Dr. Stephen Henson wrote:
> OpenSSL CVS Repository
> http://cvs.openssl.org/
> ____________________________________________________________________________
>
> Server: cvs.openssl.org Name: Dr. Stephen Henson
> Root: /v/openssl/cvs Email: [email protected]
> Module: openssl Date: 07-Nov-2009 23:22:40
> Branch: HEAD Handle: 2009110722224000
>
> Modified files:
> openssl/ssl s3_srvr.c
>
> Log:
> Ooops, revert committed conflict.
This seems to revert rather more than just a conflict...
>
> Summary:
> Revision Changes Path
> 1.182 +26 -52 openssl/ssl/s3_srvr.c
> ____________________________________________________________________________
>
> patch -p0 <<'@@ .'
> Index: openssl/ssl/s3_srvr.c
> ============================================================================
> $ cvs diff -u -r1.181 -r1.182 s3_srvr.c
> --- openssl/ssl/s3_srvr.c 2 Nov 2009 13:38:22 -0000 1.181
> +++ openssl/ssl/s3_srvr.c 7 Nov 2009 22:22:40 -0000 1.182
> @@ -1679,18 +1679,13 @@
> j=0;
> for (num=2; num > 0; num--)
> {
> - if (!EVP_DigestInit_ex(&md_ctx,(num ==
> 2)
> - ?s->ctx->md5:s->ctx->sha1, NULL)
> - ||
> !EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
> - ||
> !EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
> - ||
> !EVP_DigestUpdate(&md_ctx,&(d[4]),n)
> - ||
> !EVP_DigestFinal_ex(&md_ctx,q,
> - (unsigned int *)&i))
> - {
> -
> SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
> - goto err;
> - }
> -
> + EVP_DigestInit_ex(&md_ctx,(num == 2)
> + ?s->ctx->md5:s->ctx->sha1,
> NULL);
> +
> EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
> +
> EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
> + EVP_DigestUpdate(&md_ctx,&(d[4]),n);
> + EVP_DigestFinal_ex(&md_ctx,q,
> + (unsigned int *)&i);
> q+=i;
> j+=i;
> }
> @@ -1709,14 +1704,14 @@
> if (pkey->type == EVP_PKEY_DSA)
> {
> /* lets do DSS */
> - if (!EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL)
> - ||
> !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
> - ||
> !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
> - || !EVP_SignUpdate(&md_ctx,&(d[4]),n)
> - || !EVP_SignFinal(&md_ctx,&(p[2]),
> + EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
> +
> EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
> +
> EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
> + EVP_SignUpdate(&md_ctx,&(d[4]),n);
> + if (!EVP_SignFinal(&md_ctx,&(p[2]),
> (unsigned int *)&i,pkey))
> {
> -
> SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
> +
> SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
> goto err;
> }
> s2n(i,p);
> @@ -1728,14 +1723,14 @@
> if (pkey->type == EVP_PKEY_EC)
> {
> /* let's do ECDSA */
> - if (!EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL)
> - ||
> !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
> - ||
> !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
> - || !EVP_SignUpdate(&md_ctx,&(d[4]),n)
> - || !EVP_SignFinal(&md_ctx,&(p[2]),
> - (unsigned int *)&i,pkey))
> + EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
> +
> EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
> +
> EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
> + EVP_SignUpdate(&md_ctx,&(d[4]),n);
> + if (!EVP_SignFinal(&md_ctx,&(p[2]),
> + (unsigned int *)&i,pkey))
> {
> -
> SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
> +
> SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
> goto err;
> }
> s2n(i,p);
> @@ -2974,7 +2969,7 @@
> if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
> {
> unsigned char *p, *senc, *macstart;
> - int len, slen, rv = 0;
> + int len, slen;
> unsigned int hlen;
> EVP_CIPHER_CTX ctx;
> HMAC_CTX hctx;
> @@ -3029,21 +3024,11 @@
> else
> {
> RAND_pseudo_bytes(iv, 16);
> -<<<<<<< s3_srvr.c
> - if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
> - s->ctx->tlsext_tick_aes_key, iv))
> - goto evp_err;
> - if (!HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key,
> - 16, tlsext_tick_md(), NULL))
> - goto evp_err;
> - memcpy(key_name, s->ctx->tlsext_tick_key_name, 16);
> -=======
> EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
> tctx->tlsext_tick_aes_key, iv);
> HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
> tlsext_tick_md(), NULL);
> memcpy(key_name, tctx->tlsext_tick_key_name, 16);
> ->>>>>>> 1.180
> }
> l2n(s->session->tlsext_tick_lifetime_hint, p);
> /* Skip ticket length for now */
> @@ -3056,26 +3041,15 @@
> memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
> p += EVP_CIPHER_CTX_iv_length(&ctx);
> /* Encrypt session data */
> - if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
> - goto evp_err;
> + EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
> p += len;
> - if (!EVP_EncryptFinal(&ctx, p, &len))
> - goto evp_err;
> + EVP_EncryptFinal(&ctx, p, &len);
> p += len;
> -
> - if (!HMAC_Update(&hctx, macstart, p - macstart))
> - goto evp_err;
> -
> - if (!HMAC_Final(&hctx, p, &hlen))
> - goto evp_err;
> -
> - rv = 1;
> -
> - evp_err:
> EVP_CIPHER_CTX_cleanup(&ctx);
> +
> + HMAC_Update(&hctx, macstart, p - macstart);
> + HMAC_Final(&hctx, p, &hlen);
> HMAC_CTX_cleanup(&hctx);
> - if (!rv)
> - return -1;
>
> p += hlen;
> /* Now write out lengths: p points to end of data written */
> @@ .
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> CVS Repository Commit List [email protected]
> Automated List Manager [email protected]
>
>
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
