summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-06-13 14:38:13 +0000
committerjsing <>2014-06-13 14:38:13 +0000
commit8a392e36364ed100812ad02b1ab9ff0706b4f9f3 (patch)
tree5baae3005669fccfa5619ccfc563eee0be559824 /src
parentbf4c677d6d03111cd2f82906993a4f8c16915e8c (diff)
downloadopenbsd-8a392e36364ed100812ad02b1ab9ff0706b4f9f3.tar.gz
openbsd-8a392e36364ed100812ad02b1ab9ff0706b4f9f3.tar.bz2
openbsd-8a392e36364ed100812ad02b1ab9ff0706b4f9f3.zip
Separate the comression handling from the cipher/message digest handling in
ssl3_change_cipher_state().
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c90
1 files changed, 47 insertions, 43 deletions
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 1fdccbb842..0febcff3a1 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_enc.c,v 1.43 2014/06/13 14:15:14 jsing Exp $ */ 1/* $OpenBSD: s3_enc.c,v 1.44 2014/06/13 14:38:13 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -222,26 +222,64 @@ ssl3_change_cipher_state(SSL *s, int which)
222 const EVP_CIPHER *cipher; 222 const EVP_CIPHER *cipher;
223 EVP_MD_CTX mac_ctx; 223 EVP_MD_CTX mac_ctx;
224 const EVP_MD *mac; 224 const EVP_MD *mac;
225#ifndef OPENSSL_NO_COMP
226 COMP_METHOD *comp;
227#endif
228 int is_export, n, i, j, k, cl; 225 int is_export, n, i, j, k, cl;
226 char is_read;
229 int reuse_dd = 0; 227 int reuse_dd = 0;
230 228
229#ifndef OPENSSL_NO_COMP
230 const SSL_COMP *comp;
231#endif
232
231 is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); 233 is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
232 cipher = s->s3->tmp.new_sym_enc; 234 cipher = s->s3->tmp.new_sym_enc;
233 mac = s->s3->tmp.new_hash; 235 mac = s->s3->tmp.new_hash;
234 /* m == NULL will lead to a crash later */ 236 /* m == NULL will lead to a crash later */
235 OPENSSL_assert(mac); 237 OPENSSL_assert(mac);
236 238
239 /*
240 * is_read is true if we have just read a ChangeCipherSpec message,
241 * that is we need to update the read cipherspec. Otherwise we have
242 * just written one.
243 */
244 is_read = (which & SSL3_CC_READ) != 0;
245
237#ifndef OPENSSL_NO_COMP 246#ifndef OPENSSL_NO_COMP
238 if (s->s3->tmp.new_compression == NULL) 247 comp = s->s3->tmp.new_compression;
239 comp = NULL; 248 if (is_read) {
240 else 249 if (s->expand != NULL) {
241 comp = s->s3->tmp.new_compression->method; 250 COMP_CTX_free(s->expand);
251 s->expand = NULL;
252 }
253 if (comp != NULL) {
254 s->expand = COMP_CTX_new(comp->method);
255 if (s->expand == NULL) {
256 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
257 SSL_R_COMPRESSION_LIBRARY_ERROR);
258 goto err2;
259 }
260 if (s->s3->rrec.comp == NULL)
261 s->s3->rrec.comp =
262 malloc(SSL3_RT_MAX_PLAIN_LENGTH);
263 if (s->s3->rrec.comp == NULL)
264 goto err;
265 }
266 } else {
267 if (s->compress != NULL) {
268 COMP_CTX_free(s->compress);
269 s->compress = NULL;
270 }
271 if (comp != NULL) {
272 s->compress = COMP_CTX_new(comp->method);
273 if (s->compress == NULL) {
274 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
275 SSL_R_COMPRESSION_LIBRARY_ERROR);
276 goto err2;
277 }
278 }
279 }
242#endif 280#endif
243 281
244 if (which & SSL3_CC_READ) { 282 if (is_read) {
245 if (s->enc_read_ctx != NULL) 283 if (s->enc_read_ctx != NULL)
246 reuse_dd = 1; 284 reuse_dd = 1;
247 else if ((s->enc_read_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL) 285 else if ((s->enc_read_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
@@ -255,24 +293,6 @@ ssl3_change_cipher_state(SSL *s, int which)
255 if (ssl_replace_hash(&s->read_hash, mac) == NULL) 293 if (ssl_replace_hash(&s->read_hash, mac) == NULL)
256 goto err; 294 goto err;
257 295
258#ifndef OPENSSL_NO_COMP
259 /* COMPRESS */
260 if (s->expand != NULL) {
261 COMP_CTX_free(s->expand);
262 s->expand = NULL;
263 }
264 if (comp != NULL) {
265 s->expand = COMP_CTX_new(comp);
266 if (s->expand == NULL) {
267 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, SSL_R_COMPRESSION_LIBRARY_ERROR);
268 goto err2;
269 }
270 if (s->s3->rrec.comp == NULL)
271 s->s3->rrec.comp = malloc(SSL3_RT_MAX_PLAIN_LENGTH);
272 if (s->s3->rrec.comp == NULL)
273 goto err;
274 }
275#endif
276 memset(s->s3->read_sequence, 0, SSL3_SEQUENCE_SIZE); 296 memset(s->s3->read_sequence, 0, SSL3_SEQUENCE_SIZE);
277 mac_secret = &(s->s3->read_mac_secret[0]); 297 mac_secret = &(s->s3->read_mac_secret[0]);
278 } else { 298 } else {
@@ -288,20 +308,6 @@ ssl3_change_cipher_state(SSL *s, int which)
288 if (ssl_replace_hash(&s->write_hash, mac) == NULL) 308 if (ssl_replace_hash(&s->write_hash, mac) == NULL)
289 goto err; 309 goto err;
290 310
291#ifndef OPENSSL_NO_COMP
292 /* COMPRESS */
293 if (s->compress != NULL) {
294 COMP_CTX_free(s->compress);
295 s->compress = NULL;
296 }
297 if (comp != NULL) {
298 s->compress = COMP_CTX_new(comp);
299 if (s->compress == NULL) {
300 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, SSL_R_COMPRESSION_LIBRARY_ERROR);
301 goto err2;
302 }
303 }
304#endif
305 memset(s->s3->write_sequence, 0, SSL3_SEQUENCE_SIZE); 311 memset(s->s3->write_sequence, 0, SSL3_SEQUENCE_SIZE);
306 mac_secret = &(s->s3->write_mac_secret[0]); 312 mac_secret = &(s->s3->write_mac_secret[0]);
307 } 313 }
@@ -561,8 +567,6 @@ ssl3_free_digest_list(SSL *s)
561 s->s3->handshake_dgst = NULL; 567 s->s3->handshake_dgst = NULL;
562} 568}
563 569
564
565
566void 570void
567ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) 571ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
568{ 572{
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 00:33:45 +0000