1 files changed, 19 insertions, 20 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index fe822a98ef..0179ac3061 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.100 2017/03/10 15:03:59 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.101 2017/03/10 15:08:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -288,33 +288,33 @@ tls1_record_sequence_increment(unsigned char *seq)
        }
 }
-/* seed1 through seed5 are virtually concatenated */
+/*
+ * TLS P_hash() data expansion function - see RFC 5246, section 5.
+ */
 static int
 tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
    const void *seed1, int seed1_len, const void *seed2, int seed2_len,
    const void *seed3, int seed3_len, const void *seed4, int seed4_len,
    const void *seed5, int seed5_len, unsigned char *out, int olen)
 {
-        int chunk;
-        size_t j;
-        EVP_MD_CTX ctx, ctx_tmp;
-        EVP_PKEY *mac_key;
        unsigned char A1[EVP_MAX_MD_SIZE];
+        EVP_MD_CTX ctx;
+        EVP_PKEY *mac_key;
        size_t A1_len;
        int ret = 0;
+        int chunk;
+        size_t j;
        chunk = EVP_MD_size(md);
        OPENSSL_assert(chunk >= 0);
        EVP_MD_CTX_init(&ctx);
-        EVP_MD_CTX_init(&ctx_tmp);
        mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
        if (!mac_key)
                goto err;
        if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
                goto err;
-        if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
-                goto err;
        if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
                goto err;
        if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
@@ -329,15 +329,10 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
                goto err;
        for (;;) {
-                /* Reinit mac contexts */
                if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
                        goto err;
-                if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
-                        goto err;
                if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
                        goto err;
-                if (!EVP_DigestSignUpdate(&ctx_tmp, A1, A1_len))
-                        goto err;
                if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
                        goto err;
                if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
@@ -354,24 +349,28 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
                                goto err;
                        out += j;
                        olen -= j;
-                        /* calc the next A1 value */
-                        if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
-                                goto err;
                } else {
-                        /* last one */
                        if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
                                goto err;
                        memcpy(out, A1, olen);
                        break;
                }
+                if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
+                        goto err;
+                if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
+                        goto err;
+                if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
+                        goto err;
        }
        ret = 1;
-err:
+ err:
        EVP_PKEY_free(mac_key);
        EVP_MD_CTX_cleanup(&ctx);
-        EVP_MD_CTX_cleanup(&ctx_tmp);
        explicit_bzero(A1, sizeof(A1));
        return ret;
 }

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index fe822a98ef..0179ac3061 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.100 2017/03/10 15:03:59 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.101 2017/03/10 15:08:49 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -288,33 +288,33 @@ tls1_record_sequence_increment(unsigned char *seq)
288	}	288	}
289	}	289	}
290		290
291	/* seed1 through seed5 are virtually concatenated */	291	/*
		292	* TLS P_hash() data expansion function - see RFC 5246, section 5.
		293	*/
292	static int	294	static int
293	tls1_P_hash(const EVP_MD md, const unsigned char sec, int sec_len,	295	tls1_P_hash(const EVP_MD md, const unsigned char sec, int sec_len,
294	const void seed1, int seed1_len, const void seed2, int seed2_len,	296	const void seed1, int seed1_len, const void seed2, int seed2_len,
295	const void seed3, int seed3_len, const void seed4, int seed4_len,	297	const void seed3, int seed3_len, const void seed4, int seed4_len,
296	const void seed5, int seed5_len, unsigned char out, int olen)	298	const void seed5, int seed5_len, unsigned char out, int olen)
297	{	299	{
298	int chunk;
299	size_t j;
300	EVP_MD_CTX ctx, ctx_tmp;
301	EVP_PKEY *mac_key;
302	unsigned char A1[EVP_MAX_MD_SIZE];	300	unsigned char A1[EVP_MAX_MD_SIZE];
		301	EVP_MD_CTX ctx;
		302	EVP_PKEY *mac_key;
303	size_t A1_len;	303	size_t A1_len;
304	int ret = 0;	304	int ret = 0;
		305	int chunk;
		306	size_t j;
305		307
306	chunk = EVP_MD_size(md);	308	chunk = EVP_MD_size(md);
307	OPENSSL_assert(chunk >= 0);	309	OPENSSL_assert(chunk >= 0);
308		310
309	EVP_MD_CTX_init(&ctx);	311	EVP_MD_CTX_init(&ctx);
310	EVP_MD_CTX_init(&ctx_tmp);	312
311	mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);	313	mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
312	if (!mac_key)	314	if (!mac_key)
313	goto err;	315	goto err;
314	if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))	316	if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
315	goto err;	317	goto err;
316	if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
317	goto err;
318	if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))	318	if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
319	goto err;	319	goto err;
320	if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))	320	if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
@@ -329,15 +329,10 @@ tls1_P_hash(const EVP_MD md, const unsigned char sec, int sec_len,
329	goto err;	329	goto err;
330		330
331	for (;;) {	331	for (;;) {
332	/* Reinit mac contexts */
333	if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))	332	if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
334	goto err;	333	goto err;
335	if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
336	goto err;
337	if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))	334	if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
338	goto err;	335	goto err;
339	if (!EVP_DigestSignUpdate(&ctx_tmp, A1, A1_len))
340	goto err;
341	if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))	336	if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
342	goto err;	337	goto err;
343	if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))	338	if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
@@ -354,24 +349,28 @@ tls1_P_hash(const EVP_MD md, const unsigned char sec, int sec_len,
354	goto err;	349	goto err;
355	out += j;	350	out += j;
356	olen -= j;	351	olen -= j;
357	/* calc the next A1 value */
358	if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
359	goto err;
360	} else {	352	} else {
361	/* last one */
362	if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))	353	if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
363	goto err;	354	goto err;
364	memcpy(out, A1, olen);	355	memcpy(out, A1, olen);
365	break;	356	break;
366	}	357	}
		358
		359	if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
		360	goto err;
		361	if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
		362	goto err;
		363	if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
		364	goto err;
367	}	365	}
368	ret = 1;	366	ret = 1;
369		367
370	err:	368	err:
371	EVP_PKEY_free(mac_key);	369	EVP_PKEY_free(mac_key);
372	EVP_MD_CTX_cleanup(&ctx);	370	EVP_MD_CTX_cleanup(&ctx);
373	EVP_MD_CTX_cleanup(&ctx_tmp);	371
374	explicit_bzero(A1, sizeof(A1));	372	explicit_bzero(A1, sizeof(A1));
		373
375	return ret;	374	return ret;
376	}	375	}
377		376