diff options
| author |   beck <beck@openbsd.org> | 2017-01-23 06:45:30 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2017-01-23 06:45:30 +0000 |
| commit | b084913af34130559f11bce93b5619f290347501 (patch) | |
| tree | 52e36803afaacde2673f6c0c667d204f38604d42 | |
| parent | No need to explicitly use config_activate_children in the cfattach struct. (diff) | |
| download | wireguard-openbsd-b084913af34130559f11bce93b5619f290347501.tar.xz wireguard-openbsd-b084913af34130559f11bce93b5619f290347501.zip | |
Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@
| -rw-r--r-- | lib/libssl/d1_both.c | 140 | ||||
| -rw-r--r-- | lib/libssl/d1_clnt.c | 82 | ||||
| -rw-r--r-- | lib/libssl/d1_enc.c | 22 | ||||
| -rw-r--r-- | lib/libssl/d1_pkt.c | 100 | ||||
| -rw-r--r-- | lib/libssl/d1_srtp.c | 18 | ||||
| -rw-r--r-- | lib/libssl/d1_srvr.c | 78 | ||||
| -rw-r--r-- | lib/libssl/s23_clnt.c | 36 | ||||
| -rw-r--r-- | lib/libssl/s23_pkt.c | 34 | ||||
| -rw-r--r-- | lib/libssl/s23_srvr.c | 36 | ||||
| -rw-r--r-- | lib/libssl/s3_both.c | 86 | ||||
| -rw-r--r-- | lib/libssl/s3_cbc.c | 4 | ||||
| -rw-r--r-- | lib/libssl/s3_clnt.c | 116 | ||||
| -rw-r--r-- | lib/libssl/s3_lib.c | 62 | ||||
| -rw-r--r-- | lib/libssl/s3_pkt.c | 122 | ||||
| -rw-r--r-- | lib/libssl/s3_srvr.c | 150 | ||||
| -rw-r--r-- | lib/libssl/ssl.h | 104 | ||||
| -rw-r--r-- | lib/libssl/ssl_cert.c | 12 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 220 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 108 | ||||
| -rw-r--r-- | lib/libssl/ssl_sess.c | 30 | ||||
| -rw-r--r-- | lib/libssl/t1_enc.c | 80 | ||||
| -rw-r--r-- | lib/libssl/t1_lib.c | 140 |
22 files changed, 892 insertions, 888 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index 962b73ed6c5..f440a8baf21 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.43 2017/01/23 04:55:26 beck Exp $ */ +/* $OpenBSD: d1_both.c,v 1.44 2017/01/23 06:45:30 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -223,7 +223,7 @@ dtls1_hm_fragment_free(hm_fragment *frag) free(frag); } -/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ +/* send s->internal->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ int dtls1_do_write(SSL *s, int type) { @@ -253,23 +253,23 @@ dtls1_do_write(SSL *s, int type) OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ - if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) - OPENSSL_assert(s->init_num == + if (s->internal->init_off == 0 && type == SSL3_RT_HANDSHAKE) + OPENSSL_assert(s->internal->init_num == (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); - if (s->write_hash) - mac_size = EVP_MD_CTX_size(s->write_hash); + if (s->internal->write_hash) + mac_size = EVP_MD_CTX_size(s->internal->write_hash); else mac_size = 0; - if (s->enc_write_ctx && - (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) - blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); + if (s->internal->enc_write_ctx && + (EVP_CIPHER_mode( s->internal->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) + blocksize = 2 * EVP_CIPHER_block_size(s->internal->enc_write_ctx->cipher); else blocksize = 0; frag_off = 0; - while (s->init_num) { + while (s->internal->init_num) { curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) - DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; @@ -282,36 +282,36 @@ dtls1_do_write(SSL *s, int type) mac_size - blocksize; } - if (s->init_num > curr_mtu) + if (s->internal->init_num > curr_mtu) len = curr_mtu; else - len = s->init_num; + len = s->internal->init_num; /* XDTLS: this function is too long. split out the CCS part */ if (type == SSL3_RT_HANDSHAKE) { - if (s->init_off != 0) { - OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH); - s->init_off -= DTLS1_HM_HEADER_LENGTH; - s->init_num += DTLS1_HM_HEADER_LENGTH; + if (s->internal->init_off != 0) { + OPENSSL_assert(s->internal->init_off > DTLS1_HM_HEADER_LENGTH); + s->internal->init_off -= DTLS1_HM_HEADER_LENGTH; + s->internal->init_num += DTLS1_HM_HEADER_LENGTH; - if (s->init_num > curr_mtu) + if (s->internal->init_num > curr_mtu) len = curr_mtu; else - len = s->init_num; + len = s->internal->init_num; } dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH); dtls1_write_message_header(s, - (unsigned char *)&s->init_buf->data[s->init_off]); + (unsigned char *)&s->internal->init_buf->data[s->internal->init_off]); OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH); } ret = dtls1_write_bytes(s, type, - &s->init_buf->data[s->init_off], len); + &s->internal->init_buf->data[s->internal->init_off], len); if (ret < 0) { /* * Might need to update MTU here, but we don't know @@ -342,7 +342,7 @@ dtls1_do_write(SSL *s, int type) * but in that case we'll ignore the result * anyway */ - unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; + unsigned char *p = (unsigned char *)&s->internal->init_buf->data[s->internal->init_off]; const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; int xlen; @@ -366,21 +366,21 @@ dtls1_do_write(SSL *s, int type) tls1_finish_mac(s, p, xlen); } - if (ret == s->init_num) { + if (ret == s->internal->init_num) { if (s->internal->msg_callback) s->internal->msg_callback(1, s->version, type, - s->init_buf->data, - (size_t)(s->init_off + s->init_num), + s->internal->init_buf->data, + (size_t)(s->internal->init_off + s->internal->init_num), s, s->internal->msg_callback_arg); - s->init_off = 0; + s->internal->init_off = 0; /* done writing this message */ - s->init_num = 0; + s->internal->init_num = 0; return (1); } - s->init_off += ret; - s->init_num -= ret; + s->internal->init_off += ret; + s->internal->init_num -= ret; frag_off += (ret -= DTLS1_HM_HEADER_LENGTH); } } @@ -415,9 +415,9 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) goto f_err; } *ok = 1; - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - s->init_num = (int)S3I(s)->tmp.message_size; - return s->init_num; + s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; + s->internal->init_num = (int)S3I(s)->tmp.message_size; + return s->internal->init_num; } msg_hdr = &D1I(s)->r_msg_hdr; @@ -431,7 +431,7 @@ again: else if (i <= 0 && !*ok) return i; - p = (unsigned char *)s->init_buf->data; + p = (unsigned char *)s->internal->init_buf->data; msg_len = msg_hdr->msg_len; /* reconstruct message header */ @@ -455,8 +455,8 @@ again: if (!D1I(s)->listen) D1I(s)->handshake_read_seq++; - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - return s->init_num; + s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; + return s->internal->init_num; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -493,7 +493,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) * msg_len is limited to 2^24, but is effectively checked * against max above */ - if (!BUF_MEM_grow_clean(s->init_buf, + if (!BUF_MEM_grow_clean(s->internal->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) { SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB); return SSL_AD_INTERNAL_ERROR; @@ -523,8 +523,8 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) /* * (0) check whether the desired fragment is available * if so: - * (1) copy over the fragment to s->init_buf->data[] - * (2) update s->init_num + * (1) copy over the fragment to s->internal->init_buf->data[] + * (2) update s->internal->init_num */ pitem *item; hm_fragment *frag; @@ -549,7 +549,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) if (al == 0) /* no alert */ { - unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; memcpy(&p[frag->msg_header.frag_off], frag->fragment, frag->msg_header.frag_len); } @@ -563,7 +563,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) } ssl3_send_alert(s, SSL3_AL_FATAL, al); - s->init_num = 0; + s->internal->init_num = 0; *ok = 0; return -1; } else @@ -581,8 +581,8 @@ dtls1_max_handshake_message_len(const SSL *s) unsigned long max_len; max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; - if (max_len < (unsigned long)s->max_cert_list) - return s->max_cert_list; + if (max_len < (unsigned long)s->internal->max_cert_list) + return s->internal->max_cert_list; return max_len; } @@ -785,7 +785,7 @@ again: /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) { if (*ok) - s->init_num = frag_len; + s->internal->init_num = frag_len; return frag_len; } @@ -794,7 +794,7 @@ again: DTLS1_HM_HEADER_LENGTH, 0); if (i <= 0) /* nbio, or an error */ { - s->rwstate = SSL_READING; + s->internal->rwstate = SSL_READING; *ok = 0; return i; } @@ -840,7 +840,7 @@ again: DTLS1_HM_HEADER_LENGTH, s, s->internal->msg_callback_arg); - s->init_num = 0; + s->internal->init_num = 0; goto again; } else /* Incorrectly formated Hello request */ @@ -859,13 +859,13 @@ again: s->state = stn; if (frag_len > 0) { - unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; + unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[frag_off], frag_len, 0); /* XDTLS: fix this--message fragments cannot span multiple packets */ if (i <= 0) { - s->rwstate = SSL_READING; + s->internal->rwstate = SSL_READING; *ok = 0; return i; } @@ -886,17 +886,17 @@ again: *ok = 1; /* - * Note that s->init_num is *not* used as current offset in - * s->init_buf->data, but as a counter summing up fragments' + * Note that s->internal->init_num is *not* used as current offset in + * s->internal->init_buf->data, but as a counter summing up fragments' * lengths: as soon as they sum up to handshake packet * length, we assume we have got all the fragments. */ - s->init_num = frag_len; + s->internal->init_num = frag_len; return frag_len; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - s->init_num = 0; + s->internal->init_num = 0; *ok = 0; return (-1); @@ -916,12 +916,12 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b) unsigned char *p; if (s->state == a) { - p = (unsigned char *)s->init_buf->data; + p = (unsigned char *)s->internal->init_buf->data; *p++=SSL3_MT_CCS; D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; - s->init_num = DTLS1_CCS_HEADER_LENGTH; + s->internal->init_num = DTLS1_CCS_HEADER_LENGTH; - s->init_off = 0; + s->internal->init_off = 0; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, D1I(s)->handshake_write_seq, 0, 0); @@ -1022,21 +1022,21 @@ dtls1_buffer_message(SSL *s, int is_ccs) * This function is called immediately after a message has * been serialized */ - OPENSSL_assert(s->init_off == 0); + OPENSSL_assert(s->internal->init_off == 0); - frag = dtls1_hm_fragment_new(s->init_num, 0); + frag = dtls1_hm_fragment_new(s->internal->init_num, 0); if (frag == NULL) return 0; - memcpy(frag->fragment, s->init_buf->data, s->init_num); + memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num); if (is_ccs) { OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + ((s->version == DTLS1_VERSION) ? - DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num); + DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->internal->init_num); } else { OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + - DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->internal->init_num); } frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len; @@ -1047,8 +1047,8 @@ dtls1_buffer_message(SSL *s, int is_ccs) frag->msg_header.is_ccs = is_ccs; /* save current state*/ - frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; - frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; + frag->msg_header.saved_retransmit_state.enc_write_ctx = s->internal->enc_write_ctx; + frag->msg_header.saved_retransmit_state.write_hash = s->internal->write_hash; frag->msg_header.saved_retransmit_state.session = s->session; frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch; @@ -1082,8 +1082,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, unsigned char save_write_sequence[8]; /* - OPENSSL_assert(s->init_num == 0); - OPENSSL_assert(s->init_off == 0); + OPENSSL_assert(s->internal->init_num == 0); + OPENSSL_assert(s->internal->init_off == 0); */ /* XDTLS: the requested message ought to be found, otherwise error */ @@ -1108,25 +1108,25 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, else header_length = DTLS1_HM_HEADER_LENGTH; - memcpy(s->init_buf->data, frag->fragment, + memcpy(s->internal->init_buf->data, frag->fragment, frag->msg_header.msg_len + header_length); - s->init_num = frag->msg_header.msg_len + header_length; + s->internal->init_num = frag->msg_header.msg_len + header_length; dtls1_set_message_header_int(s, frag->msg_header.type, frag->msg_header.msg_len, frag->msg_header.seq, 0, frag->msg_header.frag_len); /* save current state */ - saved_state.enc_write_ctx = s->enc_write_ctx; - saved_state.write_hash = s->write_hash; + saved_state.enc_write_ctx = s->internal->enc_write_ctx; + saved_state.write_hash = s->internal->write_hash; saved_state.session = s->session; saved_state.epoch = D1I(s)->w_epoch; D1I(s)->retransmitting = 1; /* restore state in which the message was originally sent */ - s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; - s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; + s->internal->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; + s->internal->write_hash = frag->msg_header.saved_retransmit_state.write_hash; s->session = frag->msg_header.saved_retransmit_state.session; D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch; @@ -1142,8 +1142,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); /* restore current state */ - s->enc_write_ctx = saved_state.enc_write_ctx; - s->write_hash = saved_state.write_hash; + s->internal->enc_write_ctx = saved_state.enc_write_ctx; + s->internal->write_hash = saved_state.write_hash; s->session = saved_state.session; D1I(s)->w_epoch = saved_state.epoch; diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index 67b874ef6b6..5a972f3292a 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.65 2017/01/23 04:55:26 beck Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.66 2017/01/23 06:45:30 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -203,7 +203,7 @@ dtls1_connect(SSL *s) switch (s->state) { case SSL_ST_RENEGOTIATE: - s->renegotiate = 1; + s->internal->renegotiate = 1; s->state = SSL_ST_CONNECT; s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ @@ -224,7 +224,7 @@ dtls1_connect(SSL *s) } /* s->version=SSL3_VERSION; */ - s->type = SSL_ST_CONNECT; + s->internal->type = SSL_ST_CONNECT; if (!ssl3_setup_init_buffer(s)) { ret = -1; @@ -243,19 +243,19 @@ dtls1_connect(SSL *s) s->state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; - s->init_num = 0; + s->internal->init_num = 0; /* mark client_random uninitialized */ memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); D1I(s)->send_cookie = 0; - s->hit = 0; + s->internal->hit = 0; break; case SSL3_ST_CW_CLNT_HELLO_A: case SSL3_ST_CW_CLNT_HELLO_B: - s->shutdown = 0; + s->internal->shutdown = 0; /* every DTLS ClientHello resets Finished MAC */ if (!tls1_init_finished_mac(s)) { @@ -274,7 +274,7 @@ dtls1_connect(SSL *s) } else s->state = SSL3_ST_CR_SRVR_HELLO_A; - s->init_num = 0; + s->internal->init_num = 0; /* turn on buffering for the next lot of output */ if (s->bbio != s->wbio) @@ -288,13 +288,13 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; else { - if (s->hit) { + if (s->internal->hit) { s->state = SSL3_ST_CR_FINISHED_A; } else s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; } - s->init_num = 0; + s->internal->init_num = 0; break; case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: @@ -308,7 +308,7 @@ dtls1_connect(SSL *s) s->state = SSL3_ST_CW_CLNT_HELLO_A; else s->state = SSL3_ST_CR_CERT_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_CERT_A: @@ -317,12 +317,12 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; if (ret == 2) { - s->hit = 1; - if (s->tlsext_ticket_expected) + s->internal->hit = 1; + if (s->internal->tlsext_ticket_expected) s->state = SSL3_ST_CR_SESSION_TICKET_A; else s->state = SSL3_ST_CR_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; break; } /* Check if it is anon DH. */ @@ -331,7 +331,7 @@ dtls1_connect(SSL *s) ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; - if (s->tlsext_status_expected) + if (s->internal->tlsext_status_expected) s->state = SSL3_ST_CR_CERT_STATUS_A; else s->state = SSL3_ST_CR_KEY_EXCH_A; @@ -339,7 +339,7 @@ dtls1_connect(SSL *s) skip = 1; s->state = SSL3_ST_CR_KEY_EXCH_A; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_KEY_EXCH_A: @@ -348,7 +348,7 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_CERT_REQ_A; - s->init_num = 0; + s->internal->init_num = 0; /* at this point we check that we have the * required stuff from the server */ @@ -364,7 +364,7 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_SRVR_DONE_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_SRVR_DONE_A: @@ -377,7 +377,7 @@ dtls1_connect(SSL *s) S3I(s)->tmp.next_state = SSL3_ST_CW_CERT_A; else S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; - s->init_num = 0; + s->internal->init_num = 0; s->state = S3I(s)->tmp.next_state; break; @@ -390,7 +390,7 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CW_KEY_EXCH_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CW_KEY_EXCH_A: @@ -411,7 +411,7 @@ dtls1_connect(SSL *s) S3I(s)->change_cipher_spec = 0; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CW_CERT_VRFY_A: @@ -421,13 +421,13 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CW_CHANGE_A; - s->init_num = 0; + s->internal->init_num = 0; S3I(s)->change_cipher_spec = 0; break; case SSL3_ST_CW_CHANGE_A: case SSL3_ST_CW_CHANGE_B: - if (!s->hit) + if (!s->internal->hit) dtls1_start_timer(s); ret = dtls1_send_change_cipher_spec(s, SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); @@ -435,7 +435,7 @@ dtls1_connect(SSL *s) goto end; s->state = SSL3_ST_CW_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; s->session->cipher = S3I(s)->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { @@ -455,7 +455,7 @@ dtls1_connect(SSL *s) case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_B: - if (!s->hit) + if (!s->internal->hit) dtls1_start_timer(s); ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, @@ -467,7 +467,7 @@ dtls1_connect(SSL *s) /* clear flags */ s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; - if (s->hit) { + if (s->internal->hit) { S3I(s)->tmp.next_state = SSL_ST_OK; if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { s->state = SSL_ST_OK; @@ -477,14 +477,14 @@ dtls1_connect(SSL *s) } else { /* Allow NewSessionTicket if ticket expected */ - if (s->tlsext_ticket_expected) + if (s->internal->tlsext_ticket_expected) S3I(s)->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; else S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_SESSION_TICKET_A: @@ -493,7 +493,7 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_CERT_STATUS_A: @@ -502,7 +502,7 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_KEY_EXCH_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_FINISHED_A: @@ -514,28 +514,28 @@ dtls1_connect(SSL *s) goto end; dtls1_stop_timer(s); - if (s->hit) + if (s->internal->hit) s->state = SSL3_ST_CW_CHANGE_A; else s->state = SSL_ST_OK; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CW_FLUSH: - s->rwstate = SSL_WRITING; + s->internal->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; s->state = S3I(s)->tmp.next_state; } ret = -1; goto end; } - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; s->state = S3I(s)->tmp.next_state; break; @@ -549,12 +549,12 @@ dtls1_connect(SSL *s) ssl_free_wbio_buffer(s); /* else do it later in ssl3_write */ - s->init_num = 0; - s->renegotiate = 0; - s->new_session = 0; + s->internal->init_num = 0; + s->internal->renegotiate = 0; + s->internal->new_session = 0; ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); - if (s->hit) + if (s->internal->hit) s->ctx->internal->stats.sess_hit++; ret = 1; @@ -580,7 +580,7 @@ dtls1_connect(SSL *s) /* did we do anything */ if (!S3I(s)->tmp.reuse_message && !skip) { - if (s->debug) { + if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; } @@ -613,7 +613,7 @@ dtls1_get_hello_verify(SSL *s) CBS hello_verify_request, cookie; n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, - DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok); + DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); @@ -627,7 +627,7 @@ dtls1_get_hello_verify(SSL *s) if (n < 0) goto truncated; - CBS_init(&hello_verify_request, s->init_msg, n); + CBS_init(&hello_verify_request, s->internal->init_msg, n); if (!CBS_get_u16(&hello_verify_request, &ssl_version)) goto truncated; diff --git a/lib/libssl/d1_enc.c b/lib/libssl/d1_enc.c index 4b13e094fe6..0e49fb6df23 100644 --- a/lib/libssl/d1_enc.c +++ b/lib/libssl/d1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_enc.c,v 1.12 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: d1_enc.c,v 1.13 2017/01/23 06:45:30 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -139,17 +139,17 @@ dtls1_enc(SSL *s, int send) const EVP_CIPHER *enc; if (send) { - if (EVP_MD_CTX_md(s->write_hash)) { - mac_size = EVP_MD_CTX_size(s->write_hash); + if (EVP_MD_CTX_md(s->internal->write_hash)) { + mac_size = EVP_MD_CTX_size(s->internal->write_hash); if (mac_size < 0) return -1; } - ds = s->enc_write_ctx; + ds = s->internal->enc_write_ctx; rec = &(S3I(s)->wrec); - if (s->enc_write_ctx == NULL) + if (s->internal->enc_write_ctx == NULL) enc = NULL; else { - enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); + enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx); if (rec->data != rec->input) { #ifdef DEBUG /* we can't write into the input stream */ @@ -162,16 +162,16 @@ dtls1_enc(SSL *s, int send) } } } else { - if (EVP_MD_CTX_md(s->read_hash)) { - mac_size = EVP_MD_CTX_size(s->read_hash); + if (EVP_MD_CTX_md(s->internal->read_hash)) { + mac_size = EVP_MD_CTX_size(s->internal->read_hash); OPENSSL_assert(mac_size >= 0); } - ds = s->enc_read_ctx; + ds = s->internal->enc_read_ctx; rec = &(S3I(s)->rrec); - if (s->enc_read_ctx == NULL) + if (s->internal->enc_read_ctx == NULL) enc = NULL; else - enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); + enc = EVP_CIPHER_CTX_cipher(s->internal->enc_read_ctx); } diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 88c2fa9adfc..34e6d58c002 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.53 2017/01/23 04:55:26 beck Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.54 2017/01/23 06:45:30 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -202,8 +202,8 @@ dtls1_copy_record(SSL *s, pitem *item) free(s->s3->rbuf.buf); - s->packet = rdata->packet; - s->packet_length = rdata->packet_length; + s->internal->packet = rdata->packet; + s->internal->packet_length = rdata->packet_length; memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); @@ -229,16 +229,16 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) if (rdata == NULL || item == NULL) goto init_err; - rdata->packet = s->packet; - rdata->packet_length = s->packet_length; + rdata->packet = s->internal->packet; + rdata->packet_length = s->internal->packet_length; memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD)); item->data = rdata; - s->packet = NULL; - s->packet_length = 0; + s->internal->packet = NULL; + s->internal->packet_length = 0; memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD)); @@ -336,12 +336,12 @@ dtls1_process_record(SSL *s) rr = &(S3I(s)->rrec); sess = s->session; - /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, - * and we have that many bytes in s->packet + /* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, + * and we have that many bytes in s->internal->packet */ - rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]); + rr->input = &(s->internal->packet[DTLS1_RT_HEADER_LENGTH]); - /* ok, we can now read from 's->packet' data into 'rr' + /* ok, we can now read from 's->internal->packet' data into 'rr' * rr->input points at rr->length bytes, which * need to be copied into rr->data by either * the decryption or by the decompression @@ -369,18 +369,18 @@ dtls1_process_record(SSL *s) if (enc_err == 0) { /* For DTLS we simply ignore bad packets. */ rr->length = 0; - s->packet_length = 0; + s->internal->packet_length = 0; goto err; } /* r->length is now the compressed data plus mac */ - if ((sess != NULL) && (s->enc_read_ctx != NULL) && - (EVP_MD_CTX_md(s->read_hash) != NULL)) { - /* s->read_hash != NULL => mac_size != -1 */ + if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) && + (EVP_MD_CTX_md(s->internal->read_hash) != NULL)) { + /* s->internal->read_hash != NULL => mac_size != -1 */ unsigned char *mac = NULL; unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - mac_size = EVP_MD_CTX_size(s->read_hash); + mac_size = EVP_MD_CTX_size(s->internal->read_hash); OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); /* kludge: *_cbc_remove_padding passes padding length in rr->type */ @@ -393,14 +393,14 @@ dtls1_process_record(SSL *s) */ if (orig_len < mac_size || /* CBC records must have a padding length byte too. */ - (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && + (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE && orig_len < mac_size + 1)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT); goto f_err; } - if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { + if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) { /* We update the length so that the TLS header bytes * can be constructed correctly but we need to extract * the MAC in constant time from within the record, @@ -427,7 +427,7 @@ dtls1_process_record(SSL *s) if (enc_err < 0) { /* decryption failed, silently discard message */ rr->length = 0; - s->packet_length = 0; + s->internal->packet_length = 0; goto err; } @@ -447,7 +447,7 @@ dtls1_process_record(SSL *s) */ /* we have pulled in a full packet so zero things */ - s->packet_length = 0; + s->internal->packet_length = 0; return (1); f_err: @@ -491,12 +491,12 @@ dtls1_get_record(SSL *s) again: /* dump this record on all retries */ rr->length = 0; - s->packet_length = 0; + s->internal->packet_length = 0; } /* check if we have the header */ if ((s->rstate != SSL_ST_READ_BODY) || - (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { + (s->internal->packet_length < DTLS1_RT_HEADER_LENGTH)) { CBS header, seq_no; uint16_t epoch, len, ssl_version; uint8_t type; @@ -507,12 +507,12 @@ again: return(n); /* error or non-blocking */ /* this packet contained a partial record, dump it */ - if (s->packet_length != DTLS1_RT_HEADER_LENGTH) + if (s->internal->packet_length != DTLS1_RT_HEADER_LENGTH) goto again; s->rstate = SSL_ST_READ_BODY; - CBS_init(&header, s->packet, s->packet_length); + CBS_init(&header, s->internal->packet, s->internal->packet_length); /* Pull apart the header into the DTLS1_RECORD */ if (!CBS_get_u8(&header, &type)) @@ -536,7 +536,7 @@ again: rr->length = len; /* unexpected version, silently discard */ - if (!s->first_packet && ssl_version != s->version) + if (!s->internal->first_packet && ssl_version != s->version) goto again; /* wrong version, silently discard record */ @@ -553,8 +553,8 @@ again: /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ - if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) { - /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ + if (rr->length > s->internal->packet_length - DTLS1_RT_HEADER_LENGTH) { + /* now s->internal->packet_length == DTLS1_RT_HEADER_LENGTH */ i = rr->length; n = ssl3_read_n(s, i, i, 1); if (n <= 0) @@ -565,7 +565,7 @@ again: goto again; /* now n == rr->length, - * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ + * and s->internal->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ } s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ @@ -680,7 +680,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } start: - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; /* S3I(s)->rrec.type - is the type of record * S3I(s)->rrec.data, - data @@ -747,9 +747,9 @@ start: /* If the other end has shut down, throw anything we read away * (even in 'peek' mode) */ - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { + if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { rr->length = 0; - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; return (0); } @@ -759,7 +759,7 @@ start: /* make sure that we are not getting application data when we * are doing a handshake for the first time */ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) { + (s->internal->enc_read_ctx == NULL)) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); goto f_err; @@ -816,7 +816,7 @@ start: BIO *bio; S3I(s)->in_read_app_data = 2; bio = SSL_get_rbio(s); - s->rwstate = SSL_READING; + s->internal->rwstate = SSL_READING; BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); return (-1); @@ -883,7 +883,7 @@ start: !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && !S3I(s)->renegotiate) { D1I(s)->handshake_read_seq++; - s->new_session = 1; + s->internal->new_session = 1; ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) { i = s->internal->handshake_func(s); @@ -902,7 +902,7 @@ start: * but we trigger an SSL handshake, we return -1 with * the retry option set. Otherwise renegotiation may * cause nasty problems in the blocking world */ - s->rwstate = SSL_READING; + s->internal->rwstate = SSL_READING; bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); @@ -940,17 +940,17 @@ start: { S3I(s)->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { - s->shutdown |= SSL_RECEIVED_SHUTDOWN; + s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); } } else if (alert_level == 2) /* fatal */ { - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; S3I(s)->fatal_alert = alert_descr; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); ERR_asprintf_error_data("SSL alert number %d", alert_descr); - s->shutdown|=SSL_RECEIVED_SHUTDOWN; + s->internal->shutdown|=SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->ctx, s->session); return (0); } else { @@ -962,9 +962,9 @@ start: goto start; } - if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ + if (s->internal->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ { - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; rr->length = 0; return (0); } @@ -1038,8 +1038,8 @@ start: if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; - s->renegotiate = 1; - s->new_session = 1; + s->internal->renegotiate = 1; + s->internal->new_session = 1; } i = s->internal->handshake_func(s); if (i < 0) @@ -1057,7 +1057,7 @@ start: * but we trigger an SSL handshake, we return -1 with * the retry option set. Otherwise renegotiation may * cause nasty problems in the blocking world */ - s->rwstate = SSL_READING; + s->internal->rwstate = SSL_READING; bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); @@ -1185,7 +1185,7 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len) int i; OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; i = do_dtls1_write(s, type, buf, len); return i; } @@ -1223,14 +1223,14 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) wb = &(s->s3->wbuf); sess = s->session; - if ((sess == NULL) || (s->enc_write_ctx == NULL) || - (EVP_MD_CTX_md(s->write_hash) == NULL)) + if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) || + (EVP_MD_CTX_md(s->internal->write_hash) == NULL)) clear = 1; if (clear) mac_size = 0; else { - mac_size = EVP_MD_CTX_size(s->write_hash); + mac_size = EVP_MD_CTX_size(s->internal->write_hash); if (mac_size < 0) goto err; } @@ -1257,9 +1257,9 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) /* Make space for the explicit IV in case of CBC. * (this is a bit of a boundary violation, but what the heck). */ - if (s->enc_write_ctx && - (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE)) - bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher); + if (s->internal->enc_write_ctx && + (EVP_CIPHER_mode( s->internal->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE)) + bs = EVP_CIPHER_block_size(s->internal->enc_write_ctx->cipher); else bs = 0; diff --git a/lib/libssl/d1_srtp.c b/lib/libssl/d1_srtp.c index 7b80d73d14e..98bb24b4fef 100644 --- a/lib/libssl/d1_srtp.c +++ b/lib/libssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.16 2017/01/23 05:13:02 jsing Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.17 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -223,7 +223,7 @@ SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) { - return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); + return ssl_ctx_make_profiles(profiles, &s->internal->srtp_profiles); } @@ -231,8 +231,8 @@ STACK_OF(SRTP_PROTECTION_PROFILE) * SSL_get_srtp_profiles(SSL *s) { if (s != NULL) { - if (s->srtp_profiles != NULL) { - return s->srtp_profiles; + if (s->internal->srtp_profiles != NULL) { + return s->internal->srtp_profiles; } else if ((s->ctx != NULL) && (s->ctx->internal->srtp_profiles != NULL)) { return s->ctx->internal->srtp_profiles; @@ -245,7 +245,7 @@ SSL_get_srtp_profiles(SSL *s) SRTP_PROTECTION_PROFILE * SSL_get_selected_srtp_profile(SSL *s) { - return s->srtp_profile; + return s->internal->srtp_profile; } /* Note: this function returns 0 length if there are no @@ -360,7 +360,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len, cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j); if (cprof->id == sprof->id) { - s->srtp_profile = sprof; + s->internal->srtp_profile = sprof; *al = 0; ret = 0; goto done; @@ -387,13 +387,13 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) return 1; } - if (s->srtp_profile == 0) { + if (s->internal->srtp_profile == 0) { SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, SSL_R_USE_SRTP_NOT_NEGOTIATED); return 1; } s2n(2, p); - s2n(s->srtp_profile->id, p); + s2n(s->internal->srtp_profile->id, p); *p++ = 0; } *len = 5; @@ -458,7 +458,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); if (prof->id == id) { - s->srtp_profile = prof; + s->internal->srtp_profile = prof; *al = 0; return 0; } diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 80af8eb930a..78816cda463 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.75 2017/01/23 04:55:26 beck Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.76 2017/01/23 06:45:30 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -213,7 +213,7 @@ dtls1_accept(SSL *s) switch (s->state) { case SSL_ST_RENEGOTIATE: - s->renegotiate = 1; + s->internal->renegotiate = 1; /* s->state=SSL_ST_ACCEPT; */ case SSL_ST_BEFORE: @@ -230,7 +230,7 @@ dtls1_accept(SSL *s) ret = -1; goto end; } - s->type = SSL_ST_ACCEPT; + s->internal->type = SSL_ST_ACCEPT; if (!ssl3_setup_init_buffer(s)) { ret = -1; @@ -241,7 +241,7 @@ dtls1_accept(SSL *s) goto end; } - s->init_num = 0; + s->internal->init_num = 0; if (s->state != SSL_ST_RENEGOTIATE) { /* Ok, we now need to push on a buffering BIO so that @@ -272,7 +272,7 @@ dtls1_accept(SSL *s) case SSL3_ST_SW_HELLO_REQ_A: case SSL3_ST_SW_HELLO_REQ_B: - s->shutdown = 0; + s->internal->shutdown = 0; dtls1_clear_record_buffer(s); dtls1_start_timer(s); ret = ssl3_send_hello_request(s); @@ -280,7 +280,7 @@ dtls1_accept(SSL *s) goto end; S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; s->state = SSL3_ST_SW_FLUSH; - s->init_num = 0; + s->internal->init_num = 0; if (!tls1_init_finished_mac(s)) { ret = -1; @@ -296,7 +296,7 @@ dtls1_accept(SSL *s) case SSL3_ST_SR_CLNT_HELLO_B: case SSL3_ST_SR_CLNT_HELLO_C: - s->shutdown = 0; + s->internal->shutdown = 0; ret = ssl3_get_client_hello(s); if (ret <= 0) goto end; @@ -307,7 +307,7 @@ dtls1_accept(SSL *s) else s->state = SSL3_ST_SW_SRVR_HELLO_A; - s->init_num = 0; + s->internal->init_num = 0; /* Reflect ClientHello sequence to remain stateless while listening */ if (listen) { @@ -348,20 +348,20 @@ dtls1_accept(SSL *s) case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_B: - s->renegotiate = 2; + s->internal->renegotiate = 2; dtls1_start_timer(s); ret = ssl3_send_server_hello(s); if (ret <= 0) goto end; - if (s->hit) { - if (s->tlsext_ticket_expected) + if (s->internal->hit) { + if (s->internal->tlsext_ticket_expected) s->state = SSL3_ST_SW_SESSION_TICKET_A; else s->state = SSL3_ST_SW_CHANGE_A; } else s->state = SSL3_ST_SW_CERT_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_CERT_A: @@ -373,7 +373,7 @@ dtls1_accept(SSL *s) ret = ssl3_send_server_certificate(s); if (ret <= 0) goto end; - if (s->tlsext_status_expected) + if (s->internal->tlsext_status_expected) s->state = SSL3_ST_SW_CERT_STATUS_A; else s->state = SSL3_ST_SW_KEY_EXCH_A; @@ -381,7 +381,7 @@ dtls1_accept(SSL *s) skip = 1; s->state = SSL3_ST_SW_KEY_EXCH_A; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_KEY_EXCH_A: @@ -398,7 +398,7 @@ dtls1_accept(SSL *s) skip = 1; s->state = SSL3_ST_SW_CERT_REQ_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_CERT_REQ_A: @@ -437,7 +437,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_SW_SRVR_DONE_A; - s->init_num = 0; + s->internal->init_num = 0; } break; @@ -449,22 +449,22 @@ dtls1_accept(SSL *s) goto end; S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; s->state = SSL3_ST_SW_FLUSH; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_FLUSH: - s->rwstate = SSL_WRITING; + s->internal->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; s->state = S3I(s)->tmp.next_state; } ret = -1; goto end; } - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; s->state = S3I(s)->tmp.next_state; break; @@ -475,7 +475,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; } - s->init_num = 0; + s->internal->init_num = 0; s->state = SSL3_ST_SR_KEY_EXCH_A; break; @@ -486,7 +486,7 @@ dtls1_accept(SSL *s) goto end; s->state = SSL3_ST_SR_CERT_VRFY_A; - s->init_num = 0; + s->internal->init_num = 0; if (ret == 2) { /* For the ECDH ciphersuites when @@ -495,10 +495,10 @@ dtls1_accept(SSL *s) * message is not sent. */ s->state = SSL3_ST_SR_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; } else if (SSL_USE_SIGALGS(s)) { s->state = SSL3_ST_SR_CERT_VRFY_A; - s->init_num = 0; + s->internal->init_num = 0; if (!s->session->peer) break; @@ -519,7 +519,7 @@ dtls1_accept(SSL *s) } } else { s->state = SSL3_ST_SR_CERT_VRFY_A; - s->init_num = 0; + s->internal->init_num = 0; /* We need to get hashes here so if there is * a client cert, it can be verified */ @@ -540,7 +540,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_SR_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SR_FINISHED_A: @@ -551,13 +551,13 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; dtls1_stop_timer(s); - if (s->hit) + if (s->internal->hit) s->state = SSL_ST_OK; - else if (s->tlsext_ticket_expected) + else if (s->internal->tlsext_ticket_expected) s->state = SSL3_ST_SW_SESSION_TICKET_A; else s->state = SSL3_ST_SW_CHANGE_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_SESSION_TICKET_A: @@ -566,7 +566,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_SW_CHANGE_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_CERT_STATUS_A: @@ -575,7 +575,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_SW_KEY_EXCH_A; - s->init_num = 0; + s->internal->init_num = 0; break; @@ -596,7 +596,7 @@ dtls1_accept(SSL *s) s->state = SSL3_ST_SW_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; if (!s->method->ssl3_enc->change_cipher_state(s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { @@ -616,13 +616,13 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_SW_FLUSH; - if (s->hit) { + if (s->internal->hit) { S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A; } else { S3I(s)->tmp.next_state = SSL_ST_OK; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL_ST_OK: @@ -632,12 +632,12 @@ dtls1_accept(SSL *s) /* remove buffering on output */ ssl_free_wbio_buffer(s); - s->init_num = 0; + s->internal->init_num = 0; - if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */ + if (s->internal->renegotiate == 2) /* skipped if we just sent a HelloRequest */ { - s->renegotiate = 0; - s->new_session = 0; + s->internal->renegotiate = 0; + s->internal->new_session = 0; ssl_update_cache(s, SSL_SESS_CACHE_SERVER); @@ -667,7 +667,7 @@ dtls1_accept(SSL *s) } if (!S3I(s)->tmp.reuse_message && !skip) { - if (s->debug) { + if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; } diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c index aec215d29a3..e95006bcca7 100644 --- a/lib/libssl/s23_clnt.c +++ b/lib/libssl/s23_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s23_clnt.c,v 1.52 2017/01/23 04:55:26 beck Exp $ */ +/* $OpenBSD: s23_clnt.c,v 1.53 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -158,7 +158,7 @@ ssl23_connect(SSL *s) cb(s, SSL_CB_HANDSHAKE_START, 1); /* s->version=TLS1_VERSION; */ - s->type = SSL_ST_CONNECT; + s->internal->type = SSL_ST_CONNECT; if (!ssl3_setup_init_buffer(s)) { ret = -1; @@ -175,18 +175,18 @@ ssl23_connect(SSL *s) s->state = SSL23_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL23_ST_CW_CLNT_HELLO_A: case SSL23_ST_CW_CLNT_HELLO_B: - s->shutdown = 0; + s->internal->shutdown = 0; ret = ssl23_client_hello(s); if (ret <= 0) goto end; s->state = SSL23_ST_CR_SRVR_HELLO_A; - s->init_num = 0; + s->internal->init_num = 0; break; @@ -205,7 +205,7 @@ ssl23_connect(SSL *s) /* break; */ } - if (s->debug) { + if (s->internal->debug) { (void)BIO_flush(s->wbio); } @@ -235,7 +235,7 @@ ssl23_client_hello(SSL *s) size_t outlen; int ret; - buf = (unsigned char *)s->init_buf->data; + buf = (unsigned char *)s->internal->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); @@ -319,14 +319,14 @@ ssl23_client_hello(SSL *s) s2n((int)l, d); /* number of bytes to write */ - s->init_num = p - buf; - s->init_off = 0; + s->internal->init_num = p - buf; + s->internal->init_off = 0; tls1_finish_mac(s, &(buf[SSL3_RT_HEADER_LENGTH]), - s->init_num - SSL3_RT_HEADER_LENGTH); + s->internal->init_num - SSL3_RT_HEADER_LENGTH); s->state = SSL23_ST_CW_CLNT_HELLO_B; - s->init_off = 0; + s->internal->init_off = 0; } /* SSL3_ST_CW_CLNT_HELLO_B */ @@ -335,7 +335,7 @@ ssl23_client_hello(SSL *s) if ((ret >= 2) && s->internal->msg_callback) { /* Client Hello has been sent; tell msg_callback */ s->internal->msg_callback(1, s->client_version, SSL3_RT_HANDSHAKE, - s->init_buf->data + 5, ret - 5, s, s->internal->msg_callback_arg); + s->internal->init_buf->data + 5, ret - 5, s, s->internal->msg_callback_arg); } return ret; @@ -353,7 +353,7 @@ ssl23_get_server_hello(SSL *s) if (n != 7) return (n); - p = s->packet; + p = s->internal->packet; memcpy(buf, p, n); @@ -409,7 +409,7 @@ ssl23_get_server_hello(SSL *s) s->internal->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s, s->internal->msg_callback_arg); - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]); goto err; @@ -424,12 +424,12 @@ ssl23_get_server_hello(SSL *s) /* put the 7 bytes we have read into the input buffer * for SSLv3 */ s->rstate = SSL_ST_READ_HEADER; - s->packet_length = n; + s->internal->packet_length = n; if (s->s3->rbuf.buf == NULL) if (!ssl3_setup_read_buffer(s)) goto err; - s->packet = &(s->s3->rbuf.buf[0]); - memcpy(s->packet, buf, n); + s->internal->packet = &(s->s3->rbuf.buf[0]); + memcpy(s->internal->packet, buf, n); s->s3->rbuf.left = n; s->s3->rbuf.offset = 0; @@ -438,7 +438,7 @@ ssl23_get_server_hello(SSL *s) SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL); goto err; } - s->init_num = 0; + s->internal->init_num = 0; /* * Since, if we are sending a ssl23 client hello, we are not diff --git a/lib/libssl/s23_pkt.c b/lib/libssl/s23_pkt.c index 2081f48f08d..da1ee900abc 100644 --- a/lib/libssl/s23_pkt.c +++ b/lib/libssl/s23_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s23_pkt.c,v 1.9 2014/11/16 14:12:47 jsing Exp $ */ +/* $OpenBSD: s23_pkt.c,v 1.10 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,18 +70,18 @@ ssl23_write_bytes(SSL *s) int i, num, tot; char *buf; - buf = s->init_buf->data; - tot = s->init_off; - num = s->init_num; + buf = s->internal->init_buf->data; + tot = s->internal->init_off; + num = s->internal->init_num; for (;;) { - s->rwstate = SSL_WRITING; + s->internal->rwstate = SSL_WRITING; i = BIO_write(s->wbio, &(buf[tot]), num); if (i <= 0) { - s->init_off = tot; - s->init_num = num; + s->internal->init_off = tot; + s->internal->init_num = num; return (i); } - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; if (i == num) return (tot + i); @@ -97,19 +97,19 @@ ssl23_read_bytes(SSL *s, int n) unsigned char *p; int j; - if (s->packet_length < (unsigned int)n) { - p = s->packet; + if (s->internal->packet_length < (unsigned int)n) { + p = s->internal->packet; for (;;) { - s->rwstate = SSL_READING; - j = BIO_read(s->rbio, (char *)&(p[s->packet_length]), - n - s->packet_length); + s->internal->rwstate = SSL_READING; + j = BIO_read(s->rbio, (char *)&(p[s->internal->packet_length]), + n - s->internal->packet_length); if (j <= 0) return (j); - s->rwstate = SSL_NOTHING; - s->packet_length += j; - if (s->packet_length >= (unsigned int)n) - return (s->packet_length); + s->internal->rwstate = SSL_NOTHING; + s->internal->packet_length += j; + if (s->internal->packet_length >= (unsigned int)n) + return (s->internal->packet_length); } } return (n); diff --git a/lib/libssl/s23_srvr.c b/lib/libssl/s23_srvr.c index 79c2eee521c..6b5ac0cc630 100644 --- a/lib/libssl/s23_srvr.c +++ b/lib/libssl/s23_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s23_srvr.c,v 1.53 2017/01/23 04:55:26 beck Exp $ */ +/* $OpenBSD: s23_srvr.c,v 1.54 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -152,7 +152,7 @@ ssl23_accept(SSL *s) cb(s, SSL_CB_HANDSHAKE_START, 1); /* s->version=SSL3_VERSION; */ - s->type = SSL_ST_ACCEPT; + s->internal->type = SSL_ST_ACCEPT; if (!ssl3_setup_init_buffer(s)) { ret = -1; @@ -165,13 +165,13 @@ ssl23_accept(SSL *s) s->state = SSL23_ST_SR_CLNT_HELLO_A; s->ctx->internal->stats.sess_accept++; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL23_ST_SR_CLNT_HELLO_A: case SSL23_ST_SR_CLNT_HELLO_B: - s->shutdown = 0; + s->internal->shutdown = 0; ret = ssl23_get_client_hello(s); if (ret >= 0) cb = NULL; @@ -237,7 +237,7 @@ ssl23_get_client_hello(SSL *s) if (n != sizeof buf) return(n); - p = s->packet; + p = s->internal->packet; memcpy(buf, p, n); @@ -314,7 +314,7 @@ ssl23_get_client_hello(SSL *s) goto unsupported; type = 2; - p = s->packet; + p = s->internal->packet; client_version = p[3] << 8 | p[4]; /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 @@ -344,18 +344,18 @@ ssl23_get_client_hello(SSL *s) if (j != n + 2) return -1; - tls1_finish_mac(s, s->packet + 2, s->packet_length - 2); + tls1_finish_mac(s, s->internal->packet + 2, s->internal->packet_length - 2); if (s->internal->msg_callback) - s->internal->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, - s->packet_length - 2, s, s->internal->msg_callback_arg); + s->internal->msg_callback(0, SSL2_VERSION, 0, s->internal->packet + 2, + s->internal->packet_length - 2, s, s->internal->msg_callback_arg); - p = s->packet; + p = s->internal->packet; p += 5; n2s(p, csl); n2s(p, sil); n2s(p, cl); - d = (unsigned char *)s->init_buf->data; - if ((csl + sil + cl + 11) != s->packet_length) { + d = (unsigned char *)s->internal->init_buf->data; + if ((csl + sil + cl + 11) != s->internal->packet_length) { /* * We can't have TLS extensions in SSL 2.0 format * Client Hello, can we ? Error condition should be @@ -403,7 +403,7 @@ ssl23_get_client_hello(SSL *s) *(d++) = 1; *(d++) = 0; - i = (d - (unsigned char *)s->init_buf->data) - 4; + i = (d - (unsigned char *)s->internal->init_buf->data) - 4; l2n3((long)i, d_len); /* get the data reused from the init_buf */ @@ -428,17 +428,17 @@ ssl23_get_client_hello(SSL *s) /* put the 'n' bytes we have read into the input buffer * for SSLv3 */ s->rstate = SSL_ST_READ_HEADER; - s->packet_length = n; + s->internal->packet_length = n; if (s->s3->rbuf.buf == NULL) if (!ssl3_setup_read_buffer(s)) return -1; - s->packet = &(s->s3->rbuf.buf[0]); - memcpy(s->packet, buf, n); + s->internal->packet = &(s->s3->rbuf.buf[0]); + memcpy(s->internal->packet, buf, n); s->s3->rbuf.left = n; s->s3->rbuf.offset = 0; } else { - s->packet_length = 0; + s->internal->packet_length = 0; s->s3->rbuf.left = 0; s->s3->rbuf.offset = 0; } @@ -456,7 +456,7 @@ ssl23_get_client_hello(SSL *s) SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); return -1; } - s->init_num = 0; + s->internal->init_num = 0; return (SSL_accept(s)); diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index 4dddcd232a8..12559ab710f 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.52 2017/01/23 04:55:26 beck Exp $ */ +/* $OpenBSD: s3_both.c,v 1.53 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -128,7 +128,7 @@ #include "bytestring.h" /* - * Send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or + * Send s->internal->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or * SSL3_RT_CHANGE_CIPHER_SPEC). */ int @@ -136,8 +136,8 @@ ssl3_do_write(SSL *s, int type) { int ret; - ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], - s->init_num); + ret = ssl3_write_bytes(s, type, &s->internal->init_buf->data[s->internal->init_off], + s->internal->init_num); if (ret < 0) return (-1); @@ -147,18 +147,18 @@ ssl3_do_write(SSL *s, int type) * we'll ignore the result anyway. */ tls1_finish_mac(s, - (unsigned char *)&s->init_buf->data[s->init_off], ret); + (unsigned char *)&s->internal->init_buf->data[s->internal->init_off], ret); - if (ret == s->init_num) { + if (ret == s->internal->init_num) { if (s->internal->msg_callback) - s->internal->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), s, + s->internal->msg_callback(1, s->version, type, s->internal->init_buf->data, + (size_t)(s->internal->init_off + s->internal->init_num), s, s->internal->msg_callback_arg); return (1); } - s->init_off += ret; - s->init_num -= ret; + s->internal->init_off += ret; + s->internal->init_num -= ret; return (0); } @@ -179,7 +179,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) S3I(s)->tmp.finish_md_len = md_len; /* Copy finished so we can use it for renegotiation checks. */ - if (s->type == SSL_ST_CONNECT) { + if (s->internal->type == SSL_ST_CONNECT) { memcpy(S3I(s)->previous_client_finished, S3I(s)->tmp.finish_md, md_len); S3I(s)->previous_client_finished_len = md_len; @@ -257,7 +257,7 @@ ssl3_get_finished(SSL *s, int a, int b) goto f_err; } - CBS_init(&cbs, s->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, n); if (S3I(s)->tmp.peer_finish_md_len != md_len || CBS_len(&cbs) != md_len) { @@ -274,7 +274,7 @@ ssl3_get_finished(SSL *s, int a, int b) /* Copy finished so we can use it for renegotiation checks. */ OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); - if (s->type == SSL_ST_ACCEPT) { + if (s->internal->type == SSL_ST_ACCEPT) { memcpy(S3I(s)->previous_client_finished, S3I(s)->tmp.peer_finish_md, md_len); S3I(s)->previous_client_finished_len = md_len; @@ -303,10 +303,10 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b) unsigned char *p; if (s->state == a) { - p = (unsigned char *)s->init_buf->data; + p = (unsigned char *)s->internal->init_buf->data; *p = SSL3_MT_CCS; - s->init_num = 1; - s->init_off = 0; + s->internal->init_num = 1; + s->internal->init_off = 0; s->state = b; } @@ -425,28 +425,28 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) goto f_err; } *ok = 1; - s->init_msg = s->init_buf->data + 4; - s->init_num = (int)S3I(s)->tmp.message_size; - return s->init_num; + s->internal->init_msg = s->internal->init_buf->data + 4; + s->internal->init_num = (int)S3I(s)->tmp.message_size; + return s->internal->init_num; } - p = (unsigned char *)s->init_buf->data; + p = (unsigned char *)s->internal->init_buf->data; - /* s->init_num < 4 */ + /* s->internal->init_num < 4 */ if (s->state == st1) { int skip_message; do { - while (s->init_num < 4) { + while (s->internal->init_num < 4) { i = s->method->ssl_read_bytes(s, - SSL3_RT_HANDSHAKE, &p[s->init_num], - 4 - s->init_num, 0); + SSL3_RT_HANDSHAKE, &p[s->internal->init_num], + 4 - s->internal->init_num, 0); if (i <= 0) { - s->rwstate = SSL_READING; + s->internal->rwstate = SSL_READING; *ok = 0; return i; } - s->init_num += i; + s->internal->init_num += i; } skip_message = 0; @@ -458,7 +458,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) * correct. Does not count for 'Finished' MAC. */ if (p[1] == 0 && p[2] == 0 &&p[3] == 0) { - s->init_num = 0; + s->internal->init_num = 0; skip_message = 1; if (s->internal->msg_callback) @@ -469,7 +469,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) } } while (skip_message); - /* s->init_num == 4 */ + /* s->internal->init_num == 4 */ if ((mt >= 0) && (*p != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; @@ -492,46 +492,46 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; } - if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) { + if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) { SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); goto err; } S3I(s)->tmp.message_size = l; s->state = stn; - s->init_msg = s->init_buf->data + 4; - s->init_num = 0; + s->internal->init_msg = s->internal->init_buf->data + 4; + s->internal->init_num = 0; } /* next state (stn) */ - p = s->init_msg; - n = S3I(s)->tmp.message_size - s->init_num; + p = s->internal->init_msg; + n = S3I(s)->tmp.message_size - s->internal->init_num; while (n > 0) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, - &p[s->init_num], n, 0); + &p[s->internal->init_num], n, 0); if (i <= 0) { - s->rwstate = SSL_READING; + s->internal->rwstate = SSL_READING; *ok = 0; return i; } - s->init_num += i; + s->internal->init_num += i; n -= i; } /* If receiving Finished, record MAC of prior handshake messages for * Finished verification. */ - if (*s->init_buf->data == SSL3_MT_FINISHED) + if (*s->internal->init_buf->data == SSL3_MT_FINISHED) ssl3_take_mac(s); /* Feed this message into MAC computation. */ - tls1_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); + tls1_finish_mac(s, (unsigned char *)s->internal->init_buf->data, s->internal->init_num + 4); if (s->internal->msg_callback) s->internal->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - s->init_buf->data, (size_t)s->init_num + 4, s, + s->internal->init_buf->data, (size_t)s->internal->init_num + 4, s, s->internal->msg_callback_arg); *ok = 1; - return (s->init_num); + return (s->internal->init_num); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -636,7 +636,7 @@ ssl3_setup_init_buffer(SSL *s) { BUF_MEM *buf = NULL; - if (s->init_buf != NULL) + if (s->internal->init_buf != NULL) return (1); if ((buf = BUF_MEM_new()) == NULL) @@ -644,7 +644,7 @@ ssl3_setup_init_buffer(SSL *s) if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) goto err; - s->init_buf = buf; + s->internal->init_buf = buf; return (1); err: @@ -674,7 +674,7 @@ ssl3_setup_read_buffer(SSL *s) s->s3->rbuf.len = len; } - s->packet = &(s->s3->rbuf.buf[0]); + s->internal->packet = &(s->s3->rbuf.buf[0]); return 1; err: diff --git a/lib/libssl/s3_cbc.c b/lib/libssl/s3_cbc.c index f0bf5bc38b8..10b6ddde0f7 100644 --- a/lib/libssl/s3_cbc.c +++ b/lib/libssl/s3_cbc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_cbc.c,v 1.14 2016/11/08 21:25:01 miod Exp $ */ +/* $OpenBSD: s3_cbc.c,v 1.15 2017/01/23 06:45:30 beck Exp $ */ /* ==================================================================== * Copyright (c) 2012 The OpenSSL Project. All rights reserved. * @@ -135,7 +135,7 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, padding_length = rec->data[rec->length - 1]; - if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { + if (EVP_CIPHER_flags(s->internal->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { /* padding is already verified */ rec->length -= padding_length + 1; return 1; diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 8c1a87f38e3..0893682e75d 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.167 2017/01/23 05:13:02 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.168 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -197,7 +197,7 @@ ssl3_connect(SSL *s) switch (s->state) { case SSL_ST_RENEGOTIATE: - s->renegotiate = 1; + s->internal->renegotiate = 1; s->state = SSL_ST_CONNECT; s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ @@ -218,7 +218,7 @@ ssl3_connect(SSL *s) } /* s->version=SSL3_VERSION; */ - s->type = SSL_ST_CONNECT; + s->internal->type = SSL_ST_CONNECT; if (!ssl3_setup_init_buffer(s)) { ret = -1; @@ -242,18 +242,18 @@ ssl3_connect(SSL *s) s->state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CW_CLNT_HELLO_A: case SSL3_ST_CW_CLNT_HELLO_B: - s->shutdown = 0; + s->internal->shutdown = 0; ret = ssl3_client_hello(s); if (ret <= 0) goto end; s->state = SSL3_ST_CR_SRVR_HELLO_A; - s->init_num = 0; + s->internal->init_num = 0; /* turn on buffering for the next lot of output */ if (s->bbio != s->wbio) @@ -267,15 +267,15 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; - if (s->hit) { + if (s->internal->hit) { s->state = SSL3_ST_CR_FINISHED_A; - if (s->tlsext_ticket_expected) { + if (s->internal->tlsext_ticket_expected) { /* receive renewed session ticket */ s->state = SSL3_ST_CR_SESSION_TICKET_A; } } else s->state = SSL3_ST_CR_CERT_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_CERT_A: @@ -284,12 +284,12 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; if (ret == 2) { - s->hit = 1; - if (s->tlsext_ticket_expected) + s->internal->hit = 1; + if (s->internal->tlsext_ticket_expected) s->state = SSL3_ST_CR_SESSION_TICKET_A; else s->state = SSL3_ST_CR_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; break; } /* Check if it is anon DH/ECDH. */ @@ -298,7 +298,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; - if (s->tlsext_status_expected) + if (s->internal->tlsext_status_expected) s->state = SSL3_ST_CR_CERT_STATUS_A; else s->state = SSL3_ST_CR_KEY_EXCH_A; @@ -306,7 +306,7 @@ ssl3_connect(SSL *s) skip = 1; s->state = SSL3_ST_CR_KEY_EXCH_A; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_KEY_EXCH_A: @@ -315,7 +315,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_CERT_REQ_A; - s->init_num = 0; + s->internal->init_num = 0; /* * At this point we check that we have the @@ -333,7 +333,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_SRVR_DONE_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_SRVR_DONE_A: @@ -345,7 +345,7 @@ ssl3_connect(SSL *s) s->state = SSL3_ST_CW_CERT_A; else s->state = SSL3_ST_CW_KEY_EXCH_A; - s->init_num = 0; + s->internal->init_num = 0; break; @@ -357,7 +357,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CW_KEY_EXCH_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CW_KEY_EXCH_A: @@ -392,7 +392,7 @@ ssl3_connect(SSL *s) S3I(s)->change_cipher_spec = 0; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CW_CERT_VRFY_A: @@ -401,7 +401,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CW_CHANGE_A; - s->init_num = 0; + s->internal->init_num = 0; S3I(s)->change_cipher_spec = 0; break; @@ -416,7 +416,7 @@ ssl3_connect(SSL *s) s->state = SSL3_ST_CW_NEXT_PROTO_A; else s->state = SSL3_ST_CW_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; s->session->cipher = S3I(s)->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { @@ -453,7 +453,7 @@ ssl3_connect(SSL *s) /* clear flags */ s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; - if (s->hit) { + if (s->internal->hit) { S3I(s)->tmp.next_state = SSL_ST_OK; if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { @@ -463,14 +463,14 @@ ssl3_connect(SSL *s) } } else { /* Allow NewSessionTicket if ticket expected */ - if (s->tlsext_ticket_expected) + if (s->internal->tlsext_ticket_expected) S3I(s)->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; else S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_SESSION_TICKET_A: @@ -479,7 +479,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_CERT_STATUS_A: @@ -488,7 +488,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_KEY_EXCH_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_FINISHED_A: @@ -499,20 +499,20 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; - if (s->hit) + if (s->internal->hit) s->state = SSL3_ST_CW_CHANGE_A; else s->state = SSL_ST_OK; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CW_FLUSH: - s->rwstate = SSL_WRITING; + s->internal->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { ret = -1; goto end; } - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; s->state = S3I(s)->tmp.next_state; break; @@ -520,9 +520,9 @@ ssl3_connect(SSL *s) /* clean a few things up */ tls1_cleanup_key_block(s); - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; + if (s->internal->init_buf != NULL) { + BUF_MEM_free(s->internal->init_buf); + s->internal->init_buf = NULL; } /* @@ -533,12 +533,12 @@ ssl3_connect(SSL *s) ssl_free_wbio_buffer(s); /* else do it later in ssl3_write */ - s->init_num = 0; - s->renegotiate = 0; - s->new_session = 0; + s->internal->init_num = 0; + s->internal->renegotiate = 0; + s->internal->new_session = 0; ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); - if (s->hit) + if (s->internal->hit) s->ctx->internal->stats.sess_hit++; ret = 1; @@ -562,7 +562,7 @@ ssl3_connect(SSL *s) /* did we do anything */ if (!S3I(s)->tmp.reuse_message && !skip) { - if (s->debug) { + if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; } @@ -592,7 +592,7 @@ ssl3_client_hello(SSL *s) size_t outlen; int i; - bufend = (unsigned char *)s->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; + bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; @@ -654,7 +654,7 @@ ssl3_client_hello(SSL *s) p += SSL3_RANDOM_SIZE; /* Session ID */ - if (s->new_session) + if (s->internal->new_session) i = 0; else i = s->session->session_id_length; @@ -739,7 +739,7 @@ ssl3_get_server_hello(SSL *s) if (n < 0) goto truncated; - CBS_init(&cbs, s->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, n); if (SSL_IS_DTLS(s)) { if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { @@ -825,13 +825,13 @@ ssl3_get_server_hello(SSL *s) goto f_err; } s->s3->flags |= SSL3_FLAGS_CCS_OK; - s->hit = 1; + s->internal->hit = 1; } else { /* a miss or crap from the other end */ /* If we were trying for session-id reuse, make a new * SSL_SESSION so we don't stuff up other people */ - s->hit = 0; + s->internal->hit = 0; if (s->session->session_id_length > 0) { if (!ssl_get_new_session(s, 0)) { al = SSL_AD_INTERNAL_ERROR; @@ -881,7 +881,7 @@ ssl3_get_server_hello(SSL *s) */ if (s->session->cipher) s->session->cipher_id = s->session->cipher->id; - if (s->hit && (s->session->cipher_id != cipher->id)) { + if (s->internal->hit && (s->session->cipher_id != cipher->id)) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); @@ -951,7 +951,7 @@ ssl3_get_server_certificate(SSL *s) EVP_PKEY *pkey = NULL; n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); + SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); @@ -978,7 +978,7 @@ ssl3_get_server_certificate(SSL *s) if (n < 0) goto truncated; - CBS_init(&cbs, s->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, n); if (CBS_len(&cbs) < 3) goto truncated; @@ -1374,7 +1374,7 @@ ssl3_get_server_key_exchange(SSL *s) * as ServerKeyExchange message may be skipped. */ n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A, - SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok); + SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); @@ -1412,7 +1412,7 @@ ssl3_get_server_key_exchange(SSL *s) goto err; } - param = p = (unsigned char *)s->init_msg; + param = p = (unsigned char *)s->internal->init_msg; param_len = n; if (alg_k & SSL_kDHE) { @@ -1580,7 +1580,7 @@ ssl3_get_certificate_request(SSL *s) STACK_OF(X509_NAME) *ca_sk = NULL; n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A, - SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok); + SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); @@ -1617,7 +1617,7 @@ ssl3_get_certificate_request(SSL *s) if (n < 0) goto truncated; - CBS_init(&cert_request, s->init_msg, n); + CBS_init(&cert_request, s->internal->init_msg, n); if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, @@ -1779,7 +1779,7 @@ ssl3_get_new_session_ticket(SSL *s) goto f_err; } - CBS_init(&cbs, s->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, n); if (!CBS_get_u32(&cbs, &lifetime_hint) || #if UINT32_MAX > LONG_MAX lifetime_hint > LONG_MAX || @@ -1851,7 +1851,7 @@ ssl3_get_cert_status(SSL *s) goto f_err; } - CBS_init(&cert_status, s->init_msg, n); + CBS_init(&cert_status, s->internal->init_msg, n); if (!CBS_get_u8(&cert_status, &status_type) || CBS_len(&cert_status) < 3) { /* need at least status type + length */ @@ -1876,15 +1876,15 @@ ssl3_get_cert_status(SSL *s) goto f_err; } - if (!CBS_stow(&response, &s->tlsext_ocsp_resp, + if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp, &stow_len) || stow_len > INT_MAX) { - s->tlsext_ocsp_resplen = 0; + s->internal->tlsext_ocsp_resplen = 0; al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE); goto f_err; } - s->tlsext_ocsp_resplen = (int)stow_len; + s->internal->tlsext_ocsp_resplen = (int)stow_len; if (s->ctx->internal->tlsext_status_cb) { int ret; @@ -2573,10 +2573,10 @@ ssl3_send_client_certificate(SSL *s) */ i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { - s->rwstate = SSL_X509_LOOKUP; + s->internal->rwstate = SSL_X509_LOOKUP; return (-1); } - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { s->state = SSL3_ST_CW_CERT_B; if (!SSL_use_certificate(s, x509) || @@ -2738,7 +2738,7 @@ ssl3_check_finished(SSL *s) /* this function is called when we really expect a Certificate * message, so permit appropriate message length */ n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); + SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); S3I(s)->tmp.reuse_message = 1; diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 3e44d5e4c17..67745577562 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.124 2017/01/23 05:13:02 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.125 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1697,7 +1697,7 @@ ssl3_handshake_msg_start(SSL *s, uint8_t msg_type) { unsigned char *d, *p; - d = p = (unsigned char *)s->init_buf->data; + d = p = (unsigned char *)s->internal->init_buf->data; /* Handshake message type and length. */ *(p++) = msg_type; @@ -1712,14 +1712,14 @@ ssl3_handshake_msg_finish(SSL *s, unsigned int len) unsigned char *d, *p; uint8_t msg_type; - d = p = (unsigned char *)s->init_buf->data; + d = p = (unsigned char *)s->internal->init_buf->data; /* Handshake message length. */ msg_type = *(p++); l2n3(len, p); - s->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len; - s->init_off = 0; + s->internal->init_num = ssl3_handshake_msg_hdr_len(s) + (int)len; + s->internal->init_off = 0; if (SSL_IS_DTLS(s)) { dtls1_set_message_header(s, d, msg_type, len, 0, len); @@ -1766,13 +1766,13 @@ ssl3_handshake_msg_finish_cbb(SSL *s, CBB *handshake) if (outlen > INT_MAX) goto err; - if (!BUF_MEM_grow_clean(s->init_buf, outlen)) + if (!BUF_MEM_grow_clean(s->internal->init_buf, outlen)) goto err; - memcpy(s->init_buf->data, data, outlen); + memcpy(s->internal->init_buf->data, data, outlen); - s->init_num = (int)outlen; - s->init_off = 0; + s->internal->init_num = (int)outlen; + s->internal->init_off = 0; if (SSL_IS_DTLS(s)) { unsigned long len; @@ -1905,7 +1905,7 @@ ssl3_clear(SSL *s) S3I(s)->num_renegotiations = 0; S3I(s)->in_read_app_data = 0; - s->packet_length = 0; + s->internal->packet_length = 0; s->version = TLS1_VERSION; free(s->internal->next_proto_negotiated); @@ -1990,7 +1990,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) switch (cmd) { case SSL_CTRL_GET_SESSION_REUSED: - ret = s->hit; + ret = s->internal->hit; break; case SSL_CTRL_GET_CLIENT_CERT_REQUEST: break; @@ -2112,33 +2112,33 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: - *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; + *(STACK_OF(X509_EXTENSION) **)parg = s->internal->tlsext_ocsp_exts; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: - s->tlsext_ocsp_exts = parg; + s->internal->tlsext_ocsp_exts = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: - *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; + *(STACK_OF(OCSP_RESPID) **)parg = s->internal->tlsext_ocsp_ids; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: - s->tlsext_ocsp_ids = parg; + s->internal->tlsext_ocsp_ids = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: - *(unsigned char **)parg = s->tlsext_ocsp_resp; - return s->tlsext_ocsp_resplen; + *(unsigned char **)parg = s->internal->tlsext_ocsp_resp; + return s->internal->tlsext_ocsp_resplen; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: - free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = parg; - s->tlsext_ocsp_resplen = larg; + free(s->internal->tlsext_ocsp_resp); + s->internal->tlsext_ocsp_resp = parg; + s->internal->tlsext_ocsp_resplen = larg; ret = 1; break; @@ -2505,13 +2505,13 @@ ssl3_shutdown(SSL *s) * Don't do anything much if we have not done the handshake or * we don't want to send messages :-) */ - if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { - s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + if ((s->internal->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { + s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return (1); } - if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { - s->shutdown|=SSL_SENT_SHUTDOWN; + if (!(s->internal->shutdown & SSL_SENT_SHUTDOWN)) { + s->internal->shutdown|=SSL_SENT_SHUTDOWN; ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); /* * Our shutdown alert has been sent now, and if it still needs @@ -2531,15 +2531,15 @@ ssl3_shutdown(SSL *s) */ return (ret); } - } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + } else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { /* If we are waiting for a close from our peer, we are closed */ s->method->ssl_read_bytes(s, 0, NULL, 0, 0); - if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { return(-1); /* return WANT_READ */ } } - if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && + if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && !s->s3->alert_dispatch) return (1); else @@ -2552,8 +2552,8 @@ ssl3_write(SSL *s, const void *buf, int len) int ret, n; #if 0 - if (s->shutdown & SSL_SEND_SHUTDOWN) { - s->rwstate = SSL_NOTHING; + if (s->internal->shutdown & SSL_SEND_SHUTDOWN) { + s->internal->rwstate = SSL_NOTHING; return (0); } #endif @@ -2579,11 +2579,11 @@ ssl3_write(SSL *s, const void *buf, int len) S3I(s)->delay_buf_pop_ret = ret; } - s->rwstate = SSL_WRITING; + s->internal->rwstate = SSL_WRITING; n = BIO_flush(s->wbio); if (n <= 0) return (n); - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; /* We have flushed the buffer, so remove it */ ssl_free_wbio_buffer(s); diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index 004ede2ef02..458a355692b 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_pkt.c,v 1.63 2017/01/23 04:55:26 beck Exp $ */ +/* $OpenBSD: s3_pkt.c,v 1.64 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -126,9 +126,9 @@ static int ssl3_get_record(SSL *s); /* If extend == 0, obtain new n-byte packet; if extend == 1, increase * packet by another n bytes. * The packet will be in the sub-array of s->s3->rbuf.buf specified - * by s->packet and s->packet_length. - * (If s->read_ahead is set, 'max' bytes may be stored in rbuf - * [plus s->packet_length bytes if extend == 1].) + * by s->internal->packet and s->internal->packet_length. + * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf + * [plus s->internal->packet_length bytes if extend == 1].) */ int ssl3_read_n(SSL *s, int n, int max, int extend) @@ -171,8 +171,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend) rb->offset = align; } } - s->packet = rb->buf + rb->offset; - s->packet_length = 0; + s->internal->packet = rb->buf + rb->offset; + s->internal->packet_length = 0; /* ... now we can act as if 'extend' was set */ } @@ -186,7 +186,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) /* if there is enough in the buffer from a previous read, take some */ if (left >= n) { - s->packet_length += n; + s->internal->packet_length += n; rb->left = left - n; rb->offset += n; return (n); @@ -194,15 +194,15 @@ ssl3_read_n(SSL *s, int n, int max, int extend) /* else we need to read more data */ - len = s->packet_length; + len = s->internal->packet_length; pkt = rb->buf + align; /* Move any available bytes to front of buffer: * 'len' bytes already pointed to by 'packet', * 'left' extra ones at the end */ - if (s->packet != pkt) { + if (s->internal->packet != pkt) { /* len > 0 */ - memmove(pkt, s->packet, len + left); - s->packet = pkt; + memmove(pkt, s->internal->packet, len + left); + s->internal->packet = pkt; rb->offset = len + align; } @@ -212,7 +212,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) return -1; } - if (!s->read_ahead) { + if (!s->internal->read_ahead) { /* ignore max parameter */ max = n; } else { @@ -229,7 +229,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) errno = 0; if (s->rbio != NULL) { - s->rwstate = SSL_READING; + s->internal->rwstate = SSL_READING; i = BIO_read(s->rbio, pkt + len + left, max - left); } else { SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET); @@ -261,8 +261,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend) /* done reading, now the book-keeping */ rb->offset += n; rb->left = left - n; - s->packet_length += n; - s->rwstate = SSL_NOTHING; + s->internal->packet_length += n; + s->internal->rwstate = SSL_NOTHING; return (n); } @@ -291,7 +291,7 @@ ssl3_get_record(SSL *s) again: /* check if we have the header */ if ((s->rstate != SSL_ST_READ_BODY) || - (s->packet_length < SSL3_RT_HEADER_LENGTH)) { + (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) { CBS header; uint16_t len, ssl_version; uint8_t type; @@ -301,7 +301,7 @@ again: return(n); /* error or non-blocking */ s->rstate = SSL_ST_READ_BODY; - CBS_init(&header, s->packet, n); + CBS_init(&header, s->internal->packet, n); /* Pull apart the header into the SSL3_RECORD */ if (!CBS_get_u8(&header, &type) || @@ -316,11 +316,11 @@ again: rr->length = len; /* Lets check version */ - if (!s->first_packet && ssl_version != s->version) { + if (!s->internal->first_packet && ssl_version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && - !s->enc_write_ctx && !s->write_hash) + !s->internal->enc_write_ctx && !s->internal->write_hash) /* Send back error using their minor version number :-) */ s->version = ssl_version; al = SSL_AD_PROTOCOL_VERSION; @@ -345,24 +345,24 @@ again: /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ - if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) { - /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ + if (rr->length > s->internal->packet_length - SSL3_RT_HEADER_LENGTH) { + /* now s->internal->packet_length == SSL3_RT_HEADER_LENGTH */ i = rr->length; n = ssl3_read_n(s, i, i, 1); if (n <= 0) return(n); /* error or non-blocking io */ /* now n == rr->length, - * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ + * and s->internal->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ } s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ - /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, - * and we have that many bytes in s->packet + /* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, + * and we have that many bytes in s->internal->packet */ - rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]); + rr->input = &(s->internal->packet[SSL3_RT_HEADER_LENGTH]); - /* ok, we can now read from 's->packet' data into 'rr' + /* ok, we can now read from 's->internal->packet' data into 'rr' * rr->input points at rr->length bytes, which * need to be copied into rr->data by either * the decryption or by the decompression @@ -395,13 +395,13 @@ again: /* r->length is now the compressed data plus mac */ - if ((sess != NULL) && (s->enc_read_ctx != NULL) && - (EVP_MD_CTX_md(s->read_hash) != NULL)) { - /* s->read_hash != NULL => mac_size != -1 */ + if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) && + (EVP_MD_CTX_md(s->internal->read_hash) != NULL)) { + /* s->internal->read_hash != NULL => mac_size != -1 */ unsigned char *mac = NULL; unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - mac_size = EVP_MD_CTX_size(s->read_hash); + mac_size = EVP_MD_CTX_size(s->internal->read_hash); OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); /* kludge: *_cbc_remove_padding passes padding length in rr->type */ @@ -414,14 +414,14 @@ again: */ if (orig_len < mac_size || /* CBC records must have a padding length byte too. */ - (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && + (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE && orig_len < mac_size + 1)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); goto f_err; } - if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { + if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) { /* We update the length so that the TLS header bytes * can be constructed correctly but we need to extract * the MAC in constant time from within the record, @@ -480,7 +480,7 @@ again: */ /* we have pulled in a full packet so zero things */ - s->packet_length = 0; + s->internal->packet_length = 0; /* just read a 0 length packet */ if (rr->length == 0) @@ -509,7 +509,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) return -1; } - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; tot = S3I(s)->wnum; S3I(s)->wnum = 0; @@ -596,12 +596,12 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, wr = &(S3I(s)->wrec); sess = s->session; - if ((sess == NULL) || (s->enc_write_ctx == NULL) || - (EVP_MD_CTX_md(s->write_hash) == NULL)) { - clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ + if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) || + (EVP_MD_CTX_md(s->internal->write_hash) == NULL)) { + clear = s->internal->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ mac_size = 0; } else { - mac_size = EVP_MD_CTX_size(s->write_hash); + mac_size = EVP_MD_CTX_size(s->internal->write_hash); if (mac_size < 0) goto err; } @@ -666,7 +666,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* Some servers hang if iniatial client hello is larger than 256 * bytes and record version number > TLS 1.0 */ - if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->renegotiate && + if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && TLS1_get_version(s) > TLS1_VERSION) *(p++) = 0x1; else @@ -677,10 +677,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, p += 2; /* Explicit IV length. */ - if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { - int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); + if (s->internal->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { + int mode = EVP_CIPHER_CTX_mode(s->internal->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { - eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); + eivlen = EVP_CIPHER_CTX_iv_length(s->internal->enc_write_ctx); if (eivlen <= 1) eivlen = 0; } @@ -689,9 +689,9 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN; else eivlen = 0; - } else if (s->aead_write_ctx != NULL && - s->aead_write_ctx->variable_nonce_in_record) { - eivlen = s->aead_write_ctx->variable_nonce_len; + } else if (s->internal->aead_write_ctx != NULL && + s->internal->aead_write_ctx->variable_nonce_in_record) { + eivlen = s->internal->aead_write_ctx->variable_nonce_len; } else eivlen = 0; @@ -779,7 +779,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) for (;;) { errno = 0; if (s->wbio != NULL) { - s->rwstate = SSL_WRITING; + s->internal->rwstate = SSL_WRITING; i = BIO_write(s->wbio, (char *)&(wb->buf[wb->offset]), (unsigned int)wb->left); @@ -793,7 +793,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; return (S3I(s)->wpend_ret); } else if (i <= 0) { /* @@ -914,11 +914,11 @@ start: } BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - s->rwstate = SSL_READING; + s->internal->rwstate = SSL_READING; return -1; } - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; /* * S3I(s)->rrec.type - is the type of record @@ -948,9 +948,9 @@ start: /* If the other end has shut down, throw anything we read away * (even in 'peek' mode) */ - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { + if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { rr->length = 0; - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; return (0); } @@ -960,7 +960,7 @@ start: /* make sure that we are not getting application data when we * are doing a handshake for the first time */ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) { + (s->internal->enc_read_ctx == NULL)) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); @@ -1075,7 +1075,7 @@ start: * but we trigger an SSL handshake, we return -1 with * the retry option set. Otherwise renegotiation may * cause nasty problems in the blocking world */ - s->rwstate = SSL_READING; + s->internal->rwstate = SSL_READING; bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); @@ -1126,7 +1126,7 @@ start: if (alert_level == SSL3_AL_WARNING) { S3I(s)->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { - s->shutdown |= SSL_RECEIVED_SHUTDOWN; + s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); } /* This is a warning but we receive it if we requested @@ -1145,13 +1145,13 @@ start: goto f_err; } } else if (alert_level == SSL3_AL_FATAL) { - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; S3I(s)->fatal_alert = alert_descr; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); ERR_asprintf_error_data("SSL alert number %d", alert_descr); - s->shutdown |= SSL_RECEIVED_SHUTDOWN; + s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->ctx, s->session); return (0); } else { @@ -1163,9 +1163,9 @@ start: goto start; } - if (s->shutdown & SSL_SENT_SHUTDOWN) { + if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a shutdown */ - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; rr->length = 0; return (0); } @@ -1218,8 +1218,8 @@ start: if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; - s->renegotiate = 1; - s->new_session = 1; + s->internal->renegotiate = 1; + s->internal->new_session = 1; } i = s->internal->handshake_func(s); if (i < 0) @@ -1237,7 +1237,7 @@ start: * but we trigger an SSL handshake, we return -1 with * the retry option set. Otherwise renegotiation may * cause nasty problems in the blocking world */ - s->rwstate = SSL_READING; + s->internal->rwstate = SSL_READING; bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 5717d5edda7..31860eb049d 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.146 2017/01/23 05:13:02 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.147 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -199,7 +199,7 @@ ssl3_accept(SSL *s) switch (s->state) { case SSL_ST_RENEGOTIATE: - s->renegotiate = 1; + s->internal->renegotiate = 1; /* s->state=SSL_ST_ACCEPT; */ case SSL_ST_BEFORE: @@ -216,7 +216,7 @@ ssl3_accept(SSL *s) ret = -1; goto end; } - s->type = SSL_ST_ACCEPT; + s->internal->type = SSL_ST_ACCEPT; if (!ssl3_setup_init_buffer(s)) { ret = -1; @@ -227,7 +227,7 @@ ssl3_accept(SSL *s) goto end; } - s->init_num = 0; + s->internal->init_num = 0; if (s->state != SSL_ST_RENEGOTIATE) { /* @@ -272,13 +272,13 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_HELLO_REQ_A: case SSL3_ST_SW_HELLO_REQ_B: - s->shutdown = 0; + s->internal->shutdown = 0; ret = ssl3_send_hello_request(s); if (ret <= 0) goto end; S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C; s->state = SSL3_ST_SW_FLUSH; - s->init_num = 0; + s->internal->init_num = 0; if (!tls1_init_finished_mac(s)) { ret = -1; @@ -294,16 +294,16 @@ ssl3_accept(SSL *s) case SSL3_ST_SR_CLNT_HELLO_B: case SSL3_ST_SR_CLNT_HELLO_C: - s->shutdown = 0; - if (s->rwstate != SSL_X509_LOOKUP) { + s->internal->shutdown = 0; + if (s->internal->rwstate != SSL_X509_LOOKUP) { ret = ssl3_get_client_hello(s); if (ret <= 0) goto end; } - s->renegotiate = 2; + s->internal->renegotiate = 2; s->state = SSL3_ST_SW_SRVR_HELLO_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_SRVR_HELLO_A: @@ -311,15 +311,15 @@ ssl3_accept(SSL *s) ret = ssl3_send_server_hello(s); if (ret <= 0) goto end; - if (s->hit) { - if (s->tlsext_ticket_expected) + if (s->internal->hit) { + if (s->internal->tlsext_ticket_expected) s->state = SSL3_ST_SW_SESSION_TICKET_A; else s->state = SSL3_ST_SW_CHANGE_A; } else s->state = SSL3_ST_SW_CERT_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_CERT_A: @@ -330,7 +330,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_server_certificate(s); if (ret <= 0) goto end; - if (s->tlsext_status_expected) + if (s->internal->tlsext_status_expected) s->state = SSL3_ST_SW_CERT_STATUS_A; else s->state = SSL3_ST_SW_KEY_EXCH_A; @@ -338,7 +338,7 @@ ssl3_accept(SSL *s) skip = 1; s->state = SSL3_ST_SW_KEY_EXCH_A; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_KEY_EXCH_A: @@ -361,7 +361,7 @@ ssl3_accept(SSL *s) skip = 1; s->state = SSL3_ST_SW_CERT_REQ_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_CERT_REQ_A: @@ -405,7 +405,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_SW_SRVR_DONE_A; - s->init_num = 0; + s->internal->init_num = 0; } break; @@ -416,7 +416,7 @@ ssl3_accept(SSL *s) goto end; S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; s->state = SSL3_ST_SW_FLUSH; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_FLUSH: @@ -432,12 +432,12 @@ ssl3_accept(SSL *s) * unconditionally. */ - s->rwstate = SSL_WRITING; + s->internal->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { ret = -1; goto end; } - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; s->state = S3I(s)->tmp.next_state; break; @@ -449,7 +449,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; } - s->init_num = 0; + s->internal->init_num = 0; s->state = SSL3_ST_SR_KEY_EXCH_A; break; @@ -473,10 +473,10 @@ ssl3_accept(SSL *s) s->state = SSL3_ST_SR_NEXT_PROTO_A; else s->state = SSL3_ST_SR_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { s->state = SSL3_ST_SR_CERT_VRFY_A; - s->init_num = 0; + s->internal->init_num = 0; if (!s->session->peer) break; /* @@ -499,7 +499,7 @@ ssl3_accept(SSL *s) int dgst_num; s->state = SSL3_ST_SR_CERT_VRFY_A; - s->init_num = 0; + s->internal->init_num = 0; /* * We need to get hashes here so if there is @@ -547,7 +547,7 @@ ssl3_accept(SSL *s) s->state = SSL3_ST_SR_NEXT_PROTO_A; else s->state = SSL3_ST_SR_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SR_NEXT_PROTO_A: @@ -555,7 +555,7 @@ ssl3_accept(SSL *s) ret = ssl3_get_next_proto(s); if (ret <= 0) goto end; - s->init_num = 0; + s->internal->init_num = 0; s->state = SSL3_ST_SR_FINISHED_A; break; @@ -566,13 +566,13 @@ ssl3_accept(SSL *s) SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; - if (s->hit) + if (s->internal->hit) s->state = SSL_ST_OK; - else if (s->tlsext_ticket_expected) + else if (s->internal->tlsext_ticket_expected) s->state = SSL3_ST_SW_SESSION_TICKET_A; else s->state = SSL3_ST_SW_CHANGE_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_SESSION_TICKET_A: @@ -581,7 +581,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_SW_CHANGE_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_SW_CERT_STATUS_A: @@ -590,7 +590,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_SW_KEY_EXCH_A; - s->init_num = 0; + s->internal->init_num = 0; break; @@ -609,7 +609,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_SW_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; if (!s->method->ssl3_enc->change_cipher_state( s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { @@ -628,7 +628,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_SW_FLUSH; - if (s->hit) { + if (s->internal->hit) { if (S3I(s)->next_proto_neg_seen) { s->s3->flags |= SSL3_FLAGS_CCS_OK; S3I(s)->tmp.next_state = @@ -638,25 +638,25 @@ ssl3_accept(SSL *s) SSL3_ST_SR_FINISHED_A; } else S3I(s)->tmp.next_state = SSL_ST_OK; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL_ST_OK: /* clean a few things up */ tls1_cleanup_key_block(s); - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; + BUF_MEM_free(s->internal->init_buf); + s->internal->init_buf = NULL; /* remove buffering on output */ ssl_free_wbio_buffer(s); - s->init_num = 0; + s->internal->init_num = 0; /* skipped if we just sent a HelloRequest */ - if (s->renegotiate == 2) { - s->renegotiate = 0; - s->new_session = 0; + if (s->internal->renegotiate == 2) { + s->internal->renegotiate = 0; + s->internal->new_session = 0; ssl_update_cache(s, SSL_SESS_CACHE_SERVER); @@ -681,7 +681,7 @@ ssl3_accept(SSL *s) } if (!S3I(s)->tmp.reuse_message && !skip) { - if (s->debug) { + if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; } @@ -741,15 +741,15 @@ ssl3_get_client_hello(SSL *s) if (s->state == SSL3_ST_SR_CLNT_HELLO_A) { s->state = SSL3_ST_SR_CLNT_HELLO_B; } - s->first_packet = 1; + s->internal->first_packet = 1; n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) return ((int)n); - s->first_packet = 0; - d = p = (unsigned char *)s->init_msg; + s->internal->first_packet = 0; + d = p = (unsigned char *)s->internal->init_msg; if (2 > n) goto truncated; @@ -765,7 +765,7 @@ ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && - !s->enc_write_ctx && !s->write_hash) { + !s->internal->enc_write_ctx && !s->internal->write_hash) { /* * Similar to ssl3_get_record, send alert using remote * version number @@ -808,7 +808,7 @@ ssl3_get_client_hello(SSL *s) if (p - d + j > n) goto truncated; - s->hit = 0; + s->internal->hit = 0; /* * Versions before 0.9.7 always allow clients to resume sessions in * renegotiation. 0.9.7 and later allow this by default, but optionally @@ -819,19 +819,19 @@ ssl3_get_client_hello(SSL *s) * library versions). * * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() - * to request renegotiation but not a new session (s->new_session + * to request renegotiation but not a new session (s->internal->new_session * remains unset): for servers, this essentially just means that the * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be * ignored. */ - if ((s->new_session && (s->options & + if ((s->internal->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { if (!ssl_get_new_session(s, 1)) goto err; } else { i = ssl_get_prev_session(s, p, j, d + n); if (i == 1) { /* previous session */ - s->hit = 1; + s->internal->hit = 1; } else if (i == -1) goto err; else { @@ -913,7 +913,7 @@ ssl3_get_client_hello(SSL *s) p += i; /* If it is a hit, check that the cipher is in the list */ - if ((s->hit) && (i > 0)) { + if ((s->internal->hit) && (i > 0)) { j = 0; id = s->session->cipher->id; @@ -976,14 +976,14 @@ ssl3_get_client_hello(SSL *s) */ arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); - if (!s->hit && s->internal->tls_session_secret_cb) { + if (!s->internal->hit && s->internal->tls_session_secret_cb) { SSL_CIPHER *pref_cipher = NULL; s->session->master_key_length = sizeof(s->session->master_key); if (s->internal->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length, ciphers, &pref_cipher, s->internal->tls_session_secret_cb_arg)) { - s->hit = 1; + s->internal->hit = 1; s->session->ciphers = ciphers; s->session->verify_result = X509_V_OK; @@ -1005,11 +1005,11 @@ ssl3_get_client_hello(SSL *s) if (s->cipher_list) sk_SSL_CIPHER_free(s->cipher_list); - if (s->cipher_list_by_id) - sk_SSL_CIPHER_free(s->cipher_list_by_id); + if (s->internal->cipher_list_by_id) + sk_SSL_CIPHER_free(s->internal->cipher_list_by_id); s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); - s->cipher_list_by_id = + s->internal->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); } } @@ -1019,7 +1019,7 @@ ssl3_get_client_hello(SSL *s) * pick a cipher */ - if (!s->hit) { + if (!s->internal->hit) { if (s->session->ciphers != NULL) sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers = ciphers; @@ -1061,7 +1061,7 @@ ssl3_get_client_hello(SSL *s) * compression - basically ignored right now * ssl version is set - sslv3 * s->session - The ssl session has been setup. - * s->hit - session reuse flag + * s->internal->hit - session reuse flag * s->tmp.new_cipher - the new cipher to use. */ @@ -1097,7 +1097,7 @@ ssl3_send_server_hello(SSL *s) memset(&cbb, 0, sizeof(cbb)); - bufend = (unsigned char *)s->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; + bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); @@ -1125,12 +1125,12 @@ ssl3_send_server_hello(SSL *s) * - However, if we want the new session to be single-use, * we send back a 0-length session ID. * - * s->hit is non-zero in either case of session reuse, + * s->internal->hit is non-zero in either case of session reuse, * so the following won't overwrite an ID that we're supposed * to send back. */ if (!(s->ctx->internal->session_cache_mode & SSL_SESS_CACHE_SERVER) - && !s->hit) + && !s->internal->hit) s->session->session_id_length = 0; sl = s->session->session_id_length; @@ -1491,7 +1491,7 @@ ssl3_send_server_key_exchange(SSL *s) type = S3I(s)->tmp.new_cipher->algorithm_mkey; cert = s->cert; - buf = s->init_buf; + buf = s->internal->init_buf; if (!CBB_init(&cbb, 0)) goto err; @@ -1647,7 +1647,7 @@ ssl3_send_certificate_request(SSL *s) BUF_MEM *buf; if (s->state == SSL3_ST_SW_CERT_REQ_A) { - buf = s->init_buf; + buf = s->internal->init_buf; d = p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_REQUEST); @@ -1986,7 +1986,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) * p is pointing to somewhere in the buffer * currently, so set it to the start. */ - p = (unsigned char *)s->init_buf->data; + p = (unsigned char *)s->internal->init_buf->data; } /* Compute the shared pre-master secret */ @@ -2169,7 +2169,7 @@ ssl3_get_client_key_exchange(SSL *s) if (!ok) return ((int)n); - p = (unsigned char *)s->init_msg; + p = (unsigned char *)s->internal->init_msg; alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; @@ -2261,7 +2261,7 @@ ssl3_get_cert_verify(SSL *s) } /* we now have a signature that we need to verify */ - p = (unsigned char *)s->init_msg; + p = (unsigned char *)s->internal->init_msg; /* * Check for broken implementations of GOST ciphersuites. * @@ -2477,7 +2477,7 @@ ssl3_get_client_certificate(SSL *s) STACK_OF(X509) *sk = NULL; n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, - -1, s->max_cert_list, &ok); + -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); @@ -2515,7 +2515,7 @@ ssl3_get_client_certificate(SSL *s) if (n < 0) goto truncated; - CBS_init(&cbs, s->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, n); if ((sk = sk_X509_new_null()) == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, @@ -2727,7 +2727,7 @@ ssl3_send_newsession_ticket(SSL *s) * session_length + max_enc_block_size (max encrypted session * length) + max_md_size (HMAC). */ - if (!BUF_MEM_grow(s->init_buf, ssl3_handshake_msg_hdr_len(s) + + if (!BUF_MEM_grow(s->internal->init_buf, ssl3_handshake_msg_hdr_len(s) + 22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) goto err; @@ -2763,7 +2763,7 @@ ssl3_send_newsession_ticket(SSL *s) * (for simplicity), and guess that tickets for new * sessions will live as long as their sessions. */ - l2n(s->hit ? 0 : s->session->timeout, p); + l2n(s->internal->hit ? 0 : s->session->timeout, p); /* Skip ticket length for now */ p += 2; @@ -2825,17 +2825,17 @@ ssl3_send_cert_status(SSL *s) * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) */ - if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 + - s->tlsext_ocsp_resplen)) + if (!BUF_MEM_grow(s->internal->init_buf, SSL3_HM_HEADER_LENGTH + 4 + + s->internal->tlsext_ocsp_resplen)) return (-1); p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS); *(p++) = s->tlsext_status_type; - l2n3(s->tlsext_ocsp_resplen, p); - memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); + l2n3(s->internal->tlsext_ocsp_resplen, p); + memcpy(p, s->internal->tlsext_ocsp_resp, s->internal->tlsext_ocsp_resplen); - ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4); + ssl3_handshake_msg_finish(s, s->internal->tlsext_ocsp_resplen + 4); s->state = SSL3_ST_SW_CERT_STATUS_B; } @@ -2887,7 +2887,7 @@ ssl3_get_next_proto(SSL *s) return (0); /* The body must be > 1 bytes long */ - CBS_init(&cbs, s->init_msg, s->init_num); + CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); /* * The payload looks like: diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 99ac44d7697..4069fcd024a 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.113 2017/01/23 05:27:22 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.114 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -828,8 +828,6 @@ struct ssl_st { */ int version; - int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ - const SSL_METHOD *method; /* SSLv3 */ /* There are 2 BIO's even though they are normally both the @@ -846,76 +844,19 @@ struct ssl_st { char *wbio; /* used by SSL_write */ char *bbio; #endif - /* This holds a variable that indicates what we were doing - * when a 0 or -1 is returned. This is needed for - * non-blocking IO so we know what request needs re-doing when - * in SSL_accept or SSL_connect */ - int rwstate; - - /* Imagine that here's a boolean member "init" that is - * switched as soon as SSL_set_{accept/connect}_state - * is called for the first time, so that "state" and - * "handshake_func" are properly initialized. But as - * handshake_func is == 0 until then, we use this - * test instead of an "init" member. - */ - int server; /* are we the server side? - mostly used by SSL_clear*/ - int new_session;/* Generate a new session or reuse an old one. - * NB: For servers, the 'new' session may actually be a previously - * cached session or even the previous session unless - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ - int quiet_shutdown;/* don't send shutdown packets */ - int shutdown; /* we have shut things down, 0x01 sent, 0x02 - * for received */ int state; /* where we are */ int rstate; /* where we are when reading */ - BUF_MEM *init_buf; /* buffer used during init */ - void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ - int init_num; /* amount read/written */ - int init_off; /* amount read/written */ - - /* used internally to point at a raw packet */ - unsigned char *packet; - unsigned int packet_length; - struct ssl3_state_st *s3; /* SSLv3 variables */ struct dtls1_state_st *d1; /* DTLSv1 variables */ - int read_ahead; /* Read as many input bytes as possible - * (for non-blocking reads) */ - - int hit; /* reusing a previous session */ - X509_VERIFY_PARAM *param; /* crypto */ STACK_OF(SSL_CIPHER) *cipher_list; - STACK_OF(SSL_CIPHER) *cipher_list_by_id; - - /* These are the ones being used, the ones in SSL_SESSION are - * the ones to be 'copied' into these ones */ - int mac_flags; - - SSL_AEAD_CTX *aead_read_ctx; /* AEAD context. If non-NULL, then - enc_read_ctx and read_hash are - ignored. */ - - EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ - EVP_MD_CTX *read_hash; /* used for mac generation */ - SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then - enc_write_ctx and write_hash are - ignored. */ - - EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ - - /* session info */ - - /* client cert? */ /* This is used to hold the server certificate used */ struct cert_st /* CERT */ *cert; @@ -933,69 +874,26 @@ struct ssl_st { int error; /* error bytes to be written */ int error_code; /* actual code */ - - SSL_CTX *ctx; - /* set this flag to 1 and a sleep(1) is put into all SSL_read() - * and SSL_write() calls, good for nbio debuging :-) */ - int debug; - - /* extra application data */ long verify_result; - CRYPTO_EX_DATA ex_data; - - /* for server side, keep the list of CA_dn we can use */ - STACK_OF(X509_NAME) *client_CA; int references; unsigned long options; /* protocol behaviour */ unsigned long mode; /* API behaviour */ - long max_cert_list; - int first_packet; int client_version; /* what was passed, used for * SSLv3/TLS rollback check */ unsigned int max_send_fragment; char *tlsext_hostname; - int servername_done; /* no further mod of servername - 0 : call the servername extension callback. - 1 : prepare 2, allow last ack just after in server callback. - 2 : don't call servername callback, no ack in server hello - */ /* certificate status request info */ /* Status type or -1 if no status type */ int tlsext_status_type; - /* Expect OCSP CertificateStatus message */ - int tlsext_status_expected; - /* OCSP status request only */ - STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; - X509_EXTENSIONS *tlsext_ocsp_exts; - /* OCSP response received or to be sent */ - unsigned char *tlsext_ocsp_resp; - int tlsext_ocsp_resplen; - - /* RFC4507 session ticket expected to be received or sent */ - int tlsext_ticket_expected; - size_t tlsext_ecpointformatlist_length; - uint8_t *tlsext_ecpointformatlist; /* our list */ - size_t tlsext_ellipticcurvelist_length; - uint16_t *tlsext_ellipticcurvelist; /* our list */ - - /* TLS Session Ticket extension override */ - TLS_SESSION_TICKET_EXT *tlsext_session_ticket; SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ #define session_ctx initial_ctx - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ - SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ - - int renegotiate;/* 1 if we are renegotiating. - * 2 if we are a server and are inside a handshake - * (i.e. not just sending a HelloRequest) */ - struct ssl_internal_st *internal; }; diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 496fcf85bc4..c23e789bf8f 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.57 2017/01/23 05:13:02 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.58 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -486,7 +486,7 @@ SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) { - set_client_CA_list(&(s->client_CA), name_list); + set_client_CA_list(&(s->internal->client_CA), name_list); } void @@ -504,7 +504,7 @@ SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) STACK_OF(X509_NAME) * SSL_get_client_CA_list(const SSL *s) { - if (s->type == SSL_ST_CONNECT) { + if (s->internal->type == SSL_ST_CONNECT) { /* We are in the client. */ if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL)) @@ -512,8 +512,8 @@ SSL_get_client_CA_list(const SSL *s) else return (NULL); } else { - if (s->client_CA != NULL) - return (s->client_CA); + if (s->internal->client_CA != NULL) + return (s->internal->client_CA); else return (s->ctx->internal->client_CA); } @@ -542,7 +542,7 @@ add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) int SSL_add_client_CA(SSL *ssl, X509 *x) { - return (add_client_CA(&(ssl->client_CA), x)); + return (add_client_CA(&(ssl->internal->client_CA), x)); } int diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 036a13b36a7..c29d6225df6 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.134 2017/01/23 05:13:02 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.135 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -200,31 +200,31 @@ SSL_clear(SSL *s) } s->error = 0; - s->hit = 0; - s->shutdown = 0; + s->internal->hit = 0; + s->internal->shutdown = 0; - if (s->renegotiate) { + if (s->internal->renegotiate) { SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); return (0); } - s->type = 0; + s->internal->type = 0; s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); s->version = s->method->version; s->client_version = s->version; - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; s->rstate = SSL_ST_READ_HEADER; - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; + BUF_MEM_free(s->internal->init_buf); + s->internal->init_buf = NULL; ssl_clear_cipher_ctx(s); - ssl_clear_hash_ctx(&s->read_hash); - ssl_clear_hash_ctx(&s->write_hash); + ssl_clear_hash_ctx(&s->internal->read_hash); + ssl_clear_hash_ctx(&s->internal->write_hash); - s->first_packet = 0; + s->internal->first_packet = 0; /* * Check to see if we were changed into a different method, if @@ -286,7 +286,7 @@ SSL_new(SSL_CTX *ctx) s->options = ctx->options; s->mode = ctx->mode; - s->max_cert_list = ctx->internal->max_cert_list; + s->internal->max_cert_list = ctx->internal->max_cert_list; if (ctx->internal->cert != NULL) { /* @@ -306,7 +306,7 @@ SSL_new(SSL_CTX *ctx) } else s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ - s->read_ahead = ctx->internal->read_ahead; + s->internal->read_ahead = ctx->internal->read_ahead; s->internal->msg_callback = ctx->internal->msg_callback; s->internal->msg_callback_arg = ctx->internal->msg_callback_arg; s->verify_mode = ctx->verify_mode; @@ -320,20 +320,20 @@ SSL_new(SSL_CTX *ctx) if (!s->param) goto err; X509_VERIFY_PARAM_inherit(s->param, ctx->param); - s->quiet_shutdown = ctx->internal->quiet_shutdown; + s->internal->quiet_shutdown = ctx->internal->quiet_shutdown; s->max_send_fragment = ctx->internal->max_send_fragment; CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); s->ctx = ctx; s->internal->tlsext_debug_cb = 0; s->internal->tlsext_debug_arg = NULL; - s->tlsext_ticket_expected = 0; + s->internal->tlsext_ticket_expected = 0; s->tlsext_status_type = -1; - s->tlsext_status_expected = 0; - s->tlsext_ocsp_ids = NULL; - s->tlsext_ocsp_exts = NULL; - s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resplen = -1; + s->internal->tlsext_status_expected = 0; + s->internal->tlsext_ocsp_ids = NULL; + s->internal->tlsext_ocsp_exts = NULL; + s->internal->tlsext_ocsp_resp = NULL; + s->internal->tlsext_ocsp_resplen = -1; CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); s->initial_ctx = ctx; s->internal->next_proto_negotiated = NULL; @@ -362,7 +362,7 @@ SSL_new(SSL_CTX *ctx) SSL_clear(s); - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data); return (s); @@ -497,7 +497,7 @@ SSL_free(SSL *s) if (s->param) X509_VERIFY_PARAM_free(s->param); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data); if (s->bbio != NULL) { /* If the buffering BIO is in place, pop it off */ @@ -512,14 +512,14 @@ SSL_free(SSL *s) BIO_free_all(s->rbio); BIO_free_all(s->wbio); - if (s->init_buf != NULL) - BUF_MEM_free(s->init_buf); + if (s->internal->init_buf != NULL) + BUF_MEM_free(s->internal->init_buf); /* add extra stuff */ if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); - if (s->cipher_list_by_id != NULL) - sk_SSL_CIPHER_free(s->cipher_list_by_id); + if (s->internal->cipher_list_by_id != NULL) + sk_SSL_CIPHER_free(s->internal->cipher_list_by_id); /* Make the next call work :-) */ if (s->session != NULL) { @@ -528,8 +528,8 @@ SSL_free(SSL *s) } ssl_clear_cipher_ctx(s); - ssl_clear_hash_ctx(&s->read_hash); - ssl_clear_hash_ctx(&s->write_hash); + ssl_clear_hash_ctx(&s->internal->read_hash); + ssl_clear_hash_ctx(&s->internal->write_hash); if (s->cert != NULL) ssl_cert_free(s->cert); @@ -537,17 +537,17 @@ SSL_free(SSL *s) free(s->tlsext_hostname); SSL_CTX_free(s->initial_ctx); - free(s->tlsext_ecpointformatlist); - free(s->tlsext_ellipticcurvelist); - if (s->tlsext_ocsp_exts) - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, + free(s->internal->tlsext_ecpointformatlist); + free(s->internal->tlsext_ellipticcurvelist); + if (s->internal->tlsext_ocsp_exts) + sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts, X509_EXTENSION_free); - if (s->tlsext_ocsp_ids) - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); - free(s->tlsext_ocsp_resp); + if (s->internal->tlsext_ocsp_ids) + sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free); + free(s->internal->tlsext_ocsp_resp); - if (s->client_CA != NULL) - sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); + if (s->internal->client_CA != NULL) + sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free); if (s->method != NULL) s->method->ssl_free(s); @@ -558,8 +558,8 @@ SSL_free(SSL *s) free(s->internal->alpn_client_proto_list); #ifndef OPENSSL_NO_SRTP - if (s->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); + if (s->internal->srtp_profiles) + sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles); #endif free(s->internal); @@ -779,13 +779,13 @@ SSL_set_verify_depth(SSL *s, int depth) void SSL_set_read_ahead(SSL *s, int yes) { - s->read_ahead = yes; + s->internal->read_ahead = yes; } int SSL_get_read_ahead(const SSL *s) { - return (s->read_ahead); + return (s->internal->read_ahead); } int @@ -951,8 +951,8 @@ SSL_read(SSL *s, void *buf, int num) return (-1); } - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { - s->rwstate = SSL_NOTHING; + if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { + s->internal->rwstate = SSL_NOTHING; return (0); } return (s->method->ssl_read(s, buf, num)); @@ -966,7 +966,7 @@ SSL_peek(SSL *s, void *buf, int num) return (-1); } - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { + if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { return (0); } return (s->method->ssl_peek(s, buf, num)); @@ -980,8 +980,8 @@ SSL_write(SSL *s, const void *buf, int num) return (-1); } - if (s->shutdown & SSL_SENT_SHUTDOWN) { - s->rwstate = SSL_NOTHING; + if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { + s->internal->rwstate = SSL_NOTHING; SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); return (-1); } @@ -1012,10 +1012,10 @@ SSL_shutdown(SSL *s) int SSL_renegotiate(SSL *s) { - if (s->renegotiate == 0) - s->renegotiate = 1; + if (s->internal->renegotiate == 0) + s->internal->renegotiate = 1; - s->new_session = 1; + s->internal->new_session = 1; return (s->method->ssl_renegotiate(s)); } @@ -1023,10 +1023,10 @@ SSL_renegotiate(SSL *s) int SSL_renegotiate_abbreviated(SSL *s) { - if (s->renegotiate == 0) - s->renegotiate = 1; + if (s->internal->renegotiate == 0) + s->internal->renegotiate = 1; - s->new_session = 0; + s->internal->new_session = 0; return (s->method->ssl_renegotiate(s)); } @@ -1038,7 +1038,7 @@ SSL_renegotiate_pending(SSL *s) * Becomes true when negotiation is requested; * false again once a handshake has finished. */ - return (s->renegotiate != 0); + return (s->internal->renegotiate != 0); } long @@ -1048,10 +1048,10 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: - return (s->read_ahead); + return (s->internal->read_ahead); case SSL_CTRL_SET_READ_AHEAD: - l = s->read_ahead; - s->read_ahead = larg; + l = s->internal->read_ahead; + s->internal->read_ahead = larg; return (l); case SSL_CTRL_SET_MSG_CALLBACK_ARG: @@ -1067,10 +1067,10 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_CLEAR_MODE: return (s->mode &=~larg); case SSL_CTRL_GET_MAX_CERT_LIST: - return (s->max_cert_list); + return (s->internal->max_cert_list); case SSL_CTRL_SET_MAX_CERT_LIST: - l = s->max_cert_list; - s->max_cert_list = larg; + l = s->internal->max_cert_list; + s->internal->max_cert_list = larg; return (l); case SSL_CTRL_SET_MTU: #ifndef OPENSSL_NO_DTLS1 @@ -1261,8 +1261,8 @@ STACK_OF(SSL_CIPHER) * ssl_get_ciphers_by_id(SSL *s) { if (s != NULL) { - if (s->cipher_list_by_id != NULL) { - return (s->cipher_list_by_id); + if (s->internal->cipher_list_by_id != NULL) { + return (s->internal->cipher_list_by_id); } else if ((s->ctx != NULL) && (s->ctx->internal->cipher_list_by_id != NULL)) { return (s->ctx->internal->cipher_list_by_id); @@ -1322,7 +1322,7 @@ SSL_set_cipher_list(SSL *s, const char *str) STACK_OF(SSL_CIPHER) *sk; sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, - &s->cipher_list_by_id, str); + &s->internal->cipher_list_by_id, str); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return (0); @@ -1399,7 +1399,7 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, } /* Add SCSV if there are other ciphers and we're not renegotiating. */ - if (ciphers > 0 && !s->renegotiate) { + if (ciphers > 0 && !s->internal->renegotiate) { if (!CBB_add_u16(&cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK)) goto err; } @@ -1456,7 +1456,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if * renegotiating. */ - if (s->renegotiate) { + if (s->internal->renegotiate) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); ssl3_send_alert(s, SSL3_AL_FATAL, @@ -2274,7 +2274,7 @@ ssl_update_cache(SSL *s, int mode) return; i = s->session_ctx->internal->session_cache_mode; - if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) + if ((i & mode) && (!s->internal->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) || SSL_CTX_add_session(s->session_ctx, s->session)) && (s->session_ctx->internal->new_session_cb != NULL)) { CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); @@ -2354,7 +2354,7 @@ SSL_get_error(const SSL *s, int i) * try to write to the rbio, and an application * program where rbio and wbio are separate couldn't * even know what it should wait for. However if we - * ever set s->rwstate incorrectly (so that we have + * ever set s->internal->rwstate incorrectly (so that we have * SSL_want_read(s) instead of SSL_want_write(s)) * and rbio and wbio *are* the same, this test works * around that bug; so it might be safer to keep it. @@ -2396,7 +2396,7 @@ SSL_get_error(const SSL *s, int i) } if (i == 0) { - if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && + if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY)) return (SSL_ERROR_ZERO_RETURN); } @@ -2429,26 +2429,26 @@ void SSL_set_accept_state(SSL *s) { s->server = 1; - s->shutdown = 0; + s->internal->shutdown = 0; s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; s->internal->handshake_func = s->method->ssl_accept; /* clear the current cipher */ ssl_clear_cipher_ctx(s); - ssl_clear_hash_ctx(&s->read_hash); - ssl_clear_hash_ctx(&s->write_hash); + ssl_clear_hash_ctx(&s->internal->read_hash); + ssl_clear_hash_ctx(&s->internal->write_hash); } void SSL_set_connect_state(SSL *s) { s->server = 0; - s->shutdown = 0; + s->internal->shutdown = 0; s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; s->internal->handshake_func = s->method->ssl_connect; /* clear the current cipher */ ssl_clear_cipher_ctx(s); - ssl_clear_hash_ctx(&s->read_hash); - ssl_clear_hash_ctx(&s->write_hash); + ssl_clear_hash_ctx(&s->internal->read_hash); + ssl_clear_hash_ctx(&s->internal->write_hash); } int @@ -2609,7 +2609,7 @@ SSL_dup(SSL *s) return (NULL); ret->version = s->version; - ret->type = s->type; + ret->internal->type = s->internal->type; ret->method = s->method; if (s->session != NULL) { @@ -2653,11 +2653,11 @@ SSL_dup(SSL *s) SSL_set_info_callback(ret, SSL_get_info_callback(s)); - ret->debug = s->debug; + ret->internal->debug = s->internal->debug; /* copy app data, a little dangerous perhaps */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, - &ret->ex_data, &s->ex_data)) + &ret->internal->ex_data, &s->internal->ex_data)) goto err; /* setup rbio, and wbio */ @@ -2672,14 +2672,14 @@ SSL_dup(SSL *s) } else ret->wbio = ret->rbio; } - ret->rwstate = s->rwstate; + ret->internal->rwstate = s->internal->rwstate; ret->internal->in_handshake = s->internal->in_handshake; ret->internal->handshake_func = s->internal->handshake_func; ret->server = s->server; - ret->renegotiate = s->renegotiate; - ret->new_session = s->new_session; - ret->quiet_shutdown = s->quiet_shutdown; - ret->shutdown = s->shutdown; + ret->internal->renegotiate = s->internal->renegotiate; + ret->internal->new_session = s->internal->new_session; + ret->internal->quiet_shutdown = s->internal->quiet_shutdown; + ret->internal->shutdown = s->internal->shutdown; /* SSL_dup does not really work at any state, though */ ret->state=s->state; ret->rstate = s->rstate; @@ -2688,9 +2688,9 @@ SSL_dup(SSL *s) * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, * ret->init_off */ - ret->init_num = 0; + ret->internal->init_num = 0; - ret->hit = s->hit; + ret->internal->hit = s->internal->hit; X509_VERIFY_PARAM_inherit(ret->param, s->param); @@ -2700,16 +2700,16 @@ SSL_dup(SSL *s) sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) goto err; } - if (s->cipher_list_by_id != NULL) { - if ((ret->cipher_list_by_id = - sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL) + if (s->internal->cipher_list_by_id != NULL) { + if ((ret->internal->cipher_list_by_id = + sk_SSL_CIPHER_dup(s->internal->cipher_list_by_id)) == NULL) goto err; } /* Dup the client_CA list */ - if (s->client_CA != NULL) { - if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; - ret->client_CA = sk; + if (s->internal->client_CA != NULL) { + if ((sk = sk_X509_NAME_dup(s->internal->client_CA)) == NULL) goto err; + ret->internal->client_CA = sk; for (i = 0; i < sk_X509_NAME_num(sk); i++) { xn = sk_X509_NAME_value(sk, i); if (sk_X509_NAME_set(sk, i, @@ -2732,20 +2732,20 @@ err: void ssl_clear_cipher_ctx(SSL *s) { - EVP_CIPHER_CTX_free(s->enc_read_ctx); - s->enc_read_ctx = NULL; - EVP_CIPHER_CTX_free(s->enc_write_ctx); - s->enc_write_ctx = NULL; + EVP_CIPHER_CTX_free(s->internal->enc_read_ctx); + s->internal->enc_read_ctx = NULL; + EVP_CIPHER_CTX_free(s->internal->enc_write_ctx); + s->internal->enc_write_ctx = NULL; - if (s->aead_read_ctx != NULL) { - EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx); - free(s->aead_read_ctx); - s->aead_read_ctx = NULL; + if (s->internal->aead_read_ctx != NULL) { + EVP_AEAD_CTX_cleanup(&s->internal->aead_read_ctx->ctx); + free(s->internal->aead_read_ctx); + s->internal->aead_read_ctx = NULL; } - if (s->aead_write_ctx != NULL) { - EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx); - free(s->aead_write_ctx); - s->aead_write_ctx = NULL; + if (s->internal->aead_write_ctx != NULL) { + EVP_AEAD_CTX_cleanup(&s->internal->aead_write_ctx->ctx); + free(s->internal->aead_write_ctx); + s->internal->aead_write_ctx = NULL; } } @@ -2852,25 +2852,25 @@ SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) void SSL_set_quiet_shutdown(SSL *s, int mode) { - s->quiet_shutdown = mode; + s->internal->quiet_shutdown = mode; } int SSL_get_quiet_shutdown(const SSL *s) { - return (s->quiet_shutdown); + return (s->internal->quiet_shutdown); } void SSL_set_shutdown(SSL *s, int mode) { - s->shutdown = mode; + s->internal->shutdown = mode; } int SSL_get_shutdown(const SSL *s) { - return (s->shutdown); + return (s->internal->shutdown); } int @@ -2973,13 +2973,13 @@ SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, int SSL_set_ex_data(SSL *s, int idx, void *arg) { - return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); + return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); } void * SSL_get_ex_data(const SSL *s, int idx) { - return (CRYPTO_get_ex_data(&s->ex_data, idx)); + return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); } int @@ -3025,7 +3025,7 @@ SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) int SSL_want(const SSL *s) { - return (s->rwstate); + return (s->internal->rwstate); } void @@ -3098,13 +3098,13 @@ ssl_clear_hash_ctx(EVP_MD_CTX **hash) void SSL_set_debug(SSL *s, int debug) { - s->debug = debug; + s->internal->debug = debug; } int SSL_cache_hit(SSL *s) { - return (s->hit); + return (s->internal->hit); } diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 9ea22bac059..d8818e18509 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.157 2017/01/23 05:27:22 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.158 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -620,6 +620,112 @@ typedef struct ssl_internal_st { tls_session_secret_cb_fn tls_session_secret_cb; void *tls_session_secret_cb_arg; + /* XXX non-callback */ + + int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ + + /* This holds a variable that indicates what we were doing + * when a 0 or -1 is returned. This is needed for + * non-blocking IO so we know what request needs re-doing when + * in SSL_accept or SSL_connect */ + int rwstate; + + /* Imagine that here's a boolean member "init" that is + * switched as soon as SSL_set_{accept/connect}_state + * is called for the first time, so that "state" and + * "handshake_func" are properly initialized. But as + * handshake_func is == 0 until then, we use this + * test instead of an "init" member. + */ + + int new_session;/* Generate a new session or reuse an old one. + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ + int quiet_shutdown;/* don't send shutdown packets */ + int shutdown; /* we have shut things down, 0x01 sent, 0x02 + * for received */ + BUF_MEM *init_buf; /* buffer used during init */ + void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ + int init_num; /* amount read/written */ + int init_off; /* amount read/written */ + + /* used internally to point at a raw packet */ + unsigned char *packet; + unsigned int packet_length; + + int read_ahead; /* Read as many input bytes as possible + * (for non-blocking reads) */ + + int hit; /* reusing a previous session */ + + /* crypto */ + STACK_OF(SSL_CIPHER) *cipher_list_by_id; + + /* These are the ones being used, the ones in SSL_SESSION are + * the ones to be 'copied' into these ones */ + int mac_flags; + + SSL_AEAD_CTX *aead_read_ctx; /* AEAD context. If non-NULL, then + enc_read_ctx and read_hash are + ignored. */ + + EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ + EVP_MD_CTX *read_hash; /* used for mac generation */ + + SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then + enc_write_ctx and write_hash are + ignored. */ + + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + EVP_MD_CTX *write_hash; /* used for mac generation */ + + /* session info */ + + /* extra application data */ + CRYPTO_EX_DATA ex_data; + + /* client cert? */ + /* for server side, keep the list of CA_dn we can use */ + STACK_OF(X509_NAME) *client_CA; + + /* set this flag to 1 and a sleep(1) is put into all SSL_read() + * and SSL_write() calls, good for nbio debuging :-) */ + int debug; + long max_cert_list; + int first_packet; + + int servername_done; /* no further mod of servername + 0 : call the servername extension callback. + 1 : prepare 2, allow last ack just after in server callback. + 2 : don't call servername callback, no ack in server hello + */ + + /* Expect OCSP CertificateStatus message */ + int tlsext_status_expected; + /* OCSP status request only */ + STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; + X509_EXTENSIONS *tlsext_ocsp_exts; + /* OCSP response received or to be sent */ + unsigned char *tlsext_ocsp_resp; + int tlsext_ocsp_resplen; + + /* RFC4507 session ticket expected to be received or sent */ + int tlsext_ticket_expected; + size_t tlsext_ecpointformatlist_length; + uint8_t *tlsext_ecpointformatlist; /* our list */ + size_t tlsext_ellipticcurvelist_length; + uint16_t *tlsext_ellipticcurvelist; /* our list */ + + /* TLS Session Ticket extension override */ + TLS_SESSION_TICKET_EXT *tlsext_session_ticket; + + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ + SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ + + int renegotiate;/* 1 if we are renegotiating. + * 2 if we are a server and are inside a handshake + * (i.e. not just sending a HelloRequest) */ } SSL_INTERNAL; typedef struct ssl3_state_internal_st { diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 4a7650fd9d7..52a04d3094d 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.61 2017/01/23 05:27:22 jsing Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.62 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -319,7 +319,7 @@ ssl_get_new_session(SSL *s, int session) } /* If RFC4507 ticket use empty session ID. */ - if (s->tlsext_ticket_expected) { + if (s->internal->tlsext_ticket_expected) { ss->session_id_length = 0; goto sess_id_done; } @@ -411,7 +411,7 @@ sess_id_done: * - If a session is found then s->session is pointed at it (after freeing * an existing session if need be) and s->verify_result is set from the * session. - * - Both for new and resumed sessions, s->tlsext_ticket_expected is set + * - Both for new and resumed sessions, s->internal->tlsext_ticket_expected is set * to 1 if the server should issue a new session ticket (to 0 otherwise). */ int @@ -431,7 +431,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, if (len == 0) try_session_cache = 0; - /* Sets s->tlsext_ticket_expected. */ + /* Sets s->internal->tlsext_ticket_expected. */ r = tls1_process_ticket(s, session_id, len, limit, &ret); switch (r) { case -1: /* Error during processing */ @@ -566,7 +566,7 @@ err: * The session was from a ticket, so we should * issue a ticket for the new session. */ - s->tlsext_ticket_expected = 1; + s->internal->tlsext_ticket_expected = 1; } } if (fatal) @@ -869,24 +869,24 @@ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) { if (s->version >= TLS1_VERSION) { - free(s->tlsext_session_ticket); - s->tlsext_session_ticket = + free(s->internal->tlsext_session_ticket); + s->internal->tlsext_session_ticket = malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); - if (!s->tlsext_session_ticket) { + if (!s->internal->tlsext_session_ticket) { SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); return 0; } if (ext_data) { - s->tlsext_session_ticket->length = ext_len; - s->tlsext_session_ticket->data = - s->tlsext_session_ticket + 1; - memcpy(s->tlsext_session_ticket->data, + s->internal->tlsext_session_ticket->length = ext_len; + s->internal->tlsext_session_ticket->data = + s->internal->tlsext_session_ticket + 1; + memcpy(s->internal->tlsext_session_ticket->data, ext_data, ext_len); } else { - s->tlsext_session_ticket->length = 0; - s->tlsext_session_ticket->data = NULL; + s->internal->tlsext_session_ticket->length = 0; + s->internal->tlsext_session_ticket->data = NULL; } return 1; @@ -950,7 +950,7 @@ SSL_CTX_flush_sessions(SSL_CTX *s, long t) int ssl_clear_bad_session(SSL *s) { - if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) && + if ((s->session != NULL) && !(s->internal->shutdown & SSL_SENT_SHUTDOWN) && !(SSL_in_init(s) || SSL_in_before(s))) { SSL_CTX_remove_session(s->ctx, s->session); return (1); diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index a8998b4dec5..4b337a4706e 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.89 2017/01/22 09:02:07 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.90 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -461,13 +461,13 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, SSL_AEAD_CTX *aead_ctx; if (is_read) { - if (!tls1_aead_ctx_init(&s->aead_read_ctx)) + if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx)) return 0; - aead_ctx = s->aead_read_ctx; + aead_ctx = s->internal->aead_read_ctx; } else { - if (!tls1_aead_ctx_init(&s->aead_write_ctx)) + if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx)) return 0; - aead_ctx = s->aead_write_ctx; + aead_ctx = s->internal->aead_write_ctx; } if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len, @@ -532,26 +532,26 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, if (is_read) { if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) - s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; + s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; else - s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; + s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; - EVP_CIPHER_CTX_free(s->enc_read_ctx); - s->enc_read_ctx = NULL; - EVP_MD_CTX_destroy(s->read_hash); - s->read_hash = NULL; + EVP_CIPHER_CTX_free(s->internal->enc_read_ctx); + s->internal->enc_read_ctx = NULL; + EVP_MD_CTX_destroy(s->internal->read_hash); + s->internal->read_hash = NULL; if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) goto err; - s->enc_read_ctx = cipher_ctx; + s->internal->enc_read_ctx = cipher_ctx; if ((mac_ctx = EVP_MD_CTX_create()) == NULL) goto err; - s->read_hash = mac_ctx; + s->internal->read_hash = mac_ctx; } else { if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) - s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; + s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; else - s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; + s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; /* * DTLS fragments retain a pointer to the compression, cipher @@ -561,17 +561,17 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, * by DTLS when its frees a ChangeCipherSpec fragment. */ if (!SSL_IS_DTLS(s)) { - EVP_CIPHER_CTX_free(s->enc_write_ctx); - s->enc_write_ctx = NULL; - EVP_MD_CTX_destroy(s->write_hash); - s->write_hash = NULL; + EVP_CIPHER_CTX_free(s->internal->enc_write_ctx); + s->internal->enc_write_ctx = NULL; + EVP_MD_CTX_destroy(s->internal->write_hash); + s->internal->write_hash = NULL; } if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) goto err; - s->enc_write_ctx = cipher_ctx; + s->internal->enc_write_ctx = cipher_ctx; if ((mac_ctx = EVP_MD_CTX_create()) == NULL) goto err; - s->write_hash = mac_ctx; + s->internal->write_hash = mac_ctx; } if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) { @@ -833,11 +833,11 @@ tls1_enc(SSL *s, int send) int bs, i, j, k, pad = 0, ret, mac_size = 0; if (send) { - aead = s->aead_write_ctx; + aead = s->internal->aead_write_ctx; rec = &S3I(s)->wrec; seq = S3I(s)->write_sequence; } else { - aead = s->aead_read_ctx; + aead = s->internal->aead_read_ctx; rec = &S3I(s)->rrec; seq = S3I(s)->read_sequence; } @@ -988,16 +988,16 @@ tls1_enc(SSL *s, int send) } if (send) { - if (EVP_MD_CTX_md(s->write_hash)) { - int n = EVP_MD_CTX_size(s->write_hash); + if (EVP_MD_CTX_md(s->internal->write_hash)) { + int n = EVP_MD_CTX_size(s->internal->write_hash); OPENSSL_assert(n >= 0); } - ds = s->enc_write_ctx; - if (s->enc_write_ctx == NULL) + ds = s->internal->enc_write_ctx; + if (s->internal->enc_write_ctx == NULL) enc = NULL; else { int ivlen = 0; - enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); + enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx); if (SSL_USE_EXPLICIT_IV(s) && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) ivlen = EVP_CIPHER_iv_length(enc); @@ -1016,15 +1016,15 @@ tls1_enc(SSL *s, int send) } } } else { - if (EVP_MD_CTX_md(s->read_hash)) { - int n = EVP_MD_CTX_size(s->read_hash); + if (EVP_MD_CTX_md(s->internal->read_hash)) { + int n = EVP_MD_CTX_size(s->internal->read_hash); OPENSSL_assert(n >= 0); } - ds = s->enc_read_ctx; - if (s->enc_read_ctx == NULL) + ds = s->internal->enc_read_ctx; + if (s->internal->enc_read_ctx == NULL) enc = NULL; else - enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); + enc = EVP_CIPHER_CTX_cipher(s->internal->enc_read_ctx); } if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { @@ -1085,8 +1085,8 @@ tls1_enc(SSL *s, int send) } ret = 1; - if (EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); + if (EVP_MD_CTX_md(s->internal->read_hash) != NULL) + mac_size = EVP_MD_CTX_size(s->internal->read_hash); if ((bs != 1) && !send) ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); if (pad && !send) @@ -1188,18 +1188,18 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) EVP_MD_CTX hmac, *mac_ctx; unsigned char header[13]; int stream_mac = (send ? - (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) : - (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM)); + (ssl->internal->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) : + (ssl->internal->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM)); int t; if (send) { rec = &(ssl->s3->internal->wrec); seq = &(ssl->s3->internal->write_sequence[0]); - hash = ssl->write_hash; + hash = ssl->internal->write_hash; } else { rec = &(ssl->s3->internal->rrec); seq = &(ssl->s3->internal->read_sequence[0]); - hash = ssl->read_hash; + hash = ssl->internal->read_hash; } t = EVP_MD_CTX_size(hash); @@ -1232,7 +1232,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) header[12] = (rec->length) & 0xff; if (!send && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && + EVP_CIPHER_CTX_mode(ssl->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE && ssl3_cbc_record_digest_supported(mac_ctx)) { /* This is a CBC-encrypted record. We must avoid leaking any * timing-side channel information about how many blocks of diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 0dbd83fecfa..f0a9ed5dc14 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.102 2017/01/23 05:13:02 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.103 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -201,7 +201,7 @@ tls1_free(SSL *s) if (s == NULL) return; - free(s->tlsext_session_ticket); + free(s->internal->tlsext_session_ticket); ssl3_free(s); } @@ -376,8 +376,8 @@ tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats, return; } - *pformats = s->tlsext_ecpointformatlist; - *pformatslen = s->tlsext_ecpointformatlist_length; + *pformats = s->internal->tlsext_ecpointformatlist; + *pformatslen = s->internal->tlsext_ecpointformatlist_length; if (*pformats == NULL) { *pformats = ecformats_default; *pformatslen = sizeof(ecformats_default); @@ -399,8 +399,8 @@ tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves, return; } - *pcurves = s->tlsext_ellipticcurvelist; - *pcurveslen = s->tlsext_ellipticcurvelist_length; + *pcurves = s->internal->tlsext_ellipticcurvelist; + *pcurveslen = s->internal->tlsext_ellipticcurvelist_length; if (*pcurves == NULL) { *pcurves = eccurves_default; *pcurveslen = sizeof(eccurves_default) / 2; @@ -690,7 +690,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) } /* Add RI if renegotiating */ - if (s->renegotiate) { + if (s->internal->renegotiate) { int el; if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { @@ -775,21 +775,21 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) { int ticklen; - if (!s->new_session && s->session && s->session->tlsext_tick) + if (!s->internal->new_session && s->session && s->session->tlsext_tick) ticklen = s->session->tlsext_ticklen; - else if (s->session && s->tlsext_session_ticket && - s->tlsext_session_ticket->data) { - ticklen = s->tlsext_session_ticket->length; + else if (s->session && s->internal->tlsext_session_ticket && + s->internal->tlsext_session_ticket->data) { + ticklen = s->internal->tlsext_session_ticket->length; s->session->tlsext_tick = malloc(ticklen); if (!s->session->tlsext_tick) return NULL; memcpy(s->session->tlsext_tick, - s->tlsext_session_ticket->data, ticklen); + s->internal->tlsext_session_ticket->data, ticklen); s->session->tlsext_ticklen = ticklen; } else ticklen = 0; - if (ticklen == 0 && s->tlsext_session_ticket && - s->tlsext_session_ticket->data == NULL) + if (ticklen == 0 && s->internal->tlsext_session_ticket && + s->internal->tlsext_session_ticket->data == NULL) goto skip_ext; /* Check for enough room 2 for extension type, 2 for len * rest for ticket @@ -824,16 +824,16 @@ skip_ext: OCSP_RESPID *id; idlen = 0; - for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) { - id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); + for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) { + id = sk_OCSP_RESPID_value(s->internal->tlsext_ocsp_ids, i); itmp = i2d_OCSP_RESPID(id, NULL); if (itmp <= 0) return NULL; idlen += itmp + 2; } - if (s->tlsext_ocsp_exts) { - extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); + if (s->internal->tlsext_ocsp_exts) { + extlen = i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, NULL); if (extlen < 0) return NULL; } else @@ -847,10 +847,10 @@ skip_ext: s2n(extlen + idlen + 5, ret); *(ret++) = TLSEXT_STATUSTYPE_ocsp; s2n(idlen, ret); - for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) { + for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) { /* save position of id len */ unsigned char *q = ret; - id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); + id = sk_OCSP_RESPID_value(s->internal->tlsext_ocsp_ids, i); /* skip over id len */ ret += 2; itmp = i2d_OCSP_RESPID(id, &ret); @@ -859,7 +859,7 @@ skip_ext: } s2n(extlen, ret); if (extlen > 0) - i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); + i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, &ret); } if (s->ctx->internal->next_proto_select_cb && @@ -917,7 +917,7 @@ skip_ext: * extensions it MUST always appear last. */ if (s->options & SSL_OP_TLSEXT_PADDING) { - int hlen = ret - (unsigned char *)s->init_buf->data; + int hlen = ret - (unsigned char *)s->internal->init_buf->data; /* * The code in s23_clnt.c to build ClientHello messages @@ -964,7 +964,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) if (ret >= limit) return NULL; /* this really never occurs, but ... */ - if (!s->hit && s->servername_done == 1 && + if (!s->internal->hit && s->internal->servername_done == 1 && s->session->tlsext_hostname != NULL) { if ((size_t)(limit - ret) < 4) return NULL; @@ -1030,7 +1030,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) * extension. */ - if (s->tlsext_ticket_expected && + if (s->internal->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { if ((size_t)(limit - ret) < 4) return NULL; @@ -1039,7 +1039,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) s2n(0, ret); } - if (s->tlsext_status_expected) { + if (s->internal->tlsext_status_expected) { if ((size_t)(limit - ret) < 4) return NULL; @@ -1048,7 +1048,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) } #ifndef OPENSSL_NO_SRTP - if (SSL_IS_DTLS(s) && s->srtp_profile) { + if (SSL_IS_DTLS(s) && s->internal->srtp_profile) { int el; ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0); @@ -1203,12 +1203,12 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int renegotiate_seen = 0; int sigalg_seen = 0; - s->servername_done = 0; + s->internal->servername_done = 0; s->tlsext_status_type = -1; S3I(s)->next_proto_neg_seen = 0; free(S3I(s)->alpn_selected); S3I(s)->alpn_selected = NULL; - s->srtp_profile = NULL; + s->internal->srtp_profile = NULL; if (data == end) goto ri_check; @@ -1281,10 +1281,10 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, *al = SSL_AD_DECODE_ERROR; return 0; } - if (s->servername_done == 0) + if (s->internal->servername_done == 0) switch (servname_type) { case TLSEXT_NAMETYPE_host_name: - if (!s->hit) { + if (!s->internal->hit) { if (s->session->tlsext_hostname) { *al = SSL_AD_DECODE_ERROR; return 0; @@ -1306,11 +1306,11 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } - s->servername_done = 1; + s->internal->servername_done = 1; } else { - s->servername_done = s->session->tlsext_hostname && + s->internal->servername_done = s->session->tlsext_hostname && strlen(s->session->tlsext_hostname) == len && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; } @@ -1345,7 +1345,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, return 0; } - if (!s->hit) { + if (!s->internal->hit) { free(SSI(s)->tlsext_ecpointformatlist); SSI(s)->tlsext_ecpointformatlist = NULL; SSI(s)->tlsext_ecpointformatlist_length = 0; @@ -1377,7 +1377,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } curveslen /= 2; - if (!s->hit) { + if (!s->internal->hit) { if (SSI(s)->tlsext_ellipticcurvelist) { *al = TLS1_AD_DECODE_ERROR; return 0; @@ -1447,13 +1447,13 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, * previous handshake to prevent * unbounded memory growth. */ - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, + sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free); - s->tlsext_ocsp_ids = NULL; + s->internal->tlsext_ocsp_ids = NULL; if (dsize > 0) { - s->tlsext_ocsp_ids = + s->internal->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null(); - if (s->tlsext_ocsp_ids == NULL) { + if (s->internal->tlsext_ocsp_ids == NULL) { *al = SSL_AD_INTERNAL_ERROR; return 0; } @@ -1487,7 +1487,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, return 0; } if (!sk_OCSP_RESPID_push( - s->tlsext_ocsp_ids, id)) { + s->internal->tlsext_ocsp_ids, id)) { OCSP_RESPID_free(id); *al = SSL_AD_INTERNAL_ERROR; return 0; @@ -1507,15 +1507,15 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } sdata = data; if (dsize > 0) { - if (s->tlsext_ocsp_exts) { - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, + if (s->internal->tlsext_ocsp_exts) { + sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts, X509_EXTENSION_free); } - s->tlsext_ocsp_exts = + s->internal->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, &sdata, dsize); - if (!s->tlsext_ocsp_exts || + if (!s->internal->tlsext_ocsp_exts || (data + dsize != sdata)) { *al = SSL_AD_DECODE_ERROR; return 0; @@ -1534,7 +1534,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, /* We shouldn't accept this extension on a * renegotiation. * - * s->new_session will be set on renegotiation, but we + * s->internal->new_session will be set on renegotiation, but we * probably shouldn't rely that it couldn't be set on * the initial renegotation too in certain cases (when * there's some other reason to disallow resuming an @@ -1580,7 +1580,7 @@ ri_check: /* Need RI if renegotiating */ - if (!renegotiate_seen && s->renegotiate) { + if (!renegotiate_seen && s->internal->renegotiate) { *al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); @@ -1673,7 +1673,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) return 0; } - if (!s->hit) { + if (!s->internal->hit) { free(SSI(s)->tlsext_ecpointformatlist); SSI(s)->tlsext_ecpointformatlist = NULL; SSI(s)->tlsext_ecpointformatlist_length = 0; @@ -1699,7 +1699,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) *al = TLS1_AD_UNSUPPORTED_EXTENSION; return 0; } - s->tlsext_ticket_expected = 1; + s->internal->tlsext_ticket_expected = 1; } else if (type == TLSEXT_TYPE_status_request && s->version != DTLS1_VERSION) { @@ -1711,7 +1711,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) return 0; } /* Set flag to expect CertificateStatus message */ - s->tlsext_status_expected = 1; + s->internal->tlsext_status_expected = 1; } else if (type == TLSEXT_TYPE_next_proto_neg && S3I(s)->tmp.finish_md_len == 0) { @@ -1804,7 +1804,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) return 0; } - if (!s->hit && tlsext_servername == 1) { + if (!s->internal->hit && tlsext_servername == 1) { if (s->tlsext_hostname) { if (s->session->tlsext_hostname == NULL) { s->session->tlsext_hostname = @@ -1874,7 +1874,7 @@ ssl_check_clienthello_tlsext_early(SSL *s) ssl3_send_alert(s, SSL3_AL_WARNING, al); return 1; case SSL_TLSEXT_ERR_NOACK: - s->servername_done = 0; + s->internal->servername_done = 0; default: return 1; } @@ -1898,7 +1898,7 @@ ssl_check_clienthello_tlsext_late(SSL *s) certpkey = ssl_get_server_send_pkey(s); /* If no certificate can't return certificate status */ if (certpkey == NULL) { - s->tlsext_status_expected = 0; + s->internal->tlsext_status_expected = 0; return 1; } /* Set current certificate to one we will use so @@ -1910,14 +1910,14 @@ ssl_check_clienthello_tlsext_late(SSL *s) switch (r) { /* We don't want to send a status request response */ case SSL_TLSEXT_ERR_NOACK: - s->tlsext_status_expected = 0; + s->internal->tlsext_status_expected = 0; break; /* status request response should be sent */ case SSL_TLSEXT_ERR_OK: - if (s->tlsext_ocsp_resp) - s->tlsext_status_expected = 1; + if (s->internal->tlsext_ocsp_resp) + s->internal->tlsext_status_expected = 1; else - s->tlsext_status_expected = 0; + s->internal->tlsext_status_expected = 0; break; /* something bad happened */ case SSL_TLSEXT_ERR_ALERT_FATAL: @@ -1926,7 +1926,7 @@ ssl_check_clienthello_tlsext_late(SSL *s) goto err; } } else - s->tlsext_status_expected = 0; + s->internal->tlsext_status_expected = 0; err: switch (ret) { @@ -1953,8 +1953,8 @@ ssl_check_serverhello_tlsext(SSL *s) */ unsigned long alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; - if ((s->tlsext_ecpointformatlist != NULL) && - (s->tlsext_ecpointformatlist_length > 0) && + if ((s->internal->tlsext_ecpointformatlist != NULL) && + (s->internal->tlsext_ecpointformatlist_length > 0) && (SSI(s)->tlsext_ecpointformatlist != NULL) && (SSI(s)->tlsext_ecpointformatlist_length > 0) && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { @@ -1986,15 +1986,15 @@ ssl_check_serverhello_tlsext(SSL *s) /* If we've requested certificate status and we wont get one * tell the callback */ - if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) && + if ((s->tlsext_status_type != -1) && !(s->internal->tlsext_status_expected) && s->ctx && s->ctx->internal->tlsext_status_cb) { int r; /* Set resp to NULL, resplen to -1 so callback knows * there is no response. */ - free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resplen = -1; + free(s->internal->tlsext_ocsp_resp); + s->internal->tlsext_ocsp_resp = NULL; + s->internal->tlsext_ocsp_resplen = -1; r = s->ctx->internal->tlsext_status_cb(s, s->ctx->internal->tlsext_status_arg); if (r == 0) { @@ -2017,7 +2017,7 @@ ssl_check_serverhello_tlsext(SSL *s) return 1; case SSL_TLSEXT_ERR_NOACK: - s->servername_done = 0; + s->internal->servername_done = 0; default: return 1; } @@ -2037,7 +2037,7 @@ ssl_check_serverhello_tlsext(SSL *s) * * If s->internal->tls_session_secret_cb is set then we are expecting a pre-shared key * ciphersuite, in which case we have no use for session tickets and one will - * never be decrypted, nor will s->tlsext_ticket_expected be set to 1. + * never be decrypted, nor will s->internal->tlsext_ticket_expected be set to 1. * * Returns: * -1: fatal error, either from parsing or decrypting the ticket. @@ -2049,12 +2049,12 @@ ssl_check_serverhello_tlsext(SSL *s) * 3: a ticket was successfully decrypted and *ret was set. * * Side effects: - * Sets s->tlsext_ticket_expected to 1 if the server will have to issue + * Sets s->internal->tlsext_ticket_expected to 1 if the server will have to issue * a new session ticket to the client because the client indicated support * (and s->internal->tls_session_secret_cb is NULL) but the client either doesn't have * a session ticket or we couldn't use the one it gave us, or if * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket. - * Otherwise, s->tlsext_ticket_expected is set to 0. + * Otherwise, s->internal->tlsext_ticket_expected is set to 0. */ int tls1_process_ticket(SSL *s, const unsigned char *session, int session_len, @@ -2064,7 +2064,7 @@ tls1_process_ticket(SSL *s, const unsigned char *session, int session_len, CBS session_id, cookie, cipher_list, compress_algo, extensions; *ret = NULL; - s->tlsext_ticket_expected = 0; + s->internal->tlsext_ticket_expected = 0; /* If tickets disabled behave as if no ticket present * to permit stateful resumption. @@ -2116,7 +2116,7 @@ tls1_process_ticket(SSL *s, const unsigned char *session, int session_len, if (CBS_len(&ext_data) == 0) { /* The client will accept a ticket but doesn't * currently have one. */ - s->tlsext_ticket_expected = 1; + s->internal->tlsext_ticket_expected = 1; return 1; } if (s->internal->tls_session_secret_cb) { @@ -2133,12 +2133,12 @@ tls1_process_ticket(SSL *s, const unsigned char *session, int session_len, switch (r) { case 2: /* ticket couldn't be decrypted */ - s->tlsext_ticket_expected = 1; + s->internal->tlsext_ticket_expected = 1; return 2; case 3: /* ticket was decrypted */ return r; case 4: /* ticket decrypted but need to renew */ - s->tlsext_ticket_expected = 1; + s->internal->tlsext_ticket_expected = 1; return 3; default: /* fatal error */ return -1; |