summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjsing <jsing@openbsd.org>2020-10-14 16:57:33 +0000
committerjsing <jsing@openbsd.org>2020-10-14 16:57:33 +0000
commit9e65926101543570e7b5b1026dff8b9c0979738e (patch)
tree265076a6dd92ee9a38d02998b92b277f41f9c3f9
parentProvide SSL_is_dtls(). (diff)
downloadwireguard-openbsd-9e65926101543570e7b5b1026dff8b9c0979738e.tar.xz
wireguard-openbsd-9e65926101543570e7b5b1026dff8b9c0979738e.zip
Replace SSL_IS_DTLS with SSL_is_dtls().
Garbage collect the now unused SSL_IS_DTLS macro. ok tb@
Diffstat
-rw-r--r--lib/libssl/s3_lib.c10
-rw-r--r--lib/libssl/ssl_both.c10
-rw-r--r--lib/libssl/ssl_clnt.c50
-rw-r--r--lib/libssl/ssl_lib.c6
-rw-r--r--lib/libssl/ssl_locl.h6
-rw-r--r--lib/libssl/ssl_packet.c4
-rw-r--r--lib/libssl/ssl_pkt.c12
-rw-r--r--lib/libssl/ssl_srvr.c52
-rw-r--r--lib/libssl/ssl_tlsext.c22
-rw-r--r--lib/libssl/ssl_versions.c8
-rw-r--r--lib/libssl/t1_enc.c8
11 files changed, 92 insertions, 96 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 3bd7d65522d..0d10fdfe637 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.200 2020/10/11 12:45:51 guenther Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.201 2020/10/14 16:57:33 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1447,7 +1447,7 @@ ssl3_pending(const SSL *s)
int
ssl3_handshake_msg_hdr_len(SSL *s)
{
- return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
+ return (SSL_is_dtls(s) ? DTLS1_HM_HEADER_LENGTH :
SSL3_HM_HEADER_LENGTH);
}
@@ -1460,7 +1460,7 @@ ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body, uint8_t msg_type)
goto err;
if (!CBB_add_u8(handshake, msg_type))
goto err;
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
unsigned char *data;
if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH -
@@ -1497,7 +1497,7 @@ ssl3_handshake_msg_finish(SSL *s, CBB *handshake)
s->internal->init_num = (int)outlen;
s->internal->init_off = 0;
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
unsigned long len;
uint8_t msg_type;
CBS cbs;
@@ -1529,7 +1529,7 @@ ssl3_handshake_write(SSL *s)
int
ssl3_record_write(SSL *s, int type)
{
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
return dtls1_do_write(s, type);
return ssl3_do_write(s, type);
diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index 5da450b5cec..081b374396b 100644
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.20 2020/09/24 18:12:00 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.21 2020/10/14 16:57:33 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -331,7 +331,7 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b)
s->internal->init_num = (int)outlen;
s->internal->init_off = 0;
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
D1I(s)->handshake_write_seq =
D1I(s)->next_handshake_write_seq;
dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
@@ -447,7 +447,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
CBS cbs;
uint8_t u8;
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
return (dtls1_get_message(s, st1, stn, mt, max, ok));
if (S3I(s)->tmp.reuse_message) {
@@ -702,7 +702,7 @@ ssl3_setup_read_buffer(SSL *s)
unsigned char *p;
size_t len, align, headerlen;
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
headerlen = DTLS1_RT_HEADER_LENGTH;
else
headerlen = SSL3_RT_HEADER_LENGTH;
@@ -732,7 +732,7 @@ ssl3_setup_write_buffer(SSL *s)
unsigned char *p;
size_t len, align, headerlen;
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
headerlen = DTLS1_RT_HEADER_LENGTH + 1;
else
headerlen = SSL3_RT_HEADER_LENGTH;
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 88b82c44004..4a6e8b06a8a 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.75 2020/10/11 02:22:27 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.76 2020/10/14 16:57:33 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -212,7 +212,7 @@ ssl3_connect(SSL *s)
if (cb != NULL)
cb(s, SSL_CB_HANDSHAKE_START, 1);
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
ret = -1;
@@ -253,7 +253,7 @@ ssl3_connect(SSL *s)
s->ctx->internal->stats.sess_connect++;
s->internal->init_num = 0;
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
/* mark client_random uninitialized */
memset(s->s3->client_random, 0,
sizeof(s->s3->client_random));
@@ -266,7 +266,7 @@ ssl3_connect(SSL *s)
case SSL3_ST_CW_CLNT_HELLO_B:
s->internal->shutdown = 0;
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
/* every DTLS ClientHello resets Finished MAC */
tls1_transcript_reset(s);
@@ -277,7 +277,7 @@ ssl3_connect(SSL *s)
if (ret <= 0)
goto end;
- if (SSL_IS_DTLS(s) && D1I(s)->send_cookie) {
+ if (SSL_is_dtls(s) && D1I(s)->send_cookie) {
S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A;
} else
@@ -299,7 +299,7 @@ ssl3_connect(SSL *s)
if (s->internal->hit) {
S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
- if (!SSL_IS_DTLS(s)) {
+ if (!SSL_is_dtls(s)) {
if (s->internal->tlsext_ticket_expected) {
/* receive renewed session ticket */
S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
@@ -308,7 +308,7 @@ ssl3_connect(SSL *s)
/* No client certificate verification. */
tls1_transcript_free(s);
}
- } else if (SSL_IS_DTLS(s)) {
+ } else if (SSL_is_dtls(s)) {
S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
} else {
S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
@@ -392,7 +392,7 @@ ssl3_connect(SSL *s)
ret = ssl3_get_server_done(s);
if (ret <= 0)
goto end;
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_stop_timer(s);
if (S3I(s)->tmp.cert_req)
S3I(s)->hs.state = SSL3_ST_CW_CERT_A;
@@ -406,7 +406,7 @@ ssl3_connect(SSL *s)
case SSL3_ST_CW_CERT_B:
case SSL3_ST_CW_CERT_C:
case SSL3_ST_CW_CERT_D:
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_start_timer(s);
ret = ssl3_send_client_certificate(s);
if (ret <= 0)
@@ -417,7 +417,7 @@ ssl3_connect(SSL *s)
case SSL3_ST_CW_KEY_EXCH_A:
case SSL3_ST_CW_KEY_EXCH_B:
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_start_timer(s);
ret = ssl3_send_client_key_exchange(s);
if (ret <= 0)
@@ -444,7 +444,7 @@ ssl3_connect(SSL *s)
S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
S3I(s)->change_cipher_spec = 0;
}
- if (!SSL_IS_DTLS(s)) {
+ if (!SSL_is_dtls(s)) {
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
S3I(s)->change_cipher_spec = 0;
@@ -456,7 +456,7 @@ ssl3_connect(SSL *s)
case SSL3_ST_CW_CERT_VRFY_A:
case SSL3_ST_CW_CERT_VRFY_B:
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_start_timer(s);
ret = ssl3_send_client_verify(s);
if (ret <= 0)
@@ -468,7 +468,7 @@ ssl3_connect(SSL *s)
case SSL3_ST_CW_CHANGE_A:
case SSL3_ST_CW_CHANGE_B:
- if (SSL_IS_DTLS(s) && !s->internal->hit)
+ if (SSL_is_dtls(s) && !s->internal->hit)
dtls1_start_timer(s);
ret = ssl3_send_change_cipher_spec(s,
SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
@@ -490,21 +490,21 @@ ssl3_connect(SSL *s)
goto end;
}
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
break;
case SSL3_ST_CW_FINISHED_A:
case SSL3_ST_CW_FINISHED_B:
- if (SSL_IS_DTLS(s) && !s->internal->hit)
+ if (SSL_is_dtls(s) && !s->internal->hit)
dtls1_start_timer(s);
ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
SSL3_ST_CW_FINISHED_B, TLS_MD_CLIENT_FINISH_CONST,
TLS_MD_CLIENT_FINISH_CONST_SIZE);
if (ret <= 0)
goto end;
- if (!SSL_IS_DTLS(s))
+ if (!SSL_is_dtls(s))
s->s3->flags |= SSL3_FLAGS_CCS_OK;
S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
@@ -543,7 +543,7 @@ ssl3_connect(SSL *s)
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
D1I(s)->change_cipher_spec_ok = 1;
else
s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -551,7 +551,7 @@ ssl3_connect(SSL *s)
SSL3_ST_CR_FINISHED_B);
if (ret <= 0)
goto end;
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_stop_timer(s);
if (s->internal->hit)
@@ -564,7 +564,7 @@ ssl3_connect(SSL *s)
case SSL3_ST_CW_FLUSH:
s->internal->rwstate = SSL_WRITING;
if (BIO_flush(s->wbio) <= 0) {
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
/* If the write error was fatal, stop trying */
if (!BIO_should_retry(s->wbio)) {
s->internal->rwstate = SSL_NOTHING;
@@ -588,7 +588,7 @@ ssl3_connect(SSL *s)
goto end;
}
- if (!SSL_IS_DTLS(s))
+ if (!SSL_is_dtls(s))
ssl3_release_init_buffer(s);
ssl_free_wbio_buffer(s);
@@ -609,7 +609,7 @@ ssl3_connect(SSL *s)
if (cb != NULL)
cb(s, SSL_CB_HANDSHAKE_DONE, 1);
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
/* done with handshaking */
D1I(s)->handshake_read_seq = 0;
D1I(s)->next_handshake_write_seq = 0;
@@ -683,7 +683,7 @@ ssl3_send_client_hello(SSL *s)
* HelloVerifyRequest, we must retain the original client
* random value.
*/
- if (!SSL_IS_DTLS(s) || D1I(s)->send_cookie == 0)
+ if (!SSL_is_dtls(s) || D1I(s)->send_cookie == 0)
arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
if (!ssl3_handshake_msg_start(s, &cbb, &client_hello,
@@ -744,7 +744,7 @@ ssl3_send_client_hello(SSL *s)
}
/* DTLS Cookie. */
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
@@ -875,7 +875,7 @@ ssl3_get_server_hello(SSL *s)
CBS_init(&cbs, s->internal->init_msg, n);
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
if (D1I(s)->send_cookie == 0) {
S3I(s)->tmp.reuse_message = 1;
@@ -926,7 +926,7 @@ ssl3_get_server_hello(SSL *s)
if (!ssl_downgrade_max_version(s, &max_version))
goto err;
- if (!SSL_IS_DTLS(s) && max_version >= TLS1_2_VERSION &&
+ if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION &&
s->version < max_version) {
/*
* RFC 8446 section 4.1.3. We must not downgrade if the server
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 399af7c769d..d92ccd80291 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.236 2020/10/14 16:49:57 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.237 2020/10/14 16:57:33 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1151,7 +1151,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
if (larg < (long)dtls1_min_mtu())
return (0);
#endif
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
D1I(s)->mtu = larg;
return (larg);
}
@@ -1166,7 +1166,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
return (S3I(s)->send_connection_binding);
else return (0);
default:
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
return dtls1_ctrl(s, cmd, larg, parg);
return ssl3_ctrl(s, cmd, larg, parg);
}
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 12838bf2945..9c8310b83cf 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.305 2020/10/14 16:44:15 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.306 2020/10/14 16:57:33 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -313,10 +313,6 @@ __BEGIN_HIDDEN_DECLS
*/
#define SSL_C_PKEYLENGTH(c) 1024
-/* Check if an SSL structure is using DTLS. */
-#define SSL_IS_DTLS(s) \
- (s->method->internal->dtls)
-
/* See if we use signature algorithms extension. */
#define SSL_USE_SIGALGS(s) \
(s->method->internal->enc_flags & SSL_ENC_FLAG_SIGALGS)
diff --git a/lib/libssl/ssl_packet.c b/lib/libssl/ssl_packet.c
index d8fb409d81f..fc1c3c07de7 100644
--- a/lib/libssl/ssl_packet.c
+++ b/lib/libssl/ssl_packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_packet.c,v 1.8 2018/11/08 22:28:52 jsing Exp $ */
+/* $OpenBSD: ssl_packet.c,v 1.9 2020/10/14 16:57:33 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
@@ -238,7 +238,7 @@ ssl_server_legacy_first_packet(SSL *s)
const char *data;
CBS header;
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
return 1;
CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH);
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c
index 02a476ea82b..4cc1914ecd9 100644
--- a/lib/libssl/ssl_pkt.c
+++ b/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.32 2020/10/03 17:35:16 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.33 2020/10/14 16:57:33 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -194,7 +194,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
/* For DTLS/UDP reads should not span multiple packets
* because the read operation returns the whole packet
* at once (as long as it fits into the buffer). */
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
if (left > 0 && n > left)
n = left;
}
@@ -254,7 +254,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
if (i <= 0) {
rb->left = left;
if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&
- !SSL_IS_DTLS(s)) {
+ !SSL_is_dtls(s)) {
if (len + left == 0)
ssl3_release_read_buffer(s);
}
@@ -267,7 +267,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
* the underlying transport protocol is message oriented as
* opposed to byte oriented as in the TLS case.
*/
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
if (n > left)
n = left; /* makes the while condition false */
}
@@ -655,7 +655,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
wb->left = 0;
wb->offset += i;
if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&
- !SSL_IS_DTLS(s))
+ !SSL_is_dtls(s))
ssl3_release_write_buffer(s);
s->internal->rwstate = SSL_NOTHING;
return (S3I(s)->wpend_ret);
@@ -664,7 +664,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
* For DTLS, just drop it. That's kind of the
* whole point in using a datagram service.
*/
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
wb->left = 0;
return (i);
}
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 3b848f4b402..ac3669550ce 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.87 2020/10/11 02:22:27 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.88 2020/10/14 16:57:33 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -186,7 +186,7 @@ ssl3_accept(SSL *s)
else if (s->ctx->internal->info_callback != NULL)
cb = s->ctx->internal->info_callback;
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
listen = D1I(s)->listen;
/* init things to blank */
@@ -194,7 +194,7 @@ ssl3_accept(SSL *s)
if (!SSL_in_init(s) || SSL_in_before(s))
SSL_clear(s);
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
D1I(s)->listen = listen;
for (;;) {
@@ -213,7 +213,7 @@ ssl3_accept(SSL *s)
if (cb != NULL)
cb(s, SSL_CB_HANDSHAKE_START, 1);
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
ret = -1;
@@ -257,7 +257,7 @@ ssl3_accept(SSL *s)
S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->internal->stats.sess_accept++;
- } else if (!SSL_IS_DTLS(s) && !S3I(s)->send_connection_binding) {
+ } else if (!SSL_is_dtls(s) && !S3I(s)->send_connection_binding) {
/*
* Server attempting to renegotiate with
* client that doesn't support secure
@@ -281,14 +281,14 @@ ssl3_accept(SSL *s)
case SSL3_ST_SW_HELLO_REQ_A:
case SSL3_ST_SW_HELLO_REQ_B:
s->internal->shutdown = 0;
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
dtls1_clear_record_buffer(s);
dtls1_start_timer(s);
}
ret = ssl3_send_hello_request(s);
if (ret <= 0)
goto end;
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
else
S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;
@@ -309,7 +309,7 @@ ssl3_accept(SSL *s)
case SSL3_ST_SR_CLNT_HELLO_B:
case SSL3_ST_SR_CLNT_HELLO_C:
s->internal->shutdown = 0;
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
ret = ssl3_get_client_hello(s);
if (ret <= 0)
goto end;
@@ -373,7 +373,7 @@ ssl3_accept(SSL *s)
case SSL3_ST_SW_SRVR_HELLO_A:
case SSL3_ST_SW_SRVR_HELLO_B:
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
s->internal->renegotiate = 2;
dtls1_start_timer(s);
}
@@ -396,7 +396,7 @@ ssl3_accept(SSL *s)
/* Check if it is anon DH or anon ECDH. */
if (!(S3I(s)->hs.new_cipher->algorithm_auth &
SSL_aNULL)) {
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_start_timer(s);
ret = ssl3_send_server_certificate(s);
if (ret <= 0)
@@ -425,7 +425,7 @@ ssl3_accept(SSL *s)
* public key for key exchange.
*/
if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_start_timer(s);
ret = ssl3_send_server_key_exchange(s);
if (ret <= 0)
@@ -467,11 +467,11 @@ ssl3_accept(SSL *s)
S3I(s)->tmp.cert_request = 0;
S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
- if (!SSL_IS_DTLS(s))
+ if (!SSL_is_dtls(s))
tls1_transcript_free(s);
} else {
S3I(s)->tmp.cert_request = 1;
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_start_timer(s);
ret = ssl3_send_certificate_request(s);
if (ret <= 0)
@@ -483,7 +483,7 @@ ssl3_accept(SSL *s)
case SSL3_ST_SW_SRVR_DONE_A:
case SSL3_ST_SW_SRVR_DONE_B:
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_start_timer(s);
ret = ssl3_send_server_done(s);
if (ret <= 0)
@@ -506,7 +506,7 @@ ssl3_accept(SSL *s)
*/
s->internal->rwstate = SSL_WRITING;
if (BIO_flush(s->wbio) <= 0) {
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
/* If the write error was fatal, stop trying. */
if (!BIO_should_retry(s->wbio)) {
s->internal->rwstate = SSL_NOTHING;
@@ -537,7 +537,7 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
}
@@ -587,7 +587,7 @@ ssl3_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
D1I(s)->change_cipher_spec_ok = 1;
else
s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -602,7 +602,7 @@ ssl3_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
D1I(s)->change_cipher_spec_ok = 1;
else
s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -610,7 +610,7 @@ ssl3_accept(SSL *s)
SSL3_ST_SR_FINISHED_B);
if (ret <= 0)
goto end;
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_stop_timer(s);
if (s->internal->hit)
S3I(s)->hs.state = SSL_ST_OK;
@@ -660,7 +660,7 @@ ssl3_accept(SSL *s)
goto end;
}
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
break;
@@ -691,7 +691,7 @@ ssl3_accept(SSL *s)
goto end;
}
- if (!SSL_IS_DTLS(s))
+ if (!SSL_is_dtls(s))
ssl3_release_init_buffer(s);
/* remove buffering on output */
@@ -716,7 +716,7 @@ ssl3_accept(SSL *s)
ret = 1;
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
/* Done handshaking, next message is client hello. */
D1I(s)->handshake_read_seq = 0;
/* Next message is server hello. */
@@ -837,7 +837,7 @@ ssl3_get_client_hello(SSL *s)
SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
goto f_err;
}
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
if (!CBS_get_u8_length_prefixed(&cbs, &cookie))
goto truncated;
}
@@ -879,7 +879,7 @@ ssl3_get_client_hello(SSL *s)
* one, just return since we do not want to allocate any memory yet.
* So check cookie length...
*/
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
if (CBS_len(&cookie) == 0)
return (1);
@@ -928,7 +928,7 @@ ssl3_get_client_hello(SSL *s)
}
}
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
/*
* The ClientHello may contain a cookie even if the HelloVerify
* message has not been sent - make sure that it does not cause
@@ -1045,7 +1045,7 @@ ssl3_get_client_hello(SSL *s)
*/
arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
- if (!SSL_IS_DTLS(s) && max_version >= TLS1_2_VERSION &&
+ if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION &&
s->version < max_version) {
/*
* RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index 17671049637..e12820ba624 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.84 2020/10/11 01:16:31 guenther Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.85 2020/10/14 16:57:33 jsing Exp $ */
/*
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -854,7 +854,7 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type)
{
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
return 0;
if (msg_type != SSL_TLSEXT_MSG_CH)
return 0;
@@ -1204,7 +1204,7 @@ tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
int
tlsext_srtp_client_needs(SSL *s, uint16_t msg_type)
{
- return SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) != NULL;
+ return SSL_is_dtls(s) && SSL_get_srtp_profiles(s) != NULL;
}
int
@@ -1327,7 +1327,7 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_srtp_server_needs(SSL *s, uint16_t msg_type)
{
- return SSL_IS_DTLS(s) && SSL_get_selected_srtp_profile(s) != NULL;
+ return SSL_is_dtls(s) && SSL_get_selected_srtp_profile(s) != NULL;
}
int
@@ -1414,7 +1414,7 @@ tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type)
/* XXX once this gets initialized when we get tls13_client.c */
if (S3I(s)->hs_tls13.max_version == 0)
return 0;
- return (!SSL_IS_DTLS(s) && S3I(s)->hs_tls13.max_version >=
+ return (!SSL_is_dtls(s) && S3I(s)->hs_tls13.max_version >=
TLS1_3_VERSION);
}
@@ -1490,7 +1490,7 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type)
{
- if (SSL_IS_DTLS(s) || s->version < TLS1_3_VERSION)
+ if (SSL_is_dtls(s) || s->version < TLS1_3_VERSION)
return 0;
return tlsext_extension_seen(s, TLSEXT_TYPE_key_share);
@@ -1555,7 +1555,7 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_versions_client_needs(SSL *s, uint16_t msg_type)
{
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
return 0;
return (S3I(s)->hs_tls13.max_version >= TLS1_3_VERSION);
}
@@ -1638,7 +1638,7 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_versions_server_needs(SSL *s, uint16_t msg_type)
{
- return (!SSL_IS_DTLS(s) && s->version >= TLS1_3_VERSION);
+ return (!SSL_is_dtls(s) && s->version >= TLS1_3_VERSION);
}
int
@@ -1680,7 +1680,7 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_cookie_client_needs(SSL *s, uint16_t msg_type)
{
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
return 0;
if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION)
return 0;
@@ -1740,7 +1740,7 @@ int
tlsext_cookie_server_needs(SSL *s, uint16_t msg_type)
{
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
return 0;
if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION)
return 0;
@@ -2148,7 +2148,7 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert)
CBS_len(&extension_data),
s->internal->tlsext_debug_arg);
- if (!SSL_IS_DTLS(s) && version >= TLS1_3_VERSION && is_server &&
+ if (!SSL_is_dtls(s) && version >= TLS1_3_VERSION && is_server &&
msg_type == SSL_TLSEXT_MSG_CH) {
if (!tlsext_clienthello_hash_extension(s, type,
&extension_data))
diff --git a/lib/libssl/ssl_versions.c b/lib/libssl/ssl_versions.c
index b21fa7198c6..99f538b9379 100644
--- a/lib/libssl/ssl_versions.c
+++ b/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.6 2020/05/31 18:03:32 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.7 2020/10/14 16:57:33 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
@@ -137,7 +137,7 @@ ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
uint16_t min_version, max_version;
/* DTLS cannot currently be disabled... */
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
min_version = max_version = DTLS1_VERSION;
goto done;
}
@@ -167,7 +167,7 @@ ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver)
*max_ver = 0;
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
if (peer_ver >= DTLS1_VERSION) {
*max_ver = DTLS1_VERSION;
return 1;
@@ -214,7 +214,7 @@ ssl_downgrade_max_version(SSL *s, uint16_t *max_ver)
* context.
*/
- if (SSL_IS_DTLS(s)) {
+ if (SSL_is_dtls(s)) {
*max_ver = DTLS1_VERSION;
return 1;
}
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index debbf286f6f..c5ff2c24354 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.125 2020/10/07 08:43:34 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.126 2020/10/14 16:57:33 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -342,7 +342,7 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
SSL_AEAD_CTX *aead_ctx;
/* XXX - Need to avoid clearing write state for DTLS. */
- if (SSL_IS_DTLS(s))
+ if (SSL_is_dtls(s))
return 0;
if (is_read) {
@@ -447,7 +447,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read,
* contexts that are used for DTLS - these are instead freed
* by DTLS when its frees a ChangeCipherSpec fragment.
*/
- if (!SSL_IS_DTLS(s))
+ if (!SSL_is_dtls(s))
ssl_clear_cipher_write_state(s);
if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
@@ -524,7 +524,7 @@ tls1_change_cipher_state(SSL *s, int which)
* Reset sequence number to zero - for DTLS this is handled in
* dtls1_reset_seq_numbers().
*/
- if (!SSL_IS_DTLS(s)) {
+ if (!SSL_is_dtls(s)) {
seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence;
memset(seq, 0, SSL3_SEQUENCE_SIZE);
}
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.