Retry callback only after ClientHello received.

[openssl.git] / ssl / s2_enc.c

diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index 18882bf70487f56bf73abff5b6b3a36ccaf849b4..1d0855940776b73a95bb37bd29073f891336c6d0 100644 (file)
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -68,29 +68,31 @@ int ssl2_enc_init(SSL *s, int client)
        const EVP_MD *md;
        int num;
 
-       if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
+       if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL, 0))
                {
                ssl2_return_error(s,SSL2_PE_NO_CIPHER);
                SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
                return(0);
                }
-
-       s->read_hash=md;
-       s->write_hash=md;
+       ssl_replace_hash(&s->read_hash,md);
+       ssl_replace_hash(&s->write_hash,md);
 
        if ((s->enc_read_ctx == NULL) &&
                ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
                OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                goto err;
+
+       /* make sure it's intialized in case the malloc for enc_write_ctx fails
+        * and we exit with an error */
+       rs= s->enc_read_ctx;
+       EVP_CIPHER_CTX_init(rs);
+
        if ((s->enc_write_ctx == NULL) &&
                ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
                OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
                goto err;
 
-       rs= s->enc_read_ctx;
        ws= s->enc_write_ctx;
-
-       EVP_CIPHER_CTX_init(rs);
        EVP_CIPHER_CTX_init(ws);
 
        num=c->key_len;
@@ -173,7 +175,7 @@ void ssl2_mac(SSL *s, unsigned char *md, int send)
 
        /* There has to be a MAC algorithm. */
        EVP_MD_CTX_init(&c);
-       EVP_DigestInit_ex(&c, s->read_hash, NULL);
+       EVP_MD_CTX_copy(&c, s->read_hash);
        EVP_DigestUpdate(&c,sec,
                EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
        EVP_DigestUpdate(&c,act,len);