diff options
| author |   beck <beck@openbsd.org> | 2017-01-23 08:48:44 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2017-01-23 08:48:44 +0000 |
| commit | 8022bb077d13265daefb9145af99f06cb79e4d1f (patch) | |
| tree | c32212b154ef1ced26fe561ba024fafe4f4a98b7 /lib | |
| parent | copy log.c/h from bgpd. (diff) | |
| download | wireguard-openbsd-8022bb077d13265daefb9145af99f06cb79e4d1f.tar.xz wireguard-openbsd-8022bb077d13265daefb9145af99f06cb79e4d1f.zip | |
send state and rstate from ssl_st into internal. There are accessors
so these should not be diddled with directly
ok jsing@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/d1_both.c | 8 | ||||
| -rw-r--r-- | lib/libssl/d1_clnt.c | 72 | ||||
| -rw-r--r-- | lib/libssl/d1_pkt.c | 36 | ||||
| -rw-r--r-- | lib/libssl/d1_srvr.c | 92 | ||||
| -rw-r--r-- | lib/libssl/s23_clnt.c | 26 | ||||
| -rw-r--r-- | lib/libssl/s23_srvr.c | 28 | ||||
| -rw-r--r-- | lib/libssl/s3_both.c | 16 | ||||
| -rw-r--r-- | lib/libssl/s3_clnt.c | 106 | ||||
| -rw-r--r-- | lib/libssl/s3_lib.c | 8 | ||||
| -rw-r--r-- | lib/libssl/s3_pkt.c | 38 | ||||
| -rw-r--r-- | lib/libssl/s3_srvr.c | 118 | ||||
| -rw-r--r-- | lib/libssl/ssl.h | 5 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 18 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 6 | ||||
| -rw-r--r-- | lib/libssl/ssl_stat.c | 10 | ||||
| -rw-r--r-- | lib/libssl/t1_lib.c | 4 |
16 files changed, 296 insertions, 295 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index f440a8baf21..e709caa6047 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.44 2017/01/23 06:45:30 beck Exp $ */ +/* $OpenBSD: d1_both.c,v 1.45 2017/01/23 08:48:44 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -856,7 +856,7 @@ again: goto f_err; /* XDTLS: ressurect this when restart is in place */ - s->state = stn; + s->internal->state = stn; if (frag_len > 0) { unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; @@ -915,7 +915,7 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b) { unsigned char *p; - if (s->state == a) { + if (s->internal->state == a) { p = (unsigned char *)s->internal->init_buf->data; *p++=SSL3_MT_CCS; D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; @@ -929,7 +929,7 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b) /* buffer the message to handle re-xmits */ dtls1_buffer_message(s, 1); - s->state = b; + s->internal->state = b; } /* SSL3_ST_CW_CHANGE_B */ diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index 5a972f3292a..9319794a667 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.66 2017/01/23 06:45:30 beck Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.67 2017/01/23 08:48:44 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -199,12 +199,12 @@ dtls1_connect(SSL *s) for (;;) { - state = s->state; + state = s->internal->state; - switch (s->state) { + switch (s->internal->state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - s->state = SSL_ST_CONNECT; + s->internal->state = SSL_ST_CONNECT; s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: @@ -241,7 +241,7 @@ dtls1_connect(SSL *s) /* don't push the buffering BIO quite yet */ - s->state = SSL3_ST_CW_CLNT_HELLO_A; + s->internal->state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; s->internal->init_num = 0; /* mark client_random uninitialized */ @@ -269,10 +269,10 @@ dtls1_connect(SSL *s) goto end; if (D1I(s)->send_cookie) { - s->state = SSL3_ST_CW_FLUSH; + s->internal->state = SSL3_ST_CW_FLUSH; S3I(s)->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A; } else - s->state = SSL3_ST_CR_SRVR_HELLO_A; + s->internal->state = SSL3_ST_CR_SRVR_HELLO_A; s->internal->init_num = 0; @@ -290,9 +290,9 @@ dtls1_connect(SSL *s) else { if (s->internal->hit) { - s->state = SSL3_ST_CR_FINISHED_A; + s->internal->state = SSL3_ST_CR_FINISHED_A; } else - s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; + s->internal->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; } s->internal->init_num = 0; break; @@ -305,9 +305,9 @@ dtls1_connect(SSL *s) goto end; dtls1_stop_timer(s); if ( D1I(s)->send_cookie) /* start again, with a cookie */ - s->state = SSL3_ST_CW_CLNT_HELLO_A; + s->internal->state = SSL3_ST_CW_CLNT_HELLO_A; else - s->state = SSL3_ST_CR_CERT_A; + s->internal->state = SSL3_ST_CR_CERT_A; s->internal->init_num = 0; break; @@ -319,9 +319,9 @@ dtls1_connect(SSL *s) if (ret == 2) { s->internal->hit = 1; if (s->internal->tlsext_ticket_expected) - s->state = SSL3_ST_CR_SESSION_TICKET_A; + s->internal->state = SSL3_ST_CR_SESSION_TICKET_A; else - s->state = SSL3_ST_CR_FINISHED_A; + s->internal->state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; } @@ -332,12 +332,12 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - s->state = SSL3_ST_CR_CERT_STATUS_A; + s->internal->state = SSL3_ST_CR_CERT_STATUS_A; else - s->state = SSL3_ST_CR_KEY_EXCH_A; + s->internal->state = SSL3_ST_CR_KEY_EXCH_A; } else { skip = 1; - s->state = SSL3_ST_CR_KEY_EXCH_A; + s->internal->state = SSL3_ST_CR_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -347,7 +347,7 @@ dtls1_connect(SSL *s) ret = ssl3_get_server_key_exchange(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CR_CERT_REQ_A; + s->internal->state = SSL3_ST_CR_CERT_REQ_A; s->internal->init_num = 0; /* at this point we check that we have the @@ -363,7 +363,7 @@ dtls1_connect(SSL *s) ret = ssl3_get_certificate_request(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CR_SRVR_DONE_A; + s->internal->state = SSL3_ST_CR_SRVR_DONE_A; s->internal->init_num = 0; break; @@ -378,7 +378,7 @@ dtls1_connect(SSL *s) else S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; - s->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->tmp.next_state; break; case SSL3_ST_CW_CERT_A: @@ -389,7 +389,7 @@ dtls1_connect(SSL *s) ret = ssl3_send_client_certificate(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CW_KEY_EXCH_A; + s->internal->state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -405,9 +405,9 @@ dtls1_connect(SSL *s) /* For TLS, cert_req is set to 2, so a cert chain * of nothing is sent, but no verify packet is sent */ if (S3I(s)->tmp.cert_req == 1) { - s->state = SSL3_ST_CW_CERT_VRFY_A; + s->internal->state = SSL3_ST_CW_CERT_VRFY_A; } else { - s->state = SSL3_ST_CW_CHANGE_A; + s->internal->state = SSL3_ST_CW_CHANGE_A; S3I(s)->change_cipher_spec = 0; } @@ -420,7 +420,7 @@ dtls1_connect(SSL *s) ret = ssl3_send_client_verify(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CW_CHANGE_A; + s->internal->state = SSL3_ST_CW_CHANGE_A; s->internal->init_num = 0; S3I(s)->change_cipher_spec = 0; break; @@ -434,7 +434,7 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; - s->state = SSL3_ST_CW_FINISHED_A; + s->internal->state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; s->session->cipher = S3I(s)->tmp.new_cipher; @@ -463,14 +463,14 @@ dtls1_connect(SSL *s) s->method->ssl3_enc->client_finished_label_len); if (ret <= 0) goto end; - s->state = SSL3_ST_CW_FLUSH; + s->internal->state = SSL3_ST_CW_FLUSH; /* clear flags */ s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; if (s->internal->hit) { S3I(s)->tmp.next_state = SSL_ST_OK; if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { - s->state = SSL_ST_OK; + s->internal->state = SSL_ST_OK; s->s3->flags |= SSL3_FLAGS_POP_BUFFER; S3I(s)->delay_buf_pop_ret = 0; } @@ -492,7 +492,7 @@ dtls1_connect(SSL *s) ret = ssl3_get_new_session_ticket(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CR_FINISHED_A; + s->internal->state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; @@ -501,7 +501,7 @@ dtls1_connect(SSL *s) ret = ssl3_get_cert_status(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CR_KEY_EXCH_A; + s->internal->state = SSL3_ST_CR_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -515,9 +515,9 @@ dtls1_connect(SSL *s) dtls1_stop_timer(s); if (s->internal->hit) - s->state = SSL3_ST_CW_CHANGE_A; + s->internal->state = SSL3_ST_CW_CHANGE_A; else - s->state = SSL_ST_OK; + s->internal->state = SSL_ST_OK; s->internal->init_num = 0; @@ -529,14 +529,14 @@ dtls1_connect(SSL *s) /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - s->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->tmp.next_state; } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - s->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->tmp.next_state; break; case SSL_ST_OK: @@ -585,11 +585,11 @@ dtls1_connect(SSL *s) goto end; } - if ((cb != NULL) && (s->state != state)) { - new_state = s->state; - s->state = state; + if ((cb != NULL) && (s->internal->state != state)) { + new_state = s->internal->state; + s->internal->state = state; cb(s, SSL_CB_CONNECT_LOOP, 1); - s->state = new_state; + s->internal->state = new_state; } } skip = 0; diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 2768d7ed9cf..1dba3d0c4d8 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.55 2017/01/23 08:08:06 beck Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.56 2017/01/23 08:48:44 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -495,7 +495,7 @@ again: } /* check if we have the header */ - if ((s->rstate != SSL_ST_READ_BODY) || + if ((s->internal->rstate != SSL_ST_READ_BODY) || (s->internal->packet_length < DTLS1_RT_HEADER_LENGTH)) { CBS header, seq_no; uint16_t epoch, len, ssl_version; @@ -510,7 +510,7 @@ again: if (s->internal->packet_length != DTLS1_RT_HEADER_LENGTH) goto again; - s->rstate = SSL_ST_READ_BODY; + s->internal->rstate = SSL_ST_READ_BODY; CBS_init(&header, s->internal->packet, s->internal->packet_length); @@ -547,11 +547,11 @@ again: if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) goto again; - /* now s->rstate == SSL_ST_READ_BODY */ + /* now s->internal->rstate == SSL_ST_READ_BODY */ p = (unsigned char *)CBS_data(&header); } - /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ + /* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */ if (rr->length > s->internal->packet_length - DTLS1_RT_HEADER_LENGTH) { /* now s->internal->packet_length == DTLS1_RT_HEADER_LENGTH */ @@ -567,7 +567,7 @@ again: /* now n == rr->length, * and s->internal->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ } - s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ + s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ /* match epochs. NULL means the packet is dropped on the floor */ bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); @@ -692,7 +692,7 @@ start: * so process data buffered during the last handshake * in advance, if any. */ - if (s->state == SSL_ST_OK && rr->length == 0) { + if (s->internal->state == SSL_ST_OK && rr->length == 0) { pitem *item; item = pqueue_pop(D1I(s)->buffered_app_data.q); if (item) { @@ -709,7 +709,7 @@ start: goto start; /* get new packet if necessary */ - if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { + if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) { ret = dtls1_get_record(s); if (ret <= 0) { ret = dtls1_read_failed(s, ret); @@ -778,7 +778,7 @@ start: rr->length -= n; rr->off += n; if (rr->length == 0) { - s->rstate = SSL_ST_READ_HEADER; + s->internal->rstate = SSL_ST_READ_HEADER; rr->off = 0; } } @@ -840,7 +840,7 @@ start: */ FIX ME #endif - s->rstate = SSL_ST_READ_HEADER; + s->internal->rstate = SSL_ST_READ_HEADER; rr->length = 0; goto start; } @@ -1035,9 +1035,9 @@ start: goto start; } - if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && + if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; + s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; s->internal->renegotiate = 1; s->internal->new_session = 1; } @@ -1096,12 +1096,12 @@ start: */ if (S3I(s)->in_read_app_data && (S3I(s)->total_renegotiations != 0) && - (((s->state & SSL_ST_CONNECT) && - (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && - (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( - (s->state & SSL_ST_ACCEPT) && - (s->state <= SSL3_ST_SW_HELLO_REQ_A) && - (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { + (((s->internal->state & SSL_ST_CONNECT) && + (s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) && + (s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( + (s->internal->state & SSL_ST_ACCEPT) && + (s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) && + (s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { S3I(s)->in_read_app_data = 2; return (-1); } else { diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 78816cda463..81a05eb30e6 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.76 2017/01/23 06:45:30 beck Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.77 2017/01/23 08:48:44 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -209,12 +209,12 @@ dtls1_accept(SSL *s) } for (;;) { - state = s->state; + state = s->internal->state; - switch (s->state) { + switch (s->internal->state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - /* s->state=SSL_ST_ACCEPT; */ + /* s->internal->state=SSL_ST_ACCEPT; */ case SSL_ST_BEFORE: case SSL_ST_ACCEPT: @@ -243,7 +243,7 @@ dtls1_accept(SSL *s) s->internal->init_num = 0; - if (s->state != SSL_ST_RENEGOTIATE) { + if (s->internal->state != SSL_ST_RENEGOTIATE) { /* Ok, we now need to push on a buffering BIO so that * the output is sent in a way that TCP likes :-) * ...but not with SCTP :-) @@ -258,13 +258,13 @@ dtls1_accept(SSL *s) goto end; } - s->state = SSL3_ST_SR_CLNT_HELLO_A; + s->internal->state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->internal->stats.sess_accept++; } else { - /* s->state == SSL_ST_RENEGOTIATE, + /* s->internal->state == SSL_ST_RENEGOTIATE, * we will just send a HelloRequest */ s->ctx->internal->stats.sess_accept_renegotiate++; - s->state = SSL3_ST_SW_HELLO_REQ_A; + s->internal->state = SSL3_ST_SW_HELLO_REQ_A; } break; @@ -279,7 +279,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; - s->state = SSL3_ST_SW_FLUSH; + s->internal->state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; if (!tls1_init_finished_mac(s)) { @@ -289,7 +289,7 @@ dtls1_accept(SSL *s) break; case SSL3_ST_SW_HELLO_REQ_C: - s->state = SSL_ST_OK; + s->internal->state = SSL_ST_OK; break; case SSL3_ST_SR_CLNT_HELLO_A: @@ -303,9 +303,9 @@ dtls1_accept(SSL *s) dtls1_stop_timer(s); if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) - s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; + s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; else - s->state = SSL3_ST_SW_SRVR_HELLO_A; + s->internal->state = SSL3_ST_SW_SRVR_HELLO_A; s->internal->init_num = 0; @@ -315,7 +315,7 @@ dtls1_accept(SSL *s) } /* If we're just listening, stop here */ - if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { + if (listen && s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; D1I(s)->listen = 0; /* Set expected sequence numbers @@ -335,7 +335,7 @@ dtls1_accept(SSL *s) ret = dtls1_send_hello_verify_request(s); if (ret <= 0) goto end; - s->state = SSL3_ST_SW_FLUSH; + s->internal->state = SSL3_ST_SW_FLUSH; S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; /* HelloVerifyRequest resets Finished MAC */ @@ -356,11 +356,11 @@ dtls1_accept(SSL *s) if (s->internal->hit) { if (s->internal->tlsext_ticket_expected) - s->state = SSL3_ST_SW_SESSION_TICKET_A; + s->internal->state = SSL3_ST_SW_SESSION_TICKET_A; else - s->state = SSL3_ST_SW_CHANGE_A; + s->internal->state = SSL3_ST_SW_CHANGE_A; } else - s->state = SSL3_ST_SW_CERT_A; + s->internal->state = SSL3_ST_SW_CERT_A; s->internal->init_num = 0; break; @@ -374,12 +374,12 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - s->state = SSL3_ST_SW_CERT_STATUS_A; + s->internal->state = SSL3_ST_SW_CERT_STATUS_A; else - s->state = SSL3_ST_SW_KEY_EXCH_A; + s->internal->state = SSL3_ST_SW_KEY_EXCH_A; } else { skip = 1; - s->state = SSL3_ST_SW_KEY_EXCH_A; + s->internal->state = SSL3_ST_SW_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -397,7 +397,7 @@ dtls1_accept(SSL *s) } else skip = 1; - s->state = SSL3_ST_SW_CERT_REQ_A; + s->internal->state = SSL3_ST_SW_CERT_REQ_A; s->internal->init_num = 0; break; @@ -429,14 +429,14 @@ dtls1_accept(SSL *s) /* no cert request */ skip = 1; S3I(s)->tmp.cert_request = 0; - s->state = SSL3_ST_SW_SRVR_DONE_A; + s->internal->state = SSL3_ST_SW_SRVR_DONE_A; } else { S3I(s)->tmp.cert_request = 1; dtls1_start_timer(s); ret = ssl3_send_certificate_request(s); if (ret <= 0) goto end; - s->state = SSL3_ST_SW_SRVR_DONE_A; + s->internal->state = SSL3_ST_SW_SRVR_DONE_A; s->internal->init_num = 0; } break; @@ -448,7 +448,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; - s->state = SSL3_ST_SW_FLUSH; + s->internal->state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; break; @@ -458,14 +458,14 @@ dtls1_accept(SSL *s) /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - s->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->tmp.next_state; } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - s->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->tmp.next_state; break; case SSL3_ST_SR_CERT_A: @@ -476,7 +476,7 @@ dtls1_accept(SSL *s) goto end; } s->internal->init_num = 0; - s->state = SSL3_ST_SR_KEY_EXCH_A; + s->internal->state = SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: @@ -485,7 +485,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; - s->state = SSL3_ST_SR_CERT_VRFY_A; + s->internal->state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; if (ret == 2) { @@ -494,10 +494,10 @@ dtls1_accept(SSL *s) * a certificate, the CertificateVerify * message is not sent. */ - s->state = SSL3_ST_SR_FINISHED_A; + s->internal->state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; } else if (SSL_USE_SIGALGS(s)) { - s->state = SSL3_ST_SR_CERT_VRFY_A; + s->internal->state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; if (!s->session->peer) break; @@ -518,7 +518,7 @@ dtls1_accept(SSL *s) goto end; } } else { - s->state = SSL3_ST_SR_CERT_VRFY_A; + s->internal->state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; /* We need to get hashes here so if there is @@ -539,7 +539,7 @@ dtls1_accept(SSL *s) ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; - s->state = SSL3_ST_SR_FINISHED_A; + s->internal->state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; break; @@ -552,11 +552,11 @@ dtls1_accept(SSL *s) goto end; dtls1_stop_timer(s); if (s->internal->hit) - s->state = SSL_ST_OK; + s->internal->state = SSL_ST_OK; else if (s->internal->tlsext_ticket_expected) - s->state = SSL3_ST_SW_SESSION_TICKET_A; + s->internal->state = SSL3_ST_SW_SESSION_TICKET_A; else - s->state = SSL3_ST_SW_CHANGE_A; + s->internal->state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -565,7 +565,7 @@ dtls1_accept(SSL *s) ret = ssl3_send_newsession_ticket(s); if (ret <= 0) goto end; - s->state = SSL3_ST_SW_CHANGE_A; + s->internal->state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -574,7 +574,7 @@ dtls1_accept(SSL *s) ret = ssl3_send_cert_status(s); if (ret <= 0) goto end; - s->state = SSL3_ST_SW_KEY_EXCH_A; + s->internal->state = SSL3_ST_SW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -595,7 +595,7 @@ dtls1_accept(SSL *s) goto end; - s->state = SSL3_ST_SW_FINISHED_A; + s->internal->state = SSL3_ST_SW_FINISHED_A; s->internal->init_num = 0; if (!s->method->ssl3_enc->change_cipher_state(s, @@ -615,7 +615,7 @@ dtls1_accept(SSL *s) s->method->ssl3_enc->server_finished_label_len); if (ret <= 0) goto end; - s->state = SSL3_ST_SW_FLUSH; + s->internal->state = SSL3_ST_SW_FLUSH; if (s->internal->hit) { S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A; @@ -672,11 +672,11 @@ dtls1_accept(SSL *s) goto end; } - if ((cb != NULL) && (s->state != state)) { - new_state = s->state; - s->state = state; + if ((cb != NULL) && (s->internal->state != state)) { + new_state = s->internal->state; + s->internal->state = state; cb(s, SSL_CB_ACCEPT_LOOP, 1); - s->state = new_state; + s->internal->state = new_state; } } skip = 0; @@ -697,7 +697,7 @@ dtls1_send_hello_verify_request(SSL *s) { unsigned char *d, *p; - if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { + if (s->internal->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { d = p = ssl3_handshake_msg_start(s, DTLS1_MT_HELLO_VERIFY_REQUEST); @@ -718,9 +718,9 @@ dtls1_send_hello_verify_request(SSL *s) ssl3_handshake_msg_finish(s, p - d); - s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; + s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; } - /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ + /* s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ return (ssl3_handshake_write(s)); } diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c index e95006bcca7..ccaee02564f 100644 --- a/lib/libssl/s23_clnt.c +++ b/lib/libssl/s23_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s23_clnt.c,v 1.53 2017/01/23 06:45:30 beck Exp $ */ +/* $OpenBSD: s23_clnt.c,v 1.54 2017/01/23 08:48:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -140,9 +140,9 @@ ssl23_connect(SSL *s) SSL_clear(s); for (;;) { - state = s->state; + state = s->internal->state; - switch (s->state) { + switch (s->internal->state) { case SSL_ST_BEFORE: case SSL_ST_CONNECT: case SSL_ST_BEFORE|SSL_ST_CONNECT: @@ -173,7 +173,7 @@ ssl23_connect(SSL *s) goto end; } - s->state = SSL23_ST_CW_CLNT_HELLO_A; + s->internal->state = SSL23_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; s->internal->init_num = 0; break; @@ -185,7 +185,7 @@ ssl23_connect(SSL *s) ret = ssl23_client_hello(s); if (ret <= 0) goto end; - s->state = SSL23_ST_CR_SRVR_HELLO_A; + s->internal->state = SSL23_ST_CR_SRVR_HELLO_A; s->internal->init_num = 0; break; @@ -209,11 +209,11 @@ ssl23_connect(SSL *s) (void)BIO_flush(s->wbio); } - if ((cb != NULL) && (s->state != state)) { - new_state = s->state; - s->state = state; + if ((cb != NULL) && (s->internal->state != state)) { + new_state = s->internal->state; + s->internal->state = state; cb(s, SSL_CB_CONNECT_LOOP, 1); - s->state = new_state; + s->internal->state = new_state; } } @@ -236,7 +236,7 @@ ssl23_client_hello(SSL *s) int ret; buf = (unsigned char *)s->internal->init_buf->data; - if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { + if (s->internal->state == SSL23_ST_CW_CLNT_HELLO_A) { arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); if (ssl_enabled_version_range(s, NULL, &version) != 1) { @@ -325,7 +325,7 @@ ssl23_client_hello(SSL *s) tls1_finish_mac(s, &(buf[SSL3_RT_HEADER_LENGTH]), s->internal->init_num - SSL3_RT_HEADER_LENGTH); - s->state = SSL23_ST_CW_CLNT_HELLO_B; + s->internal->state = SSL23_ST_CW_CLNT_HELLO_B; s->internal->init_off = 0; } @@ -419,11 +419,11 @@ ssl23_get_server_hello(SSL *s) goto err; /* we are in this state */ - s->state = SSL3_ST_CR_SRVR_HELLO_A; + s->internal->state = SSL3_ST_CR_SRVR_HELLO_A; /* put the 7 bytes we have read into the input buffer * for SSLv3 */ - s->rstate = SSL_ST_READ_HEADER; + s->internal->rstate = SSL_ST_READ_HEADER; s->internal->packet_length = n; if (s->s3->rbuf.buf == NULL) if (!ssl3_setup_read_buffer(s)) diff --git a/lib/libssl/s23_srvr.c b/lib/libssl/s23_srvr.c index 6b5ac0cc630..4dd94eb7b86 100644 --- a/lib/libssl/s23_srvr.c +++ b/lib/libssl/s23_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s23_srvr.c,v 1.54 2017/01/23 06:45:30 beck Exp $ */ +/* $OpenBSD: s23_srvr.c,v 1.55 2017/01/23 08:48:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -139,9 +139,9 @@ ssl23_accept(SSL *s) SSL_clear(s); for (;;) { - state = s->state; + state = s->internal->state; - switch (s->state) { + switch (s->internal->state) { case SSL_ST_BEFORE: case SSL_ST_ACCEPT: case SSL_ST_BEFORE|SSL_ST_ACCEPT: @@ -163,7 +163,7 @@ ssl23_accept(SSL *s) goto end; } - s->state = SSL23_ST_SR_CLNT_HELLO_A; + s->internal->state = SSL23_ST_SR_CLNT_HELLO_A; s->ctx->internal->stats.sess_accept++; s->internal->init_num = 0; break; @@ -185,11 +185,11 @@ ssl23_accept(SSL *s) /* break; */ } - if ((cb != NULL) && (s->state != state)) { - new_state = s->state; - s->state = state; + if ((cb != NULL) && (s->internal->state != state)) { + new_state = s->internal->state; + s->internal->state = state; cb(s, SSL_CB_ACCEPT_LOOP, 1); - s->state = new_state; + s->internal->state = new_state; } } @@ -228,7 +228,7 @@ ssl23_get_client_hello(SSL *s) int n = 0, j; int type = 0; - if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { + if (s->internal->state == SSL23_ST_SR_CLNT_HELLO_A) { /* read the initial header */ if (!ssl3_setup_buffers(s)) return -1; @@ -252,7 +252,7 @@ ssl23_get_client_hello(SSL *s) goto unsupported; s->version = shared_version; - s->state = SSL23_ST_SR_CLNT_HELLO_B; + s->internal->state = SSL23_ST_SR_CLNT_HELLO_B; } else if ((p[0] == SSL3_RT_HANDSHAKE) && (p[1] == SSL3_VERSION_MAJOR) && (p[5] == SSL3_MT_CLIENT_HELLO) && @@ -301,7 +301,7 @@ ssl23_get_client_hello(SSL *s) } } - if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { + if (s->internal->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header * (other cases skip this state) */ @@ -413,7 +413,7 @@ ssl23_get_client_hello(SSL *s) } /* imaginary new state (for program structure): */ - /* s->state = SSL23_SR_CLNT_HELLO_C */ + /* s->internal->state = SSL23_SR_CLNT_HELLO_C */ if (type == 2 || type == 3) { /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ @@ -422,12 +422,12 @@ ssl23_get_client_hello(SSL *s) return -1; /* we are in this state */ - s->state = SSL3_ST_SR_CLNT_HELLO_A; + s->internal->state = SSL3_ST_SR_CLNT_HELLO_A; if (type == 3) { /* put the 'n' bytes we have read into the input buffer * for SSLv3 */ - s->rstate = SSL_ST_READ_HEADER; + s->internal->rstate = SSL_ST_READ_HEADER; s->internal->packet_length = n; if (s->s3->rbuf.buf == NULL) if (!ssl3_setup_read_buffer(s)) diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index 12559ab710f..23fdcd20651 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.53 2017/01/23 06:45:30 beck Exp $ */ +/* $OpenBSD: s3_both.c,v 1.54 2017/01/23 08:48:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -169,7 +169,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) unsigned char *p; int md_len; - if (s->state == a) { + if (s->internal->state == a) { md_len = s->method->ssl3_enc->finish_mac_length; OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); @@ -193,7 +193,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) memcpy(p, S3I(s)->tmp.finish_md, md_len); ssl3_handshake_msg_finish(s, md_len); - s->state = b; + s->internal->state = b; } return (ssl3_handshake_write(s)); @@ -216,7 +216,7 @@ ssl3_take_mac(SSL *s) if (S3I(s)->tmp.new_cipher == NULL) return; - if (s->state & SSL_ST_CONNECT) { + if (s->internal->state & SSL_ST_CONNECT) { sender = s->method->ssl3_enc->server_finished_label; slen = s->method->ssl3_enc->server_finished_label_len; } else { @@ -302,13 +302,13 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b) { unsigned char *p; - if (s->state == a) { + if (s->internal->state == a) { p = (unsigned char *)s->internal->init_buf->data; *p = SSL3_MT_CCS; s->internal->init_num = 1; s->internal->init_off = 0; - s->state = b; + s->internal->state = b; } /* SSL3_ST_CW_CHANGE_B */ @@ -433,7 +433,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) p = (unsigned char *)s->internal->init_buf->data; /* s->internal->init_num < 4 */ - if (s->state == st1) { + if (s->internal->state == st1) { int skip_message; do { @@ -497,7 +497,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) goto err; } S3I(s)->tmp.message_size = l; - s->state = stn; + s->internal->state = stn; s->internal->init_msg = s->internal->init_buf->data + 4; s->internal->init_num = 0; diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 0893682e75d..a6feb68e91c 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.168 2017/01/23 06:45:30 beck Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.169 2017/01/23 08:48:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -193,12 +193,12 @@ ssl3_connect(SSL *s) SSL_clear(s); for (;;) { - state = s->state; + state = s->internal->state; - switch (s->state) { + switch (s->internal->state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - s->state = SSL_ST_CONNECT; + s->internal->state = SSL_ST_CONNECT; s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: @@ -240,7 +240,7 @@ ssl3_connect(SSL *s) goto end; } - s->state = SSL3_ST_CW_CLNT_HELLO_A; + s->internal->state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; s->internal->init_num = 0; break; @@ -252,7 +252,7 @@ ssl3_connect(SSL *s) ret = ssl3_client_hello(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CR_SRVR_HELLO_A; + s->internal->state = SSL3_ST_CR_SRVR_HELLO_A; s->internal->init_num = 0; /* turn on buffering for the next lot of output */ @@ -268,13 +268,13 @@ ssl3_connect(SSL *s) goto end; if (s->internal->hit) { - s->state = SSL3_ST_CR_FINISHED_A; + s->internal->state = SSL3_ST_CR_FINISHED_A; if (s->internal->tlsext_ticket_expected) { /* receive renewed session ticket */ - s->state = SSL3_ST_CR_SESSION_TICKET_A; + s->internal->state = SSL3_ST_CR_SESSION_TICKET_A; } } else - s->state = SSL3_ST_CR_CERT_A; + s->internal->state = SSL3_ST_CR_CERT_A; s->internal->init_num = 0; break; @@ -286,9 +286,9 @@ ssl3_connect(SSL *s) if (ret == 2) { s->internal->hit = 1; if (s->internal->tlsext_ticket_expected) - s->state = SSL3_ST_CR_SESSION_TICKET_A; + s->internal->state = SSL3_ST_CR_SESSION_TICKET_A; else - s->state = SSL3_ST_CR_FINISHED_A; + s->internal->state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; } @@ -299,12 +299,12 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - s->state = SSL3_ST_CR_CERT_STATUS_A; + s->internal->state = SSL3_ST_CR_CERT_STATUS_A; else - s->state = SSL3_ST_CR_KEY_EXCH_A; + s->internal->state = SSL3_ST_CR_KEY_EXCH_A; } else { skip = 1; - s->state = SSL3_ST_CR_KEY_EXCH_A; + s->internal->state = SSL3_ST_CR_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -314,7 +314,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_server_key_exchange(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CR_CERT_REQ_A; + s->internal->state = SSL3_ST_CR_CERT_REQ_A; s->internal->init_num = 0; /* @@ -332,7 +332,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_certificate_request(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CR_SRVR_DONE_A; + s->internal->state = SSL3_ST_CR_SRVR_DONE_A; s->internal->init_num = 0; break; @@ -342,9 +342,9 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; if (S3I(s)->tmp.cert_req) - s->state = SSL3_ST_CW_CERT_A; + s->internal->state = SSL3_ST_CW_CERT_A; else - s->state = SSL3_ST_CW_KEY_EXCH_A; + s->internal->state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -356,7 +356,7 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_certificate(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CW_KEY_EXCH_A; + s->internal->state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -382,13 +382,13 @@ ssl3_connect(SSL *s) * inside the client certificate. */ if (S3I(s)->tmp.cert_req == 1) { - s->state = SSL3_ST_CW_CERT_VRFY_A; + s->internal->state = SSL3_ST_CW_CERT_VRFY_A; } else { - s->state = SSL3_ST_CW_CHANGE_A; + s->internal->state = SSL3_ST_CW_CHANGE_A; S3I(s)->change_cipher_spec = 0; } if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { - s->state = SSL3_ST_CW_CHANGE_A; + s->internal->state = SSL3_ST_CW_CHANGE_A; S3I(s)->change_cipher_spec = 0; } @@ -400,7 +400,7 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_verify(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CW_CHANGE_A; + s->internal->state = SSL3_ST_CW_CHANGE_A; s->internal->init_num = 0; S3I(s)->change_cipher_spec = 0; break; @@ -413,9 +413,9 @@ ssl3_connect(SSL *s) goto end; if (S3I(s)->next_proto_neg_seen) - s->state = SSL3_ST_CW_NEXT_PROTO_A; + s->internal->state = SSL3_ST_CW_NEXT_PROTO_A; else - s->state = SSL3_ST_CW_FINISHED_A; + s->internal->state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; s->session->cipher = S3I(s)->tmp.new_cipher; @@ -437,7 +437,7 @@ ssl3_connect(SSL *s) ret = ssl3_send_next_proto(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CW_FINISHED_A; + s->internal->state = SSL3_ST_CW_FINISHED_A; break; case SSL3_ST_CW_FINISHED_A: @@ -449,7 +449,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->s3->flags |= SSL3_FLAGS_CCS_OK; - s->state = SSL3_ST_CW_FLUSH; + s->internal->state = SSL3_ST_CW_FLUSH; /* clear flags */ s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; @@ -457,7 +457,7 @@ ssl3_connect(SSL *s) S3I(s)->tmp.next_state = SSL_ST_OK; if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { - s->state = SSL_ST_OK; + s->internal->state = SSL_ST_OK; s->s3->flags|=SSL3_FLAGS_POP_BUFFER; S3I(s)->delay_buf_pop_ret = 0; } @@ -478,7 +478,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_new_session_ticket(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CR_FINISHED_A; + s->internal->state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; @@ -487,7 +487,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_cert_status(s); if (ret <= 0) goto end; - s->state = SSL3_ST_CR_KEY_EXCH_A; + s->internal->state = SSL3_ST_CR_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -500,9 +500,9 @@ ssl3_connect(SSL *s) goto end; if (s->internal->hit) - s->state = SSL3_ST_CW_CHANGE_A; + s->internal->state = SSL3_ST_CW_CHANGE_A; else - s->state = SSL_ST_OK; + s->internal->state = SSL_ST_OK; s->internal->init_num = 0; break; @@ -513,7 +513,7 @@ ssl3_connect(SSL *s) goto end; } s->internal->rwstate = SSL_NOTHING; - s->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->tmp.next_state; break; case SSL_ST_OK: @@ -567,11 +567,11 @@ ssl3_connect(SSL *s) goto end; } - if ((cb != NULL) && (s->state != state)) { - new_state = s->state; - s->state = state; + if ((cb != NULL) && (s->internal->state != state)) { + new_state = s->internal->state; + s->internal->state = state; cb(s, SSL_CB_CONNECT_LOOP, 1); - s->state = new_state; + s->internal->state = new_state; } } skip = 0; @@ -594,7 +594,7 @@ ssl3_client_hello(SSL *s) bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; - if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { + if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; if ((sess == NULL) || @@ -706,7 +706,7 @@ ssl3_client_hello(SSL *s) ssl3_handshake_msg_finish(s, p - d); - s->state = SSL3_ST_CW_CLNT_HELLO_B; + s->internal->state = SSL3_ST_CW_CLNT_HELLO_B; } /* SSL3_ST_CW_CLNT_HELLO_B */ @@ -2339,7 +2339,7 @@ ssl3_send_client_key_exchange(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->state == SSL3_ST_CW_KEY_EXCH_A) { + if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) { alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; if ((sess_cert = SSI(s)->sess_cert) == NULL) { @@ -2377,7 +2377,7 @@ ssl3_send_client_key_exchange(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->state = SSL3_ST_CW_KEY_EXCH_B; + s->internal->state = SSL3_ST_CW_KEY_EXCH_B; } /* SSL3_ST_CW_KEY_EXCH_B */ @@ -2403,7 +2403,7 @@ ssl3_send_client_verify(SSL *s) EVP_MD_CTX_init(&mctx); - if (s->state == SSL3_ST_CW_CERT_VRFY_A) { + if (s->internal->state == SSL3_ST_CW_CERT_VRFY_A) { p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY); /* @@ -2530,7 +2530,7 @@ ssl3_send_client_verify(SSL *s) goto err; } - s->state = SSL3_ST_CW_CERT_VRFY_B; + s->internal->state = SSL3_ST_CW_CERT_VRFY_B; ssl3_handshake_msg_finish(s, n); } @@ -2556,16 +2556,16 @@ ssl3_send_client_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->state == SSL3_ST_CW_CERT_A) { + if (s->internal->state == SSL3_ST_CW_CERT_A) { if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || (s->cert->key->privatekey == NULL)) - s->state = SSL3_ST_CW_CERT_B; + s->internal->state = SSL3_ST_CW_CERT_B; else - s->state = SSL3_ST_CW_CERT_C; + s->internal->state = SSL3_ST_CW_CERT_C; } /* We need to get a client cert */ - if (s->state == SSL3_ST_CW_CERT_B) { + if (s->internal->state == SSL3_ST_CW_CERT_B) { /* * If we get an error, we need to * ssl->rwstate=SSL_X509_LOOKUP; return(-1); @@ -2578,7 +2578,7 @@ ssl3_send_client_certificate(SSL *s) } s->internal->rwstate = SSL_NOTHING; if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { - s->state = SSL3_ST_CW_CERT_B; + s->internal->state = SSL3_ST_CW_CERT_B; if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey)) i = 0; @@ -2594,10 +2594,10 @@ ssl3_send_client_certificate(SSL *s) S3I(s)->tmp.cert_req = 2; /* Ok, we have a cert */ - s->state = SSL3_ST_CW_CERT_C; + s->internal->state = SSL3_ST_CW_CERT_C; } - if (s->state == SSL3_ST_CW_CERT_C) { + if (s->internal->state == SSL3_ST_CW_CERT_C) { if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert, SSL3_MT_CERTIFICATE)) goto err; @@ -2607,7 +2607,7 @@ ssl3_send_client_certificate(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->state = SSL3_ST_CW_CERT_D; + s->internal->state = SSL3_ST_CW_CERT_D; } /* SSL3_ST_CW_CERT_D */ @@ -2700,7 +2700,7 @@ ssl3_send_next_proto(SSL *s) unsigned int len, padding_len; unsigned char *d, *p; - if (s->state == SSL3_ST_CW_NEXT_PROTO_A) { + if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) { d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO); len = s->internal->next_proto_negotiated_len; @@ -2714,7 +2714,7 @@ ssl3_send_next_proto(SSL *s) ssl3_handshake_msg_finish(s, p - d); - s->state = SSL3_ST_CW_NEXT_PROTO_B; + s->internal->state = SSL3_ST_CW_NEXT_PROTO_B; } return (ssl3_handshake_write(s)); diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 67745577562..09af18ea957 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.125 2017/01/23 06:45:30 beck Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.126 2017/01/23 08:48:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1678,7 +1678,7 @@ ssl3_cipher_get_value(const SSL_CIPHER *c) int ssl3_pending(const SSL *s) { - if (s->rstate == SSL_ST_READ_BODY) + if (s->internal->rstate == SSL_ST_READ_BODY) return 0; return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ? @@ -2505,7 +2505,7 @@ ssl3_shutdown(SSL *s) * Don't do anything much if we have not done the handshake or * we don't want to send messages :-) */ - if ((s->internal->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { + if ((s->internal->quiet_shutdown) || (s->internal->state == SSL_ST_BEFORE)) { s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return (1); } @@ -2669,7 +2669,7 @@ ssl3_renegotiate_check(SSL *s) * to SSL_ST_ACCEPT. */ /* SSL_ST_ACCEPT */ - s->state = SSL_ST_RENEGOTIATE; + s->internal->state = SSL_ST_RENEGOTIATE; S3I(s)->renegotiate = 0; S3I(s)->num_renegotiations++; S3I(s)->total_renegotiations++; diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index 3fb5168d165..228c5f536c4 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_pkt.c,v 1.65 2017/01/23 08:08:06 beck Exp $ */ +/* $OpenBSD: s3_pkt.c,v 1.66 2017/01/23 08:48:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -290,7 +290,7 @@ ssl3_get_record(SSL *s) again: /* check if we have the header */ - if ((s->rstate != SSL_ST_READ_BODY) || + if ((s->internal->rstate != SSL_ST_READ_BODY) || (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) { CBS header; uint16_t len, ssl_version; @@ -299,7 +299,7 @@ again: n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); if (n <= 0) return(n); /* error or non-blocking */ - s->rstate = SSL_ST_READ_BODY; + s->internal->rstate = SSL_ST_READ_BODY; CBS_init(&header, s->internal->packet, n); @@ -340,10 +340,10 @@ again: goto f_err; } - /* now s->rstate == SSL_ST_READ_BODY */ + /* now s->internal->rstate == SSL_ST_READ_BODY */ } - /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ + /* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */ if (rr->length > s->internal->packet_length - SSL3_RT_HEADER_LENGTH) { /* now s->internal->packet_length == SSL3_RT_HEADER_LENGTH */ @@ -355,7 +355,7 @@ again: * and s->internal->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ } - s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ + s->internal->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ /* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, * and we have that many bytes in s->internal->packet @@ -666,7 +666,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* Some servers hang if iniatial client hello is larger than 256 * bytes and record version number > TLS 1.0 */ - if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && + if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && TLS1_get_version(s) > TLS1_VERSION) *(p++) = 0x1; else @@ -929,7 +929,7 @@ start: rr = &(S3I(s)->rrec); /* get new packet if necessary */ - if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { + if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) { ret = ssl3_get_record(s); if (ret <= 0) return (ret); @@ -981,7 +981,7 @@ start: rr->length -= n; rr->off += n; if (rr->length == 0) { - s->rstate = SSL_ST_READ_HEADER; + s->internal->rstate = SSL_ST_READ_HEADER; rr->off = 0; if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) @@ -1215,9 +1215,9 @@ start: /* Unexpected handshake message (Client Hello, or protocol violation) */ if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) { - if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && + if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; + s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; s->internal->renegotiate = 1; s->internal->new_session = 1; } @@ -1280,12 +1280,12 @@ start: */ if (S3I(s)->in_read_app_data && (S3I(s)->total_renegotiations != 0) && - (((s->state & SSL_ST_CONNECT) && - (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && - (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || - ((s->state & SSL_ST_ACCEPT) && - (s->state <= SSL3_ST_SW_HELLO_REQ_A) && - (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { + (((s->internal->state & SSL_ST_CONNECT) && + (s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) && + (s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) || + ((s->internal->state & SSL_ST_ACCEPT) && + (s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) && + (s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { S3I(s)->in_read_app_data = 2; return (-1); } else { @@ -1309,7 +1309,7 @@ ssl3_do_change_cipher_spec(SSL *s) const char *sender; int slen; - if (s->state & SSL_ST_ACCEPT) + if (s->internal->state & SSL_ST_ACCEPT) i = SSL3_CHANGE_CIPHER_SERVER_READ; else i = SSL3_CHANGE_CIPHER_CLIENT_READ; @@ -1333,7 +1333,7 @@ ssl3_do_change_cipher_spec(SSL *s) /* we have to record the message digest at * this point so we can get it before we read * the finished message */ - if (s->state & SSL_ST_CONNECT) { + if (s->internal->state & SSL_ST_CONNECT) { sender = s->method->ssl3_enc->server_finished_label; slen = s->method->ssl3_enc->server_finished_label_len; } else { diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 31860eb049d..fa958d96f83 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.147 2017/01/23 06:45:30 beck Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.148 2017/01/23 08:48:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -195,12 +195,12 @@ ssl3_accept(SSL *s) } for (;;) { - state = s->state; + state = s->internal->state; - switch (s->state) { + switch (s->internal->state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - /* s->state=SSL_ST_ACCEPT; */ + /* s->internal->state=SSL_ST_ACCEPT; */ case SSL_ST_BEFORE: case SSL_ST_ACCEPT: @@ -229,7 +229,7 @@ ssl3_accept(SSL *s) s->internal->init_num = 0; - if (s->state != SSL_ST_RENEGOTIATE) { + if (s->internal->state != SSL_ST_RENEGOTIATE) { /* * Ok, we now need to push on a buffering BIO * so that the output is sent in a way that @@ -245,7 +245,7 @@ ssl3_accept(SSL *s) goto end; } - s->state = SSL3_ST_SR_CLNT_HELLO_A; + s->internal->state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->internal->stats.sess_accept++; } else if (!S3I(s)->send_connection_binding) { /* @@ -261,11 +261,11 @@ ssl3_accept(SSL *s) goto end; } else { /* - * s->state == SSL_ST_RENEGOTIATE, + * s->internal->state == SSL_ST_RENEGOTIATE, * we will just send a HelloRequest */ s->ctx->internal->stats.sess_accept_renegotiate++; - s->state = SSL3_ST_SW_HELLO_REQ_A; + s->internal->state = SSL3_ST_SW_HELLO_REQ_A; } break; @@ -277,7 +277,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C; - s->state = SSL3_ST_SW_FLUSH; + s->internal->state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; if (!tls1_init_finished_mac(s)) { @@ -287,7 +287,7 @@ ssl3_accept(SSL *s) break; case SSL3_ST_SW_HELLO_REQ_C: - s->state = SSL_ST_OK; + s->internal->state = SSL_ST_OK; break; case SSL3_ST_SR_CLNT_HELLO_A: @@ -302,7 +302,7 @@ ssl3_accept(SSL *s) } s->internal->renegotiate = 2; - s->state = SSL3_ST_SW_SRVR_HELLO_A; + s->internal->state = SSL3_ST_SW_SRVR_HELLO_A; s->internal->init_num = 0; break; @@ -313,12 +313,12 @@ ssl3_accept(SSL *s) goto end; if (s->internal->hit) { if (s->internal->tlsext_ticket_expected) - s->state = SSL3_ST_SW_SESSION_TICKET_A; + s->internal->state = SSL3_ST_SW_SESSION_TICKET_A; else - s->state = SSL3_ST_SW_CHANGE_A; + s->internal->state = SSL3_ST_SW_CHANGE_A; } else - s->state = SSL3_ST_SW_CERT_A; + s->internal->state = SSL3_ST_SW_CERT_A; s->internal->init_num = 0; break; @@ -331,12 +331,12 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - s->state = SSL3_ST_SW_CERT_STATUS_A; + s->internal->state = SSL3_ST_SW_CERT_STATUS_A; else - s->state = SSL3_ST_SW_KEY_EXCH_A; + s->internal->state = SSL3_ST_SW_KEY_EXCH_A; } else { skip = 1; - s->state = SSL3_ST_SW_KEY_EXCH_A; + s->internal->state = SSL3_ST_SW_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -360,7 +360,7 @@ ssl3_accept(SSL *s) } else skip = 1; - s->state = SSL3_ST_SW_CERT_REQ_A; + s->internal->state = SSL3_ST_SW_CERT_REQ_A; s->internal->init_num = 0; break; @@ -392,7 +392,7 @@ ssl3_accept(SSL *s) /* No cert request */ skip = 1; S3I(s)->tmp.cert_request = 0; - s->state = SSL3_ST_SW_SRVR_DONE_A; + s->internal->state = SSL3_ST_SW_SRVR_DONE_A; if (S3I(s)->handshake_buffer) { if (!tls1_digest_cached_records(s)) { ret = -1; @@ -404,7 +404,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_certificate_request(s); if (ret <= 0) goto end; - s->state = SSL3_ST_SW_SRVR_DONE_A; + s->internal->state = SSL3_ST_SW_SRVR_DONE_A; s->internal->init_num = 0; } break; @@ -415,7 +415,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; - s->state = SSL3_ST_SW_FLUSH; + s->internal->state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; break; @@ -439,7 +439,7 @@ ssl3_accept(SSL *s) } s->internal->rwstate = SSL_NOTHING; - s->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->tmp.next_state; break; case SSL3_ST_SR_CERT_A: @@ -450,7 +450,7 @@ ssl3_accept(SSL *s) goto end; } s->internal->init_num = 0; - s->state = SSL3_ST_SR_KEY_EXCH_A; + s->internal->state = SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: @@ -470,12 +470,12 @@ ssl3_accept(SSL *s) * for key exchange. */ if (S3I(s)->next_proto_neg_seen) - s->state = SSL3_ST_SR_NEXT_PROTO_A; + s->internal->state = SSL3_ST_SR_NEXT_PROTO_A; else - s->state = SSL3_ST_SR_FINISHED_A; + s->internal->state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { - s->state = SSL3_ST_SR_CERT_VRFY_A; + s->internal->state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; if (!s->session->peer) break; @@ -498,7 +498,7 @@ ssl3_accept(SSL *s) int offset = 0; int dgst_num; - s->state = SSL3_ST_SR_CERT_VRFY_A; + s->internal->state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; /* @@ -544,9 +544,9 @@ ssl3_accept(SSL *s) goto end; if (S3I(s)->next_proto_neg_seen) - s->state = SSL3_ST_SR_NEXT_PROTO_A; + s->internal->state = SSL3_ST_SR_NEXT_PROTO_A; else - s->state = SSL3_ST_SR_FINISHED_A; + s->internal->state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; break; @@ -556,7 +556,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; s->internal->init_num = 0; - s->state = SSL3_ST_SR_FINISHED_A; + s->internal->state = SSL3_ST_SR_FINISHED_A; break; case SSL3_ST_SR_FINISHED_A: @@ -567,11 +567,11 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; if (s->internal->hit) - s->state = SSL_ST_OK; + s->internal->state = SSL_ST_OK; else if (s->internal->tlsext_ticket_expected) - s->state = SSL3_ST_SW_SESSION_TICKET_A; + s->internal->state = SSL3_ST_SW_SESSION_TICKET_A; else - s->state = SSL3_ST_SW_CHANGE_A; + s->internal->state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -580,7 +580,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_newsession_ticket(s); if (ret <= 0) goto end; - s->state = SSL3_ST_SW_CHANGE_A; + s->internal->state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -589,7 +589,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_cert_status(s); if (ret <= 0) goto end; - s->state = SSL3_ST_SW_KEY_EXCH_A; + s->internal->state = SSL3_ST_SW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -608,7 +608,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; - s->state = SSL3_ST_SW_FINISHED_A; + s->internal->state = SSL3_ST_SW_FINISHED_A; s->internal->init_num = 0; if (!s->method->ssl3_enc->change_cipher_state( @@ -627,7 +627,7 @@ ssl3_accept(SSL *s) s->method->ssl3_enc->server_finished_label_len); if (ret <= 0) goto end; - s->state = SSL3_ST_SW_FLUSH; + s->internal->state = SSL3_ST_SW_FLUSH; if (s->internal->hit) { if (S3I(s)->next_proto_neg_seen) { s->s3->flags |= SSL3_FLAGS_CCS_OK; @@ -687,11 +687,11 @@ ssl3_accept(SSL *s) } - if ((cb != NULL) && (s->state != state)) { - new_state = s->state; - s->state = state; + if ((cb != NULL) && (s->internal->state != state)) { + new_state = s->internal->state; + s->internal->state = state; cb(s, SSL_CB_ACCEPT_LOOP, 1); - s->state = new_state; + s->internal->state = new_state; } } skip = 0; @@ -708,11 +708,11 @@ end: int ssl3_send_hello_request(SSL *s) { - if (s->state == SSL3_ST_SW_HELLO_REQ_A) { + if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) { ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST); ssl3_handshake_msg_finish(s, 0); - s->state = SSL3_ST_SW_HELLO_REQ_B; + s->internal->state = SSL3_ST_SW_HELLO_REQ_B; } /* SSL3_ST_SW_HELLO_REQ_B */ @@ -738,8 +738,8 @@ ssl3_get_client_hello(SSL *s) * If we are SSLv3, we will respond with SSLv3, even if prompted with * TLSv1. */ - if (s->state == SSL3_ST_SR_CLNT_HELLO_A) { - s->state = SSL3_ST_SR_CLNT_HELLO_B; + if (s->internal->state == SSL3_ST_SR_CLNT_HELLO_A) { + s->internal->state = SSL3_ST_SR_CLNT_HELLO_B; } s->internal->first_packet = 1; n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, @@ -1099,7 +1099,7 @@ ssl3_send_server_hello(SSL *s) bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; - if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { + if (s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) { d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); if (!CBB_init_fixed(&cbb, p, bufend - p)) @@ -1179,11 +1179,11 @@ ssl3_send_server_hello(SSL *s) int ssl3_send_server_done(SSL *s) { - if (s->state == SSL3_ST_SW_SRVR_DONE_A) { + if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) { ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE); ssl3_handshake_msg_finish(s, 0); - s->state = SSL3_ST_SW_SRVR_DONE_B; + s->internal->state = SSL3_ST_SW_SRVR_DONE_B; } /* SSL3_ST_SW_SRVR_DONE_B */ @@ -1487,7 +1487,7 @@ ssl3_send_server_key_exchange(SSL *s) memset(&cbb, 0, sizeof(cbb)); EVP_MD_CTX_init(&md_ctx); - if (s->state == SSL3_ST_SW_KEY_EXCH_A) { + if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) { type = S3I(s)->tmp.new_cipher->algorithm_mkey; cert = s->cert; @@ -1621,7 +1621,7 @@ ssl3_send_server_key_exchange(SSL *s) ssl3_handshake_msg_finish(s, n); } - s->state = SSL3_ST_SW_KEY_EXCH_B; + s->internal->state = SSL3_ST_SW_KEY_EXCH_B; EVP_MD_CTX_cleanup(&md_ctx); @@ -1646,7 +1646,7 @@ ssl3_send_certificate_request(SSL *s) X509_NAME *name; BUF_MEM *buf; - if (s->state == SSL3_ST_SW_CERT_REQ_A) { + if (s->internal->state == SSL3_ST_SW_CERT_REQ_A) { buf = s->internal->init_buf; d = p = ssl3_handshake_msg_start(s, @@ -1699,7 +1699,7 @@ ssl3_send_certificate_request(SSL *s) ssl3_handshake_msg_finish(s, n); - s->state = SSL3_ST_SW_CERT_REQ_B; + s->internal->state = SSL3_ST_SW_CERT_REQ_B; } /* SSL3_ST_SW_CERT_REQ_B */ @@ -2640,7 +2640,7 @@ ssl3_send_server_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->state == SSL3_ST_SW_CERT_A) { + if (s->internal->state == SSL3_ST_SW_CERT_A) { if ((x = ssl_get_server_send_cert(s)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); @@ -2655,7 +2655,7 @@ ssl3_send_server_certificate(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->state = SSL3_ST_SW_CERT_B; + s->internal->state = SSL3_ST_SW_CERT_B; } /* SSL3_ST_SW_CERT_B */ @@ -2683,7 +2683,7 @@ ssl3_send_newsession_ticket(SSL *s) unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[16]; - if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { + if (s->internal->state == SSL3_ST_SW_SESSION_TICKET_A) { /* get session encoding length */ slen_full = i2d_SSL_SESSION(s->session, NULL); /* @@ -2796,7 +2796,7 @@ ssl3_send_newsession_ticket(SSL *s) ssl3_handshake_msg_finish(s, len); - s->state = SSL3_ST_SW_SESSION_TICKET_B; + s->internal->state = SSL3_ST_SW_SESSION_TICKET_B; explicit_bzero(senc, slen_full); free(senc); @@ -2818,7 +2818,7 @@ ssl3_send_cert_status(SSL *s) { unsigned char *p; - if (s->state == SSL3_ST_SW_CERT_STATUS_A) { + if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) { /* * Grow buffer if need be: the length calculation is as * follows 1 (message type) + 3 (message length) + @@ -2837,7 +2837,7 @@ ssl3_send_cert_status(SSL *s) ssl3_handshake_msg_finish(s, s->internal->tlsext_ocsp_resplen + 4); - s->state = SSL3_ST_SW_CERT_STATUS_B; + s->internal->state = SSL3_ST_SW_CERT_STATUS_B; } /* SSL3_ST_SW_CERT_STATUS_B */ @@ -2873,7 +2873,7 @@ ssl3_get_next_proto(SSL *s) return ((int)n); /* - * s->state doesn't reflect whether ChangeCipherSpec has been received + * s->internal->state doesn't reflect whether ChangeCipherSpec has been received * in this handshake, but S3I(s)->change_cipher_spec does (will be reset * by ssl3_get_finished). */ diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 678246b23e4..f29626dc033 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.115 2017/01/23 08:08:06 beck Exp $ */ +/* $OpenBSD: ssl.h,v 1.116 2017/01/23 08:48:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -846,9 +846,6 @@ struct ssl_st { #endif int server; /* are we the server side? - mostly used by SSL_clear*/ - int state; /* where we are */ - int rstate; /* where we are when reading */ - struct ssl3_state_st *s3; /* SSLv3 variables */ struct dtls1_state_st *d1; /* DTLSv1 variables */ diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 5839bd80487..571ecee509a 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.136 2017/01/23 08:08:06 beck Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.137 2017/01/23 08:48:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -210,12 +210,12 @@ SSL_clear(SSL *s) s->internal->type = 0; - s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); + s->internal->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); s->version = s->method->version; s->client_version = s->version; s->internal->rwstate = SSL_NOTHING; - s->rstate = SSL_ST_READ_HEADER; + s->internal->rstate = SSL_ST_READ_HEADER; BUF_MEM_free(s->internal->init_buf); s->internal->init_buf = NULL; @@ -2430,7 +2430,7 @@ SSL_set_accept_state(SSL *s) { s->server = 1; s->internal->shutdown = 0; - s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; + s->internal->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; s->internal->handshake_func = s->method->ssl_accept; /* clear the current cipher */ ssl_clear_cipher_ctx(s); @@ -2443,7 +2443,7 @@ SSL_set_connect_state(SSL *s) { s->server = 0; s->internal->shutdown = 0; - s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; + s->internal->state = SSL_ST_CONNECT|SSL_ST_BEFORE; s->internal->handshake_func = s->method->ssl_connect; /* clear the current cipher */ ssl_clear_cipher_ctx(s); @@ -2681,8 +2681,8 @@ SSL_dup(SSL *s) ret->internal->quiet_shutdown = s->internal->quiet_shutdown; ret->internal->shutdown = s->internal->shutdown; /* SSL_dup does not really work at any state, though */ - ret->state=s->state; - ret->rstate = s->rstate; + ret->internal->state = s->internal->state; + ret->internal->rstate = s->internal->rstate; /* * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, @@ -2941,13 +2941,13 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) int SSL_state(const SSL *ssl) { - return (ssl->state); + return (ssl->internal->state); } void SSL_set_state(SSL *ssl, int state) { - ssl->state = state; + ssl->internal->state = state; } void diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 6da2ce3fab0..1aac55f101e 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.159 2017/01/23 08:08:06 beck Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.160 2017/01/23 08:48:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -723,6 +723,10 @@ typedef struct ssl_internal_st { int renegotiate;/* 1 if we are renegotiating. * 2 if we are a server and are inside a handshake * (i.e. not just sending a HelloRequest) */ + + int state; /* where we are */ + int rstate; /* where we are when reading */ + } SSL_INTERNAL; typedef struct ssl3_state_internal_st { diff --git a/lib/libssl/ssl_stat.c b/lib/libssl/ssl_stat.c index 6d67d19c253..4f93781f721 100644 --- a/lib/libssl/ssl_stat.c +++ b/lib/libssl/ssl_stat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_stat.c,v 1.12 2014/11/16 14:12:47 jsing Exp $ */ +/* $OpenBSD: ssl_stat.c,v 1.13 2017/01/23 08:48:45 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -91,7 +91,7 @@ SSL_state_string_long(const SSL *s) { const char *str; - switch (s->state) { + switch (s->internal->state) { case SSL_ST_BEFORE: str = "before SSL initialization"; break; @@ -325,7 +325,7 @@ SSL_rstate_string_long(const SSL *s) { const char *str; - switch (s->rstate) { + switch (s->internal->rstate) { case SSL_ST_READ_HEADER: str = "read header"; break; @@ -347,7 +347,7 @@ SSL_state_string(const SSL *s) { const char *str; - switch (s->state) { + switch (s->internal->state) { case SSL_ST_BEFORE: str = "PINIT "; break; @@ -783,7 +783,7 @@ SSL_rstate_string(const SSL *s) { const char *str; - switch (s->rstate) { + switch (s->internal->rstate) { case SSL_ST_READ_HEADER: str = "RH"; break; diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index f0a9ed5dc14..fb01bfcfac2 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.103 2017/01/23 06:45:30 beck Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.104 2017/01/23 08:48:45 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -924,7 +924,7 @@ skip_ext: * includes the 5-byte record header in the buffer, while the * code in s3_clnt.c does not. */ - if (s->state == SSL23_ST_CW_CLNT_HELLO_A) + if (s->internal->state == SSL23_ST_CW_CLNT_HELLO_A) hlen -= 5; if (hlen > 0xff && hlen < 0x200) { hlen = 0x200 - hlen; |