The ssl_ciper_get_evp() function is currently overloaded to also return the

compression associated with the SSL session. Based on one of Adam Langley's
chromium diffs, factor out the compression handling code into a separate
ssl_cipher_get_comp() function.

Rewrite the compression handling code to avoid pointless duplication and so
that failures are actually returned to and detectable by the caller.

ok miod@

1 files changed, 10 insertions, 3 deletions

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 2599122078..5f17a4a94a 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -532,12 +532,19 @@ tls1_setup_key_block(SSL *s)
         int mac_type = NID_undef, mac_secret_size = 0;
         int ret = 0;
 
-
         if (s->s3->tmp.key_block_length != 0)
                 return (1);
 
-        if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, &mac_secret_size, &comp)) {
-                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        if (!ssl_cipher_get_comp(s->session, &comp)) {
+                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,
+                    SSL_R_CIPHER_COMPRESSION_UNAVAILABLE);
+                return (0);
+        }
+
+        if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type,
+            &mac_secret_size)) {
+                SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,
+                    SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
                 return (0);
         }