diff options
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 2893e1d4dc..a66c82bdca 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.122 2020/03/16 15:25:14 tb Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.123 2020/08/30 15:40:20 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -350,11 +350,17 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, | |||
| 350 | if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx)) | 350 | if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx)) |
| 351 | return 0; | 351 | return 0; |
| 352 | aead_ctx = s->internal->aead_read_ctx; | 352 | aead_ctx = s->internal->aead_read_ctx; |
| 353 | |||
| 354 | if (!tls12_record_layer_set_read_aead(s->internal->rl, aead_ctx)) | ||
| 355 | return 0; | ||
| 353 | } else { | 356 | } else { |
| 354 | ssl_clear_cipher_write_state(s); | 357 | ssl_clear_cipher_write_state(s); |
| 355 | if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx)) | 358 | if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx)) |
| 356 | return 0; | 359 | return 0; |
| 357 | aead_ctx = s->internal->aead_write_ctx; | 360 | aead_ctx = s->internal->aead_write_ctx; |
| 361 | |||
| 362 | if (!tls12_record_layer_set_write_aead(s->internal->rl, aead_ctx)) | ||
| 363 | return 0; | ||
| 358 | } | 364 | } |
| 359 | 365 | ||
| 360 | if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len, | 366 | if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len, |
| @@ -408,14 +414,16 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, | |||
| 408 | EVP_MD_CTX *mac_ctx; | 414 | EVP_MD_CTX *mac_ctx; |
| 409 | EVP_PKEY *mac_key; | 415 | EVP_PKEY *mac_key; |
| 410 | const EVP_MD *mac; | 416 | const EVP_MD *mac; |
| 417 | int stream_mac; | ||
| 411 | int mac_type; | 418 | int mac_type; |
| 412 | 419 | ||
| 413 | cipher = S3I(s)->tmp.new_sym_enc; | 420 | cipher = S3I(s)->tmp.new_sym_enc; |
| 414 | mac = S3I(s)->tmp.new_hash; | 421 | mac = S3I(s)->tmp.new_hash; |
| 415 | mac_type = S3I(s)->tmp.new_mac_pkey_type; | 422 | mac_type = S3I(s)->tmp.new_mac_pkey_type; |
| 423 | stream_mac = S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC; | ||
| 416 | 424 | ||
| 417 | if (is_read) { | 425 | if (is_read) { |
| 418 | if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC) | 426 | if (stream_mac) |
| 419 | s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; | 427 | s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; |
| 420 | else | 428 | else |
| 421 | s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; | 429 | s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; |
| @@ -428,8 +436,12 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, | |||
| 428 | if ((mac_ctx = EVP_MD_CTX_new()) == NULL) | 436 | if ((mac_ctx = EVP_MD_CTX_new()) == NULL) |
| 429 | goto err; | 437 | goto err; |
| 430 | s->read_hash = mac_ctx; | 438 | s->read_hash = mac_ctx; |
| 439 | |||
| 440 | if (!tls12_record_layer_set_read_cipher_hash(s->internal->rl, | ||
| 441 | cipher_ctx, mac_ctx, stream_mac)) | ||
| 442 | goto err; | ||
| 431 | } else { | 443 | } else { |
| 432 | if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC) | 444 | if (stream_mac) |
| 433 | s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; | 445 | s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; |
| 434 | else | 446 | else |
| 435 | s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; | 447 | s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; |
| @@ -450,6 +462,10 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, | |||
| 450 | if ((mac_ctx = EVP_MD_CTX_new()) == NULL) | 462 | if ((mac_ctx = EVP_MD_CTX_new()) == NULL) |
| 451 | goto err; | 463 | goto err; |
| 452 | s->internal->write_hash = mac_ctx; | 464 | s->internal->write_hash = mac_ctx; |
| 465 | |||
| 466 | if (!tls12_record_layer_set_write_cipher_hash(s->internal->rl, | ||
| 467 | cipher_ctx, mac_ctx, stream_mac)) | ||
| 468 | goto err; | ||
| 453 | } | 469 | } |
| 454 | 470 | ||
| 455 | EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read); | 471 | EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read); |
| @@ -677,9 +693,8 @@ tls1_enc(SSL *s, int send) | |||
| 677 | int bs, i, j, k, ret, mac_size = 0; | 693 | int bs, i, j, k, ret, mac_size = 0; |
| 678 | 694 | ||
| 679 | if (send) { | 695 | if (send) { |
| 680 | aead = s->internal->aead_write_ctx; | 696 | /* No longer supported. */ |
| 681 | rec = &S3I(s)->wrec; | 697 | return -1; |
| 682 | seq = S3I(s)->write_sequence; | ||
| 683 | } else { | 698 | } else { |
| 684 | aead = s->internal->aead_read_ctx; | 699 | aead = s->internal->aead_read_ctx; |
| 685 | rec = &S3I(s)->rrec; | 700 | rec = &S3I(s)->rrec; |
| @@ -946,9 +961,8 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 946 | int t; | 961 | int t; |
| 947 | 962 | ||
| 948 | if (send) { | 963 | if (send) { |
| 949 | rec = &(ssl->s3->internal->wrec); | 964 | /* No longer supported. */ |
| 950 | seq = &(ssl->s3->internal->write_sequence[0]); | 965 | return -1; |
| 951 | hash = ssl->internal->write_hash; | ||
| 952 | } else { | 966 | } else { |
| 953 | rec = &(ssl->s3->internal->rrec); | 967 | rec = &(ssl->s3->internal->rrec); |
| 954 | seq = &(ssl->s3->internal->read_sequence[0]); | 968 | seq = &(ssl->s3->internal->read_sequence[0]); |