diff options
| author |   beck <beck@openbsd.org> | 2017-05-07 04:22:24 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2017-05-07 04:22:24 +0000 |
| commit | 440bed4fbf67c71055029b3e3067c272d9453bf5 (patch) | |
| tree | 52b4b4cebc1418ac46724df5173a011a50033f2a /lib/libssl/ssl_clnt.c | |
| parent | Limit -Werror to gcc4 as was done in libcrypto/libssl/libtls to avoid (diff) | |
| download | wireguard-openbsd-440bed4fbf67c71055029b3e3067c272d9453bf5.tar.xz wireguard-openbsd-440bed4fbf67c71055029b3e3067c272d9453bf5.zip | |
Move state from ssl->internal to the handshake structure.
while we are at it, convert SSLerror to use a function
internally, so that we may later allocate the handshake
structure and check for it
ok jsing@
Diffstat (limited to 'lib/libssl/ssl_clnt.c')
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 106 |
1 files changed, 53 insertions, 53 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index f6ca3e7f3cb..a1745143f01 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.13 2017/05/06 22:24:57 beck Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.14 2017/05/07 04:22:24 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -193,12 +193,12 @@ ssl3_connect(SSL *s) SSL_clear(s); for (;;) { - state = s->internal->state; + state = S3I(s)->hs.state; - switch (s->internal->state) { + switch (S3I(s)->hs.state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - s->internal->state = SSL_ST_CONNECT; + S3I(s)->hs.state = SSL_ST_CONNECT; s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: @@ -239,7 +239,7 @@ ssl3_connect(SSL *s) goto end; } - s->internal->state = SSL3_ST_CW_CLNT_HELLO_A; + S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; s->internal->init_num = 0; break; @@ -251,7 +251,7 @@ ssl3_connect(SSL *s) ret = ssl3_client_hello(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_SRVR_HELLO_A; + S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; s->internal->init_num = 0; /* turn on buffering for the next lot of output */ @@ -267,13 +267,13 @@ ssl3_connect(SSL *s) goto end; if (s->internal->hit) { - s->internal->state = SSL3_ST_CR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; if (s->internal->tlsext_ticket_expected) { /* receive renewed session ticket */ - s->internal->state = SSL3_ST_CR_SESSION_TICKET_A; + S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; } } else - s->internal->state = SSL3_ST_CR_CERT_A; + S3I(s)->hs.state = SSL3_ST_CR_CERT_A; s->internal->init_num = 0; break; @@ -285,9 +285,9 @@ ssl3_connect(SSL *s) if (ret == 2) { s->internal->hit = 1; if (s->internal->tlsext_ticket_expected) - s->internal->state = SSL3_ST_CR_SESSION_TICKET_A; + S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; else - s->internal->state = SSL3_ST_CR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; } @@ -298,12 +298,12 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - s->internal->state = SSL3_ST_CR_CERT_STATUS_A; + S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A; else - s->internal->state = SSL3_ST_CR_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; } else { skip = 1; - s->internal->state = SSL3_ST_CR_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -313,7 +313,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_server_key_exchange(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_CERT_REQ_A; + S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A; s->internal->init_num = 0; /* @@ -331,7 +331,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_certificate_request(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_SRVR_DONE_A; + S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A; s->internal->init_num = 0; break; @@ -341,9 +341,9 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; if (S3I(s)->tmp.cert_req) - s->internal->state = SSL3_ST_CW_CERT_A; + S3I(s)->hs.state = SSL3_ST_CW_CERT_A; else - s->internal->state = SSL3_ST_CW_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -355,7 +355,7 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_certificate(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CW_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -381,13 +381,13 @@ ssl3_connect(SSL *s) * inside the client certificate. */ if (S3I(s)->tmp.cert_req == 1) { - s->internal->state = SSL3_ST_CW_CERT_VRFY_A; + S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A; } else { - s->internal->state = SSL3_ST_CW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; S3I(s)->change_cipher_spec = 0; } if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { - s->internal->state = SSL3_ST_CW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; S3I(s)->change_cipher_spec = 0; } @@ -399,7 +399,7 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_verify(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; s->internal->init_num = 0; S3I(s)->change_cipher_spec = 0; break; @@ -412,9 +412,9 @@ ssl3_connect(SSL *s) goto end; if (S3I(s)->next_proto_neg_seen) - s->internal->state = SSL3_ST_CW_NEXT_PROTO_A; + S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_A; else - s->internal->state = SSL3_ST_CW_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; s->session->cipher = S3I(s)->hs.new_cipher; @@ -436,7 +436,7 @@ ssl3_connect(SSL *s) ret = ssl3_send_next_proto(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CW_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; break; case SSL3_ST_CW_FINISHED_A: @@ -448,7 +448,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->s3->flags |= SSL3_FLAGS_CCS_OK; - s->internal->state = SSL3_ST_CW_FLUSH; + S3I(s)->hs.state = SSL3_ST_CW_FLUSH; /* clear flags */ s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; @@ -456,7 +456,7 @@ ssl3_connect(SSL *s) S3I(s)->hs.next_state = SSL_ST_OK; if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { - s->internal->state = SSL_ST_OK; + S3I(s)->hs.state = SSL_ST_OK; s->s3->flags|=SSL3_FLAGS_POP_BUFFER; S3I(s)->delay_buf_pop_ret = 0; } @@ -477,7 +477,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_new_session_ticket(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; @@ -486,7 +486,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_cert_status(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -499,9 +499,9 @@ ssl3_connect(SSL *s) goto end; if (s->internal->hit) - s->internal->state = SSL3_ST_CW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; else - s->internal->state = SSL_ST_OK; + S3I(s)->hs.state = SSL_ST_OK; s->internal->init_num = 0; break; @@ -512,7 +512,7 @@ ssl3_connect(SSL *s) goto end; } s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.next_state; break; case SSL_ST_OK: @@ -563,11 +563,11 @@ ssl3_connect(SSL *s) goto end; } - if ((cb != NULL) && (s->internal->state != state)) { - new_state = s->internal->state; - s->internal->state = state; + if ((cb != NULL) && (S3I(s)->hs.state != state)) { + new_state = S3I(s)->hs.state; + S3I(s)->hs.state = state; cb(s, SSL_CB_CONNECT_LOOP, 1); - s->internal->state = new_state; + S3I(s)->hs.state = new_state; } } skip = 0; @@ -591,7 +591,7 @@ ssl3_client_hello(SSL *s) bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; - if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_A) { + if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; if (ssl_supported_version_range(s, NULL, &max_version) != 1) { @@ -706,7 +706,7 @@ ssl3_client_hello(SSL *s) ssl3_handshake_msg_finish(s, p - d); - s->internal->state = SSL3_ST_CW_CLNT_HELLO_B; + S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B; } /* SSL3_ST_CW_CLNT_HELLO_B */ @@ -2273,7 +2273,7 @@ ssl3_send_client_key_exchange(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) { + if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) { alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; if ((sess_cert = SSI(s)->sess_cert) == NULL) { @@ -2309,7 +2309,7 @@ ssl3_send_client_key_exchange(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = SSL3_ST_CW_KEY_EXCH_B; + S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B; } /* SSL3_ST_CW_KEY_EXCH_B */ @@ -2335,7 +2335,7 @@ ssl3_send_client_verify(SSL *s) EVP_MD_CTX_init(&mctx); - if (s->internal->state == SSL3_ST_CW_CERT_VRFY_A) { + if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) { p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY); /* @@ -2459,7 +2459,7 @@ ssl3_send_client_verify(SSL *s) goto err; } - s->internal->state = SSL3_ST_CW_CERT_VRFY_B; + S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B; ssl3_handshake_msg_finish(s, n); } @@ -2485,16 +2485,16 @@ ssl3_send_client_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == SSL3_ST_CW_CERT_A) { + if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) { if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || (s->cert->key->privatekey == NULL)) - s->internal->state = SSL3_ST_CW_CERT_B; + S3I(s)->hs.state = SSL3_ST_CW_CERT_B; else - s->internal->state = SSL3_ST_CW_CERT_C; + S3I(s)->hs.state = SSL3_ST_CW_CERT_C; } /* We need to get a client cert */ - if (s->internal->state == SSL3_ST_CW_CERT_B) { + if (S3I(s)->hs.state == SSL3_ST_CW_CERT_B) { /* * If we get an error, we need to * ssl->rwstate=SSL_X509_LOOKUP; return(-1); @@ -2507,7 +2507,7 @@ ssl3_send_client_certificate(SSL *s) } s->internal->rwstate = SSL_NOTHING; if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { - s->internal->state = SSL3_ST_CW_CERT_B; + S3I(s)->hs.state = SSL3_ST_CW_CERT_B; if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey)) i = 0; @@ -2522,10 +2522,10 @@ ssl3_send_client_certificate(SSL *s) S3I(s)->tmp.cert_req = 2; /* Ok, we have a cert */ - s->internal->state = SSL3_ST_CW_CERT_C; + S3I(s)->hs.state = SSL3_ST_CW_CERT_C; } - if (s->internal->state == SSL3_ST_CW_CERT_C) { + if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) { if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert, SSL3_MT_CERTIFICATE)) goto err; @@ -2535,7 +2535,7 @@ ssl3_send_client_certificate(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = SSL3_ST_CW_CERT_D; + S3I(s)->hs.state = SSL3_ST_CW_CERT_D; } /* SSL3_ST_CW_CERT_D */ @@ -2625,7 +2625,7 @@ ssl3_send_next_proto(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) { + if (S3I(s)->hs.state == SSL3_ST_CW_NEXT_PROTO_A) { pad_len = 32 - ((s->internal->next_proto_negotiated_len + 2) % 32); if (!ssl3_handshake_msg_start_cbb(s, &cbb, &nextproto, @@ -2644,7 +2644,7 @@ ssl3_send_next_proto(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = SSL3_ST_CW_NEXT_PROTO_B; + S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_B; } return (ssl3_handshake_write(s)); |