diff options
| author | jsing <> | 2014-06-07 17:10:47 +0000 |
|---|---|---|
| committer | jsing <> | 2014-06-07 17:10:47 +0000 |
| commit | ffd7d5058a027525ac9aff6c2aa9a572a55182fc (patch) | |
| tree | 220c63494a4d5f911441ae0b67aaea9beaefeefd /src | |
| parent | 9b5c6c052b9c7e0eb25170d3f70d7b06ddb2688b (diff) | |
| download | openbsd-ffd7d5058a027525ac9aff6c2aa9a572a55182fc.tar.gz openbsd-ffd7d5058a027525ac9aff6c2aa9a572a55182fc.tar.bz2 openbsd-ffd7d5058a027525ac9aff6c2aa9a572a55182fc.zip | |
Move the export label initialisation into the export handling code, since
this is the only place where these variables are used.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_enc.c | 17 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 17 |
2 files changed, 22 insertions, 12 deletions
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index ba4d244dc2..3e90b78468 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c | |||
| @@ -465,14 +465,10 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 465 | mac_secret = client_write_mac_secret; | 465 | mac_secret = client_write_mac_secret; |
| 466 | key = client_write_key; | 466 | key = client_write_key; |
| 467 | iv = client_write_iv; | 467 | iv = client_write_iv; |
| 468 | exp_label = TLS_MD_CLIENT_WRITE_KEY_CONST; | ||
| 469 | exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; | ||
| 470 | } else { | 468 | } else { |
| 471 | mac_secret = server_write_mac_secret; | 469 | mac_secret = server_write_mac_secret; |
| 472 | key = server_write_key; | 470 | key = server_write_key; |
| 473 | iv = server_write_iv; | 471 | iv = server_write_iv; |
| 474 | exp_label = TLS_MD_SERVER_WRITE_KEY_CONST; | ||
| 475 | exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; | ||
| 476 | } | 472 | } |
| 477 | 473 | ||
| 478 | if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) { | 474 | if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) { |
| @@ -496,9 +492,18 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 496 | } | 492 | } |
| 497 | 493 | ||
| 498 | if (is_export) { | 494 | if (is_export) { |
| 499 | /* In here I set both the read and write key/iv to the | 495 | /* |
| 500 | * same value since only the correct one will be used :-). | 496 | * Both the read and write key/iv are set to the same value |
| 497 | * since only the correct one will be used :-). | ||
| 501 | */ | 498 | */ |
| 499 | if (use_client_keys) { | ||
| 500 | exp_label = TLS_MD_CLIENT_WRITE_KEY_CONST; | ||
| 501 | exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; | ||
| 502 | } else { | ||
| 503 | exp_label = TLS_MD_SERVER_WRITE_KEY_CONST; | ||
| 504 | exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; | ||
| 505 | } | ||
| 506 | |||
| 502 | if (!tls1_PRF(ssl_get_algorithm2(s), | 507 | if (!tls1_PRF(ssl_get_algorithm2(s), |
| 503 | exp_label, exp_label_len, | 508 | exp_label, exp_label_len, |
| 504 | s->s3->client_random, SSL3_RANDOM_SIZE, | 509 | s->s3->client_random, SSL3_RANDOM_SIZE, |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index ba4d244dc2..3e90b78468 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -465,14 +465,10 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 465 | mac_secret = client_write_mac_secret; | 465 | mac_secret = client_write_mac_secret; |
| 466 | key = client_write_key; | 466 | key = client_write_key; |
| 467 | iv = client_write_iv; | 467 | iv = client_write_iv; |
| 468 | exp_label = TLS_MD_CLIENT_WRITE_KEY_CONST; | ||
| 469 | exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; | ||
| 470 | } else { | 468 | } else { |
| 471 | mac_secret = server_write_mac_secret; | 469 | mac_secret = server_write_mac_secret; |
| 472 | key = server_write_key; | 470 | key = server_write_key; |
| 473 | iv = server_write_iv; | 471 | iv = server_write_iv; |
| 474 | exp_label = TLS_MD_SERVER_WRITE_KEY_CONST; | ||
| 475 | exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; | ||
| 476 | } | 472 | } |
| 477 | 473 | ||
| 478 | if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) { | 474 | if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) { |
| @@ -496,9 +492,18 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 496 | } | 492 | } |
| 497 | 493 | ||
| 498 | if (is_export) { | 494 | if (is_export) { |
| 499 | /* In here I set both the read and write key/iv to the | 495 | /* |
| 500 | * same value since only the correct one will be used :-). | 496 | * Both the read and write key/iv are set to the same value |
| 497 | * since only the correct one will be used :-). | ||
| 501 | */ | 498 | */ |
| 499 | if (use_client_keys) { | ||
| 500 | exp_label = TLS_MD_CLIENT_WRITE_KEY_CONST; | ||
| 501 | exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; | ||
| 502 | } else { | ||
| 503 | exp_label = TLS_MD_SERVER_WRITE_KEY_CONST; | ||
| 504 | exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; | ||
| 505 | } | ||
| 506 | |||
| 502 | if (!tls1_PRF(ssl_get_algorithm2(s), | 507 | if (!tls1_PRF(ssl_get_algorithm2(s), |
| 503 | exp_label, exp_label_len, | 508 | exp_label, exp_label_len, |
| 504 | s->s3->client_random, SSL3_RANDOM_SIZE, | 509 | s->s3->client_random, SSL3_RANDOM_SIZE, |