Do not bother trying to work out of we can reuse a cipher context - just

throw it away and create a new one. This simplifies the code and also allows ASR to do its thing.
author: jsing <> 2014-06-13 14:58:05 +0000
committer: jsing <> 2014-06-13 14:58:05 +0000
commit: 5a2cd654e09ed69a130162cce3a7076fdfbf1011 (patch)
tree: 4c4d39b026966ee75cf692c5def87853e69fdb56 /src
parent: 8a392e36364ed100812ad02b1ab9ff0706b4f9f3 (diff)
download: openbsd-5a2cd654e09ed69a130162cce3a7076fdfbf1011.tar.gz
openbsd-5a2cd654e09ed69a130162cce3a7076fdfbf1011.tar.bz2
openbsd-5a2cd654e09ed69a130162cce3a7076fdfbf1011.zip
1 files changed, 12 insertions, 22 deletions
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 0febcff3a1..84370f6789 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_enc.c,v 1.44 2014/06/13 14:38:13 jsing Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.45 2014/06/13 14:58:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -224,7 +224,6 @@ ssl3_change_cipher_state(SSL *s, int which)
        const EVP_MD *mac;
        int is_export, n, i, j, k, cl;
        char is_read;
-        int reuse_dd = 0;
 #ifndef OPENSSL_NO_COMP
        const SSL_COMP *comp;
@@ -233,7 +232,8 @@ ssl3_change_cipher_state(SSL *s, int which)
        is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
        cipher = s->s3->tmp.new_sym_enc;
        mac = s->s3->tmp.new_hash;
-        /* m == NULL will lead to a crash later */
+        /* mac == NULL will lead to a crash later */
        OPENSSL_assert(mac);
        /*
@@ -280,15 +280,11 @@ ssl3_change_cipher_state(SSL *s, int which)
 #endif
        if (is_read) {
-                if (s->enc_read_ctx != NULL)
+                EVP_CIPHER_CTX_free(s->enc_read_ctx);
-                        reuse_dd = 1;
+                s->enc_read_ctx = NULL;
-                else if ((s->enc_read_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+                if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
                        goto err;
-                else {
+                s->enc_read_ctx = cipher_ctx;
-                        /* make sure it's intialized in case we exit later with an error */
-                        EVP_CIPHER_CTX_init(s->enc_read_ctx);
-                }
-                cipher_ctx = s->enc_read_ctx;
                if (ssl_replace_hash(&s->read_hash, mac) == NULL)
                        goto err;
@@ -296,15 +292,12 @@ ssl3_change_cipher_state(SSL *s, int which)
                memset(s->s3->read_sequence, 0, SSL3_SEQUENCE_SIZE);
                mac_secret = &(s->s3->read_mac_secret[0]);
        } else {
-                if (s->enc_write_ctx != NULL)
+                EVP_CIPHER_CTX_free(s->enc_write_ctx);
-                        reuse_dd = 1;
+                s->enc_write_ctx = NULL;
-                else if ((s->enc_write_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+                if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
                        goto err;
-                else {
+                s->enc_write_ctx = cipher_ctx;
-                        /* make sure it's intialized in case we exit later with an error */
-                        EVP_CIPHER_CTX_init(s->enc_write_ctx);
-                }
-                cipher_ctx = s->enc_write_ctx;
                if (ssl_replace_hash(&s->write_hash, mac) == NULL)
                        goto err;
@@ -312,9 +305,6 @@ ssl3_change_cipher_state(SSL *s, int which)
                mac_secret = &(s->s3->write_mac_secret[0]);
        }
-        if (reuse_dd)
-                EVP_CIPHER_CTX_cleanup(cipher_ctx);
        p = s->s3->tmp.key_block;
        i = EVP_MD_size(mac);
        if (i < 0)
author	jsing <>	2014-06-13 14:58:05 +0000
committer	jsing <>	2014-06-13 14:58:05 +0000
commit	5a2cd654e09ed69a130162cce3a7076fdfbf1011 (patch)
tree	4c4d39b026966ee75cf692c5def87853e69fdb56 /src
parent	8a392e36364ed100812ad02b1ab9ff0706b4f9f3 (diff)
download	openbsd-5a2cd654e09ed69a130162cce3a7076fdfbf1011.tar.gz openbsd-5a2cd654e09ed69a130162cce3a7076fdfbf1011.tar.bz2 openbsd-5a2cd654e09ed69a130162cce3a7076fdfbf1011.zip

diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 0febcff3a1..84370f6789 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_enc.c,v 1.44 2014/06/13 14:38:13 jsing Exp $ */	1	/* $OpenBSD: s3_enc.c,v 1.45 2014/06/13 14:58:05 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -224,7 +224,6 @@ ssl3_change_cipher_state(SSL *s, int which)
224	const EVP_MD *mac;	224	const EVP_MD *mac;
225	int is_export, n, i, j, k, cl;	225	int is_export, n, i, j, k, cl;
226	char is_read;	226	char is_read;
227	int reuse_dd = 0;
228		227
229	#ifndef OPENSSL_NO_COMP	228	#ifndef OPENSSL_NO_COMP
230	const SSL_COMP *comp;	229	const SSL_COMP *comp;
@@ -233,7 +232,8 @@ ssl3_change_cipher_state(SSL *s, int which)
233	is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);	232	is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
234	cipher = s->s3->tmp.new_sym_enc;	233	cipher = s->s3->tmp.new_sym_enc;
235	mac = s->s3->tmp.new_hash;	234	mac = s->s3->tmp.new_hash;
236	/* m == NULL will lead to a crash later */	235
		236	/* mac == NULL will lead to a crash later */
237	OPENSSL_assert(mac);	237	OPENSSL_assert(mac);
238		238
239	/*	239	/*
@@ -280,15 +280,11 @@ ssl3_change_cipher_state(SSL *s, int which)
280	#endif	280	#endif
281		281
282	if (is_read) {	282	if (is_read) {
283	if (s->enc_read_ctx != NULL)	283	EVP_CIPHER_CTX_free(s->enc_read_ctx);
284	reuse_dd = 1;	284	s->enc_read_ctx = NULL;
285	else if ((s->enc_read_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL)	285	if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
286	goto err;	286	goto err;
287	else {	287	s->enc_read_ctx = cipher_ctx;
288	/* make sure it's intialized in case we exit later with an error */
289	EVP_CIPHER_CTX_init(s->enc_read_ctx);
290	}
291	cipher_ctx = s->enc_read_ctx;
292		288
293	if (ssl_replace_hash(&s->read_hash, mac) == NULL)	289	if (ssl_replace_hash(&s->read_hash, mac) == NULL)
294	goto err;	290	goto err;
@@ -296,15 +292,12 @@ ssl3_change_cipher_state(SSL *s, int which)
296	memset(s->s3->read_sequence, 0, SSL3_SEQUENCE_SIZE);	292	memset(s->s3->read_sequence, 0, SSL3_SEQUENCE_SIZE);
297	mac_secret = &(s->s3->read_mac_secret[0]);	293	mac_secret = &(s->s3->read_mac_secret[0]);
298	} else {	294	} else {
299	if (s->enc_write_ctx != NULL)	295	EVP_CIPHER_CTX_free(s->enc_write_ctx);
300	reuse_dd = 1;	296	s->enc_write_ctx = NULL;
301	else if ((s->enc_write_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL)	297	if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
302	goto err;	298	goto err;
303	else {	299	s->enc_write_ctx = cipher_ctx;
304	/* make sure it's intialized in case we exit later with an error */	300
305	EVP_CIPHER_CTX_init(s->enc_write_ctx);
306	}
307	cipher_ctx = s->enc_write_ctx;
308	if (ssl_replace_hash(&s->write_hash, mac) == NULL)	301	if (ssl_replace_hash(&s->write_hash, mac) == NULL)
309	goto err;	302	goto err;
310		303
@@ -312,9 +305,6 @@ ssl3_change_cipher_state(SSL *s, int which)
312	mac_secret = &(s->s3->write_mac_secret[0]);	305	mac_secret = &(s->s3->write_mac_secret[0]);
313	}	306	}
314		307
315	if (reuse_dd)
316	EVP_CIPHER_CTX_cleanup(cipher_ctx);
317
318	p = s->s3->tmp.key_block;	308	p = s->s3->tmp.key_block;
319	i = EVP_MD_size(mac);	309	i = EVP_MD_size(mac);
320	if (i < 0)	310	if (i < 0)