diff options
| author | beck <> | 2017-01-23 08:08:06 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-23 08:08:06 +0000 |
| commit | c85967e4f9c3e1f3b3217545939f1d44ddf9f103 (patch) | |
| tree | b37034dc473f23646288550afc5f1edd686f739e /src/lib/libssl/t1_enc.c | |
| parent | c403bebb7042a1c21959aded78bf10bad7a40a52 (diff) | |
| download | openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.tar.gz openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.tar.bz2 openbsd-c85967e4f9c3e1f3b3217545939f1d44ddf9f103.zip | |
move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant and
other perversions touches them sickly and unnaturally.
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 4b337a4706..2100faac22 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.90 2017/01/23 06:45:30 beck Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.91 2017/01/23 08:08:06 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -536,17 +536,17 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, | |||
| 536 | else | 536 | else |
| 537 | s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; | 537 | s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; |
| 538 | 538 | ||
| 539 | EVP_CIPHER_CTX_free(s->internal->enc_read_ctx); | 539 | EVP_CIPHER_CTX_free(s->enc_read_ctx); |
| 540 | s->internal->enc_read_ctx = NULL; | 540 | s->enc_read_ctx = NULL; |
| 541 | EVP_MD_CTX_destroy(s->internal->read_hash); | 541 | EVP_MD_CTX_destroy(s->read_hash); |
| 542 | s->internal->read_hash = NULL; | 542 | s->read_hash = NULL; |
| 543 | 543 | ||
| 544 | if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) | 544 | if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) |
| 545 | goto err; | 545 | goto err; |
| 546 | s->internal->enc_read_ctx = cipher_ctx; | 546 | s->enc_read_ctx = cipher_ctx; |
| 547 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) | 547 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) |
| 548 | goto err; | 548 | goto err; |
| 549 | s->internal->read_hash = mac_ctx; | 549 | s->read_hash = mac_ctx; |
| 550 | } else { | 550 | } else { |
| 551 | if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | 551 | if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) |
| 552 | s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; | 552 | s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; |
| @@ -1016,15 +1016,15 @@ tls1_enc(SSL *s, int send) | |||
| 1016 | } | 1016 | } |
| 1017 | } | 1017 | } |
| 1018 | } else { | 1018 | } else { |
| 1019 | if (EVP_MD_CTX_md(s->internal->read_hash)) { | 1019 | if (EVP_MD_CTX_md(s->read_hash)) { |
| 1020 | int n = EVP_MD_CTX_size(s->internal->read_hash); | 1020 | int n = EVP_MD_CTX_size(s->read_hash); |
| 1021 | OPENSSL_assert(n >= 0); | 1021 | OPENSSL_assert(n >= 0); |
| 1022 | } | 1022 | } |
| 1023 | ds = s->internal->enc_read_ctx; | 1023 | ds = s->enc_read_ctx; |
| 1024 | if (s->internal->enc_read_ctx == NULL) | 1024 | if (s->enc_read_ctx == NULL) |
| 1025 | enc = NULL; | 1025 | enc = NULL; |
| 1026 | else | 1026 | else |
| 1027 | enc = EVP_CIPHER_CTX_cipher(s->internal->enc_read_ctx); | 1027 | enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); |
| 1028 | } | 1028 | } |
| 1029 | 1029 | ||
| 1030 | if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { | 1030 | if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { |
| @@ -1085,8 +1085,8 @@ tls1_enc(SSL *s, int send) | |||
| 1085 | } | 1085 | } |
| 1086 | 1086 | ||
| 1087 | ret = 1; | 1087 | ret = 1; |
| 1088 | if (EVP_MD_CTX_md(s->internal->read_hash) != NULL) | 1088 | if (EVP_MD_CTX_md(s->read_hash) != NULL) |
| 1089 | mac_size = EVP_MD_CTX_size(s->internal->read_hash); | 1089 | mac_size = EVP_MD_CTX_size(s->read_hash); |
| 1090 | if ((bs != 1) && !send) | 1090 | if ((bs != 1) && !send) |
| 1091 | ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); | 1091 | ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); |
| 1092 | if (pad && !send) | 1092 | if (pad && !send) |
| @@ -1199,7 +1199,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 1199 | } else { | 1199 | } else { |
| 1200 | rec = &(ssl->s3->internal->rrec); | 1200 | rec = &(ssl->s3->internal->rrec); |
| 1201 | seq = &(ssl->s3->internal->read_sequence[0]); | 1201 | seq = &(ssl->s3->internal->read_sequence[0]); |
| 1202 | hash = ssl->internal->read_hash; | 1202 | hash = ssl->read_hash; |
| 1203 | } | 1203 | } |
| 1204 | 1204 | ||
| 1205 | t = EVP_MD_CTX_size(hash); | 1205 | t = EVP_MD_CTX_size(hash); |
| @@ -1232,7 +1232,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 1232 | header[12] = (rec->length) & 0xff; | 1232 | header[12] = (rec->length) & 0xff; |
| 1233 | 1233 | ||
| 1234 | if (!send && | 1234 | if (!send && |
| 1235 | EVP_CIPHER_CTX_mode(ssl->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE && | 1235 | EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && |
| 1236 | ssl3_cbc_record_digest_supported(mac_ctx)) { | 1236 | ssl3_cbc_record_digest_supported(mac_ctx)) { |
| 1237 | /* This is a CBC-encrypted record. We must avoid leaking any | 1237 | /* This is a CBC-encrypted record. We must avoid leaking any |
| 1238 | * timing-side channel information about how many blocks of | 1238 | * timing-side channel information about how many blocks of |