projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
delete unimplemented function from header file, update ordinals
[oweals/openssl.git]
/
ssl
/
s3_enc.c
diff --git
a/ssl/s3_enc.c
b/ssl/s3_enc.c
index 00fad17b9aa08cd070933e999a5ef4c1cec1bbbb..0ddfe192bc60748e41720c528a93de2622c9bed2 100644
(file)
--- a/
ssl/s3_enc.c
+++ b/
ssl/s3_enc.c
@@
-170,6
+170,7
@@
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
#endif
k=0;
EVP_MD_CTX_init(&m5);
#endif
k=0;
EVP_MD_CTX_init(&m5);
+ EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_MD_CTX_init(&s1);
for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
{
EVP_MD_CTX_init(&s1);
for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
{
@@
-214,7
+215,7
@@
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
int ssl3_change_cipher_state(SSL *s, int which)
{
int ssl3_change_cipher_state(SSL *s, int which)
{
- unsigned char *p,*
key_block,*
mac_secret;
+ unsigned char *p,*mac_secret;
unsigned char exp_key[EVP_MAX_KEY_LENGTH];
unsigned char exp_iv[EVP_MAX_IV_LENGTH];
unsigned char *ms,*key,*iv,*er1,*er2;
unsigned char exp_key[EVP_MAX_KEY_LENGTH];
unsigned char exp_iv[EVP_MAX_IV_LENGTH];
unsigned char *ms,*key,*iv,*er1,*er2;
@@
-239,7
+240,6
@@
int ssl3_change_cipher_state(SSL *s, int which)
else
comp=s->s3->tmp.new_compression->method;
#endif
else
comp=s->s3->tmp.new_compression->method;
#endif
- key_block=s->s3->tmp.key_block;
if (which & SSL3_CC_READ)
{
if (which & SSL3_CC_READ)
{
@@
-569,12
+569,12
@@
void ssl3_free_digest_list(SSL *s)
OPENSSL_free(s->s3->handshake_dgst);
s->s3->handshake_dgst=NULL;
}
OPENSSL_free(s->s3->handshake_dgst);
s->s3->handshake_dgst=NULL;
}
-
+
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
{
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
{
- if (s->s3->handshake_buffer)
+ if (s->s3->handshake_buffer
&& !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)
)
{
BIO_write (s->s3->handshake_buffer,(void *)buf,len);
}
{
BIO_write (s->s3->handshake_buffer,(void *)buf,len);
}
@@
-604,16
+604,23
@@
int ssl3_digest_cached_records(SSL *s)
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
if (hdatalen <= 0)
{
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
if (hdatalen <= 0)
{
- SSLerr(SSL_F_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
+ SSLerr(SSL_F_
SSL3_
DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
return 0;
}
/* Loop through bitso of algorithm2 field and create MD_CTX-es */
for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++)
{
return 0;
}
/* Loop through bitso of algorithm2 field and create MD_CTX-es */
for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++)
{
- if ((mask & s
->s3->tmp.new_cipher->algorithm2
) && md)
+ if ((mask & s
sl_get_algorithm2(s)
) && md)
{
s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
{
s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
+#ifdef OPENSSL_FIPS
+ if (EVP_MD_nid(md) == NID_md5)
+ {
+ EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
+#endif
EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
}
EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
}
@@
-622,9
+629,12
@@
int ssl3_digest_cached_records(SSL *s)
s->s3->handshake_dgst[i]=NULL;
}
}
s->s3->handshake_dgst[i]=NULL;
}
}
- /* Free handshake_buffer BIO */
- BIO_free(s->s3->handshake_buffer);
- s->s3->handshake_buffer = NULL;
+ if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE))
+ {
+ /* Free handshake_buffer BIO */
+ BIO_free(s->s3->handshake_buffer);
+ s->s3->handshake_buffer = NULL;
+ }
return 1;
}
return 1;
}
@@
-655,7
+665,7
@@
static int ssl3_handshake_mac(SSL *s, int md_nid,
if (!ssl3_digest_cached_records(s))
return 0;
if (!ssl3_digest_cached_records(s))
return 0;
- /* Search for d
jgest of specified type
in the handshake_dgst
+ /* Search for d
igest of specified type
in the handshake_dgst
* array*/
for (i=0;i<SSL_MAX_DIGEST;i++)
{
* array*/
for (i=0;i<SSL_MAX_DIGEST;i++)
{
@@
-670,6
+680,7
@@
static int ssl3_handshake_mac(SSL *s, int md_nid,
return 0;
}
EVP_MD_CTX_init(&ctx);
return 0;
}
EVP_MD_CTX_init(&ctx);
+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_MD_CTX_copy_ex(&ctx,d);
n=EVP_MD_CTX_size(&ctx);
if (n < 0)
EVP_MD_CTX_copy_ex(&ctx,d);
n=EVP_MD_CTX_size(&ctx);
if (n < 0)