s2_enc.c revision 167615
155714Skris/* ssl/s2_enc.c */
255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
355714Skris * All rights reserved.
455714Skris *
555714Skris * This package is an SSL implementation written
655714Skris * by Eric Young (eay@cryptsoft.com).
755714Skris * The implementation was written so as to conform with Netscapes SSL.
855714Skris *
955714Skris * This library is free for commercial and non-commercial use as long as
1055714Skris * the following conditions are aheared to.  The following conditions
1155714Skris * apply to all code found in this distribution, be it the RC4, RSA,
1255714Skris * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
1355714Skris * included with this distribution is covered by the same copyright terms
1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1555714Skris *
1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in
1755714Skris * the code are not to be removed.
1855714Skris * If this package is used in a product, Eric Young should be given attribution
1955714Skris * as the author of the parts of the library used.
2055714Skris * This can be in the form of a textual message at program startup or
2155714Skris * in documentation (online or textual) provided with the package.
2255714Skris *
2355714Skris * Redistribution and use in source and binary forms, with or without
2455714Skris * modification, are permitted provided that the following conditions
2555714Skris * are met:
2655714Skris * 1. Redistributions of source code must retain the copyright
2755714Skris *    notice, this list of conditions and the following disclaimer.
2855714Skris * 2. Redistributions in binary form must reproduce the above copyright
2955714Skris *    notice, this list of conditions and the following disclaimer in the
3055714Skris *    documentation and/or other materials provided with the distribution.
3155714Skris * 3. All advertising materials mentioning features or use of this software
3255714Skris *    must display the following acknowledgement:
3355714Skris *    "This product includes cryptographic software written by
3455714Skris *     Eric Young (eay@cryptsoft.com)"
3555714Skris *    The word 'cryptographic' can be left out if the rouines from the library
3655714Skris *    being used are not cryptographic related :-).
3755714Skris * 4. If you include any Windows specific code (or a derivative thereof) from
3855714Skris *    the apps directory (application code) you must include an acknowledgement:
3955714Skris *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
4055714Skris *
4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
4455714Skris * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
5155714Skris * SUCH DAMAGE.
5255714Skris *
5355714Skris * The licence and distribution terms for any publically available version or
5455714Skris * derivative of this code cannot be changed.  i.e. this code cannot simply be
5555714Skris * copied and put under another distribution licence
5655714Skris * [including the GNU Public Licence.]
5755714Skris */
5855714Skris
5959194Skris#include "ssl_locl.h"
60110007Smarkm#ifndef OPENSSL_NO_SSL2
6155714Skris#include <stdio.h>
6255714Skris
6355714Skrisint ssl2_enc_init(SSL *s, int client)
6455714Skris	{
6555714Skris	/* Max number of bytes needed */
6655714Skris	EVP_CIPHER_CTX *rs,*ws;
6755714Skris	const EVP_CIPHER *c;
6855714Skris	const EVP_MD *md;
6955714Skris	int num;
7055714Skris
7155714Skris	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
7255714Skris		{
7355714Skris		ssl2_return_error(s,SSL2_PE_NO_CIPHER);
7455714Skris		SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
7555714Skris		return(0);
7655714Skris		}
7755714Skris
7855714Skris	s->read_hash=md;
7955714Skris	s->write_hash=md;
8055714Skris
8155714Skris	if ((s->enc_read_ctx == NULL) &&
8255714Skris		((s->enc_read_ctx=(EVP_CIPHER_CTX *)
8368654Skris		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
8455714Skris		goto err;
85167615Ssimon
86167615Ssimon	/* make sure it's intialized in case the malloc for enc_write_ctx fails
87167615Ssimon	 * and we exit with an error */
88167615Ssimon	rs= s->enc_read_ctx;
89167615Ssimon	EVP_CIPHER_CTX_init(rs);
90167615Ssimon
9155714Skris	if ((s->enc_write_ctx == NULL) &&
9255714Skris		((s->enc_write_ctx=(EVP_CIPHER_CTX *)
9368654Skris		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
9455714Skris		goto err;
9555714Skris
9655714Skris	ws= s->enc_write_ctx;
9755714Skris	EVP_CIPHER_CTX_init(ws);
9855714Skris
9955714Skris	num=c->key_len;
10055714Skris	s->s2->key_material_length=num*2;
101110007Smarkm	OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
10255714Skris
103101621Snectar	if (ssl2_generate_key_material(s) <= 0)
104101621Snectar		return 0;
10555714Skris
106160817Ssimon	OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));
107110007Smarkm	EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
10855714Skris		s->session->key_arg);
109110007Smarkm	EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
11055714Skris		s->session->key_arg);
11155714Skris	s->s2->read_key=  &(s->s2->key_material[(client)?0:num]);
11255714Skris	s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
11355714Skris	return(1);
11455714Skriserr:
11555714Skris	SSLerr(SSL_F_SSL2_ENC_INIT,ERR_R_MALLOC_FAILURE);
11655714Skris	return(0);
11755714Skris	}
11855714Skris
11955714Skris/* read/writes from s->s2->mac_data using length for encrypt and
12089840Skris * decrypt.  It sets s->s2->padding and s->[rw]length
12189840Skris * if we are encrypting */
12255714Skrisvoid ssl2_enc(SSL *s, int send)
12355714Skris	{
12455714Skris	EVP_CIPHER_CTX *ds;
12555714Skris	unsigned long l;
12655714Skris	int bs;
12755714Skris
12855714Skris	if (send)
12955714Skris		{
13055714Skris		ds=s->enc_write_ctx;
13155714Skris		l=s->s2->wlength;
13255714Skris		}
13355714Skris	else
13455714Skris		{
13555714Skris		ds=s->enc_read_ctx;
13655714Skris		l=s->s2->rlength;
13755714Skris		}
13855714Skris
13955714Skris	/* check for NULL cipher */
14055714Skris	if (ds == NULL) return;
14155714Skris
14255714Skris
14355714Skris	bs=ds->cipher->block_size;
14455714Skris	/* This should be using (bs-1) and bs instead of 7 and 8, but
14555714Skris	 * what the hell. */
14655714Skris	if (bs == 8)
14755714Skris		l=(l+7)/8*8;
14855714Skris
14955714Skris	EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
15055714Skris	}
15155714Skris
15255714Skrisvoid ssl2_mac(SSL *s, unsigned char *md, int send)
15355714Skris	{
15455714Skris	EVP_MD_CTX c;
15555714Skris	unsigned char sequence[4],*p,*sec,*act;
15655714Skris	unsigned long seq;
15755714Skris	unsigned int len;
15855714Skris
15955714Skris	if (send)
16055714Skris		{
16155714Skris		seq=s->s2->write_sequence;
16255714Skris		sec=s->s2->write_key;
16355714Skris		len=s->s2->wact_data_length;
16455714Skris		act=s->s2->wact_data;
16555714Skris		}
16655714Skris	else
16755714Skris		{
16855714Skris		seq=s->s2->read_sequence;
16955714Skris		sec=s->s2->read_key;
17055714Skris		len=s->s2->ract_data_length;
17155714Skris		act=s->s2->ract_data;
17255714Skris		}
17355714Skris
17455714Skris	p= &(sequence[0]);
17555714Skris	l2n(seq,p);
17655714Skris
17755714Skris	/* There has to be a MAC algorithm. */
178110007Smarkm	EVP_MD_CTX_init(&c);
179110007Smarkm	EVP_DigestInit_ex(&c, s->read_hash, NULL);
18055714Skris	EVP_DigestUpdate(&c,sec,
18155714Skris		EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
18255714Skris	EVP_DigestUpdate(&c,act,len);
18355714Skris	/* the above line also does the pad data */
18455714Skris	EVP_DigestUpdate(&c,sequence,4);
185110007Smarkm	EVP_DigestFinal_ex(&c,md,NULL);
186110007Smarkm	EVP_MD_CTX_cleanup(&c);
18755714Skris	}
188110007Smarkm#else /* !OPENSSL_NO_SSL2 */
18955714Skris
19059194Skris# if PEDANTIC
19159194Skrisstatic void *dummy=&dummy;
19259194Skris# endif
19359194Skris
19455949Skris#endif
195