diff options
| author | beck <> | 2017-01-23 08:08:06 +0000 | 
|---|---|---|
| committer | beck <> | 2017-01-23 08:08:06 +0000 | 
| commit | ba841e9426c50ad2174e15eea62a99c0bf5dce1b (patch) | |
| tree | b37034dc473f23646288550afc5f1edd686f739e /src/lib/libssl/d1_pkt.c | |
| parent | 2cc7590bd8c0089cea24719cef8e387ac293c43b (diff) | |
| download | openbsd-ba841e9426c50ad2174e15eea62a99c0bf5dce1b.tar.gz openbsd-ba841e9426c50ad2174e15eea62a99c0bf5dce1b.tar.bz2 openbsd-ba841e9426c50ad2174e15eea62a99c0bf5dce1b.zip | |
move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant and
other perversions touches them sickly and unnaturally.
Diffstat (limited to 'src/lib/libssl/d1_pkt.c')
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 16 | 
1 files changed, 8 insertions, 8 deletions
| diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 34e6d58c00..2768d7ed9c 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.54 2017/01/23 06:45:30 beck Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.55 2017/01/23 08:08:06 beck Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu | 
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 
| @@ -375,12 +375,12 @@ dtls1_process_record(SSL *s) | |||
| 375 | 375 | ||
| 376 | 376 | ||
| 377 | /* r->length is now the compressed data plus mac */ | 377 | /* r->length is now the compressed data plus mac */ | 
| 378 | if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) && | 378 | if ((sess != NULL) && (s->enc_read_ctx != NULL) && | 
| 379 | (EVP_MD_CTX_md(s->internal->read_hash) != NULL)) { | 379 | (EVP_MD_CTX_md(s->read_hash) != NULL)) { | 
| 380 | /* s->internal->read_hash != NULL => mac_size != -1 */ | 380 | /* s->read_hash != NULL => mac_size != -1 */ | 
| 381 | unsigned char *mac = NULL; | 381 | unsigned char *mac = NULL; | 
| 382 | unsigned char mac_tmp[EVP_MAX_MD_SIZE]; | 382 | unsigned char mac_tmp[EVP_MAX_MD_SIZE]; | 
| 383 | mac_size = EVP_MD_CTX_size(s->internal->read_hash); | 383 | mac_size = EVP_MD_CTX_size(s->read_hash); | 
| 384 | OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); | 384 | OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); | 
| 385 | 385 | ||
| 386 | /* kludge: *_cbc_remove_padding passes padding length in rr->type */ | 386 | /* kludge: *_cbc_remove_padding passes padding length in rr->type */ | 
| @@ -393,14 +393,14 @@ dtls1_process_record(SSL *s) | |||
| 393 | */ | 393 | */ | 
| 394 | if (orig_len < mac_size || | 394 | if (orig_len < mac_size || | 
| 395 | /* CBC records must have a padding length byte too. */ | 395 | /* CBC records must have a padding length byte too. */ | 
| 396 | (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE && | 396 | (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && | 
| 397 | orig_len < mac_size + 1)) { | 397 | orig_len < mac_size + 1)) { | 
| 398 | al = SSL_AD_DECODE_ERROR; | 398 | al = SSL_AD_DECODE_ERROR; | 
| 399 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT); | 399 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT); | 
| 400 | goto f_err; | 400 | goto f_err; | 
| 401 | } | 401 | } | 
| 402 | 402 | ||
| 403 | if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) { | 403 | if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { | 
| 404 | /* We update the length so that the TLS header bytes | 404 | /* We update the length so that the TLS header bytes | 
| 405 | * can be constructed correctly but we need to extract | 405 | * can be constructed correctly but we need to extract | 
| 406 | * the MAC in constant time from within the record, | 406 | * the MAC in constant time from within the record, | 
| @@ -759,7 +759,7 @@ start: | |||
| 759 | /* make sure that we are not getting application data when we | 759 | /* make sure that we are not getting application data when we | 
| 760 | * are doing a handshake for the first time */ | 760 | * are doing a handshake for the first time */ | 
| 761 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | 761 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | 
| 762 | (s->internal->enc_read_ctx == NULL)) { | 762 | (s->enc_read_ctx == NULL)) { | 
| 763 | al = SSL_AD_UNEXPECTED_MESSAGE; | 763 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| 764 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); | 764 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); | 
| 765 | goto f_err; | 765 | goto f_err; | 
