summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
-rw-r--r--src/lib/libssl/ssl_pkt.c34
1 files changed, 9 insertions, 25 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 5d12b40f28..6bb722098a 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.26 2020/08/01 16:38:17 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.27 2020/08/01 16:50:16 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -622,7 +622,7 @@ ssl3_create_record(SSL *s, unsigned char *p, uint16_t version, uint8_t type,
622{ 622{
623 SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec); 623 SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec);
624 SSL_SESSION *sess = s->session; 624 SSL_SESSION *sess = s->session;
625 int eivlen, mac_size = 0; 625 int eivlen = 0, mac_size = 0;
626 CBB cbb; 626 CBB cbb;
627 627
628 memset(&cbb, 0, sizeof(cbb)); 628 memset(&cbb, 0, sizeof(cbb));
@@ -645,7 +645,6 @@ ssl3_create_record(SSL *s, unsigned char *p, uint16_t version, uint8_t type,
645 p += SSL3_RT_HEADER_LENGTH; 645 p += SSL3_RT_HEADER_LENGTH;
646 646
647 /* Explicit IV length. */ 647 /* Explicit IV length. */
648 eivlen = 0;
649 if (s->internal->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { 648 if (s->internal->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
650 int mode = EVP_CIPHER_CTX_mode(s->internal->enc_write_ctx); 649 int mode = EVP_CIPHER_CTX_mode(s->internal->enc_write_ctx);
651 if (mode == EVP_CIPH_CBC_MODE) { 650 if (mode == EVP_CIPH_CBC_MODE) {
@@ -658,22 +657,12 @@ ssl3_create_record(SSL *s, unsigned char *p, uint16_t version, uint8_t type,
658 eivlen = s->internal->aead_write_ctx->variable_nonce_len; 657 eivlen = s->internal->aead_write_ctx->variable_nonce_len;
659 } 658 }
660 659
661 /* lets setup the record stuff. */
662 wr->type = type; 660 wr->type = type;
663 wr->data = p + eivlen; 661 wr->data = p + eivlen;
664 wr->length = (int)len; 662 wr->length = (int)len;
665 wr->input = (unsigned char *)buf;
666
667 /* we now 'read' from wr->input, wr->length bytes into wr->data */
668
669 memcpy(wr->data, wr->input, wr->length);
670 wr->input = wr->data; 663 wr->input = wr->data;
671 664
672 /* 665 memcpy(wr->data, buf, len);
673 * We should still have the output to wr->data and the input
674 * from wr->input. Length should be wr->length.
675 * wr->data still points in the wb->buf.
676 */
677 666
678 if (mac_size != 0) { 667 if (mac_size != 0) {
679 if (tls1_mac(s, &(p[wr->length + eivlen]), 1) < 0) 668 if (tls1_mac(s, &(p[wr->length + eivlen]), 1) < 0)
@@ -681,15 +670,9 @@ ssl3_create_record(SSL *s, unsigned char *p, uint16_t version, uint8_t type,
681 wr->length += mac_size; 670 wr->length += mac_size;
682 } 671 }
683 672
684 wr->input = p;
685 wr->data = p; 673 wr->data = p;
686 674 wr->input = p;
687 if (eivlen) { 675 wr->length += eivlen;
688 /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
689 goto err;
690 */
691 wr->length += eivlen;
692 }
693 676
694 /* tls1_enc can only have an error on read */ 677 /* tls1_enc can only have an error on read */
695 tls1_enc(s, 1); 678 tls1_enc(s, 1);
@@ -700,9 +683,10 @@ ssl3_create_record(SSL *s, unsigned char *p, uint16_t version, uint8_t type,
700 if (!CBB_finish(&cbb, NULL, NULL)) 683 if (!CBB_finish(&cbb, NULL, NULL))
701 goto err; 684 goto err;
702 685
703 /* we should now have 686 /*
704 * wr->data pointing to the encrypted data, which is 687 * We should now have wr->data pointing to the encrypted data,
705 * wr->length long */ 688 * which is wr->length long.
689 */
706 wr->type = type; /* not needed but helps for debugging */ 690 wr->type = type; /* not needed but helps for debugging */
707 wr->length += SSL3_RT_HEADER_LENGTH; 691 wr->length += SSL3_RT_HEADER_LENGTH;
708 692
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 16:07:48 +0000