Encryption and Cryptography
 » 
OpenSSL
 » 
OpenSSL - Dev

Re: [CVS] OpenSSL: openssl/ssl/ s3_srvr.c

View: New views
2 Messages — Rating Filter:   Alert me  

Parent Message unknown Re: [CVS] OpenSSL: openssl/ssl/ s3_srvr.c

by Ben Laurie-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Dr. Stephen Henson wrote:

>   OpenSSL CVS Repository
>   http://cvs.openssl.org/
>   ____________________________________________________________________________
>
>   Server: cvs.openssl.org                  Name:   Dr. Stephen Henson
>   Root:   /v/openssl/cvs                   Email:  steve@...
>   Module: openssl                          Date:   07-Nov-2009 23:22:40
>   Branch: HEAD                             Handle: 2009110722224000
>
>   Modified files:
>     openssl/ssl             s3_srvr.c
>
>   Log:
>     Ooops, revert committed conflict.

This seems to revert rather more than just a conflict...

>
>   Summary:
>     Revision    Changes     Path
>     1.182       +26 -52     openssl/ssl/s3_srvr.c
>   ____________________________________________________________________________
>
>   patch -p0 <<'@@ .'
>   Index: openssl/ssl/s3_srvr.c
>   ============================================================================
>   $ cvs diff -u -r1.181 -r1.182 s3_srvr.c
>   --- openssl/ssl/s3_srvr.c 2 Nov 2009 13:38:22 -0000 1.181
>   +++ openssl/ssl/s3_srvr.c 7 Nov 2009 22:22:40 -0000 1.182
>   @@ -1679,18 +1679,13 @@
>     j=0;
>     for (num=2; num > 0; num--)
>     {
>   - if (!EVP_DigestInit_ex(&md_ctx,(num == 2)
>   - ?s->ctx->md5:s->ctx->sha1, NULL)
>   - || !EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
>   - || !EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
>   - || !EVP_DigestUpdate(&md_ctx,&(d[4]),n)
>   - || !EVP_DigestFinal_ex(&md_ctx,q,
>   - (unsigned int *)&i))
>   - {
>   - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
>   - goto err;
>   - }
>   -
>   + EVP_DigestInit_ex(&md_ctx,(num == 2)
>   + ?s->ctx->md5:s->ctx->sha1, NULL);
>   + EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
>   + EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
>   + EVP_DigestUpdate(&md_ctx,&(d[4]),n);
>   + EVP_DigestFinal_ex(&md_ctx,q,
>   + (unsigned int *)&i);
>     q+=i;
>     j+=i;
>     }
>   @@ -1709,14 +1704,14 @@
>     if (pkey->type == EVP_PKEY_DSA)
>     {
>     /* lets do DSS */
>   - if (!EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL)
>   - || !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
>   - || !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
>   - || !EVP_SignUpdate(&md_ctx,&(d[4]),n)
>   - || !EVP_SignFinal(&md_ctx,&(p[2]),
>   + EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
>   + EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
>   + EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
>   + EVP_SignUpdate(&md_ctx,&(d[4]),n);
>   + if (!EVP_SignFinal(&md_ctx,&(p[2]),
>     (unsigned int *)&i,pkey))
>     {
>   - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
>   + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
>     goto err;
>     }
>     s2n(i,p);
>   @@ -1728,14 +1723,14 @@
>     if (pkey->type == EVP_PKEY_EC)
>     {
>     /* let's do ECDSA */
>   - if (!EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL)
>   - || !EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE)
>   - || !EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE)
>   - || !EVP_SignUpdate(&md_ctx,&(d[4]),n)
>   - || !EVP_SignFinal(&md_ctx,&(p[2]),
>   - (unsigned int *)&i,pkey))
>   + EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
>   + EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
>   + EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
>   + EVP_SignUpdate(&md_ctx,&(d[4]),n);
>   + if (!EVP_SignFinal(&md_ctx,&(p[2]),
>   + (unsigned int *)&i,pkey))
>     {
>   - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_EVP_LIB);
>   + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
>     goto err;
>     }
>     s2n(i,p);
>   @@ -2974,7 +2969,7 @@
>     if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
>     {
>     unsigned char *p, *senc, *macstart;
>   - int len, slen, rv = 0;
>   + int len, slen;
>     unsigned int hlen;
>     EVP_CIPHER_CTX ctx;
>     HMAC_CTX hctx;
>   @@ -3029,21 +3024,11 @@
>     else
>     {
>     RAND_pseudo_bytes(iv, 16);
>   -<<<<<<< s3_srvr.c
>   - if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
>   - s->ctx->tlsext_tick_aes_key, iv))
>   - goto evp_err;
>   - if (!HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key,
>   - 16, tlsext_tick_md(), NULL))
>   - goto evp_err;
>   - memcpy(key_name, s->ctx->tlsext_tick_key_name, 16);
>   -=======
>     EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
>     tctx->tlsext_tick_aes_key, iv);
>     HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
>     tlsext_tick_md(), NULL);
>     memcpy(key_name, tctx->tlsext_tick_key_name, 16);
>   ->>>>>>> 1.180
>     }
>     l2n(s->session->tlsext_tick_lifetime_hint, p);
>     /* Skip ticket length for now */
>   @@ -3056,26 +3041,15 @@
>     memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
>     p += EVP_CIPHER_CTX_iv_length(&ctx);
>     /* Encrypt session data */
>   - if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
>   - goto evp_err;
>   + EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
>     p += len;
>   - if (!EVP_EncryptFinal(&ctx, p, &len))
>   - goto evp_err;
>   + EVP_EncryptFinal(&ctx, p, &len);
>     p += len;
>   -
>   - if (!HMAC_Update(&hctx, macstart, p - macstart))
>   - goto evp_err;
>   -
>   - if (!HMAC_Final(&hctx, p, &hlen))
>   - goto evp_err;
>   -
>   - rv = 1;
>   -
>   - evp_err:
>     EVP_CIPHER_CTX_cleanup(&ctx);
>   +
>   + HMAC_Update(&hctx, macstart, p - macstart);
>   + HMAC_Final(&hctx, p, &hlen);
>     HMAC_CTX_cleanup(&hctx);
>   - if (!rv)
>   - return -1;
>    
>     p += hlen;
>     /* Now write out lengths: p points to end of data written */
>   @@ .
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> CVS Repository Commit List                     openssl-cvs@...
> Automated List Manager                           majordomo@...
>
>


--
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@...
Automated List Manager                           majordomo@...

Re: [CVS] OpenSSL: openssl/ssl/ s3_srvr.c

by Dr. Stephen Henson :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

On Sun, Nov 08, 2009, Ben Laurie wrote:

> Dr. Stephen Henson wrote:
> >   OpenSSL CVS Repository
> >   http://cvs.openssl.org/
> >   ____________________________________________________________________________
> >
> >   Server: cvs.openssl.org                  Name:   Dr. Stephen Henson
> >   Root:   /v/openssl/cvs                   Email:  steve@...
> >   Module: openssl                          Date:   07-Nov-2009 23:22:40
> >   Branch: HEAD                             Handle: 2009110722224000
> >
> >   Modified files:
> >     openssl/ssl             s3_srvr.c
> >
> >   Log:
> >     Ooops, revert committed conflict.
>
> This seems to revert rather more than just a conflict...
>

Yes it was "work in progres" which shouldn't have been committed at all in
that form.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@...
Automated List Manager                           majordomo@...
Free embeddable forum powered by Nabble Forum Help