[Pkg-openssl-changes] r199 - in openssl/trunk: . crypto/asn1
crypto/dh crypto/dsa crypto/ec crypto/md2 crypto/md4
crypto/md5 crypto/rand crypto/ripemd crypto/rsa crypto/sha
crypto/x509v3 debian ssl
Kurt Roeckx
kroeckx at alioth.debian.org
Fri Feb 23 20:43:28 CET 2007
Author: kroeckx
Date: 2007-02-23 20:43:27 +0100 (Fri, 23 Feb 2007)
New Revision: 199
Modified:
openssl/trunk/Configure
openssl/trunk/config
openssl/trunk/crypto/asn1/tasn_dec.c
openssl/trunk/crypto/dh/dh_err.c
openssl/trunk/crypto/dsa/dsa_err.c
openssl/trunk/crypto/ec/ec_asn1.c
openssl/trunk/crypto/ec/ec_err.c
openssl/trunk/crypto/md2/md2.h
openssl/trunk/crypto/md4/md4.h
openssl/trunk/crypto/md5/md5.h
openssl/trunk/crypto/rand/md_rand.c
openssl/trunk/crypto/ripemd/ripemd.h
openssl/trunk/crypto/rsa/rsa.h
openssl/trunk/crypto/rsa/rsa_eay.c
openssl/trunk/crypto/rsa/rsa_err.c
openssl/trunk/crypto/sha/sha.h
openssl/trunk/crypto/x509v3/pcy_tree.c
openssl/trunk/debian/changelog
openssl/trunk/ssl/s3_srvr.c
openssl/trunk/ssl/ssl_lib.c
openssl/trunk/ssl/t1_enc.c
Log:
New upstream release.
Modified: openssl/trunk/Configure
===================================================================
--- openssl/trunk/Configure 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/Configure 2007-02-23 19:43:27 UTC (rev 199)
@@ -609,6 +609,7 @@
my $no_shared=0; # but "no-shared" is default
my $zlib=1; # but "no-zlib" is default
my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
+my $no_rfc3779=1; # but "no-rfc3779" is default
my $no_asm=0;
my $no_dso=0;
my $no_gmp=0;
@@ -645,6 +646,7 @@
"gmp" => "default",
"mdc2" => "default",
"rc5" => "default",
+ "rfc3779" => "default",
"shared" => "default",
"zlib" => "default",
"zlib-dynamic" => "default"
@@ -655,7 +657,7 @@
# For symmetry, "disable-..." is a synonym for "no-...".
# This is what $depflags will look like with the above default:
-my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 ";
+my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 ";
my $no_sse2=0;
Modified: openssl/trunk/config
===================================================================
--- openssl/trunk/config 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/config 2007-02-23 19:43:27 UTC (rev 199)
@@ -527,9 +527,9 @@
esac
if [ "$CC" = "gcc" ]; then
case ${ISA:-generic} in
- EV5|EV45) options="$options -mcpu=ev5";;
- EV56|PCA56) options="$options -mcpu=ev56";;
- *) options="$options -mcpu=ev6";;
+ EV5|EV45) options="$options -march=ev5";;
+ EV56|PCA56) options="$options -march=ev56";;
+ *) options="$options -march=ev6";;
esac
fi
;;
@@ -585,18 +585,21 @@
OUT="linux-generic32" ;;
arm*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
arm*l-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
+ sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
+ sh*-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
+ m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
s390*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;;
x86_64-*-linux?) OUT="linux-x86_64" ;;
*86-*-linux2) OUT="linux-elf"
if [ "$GCCVER" -gt 28 ]; then
if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then
- options="$options -mcpu=pentium"
+ options="$options -march=pentium"
fi
if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then
- options="$options -mcpu=pentiumpro"
+ options="$options -march=pentiumpro"
fi
if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then
- options="$options -mcpu=k6"
+ options="$options -march=k6"
fi
fi ;;
*-*-linux1) OUT="linux-aout" ;;
@@ -774,7 +777,7 @@
# options="$options -DATALLA"
#fi
-# gcc < 2.8 does not support -mcpu=ultrasparc
+# gcc < 2.8 does not support -march=ultrasparc
if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
then
echo "WARNING! Falling down to 'solaris-sparcv8-gcc'."
Modified: openssl/trunk/crypto/asn1/tasn_dec.c
===================================================================
--- openssl/trunk/crypto/asn1/tasn_dec.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/asn1/tasn_dec.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -93,7 +93,7 @@
int tag, int aclass, char opt, ASN1_TLC *ctx);
/* Table to convert tags to bit values, used for MSTRING type */
-static unsigned long tag2bit[32] = {
+static const unsigned long tag2bit[32] = {
0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */
B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */
B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */
@@ -832,9 +832,7 @@
}
else if (ret == -1)
return -1;
-
- ret = 0;
-
+ ret = 0;
/* SEQUENCE, SET and "OTHER" are left in encoded form */
if ((utype == V_ASN1_SEQUENCE)
|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
Modified: openssl/trunk/crypto/dh/dh_err.c
===================================================================
--- openssl/trunk/crypto/dh/dh_err.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/dh/dh_err.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -93,15 +93,12 @@
void ERR_load_DH_strings(void)
{
- static int init=1;
+#ifndef OPENSSL_NO_ERR
- if (init)
+ if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
{
- init=0;
-#ifndef OPENSSL_NO_ERR
ERR_load_strings(0,DH_str_functs);
ERR_load_strings(0,DH_str_reasons);
-#endif
-
}
+#endif
}
Modified: openssl/trunk/crypto/dsa/dsa_err.c
===================================================================
--- openssl/trunk/crypto/dsa/dsa_err.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/dsa/dsa_err.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -100,15 +100,12 @@
void ERR_load_DSA_strings(void)
{
- static int init=1;
+#ifndef OPENSSL_NO_ERR
- if (init)
+ if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
{
- init=0;
-#ifndef OPENSSL_NO_ERR
ERR_load_strings(0,DSA_str_functs);
ERR_load_strings(0,DSA_str_reasons);
-#endif
-
}
+#endif
}
Modified: openssl/trunk/crypto/ec/ec_asn1.c
===================================================================
--- openssl/trunk/crypto/ec/ec_asn1.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/ec/ec_asn1.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -529,6 +529,8 @@
ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
goto err;
}
+ curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+ curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
(int)group->seed_len))
{
@@ -1291,6 +1293,8 @@
goto err;
}
+ priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+ priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer,
buf_len))
{
Modified: openssl/trunk/crypto/ec/ec_err.c
===================================================================
--- openssl/trunk/crypto/ec/ec_err.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/ec/ec_err.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -227,15 +227,12 @@
void ERR_load_EC_strings(void)
{
- static int init=1;
+#ifndef OPENSSL_NO_ERR
- if (init)
+ if (ERR_func_error_string(EC_str_functs[0].error) == NULL)
{
- init=0;
-#ifndef OPENSSL_NO_ERR
ERR_load_strings(0,EC_str_functs);
ERR_load_strings(0,EC_str_reasons);
-#endif
-
}
+#endif
}
Modified: openssl/trunk/crypto/md2/md2.h
===================================================================
--- openssl/trunk/crypto/md2/md2.h 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/md2/md2.h 2007-02-23 19:43:27 UTC (rev 199)
@@ -59,11 +59,11 @@
#ifndef HEADER_MD2_H
#define HEADER_MD2_H
-#include <stddef.h>
#include <openssl/opensslconf.h> /* OPENSSL_NO_MD2, MD2_INT */
#ifdef OPENSSL_NO_MD2
#error MD2 is disabled.
#endif
+#include <stddef.h>
#define MD2_DIGEST_LENGTH 16
#define MD2_BLOCK 16
Modified: openssl/trunk/crypto/md4/md4.h
===================================================================
--- openssl/trunk/crypto/md4/md4.h 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/md4/md4.h 2007-02-23 19:43:27 UTC (rev 199)
@@ -59,8 +59,8 @@
#ifndef HEADER_MD4_H
#define HEADER_MD4_H
+#include <openssl/e_os2.h>
#include <stddef.h>
-#include <openssl/e_os2.h>
#ifdef __cplusplus
extern "C" {
Modified: openssl/trunk/crypto/md5/md5.h
===================================================================
--- openssl/trunk/crypto/md5/md5.h 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/md5/md5.h 2007-02-23 19:43:27 UTC (rev 199)
@@ -59,8 +59,8 @@
#ifndef HEADER_MD5_H
#define HEADER_MD5_H
+#include <openssl/e_os2.h>
#include <stddef.h>
-#include <openssl/e_os2.h>
#ifdef __cplusplus
extern "C" {
Modified: openssl/trunk/crypto/rand/md_rand.c
===================================================================
--- openssl/trunk/crypto/rand/md_rand.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/rand/md_rand.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -152,7 +152,7 @@
int rand_predictable=0;
#endif
-const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
+const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
static void ssleay_rand_cleanup(void);
static void ssleay_rand_seed(const void *buf, int num);
Modified: openssl/trunk/crypto/ripemd/ripemd.h
===================================================================
--- openssl/trunk/crypto/ripemd/ripemd.h 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/ripemd/ripemd.h 2007-02-23 19:43:27 UTC (rev 199)
@@ -59,8 +59,8 @@
#ifndef HEADER_RIPEMD_H
#define HEADER_RIPEMD_H
+#include <openssl/e_os2.h>
#include <stddef.h>
-#include <openssl/e_os2.h>
#ifdef __cplusplus
extern "C" {
Modified: openssl/trunk/crypto/rsa/rsa.h
===================================================================
--- openssl/trunk/crypto/rsa/rsa.h 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/rsa/rsa.h 2007-02-23 19:43:27 UTC (rev 199)
@@ -167,7 +167,7 @@
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
#endif
#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
-# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "small" modulus only */
+# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
#endif
#define RSA_3 0x3L
@@ -424,7 +424,6 @@
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
#define RSA_R_PADDING_CHECK_FAILED 114
-#define RSA_R_PKCS1_PADDING_TOO_SHORT 105
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
Modified: openssl/trunk/crypto/rsa/rsa_eay.c
===================================================================
--- openssl/trunk/crypto/rsa/rsa_eay.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/rsa/rsa_eay.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -684,15 +684,6 @@
{
case RSA_PKCS1_PADDING:
r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
- /* Generally signatures should be at least 2/3 padding, though
- this isn't possible for really short keys and some standard
- signature schemes, so don't check if the unpadded data is
- small. */
- if(r > 42 && 3*8*r >= BN_num_bits(rsa->n))
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PKCS1_PADDING_TOO_SHORT);
- goto err;
- }
break;
case RSA_X931_PADDING:
r=RSA_padding_check_X931(to,num,buf,i,num);
Modified: openssl/trunk/crypto/rsa/rsa_err.c
===================================================================
--- openssl/trunk/crypto/rsa/rsa_err.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/rsa/rsa_err.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -100,7 +100,7 @@
{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
-{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_PRINT_FP"},
+{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
@@ -143,7 +143,6 @@
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
-{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"},
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
@@ -161,15 +160,12 @@
void ERR_load_RSA_strings(void)
{
- static int init=1;
+#ifndef OPENSSL_NO_ERR
- if (init)
+ if (ERR_func_error_string(RSA_str_functs[0].error) == NULL)
{
- init=0;
-#ifndef OPENSSL_NO_ERR
ERR_load_strings(0,RSA_str_functs);
ERR_load_strings(0,RSA_str_reasons);
-#endif
-
}
+#endif
}
Modified: openssl/trunk/crypto/sha/sha.h
===================================================================
--- openssl/trunk/crypto/sha/sha.h 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/sha/sha.h 2007-02-23 19:43:27 UTC (rev 199)
@@ -61,6 +61,7 @@
#include <stddef.h>
#include <openssl/e_os2.h>
+#include <stddef.h>
#ifdef __cplusplus
extern "C" {
Modified: openssl/trunk/crypto/x509v3/pcy_tree.c
===================================================================
--- openssl/trunk/crypto/x509v3/pcy_tree.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/crypto/x509v3/pcy_tree.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -628,6 +628,16 @@
/* Tree OK: continue */
case 1:
+ if (!tree)
+ /*
+ * tree_init() returns success and a null tree
+ * if it's just looking at a trust anchor.
+ * I'm not sure that returning success here is
+ * correct, but I'm sure that reporting this
+ * as an internal error which our caller
+ * interprets as a malloc failure is wrong.
+ */
+ return 1;
break;
}
Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/debian/changelog 2007-02-23 19:43:27 UTC (rev 199)
@@ -1,3 +1,13 @@
+openssl (0.9.8e-1) unstable; urgency=low
+
+ * New upstream release
+ - Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
+ CVE-2006-3738, CVE-2006-4343
+ - s_client now properly works with SMTP. Also added support
+ for IMAP. (closes: #221689)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 23 Feb 2007 18:56:15 +0000
+
openssl (0.9.8c-4) unstable; urgency=low
* Add German debconf translation. Thanks to
Modified: openssl/trunk/ssl/s3_srvr.c
===================================================================
--- openssl/trunk/ssl/s3_srvr.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/ssl/s3_srvr.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -300,8 +300,9 @@
case SSL3_ST_SW_CERT_A:
case SSL3_ST_SW_CERT_B:
- /* Check if it is anon DH or anon ECDH */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
+ /* Check if it is anon DH or anon ECDH or KRB5 */
+ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
+ && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
{
ret=ssl3_send_server_certificate(s);
if (ret <= 0) goto end;
@@ -679,9 +680,9 @@
*/
if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
{
- s->first_packet=1;
s->state=SSL3_ST_SR_CLNT_HELLO_B;
}
+ s->first_packet=1;
n=s->method->ssl_get_message(s,
SSL3_ST_SR_CLNT_HELLO_B,
SSL3_ST_SR_CLNT_HELLO_C,
@@ -690,6 +691,7 @@
&ok);
if (!ok) return((int)n);
+ s->first_packet=0;
d=p=(unsigned char *)s->init_msg;
/* use version from inside client hello, not from record header
@@ -1995,6 +1997,25 @@
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
+ if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
+ {
+ /* The premaster secret must contain the same version number as the
+ * ClientHello to detect version rollback attacks (strangely, the
+ * protocol does not offer such protection for DH ciphersuites).
+ * However, buggy clients exist that send random bytes instead of
+ * the protocol version.
+ * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
+ * (Perhaps we should have a separate BUG value for the Kerberos cipher)
+ */
+ if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
+ (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_AD_DECODE_ERROR);
+ goto err;
+ }
+ }
+
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
s->session->master_key_length=
@@ -2042,7 +2063,7 @@
if (l & SSL_kECDH)
{
/* use the certificate */
- tkey = s->cert->key->privatekey->pkey.ec;
+ tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
}
else
{
Modified: openssl/trunk/ssl/ssl_lib.c
===================================================================
--- openssl/trunk/ssl/ssl_lib.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/ssl/ssl_lib.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -2416,14 +2416,14 @@
#endif
void SSL_set_info_callback(SSL *ssl,
- void (*cb)(const SSL *ssl,int type,int val))
+ void (*cb)(const SSL *ssl,int type,int val))
{
ssl->info_callback=cb;
}
/* One compiler (Diab DCC) doesn't like argument names in returned
function pointer. */
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
+void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
{
return ssl->info_callback;
}
Modified: openssl/trunk/ssl/t1_enc.c
===================================================================
--- openssl/trunk/ssl/t1_enc.c 2007-02-23 18:55:53 UTC (rev 198)
+++ openssl/trunk/ssl/t1_enc.c 2007-02-23 19:43:27 UTC (rev 199)
@@ -267,6 +267,9 @@
reuse_dd = 1;
else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
goto err;
+ else
+ /* make sure it's intialized in case we exit later with an error */
+ EVP_CIPHER_CTX_init(s->enc_read_ctx);
dd= s->enc_read_ctx;
s->read_hash=m;
#ifndef OPENSSL_NO_COMP
@@ -301,10 +304,9 @@
reuse_dd = 1;
else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
goto err;
- if ((s->enc_write_ctx == NULL) &&
- ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
+ else
+ /* make sure it's intialized in case we exit later with an error */
+ EVP_CIPHER_CTX_init(s->enc_write_ctx);
dd= s->enc_write_ctx;
s->write_hash=m;
#ifndef OPENSSL_NO_COMP
@@ -331,7 +333,6 @@
if (reuse_dd)
EVP_CIPHER_CTX_cleanup(dd);
- EVP_CIPHER_CTX_init(dd);
p=s->s3->tmp.key_block;
i=EVP_MD_size(m);
More information about the Pkg-openssl-changes
mailing list