summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_enc.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/t1_enc.c25
1 files changed, 11 insertions, 14 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 0ddb2d09b2..d6324fa831 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.56 2014/06/13 11:52:03 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.57 2014/06/13 12:49:10 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -382,7 +382,6 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
382 const EVP_CIPHER *cipher; 382 const EVP_CIPHER *cipher;
383 EVP_MD_CTX *mac_ctx; 383 EVP_MD_CTX *mac_ctx;
384 const EVP_MD *mac; 384 const EVP_MD *mac;
385 EVP_PKEY *mac_key;
386 int mac_type; 385 int mac_type;
387 int is_export; 386 int is_export;
388 387
@@ -435,15 +434,6 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
435 s->write_hash = mac_ctx; 434 s->write_hash = mac_ctx;
436 } 435 }
437 436
438 if (!(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
439 mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
440 mac_secret, mac_secret_size);
441 if (mac_key == NULL)
442 goto err;
443 EVP_DigestSignInit(mac_ctx, NULL, mac, NULL, mac_key);
444 EVP_PKEY_free(mac_key);
445 }
446
447 if (is_export) { 437 if (is_export) {
448 /* 438 /*
449 * Both the read and write key/iv are set to the same value 439 * Both the read and write key/iv are set to the same value
@@ -488,11 +478,18 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
488 } else 478 } else
489 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read); 479 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read);
490 480
491 /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ 481 if (!(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
492 if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) && 482 EVP_PKEY *mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
493 mac_secret_size) 483 mac_secret, mac_secret_size);
484 if (mac_key == NULL)
485 goto err;
486 EVP_DigestSignInit(mac_ctx, NULL, mac, NULL, mac_key);
487 EVP_PKEY_free(mac_key);
488 } else if (mac_secret_size > 0) {
489 /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
494 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_AEAD_SET_MAC_KEY, 490 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
495 mac_secret_size, (unsigned char *)mac_secret); 491 mac_secret_size, (unsigned char *)mac_secret);
492 }
496 493
497 if (is_export) { 494 if (is_export) {
498 OPENSSL_cleanse(export_tmp1, sizeof(export_tmp1)); 495 OPENSSL_cleanse(export_tmp1, sizeof(export_tmp1));
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-28 20:25:26 +0000