src - OpenBSD base system

diff options


context:
space:
mode:

author	Bob Beck <beck@cvs.openbsd.org>	2017-01-23 08:08:07 +0000
committer	Bob Beck <beck@cvs.openbsd.org>	2017-01-23 08:08:07 +0000
commit	cfa23bb4d90b96c395d2b54f726e1d997f032d8a (patch)
tree	59dbdc36a2fbc938a5c62fc10ac74e05fb28912c /lib/libssl
parent	1b85daa0dc93fda98db66bc76ebe220b2736cd3b (diff)

move back read_hash and enc_read_ctx into ssl_st. wpa_supplicant and

other perversions touches them sickly and unnaturally.

Diffstat (limited to 'lib/libssl')

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

lib/libssl/ssl_locl.h

-rw-r--r--

lib/libssl/t1_enc.c

8 files changed, 57 insertions, 52 deletions

diff --git a/lib/libssl/d1_enc.c b/lib/libssl/d1_enc.c
index 0e49fb6df23..20686d29631 100644
--- a/lib/libssl/d1_enc.c
+++ b/lib/libssl/d1_enc.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: d1_enc.c,v 1.13 2017/01/23 06:45:30 beck Exp $ */

+/* $OpenBSD: d1_enc.c,v 1.14 2017/01/23 08:08:06 beck Exp $ */

* DTLS implementation written by Nagendra Modadugu

* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

@@ -162,16 +162,16 @@ dtls1_enc(SSL *s, int send)

}

} else {

- if (EVP_MD_CTX_md(s->internal->read_hash)) {

- mac_size = EVP_MD_CTX_size(s->internal->read_hash);

+ if (EVP_MD_CTX_md(s->read_hash)) {

+ mac_size = EVP_MD_CTX_size(s->read_hash);

OPENSSL_assert(mac_size >= 0);

}

- ds = s->internal->enc_read_ctx;

+ ds = s->enc_read_ctx;

rec = &(S3I(s)->rrec);

- if (s->internal->enc_read_ctx == NULL)

+ if (s->enc_read_ctx == NULL)

enc = NULL;

else

- enc = EVP_CIPHER_CTX_cipher(s->internal->enc_read_ctx);

+ enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);

}

diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index 34e6d58c002..2768d7ed9cf 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: d1_pkt.c,v 1.54 2017/01/23 06:45:30 beck Exp $ */

+/* $OpenBSD: d1_pkt.c,v 1.55 2017/01/23 08:08:06 beck Exp $ */

* DTLS implementation written by Nagendra Modadugu

* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

@@ -375,12 +375,12 @@ dtls1_process_record(SSL *s)

/* r->length is now the compressed data plus mac */

- if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) &&

- (EVP_MD_CTX_md(s->internal->read_hash) != NULL)) {

- /* s->internal->read_hash != NULL => mac_size != -1 */

+ if ((sess != NULL) && (s->enc_read_ctx != NULL) &&

+ (EVP_MD_CTX_md(s->read_hash) != NULL)) {

+ /* s->read_hash != NULL => mac_size != -1 */

unsigned char *mac = NULL;

unsigned char mac_tmp[EVP_MAX_MD_SIZE];

- mac_size = EVP_MD_CTX_size(s->internal->read_hash);

+ mac_size = EVP_MD_CTX_size(s->read_hash);

OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);

/* kludge: *_cbc_remove_padding passes padding length in rr->type */

@@ -393,14 +393,14 @@ dtls1_process_record(SSL *s)

if (orig_len < mac_size ||

/* CBC records must have a padding length byte too. */

- (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

+ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

orig_len < mac_size + 1)) {

al = SSL_AD_DECODE_ERROR;

SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);

goto f_err;

}

- if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) {

+ if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {

/* We update the length so that the TLS header bytes

* can be constructed correctly but we need to extract

* the MAC in constant time from within the record,

@@ -759,7 +759,7 @@ start:

/* make sure that we are not getting application data when we

* are doing a handshake for the first time */

if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&

- (s->internal->enc_read_ctx == NULL)) {

+ (s->enc_read_ctx == NULL)) {

al = SSL_AD_UNEXPECTED_MESSAGE;

SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);

goto f_err;

diff --git a/lib/libssl/s3_cbc.c b/lib/libssl/s3_cbc.c
index 10b6ddde0f7..8c910c5f86b 100644
--- a/lib/libssl/s3_cbc.c
+++ b/lib/libssl/s3_cbc.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_cbc.c,v 1.15 2017/01/23 06:45:30 beck Exp $ */

+/* $OpenBSD: s3_cbc.c,v 1.16 2017/01/23 08:08:06 beck Exp $ */

/* ====================================================================

@@ -135,7 +135,7 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,

padding_length = rec->data[rec->length - 1];

- if (EVP_CIPHER_flags(s->internal->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {

+ if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {

/* padding is already verified */

rec->length -= padding_length + 1;

return 1;

diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c
index 458a355692b..3fb5168d165 100644
--- a/lib/libssl/s3_pkt.c
+++ b/lib/libssl/s3_pkt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_pkt.c,v 1.64 2017/01/23 06:45:30 beck Exp $ */

+/* $OpenBSD: s3_pkt.c,v 1.65 2017/01/23 08:08:06 beck Exp $ */

@@ -395,13 +395,13 @@ again:

/* r->length is now the compressed data plus mac */

- if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) &&

- (EVP_MD_CTX_md(s->internal->read_hash) != NULL)) {

- /* s->internal->read_hash != NULL => mac_size != -1 */

+ if ((sess != NULL) && (s->enc_read_ctx != NULL) &&

+ (EVP_MD_CTX_md(s->read_hash) != NULL)) {

+ /* s->read_hash != NULL => mac_size != -1 */

unsigned char *mac = NULL;

unsigned char mac_tmp[EVP_MAX_MD_SIZE];

- mac_size = EVP_MD_CTX_size(s->internal->read_hash);

+ mac_size = EVP_MD_CTX_size(s->read_hash);

OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);

/* kludge: *_cbc_remove_padding passes padding length in rr->type */

@@ -414,14 +414,14 @@ again:

if (orig_len < mac_size ||

/* CBC records must have a padding length byte too. */

- (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

+ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

orig_len < mac_size + 1)) {

al = SSL_AD_DECODE_ERROR;

SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);

goto f_err;

}

- if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) {

+ if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {

/* We update the length so that the TLS header bytes

* can be constructed correctly but we need to extract

* the MAC in constant time from within the record,

@@ -960,7 +960,7 @@ start:

/* make sure that we are not getting application data when we

* are doing a handshake for the first time */

if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&

- (s->internal->enc_read_ctx == NULL)) {

+ (s->enc_read_ctx == NULL)) {

al = SSL_AD_UNEXPECTED_MESSAGE;

SSLerr(SSL_F_SSL3_READ_BYTES,

SSL_R_APP_DATA_IN_HANDSHAKE);

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 4069fcd024a..678246b23e4 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl.h,v 1.114 2017/01/23 06:45:30 beck Exp $ */

+/* $OpenBSD: ssl.h,v 1.115 2017/01/23 08:08:06 beck Exp $ */

@@ -894,6 +894,14 @@ struct ssl_st {

SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */

#define session_ctx initial_ctx

+ /*

+ * XXX really should be internal, but is

+ * touched unnaturally by wpa-supplicant

+ * and freeradius and other perversions

+ */

+ EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */

+ EVP_MD_CTX *read_hash; /* used for mac generation */

struct ssl_internal_st *internal;

};

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index c29d6225df6..5839bd80487 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_lib.c,v 1.135 2017/01/23 06:45:30 beck Exp $ */

+/* $OpenBSD: ssl_lib.c,v 1.136 2017/01/23 08:08:06 beck Exp $ */

@@ -221,7 +221,7 @@ SSL_clear(SSL *s)

s->internal->init_buf = NULL;

ssl_clear_cipher_ctx(s);

- ssl_clear_hash_ctx(&s->internal->read_hash);

+ ssl_clear_hash_ctx(&s->read_hash);

ssl_clear_hash_ctx(&s->internal->write_hash);

s->internal->first_packet = 0;

@@ -528,7 +528,7 @@ SSL_free(SSL *s)

}

ssl_clear_cipher_ctx(s);

- ssl_clear_hash_ctx(&s->internal->read_hash);

+ ssl_clear_hash_ctx(&s->read_hash);

ssl_clear_hash_ctx(&s->internal->write_hash);

if (s->cert != NULL)

@@ -2434,7 +2434,7 @@ SSL_set_accept_state(SSL *s)

s->internal->handshake_func = s->method->ssl_accept;

/* clear the current cipher */

ssl_clear_cipher_ctx(s);

- ssl_clear_hash_ctx(&s->internal->read_hash);

+ ssl_clear_hash_ctx(&s->read_hash);

ssl_clear_hash_ctx(&s->internal->write_hash);

}

@@ -2447,7 +2447,7 @@ SSL_set_connect_state(SSL *s)

s->internal->handshake_func = s->method->ssl_connect;

/* clear the current cipher */

ssl_clear_cipher_ctx(s);

- ssl_clear_hash_ctx(&s->internal->read_hash);

+ ssl_clear_hash_ctx(&s->read_hash);

ssl_clear_hash_ctx(&s->internal->write_hash);

}

@@ -2732,8 +2732,8 @@ err:

void

ssl_clear_cipher_ctx(SSL *s)

{

- EVP_CIPHER_CTX_free(s->internal->enc_read_ctx);

- s->internal->enc_read_ctx = NULL;

+ EVP_CIPHER_CTX_free(s->enc_read_ctx);

+ s->enc_read_ctx = NULL;

EVP_CIPHER_CTX_free(s->internal->enc_write_ctx);

s->internal->enc_write_ctx = NULL;

diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index d8818e18509..6da2ce3fab0 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_locl.h,v 1.158 2017/01/23 06:45:30 beck Exp $ */

+/* $OpenBSD: ssl_locl.h,v 1.159 2017/01/23 08:08:06 beck Exp $ */

@@ -670,9 +670,6 @@ typedef struct ssl_internal_st {

enc_read_ctx and read_hash are

ignored. */

- EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */

- EVP_MD_CTX *read_hash; /* used for mac generation */

SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then

enc_write_ctx and write_hash are

ignored. */

diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index 4b337a4706e..2100faac225 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: t1_enc.c,v 1.90 2017/01/23 06:45:30 beck Exp $ */

+/* $OpenBSD: t1_enc.c,v 1.91 2017/01/23 08:08:06 beck Exp $ */

@@ -536,17 +536,17 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,

else

s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;

- EVP_CIPHER_CTX_free(s->internal->enc_read_ctx);

- s->internal->enc_read_ctx = NULL;

- EVP_MD_CTX_destroy(s->internal->read_hash);

- s->internal->read_hash = NULL;

+ EVP_CIPHER_CTX_free(s->enc_read_ctx);

+ s->enc_read_ctx = NULL;

+ EVP_MD_CTX_destroy(s->read_hash);

+ s->read_hash = NULL;

if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)

goto err;

- s->internal->enc_read_ctx = cipher_ctx;

+ s->enc_read_ctx = cipher_ctx;

if ((mac_ctx = EVP_MD_CTX_create()) == NULL)

goto err;

- s->internal->read_hash = mac_ctx;

+ s->read_hash = mac_ctx;

} else {

if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)

s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;

@@ -1016,15 +1016,15 @@ tls1_enc(SSL *s, int send)

}

} else {

- if (EVP_MD_CTX_md(s->internal->read_hash)) {

- int n = EVP_MD_CTX_size(s->internal->read_hash);

+ if (EVP_MD_CTX_md(s->read_hash)) {

+ int n = EVP_MD_CTX_size(s->read_hash);

OPENSSL_assert(n >= 0);

}

- ds = s->internal->enc_read_ctx;

- if (s->internal->enc_read_ctx == NULL)

+ ds = s->enc_read_ctx;

+ if (s->enc_read_ctx == NULL)

enc = NULL;

else

- enc = EVP_CIPHER_CTX_cipher(s->internal->enc_read_ctx);

+ enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);

}

if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {

@@ -1085,8 +1085,8 @@ tls1_enc(SSL *s, int send)

}

ret = 1;

- if (EVP_MD_CTX_md(s->internal->read_hash) != NULL)

- mac_size = EVP_MD_CTX_size(s->internal->read_hash);

+ if (EVP_MD_CTX_md(s->read_hash) != NULL)

+ mac_size = EVP_MD_CTX_size(s->read_hash);

if ((bs != 1) && !send)

ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);

if (pad && !send)

@@ -1199,7 +1199,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)

} else {

rec = &(ssl->s3->internal->rrec);

seq = &(ssl->s3->internal->read_sequence[0]);

- hash = ssl->internal->read_hash;

+ hash = ssl->read_hash;

}

t = EVP_MD_CTX_size(hash);

@@ -1232,7 +1232,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)

header[12] = (rec->length) & 0xff;

if (!send &&

- EVP_CIPHER_CTX_mode(ssl->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

+ EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&

ssl3_cbc_record_digest_supported(mac_ctx)) {

/* This is a CBC-encrypted record. We must avoid leaking any

* timing-side channel information about how many blocks of