diff options
| author |   jsing <jsing@openbsd.org> | 2014-05-25 13:27:38 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-05-25 13:27:38 +0000 |
| commit | 4c360d9e278e54ef82a65fe88012fcc01258f3a2 (patch) | |
| tree | 71bb950e6734496a42cf3e34be2881a4d714b139 /lib/libssl/t1_enc.c | |
| parent | Whitespace fixes to align define values. (diff) | |
| download | wireguard-openbsd-4c360d9e278e54ef82a65fe88012fcc01258f3a2.tar.xz wireguard-openbsd-4c360d9e278e54ef82a65fe88012fcc01258f3a2.zip | |
The ssl_ciper_get_evp() function is currently overloaded to also return the
compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.
Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.
ok miod@
Diffstat (limited to 'lib/libssl/t1_enc.c')
| -rw-r--r-- | lib/libssl/t1_enc.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 25991220789..5f17a4a94a2 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -532,12 +532,19 @@ tls1_setup_key_block(SSL *s) int mac_type = NID_undef, mac_secret_size = 0; int ret = 0; - if (s->s3->tmp.key_block_length != 0) return (1); - if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, &mac_secret_size, &comp)) { - SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + if (!ssl_cipher_get_comp(s->session, &comp)) { + SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, + SSL_R_CIPHER_COMPRESSION_UNAVAILABLE); + return (0); + } + + if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, + &mac_secret_size)) { + SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, + SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return (0); } |