move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant and

other perversions touches them sickly and unnaturally.
author: beck <> 2017-01-23 08:08:06 +0000
committer: beck <> 2017-01-23 08:08:06 +0000
commit: c85967e4f9c3e1f3b3217545939f1d44ddf9f103 (patch)
tree: b37034dc473f23646288550afc5f1edd686f739e /src/lib/libssl/s3_pkt.c
parent: c403bebb7042a1c21959aded78bf10bad7a40a52 (diff)
download: openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.tar.gz
openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.tar.bz2
openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.zip
1 files changed, 8 insertions, 8 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 458a355692..3fb5168d16 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.64 2017/01/23 06:45:30 beck Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.65 2017/01/23 08:08:06 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -395,13 +395,13 @@ again:
        /* r->length is now the compressed data plus mac */
-        if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) &&
+        if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
-            (EVP_MD_CTX_md(s->internal->read_hash) != NULL)) {
+            (EVP_MD_CTX_md(s->read_hash) != NULL)) {
-                /* s->internal->read_hash != NULL => mac_size != -1 */
+                /* s->read_hash != NULL => mac_size != -1 */
                unsigned char *mac = NULL;
                unsigned char mac_tmp[EVP_MAX_MD_SIZE];
-                mac_size = EVP_MD_CTX_size(s->internal->read_hash);
+                mac_size = EVP_MD_CTX_size(s->read_hash);
                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
                /* kludge: *_cbc_remove_padding passes padding length in rr->type */
@@ -414,14 +414,14 @@ again:
                 */
                if (orig_len < mac_size ||
                        /* CBC records must have a padding length byte too. */
-                    (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+                    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
                    orig_len < mac_size + 1)) {
                        al = SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
                        goto f_err;
                }
-                if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+                if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
                        /* We update the length so that the TLS header bytes
                         * can be constructed correctly but we need to extract
                         * the MAC in constant time from within the record,
@@ -960,7 +960,7 @@ start:
                /* make sure that we are not getting application data when we
                 * are doing a handshake for the first time */
                if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
-                        (s->internal->enc_read_ctx == NULL)) {
+                        (s->enc_read_ctx == NULL)) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerr(SSL_F_SSL3_READ_BYTES,
                            SSL_R_APP_DATA_IN_HANDSHAKE);
author	beck <>	2017-01-23 08:08:06 +0000
committer	beck <>	2017-01-23 08:08:06 +0000
commit	c85967e4f9c3e1f3b3217545939f1d44ddf9f103 (patch)
tree	b37034dc473f23646288550afc5f1edd686f739e /src/lib/libssl/s3_pkt.c
parent	c403bebb7042a1c21959aded78bf10bad7a40a52 (diff)
download	openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.tar.gz openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.tar.bz2 openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.zip

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 458a355692..3fb5168d16 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_pkt.c,v 1.64 2017/01/23 06:45:30 beck Exp $ */	1	/* $OpenBSD: s3_pkt.c,v 1.65 2017/01/23 08:08:06 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -395,13 +395,13 @@ again:
395		395
396		396
397	/* r->length is now the compressed data plus mac */	397	/* r->length is now the compressed data plus mac */
398	if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) &&	398	if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
399	(EVP_MD_CTX_md(s->internal->read_hash) != NULL)) {	399	(EVP_MD_CTX_md(s->read_hash) != NULL)) {
400	/* s->internal->read_hash != NULL => mac_size != -1 */	400	/* s->read_hash != NULL => mac_size != -1 */
401	unsigned char *mac = NULL;	401	unsigned char *mac = NULL;
402	unsigned char mac_tmp[EVP_MAX_MD_SIZE];	402	unsigned char mac_tmp[EVP_MAX_MD_SIZE];
403		403
404	mac_size = EVP_MD_CTX_size(s->internal->read_hash);	404	mac_size = EVP_MD_CTX_size(s->read_hash);
405	OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);	405	OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
406		406
407	/* kludge: _cbc_remove_padding passes padding length in rr->type /	407	/* kludge: _cbc_remove_padding passes padding length in rr->type /
@@ -414,14 +414,14 @@ again:
414	*/	414	*/
415	if (orig_len < mac_size \|\|	415	if (orig_len < mac_size \|\|
416	/* CBC records must have a padding length byte too. */	416	/* CBC records must have a padding length byte too. */
417	(EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE &&	417	(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
418	orig_len < mac_size + 1)) {	418	orig_len < mac_size + 1)) {
419	al = SSL_AD_DECODE_ERROR;	419	al = SSL_AD_DECODE_ERROR;
420	SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);	420	SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
421	goto f_err;	421	goto f_err;
422	}	422	}
423		423
424	if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) {	424	if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
425	/* We update the length so that the TLS header bytes	425	/* We update the length so that the TLS header bytes
426	* can be constructed correctly but we need to extract	426	* can be constructed correctly but we need to extract
427	* the MAC in constant time from within the record,	427	* the MAC in constant time from within the record,
@@ -960,7 +960,7 @@ start:
960	/* make sure that we are not getting application data when we	960	/* make sure that we are not getting application data when we
961	* are doing a handshake for the first time */	961	* are doing a handshake for the first time */
962	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&	962	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
963	(s->internal->enc_read_ctx == NULL)) {	963	(s->enc_read_ctx == NULL)) {
964	al = SSL_AD_UNEXPECTED_MESSAGE;	964	al = SSL_AD_UNEXPECTED_MESSAGE;
965	SSLerr(SSL_F_SSL3_READ_BYTES,	965	SSLerr(SSL_F_SSL3_READ_BYTES,
966	SSL_R_APP_DATA_IN_HANDSHAKE);	966	SSL_R_APP_DATA_IN_HANDSHAKE);