summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_enc.c12
-rw-r--r--src/lib/libssl/d1_pkt.c16
-rw-r--r--src/lib/libssl/s3_cbc.c4
-rw-r--r--src/lib/libssl/s3_pkt.c16
-rw-r--r--src/lib/libssl/ssl.h10
-rw-r--r--src/lib/libssl/ssl_lib.c14
-rw-r--r--src/lib/libssl/ssl_locl.h5
-rw-r--r--src/lib/libssl/t1_enc.c32
8 files changed, 57 insertions, 52 deletions
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index 0e49fb6df2..20686d2963 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_enc.c,v 1.13 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: d1_enc.c,v 1.14 2017/01/23 08:08:06 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -162,16 +162,16 @@ dtls1_enc(SSL *s, int send)
162 } 162 }
163 } 163 }
164 } else { 164 } else {
165 if (EVP_MD_CTX_md(s->internal->read_hash)) { 165 if (EVP_MD_CTX_md(s->read_hash)) {
166 mac_size = EVP_MD_CTX_size(s->internal->read_hash); 166 mac_size = EVP_MD_CTX_size(s->read_hash);
167 OPENSSL_assert(mac_size >= 0); 167 OPENSSL_assert(mac_size >= 0);
168 } 168 }
169 ds = s->internal->enc_read_ctx; 169 ds = s->enc_read_ctx;
170 rec = &(S3I(s)->rrec); 170 rec = &(S3I(s)->rrec);
171 if (s->internal->enc_read_ctx == NULL) 171 if (s->enc_read_ctx == NULL)
172 enc = NULL; 172 enc = NULL;
173 else 173 else
174 enc = EVP_CIPHER_CTX_cipher(s->internal->enc_read_ctx); 174 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
175 } 175 }
176 176
177 177
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 34e6d58c00..2768d7ed9c 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.54 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.55 2017/01/23 08:08:06 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -375,12 +375,12 @@ dtls1_process_record(SSL *s)
375 375
376 376
377 /* r->length is now the compressed data plus mac */ 377 /* r->length is now the compressed data plus mac */
378 if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) && 378 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
379 (EVP_MD_CTX_md(s->internal->read_hash) != NULL)) { 379 (EVP_MD_CTX_md(s->read_hash) != NULL)) {
380 /* s->internal->read_hash != NULL => mac_size != -1 */ 380 /* s->read_hash != NULL => mac_size != -1 */
381 unsigned char *mac = NULL; 381 unsigned char *mac = NULL;
382 unsigned char mac_tmp[EVP_MAX_MD_SIZE]; 382 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
383 mac_size = EVP_MD_CTX_size(s->internal->read_hash); 383 mac_size = EVP_MD_CTX_size(s->read_hash);
384 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); 384 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
385 385
386 /* kludge: *_cbc_remove_padding passes padding length in rr->type */ 386 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
@@ -393,14 +393,14 @@ dtls1_process_record(SSL *s)
393 */ 393 */
394 if (orig_len < mac_size || 394 if (orig_len < mac_size ||
395 /* CBC records must have a padding length byte too. */ 395 /* CBC records must have a padding length byte too. */
396 (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE && 396 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
397 orig_len < mac_size + 1)) { 397 orig_len < mac_size + 1)) {
398 al = SSL_AD_DECODE_ERROR; 398 al = SSL_AD_DECODE_ERROR;
399 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT); 399 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
400 goto f_err; 400 goto f_err;
401 } 401 }
402 402
403 if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) { 403 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
404 /* We update the length so that the TLS header bytes 404 /* We update the length so that the TLS header bytes
405 * can be constructed correctly but we need to extract 405 * can be constructed correctly but we need to extract
406 * the MAC in constant time from within the record, 406 * the MAC in constant time from within the record,
@@ -759,7 +759,7 @@ start:
759 /* make sure that we are not getting application data when we 759 /* make sure that we are not getting application data when we
760 * are doing a handshake for the first time */ 760 * are doing a handshake for the first time */
761 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && 761 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
762 (s->internal->enc_read_ctx == NULL)) { 762 (s->enc_read_ctx == NULL)) {
763 al = SSL_AD_UNEXPECTED_MESSAGE; 763 al = SSL_AD_UNEXPECTED_MESSAGE;
764 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); 764 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
765 goto f_err; 765 goto f_err;
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index 10b6ddde0f..8c910c5f86 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_cbc.c,v 1.15 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: s3_cbc.c,v 1.16 2017/01/23 08:08:06 beck Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -135,7 +135,7 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
135 135
136 padding_length = rec->data[rec->length - 1]; 136 padding_length = rec->data[rec->length - 1];
137 137
138 if (EVP_CIPHER_flags(s->internal->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { 138 if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
139 /* padding is already verified */ 139 /* padding is already verified */
140 rec->length -= padding_length + 1; 140 rec->length -= padding_length + 1;
141 return 1; 141 return 1;
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 458a355692..3fb5168d16 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_pkt.c,v 1.64 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: s3_pkt.c,v 1.65 2017/01/23 08:08:06 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -395,13 +395,13 @@ again:
395 395
396 396
397 /* r->length is now the compressed data plus mac */ 397 /* r->length is now the compressed data plus mac */
398 if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) && 398 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
399 (EVP_MD_CTX_md(s->internal->read_hash) != NULL)) { 399 (EVP_MD_CTX_md(s->read_hash) != NULL)) {
400 /* s->internal->read_hash != NULL => mac_size != -1 */ 400 /* s->read_hash != NULL => mac_size != -1 */
401 unsigned char *mac = NULL; 401 unsigned char *mac = NULL;
402 unsigned char mac_tmp[EVP_MAX_MD_SIZE]; 402 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
403 403
404 mac_size = EVP_MD_CTX_size(s->internal->read_hash); 404 mac_size = EVP_MD_CTX_size(s->read_hash);
405 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); 405 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
406 406
407 /* kludge: *_cbc_remove_padding passes padding length in rr->type */ 407 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
@@ -414,14 +414,14 @@ again:
414 */ 414 */
415 if (orig_len < mac_size || 415 if (orig_len < mac_size ||
416 /* CBC records must have a padding length byte too. */ 416 /* CBC records must have a padding length byte too. */
417 (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE && 417 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
418 orig_len < mac_size + 1)) { 418 orig_len < mac_size + 1)) {
419 al = SSL_AD_DECODE_ERROR; 419 al = SSL_AD_DECODE_ERROR;
420 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); 420 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
421 goto f_err; 421 goto f_err;
422 } 422 }
423 423
424 if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) { 424 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
425 /* We update the length so that the TLS header bytes 425 /* We update the length so that the TLS header bytes
426 * can be constructed correctly but we need to extract 426 * can be constructed correctly but we need to extract
427 * the MAC in constant time from within the record, 427 * the MAC in constant time from within the record,
@@ -960,7 +960,7 @@ start:
960 /* make sure that we are not getting application data when we 960 /* make sure that we are not getting application data when we
961 * are doing a handshake for the first time */ 961 * are doing a handshake for the first time */
962 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && 962 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
963 (s->internal->enc_read_ctx == NULL)) { 963 (s->enc_read_ctx == NULL)) {
964 al = SSL_AD_UNEXPECTED_MESSAGE; 964 al = SSL_AD_UNEXPECTED_MESSAGE;
965 SSLerr(SSL_F_SSL3_READ_BYTES, 965 SSLerr(SSL_F_SSL3_READ_BYTES,
966 SSL_R_APP_DATA_IN_HANDSHAKE); 966 SSL_R_APP_DATA_IN_HANDSHAKE);
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 4069fcd024..678246b23e 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.114 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: ssl.h,v 1.115 2017/01/23 08:08:06 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -894,6 +894,14 @@ struct ssl_st {
894 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ 894 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
895#define session_ctx initial_ctx 895#define session_ctx initial_ctx
896 896
897 /*
898 * XXX really should be internal, but is
899 * touched unnaturally by wpa-supplicant
900 * and freeradius and other perversions
901 */
902 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
903 EVP_MD_CTX *read_hash; /* used for mac generation */
904
897 struct ssl_internal_st *internal; 905 struct ssl_internal_st *internal;
898}; 906};
899 907
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index c29d6225df..5839bd8048 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.135 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.136 2017/01/23 08:08:06 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -221,7 +221,7 @@ SSL_clear(SSL *s)
221 s->internal->init_buf = NULL; 221 s->internal->init_buf = NULL;
222 222
223 ssl_clear_cipher_ctx(s); 223 ssl_clear_cipher_ctx(s);
224 ssl_clear_hash_ctx(&s->internal->read_hash); 224 ssl_clear_hash_ctx(&s->read_hash);
225 ssl_clear_hash_ctx(&s->internal->write_hash); 225 ssl_clear_hash_ctx(&s->internal->write_hash);
226 226
227 s->internal->first_packet = 0; 227 s->internal->first_packet = 0;
@@ -528,7 +528,7 @@ SSL_free(SSL *s)
528 } 528 }
529 529
530 ssl_clear_cipher_ctx(s); 530 ssl_clear_cipher_ctx(s);
531 ssl_clear_hash_ctx(&s->internal->read_hash); 531 ssl_clear_hash_ctx(&s->read_hash);
532 ssl_clear_hash_ctx(&s->internal->write_hash); 532 ssl_clear_hash_ctx(&s->internal->write_hash);
533 533
534 if (s->cert != NULL) 534 if (s->cert != NULL)
@@ -2434,7 +2434,7 @@ SSL_set_accept_state(SSL *s)
2434 s->internal->handshake_func = s->method->ssl_accept; 2434 s->internal->handshake_func = s->method->ssl_accept;
2435 /* clear the current cipher */ 2435 /* clear the current cipher */
2436 ssl_clear_cipher_ctx(s); 2436 ssl_clear_cipher_ctx(s);
2437 ssl_clear_hash_ctx(&s->internal->read_hash); 2437 ssl_clear_hash_ctx(&s->read_hash);
2438 ssl_clear_hash_ctx(&s->internal->write_hash); 2438 ssl_clear_hash_ctx(&s->internal->write_hash);
2439} 2439}
2440 2440
@@ -2447,7 +2447,7 @@ SSL_set_connect_state(SSL *s)
2447 s->internal->handshake_func = s->method->ssl_connect; 2447 s->internal->handshake_func = s->method->ssl_connect;
2448 /* clear the current cipher */ 2448 /* clear the current cipher */
2449 ssl_clear_cipher_ctx(s); 2449 ssl_clear_cipher_ctx(s);
2450 ssl_clear_hash_ctx(&s->internal->read_hash); 2450 ssl_clear_hash_ctx(&s->read_hash);
2451 ssl_clear_hash_ctx(&s->internal->write_hash); 2451 ssl_clear_hash_ctx(&s->internal->write_hash);
2452} 2452}
2453 2453
@@ -2732,8 +2732,8 @@ err:
2732void 2732void
2733ssl_clear_cipher_ctx(SSL *s) 2733ssl_clear_cipher_ctx(SSL *s)
2734{ 2734{
2735 EVP_CIPHER_CTX_free(s->internal->enc_read_ctx); 2735 EVP_CIPHER_CTX_free(s->enc_read_ctx);
2736 s->internal->enc_read_ctx = NULL; 2736 s->enc_read_ctx = NULL;
2737 EVP_CIPHER_CTX_free(s->internal->enc_write_ctx); 2737 EVP_CIPHER_CTX_free(s->internal->enc_write_ctx);
2738 s->internal->enc_write_ctx = NULL; 2738 s->internal->enc_write_ctx = NULL;
2739 2739
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index d8818e1850..6da2ce3fab 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.158 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.159 2017/01/23 08:08:06 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -670,9 +670,6 @@ typedef struct ssl_internal_st {
670 enc_read_ctx and read_hash are 670 enc_read_ctx and read_hash are
671 ignored. */ 671 ignored. */
672 672
673 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
674 EVP_MD_CTX *read_hash; /* used for mac generation */
675
676 SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then 673 SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then
677 enc_write_ctx and write_hash are 674 enc_write_ctx and write_hash are
678 ignored. */ 675 ignored. */
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 4b337a4706..2100faac22 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.90 2017/01/23 06:45:30 beck Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.91 2017/01/23 08:08:06 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -536,17 +536,17 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
536 else 536 else
537 s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; 537 s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
538 538
539 EVP_CIPHER_CTX_free(s->internal->enc_read_ctx); 539 EVP_CIPHER_CTX_free(s->enc_read_ctx);
540 s->internal->enc_read_ctx = NULL; 540 s->enc_read_ctx = NULL;
541 EVP_MD_CTX_destroy(s->internal->read_hash); 541 EVP_MD_CTX_destroy(s->read_hash);
542 s->internal->read_hash = NULL; 542 s->read_hash = NULL;
543 543
544 if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) 544 if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
545 goto err; 545 goto err;
546 s->internal->enc_read_ctx = cipher_ctx; 546 s->enc_read_ctx = cipher_ctx;
547 if ((mac_ctx = EVP_MD_CTX_create()) == NULL) 547 if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
548 goto err; 548 goto err;
549 s->internal->read_hash = mac_ctx; 549 s->read_hash = mac_ctx;
550 } else { 550 } else {
551 if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) 551 if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
552 s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; 552 s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
@@ -1016,15 +1016,15 @@ tls1_enc(SSL *s, int send)
1016 } 1016 }
1017 } 1017 }
1018 } else { 1018 } else {
1019 if (EVP_MD_CTX_md(s->internal->read_hash)) { 1019 if (EVP_MD_CTX_md(s->read_hash)) {
1020 int n = EVP_MD_CTX_size(s->internal->read_hash); 1020 int n = EVP_MD_CTX_size(s->read_hash);
1021 OPENSSL_assert(n >= 0); 1021 OPENSSL_assert(n >= 0);
1022 } 1022 }
1023 ds = s->internal->enc_read_ctx; 1023 ds = s->enc_read_ctx;
1024 if (s->internal->enc_read_ctx == NULL) 1024 if (s->enc_read_ctx == NULL)
1025 enc = NULL; 1025 enc = NULL;
1026 else 1026 else
1027 enc = EVP_CIPHER_CTX_cipher(s->internal->enc_read_ctx); 1027 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
1028 } 1028 }
1029 1029
1030 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { 1030 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
@@ -1085,8 +1085,8 @@ tls1_enc(SSL *s, int send)
1085 } 1085 }
1086 1086
1087 ret = 1; 1087 ret = 1;
1088 if (EVP_MD_CTX_md(s->internal->read_hash) != NULL) 1088 if (EVP_MD_CTX_md(s->read_hash) != NULL)
1089 mac_size = EVP_MD_CTX_size(s->internal->read_hash); 1089 mac_size = EVP_MD_CTX_size(s->read_hash);
1090 if ((bs != 1) && !send) 1090 if ((bs != 1) && !send)
1091 ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); 1091 ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
1092 if (pad && !send) 1092 if (pad && !send)
@@ -1199,7 +1199,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
1199 } else { 1199 } else {
1200 rec = &(ssl->s3->internal->rrec); 1200 rec = &(ssl->s3->internal->rrec);
1201 seq = &(ssl->s3->internal->read_sequence[0]); 1201 seq = &(ssl->s3->internal->read_sequence[0]);
1202 hash = ssl->internal->read_hash; 1202 hash = ssl->read_hash;
1203 } 1203 }
1204 1204
1205 t = EVP_MD_CTX_size(hash); 1205 t = EVP_MD_CTX_size(hash);
@@ -1232,7 +1232,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
1232 header[12] = (rec->length) & 0xff; 1232 header[12] = (rec->length) & 0xff;
1233 1233
1234 if (!send && 1234 if (!send &&
1235 EVP_CIPHER_CTX_mode(ssl->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE && 1235 EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
1236 ssl3_cbc_record_digest_supported(mac_ctx)) { 1236 ssl3_cbc_record_digest_supported(mac_ctx)) {
1237 /* This is a CBC-encrypted record. We must avoid leaking any 1237 /* This is a CBC-encrypted record. We must avoid leaking any
1238 * timing-side channel information about how many blocks of 1238 * timing-side channel information about how many blocks of
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 13:10:44 +0000