From de941e289e5d320d2e3258b0ebf71562830aaabc Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 14 Mar 2002 18:22:23 +0000 Subject: [PATCH] Initialize cipher context in KRB5 ("D. Russell" ) Allow HMAC functions to use an alternative ENGINE. --- apps/speed.c | 8 ++++---- crypto/evp/p5_crpt2.c | 2 +- crypto/hmac/hmac.c | 10 +++++----- crypto/hmac/hmac.h | 2 +- crypto/pkcs12/p12_mutl.c | 8 ++++---- ssl/s3_clnt.c | 2 ++ ssl/s3_srvr.c | 2 ++ ssl/t1_enc.c | 10 +++++----- 8 files changed, 24 insertions(+), 20 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index e817a0df15..95979e509f 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1138,7 +1138,7 @@ int MAIN(int argc, char **argv) HMAC_CTX_init(&hctx); HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", - 16,EVP_md5()); + 16,EVP_md5(), NULL); for (j=0; j> 16) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[3] = (unsigned char)(i & 0xff); - HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1()); + HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); HMAC_Update(&hctx, salt, saltlen); HMAC_Update(&hctx, itmp, 4); HMAC_Final(&hctx, digtmp, NULL); diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 3fff7b1af3..da363b7950 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -61,7 +61,7 @@ #include void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md) + const EVP_MD *md, ENGINE *impl) { int i,j,reset=0; unsigned char pad[HMAC_MAX_MD_CBLOCK]; @@ -80,7 +80,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, j=EVP_MD_block_size(md); if (j < len) { - EVP_DigestInit_ex(&ctx->md_ctx,md, NULL); + EVP_DigestInit_ex(&ctx->md_ctx,md, impl); EVP_DigestUpdate(&ctx->md_ctx,key,len); EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, &ctx->key_length); @@ -99,12 +99,12 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { for (i=0; ikey[i]; - EVP_DigestInit_ex(&ctx->i_ctx,md, NULL); + EVP_DigestInit_ex(&ctx->i_ctx,md, impl); EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)); for (i=0; ikey[i]; - EVP_DigestInit_ex(&ctx->o_ctx,md, NULL); + EVP_DigestInit_ex(&ctx->o_ctx,md, impl); EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)); } EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx); @@ -115,7 +115,7 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, { if(key && md) HMAC_CTX_init(ctx); - HMAC_Init_ex(ctx,key,len,md); + HMAC_Init_ex(ctx,key,len,md, NULL); } void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h index 58ac3d0993..0364a1fcbd 100644 --- a/crypto/hmac/hmac.h +++ b/crypto/hmac/hmac.h @@ -91,7 +91,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx); void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); /* deprecated */ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md); + const EVP_MD *md, ENGINE *impl); void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index b6a10de70c..0fb67f74b8 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -87,11 +87,11 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, return 0; } HMAC_CTX_init(&hmac); - HMAC_Init_ex (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type); - HMAC_Update (&hmac, p12->authsafes->d.data->data, + HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL); + HMAC_Update(&hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length); - HMAC_Final (&hmac, mac, maclen); - HMAC_CTX_cleanup (&hmac); + HMAC_Final(&hmac, mac, maclen); + HMAC_CTX_cleanup(&hmac); return 1; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 62571ef5d1..e5853ede95 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1494,6 +1494,8 @@ static int ssl3_send_client_key_exchange(SSL *s) + EVP_MAX_IV_LENGTH]; int padl, outl = sizeof(epms); + EVP_CIPHER_CTX_init(&ciph_ctx); + #ifdef KSSL_DEBUG printf("ssl3_send_client_key_exchange(%lx & %lx)\n", l, SSL_kKRB5); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 61ed0ad10e..d6247a64ea 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1557,6 +1557,8 @@ static int ssl3_get_client_key_exchange(SSL *s) krb5_timestamp authtime = 0; krb5_ticket_times ttimes; + EVP_CIPHER_CTX_init(&ciph_ctx); + if (!kssl_ctx) kssl_ctx = kssl_ctx_new(); n2s(p,i); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 0548533354..8b7844ceee 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -78,16 +78,16 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx_tmp); - HMAC_Init_ex(&ctx,sec,sec_len,md); - HMAC_Init_ex(&ctx_tmp,sec,sec_len,md); + HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); + HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); HMAC_Update(&ctx,seed,seed_len); HMAC_Final(&ctx,A1,&A1_len); n=0; for (;;) { - HMAC_Init_ex(&ctx,NULL,0,NULL); /* re-init */ - HMAC_Init_ex(&ctx_tmp,NULL,0,NULL); /* re-init */ + HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ + HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ HMAC_Update(&ctx,A1,A1_len); HMAC_Update(&ctx_tmp,A1,A1_len); HMAC_Update(&ctx,seed,seed_len); @@ -652,7 +652,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ HMAC_CTX_init(&hmac); - HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash); + HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); HMAC_Update(&hmac,seq,8); HMAC_Update(&hmac,buf,5); HMAC_Update(&hmac,rec->input,rec->length); -- 2.25.1