->session->master_key_length,
 		out,buf2,12);
-	memset(&ctx,0,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_cleanup(&ctx);
 
 	return((int)12);
 	}
@@ -637,12 +644,13 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	buf[4]=rec->length&0xff;
 
 	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+	HMAC_CTX_init(&hmac);
 	HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
 	HMAC_Update(&hmac,seq,8);
 	HMAC_Update(&hmac,buf,5);
 	HMAC_Update(&hmac,rec->input,rec->length);
 	HMAC_Final(&hmac,md,&md_size);
-	HMAC_cleanup(&hmac);
+	HMAC_CTX_cleanup(&hmac);
 
 #ifdef TLS_DEBUG
 printf("sec=");