diff options
| author | jsing <> | 2021-10-23 15:02:27 +0000 |
|---|---|---|
| committer | jsing <> | 2021-10-23 15:02:27 +0000 |
| commit | 175c62fce31edd2a92d0fc71e7b74b2440fbe5cc (patch) | |
| tree | 144ab5f7a9fa85a7b22cb87744d412ca7681fb8c | |
| parent | 2e95ac2a54af81b1d4a20ccc90c6efc54570b0db (diff) | |
| download | openbsd-175c62fce31edd2a92d0fc71e7b74b2440fbe5cc.tar.gz openbsd-175c62fce31edd2a92d0fc71e7b74b2440fbe5cc.tar.bz2 openbsd-175c62fce31edd2a92d0fc71e7b74b2440fbe5cc.zip | |
Mop up enc_read_ctx and read_hash.
These are no longer public, so we can mop them up along with the machinery
needed to set/clear them.
ok beck@ tb@
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 16 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 14 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/tls12_record_layer.c | 10 |
4 files changed, 4 insertions, 40 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index df02599739..c029b3716c 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.270 2021/10/23 13:36:03 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.271 2021/10/23 15:02:27 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2709,21 +2709,7 @@ SSL_dup(SSL *s) | |||
| 2709 | void | 2709 | void |
| 2710 | ssl_clear_cipher_state(SSL *s) | 2710 | ssl_clear_cipher_state(SSL *s) |
| 2711 | { | 2711 | { |
| 2712 | ssl_clear_cipher_read_state(s); | ||
| 2713 | ssl_clear_cipher_write_state(s); | ||
| 2714 | } | ||
| 2715 | |||
| 2716 | void | ||
| 2717 | ssl_clear_cipher_read_state(SSL *s) | ||
| 2718 | { | ||
| 2719 | tls12_record_layer_clear_read_state(s->internal->rl); | 2712 | tls12_record_layer_clear_read_state(s->internal->rl); |
| 2720 | tls12_record_layer_read_cipher_hash(s->internal->rl, | ||
| 2721 | &s->enc_read_ctx, &s->read_hash); | ||
| 2722 | } | ||
| 2723 | |||
| 2724 | void | ||
| 2725 | ssl_clear_cipher_write_state(SSL *s) | ||
| 2726 | { | ||
| 2727 | tls12_record_layer_clear_write_state(s->internal->rl); | 2713 | tls12_record_layer_clear_write_state(s->internal->rl); |
| 2728 | } | 2714 | } |
| 2729 | 2715 | ||
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 3c58e5ac21..ea1ee084a0 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.363 2021/10/23 14:40:54 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.364 2021/10/23 15:02:27 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -670,8 +670,6 @@ void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, | |||
| 670 | void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl); | 670 | void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl); |
| 671 | void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl); | 671 | void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl); |
| 672 | void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl); | 672 | void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl); |
| 673 | void tls12_record_layer_read_cipher_hash(struct tls12_record_layer *rl, | ||
| 674 | EVP_CIPHER_CTX **cipher, EVP_MD_CTX **hash); | ||
| 675 | int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, | 673 | int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, |
| 676 | CBS *mac_key, CBS *key, CBS *iv); | 674 | CBS *mac_key, CBS *key, CBS *iv); |
| 677 | int tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, | 675 | int tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, |
| @@ -1095,14 +1093,6 @@ struct ssl_st { | |||
| 1095 | SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ | 1093 | SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ |
| 1096 | #define session_ctx initial_ctx | 1094 | #define session_ctx initial_ctx |
| 1097 | 1095 | ||
| 1098 | /* | ||
| 1099 | * XXX really should be internal, but is | ||
| 1100 | * touched unnaturally by wpa-supplicant | ||
| 1101 | * and freeradius and other perversions | ||
| 1102 | */ | ||
| 1103 | EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ | ||
| 1104 | EVP_MD_CTX *read_hash; /* used for mac generation */ | ||
| 1105 | |||
| 1106 | struct ssl_internal_st *internal; | 1096 | struct ssl_internal_st *internal; |
| 1107 | }; | 1097 | }; |
| 1108 | 1098 | ||
| @@ -1310,8 +1300,6 @@ const SSL_METHOD *tls_legacy_method(void); | |||
| 1310 | const SSL_METHOD *ssl_get_method(uint16_t version); | 1300 | const SSL_METHOD *ssl_get_method(uint16_t version); |
| 1311 | 1301 | ||
| 1312 | void ssl_clear_cipher_state(SSL *s); | 1302 | void ssl_clear_cipher_state(SSL *s); |
| 1313 | void ssl_clear_cipher_read_state(SSL *s); | ||
| 1314 | void ssl_clear_cipher_write_state(SSL *s); | ||
| 1315 | int ssl_clear_bad_session(SSL *s); | 1303 | int ssl_clear_bad_session(SSL *s); |
| 1316 | 1304 | ||
| 1317 | void ssl_info_callback(const SSL *s, int type, int value); | 1305 | void ssl_info_callback(const SSL *s, int type, int value); |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 65e2063398..65abcbdcaf 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.151 2021/07/01 17:53:39 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.152 2021/10/23 15:02:27 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -315,8 +315,6 @@ tls1_change_cipher_state(SSL *s, int is_write) | |||
| 315 | goto err; | 315 | goto err; |
| 316 | if (SSL_is_dtls(s)) | 316 | if (SSL_is_dtls(s)) |
| 317 | dtls1_reset_read_seq_numbers(s); | 317 | dtls1_reset_read_seq_numbers(s); |
| 318 | tls12_record_layer_read_cipher_hash(s->internal->rl, | ||
| 319 | &s->enc_read_ctx, &s->read_hash); | ||
| 320 | } else { | 318 | } else { |
| 321 | if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, | 319 | if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, |
| 322 | &mac_key, &key, &iv)) | 320 | &mac_key, &key, &iv)) |
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c index 6d7d8696eb..f7264a17c5 100644 --- a/src/lib/libssl/tls12_record_layer.c +++ b/src/lib/libssl/tls12_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls12_record_layer.c,v 1.34 2021/08/30 19:12:25 jsing Exp $ */ | 1 | /* $OpenBSD: tls12_record_layer.c,v 1.35 2021/10/23 15:02:27 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -356,14 +356,6 @@ tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) | |||
| 356 | } | 356 | } |
| 357 | 357 | ||
| 358 | void | 358 | void |
| 359 | tls12_record_layer_read_cipher_hash(struct tls12_record_layer *rl, | ||
| 360 | EVP_CIPHER_CTX **cipher, EVP_MD_CTX **hash) | ||
| 361 | { | ||
| 362 | *cipher = rl->read->cipher_ctx; | ||
| 363 | *hash = rl->read->hash_ctx; | ||
| 364 | } | ||
| 365 | |||
| 366 | void | ||
| 367 | tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl) | 359 | tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl) |
| 368 | { | 360 | { |
| 369 | memcpy(rl->write->seq_num, rl->read->seq_num, | 361 | memcpy(rl->write->seq_num, rl->read->seq_num, |