1 files changed, 65 insertions, 78 deletions
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index 712c4647f2..1967e7a95e 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -134,127 +134,114 @@
 *   1: if the record's padding is valid / the encryption was successful.
 *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
 *       an internal error occured. */
-int dtls1_enc(SSL *s, int send)
+int
-        {
+dtls1_enc(SSL *s, int send)
+{
        SSL3_RECORD *rec;
        EVP_CIPHER_CTX *ds;
        unsigned long l;
-        int bs,i,j,k,mac_size=0;
+        int bs, i, j, k, mac_size = 0;
        const EVP_CIPHER *enc;
-        if (send)
+        if (send) {
-                {
+                if (EVP_MD_CTX_md(s->write_hash)) {
-                if (EVP_MD_CTX_md(s->write_hash))
+                        mac_size = EVP_MD_CTX_size(s->write_hash);
-                        {
-                        mac_size=EVP_MD_CTX_size(s->write_hash);
                        if (mac_size < 0)
                                return -1;
-                        }
+                }
-                ds=s->enc_write_ctx;
+                ds = s->enc_write_ctx;
-                rec= &(s->s3->wrec);
+                rec = &(s->s3->wrec);
                if (s->enc_write_ctx == NULL)
-                        enc=NULL;
+                        enc = NULL;
-                else
+                else {
-                        {
+                        enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-                        enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+                        if (rec->data != rec->input)
-                        if ( rec->data != rec->input)
                                /* we can't write into the input stream */
                                fprintf(stderr, "%s:%d: rec->data != rec->input\n",
-                                        __FILE__, __LINE__);
+                                    __FILE__, __LINE__);
-                        else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
+                        else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
-                                {
                                if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
                                        return -1;
-                                }
                        }
                }
-        else
+        } else {
-                {
+                if (EVP_MD_CTX_md(s->read_hash)) {
-                if (EVP_MD_CTX_md(s->read_hash))
+                        mac_size = EVP_MD_CTX_size(s->read_hash);
-                        {
-                        mac_size=EVP_MD_CTX_size(s->read_hash);
                        OPENSSL_assert(mac_size >= 0);
-                        }
+                }
-                ds=s->enc_read_ctx;
+                ds = s->enc_read_ctx;
-                rec= &(s->s3->rrec);
+                rec = &(s->s3->rrec);
                if (s->enc_read_ctx == NULL)
-                        enc=NULL;
+                        enc = NULL;
                else
-                        enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+                        enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-                }
+        }
 #ifdef KSSL_DEBUG
        printf("dtls1_enc(%d)\n", send);
 #endif    /* KSSL_DEBUG */
-        if ((s->session == NULL) || (ds == NULL) ||
+        if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
-                (enc == NULL))
+                memmove(rec->data, rec->input, rec->length);
-                {
+                rec->input = rec->data;
-                memmove(rec->data,rec->input,rec->length);
+        } else {
-                rec->input=rec->data;
+                l = rec->length;
-                }
+                bs = EVP_CIPHER_block_size(ds->cipher);
-        else
-                {
-                l=rec->length;
-                bs=EVP_CIPHER_block_size(ds->cipher);
-                if ((bs != 1) && send)
+                if ((bs != 1) && send) {
-                        {
+                        i = bs - ((int)l % bs);
-                        i=bs-((int)l%bs);
                        /* Add weird padding of upto 256 bytes */
                        /* we need to add 'i' padding bytes of value j */
-                        j=i-1;
+                        j = i - 1;
-                        if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
+                        if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) {
-                                {
                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
                                        j++;
-                                }
-                        for (k=(int)l; k<(int)(l+i); k++)
-                                rec->input[k]=j;
-                        l+=i;
-                        rec->length+=i;
                        }
+                        for (k = (int)l; k < (int)(l + i); k++)
+                                rec->input[k] = j;
+                        l += i;
+                        rec->length += i;
+                }
 #ifdef KSSL_DEBUG
                {
-                unsigned long ui;
+                        unsigned long ui;
-                printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+                        printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
-                        ds,rec->data,rec->input,l);
+                        ds, rec->data, rec->input, l);
-                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+                        printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
-                        ds->buf_len, ds->cipher->key_len,
+                        ds->buf_len, ds->cipher->key_len,
-                        DES_KEY_SZ, DES_SCHEDULE_SZ,
+                        DES_KEY_SZ, DES_SCHEDULE_SZ,
-                        ds->cipher->iv_len);
+                        ds->cipher->iv_len);
-                printf("\t\tIV: ");
+                        printf("\t\tIV: ");
-                for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
+                        for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
-                printf("\n");
+                                printf("\n");
-                printf("\trec->input=");
+                        printf("\trec->input=");
-                for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
+                        for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
-                printf("\n");
+                                printf("\n");
                }
 #endif  /* KSSL_DEBUG */
-                if (!send)
+                if (!send) {
-                        {
+                        if (l == 0 || l % bs != 0)
-                        if (l == 0 || l%bs != 0)
                                return 0;
-                        }
+                }
-                
-                EVP_Cipher(ds,rec->data,rec->input,l);
+                EVP_Cipher(ds, rec->data, rec->input, l);
 #ifdef KSSL_DEBUG
                {
-                unsigned long i;
+                        unsigned long i;
-                printf("\trec->data=");
+                        printf("\trec->data=");
-                for (i=0; i<l; i++)
+                        for (i = 0; i < l; i++)
-                        printf(" %02x", rec->data[i]);  printf("\n");
+                                printf(" %02x", rec->data[i]);  printf("\n");
-                }
+                }
 #endif  /* KSSL_DEBUG */
                if ((bs != 1) && !send)
                        return tls1_cbc_remove_padding(s, rec, bs, mac_size);
-                }
-        return(1);
        }
+        return (1);
+}

diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c index 712c4647f2..1967e7a95e 100644 --- a/src/lib/libssl/d1_enc.c +++ b/src/lib/libssl/d1_enc.c
@@ -134,127 +134,114 @@
134	* 1: if the record's padding is valid / the encryption was successful.	134	* 1: if the record's padding is valid / the encryption was successful.
135	* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,	135	* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
136	* an internal error occured. */	136	* an internal error occured. */
137	int dtls1_enc(SSL *s, int send)	137	int
138	{	138	dtls1_enc(SSL *s, int send)
		139	{
139	SSL3_RECORD *rec;	140	SSL3_RECORD *rec;
140	EVP_CIPHER_CTX *ds;	141	EVP_CIPHER_CTX *ds;
141	unsigned long l;	142	unsigned long l;
142	int bs,i,j,k,mac_size=0;	143	int bs, i, j, k, mac_size = 0;
143	const EVP_CIPHER *enc;	144	const EVP_CIPHER *enc;
144		145
145	if (send)	146	if (send) {
146	{	147	if (EVP_MD_CTX_md(s->write_hash)) {
147	if (EVP_MD_CTX_md(s->write_hash))	148	mac_size = EVP_MD_CTX_size(s->write_hash);
148	{
149	mac_size=EVP_MD_CTX_size(s->write_hash);
150	if (mac_size < 0)	149	if (mac_size < 0)
151	return -1;	150	return -1;
152	}	151	}
153	ds=s->enc_write_ctx;	152	ds = s->enc_write_ctx;
154	rec= &(s->s3->wrec);	153	rec = &(s->s3->wrec);
155	if (s->enc_write_ctx == NULL)	154	if (s->enc_write_ctx == NULL)
156	enc=NULL;	155	enc = NULL;
157	else	156	else {
158	{	157	enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
159	enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);	158	if (rec->data != rec->input)
160	if ( rec->data != rec->input)
161	/* we can't write into the input stream */	159	/* we can't write into the input stream */
162	fprintf(stderr, "%s:%d: rec->data != rec->input\n",	160	fprintf(stderr, "%s:%d: rec->data != rec->input\n",
163	__FILE__, __LINE__);	161	__FILE__, __LINE__);
164	else if ( EVP_CIPHER_block_size(ds->cipher) > 1)	162	else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
165	{
166	if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)	163	if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
167	return -1;	164	return -1;
168	}
169	}	165	}
170	}	166	}
171	else	167	} else {
172	{	168	if (EVP_MD_CTX_md(s->read_hash)) {
173	if (EVP_MD_CTX_md(s->read_hash))	169	mac_size = EVP_MD_CTX_size(s->read_hash);
174	{
175	mac_size=EVP_MD_CTX_size(s->read_hash);
176	OPENSSL_assert(mac_size >= 0);	170	OPENSSL_assert(mac_size >= 0);
177	}	171	}
178	ds=s->enc_read_ctx;	172	ds = s->enc_read_ctx;
179	rec= &(s->s3->rrec);	173	rec = &(s->s3->rrec);
180	if (s->enc_read_ctx == NULL)	174	if (s->enc_read_ctx == NULL)
181	enc=NULL;	175	enc = NULL;
182	else	176	else
183	enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);	177	enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
184	}	178	}
185		179
186	#ifdef KSSL_DEBUG	180	#ifdef KSSL_DEBUG
187	printf("dtls1_enc(%d)\n", send);	181	printf("dtls1_enc(%d)\n", send);
188	#endif /* KSSL_DEBUG */	182	#endif /* KSSL_DEBUG */
189		183
190	if ((s->session == NULL) \|\| (ds == NULL) \|\|	184	if ((s->session == NULL) \|\| (ds == NULL) \|\| (enc == NULL)) {
191	(enc == NULL))	185	memmove(rec->data, rec->input, rec->length);
192	{	186	rec->input = rec->data;
193	memmove(rec->data,rec->input,rec->length);	187	} else {
194	rec->input=rec->data;	188	l = rec->length;
195	}	189	bs = EVP_CIPHER_block_size(ds->cipher);
196	else
197	{
198	l=rec->length;
199	bs=EVP_CIPHER_block_size(ds->cipher);
200		190
201	if ((bs != 1) && send)	191	if ((bs != 1) && send) {
202	{	192	i = bs - ((int)l % bs);
203	i=bs-((int)l%bs);
204		193
205	/* Add weird padding of upto 256 bytes */	194	/* Add weird padding of upto 256 bytes */
206		195
207	/* we need to add 'i' padding bytes of value j */	196	/* we need to add 'i' padding bytes of value j */
208	j=i-1;	197	j = i - 1;
209	if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)	198	if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) {
210	{
211	if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)	199	if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
212	j++;	200	j++;
213	}
214	for (k=(int)l; k<(int)(l+i); k++)
215	rec->input[k]=j;
216	l+=i;
217	rec->length+=i;
218	}	201	}
		202	for (k = (int)l; k < (int)(l + i); k++)
		203	rec->input[k] = j;
		204	l += i;
		205	rec->length += i;
		206	}
219		207
220	#ifdef KSSL_DEBUG	208	#ifdef KSSL_DEBUG
221	{	209	{
222	unsigned long ui;	210	unsigned long ui;
223	printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",	211	printf("EVP_Cipher(ds=%p, rec->data=%p, rec->input=%p, l=%ld) ==>\n",
224	ds,rec->data,rec->input,l);	212	ds, rec->data, rec->input, l);
225	printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",	213	printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
226	ds->buf_len, ds->cipher->key_len,	214	ds->buf_len, ds->cipher->key_len,
227	DES_KEY_SZ, DES_SCHEDULE_SZ,	215	DES_KEY_SZ, DES_SCHEDULE_SZ,
228	ds->cipher->iv_len);	216	ds->cipher->iv_len);
229	printf("\t\tIV: ");	217	printf("\t\tIV: ");
230	for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);	218	for (i = 0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
231	printf("\n");	219	printf("\n");
232	printf("\trec->input=");	220	printf("\trec->input=");
233	for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);	221	for (ui = 0; ui<l; ui++) printf(" %02x", rec->input[ui]);
234	printf("\n");	222	printf("\n");
235	}	223	}
236	#endif /* KSSL_DEBUG */	224	#endif /* KSSL_DEBUG */
237		225
238	if (!send)	226	if (!send) {
239	{	227	if (l == 0 \|\| l % bs != 0)
240	if (l == 0 \|\| l%bs != 0)
241	return 0;	228	return 0;
242	}	229	}
243		230
244	EVP_Cipher(ds,rec->data,rec->input,l);	231	EVP_Cipher(ds, rec->data, rec->input, l);
245		232
246	#ifdef KSSL_DEBUG	233	#ifdef KSSL_DEBUG
247	{	234	{
248	unsigned long i;	235	unsigned long i;
249	printf("\trec->data=");	236	printf("\trec->data=");
250	for (i=0; i<l; i++)	237	for (i = 0; i < l; i++)
251	printf(" %02x", rec->data[i]); printf("\n");	238	printf(" %02x", rec->data[i]); printf("\n");
252	}	239	}
253	#endif /* KSSL_DEBUG */	240	#endif /* KSSL_DEBUG */
254		241
255	if ((bs != 1) && !send)	242	if ((bs != 1) && !send)
256	return tls1_cbc_remove_padding(s, rec, bs, mac_size);	243	return tls1_cbc_remove_padding(s, rec, bs, mac_size);
257	}
258	return(1);
259	}	244	}
		245	return (1);
		246	}
260		247