move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant and

other perversions touches them sickly and unnaturally.
author: beck <> 2017-01-23 08:08:06 +0000
committer: beck <> 2017-01-23 08:08:06 +0000
commit: c85967e4f9c3e1f3b3217545939f1d44ddf9f103 (patch)
tree: b37034dc473f23646288550afc5f1edd686f739e /src/lib/libssl/d1_pkt.c
parent: c403bebb7042a1c21959aded78bf10bad7a40a52 (diff)
download: openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.tar.gz
openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.tar.bz2
openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.zip
1 files changed, 8 insertions, 8 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 34e6d58c00..2768d7ed9c 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.54 2017/01/23 06:45:30 beck Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.55 2017/01/23 08:08:06 beck Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -375,12 +375,12 @@ dtls1_process_record(SSL *s)
        /* r->length is now the compressed data plus mac */
-        if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) &&
+        if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
-            (EVP_MD_CTX_md(s->internal->read_hash) != NULL)) {
+            (EVP_MD_CTX_md(s->read_hash) != NULL)) {
-                /* s->internal->read_hash != NULL => mac_size != -1 */
+                /* s->read_hash != NULL => mac_size != -1 */
                unsigned char *mac = NULL;
                unsigned char mac_tmp[EVP_MAX_MD_SIZE];
-                mac_size = EVP_MD_CTX_size(s->internal->read_hash);
+                mac_size = EVP_MD_CTX_size(s->read_hash);
                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
                /* kludge: *_cbc_remove_padding passes padding length in rr->type */
@@ -393,14 +393,14 @@ dtls1_process_record(SSL *s)
                 */
                if (orig_len < mac_size ||
                        /* CBC records must have a padding length byte too. */
-                    (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+                    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
                    orig_len < mac_size + 1)) {
                        al = SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
                        goto f_err;
                }
-                if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+                if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
                        /* We update the length so that the TLS header bytes
                         * can be constructed correctly but we need to extract
                         * the MAC in constant time from within the record,
@@ -759,7 +759,7 @@ start:
                /* make sure that we are not getting application data when we
                 * are doing a handshake for the first time */
                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
-                        (s->internal->enc_read_ctx == NULL)) {
+                        (s->enc_read_ctx == NULL)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
                        goto f_err;
author	beck <>	2017-01-23 08:08:06 +0000
committer	beck <>	2017-01-23 08:08:06 +0000
commit	c85967e4f9c3e1f3b3217545939f1d44ddf9f103 (patch)
tree	b37034dc473f23646288550afc5f1edd686f739e /src/lib/libssl/d1_pkt.c
parent	c403bebb7042a1c21959aded78bf10bad7a40a52 (diff)
download	openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.tar.gz openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.tar.bz2 openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.zip

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 34e6d58c00..2768d7ed9c 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.54 2017/01/23 06:45:30 beck Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.55 2017/01/23 08:08:06 beck Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -375,12 +375,12 @@ dtls1_process_record(SSL *s)
375		375
376		376
377	/* r->length is now the compressed data plus mac */	377	/* r->length is now the compressed data plus mac */
378	if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) &&	378	if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
379	(EVP_MD_CTX_md(s->internal->read_hash) != NULL)) {	379	(EVP_MD_CTX_md(s->read_hash) != NULL)) {
380	/* s->internal->read_hash != NULL => mac_size != -1 */	380	/* s->read_hash != NULL => mac_size != -1 */
381	unsigned char *mac = NULL;	381	unsigned char *mac = NULL;
382	unsigned char mac_tmp[EVP_MAX_MD_SIZE];	382	unsigned char mac_tmp[EVP_MAX_MD_SIZE];
383	mac_size = EVP_MD_CTX_size(s->internal->read_hash);	383	mac_size = EVP_MD_CTX_size(s->read_hash);
384	OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);	384	OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
385		385
386	/* kludge: _cbc_remove_padding passes padding length in rr->type /	386	/* kludge: _cbc_remove_padding passes padding length in rr->type /
@@ -393,14 +393,14 @@ dtls1_process_record(SSL *s)
393	*/	393	*/
394	if (orig_len < mac_size \|\|	394	if (orig_len < mac_size \|\|
395	/* CBC records must have a padding length byte too. */	395	/* CBC records must have a padding length byte too. */
396	(EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE &&	396	(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
397	orig_len < mac_size + 1)) {	397	orig_len < mac_size + 1)) {
398	al = SSL_AD_DECODE_ERROR;	398	al = SSL_AD_DECODE_ERROR;
399	SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);	399	SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
400	goto f_err;	400	goto f_err;
401	}	401	}
402		402
403	if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) {	403	if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
404	/* We update the length so that the TLS header bytes	404	/* We update the length so that the TLS header bytes
405	* can be constructed correctly but we need to extract	405	* can be constructed correctly but we need to extract
406	* the MAC in constant time from within the record,	406	* the MAC in constant time from within the record,
@@ -759,7 +759,7 @@ start:
759	/* make sure that we are not getting application data when we	759	/* make sure that we are not getting application data when we
760	* are doing a handshake for the first time */	760	* are doing a handshake for the first time */
761	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&	761	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
762	(s->internal->enc_read_ctx == NULL)) {	762	(s->enc_read_ctx == NULL)) {
763	al = SSL_AD_UNEXPECTED_MESSAGE;	763	al = SSL_AD_UNEXPECTED_MESSAGE;
764	SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);	764	SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
765	goto f_err;	765	goto f_err;