1 files changed, 40 insertions, 38 deletions
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index d0501499a2..38ccc46724 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_enc.c,v 1.41 2014/06/13 12:41:01 jsing Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.42 2014/06/13 14:11:35 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -215,24 +215,25 @@ int
 ssl3_change_cipher_state(SSL *s, int which)
 {
        unsigned char *p, *mac_secret;
-        unsigned char exp_key[EVP_MAX_KEY_LENGTH];
+        unsigned char export_key[EVP_MAX_KEY_LENGTH];
-        unsigned char exp_iv[EVP_MAX_IV_LENGTH];
+        unsigned char export_iv[EVP_MAX_IV_LENGTH];
        unsigned char *ms, *key, *iv, *er1, *er2;
-        EVP_CIPHER_CTX *dd;
+        EVP_CIPHER_CTX *cipher_ctx;
-        const EVP_CIPHER *c;
+        const EVP_CIPHER *cipher;
+        EVP_MD_CTX mac_ctx;
+        const EVP_MD *mac;
 #ifndef OPENSSL_NO_COMP
        COMP_METHOD *comp;
 #endif
-        const EVP_MD *m;
+        int is_export, n, i, j, k, cl;
-        EVP_MD_CTX md;
-        int is_exp, n, i, j, k, cl;
        int reuse_dd = 0;
-        is_exp = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+        is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
-        c = s->s3->tmp.new_sym_enc;
+        cipher = s->s3->tmp.new_sym_enc;
-        m = s->s3->tmp.new_hash;
+        mac = s->s3->tmp.new_hash;
        /* m == NULL will lead to a crash later */
-        OPENSSL_assert(m);
+        OPENSSL_assert(mac);
 #ifndef OPENSSL_NO_COMP
        if (s->s3->tmp.new_compression == NULL)
                comp = NULL;
@@ -249,9 +250,9 @@ ssl3_change_cipher_state(SSL *s, int which)
                        /* make sure it's intialized in case we exit later with an error */
                        EVP_CIPHER_CTX_init(s->enc_read_ctx);
                }
-                dd = s->enc_read_ctx;
+                cipher_ctx = s->enc_read_ctx;
-                if (ssl_replace_hash(&s->read_hash, m) == NULL)
+                if (ssl_replace_hash(&s->read_hash, mac) == NULL)
                        goto err;
 #ifndef OPENSSL_NO_COMP
@@ -283,8 +284,8 @@ ssl3_change_cipher_state(SSL *s, int which)
                        /* make sure it's intialized in case we exit later with an error */
                        EVP_CIPHER_CTX_init(s->enc_write_ctx);
                }
-                dd = s->enc_write_ctx;
+                cipher_ctx = s->enc_write_ctx;
-                if (ssl_replace_hash(&s->write_hash, m) == NULL)
+                if (ssl_replace_hash(&s->write_hash, mac) == NULL)
                        goto err;
 #ifndef OPENSSL_NO_COMP
@@ -306,17 +307,17 @@ ssl3_change_cipher_state(SSL *s, int which)
        }
        if (reuse_dd)
-                EVP_CIPHER_CTX_cleanup(dd);
+                EVP_CIPHER_CTX_cleanup(cipher_ctx);
        p = s->s3->tmp.key_block;
-        i = EVP_MD_size(m);
+        i = EVP_MD_size(mac);
        if (i < 0)
                goto err2;
-        cl = EVP_CIPHER_key_length(c);
+        cl = EVP_CIPHER_key_length(cipher);
-        j = is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+        j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
            cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
        /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
-        k = EVP_CIPHER_iv_length(c);
+        k = EVP_CIPHER_iv_length(cipher);
        if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
            (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
                ms = &(p[0]);
@@ -344,33 +345,34 @@ ssl3_change_cipher_state(SSL *s, int which)
                goto err2;
        }
-        EVP_MD_CTX_init(&md);
+        EVP_MD_CTX_init(&mac_ctx);
        memcpy(mac_secret, ms, i);
-        if (is_exp) {
+        if (is_export) {
                /* In here I set both the read and write key/iv to the
                 * same value since only the correct one will be used :-).
                 */
-                EVP_DigestInit_ex(&md, EVP_md5(), NULL);
+                EVP_DigestInit_ex(&mac_ctx, EVP_md5(), NULL);
-                EVP_DigestUpdate(&md, key, j);
+                EVP_DigestUpdate(&mac_ctx, key, j);
-                EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);
+                EVP_DigestUpdate(&mac_ctx, er1, SSL3_RANDOM_SIZE);
-                EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);
+                EVP_DigestUpdate(&mac_ctx, er2, SSL3_RANDOM_SIZE);
-                EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL);
+                EVP_DigestFinal_ex(&mac_ctx, &(export_key[0]), NULL);
-                key = &(exp_key[0]);
+                key = &(export_key[0]);
                if (k > 0) {
-                        EVP_DigestInit_ex(&md, EVP_md5(), NULL);
+                        EVP_DigestInit_ex(&mac_ctx, EVP_md5(), NULL);
-                        EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);
+                        EVP_DigestUpdate(&mac_ctx, er1, SSL3_RANDOM_SIZE);
-                        EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);
+                        EVP_DigestUpdate(&mac_ctx, er2, SSL3_RANDOM_SIZE);
-                        EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL);
+                        EVP_DigestFinal_ex(&mac_ctx, &(export_iv[0]), NULL);
-                        iv = &(exp_iv[0]);
+                        iv = &(export_iv[0]);
                }
        }
-        EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));
+        EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv,
+            (which & SSL3_CC_WRITE));
-        OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key));
+        OPENSSL_cleanse(&(export_key[0]), sizeof(export_key));
-        OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv));
+        OPENSSL_cleanse(&(export_iv[0]), sizeof(export_iv));
-        EVP_MD_CTX_cleanup(&md);
+        EVP_MD_CTX_cleanup(&mac_ctx);
        return (1);
 err:
        SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);

diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index d0501499a2..38ccc46724 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_enc.c,v 1.41 2014/06/13 12:41:01 jsing Exp $ */	1	/* $OpenBSD: s3_enc.c,v 1.42 2014/06/13 14:11:35 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -215,24 +215,25 @@ int
215	ssl3_change_cipher_state(SSL *s, int which)	215	ssl3_change_cipher_state(SSL *s, int which)
216	{	216	{
217	unsigned char p, mac_secret;	217	unsigned char p, mac_secret;
218	unsigned char exp_key[EVP_MAX_KEY_LENGTH];	218	unsigned char export_key[EVP_MAX_KEY_LENGTH];
219	unsigned char exp_iv[EVP_MAX_IV_LENGTH];	219	unsigned char export_iv[EVP_MAX_IV_LENGTH];
220	unsigned char ms, key, iv, er1, *er2;	220	unsigned char ms, key, iv, er1, *er2;
221	EVP_CIPHER_CTX *dd;	221	EVP_CIPHER_CTX *cipher_ctx;
222	const EVP_CIPHER *c;	222	const EVP_CIPHER *cipher;
		223	EVP_MD_CTX mac_ctx;
		224	const EVP_MD *mac;
223	#ifndef OPENSSL_NO_COMP	225	#ifndef OPENSSL_NO_COMP
224	COMP_METHOD *comp;	226	COMP_METHOD *comp;
225	#endif	227	#endif
226	const EVP_MD *m;	228	int is_export, n, i, j, k, cl;
227	EVP_MD_CTX md;
228	int is_exp, n, i, j, k, cl;
229	int reuse_dd = 0;	229	int reuse_dd = 0;
230		230
231	is_exp = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);	231	is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
232	c = s->s3->tmp.new_sym_enc;	232	cipher = s->s3->tmp.new_sym_enc;
233	m = s->s3->tmp.new_hash;	233	mac = s->s3->tmp.new_hash;
234	/* m == NULL will lead to a crash later */	234	/* m == NULL will lead to a crash later */
235	OPENSSL_assert(m);	235	OPENSSL_assert(mac);
		236
236	#ifndef OPENSSL_NO_COMP	237	#ifndef OPENSSL_NO_COMP
237	if (s->s3->tmp.new_compression == NULL)	238	if (s->s3->tmp.new_compression == NULL)
238	comp = NULL;	239	comp = NULL;
@@ -249,9 +250,9 @@ ssl3_change_cipher_state(SSL *s, int which)
249	/* make sure it's intialized in case we exit later with an error */	250	/* make sure it's intialized in case we exit later with an error */
250	EVP_CIPHER_CTX_init(s->enc_read_ctx);	251	EVP_CIPHER_CTX_init(s->enc_read_ctx);
251	}	252	}
252	dd = s->enc_read_ctx;	253	cipher_ctx = s->enc_read_ctx;
253		254
254	if (ssl_replace_hash(&s->read_hash, m) == NULL)	255	if (ssl_replace_hash(&s->read_hash, mac) == NULL)
255	goto err;	256	goto err;
256		257
257	#ifndef OPENSSL_NO_COMP	258	#ifndef OPENSSL_NO_COMP
@@ -283,8 +284,8 @@ ssl3_change_cipher_state(SSL *s, int which)
283	/* make sure it's intialized in case we exit later with an error */	284	/* make sure it's intialized in case we exit later with an error */
284	EVP_CIPHER_CTX_init(s->enc_write_ctx);	285	EVP_CIPHER_CTX_init(s->enc_write_ctx);
285	}	286	}
286	dd = s->enc_write_ctx;	287	cipher_ctx = s->enc_write_ctx;
287	if (ssl_replace_hash(&s->write_hash, m) == NULL)	288	if (ssl_replace_hash(&s->write_hash, mac) == NULL)
288	goto err;	289	goto err;
289		290
290	#ifndef OPENSSL_NO_COMP	291	#ifndef OPENSSL_NO_COMP
@@ -306,17 +307,17 @@ ssl3_change_cipher_state(SSL *s, int which)
306	}	307	}
307		308
308	if (reuse_dd)	309	if (reuse_dd)
309	EVP_CIPHER_CTX_cleanup(dd);	310	EVP_CIPHER_CTX_cleanup(cipher_ctx);
310		311
311	p = s->s3->tmp.key_block;	312	p = s->s3->tmp.key_block;
312	i = EVP_MD_size(m);	313	i = EVP_MD_size(mac);
313	if (i < 0)	314	if (i < 0)
314	goto err2;	315	goto err2;
315	cl = EVP_CIPHER_key_length(c);	316	cl = EVP_CIPHER_key_length(cipher);
316	j = is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?	317	j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
317	cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;	318	cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
318	/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */	319	/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
319	k = EVP_CIPHER_iv_length(c);	320	k = EVP_CIPHER_iv_length(cipher);
320	if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) \|\|	321	if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) \|\|
321	(which == SSL3_CHANGE_CIPHER_SERVER_READ)) {	322	(which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
322	ms = &(p[0]);	323	ms = &(p[0]);
@@ -344,33 +345,34 @@ ssl3_change_cipher_state(SSL *s, int which)
344	goto err2;	345	goto err2;
345	}	346	}
346		347
347	EVP_MD_CTX_init(&md);	348	EVP_MD_CTX_init(&mac_ctx);
348	memcpy(mac_secret, ms, i);	349	memcpy(mac_secret, ms, i);
349	if (is_exp) {	350	if (is_export) {
350	/* In here I set both the read and write key/iv to the	351	/* In here I set both the read and write key/iv to the
351	* same value since only the correct one will be used :-).	352	* same value since only the correct one will be used :-).
352	*/	353	*/
353	EVP_DigestInit_ex(&md, EVP_md5(), NULL);	354	EVP_DigestInit_ex(&mac_ctx, EVP_md5(), NULL);
354	EVP_DigestUpdate(&md, key, j);	355	EVP_DigestUpdate(&mac_ctx, key, j);
355	EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);	356	EVP_DigestUpdate(&mac_ctx, er1, SSL3_RANDOM_SIZE);
356	EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);	357	EVP_DigestUpdate(&mac_ctx, er2, SSL3_RANDOM_SIZE);
357	EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL);	358	EVP_DigestFinal_ex(&mac_ctx, &(export_key[0]), NULL);
358	key = &(exp_key[0]);	359	key = &(export_key[0]);
359		360
360	if (k > 0) {	361	if (k > 0) {
361	EVP_DigestInit_ex(&md, EVP_md5(), NULL);	362	EVP_DigestInit_ex(&mac_ctx, EVP_md5(), NULL);
362	EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);	363	EVP_DigestUpdate(&mac_ctx, er1, SSL3_RANDOM_SIZE);
363	EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);	364	EVP_DigestUpdate(&mac_ctx, er2, SSL3_RANDOM_SIZE);
364	EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL);	365	EVP_DigestFinal_ex(&mac_ctx, &(export_iv[0]), NULL);
365	iv = &(exp_iv[0]);	366	iv = &(export_iv[0]);
366	}	367	}
367	}	368	}
368		369
369	EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));	370	EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv,
		371	(which & SSL3_CC_WRITE));
370		372
371	OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key));	373	OPENSSL_cleanse(&(export_key[0]), sizeof(export_key));
372	OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv));	374	OPENSSL_cleanse(&(export_iv[0]), sizeof(export_iv));
373	EVP_MD_CTX_cleanup(&md);	375	EVP_MD_CTX_cleanup(&mac_ctx);
374	return (1);	376	return (1);
375	err:	377	err:
376	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);	378	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);