Google Git
Sign in
android / platform / external / tlsdate / 58e367fd6501efc2f11adb0b44f1c7cde9b39c2a^1..58e367fd6501efc2f11adb0b44f1c7cde9b39c2a / .
commit58e367fd6501efc2f11adb0b44f1c7cde9b39c2a[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Oct 05 20:47:48 2016 +0000
committerandroid-build-merger <android-build-merger@google.com>Wed Oct 05 20:47:48 2016 +0000
tree7a5d901ceae854480658ef2cf630e24a39433608
parent5277834396f52a760bb237044d5539fc4aaa87bb [diff]
parent74ea02aa6618f6b317a5d7056ede68a48980e524 [diff]
Don't reach into BoringSSL structs. am: 5a3de7f113 am: cfb7a5c7aa
am: 74ea02aa66

Change-Id: Icd52bce4997ee577ef096b82cfdf3f479064b381

diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c
index d923efd..319497f 100644
--- a/src/tlsdate-helper.c
+++ b/src/tlsdate-helper.c

@@ -358,7 +358,8 @@
 openssl_time_callback (const SSL* ssl, int where, int ret)
 {
   if (where == SSL_CB_CONNECT_LOOP &&
-      (ssl->state == SSL3_ST_CR_SRVR_HELLO_A || ssl->state == SSL3_ST_CR_SRVR_HELLO_B))
+      (SSL_state(ssl) == SSL3_ST_CR_SRVR_HELLO_A ||
+       SSL_state(ssl) == SSL3_ST_CR_SRVR_HELLO_B))
   {
     // XXX TODO: If we want to trust the remote system for time,
     // can we just read that time out of the remote system and if the
@@ -371,7 +372,7 @@
     uint32_t max_reasonable_time = MAX_REASONABLE_TIME;
     uint32_t server_time;
     verb("V: freezing time for x509 verification");
-    memcpy(&server_time, ssl->s3->server_random, sizeof(uint32_t));
+    SSL_get_server_random(ssl, (unsigned char*)&server_time, sizeof(uint32_t));
     if (compiled_time < ntohl(server_time)
         &&
         ntohl(server_time) < max_reasonable_time)
@@ -379,7 +380,7 @@
       verb("V: remote peer provided: %d, preferred over compile time: %d",
             ntohl(server_time), compiled_time);
       verb("V: freezing time with X509_VERIFY_PARAM_set_time");
-      X509_VERIFY_PARAM_set_time(ssl->ctx->cert_store->param,
+      X509_VERIFY_PARAM_set_time(SSL_get0_param((SSL*)ssl),
                                  (time_t) ntohl(server_time) + 86400);
     } else {
       die("V: the remote server is a false ticker! server: %d compile: %d",
@@ -1189,7 +1190,7 @@
 
   // from /usr/include/openssl/ssl3.h
   //  ssl->s3->server_random is an unsigned char of 32 bits
-  memcpy(&result_time, ssl->s3->server_random, sizeof (uint32_t));
+  SSL_get_server_random(ssl, (unsigned char*)&result_time, sizeof(uint32_t));
   verb("V: In TLS response, T=%lu", (unsigned long)ntohl(result_time));
 
   if (http) {