diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-06-19 22:30:40 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-06-19 22:30:40 +0000 |
commit | 323f289c480b0a8eb15ed3be2befbcc0f86e8904 (patch) | |
tree | a8f18dde28ce3c77b7bff50c2b45a44c556dfed4 /ssl | |
parent | a45e4a5537e009761652db0d9aa1ef28b1ce8937 (diff) |
Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().
Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s2_lib.c | 16 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 2 | ||||
-rw-r--r-- | ssl/s3_enc.c | 48 | ||||
-rw-r--r-- | ssl/s3_lib.c | 2 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 2 | ||||
-rw-r--r-- | ssl/t1_enc.c | 7 |
6 files changed, 35 insertions, 42 deletions
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 09fde61b5b..40ca3779bf 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -61,7 +61,7 @@ #include <stdio.h> #include <openssl/rsa.h> #include <openssl/objects.h> -#include <openssl/md5.h> +#include <openssl/evp.h> static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -415,7 +415,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) void ssl2_generate_key_material(SSL *s) { unsigned int i; - MD5_CTX ctx; + EVP_MD_CTX ctx; unsigned char *km; unsigned char c='0'; @@ -427,14 +427,14 @@ void ssl2_generate_key_material(SSL *s) km=s->s2->key_material; for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) { - MD5_Init(&ctx); + EVP_DigestInit(&ctx,EVP_md5()); - MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); - MD5_Update(&ctx,&c,1); + EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); + EVP_DigestUpdate(&ctx,&c,1); c++; - MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length); - MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length); - MD5_Final(km,&ctx); + EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); + EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); + EVP_DigestFinal(&ctx,km,NULL); km+=MD5_DIGEST_LENGTH; } } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 625e1ae276..a700c64417 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -60,8 +60,6 @@ #include <openssl/buffer.h> #include <openssl/rand.h> #include <openssl/objects.h> -#include <openssl/md5.h> -#include <openssl/sha.h> #include <openssl/evp.h> #include "ssl_locl.h" diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index d1c1946e54..2fbfead2cf 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -57,8 +57,6 @@ */ #include <stdio.h> -#include <openssl/md5.h> -#include <openssl/sha.h> #include <openssl/evp.h> #include "ssl_locl.h" @@ -83,8 +81,8 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { - MD5_CTX m5; - SHA_CTX s1; + EVP_MD_CTX m5; + EVP_MD_CTX s1; unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; unsigned char c='A'; int i,j,k; @@ -106,25 +104,25 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) for (j=0; j<k; j++) buf[j]=c; c++; - SHA1_Init( &s1); - SHA1_Update(&s1,buf,k); - SHA1_Update(&s1,s->session->master_key, + EVP_DigestInit(&s1,EVP_sha1()); + EVP_DigestUpdate(&s1,buf,k); + EVP_DigestUpdate(&s1,s->session->master_key, s->session->master_key_length); - SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); - SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); - SHA1_Final( smd,&s1); + EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE); + EVP_DigestFinal(&s1,smd,NULL); - MD5_Init( &m5); - MD5_Update(&m5,s->session->master_key, + EVP_DigestInit(&m5,EVP_md5()); + EVP_DigestUpdate(&m5,s->session->master_key, s->session->master_key_length); - MD5_Update(&m5,smd,SHA_DIGEST_LENGTH); + EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); if ((i+MD5_DIGEST_LENGTH) > num) { - MD5_Final(smd,&m5); + EVP_DigestFinal(&m5,smd,NULL); memcpy(km,smd,(num-i)); } else - MD5_Final(km,&m5); + EVP_DigestFinal(&m5,km,NULL); km+=MD5_DIGEST_LENGTH; } @@ -142,7 +140,7 @@ int ssl3_change_cipher_state(SSL *s, int which) const EVP_CIPHER *c; COMP_METHOD *comp; const EVP_MD *m; - MD5_CTX md; + EVP_MD_CTX md; int exp,n,i,j,k,cl; exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); @@ -252,19 +250,19 @@ int ssl3_change_cipher_state(SSL *s, int which) /* In here I set both the read and write key/iv to the * same value since only the correct one will be used :-). */ - MD5_Init(&md); - MD5_Update(&md,key,j); - MD5_Update(&md,er1,SSL3_RANDOM_SIZE); - MD5_Update(&md,er2,SSL3_RANDOM_SIZE); - MD5_Final(&(exp_key[0]),&md); + EVP_DigestInit(&md,EVP_md5()); + EVP_DigestUpdate(&md,key,j); + EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); + EVP_DigestFinal(&md,&(exp_key[0]),NULL); key= &(exp_key[0]); if (k > 0) { - MD5_Init(&md); - MD5_Update(&md,er1,SSL3_RANDOM_SIZE); - MD5_Update(&md,er2,SSL3_RANDOM_SIZE); - MD5_Final(&(exp_iv[0]),&md); + EVP_DigestInit(&md,EVP_md5()); + EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE); + EVP_DigestFinal(&md,&(exp_iv[0]),NULL); iv= &(exp_iv[0]); } } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 31f4f80779..1c57296297 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -110,8 +110,6 @@ */ #include <stdio.h> -#include <openssl/md5.h> -#include <openssl/sha.h> #include <openssl/objects.h> #include "ssl_locl.h" diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 0b0eceedb0..09fcc59d00 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -64,8 +64,6 @@ #include <openssl/buffer.h> #include <openssl/rand.h> #include <openssl/objects.h> -#include <openssl/md5.h> -#include <openssl/sha.h> #include <openssl/evp.h> #include <openssl/x509.h> #include "ssl_locl.h" diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index d3a15e3441..97d92cacd0 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -58,8 +58,6 @@ #include <stdio.h> #include <openssl/comp.h> -#include <openssl/md5.h> -#include <openssl/sha.h> #include <openssl/evp.h> #include <openssl/hmac.h> #include "ssl_locl.h" @@ -78,6 +76,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, chunk=EVP_MD_size(md); HMAC_Init(&ctx,sec,sec_len,md); + HMAC_Init(&ctx_tmp,sec,sec_len,md); HMAC_Update(&ctx,seed,seed_len); HMAC_Final(&ctx,A1,&A1_len); @@ -85,8 +84,9 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, for (;;) { HMAC_Init(&ctx,NULL,0,NULL); /* re-init */ + HMAC_Init(&ctx_tmp,NULL,0,NULL); /* re-init */ HMAC_Update(&ctx,A1,A1_len); - memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */ + HMAC_Update(&ctx_tmp,A1,A1_len); HMAC_Update(&ctx,seed,seed_len); if (olen > chunk) @@ -642,6 +642,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) HMAC_Update(&hmac,buf,5); HMAC_Update(&hmac,rec->input,rec->length); HMAC_Final(&hmac,md,&md_size); + HMAC_cleanup(&hmac); #ifdef TLS_DEBUG printf("sec="); |