From 5a2cd654e09ed69a130162cce3a7076fdfbf1011 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 13 Jun 2014 14:58:05 +0000
Subject: Do not bother trying to work out of we can reuse a cipher context -
 just throw it away and create a new one. This simplifies the code and also
 allows ASR to do its thing.

---
 src/lib/libssl/src/ssl/s3_enc.c | 34 ++++++++++++----------------------
 1 file changed, 12 insertions(+), 22 deletions(-)

diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 0febcff3a1..84370f6789 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_enc.c,v 1.44 2014/06/13 14:38:13 jsing Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.45 2014/06/13 14:58:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -224,7 +224,6 @@ ssl3_change_cipher_state(SSL *s, int which)
 	const EVP_MD *mac;
 	int is_export, n, i, j, k, cl;
 	char is_read;
-	int reuse_dd = 0;
 
 #ifndef OPENSSL_NO_COMP
 	const SSL_COMP *comp;
@@ -233,7 +232,8 @@ ssl3_change_cipher_state(SSL *s, int which)
 	is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
 	cipher = s->s3->tmp.new_sym_enc;
 	mac = s->s3->tmp.new_hash;
-	/* m == NULL will lead to a crash later */
+
+	/* mac == NULL will lead to a crash later */
 	OPENSSL_assert(mac);
 
 	/*
@@ -280,15 +280,11 @@ ssl3_change_cipher_state(SSL *s, int which)
 #endif
 
 	if (is_read) {
-		if (s->enc_read_ctx != NULL)
-			reuse_dd = 1;
-		else if ((s->enc_read_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+		EVP_CIPHER_CTX_free(s->enc_read_ctx);
+		s->enc_read_ctx = NULL;
+		if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
 			goto err;
-		else {
-			/* make sure it's intialized in case we exit later with an error */
-			EVP_CIPHER_CTX_init(s->enc_read_ctx);
-		}
-		cipher_ctx = s->enc_read_ctx;
+		s->enc_read_ctx = cipher_ctx;
 
 		if (ssl_replace_hash(&s->read_hash, mac) == NULL)
 			goto err;
@@ -296,15 +292,12 @@ ssl3_change_cipher_state(SSL *s, int which)
 		memset(s->s3->read_sequence, 0, SSL3_SEQUENCE_SIZE);
 		mac_secret = &(s->s3->read_mac_secret[0]);
 	} else {
-		if (s->enc_write_ctx != NULL)
-			reuse_dd = 1;
-		else if ((s->enc_write_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+		EVP_CIPHER_CTX_free(s->enc_write_ctx);
+		s->enc_write_ctx = NULL;
+		if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
 			goto err;
-		else {
-			/* make sure it's intialized in case we exit later with an error */
-			EVP_CIPHER_CTX_init(s->enc_write_ctx);
-		}
-		cipher_ctx = s->enc_write_ctx;
+		s->enc_write_ctx = cipher_ctx;
+
 		if (ssl_replace_hash(&s->write_hash, mac) == NULL)
 			goto err;
 
@@ -312,9 +305,6 @@ ssl3_change_cipher_state(SSL *s, int which)
 		mac_secret = &(s->s3->write_mac_secret[0]);
 	}
 
-	if (reuse_dd)
-		EVP_CIPHER_CTX_cleanup(cipher_ctx);
-
 	p = s->s3->tmp.key_block;
 	i = EVP_MD_size(mac);
 	if (i < 0)
-- 
cgit v1.2.3-55-g6feb