generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixups.

Browse Source
This commit is contained in:
Ben Laurie
2013-01-30 16:56:30 +00:00
committed by Dr. Stephen Henson
parent a33e6702a0
commit 2928cb4c82
8 changed files with 32 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/evp/c_allc.c
View File

@@ -194,7 +194,6 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
#endif #endif
#endif
#ifndef OPENSSL_NO_CAMELLIA #ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_ecb()); EVP_add_cipher(EVP_camellia_128_ecb());

8
ssl/d1_enc.c
View File

@@ -136,9 +136,9 @@ int dtls1_enc(SSL *s, int send)
if (send) if (send)
{ {
if (EVP_MD_CTX_md(s->write_hash)) if (s->write_hash)
{ {
mac_size=EVP_MD_CTX_size(s->write_hash); mac_size=EVP_MD_size(s->write_hash);
if (mac_size < 0) if (mac_size < 0)
return -1; return -1;
} }
@@ -162,9 +162,9 @@ int dtls1_enc(SSL *s, int send)
} }
else else
{ {
if (EVP_MD_CTX_md(s->read_hash)) if (s->read_hash)
{ {
mac_size=EVP_MD_CTX_size(s->read_hash); mac_size=EVP_MD_size(s->read_hash);
if (mac_size < 0) if (mac_size < 0)
return -1; return -1;
} }

1
ssl/d1_pkt.c
View File

@@ -336,6 +336,7 @@ dtls1_process_record(SSL *s)
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
int decryption_failed_or_bad_record_mac = 0; int decryption_failed_or_bad_record_mac = 0;
unsigned char *mac = NULL; unsigned char *mac = NULL;
int i;
rr= &(s->s3->rrec); rr= &(s->s3->rrec);

13
ssl/s3_cbc.c
View File

@@ -139,8 +139,7 @@ int tls1_cbc_remove_padding(const SSL* s,
unsigned mac_size) unsigned mac_size)
{ {
unsigned padding_length, good, to_check, i; unsigned padding_length, good, to_check, i;
const char has_explicit_iv = const char has_explicit_iv = s->version == DTLS1_VERSION;
s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION;
const unsigned overhead = 1 /* padding length byte */ + const unsigned overhead = 1 /* padding length byte */ +
mac_size + mac_size +
(has_explicit_iv ? block_size : 0); (has_explicit_iv ? block_size : 0);
@@ -366,9 +365,9 @@ static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
* which ssl3_cbc_digest_record supports. */ * which ssl3_cbc_digest_record supports. */
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) char ssl3_cbc_record_digest_supported(const EVP_MD *digest)
{ {
switch (ctx->digest->type) switch (digest->type)
{ {
case NID_md5: case NID_md5:
case NID_sha1: case NID_sha1:
@@ -402,7 +401,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
* a padding byte and MAC. (If the padding was invalid, it might contain the * a padding byte and MAC. (If the padding was invalid, it might contain the
* padding too. ) */ * padding too. ) */
void ssl3_cbc_digest_record( void ssl3_cbc_digest_record(
const EVP_MD_CTX *ctx, const EVP_MD *digest,
unsigned char* md_out, unsigned char* md_out,
size_t* md_out_size, size_t* md_out_size,
const unsigned char header[13], const unsigned char header[13],
@@ -436,7 +435,7 @@ void ssl3_cbc_digest_record(
* many possible overflows later in this function. */ * many possible overflows later in this function. */
OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
switch (ctx->digest->type) switch (digest->type)
{ {
case NID_md5: case NID_md5:
MD5_Init((MD5_CTX*)md_state); MD5_Init((MD5_CTX*)md_state);
@@ -670,7 +669,7 @@ void ssl3_cbc_digest_record(
} }
EVP_MD_CTX_init(&md_ctx); EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */); EVP_DigestInit_ex(&md_ctx, digest, NULL /* engine */);
if (is_sslv3) if (is_sslv3)
{ {
/* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */

8
ssl/s3_enc.c
View File

@@ -501,8 +501,8 @@ int ssl3_enc(SSL *s, int send)
rec->orig_len = rec->length; rec->orig_len = rec->length;
if (EVP_MD_CTX_md(s->read_hash) != NULL) if (s->read_hash != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash); mac_size = EVP_MD_size(s->read_hash);
if ((bs != 1) && !send) if ((bs != 1) && !send)
return ssl3_cbc_remove_padding(s, rec, bs, mac_size); return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
} }
@@ -643,7 +643,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
/* Chop the digest off the end :-) */ /* Chop the digest off the end :-) */
EVP_MD_CTX_init(&md_ctx); EVP_MD_CTX_init(&md_ctx);
EVP_MD_CTX_copy_ex( &md_ctx,hash); EVP_DigestInit_ex( &md_ctx,hash, NULL);
EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
EVP_DigestUpdate(&md_ctx,seq,8); EVP_DigestUpdate(&md_ctx,seq,8);
@@ -655,7 +655,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
EVP_DigestUpdate(&md_ctx,rec->input,rec->length); EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
EVP_DigestFinal_ex( &md_ctx,md,NULL); EVP_DigestFinal_ex( &md_ctx,md,NULL);
EVP_MD_CTX_copy_ex( &md_ctx,hash); EVP_DigestInit_ex( &md_ctx,hash, NULL);
EVP_DigestUpdate(&md_ctx,mac_sec,md_size); EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
EVP_DigestUpdate(&md_ctx,md,md_size); EVP_DigestUpdate(&md_ctx,md,md_size);

2
ssl/s3_pkt.c
View File

@@ -377,7 +377,7 @@ printf("\n");
/* !clear => s->read_hash != NULL => mac_size != -1 */ /* !clear => s->read_hash != NULL => mac_size != -1 */
unsigned char *mac = NULL; unsigned char *mac = NULL;
unsigned char mac_tmp[EVP_MAX_MD_SIZE]; unsigned char mac_tmp[EVP_MAX_MD_SIZE];
mac_size=EVP_MD_CTX_size(s->read_hash); mac_size=EVP_MD_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
/* orig_len is the length of the record before any padding was /* orig_len is the length of the record before any padding was

4
ssl/ssl_locl.h
View File

@@ -1023,9 +1023,9 @@ int tls1_cbc_remove_padding(const SSL* s,
SSL3_RECORD *rec, SSL3_RECORD *rec,
unsigned block_size, unsigned block_size,
unsigned mac_size); unsigned mac_size);
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); char ssl3_cbc_record_digest_supported(const EVP_MD *hash);
void ssl3_cbc_digest_record( void ssl3_cbc_digest_record(
const EVP_MD_CTX *ctx, const EVP_MD *hash,
unsigned char* md_out, unsigned char* md_out,
size_t* md_out_size, size_t* md_out_size,
const unsigned char header[13], const unsigned char header[13],

29
ssl/t1_enc.c
View File

@@ -631,8 +631,8 @@ int tls1_enc(SSL *s, int send)
rec->orig_len = rec->length; rec->orig_len = rec->length;
ret = 1; ret = 1;
if (EVP_MD_CTX_md(s->read_hash) != NULL) if (s->read_hash != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash); mac_size = EVP_MD_size(s->read_hash);
if ((bs != 1) && !send) if ((bs != 1) && !send)
ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
if (pad && !send) if (pad && !send)
@@ -686,12 +686,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
SSL3_RECORD *rec; SSL3_RECORD *rec;
unsigned char *mac_sec,*seq; unsigned char *mac_sec,*seq;
const EVP_MD *hash; const EVP_MD *hash;
unsigned int md_size; size_t md_size;
int i; int i;
EVP_MD_CTX hmac, *mac_ctx; HMAC_CTX hmac;
unsigned char header[13]; unsigned char header[13];
int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
int t;
if (send) if (send)
{ {
@@ -734,31 +732,32 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
if (!send && if (!send &&
EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
ssl3_cbc_record_digest_supported(mac_ctx)) ssl3_cbc_record_digest_supported(hash))
{ {
/* This is a CBC-encrypted record. We must avoid leaking any /* This is a CBC-encrypted record. We must avoid leaking any
* timing-side channel information about how many blocks of * timing-side channel information about how many blocks of
* data we are hashing because that gives an attacker a * data we are hashing because that gives an attacker a
* timing-oracle. */ * timing-oracle. */
ssl3_cbc_digest_record( ssl3_cbc_digest_record(
mac_ctx, hash,
md, &md_size, md, &md_size,
header, rec->input, header, rec->input,
rec->length + md_size, rec->orig_len, rec->length + md_size, rec->orig_len,
ssl->s3->read_mac_secret, ssl->s3->read_mac_secret,
ssl->s3->read_mac_secret_size, EVP_MD_size(ssl->read_hash),
0 /* not SSLv3 */); 0 /* not SSLv3 */);
} }
else else
{ {
EVP_DigestSignUpdate(mac_ctx,header,sizeof(header)); unsigned mds;
EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
t=EVP_DigestSignFinal(mac_ctx,md,&md_size); HMAC_Update(&hmac,header,sizeof(header));
OPENSSL_assert(t > 0); HMAC_Update(&hmac,rec->input,rec->length);
HMAC_Final(&hmac,md,&mds);
md_size = mds;
} }
if (!stream_mac) HMAC_CTX_cleanup(&hmac);
EVP_MD_CTX_cleanup(&hmac);
#ifdef TLS_DEBUG #ifdef TLS_DEBUG
printf("sec="); printf("sec=");
{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); } {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }