1 files changed, 40 insertions, 40 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index a8998b4dec..4b337a4706 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.89 2017/01/22 09:02:07 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.90 2017/01/23 06:45:30 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -461,13 +461,13 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
        SSL_AEAD_CTX *aead_ctx;
        if (is_read) {
-                if (!tls1_aead_ctx_init(&s->aead_read_ctx))
+                if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx))
                        return 0;
-                aead_ctx = s->aead_read_ctx;
+                aead_ctx = s->internal->aead_read_ctx;
        } else {
-                if (!tls1_aead_ctx_init(&s->aead_write_ctx))
+                if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx))
                        return 0;
-                aead_ctx = s->aead_write_ctx;
+                aead_ctx = s->internal->aead_write_ctx;
        }
        if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len,
@@ -532,26 +532,26 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
        if (is_read) {
                if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
-                        s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
+                        s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
                else
-                        s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
+                        s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
-                EVP_CIPHER_CTX_free(s->enc_read_ctx);
+                EVP_CIPHER_CTX_free(s->internal->enc_read_ctx);
-                s->enc_read_ctx = NULL;
+                s->internal->enc_read_ctx = NULL;
-                EVP_MD_CTX_destroy(s->read_hash);
+                EVP_MD_CTX_destroy(s->internal->read_hash);
-                s->read_hash = NULL;
+                s->internal->read_hash = NULL;
                if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
                        goto err;
-                s->enc_read_ctx = cipher_ctx;
+                s->internal->enc_read_ctx = cipher_ctx;
                if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
                        goto err;
-                s->read_hash = mac_ctx;
+                s->internal->read_hash = mac_ctx;
        } else {
                if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
-                        s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+                        s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
                else
-                        s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+                        s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
                /*
                 * DTLS fragments retain a pointer to the compression, cipher
@@ -561,17 +561,17 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
                 * by DTLS when its frees a ChangeCipherSpec fragment.
                 */
                if (!SSL_IS_DTLS(s)) {
-                        EVP_CIPHER_CTX_free(s->enc_write_ctx);
+                        EVP_CIPHER_CTX_free(s->internal->enc_write_ctx);
-                        s->enc_write_ctx = NULL;
+                        s->internal->enc_write_ctx = NULL;
-                        EVP_MD_CTX_destroy(s->write_hash);
+                        EVP_MD_CTX_destroy(s->internal->write_hash);
-                        s->write_hash = NULL;
+                        s->internal->write_hash = NULL;
                }
                if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
                        goto err;
-                s->enc_write_ctx = cipher_ctx;
+                s->internal->enc_write_ctx = cipher_ctx;
                if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
                        goto err;
-                s->write_hash = mac_ctx;
+                s->internal->write_hash = mac_ctx;
        }
        if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {
@@ -833,11 +833,11 @@ tls1_enc(SSL *s, int send)
        int bs, i, j, k, pad = 0, ret, mac_size = 0;
        if (send) {
-                aead = s->aead_write_ctx;
+                aead = s->internal->aead_write_ctx;
                rec = &S3I(s)->wrec;
                seq = S3I(s)->write_sequence;
        } else {
-                aead = s->aead_read_ctx;
+                aead = s->internal->aead_read_ctx;
                rec = &S3I(s)->rrec;
                seq = S3I(s)->read_sequence;
        }
@@ -988,16 +988,16 @@ tls1_enc(SSL *s, int send)
        }
        if (send) {
-                if (EVP_MD_CTX_md(s->write_hash)) {
+                if (EVP_MD_CTX_md(s->internal->write_hash)) {
-                        int n = EVP_MD_CTX_size(s->write_hash);
+                        int n = EVP_MD_CTX_size(s->internal->write_hash);
                        OPENSSL_assert(n >= 0);
                }
-                ds = s->enc_write_ctx;
+                ds = s->internal->enc_write_ctx;
-                if (s->enc_write_ctx == NULL)
+                if (s->internal->enc_write_ctx == NULL)
                        enc = NULL;
                else {
                        int ivlen = 0;
-                        enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+                        enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx);
                        if (SSL_USE_EXPLICIT_IV(s) &&
                            EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
                                ivlen = EVP_CIPHER_iv_length(enc);
@@ -1016,15 +1016,15 @@ tls1_enc(SSL *s, int send)
                        }
                }
        } else {
-                if (EVP_MD_CTX_md(s->read_hash)) {
+                if (EVP_MD_CTX_md(s->internal->read_hash)) {
-                        int n = EVP_MD_CTX_size(s->read_hash);
+                        int n = EVP_MD_CTX_size(s->internal->read_hash);
                        OPENSSL_assert(n >= 0);
                }
-                ds = s->enc_read_ctx;
+                ds = s->internal->enc_read_ctx;
-                if (s->enc_read_ctx == NULL)
+                if (s->internal->enc_read_ctx == NULL)
                        enc = NULL;
                else
-                        enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+                        enc = EVP_CIPHER_CTX_cipher(s->internal->enc_read_ctx);
        }
        if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
@@ -1085,8 +1085,8 @@ tls1_enc(SSL *s, int send)
                }
                ret = 1;
-                if (EVP_MD_CTX_md(s->read_hash) != NULL)
+                if (EVP_MD_CTX_md(s->internal->read_hash) != NULL)
-                        mac_size = EVP_MD_CTX_size(s->read_hash);
+                        mac_size = EVP_MD_CTX_size(s->internal->read_hash);
                if ((bs != 1) && !send)
                        ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
                if (pad && !send)
@@ -1188,18 +1188,18 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
        EVP_MD_CTX hmac, *mac_ctx;
        unsigned char header[13];
        int stream_mac = (send ?
-            (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) :
+            (ssl->internal->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) :
-            (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
+            (ssl->internal->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
        int t;
        if (send) {
                rec = &(ssl->s3->internal->wrec);
                seq = &(ssl->s3->internal->write_sequence[0]);
-                hash = ssl->write_hash;
+                hash = ssl->internal->write_hash;
        } else {
                rec = &(ssl->s3->internal->rrec);
                seq = &(ssl->s3->internal->read_sequence[0]);
-                hash = ssl->read_hash;
+                hash = ssl->internal->read_hash;
        }
        t = EVP_MD_CTX_size(hash);
@@ -1232,7 +1232,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
        header[12] = (rec->length) & 0xff;
        if (!send &&
-            EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+            EVP_CIPHER_CTX_mode(ssl->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
            ssl3_cbc_record_digest_supported(mac_ctx)) {
                /* This is a CBC-encrypted record. We must avoid leaking any
                 * timing-side channel information about how many blocks of

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index a8998b4dec..4b337a4706 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.89 2017/01/22 09:02:07 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.90 2017/01/23 06:45:30 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -461,13 +461,13 @@ tls1_change_cipher_state_aead(SSL s, char is_read, const unsigned char key,
461	SSL_AEAD_CTX *aead_ctx;	461	SSL_AEAD_CTX *aead_ctx;
462		462
463	if (is_read) {	463	if (is_read) {
464	if (!tls1_aead_ctx_init(&s->aead_read_ctx))	464	if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx))
465	return 0;	465	return 0;
466	aead_ctx = s->aead_read_ctx;	466	aead_ctx = s->internal->aead_read_ctx;
467	} else {	467	} else {
468	if (!tls1_aead_ctx_init(&s->aead_write_ctx))	468	if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx))
469	return 0;	469	return 0;
470	aead_ctx = s->aead_write_ctx;	470	aead_ctx = s->internal->aead_write_ctx;
471	}	471	}
472		472
473	if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len,	473	if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len,
@@ -532,26 +532,26 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
532		532
533	if (is_read) {	533	if (is_read) {
534	if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)	534	if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
535	s->mac_flags \|= SSL_MAC_FLAG_READ_MAC_STREAM;	535	s->internal->mac_flags \|= SSL_MAC_FLAG_READ_MAC_STREAM;
536	else	536	else
537	s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;	537	s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
538		538
539	EVP_CIPHER_CTX_free(s->enc_read_ctx);	539	EVP_CIPHER_CTX_free(s->internal->enc_read_ctx);
540	s->enc_read_ctx = NULL;	540	s->internal->enc_read_ctx = NULL;
541	EVP_MD_CTX_destroy(s->read_hash);	541	EVP_MD_CTX_destroy(s->internal->read_hash);
542	s->read_hash = NULL;	542	s->internal->read_hash = NULL;
543		543
544	if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)	544	if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
545	goto err;	545	goto err;
546	s->enc_read_ctx = cipher_ctx;	546	s->internal->enc_read_ctx = cipher_ctx;
547	if ((mac_ctx = EVP_MD_CTX_create()) == NULL)	547	if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
548	goto err;	548	goto err;
549	s->read_hash = mac_ctx;	549	s->internal->read_hash = mac_ctx;
550	} else {	550	} else {
551	if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)	551	if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
552	s->mac_flags \|= SSL_MAC_FLAG_WRITE_MAC_STREAM;	552	s->internal->mac_flags \|= SSL_MAC_FLAG_WRITE_MAC_STREAM;
553	else	553	else
554	s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;	554	s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
555		555
556	/*	556	/*
557	* DTLS fragments retain a pointer to the compression, cipher	557	* DTLS fragments retain a pointer to the compression, cipher
@@ -561,17 +561,17 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
561	* by DTLS when its frees a ChangeCipherSpec fragment.	561	* by DTLS when its frees a ChangeCipherSpec fragment.
562	*/	562	*/
563	if (!SSL_IS_DTLS(s)) {	563	if (!SSL_IS_DTLS(s)) {
564	EVP_CIPHER_CTX_free(s->enc_write_ctx);	564	EVP_CIPHER_CTX_free(s->internal->enc_write_ctx);
565	s->enc_write_ctx = NULL;	565	s->internal->enc_write_ctx = NULL;
566	EVP_MD_CTX_destroy(s->write_hash);	566	EVP_MD_CTX_destroy(s->internal->write_hash);
567	s->write_hash = NULL;	567	s->internal->write_hash = NULL;
568	}	568	}
569	if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)	569	if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
570	goto err;	570	goto err;
571	s->enc_write_ctx = cipher_ctx;	571	s->internal->enc_write_ctx = cipher_ctx;
572	if ((mac_ctx = EVP_MD_CTX_create()) == NULL)	572	if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
573	goto err;	573	goto err;
574	s->write_hash = mac_ctx;	574	s->internal->write_hash = mac_ctx;
575	}	575	}
576		576
577	if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {	577	if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {
@@ -833,11 +833,11 @@ tls1_enc(SSL *s, int send)
833	int bs, i, j, k, pad = 0, ret, mac_size = 0;	833	int bs, i, j, k, pad = 0, ret, mac_size = 0;
834		834
835	if (send) {	835	if (send) {
836	aead = s->aead_write_ctx;	836	aead = s->internal->aead_write_ctx;
837	rec = &S3I(s)->wrec;	837	rec = &S3I(s)->wrec;
838	seq = S3I(s)->write_sequence;	838	seq = S3I(s)->write_sequence;
839	} else {	839	} else {
840	aead = s->aead_read_ctx;	840	aead = s->internal->aead_read_ctx;
841	rec = &S3I(s)->rrec;	841	rec = &S3I(s)->rrec;
842	seq = S3I(s)->read_sequence;	842	seq = S3I(s)->read_sequence;
843	}	843	}
@@ -988,16 +988,16 @@ tls1_enc(SSL *s, int send)
988	}	988	}
989		989
990	if (send) {	990	if (send) {
991	if (EVP_MD_CTX_md(s->write_hash)) {	991	if (EVP_MD_CTX_md(s->internal->write_hash)) {
992	int n = EVP_MD_CTX_size(s->write_hash);	992	int n = EVP_MD_CTX_size(s->internal->write_hash);
993	OPENSSL_assert(n >= 0);	993	OPENSSL_assert(n >= 0);
994	}	994	}
995	ds = s->enc_write_ctx;	995	ds = s->internal->enc_write_ctx;
996	if (s->enc_write_ctx == NULL)	996	if (s->internal->enc_write_ctx == NULL)
997	enc = NULL;	997	enc = NULL;
998	else {	998	else {
999	int ivlen = 0;	999	int ivlen = 0;
1000	enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);	1000	enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx);
1001	if (SSL_USE_EXPLICIT_IV(s) &&	1001	if (SSL_USE_EXPLICIT_IV(s) &&
1002	EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)	1002	EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
1003	ivlen = EVP_CIPHER_iv_length(enc);	1003	ivlen = EVP_CIPHER_iv_length(enc);
@@ -1016,15 +1016,15 @@ tls1_enc(SSL *s, int send)
1016	}	1016	}
1017	}	1017	}
1018	} else {	1018	} else {
1019	if (EVP_MD_CTX_md(s->read_hash)) {	1019	if (EVP_MD_CTX_md(s->internal->read_hash)) {
1020	int n = EVP_MD_CTX_size(s->read_hash);	1020	int n = EVP_MD_CTX_size(s->internal->read_hash);
1021	OPENSSL_assert(n >= 0);	1021	OPENSSL_assert(n >= 0);
1022	}	1022	}
1023	ds = s->enc_read_ctx;	1023	ds = s->internal->enc_read_ctx;
1024	if (s->enc_read_ctx == NULL)	1024	if (s->internal->enc_read_ctx == NULL)
1025	enc = NULL;	1025	enc = NULL;
1026	else	1026	else
1027	enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);	1027	enc = EVP_CIPHER_CTX_cipher(s->internal->enc_read_ctx);
1028	}	1028	}
1029		1029
1030	if ((s->session == NULL) \|\| (ds == NULL) \|\| (enc == NULL)) {	1030	if ((s->session == NULL) \|\| (ds == NULL) \|\| (enc == NULL)) {
@@ -1085,8 +1085,8 @@ tls1_enc(SSL *s, int send)
1085	}	1085	}
1086		1086
1087	ret = 1;	1087	ret = 1;
1088	if (EVP_MD_CTX_md(s->read_hash) != NULL)	1088	if (EVP_MD_CTX_md(s->internal->read_hash) != NULL)
1089	mac_size = EVP_MD_CTX_size(s->read_hash);	1089	mac_size = EVP_MD_CTX_size(s->internal->read_hash);
1090	if ((bs != 1) && !send)	1090	if ((bs != 1) && !send)
1091	ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);	1091	ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
1092	if (pad && !send)	1092	if (pad && !send)
@@ -1188,18 +1188,18 @@ tls1_mac(SSL ssl, unsigned char md, int send)
1188	EVP_MD_CTX hmac, *mac_ctx;	1188	EVP_MD_CTX hmac, *mac_ctx;
1189	unsigned char header[13];	1189	unsigned char header[13];
1190	int stream_mac = (send ?	1190	int stream_mac = (send ?
1191	(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) :	1191	(ssl->internal->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) :
1192	(ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));	1192	(ssl->internal->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
1193	int t;	1193	int t;
1194		1194
1195	if (send) {	1195	if (send) {
1196	rec = &(ssl->s3->internal->wrec);	1196	rec = &(ssl->s3->internal->wrec);
1197	seq = &(ssl->s3->internal->write_sequence[0]);	1197	seq = &(ssl->s3->internal->write_sequence[0]);
1198	hash = ssl->write_hash;	1198	hash = ssl->internal->write_hash;
1199	} else {	1199	} else {
1200	rec = &(ssl->s3->internal->rrec);	1200	rec = &(ssl->s3->internal->rrec);
1201	seq = &(ssl->s3->internal->read_sequence[0]);	1201	seq = &(ssl->s3->internal->read_sequence[0]);
1202	hash = ssl->read_hash;	1202	hash = ssl->internal->read_hash;
1203	}	1203	}
1204		1204
1205	t = EVP_MD_CTX_size(hash);	1205	t = EVP_MD_CTX_size(hash);
@@ -1232,7 +1232,7 @@ tls1_mac(SSL ssl, unsigned char md, int send)
1232	header[12] = (rec->length) & 0xff;	1232	header[12] = (rec->length) & 0xff;
1233		1233
1234	if (!send &&	1234	if (!send &&
1235	EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&	1235	EVP_CIPHER_CTX_mode(ssl->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
1236	ssl3_cbc_record_digest_supported(mac_ctx)) {	1236	ssl3_cbc_record_digest_supported(mac_ctx)) {
1237	/* This is a CBC-encrypted record. We must avoid leaking any	1237	/* This is a CBC-encrypted record. We must avoid leaking any
1238	* timing-side channel information about how many blocks of	1238	* timing-side channel information about how many blocks of