diff options
| author |   jsing <jsing@openbsd.org> | 2014-06-13 14:58:05 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-06-13 14:58:05 +0000 |
| commit | 40036a07cd13b255eb52c55a1c55415f82c98c14 (patch) | |
| tree | e57203e1fe0527df25a0940e1593b62fa04f5597 /lib/libssl/src | |
| parent | Separate the comression handling from the cipher/message digest handling in (diff) | |
| download | wireguard-openbsd-40036a07cd13b255eb52c55a1c55415f82c98c14.tar.xz wireguard-openbsd-40036a07cd13b255eb52c55a1c55415f82c98c14.zip | |
Do not bother trying to work out of we can reuse a cipher context - just
throw it away and create a new one. This simplifies the code and also
allows ASR to do its thing.
Diffstat (limited to 'lib/libssl/src')
| -rw-r--r-- | lib/libssl/src/ssl/s3_enc.c | 34 |
1 files changed, 12 insertions, 22 deletions
diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c index 0febcff3a17..84370f6789d 100644 --- a/lib/libssl/src/ssl/s3_enc.c +++ b/lib/libssl/src/ssl/s3_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_enc.c,v 1.44 2014/06/13 14:38:13 jsing Exp $ */ +/* $OpenBSD: s3_enc.c,v 1.45 2014/06/13 14:58:05 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -224,7 +224,6 @@ ssl3_change_cipher_state(SSL *s, int which) const EVP_MD *mac; int is_export, n, i, j, k, cl; char is_read; - int reuse_dd = 0; #ifndef OPENSSL_NO_COMP const SSL_COMP *comp; @@ -233,7 +232,8 @@ ssl3_change_cipher_state(SSL *s, int which) is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); cipher = s->s3->tmp.new_sym_enc; mac = s->s3->tmp.new_hash; - /* m == NULL will lead to a crash later */ + + /* mac == NULL will lead to a crash later */ OPENSSL_assert(mac); /* @@ -280,15 +280,11 @@ ssl3_change_cipher_state(SSL *s, int which) #endif if (is_read) { - if (s->enc_read_ctx != NULL) - reuse_dd = 1; - else if ((s->enc_read_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL) + EVP_CIPHER_CTX_free(s->enc_read_ctx); + s->enc_read_ctx = NULL; + if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) goto err; - else { - /* make sure it's intialized in case we exit later with an error */ - EVP_CIPHER_CTX_init(s->enc_read_ctx); - } - cipher_ctx = s->enc_read_ctx; + s->enc_read_ctx = cipher_ctx; if (ssl_replace_hash(&s->read_hash, mac) == NULL) goto err; @@ -296,15 +292,12 @@ ssl3_change_cipher_state(SSL *s, int which) memset(s->s3->read_sequence, 0, SSL3_SEQUENCE_SIZE); mac_secret = &(s->s3->read_mac_secret[0]); } else { - if (s->enc_write_ctx != NULL) - reuse_dd = 1; - else if ((s->enc_write_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL) + EVP_CIPHER_CTX_free(s->enc_write_ctx); + s->enc_write_ctx = NULL; + if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) goto err; - else { - /* make sure it's intialized in case we exit later with an error */ - EVP_CIPHER_CTX_init(s->enc_write_ctx); - } - cipher_ctx = s->enc_write_ctx; + s->enc_write_ctx = cipher_ctx; + if (ssl_replace_hash(&s->write_hash, mac) == NULL) goto err; @@ -312,9 +305,6 @@ ssl3_change_cipher_state(SSL *s, int which) mac_secret = &(s->s3->write_mac_secret[0]); } - if (reuse_dd) - EVP_CIPHER_CTX_cleanup(cipher_ctx); - p = s->s3->tmp.key_block; i = EVP_MD_size(mac); if (i < 0) |