diff options
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_enc.c | 78 |
1 files changed, 40 insertions, 38 deletions
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index d0501499a2..38ccc46724 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_enc.c,v 1.41 2014/06/13 12:41:01 jsing Exp $ */ | 1 | /* $OpenBSD: s3_enc.c,v 1.42 2014/06/13 14:11:35 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -215,24 +215,25 @@ int | |||
| 215 | ssl3_change_cipher_state(SSL *s, int which) | 215 | ssl3_change_cipher_state(SSL *s, int which) |
| 216 | { | 216 | { |
| 217 | unsigned char *p, *mac_secret; | 217 | unsigned char *p, *mac_secret; |
| 218 | unsigned char exp_key[EVP_MAX_KEY_LENGTH]; | 218 | unsigned char export_key[EVP_MAX_KEY_LENGTH]; |
| 219 | unsigned char exp_iv[EVP_MAX_IV_LENGTH]; | 219 | unsigned char export_iv[EVP_MAX_IV_LENGTH]; |
| 220 | unsigned char *ms, *key, *iv, *er1, *er2; | 220 | unsigned char *ms, *key, *iv, *er1, *er2; |
| 221 | EVP_CIPHER_CTX *dd; | 221 | EVP_CIPHER_CTX *cipher_ctx; |
| 222 | const EVP_CIPHER *c; | 222 | const EVP_CIPHER *cipher; |
| 223 | EVP_MD_CTX mac_ctx; | ||
| 224 | const EVP_MD *mac; | ||
| 223 | #ifndef OPENSSL_NO_COMP | 225 | #ifndef OPENSSL_NO_COMP |
| 224 | COMP_METHOD *comp; | 226 | COMP_METHOD *comp; |
| 225 | #endif | 227 | #endif |
| 226 | const EVP_MD *m; | 228 | int is_export, n, i, j, k, cl; |
| 227 | EVP_MD_CTX md; | ||
| 228 | int is_exp, n, i, j, k, cl; | ||
| 229 | int reuse_dd = 0; | 229 | int reuse_dd = 0; |
| 230 | 230 | ||
| 231 | is_exp = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); | 231 | is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); |
| 232 | c = s->s3->tmp.new_sym_enc; | 232 | cipher = s->s3->tmp.new_sym_enc; |
| 233 | m = s->s3->tmp.new_hash; | 233 | mac = s->s3->tmp.new_hash; |
| 234 | /* m == NULL will lead to a crash later */ | 234 | /* m == NULL will lead to a crash later */ |
| 235 | OPENSSL_assert(m); | 235 | OPENSSL_assert(mac); |
| 236 | |||
| 236 | #ifndef OPENSSL_NO_COMP | 237 | #ifndef OPENSSL_NO_COMP |
| 237 | if (s->s3->tmp.new_compression == NULL) | 238 | if (s->s3->tmp.new_compression == NULL) |
| 238 | comp = NULL; | 239 | comp = NULL; |
| @@ -249,9 +250,9 @@ ssl3_change_cipher_state(SSL *s, int which) | |||
| 249 | /* make sure it's intialized in case we exit later with an error */ | 250 | /* make sure it's intialized in case we exit later with an error */ |
| 250 | EVP_CIPHER_CTX_init(s->enc_read_ctx); | 251 | EVP_CIPHER_CTX_init(s->enc_read_ctx); |
| 251 | } | 252 | } |
| 252 | dd = s->enc_read_ctx; | 253 | cipher_ctx = s->enc_read_ctx; |
| 253 | 254 | ||
| 254 | if (ssl_replace_hash(&s->read_hash, m) == NULL) | 255 | if (ssl_replace_hash(&s->read_hash, mac) == NULL) |
| 255 | goto err; | 256 | goto err; |
| 256 | 257 | ||
| 257 | #ifndef OPENSSL_NO_COMP | 258 | #ifndef OPENSSL_NO_COMP |
| @@ -283,8 +284,8 @@ ssl3_change_cipher_state(SSL *s, int which) | |||
| 283 | /* make sure it's intialized in case we exit later with an error */ | 284 | /* make sure it's intialized in case we exit later with an error */ |
| 284 | EVP_CIPHER_CTX_init(s->enc_write_ctx); | 285 | EVP_CIPHER_CTX_init(s->enc_write_ctx); |
| 285 | } | 286 | } |
| 286 | dd = s->enc_write_ctx; | 287 | cipher_ctx = s->enc_write_ctx; |
| 287 | if (ssl_replace_hash(&s->write_hash, m) == NULL) | 288 | if (ssl_replace_hash(&s->write_hash, mac) == NULL) |
| 288 | goto err; | 289 | goto err; |
| 289 | 290 | ||
| 290 | #ifndef OPENSSL_NO_COMP | 291 | #ifndef OPENSSL_NO_COMP |
| @@ -306,17 +307,17 @@ ssl3_change_cipher_state(SSL *s, int which) | |||
| 306 | } | 307 | } |
| 307 | 308 | ||
| 308 | if (reuse_dd) | 309 | if (reuse_dd) |
| 309 | EVP_CIPHER_CTX_cleanup(dd); | 310 | EVP_CIPHER_CTX_cleanup(cipher_ctx); |
| 310 | 311 | ||
| 311 | p = s->s3->tmp.key_block; | 312 | p = s->s3->tmp.key_block; |
| 312 | i = EVP_MD_size(m); | 313 | i = EVP_MD_size(mac); |
| 313 | if (i < 0) | 314 | if (i < 0) |
| 314 | goto err2; | 315 | goto err2; |
| 315 | cl = EVP_CIPHER_key_length(c); | 316 | cl = EVP_CIPHER_key_length(cipher); |
| 316 | j = is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? | 317 | j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? |
| 317 | cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; | 318 | cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; |
| 318 | /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ | 319 | /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ |
| 319 | k = EVP_CIPHER_iv_length(c); | 320 | k = EVP_CIPHER_iv_length(cipher); |
| 320 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | 321 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
| 321 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { | 322 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { |
| 322 | ms = &(p[0]); | 323 | ms = &(p[0]); |
| @@ -344,33 +345,34 @@ ssl3_change_cipher_state(SSL *s, int which) | |||
| 344 | goto err2; | 345 | goto err2; |
| 345 | } | 346 | } |
| 346 | 347 | ||
| 347 | EVP_MD_CTX_init(&md); | 348 | EVP_MD_CTX_init(&mac_ctx); |
| 348 | memcpy(mac_secret, ms, i); | 349 | memcpy(mac_secret, ms, i); |
| 349 | if (is_exp) { | 350 | if (is_export) { |
| 350 | /* In here I set both the read and write key/iv to the | 351 | /* In here I set both the read and write key/iv to the |
| 351 | * same value since only the correct one will be used :-). | 352 | * same value since only the correct one will be used :-). |
| 352 | */ | 353 | */ |
| 353 | EVP_DigestInit_ex(&md, EVP_md5(), NULL); | 354 | EVP_DigestInit_ex(&mac_ctx, EVP_md5(), NULL); |
| 354 | EVP_DigestUpdate(&md, key, j); | 355 | EVP_DigestUpdate(&mac_ctx, key, j); |
| 355 | EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); | 356 | EVP_DigestUpdate(&mac_ctx, er1, SSL3_RANDOM_SIZE); |
| 356 | EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); | 357 | EVP_DigestUpdate(&mac_ctx, er2, SSL3_RANDOM_SIZE); |
| 357 | EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL); | 358 | EVP_DigestFinal_ex(&mac_ctx, &(export_key[0]), NULL); |
| 358 | key = &(exp_key[0]); | 359 | key = &(export_key[0]); |
| 359 | 360 | ||
| 360 | if (k > 0) { | 361 | if (k > 0) { |
| 361 | EVP_DigestInit_ex(&md, EVP_md5(), NULL); | 362 | EVP_DigestInit_ex(&mac_ctx, EVP_md5(), NULL); |
| 362 | EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); | 363 | EVP_DigestUpdate(&mac_ctx, er1, SSL3_RANDOM_SIZE); |
| 363 | EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); | 364 | EVP_DigestUpdate(&mac_ctx, er2, SSL3_RANDOM_SIZE); |
| 364 | EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL); | 365 | EVP_DigestFinal_ex(&mac_ctx, &(export_iv[0]), NULL); |
| 365 | iv = &(exp_iv[0]); | 366 | iv = &(export_iv[0]); |
| 366 | } | 367 | } |
| 367 | } | 368 | } |
| 368 | 369 | ||
| 369 | EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); | 370 | EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, |
| 371 | (which & SSL3_CC_WRITE)); | ||
| 370 | 372 | ||
| 371 | OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key)); | 373 | OPENSSL_cleanse(&(export_key[0]), sizeof(export_key)); |
| 372 | OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv)); | 374 | OPENSSL_cleanse(&(export_iv[0]), sizeof(export_iv)); |
| 373 | EVP_MD_CTX_cleanup(&md); | 375 | EVP_MD_CTX_cleanup(&mac_ctx); |
| 374 | return (1); | 376 | return (1); |
| 375 | err: | 377 | err: |
| 376 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); | 378 | SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); |