X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_enc.c;h=6d9f986d58e003b6ee614636b5aedd99680ae283;hb=3c89d78dba8bb7a958cad729f3166c175f587c7c;hp=b27e9562b96cb2580c99013ecb415237fa1b1897;hpb=027e257b1da1289b64587dc5bde598920feaee8c;p=oweals%2Fopenssl.git diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index b27e9562b9..6d9f986d58 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -57,10 +57,9 @@ */ #include -#include -#include #include #include "ssl_locl.h" +#include static unsigned char ssl3_pad_1[48]={ 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36, @@ -83,8 +82,8 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { - MD5_CTX m5; - SHA_CTX s1; + EVP_MD_CTX m5; + EVP_MD_CTX s1; unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; unsigned char c='A'; int i,j,k; @@ -93,6 +92,8 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) c = os_toascii[c]; /*'A' in ASCII */ #endif k=0; + EVP_MD_CTX_init(&m5); + EVP_MD_CTX_init(&s1); for (i=0; isession->master_key, + EVP_DigestInit_ex(&s1,EVP_sha1(), NULL); + EVP_DigestUpdate(&s1,buf,k); + EVP_DigestUpdate(&s1,s->session->master_key, s->session->master_key_length); - SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); - SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); - SHA1_Final( smd,&s1); + EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); + EVP_DigestFinal_ex(&s1,smd,NULL); - MD5_Init( &m5); - MD5_Update(&m5,s->session->master_key, + EVP_DigestInit_ex(&m5,EVP_md5(), NULL); + EVP_DigestUpdate(&m5,s->session->master_key, s->session->master_key_length); - MD5_Update(&m5,smd,SHA_DIGEST_LENGTH); + EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); if ((i+MD5_DIGEST_LENGTH) > num) { - MD5_Final(smd,&m5); + EVP_DigestFinal_ex(&m5,smd,NULL); memcpy(km,smd,(num-i)); } else - MD5_Final(km,&m5); + EVP_DigestFinal_ex(&m5,km,NULL); km+=MD5_DIGEST_LENGTH; } memset(smd,0,SHA_DIGEST_LENGTH); + EVP_MD_CTX_cleanup(&m5); + EVP_MD_CTX_cleanup(&s1); return 1; } @@ -142,8 +145,9 @@ int ssl3_change_cipher_state(SSL *s, int which) const EVP_CIPHER *c; COMP_METHOD *comp; const EVP_MD *m; - MD5_CTX md; + EVP_MD_CTX md; int exp,n,i,j,k,cl; + int reuse_dd = 0; exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c=s->s3->tmp.new_sym_enc; @@ -156,9 +160,9 @@ int ssl3_change_cipher_state(SSL *s, int which) if (which & SSL3_CC_READ) { - if ((s->enc_read_ctx == NULL) && - ((s->enc_read_ctx=(EVP_CIPHER_CTX *) - OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + if (s->enc_read_ctx != NULL) + reuse_dd = 1; + else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) goto err; dd= s->enc_read_ctx; s->read_hash=m; @@ -187,9 +191,9 @@ int ssl3_change_cipher_state(SSL *s, int which) } else { - if ((s->enc_write_ctx == NULL) && - ((s->enc_write_ctx=(EVP_CIPHER_CTX *) - OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + if (s->enc_write_ctx != NULL) + reuse_dd = 1; + else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) goto err; dd= s->enc_write_ctx; s->write_hash=m; @@ -212,6 +216,8 @@ int ssl3_change_cipher_state(SSL *s, int which) mac_secret= &(s->s3->write_mac_secret[0]); } + if (reuse_dd) + EVP_CIPHER_CTX_cleanup(dd); EVP_CIPHER_CTX_init(dd); p=s->s3->tmp.key_block; @@ -246,35 +252,37 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err2; } + EVP_MD_CTX_init(&md); memcpy(mac_secret,ms,i); if (exp) { /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). */ - MD5_Init(&md); - MD5_Update(&md,key,j); - MD5_Update(&md,er1,SSL3_RANDOM_SIZE); - MD5_Update(&md,er2,SSL3_RANDOM_SIZE); - MD5_Final(&(exp_key[0]),&md); + EVP_DigestInit_ex(&md,EVP_md5(), NULL); + EVP_DigestUpdate(&md,key,j); + EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); + EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL); key= &(exp_key[0]); if (k > 0) { - MD5_Init(&md); - MD5_Update(&md,er1,SSL3_RANDOM_SIZE); - MD5_Update(&md,er2,SSL3_RANDOM_SIZE); - MD5_Final(&(exp_iv[0]),&md); + EVP_DigestInit_ex(&md,EVP_md5(), NULL); + EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); + EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL); iv= &(exp_iv[0]); } } s->session->key_arg_length=0; - EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); + EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); memset(&(exp_key[0]),0,sizeof(exp_key)); memset(&(exp_iv[0]),0,sizeof(exp_iv)); + EVP_MD_CTX_cleanup(&md); return(1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); @@ -363,7 +371,7 @@ int ssl3_enc(SSL *s, int send) if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { - memcpy(rec->data,rec->input,rec->length); + memmove(rec->data,rec->input,rec->length); rec->input=rec->data; } else @@ -373,7 +381,6 @@ int ssl3_enc(SSL *s, int send) /* COMPRESS */ - /* This should be using (bs-1) and bs instead of 7 and 8 */ if ((bs != 1) && send) { i=bs-((int)l%bs); @@ -383,17 +390,31 @@ int ssl3_enc(SSL *s, int send) rec->length+=i; rec->input[l-1]=(i-1); } - + + if (!send) + { + if (l == 0 || l%bs != 0) + { + SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); + return 0; + } + } + EVP_Cipher(ds,rec->data,rec->input,l); if ((bs != 1) && !send) { i=rec->data[l-1]+1; + /* SSL 3.0 bounds the number of padding bytes by the block size; + * padding bytes (except that last) are arbitrary */ if (i > bs) { - SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); - return(0); + /* Incorrect padding. SSLerr() and ssl3_alert are done + * by caller: we don't want to reveal whether this is + * a decryption error or a MAC verification failure + * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ + return -1; } rec->length-=i; } @@ -403,8 +424,8 @@ int ssl3_enc(SSL *s, int send) void ssl3_init_finished_mac(SSL *s) { - EVP_DigestInit(&(s->s3->finish_dgst1),s->ctx->md5); - EVP_DigestInit(&(s->s3->finish_dgst2),s->ctx->sha1); + EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); + EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); } void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) @@ -438,7 +459,8 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char md_buf[EVP_MAX_MD_SIZE]; EVP_MD_CTX ctx; - EVP_MD_CTX_copy(&ctx,in_ctx); + EVP_MD_CTX_init(&ctx); + EVP_MD_CTX_copy_ex(&ctx,in_ctx); n=EVP_MD_CTX_size(&ctx); npad=(48/n)*n; @@ -448,16 +470,16 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, EVP_DigestUpdate(&ctx,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&ctx,ssl3_pad_1,npad); - EVP_DigestFinal(&ctx,md_buf,&i); + EVP_DigestFinal_ex(&ctx,md_buf,&i); - EVP_DigestInit(&ctx,EVP_MD_CTX_md(&ctx)); + EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL); EVP_DigestUpdate(&ctx,s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&ctx,ssl3_pad_2,npad); EVP_DigestUpdate(&ctx,md_buf,i); - EVP_DigestFinal(&ctx,p,&ret); + EVP_DigestFinal_ex(&ctx,p,&ret); - memset(&ctx,0,sizeof(EVP_MD_CTX)); + EVP_MD_CTX_cleanup(&ctx); return((int)ret); } @@ -491,8 +513,9 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send) npad=(48/md_size)*md_size; /* Chop the digest off the end :-) */ + EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit( &md_ctx,hash); + EVP_DigestInit_ex( &md_ctx,hash, NULL); EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); EVP_DigestUpdate(&md_ctx,seq,8); @@ -502,13 +525,15 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send) s2n(rec->length,p); EVP_DigestUpdate(&md_ctx,md,2); EVP_DigestUpdate(&md_ctx,rec->input,rec->length); - EVP_DigestFinal( &md_ctx,md,NULL); + EVP_DigestFinal_ex( &md_ctx,md,NULL); - EVP_DigestInit( &md_ctx,hash); + EVP_DigestInit_ex( &md_ctx,hash, NULL); EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); EVP_DigestUpdate(&md_ctx,md,md_size); - EVP_DigestFinal( &md_ctx,md,&md_size); + EVP_DigestFinal_ex( &md_ctx,md,&md_size); + + EVP_MD_CTX_cleanup(&md_ctx); for (i=7; i>=0; i--) { @@ -538,24 +563,26 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int i,ret=0; unsigned int n; + EVP_MD_CTX_init(&ctx); for (i=0; i<3; i++) { - EVP_DigestInit(&ctx,s->ctx->sha1); + EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL); EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i])); EVP_DigestUpdate(&ctx,p,len); EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]), SSL3_RANDOM_SIZE); EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]), SSL3_RANDOM_SIZE); - EVP_DigestFinal(&ctx,buf,&n); + EVP_DigestFinal_ex(&ctx,buf,&n); - EVP_DigestInit(&ctx,s->ctx->md5); + EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL); EVP_DigestUpdate(&ctx,p,len); EVP_DigestUpdate(&ctx,buf,n); - EVP_DigestFinal(&ctx,out,&n); + EVP_DigestFinal_ex(&ctx,out,&n); out+=n; ret+=n; } + EVP_MD_CTX_cleanup(&ctx); return(ret); }