X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_enc.c;h=f228295bba557b63d5703f3f0ec04b63db5e5f63;hp=fbdd3bffb52f113132a46d4d692e01a48b413340;hb=ee5425d97de08d2149426c01b9a60cabca18fa12;hpb=7dfb0b774e6592dcbfe47015168a0ac8b44e2a17

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index fbdd3bffb5..f228295bba 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include "comp.h"
 #include "evp.h"
 #include "hmac.h"
 #include "ssl_locl.h"
@@ -155,7 +156,7 @@ int num;
 	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
 	p+=SSL3_RANDOM_SIZE;
 
-	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,
+	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
 		s->session->master_key,s->session->master_key_length,
 		km,tmp,num);
 	}
@@ -175,9 +176,9 @@ int which;
 	int client_write;
 	EVP_CIPHER_CTX *dd;
 	EVP_CIPHER *c;
-	SSL_COMPRESSION *comp;
+	SSL_COMP *comp;
 	EVP_MD *m;
-	int exp,n,i,j,k,exp_label_len;
+	int exp,n,i,j,k,exp_label_len,cl;
 
 	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
 	c=s->s3->tmp.new_sym_enc;
@@ -193,7 +194,25 @@ int which;
 			goto err;
 		dd= s->enc_read_ctx;
 		s->read_hash=m;
-		s->read_compression=comp;
+		if (s->expand != NULL)
+			{
+			COMP_CTX_free(s->expand);
+			s->expand=NULL;
+			}
+		if (comp != NULL)
+			{
+			s->expand=COMP_CTX_new(comp->method);
+			if (s->expand == NULL)
+				{
+				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+				goto err2;
+				}
+			if (s->s3->rrec.comp == NULL)
+				s->s3->rrec.comp=(unsigned char *)
+					Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+			if (s->s3->rrec.comp == NULL)
+				goto err;
+			}
 		memset(&(s->s3->read_sequence[0]),0,8);
 		mac_secret= &(s->s3->read_mac_secret[0]);
 		}
@@ -205,7 +224,20 @@ int which;
 			goto err;
 		dd= s->enc_write_ctx;
 		s->write_hash=m;
-		s->write_compression=comp;
+		if (s->compress != NULL)
+			{
+			COMP_CTX_free(s->compress);
+			s->compress=NULL;
+			}
+		if (comp != NULL)
+			{
+			s->compress=COMP_CTX_new(comp->method);
+			if (s->compress == NULL)
+				{
+				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+				goto err2;
+				}
+			}
 		memset(&(s->s3->write_sequence[0]),0,8);
 		mac_secret= &(s->s3->write_mac_secret[0]);
 		}
@@ -214,7 +246,9 @@ int which;
 
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
-	j=(exp)?5:EVP_CIPHER_key_length(c);
+	cl=EVP_CIPHER_key_length(c);
+	j=exp ? (cl < 5 ? cl : 5) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	er1= &(s->s3->client_random[0]);
 	er2= &(s->s3->server_random[0]);
@@ -262,7 +296,7 @@ printf("which = %04X\nmac key=",which);
 		p+=SSL3_RANDOM_SIZE;
 		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
 		p+=SSL3_RANDOM_SIZE;
-		tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,key,j,
+		tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
 			tmp1,tmp2,EVP_CIPHER_key_length(c));
 		key=tmp1;
 
@@ -277,7 +311,7 @@ printf("which = %04X\nmac key=",which);
 			memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
 			p+=SSL3_RANDOM_SIZE;
 			tls1_PRF(s->ctx->md5,s->ctx->sha1,
-				buf,p-buf,"",0,iv1,iv2,k*2);
+				buf,(int)(p-buf),"",0,iv1,iv2,k*2);
 			if (client_write)
 				iv=iv1;
 			else
@@ -314,11 +348,12 @@ SSL *s;
 	EVP_CIPHER *c;
 	EVP_MD *hash;
 	int num,exp;
+	SSL_COMP *comp;
 
 	if (s->s3->tmp.key_block_length != 0)
 		return(1);
 
-	if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
+	if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
 		{
 		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
 		return(0);
@@ -374,7 +409,6 @@ int send;
 	unsigned long l;
 	int bs,i,ii,j,k,n=0;
 	EVP_CIPHER *enc;
-	SSL_COMPRESSION *comp;
 
 	if (send)
 		{
@@ -383,12 +417,9 @@ int send;
 		ds=s->enc_write_ctx;
 		rec= &(s->s3->wrec);
 		if (s->enc_write_ctx == NULL)
-			{ enc=NULL; comp=NULL; }
+			enc=NULL;
 		else
-			{
 			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-			comp=s->write_compression;
-			}
 		}
 	else
 		{
@@ -397,16 +428,13 @@ int send;
 		ds=s->enc_read_ctx;
 		rec= &(s->s3->rrec);
 		if (s->enc_read_ctx == NULL)
-			{ enc=NULL; comp=NULL; }
+			enc=NULL;
 		else
-			{
 			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-			comp=s->read_compression;
-			}
 		}
 
 	if ((s->session == NULL) || (ds == NULL) ||
-		((enc == NULL) && (comp == NULL)))
+		(enc == NULL))
 		{
 		memcpy(rec->data,rec->input,rec->length);
 		rec->input=rec->data;
@@ -479,7 +507,7 @@ unsigned char *out;
 	unsigned int ret;
 	EVP_MD_CTX ctx;
 
-	memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_copy(&ctx,in_ctx);
 	EVP_DigestFinal(&ctx,out,&ret);
 	return((int)ret);
 	}
@@ -500,14 +528,14 @@ unsigned char *out;
 	memcpy(q,str,slen);
 	q+=slen;
 
-	memcpy(&ctx,in1_ctx,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_copy(&ctx,in1_ctx);
 	EVP_DigestFinal(&ctx,q,&i);
 	q+=i;
-	memcpy(&ctx,in2_ctx,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_copy(&ctx,in2_ctx);
 	EVP_DigestFinal(&ctx,q,&i);
 	q+=i;
 
-	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,q-buf,
+	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
 		s->session->master_key,s->session->master_key_length,
 		out,buf2,12);
 	memset(&ctx,0,sizeof(EVP_MD_CTX));
@@ -560,20 +588,20 @@ int send;
 
 #ifdef TLS_DEBUG
 printf("sec=");
-{int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
 printf("seq=");
 {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
 printf("buf=");
 {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
 printf("rec=");
-{int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
 
 	for (i=7; i>=0; i--)
 		if (++seq[i]) break; 
 
 #ifdef TLS_DEBUG
-{int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
 #endif
 	return(md_size);
 	}