X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Ft1_enc.c;h=3a349920d9cd2144e73472f43b98f46fc59c74cf;hb=4c3296960de32e5abfbb8f4703a2ce624d82669f;hp=3509f62b18cca9c74323b937e72fb3169d2515ce;hpb=761772d7e19145fa9afb2a0c830ead69a33f3fa5;p=oweals%2Fopenssl.git

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 3509f62b18..3a349920d9 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -141,6 +141,9 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/md5.h>
+#ifdef KSSL_DEBUG
+#include <openssl/des.h>
+#endif
 
 /* seed1 through seed5 are virtually concatenated */
 static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
@@ -790,8 +793,8 @@ int tls1_final_finish_mac(SSL *s,
 		{
 		if (mask & s->s3->tmp.new_cipher->algorithm2)
 			{
-			int hashsize = EVP_MD_size(md);
-			if ((size_t)hashsize > (sizeof buf - (size_t)(q-buf)))
+			unsigned int hashsize = EVP_MD_size(md);
+			if (hashsize > (sizeof buf - (size_t)(q-buf)))
 				{
 				/* internal error: 'buf' is too small for this cipersuite! */
 				err = 1;
@@ -829,6 +832,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	EVP_MD_CTX hmac, *mac_ctx;
 	unsigned char buf[5]; 
 	int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
+
 	if (send)
 		{
 		rec= &(ssl->s3->wrec);
@@ -847,8 +851,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	md_size=EVP_MD_CTX_size(hash);
 
 	buf[0]=rec->type;
-	buf[1]=TLS1_VERSION_MAJOR;
-	buf[2]=TLS1_VERSION_MINOR;
+	buf[1]=(unsigned char)(ssl->version>>8);
+	buf[2]=(unsigned char)(ssl->version);
 	buf[3]=rec->length>>8;
 	buf[4]=rec->length&0xff;
 
@@ -861,13 +865,24 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 		{
 			EVP_MD_CTX_copy(&hmac,hash);
 			mac_ctx = &hmac;
-		}	
-	EVP_DigestSignUpdate(mac_ctx,seq,8);
+		}
+
+	if (ssl->version == DTLS1_VERSION)
+		{
+		unsigned char dtlsseq[8],*p=dtlsseq;
+
+		s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
+		memcpy (p,&seq[2],6);
+
+		EVP_DigestSignUpdate(mac_ctx,dtlsseq,8);
+		}
+	else
+		EVP_DigestSignUpdate(mac_ctx,seq,8);
+
 	EVP_DigestSignUpdate(mac_ctx,buf,5);
 	EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
-	if (stream_mac) EVP_MD_CTX_copy(&hmac,hash);
-	EVP_DigestSignFinal(&hmac,md,&md_size);
-	EVP_MD_CTX_cleanup(&hmac);
+	EVP_DigestSignFinal(mac_ctx,md,&md_size);
+	if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
 #ifdef TLS_DEBUG
 printf("sec=");
 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
@@ -879,8 +894,8 @@ printf("rec=");
 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
 
-    if ( SSL_version(ssl) != DTLS1_VERSION)
-	    {
+	if (ssl->version != DTLS1_VERSION)
+		{
 		for (i=7; i>=0; i--)
 			{
 			++seq[i];
@@ -899,7 +914,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 	{
 	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
 	const void *co = NULL, *so = NULL;
-	int col = 0, sol = NULL;
+	int col = 0, sol = 0;
 
 #ifdef KSSL_DEBUG
 	printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);