diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 458b233d860d956ab115cd12fbc82d6128d8438c..77d7d878e381cf48dce1af3752ecbc3231d897f1 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1679,18 +1679,13 @@ int ssl3_send_server_key_exchange(SSL *s) j=0; for (num=2; num > 0; num--) { - if (!EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1, NULL) - || !EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE) - || !EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE) - || !EVP_DigestUpdate(&md_ctx,&(d[4]),n) - || !EVP_DigestFinal_ex(&md_ctx,q, - (unsigned int *)&i)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB); - goto err; - } - + EVP_DigestInit_ex(&md_ctx,(num == 2) + ?s->ctx->md5:s->ctx->sha1, NULL); + EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); + EVP_DigestUpdate(&md_ctx,&(d[4]),n); + EVP_DigestFinal_ex(&md_ctx,q, + (unsigned int *)&i); q+=i; j+=i; } @@ -1709,14 +1704,14 @@ int ssl3_send_server_key_exchange(SSL *s) if (pkey->type == EVP_PKEY_DSA) { /* lets do DSS */ - if (!EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL) - || !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE) - || !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE) - || !EVP_SignUpdate(&md_ctx,&(d[4]),n) - || !EVP_SignFinal(&md_ctx,&(p[2]), + EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL); + EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); + EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); + EVP_SignUpdate(&md_ctx,&(d[4]),n); + if (!EVP_SignFinal(&md_ctx,&(p[2]), (unsigned int *)&i,pkey)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA); goto err; } s2n(i,p); @@ -1728,14 +1723,14 @@ int ssl3_send_server_key_exchange(SSL *s) if (pkey->type == EVP_PKEY_EC) { /* let's do ECDSA */ - if (!EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL) - || !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE) - || !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE) - || !EVP_SignUpdate(&md_ctx,&(d[4]),n) - || !EVP_SignFinal(&md_ctx,&(p[2]), - (unsigned int *)&i,pkey)) + EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); + EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); + EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); + EVP_SignUpdate(&md_ctx,&(d[4]),n); + if (!EVP_SignFinal(&md_ctx,&(p[2]), + (unsigned int *)&i,pkey)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA); goto err; } s2n(i,p); @@ -2974,7 +2969,7 @@ int ssl3_send_newsession_ticket(SSL *s) if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { unsigned char *p, *senc, *macstart; - int len, slen, rv = 0; + int len, slen; unsigned int hlen; EVP_CIPHER_CTX ctx; HMAC_CTX hctx; @@ -3029,21 +3024,11 @@ int ssl3_send_newsession_ticket(SSL *s) else { RAND_pseudo_bytes(iv, 16); -<<<<<<< s3_srvr.c - if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - s->ctx->tlsext_tick_aes_key, iv)) - goto evp_err; - if (!HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, - 16, tlsext_tick_md(), NULL)) - goto evp_err; - memcpy(key_name, s->ctx->tlsext_tick_key_name, 16); -======= EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, iv); HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(), NULL); memcpy(key_name, tctx->tlsext_tick_key_name, 16); ->>>>>>> 1.180 } l2n(s->session->tlsext_tick_lifetime_hint, p); /* Skip ticket length for now */ @@ -3056,26 +3041,15 @@ int ssl3_send_newsession_ticket(SSL *s) memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); p += EVP_CIPHER_CTX_iv_length(&ctx); /* Encrypt session data */ - if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen)) - goto evp_err; + EVP_EncryptUpdate(&ctx, p, &len, senc, slen); p += len; - if (!EVP_EncryptFinal(&ctx, p, &len)) - goto evp_err; + EVP_EncryptFinal(&ctx, p, &len); p += len; - - if (!HMAC_Update(&hctx, macstart, p - macstart)) - goto evp_err; - - if (!HMAC_Final(&hctx, p, &hlen)) - goto evp_err; - - rv = 1; - - evp_err: EVP_CIPHER_CTX_cleanup(&ctx); + + HMAC_Update(&hctx, macstart, p - macstart); + HMAC_Final(&hctx, p, &hlen); HMAC_CTX_cleanup(&hctx); - if (!rv) - return -1; p += hlen; /* Now write out lengths: p points to end of data written */