size_t empty_record_count;
/* cryptographic state */
- EVP_CIPHER_CTX *enc_read_ctx;
+ EVP_CIPHER_CTX *enc_ctx;
/* used for mac generation */
- EVP_MD_CTX *read_hash;
+ EVP_MD_CTX *md_ctx;
+
/* uncompress */
COMP_CTX *expand;
return OSSL_RECORD_RETURN_FATAL;
}
- if ((rl->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+ if ((rl->enc_ctx = EVP_CIPHER_CTX_new()) == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
- ciph_ctx = rl->enc_read_ctx;
+ ciph_ctx = rl->enc_ctx;
- rl->read_hash = EVP_MD_CTX_new();
- if (rl->read_hash == NULL) {
+ rl->md_ctx = EVP_MD_CTX_new();
+ if (rl->md_ctx == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
*/
if (n_recs != 1)
return 0;
- if (sending) {
- ds = s->enc_write_ctx;
- if (s->enc_write_ctx == NULL)
- enc = NULL;
- else
- enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
- } else {
- ds = rl->enc_read_ctx;
- if (rl->enc_read_ctx == NULL)
- enc = NULL;
- else
- enc = EVP_CIPHER_CTX_get0_cipher(rl->enc_read_ctx);
- }
+
+ ds = rl->enc_ctx;
+ if (rl->enc_ctx == NULL)
+ enc = NULL;
+ else
+ enc = EVP_CIPHER_CTX_get0_cipher(rl->enc_ctx);
provided = (EVP_CIPHER_get0_provider(enc) != NULL);
size_t npad;
int t;
- if (sending) {
- mac_sec = &(ssl->s3.write_mac_secret[0]);
- hash = ssl->write_hash;
- } else {
- mac_sec = &(rl->mac_secret[0]);
- hash = rl->read_hash;
- }
+ mac_sec = &(rl->mac_secret[0]);
+ hash = rl->md_ctx;
t = EVP_MD_CTX_get_size(hash);
if (t < 0)
npad = (48 / md_size) * md_size;
if (!sending
- && EVP_CIPHER_CTX_get_mode(rl->enc_read_ctx) == EVP_CIPH_CBC_MODE
+ && EVP_CIPHER_CTX_get_mode(rl->enc_ctx) == EVP_CIPH_CBC_MODE
&& ssl3_cbc_record_digest_supported(hash)) {
#ifdef OPENSSL_NO_DEPRECATED_3_0
return 0;
}
memcpy(rl->iv, iv, ivlen);
- ciph_ctx = rl->enc_read_ctx = EVP_CIPHER_CTX_new();
+ ciph_ctx = rl->enc_ctx = EVP_CIPHER_CTX_new();
if (ciph_ctx == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
return 0;
}
- if (sending) {
- ctx = s->enc_write_ctx;
- staticiv = s->write_iv;
- } else {
- ctx = rl->enc_read_ctx;
- staticiv = rl->iv;
- }
+ ctx = rl->enc_ctx;
+ staticiv = rl->iv;
cipher = EVP_CIPHER_CTX_get0_cipher(ctx);
if (cipher == NULL) {
if (level != OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)
return OSSL_RECORD_RETURN_FATAL;
- if ((rl->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+ if ((rl->enc_ctx = EVP_CIPHER_CTX_new()) == NULL) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return OSSL_RECORD_RETURN_FATAL;
}
- ciph_ctx = rl->enc_read_ctx;
+ ciph_ctx = rl->enc_ctx;
- rl->read_hash = EVP_MD_CTX_new();
- if (rl->read_hash == NULL) {
+ rl->md_ctx = EVP_MD_CTX_new();
+ if (rl->md_ctx == NULL) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return OSSL_RECORD_RETURN_FATAL;
}
(int)mackeylen);
}
if (mac_key == NULL
- || EVP_DigestSignInit_ex(rl->read_hash, NULL, EVP_MD_get0_name(md),
+ || EVP_DigestSignInit_ex(rl->md_ctx, NULL, EVP_MD_get0_name(md),
rl->libctx, rl->propq, mac_key,
NULL) <= 0) {
EVP_PKEY_free(mac_key);
return 0;
}
- if (sending) {
- int ivlen;
- if (EVP_MD_CTX_get0_md(s->write_hash)) {
- int n = EVP_MD_CTX_get_size(s->write_hash);
- if (!ossl_assert(n >= 0)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
- }
- }
- ds = s->enc_write_ctx;
- if (!ossl_assert(s->enc_write_ctx)) {
+ if (EVP_MD_CTX_get0_md(rl->md_ctx)) {
+ int n = EVP_MD_CTX_get_size(rl->md_ctx);
+ if (!ossl_assert(n >= 0)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
+ }
+ ds = rl->enc_ctx;
+ if (!ossl_assert(rl->enc_ctx)) {
+ RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ enc = EVP_CIPHER_CTX_get0_cipher(rl->enc_ctx);
+
+ if (sending) {
+ int ivlen;
- enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
/* For TLSv1.1 and later explicit IV */
if (RLAYER_USE_EXPLICIT_IV(s)
&& EVP_CIPHER_get_mode(enc) == EVP_CIPH_CBC_MODE)
*/
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
- } else if (RAND_bytes_ex(sctx->libctx, recs[ctr].input,
- ivlen, 0) <= 0) {
+ } else if (RAND_bytes_ex(rl->libctx, recs[ctr].input,
+ ivlen, 0) <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
}
- } else {
- if (EVP_MD_CTX_get0_md(rl->read_hash)) {
- int n = EVP_MD_CTX_get_size(rl->read_hash);
- if (!ossl_assert(n >= 0)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
- }
- }
- ds = rl->enc_read_ctx;
- if (!ossl_assert(rl->enc_read_ctx)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- enc = EVP_CIPHER_CTX_get0_cipher(rl->enc_read_ctx);
}
-
if ((s->session == NULL) || (enc == NULL)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
int t;
int ret = 0;
- if (sending)
- hash = ssl->write_hash;
- else
- hash = rl->read_hash;
+ hash = rl->md_ctx;
t = EVP_MD_CTX_get_size(hash);
if (!ossl_assert(t >= 0))
header[12] = (unsigned char)(rec->length & 0xff);
if (!sending && !rl->use_etm
- && EVP_CIPHER_CTX_get_mode(rl->enc_read_ctx) == EVP_CIPH_CBC_MODE
+ && EVP_CIPHER_CTX_get_mode(rl->enc_ctx) == EVP_CIPH_CBC_MODE
&& ssl3_cbc_record_digest_supported(mac_ctx)) {
OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params;
} while (num_recs < max_recs
&& thisrr->type == SSL3_RT_APPLICATION_DATA
&& RLAYER_USE_EXPLICIT_IV(rl)
- && rl->enc_read_ctx != NULL
- && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl->enc_read_ctx))
+ && rl->enc_ctx != NULL
+ && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl->enc_ctx))
& EVP_CIPH_FLAG_PIPELINE) != 0
&& tls_record_app_data_waiting(rl));
return OSSL_RECORD_RETURN_SUCCESS;
}
- if (rl->read_hash != NULL) {
- const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(rl->read_hash);
+ if (rl->md_ctx != NULL) {
+ const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(rl->md_ctx);
if (tmpmd != NULL) {
imac_size = EVP_MD_get_size(tmpmd);
* If in encrypt-then-mac mode calculate mac from encrypted record. All
* the details below are public so no timing details can leak.
*/
- if (rl->use_etm && rl->read_hash) {
+ if (rl->use_etm && rl->md_ctx) {
unsigned char *mac;
for (j = 0; j < num_recs; j++) {
} OSSL_TRACE_END(TLS);
/* r->length is now the compressed data plus mac */
- if (rl->enc_read_ctx != NULL
+ if (rl->enc_ctx != NULL
&& !rl->use_etm
- && EVP_MD_CTX_get0_md(rl->read_hash) != NULL) {
- /* rl->read_hash != NULL => mac_size != -1 */
+ && EVP_MD_CTX_get0_md(rl->md_ctx) != NULL) {
+ /* rl->md_ctx != NULL => mac_size != -1 */
for (j = 0; j < num_recs; j++) {
SSL_MAC_BUF *thismb = &macbufs[j];
BIO_free(rl->next);
SSL3_BUFFER_release(&rl->rbuf);
- EVP_CIPHER_CTX_free(rl->enc_read_ctx);
- EVP_MD_CTX_free(rl->read_hash);
+ EVP_CIPHER_CTX_free(rl->enc_ctx);
+ EVP_MD_CTX_free(rl->md_ctx);
#ifndef OPENSSL_NO_COMP
COMP_CTX_free(rl->expand);
#endif