diff options
| author | jsing <> | 2017-01-22 09:02:07 +0000 | 
|---|---|---|
| committer | jsing <> | 2017-01-22 09:02:07 +0000 | 
| commit | bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1 (patch) | |
| tree | 74edac7239262d369a6f63b69bea3291a4184000 | |
| parent | d549b46158cee11991715ad9f53e1adaa39d2280 (diff) | |
| download | openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.gz openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.bz2 openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.zip | |
Move most of the SSL3_STATE fields to internal - the ones that remain are
known to be used by ports.
ok beck@
| -rw-r--r-- | src/lib/libssl/d1_both.c | 36 | ||||
| -rw-r--r-- | src/lib/libssl/d1_clnt.c | 40 | ||||
| -rw-r--r-- | src/lib/libssl/d1_enc.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 92 | ||||
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 40 | ||||
| -rw-r--r-- | src/lib/libssl/s23_srvr.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/s3_both.c | 64 | ||||
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 112 | ||||
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 110 | ||||
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 148 | ||||
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 152 | ||||
| -rw-r--r-- | src/lib/libssl/ssl3.h | 117 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_cert.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 32 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 120 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 152 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 78 | ||||
| -rw-r--r-- | src/lib/libssl/t1_reneg.c | 60 | 
18 files changed, 690 insertions, 681 deletions
| diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index d83df1c9a0..2ee4a7ffcf 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_both.c,v 1.41 2017/01/22 07:16:38 beck Exp $ */ | 1 | /* $OpenBSD: d1_both.c,v 1.42 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu | 
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 
| @@ -403,12 +403,12 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 403 | unsigned long msg_len; | 403 | unsigned long msg_len; | 
| 404 | 404 | ||
| 405 | /* | 405 | /* | 
| 406 | * s3->tmp is used to store messages that are unexpected, caused | 406 | * s3->internal->tmp is used to store messages that are unexpected, caused | 
| 407 | * by the absence of an optional handshake message | 407 | * by the absence of an optional handshake message | 
| 408 | */ | 408 | */ | 
| 409 | if (s->s3->tmp.reuse_message) { | 409 | if (S3I(s)->tmp.reuse_message) { | 
| 410 | s->s3->tmp.reuse_message = 0; | 410 | S3I(s)->tmp.reuse_message = 0; | 
| 411 | if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { | 411 | if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { | 
| 412 | al = SSL_AD_UNEXPECTED_MESSAGE; | 412 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| 413 | SSLerr(SSL_F_DTLS1_GET_MESSAGE, | 413 | SSLerr(SSL_F_DTLS1_GET_MESSAGE, | 
| 414 | SSL_R_UNEXPECTED_MESSAGE); | 414 | SSL_R_UNEXPECTED_MESSAGE); | 
| @@ -416,7 +416,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 416 | } | 416 | } | 
| 417 | *ok = 1; | 417 | *ok = 1; | 
| 418 | s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; | 418 | s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; | 
| 419 | s->init_num = (int)s->s3->tmp.message_size; | 419 | s->init_num = (int)S3I(s)->tmp.message_size; | 
| 420 | return s->init_num; | 420 | return s->init_num; | 
| 421 | } | 421 | } | 
| 422 | 422 | ||
| @@ -499,9 +499,9 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) | |||
| 499 | return SSL_AD_INTERNAL_ERROR; | 499 | return SSL_AD_INTERNAL_ERROR; | 
| 500 | } | 500 | } | 
| 501 | 501 | ||
| 502 | s->s3->tmp.message_size = msg_len; | 502 | S3I(s)->tmp.message_size = msg_len; | 
| 503 | D1I(s)->r_msg_hdr.msg_len = msg_len; | 503 | D1I(s)->r_msg_hdr.msg_len = msg_len; | 
| 504 | s->s3->tmp.message_type = msg_hdr->type; | 504 | S3I(s)->tmp.message_type = msg_hdr->type; | 
| 505 | D1I(s)->r_msg_hdr.type = msg_hdr->type; | 505 | D1I(s)->r_msg_hdr.type = msg_hdr->type; | 
| 506 | D1I(s)->r_msg_hdr.seq = msg_hdr->seq; | 506 | D1I(s)->r_msg_hdr.seq = msg_hdr->seq; | 
| 507 | } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { | 507 | } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { | 
| @@ -905,8 +905,8 @@ f_err: | |||
| 905 | /* | 905 | /* | 
| 906 | * for these 2 messages, we need to | 906 | * for these 2 messages, we need to | 
| 907 | * ssl->enc_read_ctx re-init | 907 | * ssl->enc_read_ctx re-init | 
| 908 | * ssl->s3->read_sequence zero | 908 | * ssl->s3->internal->read_sequence zero | 
| 909 | * ssl->s3->read_mac_secret re-init | 909 | * ssl->s3->internal->read_mac_secret re-init | 
| 910 | * ssl->session->read_sym_enc assign | 910 | * ssl->session->read_sym_enc assign | 
| 911 | * ssl->session->read_hash assign | 911 | * ssl->session->read_hash assign | 
| 912 | */ | 912 | */ | 
| @@ -1132,10 +1132,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | |||
| 1132 | 1132 | ||
| 1133 | if (frag->msg_header.saved_retransmit_state.epoch == | 1133 | if (frag->msg_header.saved_retransmit_state.epoch == | 
| 1134 | saved_state.epoch - 1) { | 1134 | saved_state.epoch - 1) { | 
| 1135 | memcpy(save_write_sequence, s->s3->write_sequence, | 1135 | memcpy(save_write_sequence, S3I(s)->write_sequence, | 
| 1136 | sizeof(s->s3->write_sequence)); | 1136 | sizeof(S3I(s)->write_sequence)); | 
| 1137 | memcpy(s->s3->write_sequence, D1I(s)->last_write_sequence, | 1137 | memcpy(S3I(s)->write_sequence, D1I(s)->last_write_sequence, | 
| 1138 | sizeof(s->s3->write_sequence)); | 1138 | sizeof(S3I(s)->write_sequence)); | 
| 1139 | } | 1139 | } | 
| 1140 | 1140 | ||
| 1141 | ret = dtls1_do_write(s, frag->msg_header.is_ccs ? | 1141 | ret = dtls1_do_write(s, frag->msg_header.is_ccs ? | 
| @@ -1149,10 +1149,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | |||
| 1149 | 1149 | ||
| 1150 | if (frag->msg_header.saved_retransmit_state.epoch == | 1150 | if (frag->msg_header.saved_retransmit_state.epoch == | 
| 1151 | saved_state.epoch - 1) { | 1151 | saved_state.epoch - 1) { | 
| 1152 | memcpy(D1I(s)->last_write_sequence, s->s3->write_sequence, | 1152 | memcpy(D1I(s)->last_write_sequence, S3I(s)->write_sequence, | 
| 1153 | sizeof(s->s3->write_sequence)); | 1153 | sizeof(S3I(s)->write_sequence)); | 
| 1154 | memcpy(s->s3->write_sequence, save_write_sequence, | 1154 | memcpy(S3I(s)->write_sequence, save_write_sequence, | 
| 1155 | sizeof(s->s3->write_sequence)); | 1155 | sizeof(S3I(s)->write_sequence)); | 
| 1156 | } | 1156 | } | 
| 1157 | 1157 | ||
| 1158 | D1I(s)->retransmitting = 0; | 1158 | D1I(s)->retransmitting = 0; | 
| diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index d4b8031150..af3196ff17 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_clnt.c,v 1.61 2017/01/22 07:16:38 beck Exp $ */ | 1 | /* $OpenBSD: d1_clnt.c,v 1.62 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu | 
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 
| @@ -270,7 +270,7 @@ dtls1_connect(SSL *s) | |||
| 270 | 270 | ||
| 271 | if (D1I(s)->send_cookie) { | 271 | if (D1I(s)->send_cookie) { | 
| 272 | s->state = SSL3_ST_CW_FLUSH; | 272 | s->state = SSL3_ST_CW_FLUSH; | 
| 273 | s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A; | 273 | S3I(s)->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A; | 
| 274 | } else | 274 | } else | 
| 275 | s->state = SSL3_ST_CR_SRVR_HELLO_A; | 275 | s->state = SSL3_ST_CR_SRVR_HELLO_A; | 
| 276 | 276 | ||
| @@ -326,7 +326,7 @@ dtls1_connect(SSL *s) | |||
| 326 | break; | 326 | break; | 
| 327 | } | 327 | } | 
| 328 | /* Check if it is anon DH. */ | 328 | /* Check if it is anon DH. */ | 
| 329 | if (!(s->s3->tmp.new_cipher->algorithm_auth & | 329 | if (!(S3I(s)->tmp.new_cipher->algorithm_auth & | 
| 330 | SSL_aNULL)) { | 330 | SSL_aNULL)) { | 
| 331 | ret = ssl3_get_server_certificate(s); | 331 | ret = ssl3_get_server_certificate(s); | 
| 332 | if (ret <= 0) | 332 | if (ret <= 0) | 
| @@ -373,12 +373,12 @@ dtls1_connect(SSL *s) | |||
| 373 | if (ret <= 0) | 373 | if (ret <= 0) | 
| 374 | goto end; | 374 | goto end; | 
| 375 | dtls1_stop_timer(s); | 375 | dtls1_stop_timer(s); | 
| 376 | if (s->s3->tmp.cert_req) | 376 | if (S3I(s)->tmp.cert_req) | 
| 377 | s->s3->tmp.next_state = SSL3_ST_CW_CERT_A; | 377 | S3I(s)->tmp.next_state = SSL3_ST_CW_CERT_A; | 
| 378 | else | 378 | else | 
| 379 | s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; | 379 | S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; | 
| 380 | s->init_num = 0; | 380 | s->init_num = 0; | 
| 381 | s->state = s->s3->tmp.next_state; | 381 | s->state = S3I(s)->tmp.next_state; | 
| 382 | break; | 382 | break; | 
| 383 | 383 | ||
| 384 | case SSL3_ST_CW_CERT_A: | 384 | case SSL3_ST_CW_CERT_A: | 
| @@ -404,11 +404,11 @@ dtls1_connect(SSL *s) | |||
| 404 | * sent back */ | 404 | * sent back */ | 
| 405 | /* For TLS, cert_req is set to 2, so a cert chain | 405 | /* For TLS, cert_req is set to 2, so a cert chain | 
| 406 | * of nothing is sent, but no verify packet is sent */ | 406 | * of nothing is sent, but no verify packet is sent */ | 
| 407 | if (s->s3->tmp.cert_req == 1) { | 407 | if (S3I(s)->tmp.cert_req == 1) { | 
| 408 | s->state = SSL3_ST_CW_CERT_VRFY_A; | 408 | s->state = SSL3_ST_CW_CERT_VRFY_A; | 
| 409 | } else { | 409 | } else { | 
| 410 | s->state = SSL3_ST_CW_CHANGE_A; | 410 | s->state = SSL3_ST_CW_CHANGE_A; | 
| 411 | s->s3->change_cipher_spec = 0; | 411 | S3I(s)->change_cipher_spec = 0; | 
| 412 | } | 412 | } | 
| 413 | 413 | ||
| 414 | s->init_num = 0; | 414 | s->init_num = 0; | 
| @@ -422,7 +422,7 @@ dtls1_connect(SSL *s) | |||
| 422 | goto end; | 422 | goto end; | 
| 423 | s->state = SSL3_ST_CW_CHANGE_A; | 423 | s->state = SSL3_ST_CW_CHANGE_A; | 
| 424 | s->init_num = 0; | 424 | s->init_num = 0; | 
| 425 | s->s3->change_cipher_spec = 0; | 425 | S3I(s)->change_cipher_spec = 0; | 
| 426 | break; | 426 | break; | 
| 427 | 427 | ||
| 428 | case SSL3_ST_CW_CHANGE_A: | 428 | case SSL3_ST_CW_CHANGE_A: | 
| @@ -437,7 +437,7 @@ dtls1_connect(SSL *s) | |||
| 437 | s->state = SSL3_ST_CW_FINISHED_A; | 437 | s->state = SSL3_ST_CW_FINISHED_A; | 
| 438 | s->init_num = 0; | 438 | s->init_num = 0; | 
| 439 | 439 | ||
| 440 | s->session->cipher = s->s3->tmp.new_cipher; | 440 | s->session->cipher = S3I(s)->tmp.new_cipher; | 
| 441 | if (!s->method->ssl3_enc->setup_key_block(s)) { | 441 | if (!s->method->ssl3_enc->setup_key_block(s)) { | 
| 442 | ret = -1; | 442 | ret = -1; | 
| 443 | goto end; | 443 | goto end; | 
| @@ -468,20 +468,20 @@ dtls1_connect(SSL *s) | |||
| 468 | /* clear flags */ | 468 | /* clear flags */ | 
| 469 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | 469 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | 
| 470 | if (s->hit) { | 470 | if (s->hit) { | 
| 471 | s->s3->tmp.next_state = SSL_ST_OK; | 471 | S3I(s)->tmp.next_state = SSL_ST_OK; | 
| 472 | if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { | 472 | if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { | 
| 473 | s->state = SSL_ST_OK; | 473 | s->state = SSL_ST_OK; | 
| 474 | s->s3->flags |= SSL3_FLAGS_POP_BUFFER; | 474 | s->s3->flags |= SSL3_FLAGS_POP_BUFFER; | 
| 475 | s->s3->delay_buf_pop_ret = 0; | 475 | S3I(s)->delay_buf_pop_ret = 0; | 
| 476 | } | 476 | } | 
| 477 | } else { | 477 | } else { | 
| 478 | 478 | ||
| 479 | /* Allow NewSessionTicket if ticket expected */ | 479 | /* Allow NewSessionTicket if ticket expected */ | 
| 480 | if (s->tlsext_ticket_expected) | 480 | if (s->tlsext_ticket_expected) | 
| 481 | s->s3->tmp.next_state = | 481 | S3I(s)->tmp.next_state = | 
| 482 | SSL3_ST_CR_SESSION_TICKET_A; | 482 | SSL3_ST_CR_SESSION_TICKET_A; | 
| 483 | else | 483 | else | 
| 484 | s->s3->tmp.next_state = | 484 | S3I(s)->tmp.next_state = | 
| 485 | SSL3_ST_CR_FINISHED_A; | 485 | SSL3_ST_CR_FINISHED_A; | 
| 486 | } | 486 | } | 
| 487 | s->init_num = 0; | 487 | s->init_num = 0; | 
| @@ -529,14 +529,14 @@ dtls1_connect(SSL *s) | |||
| 529 | /* If the write error was fatal, stop trying */ | 529 | /* If the write error was fatal, stop trying */ | 
| 530 | if (!BIO_should_retry(s->wbio)) { | 530 | if (!BIO_should_retry(s->wbio)) { | 
| 531 | s->rwstate = SSL_NOTHING; | 531 | s->rwstate = SSL_NOTHING; | 
| 532 | s->state = s->s3->tmp.next_state; | 532 | s->state = S3I(s)->tmp.next_state; | 
| 533 | } | 533 | } | 
| 534 | 534 | ||
| 535 | ret = -1; | 535 | ret = -1; | 
| 536 | goto end; | 536 | goto end; | 
| 537 | } | 537 | } | 
| 538 | s->rwstate = SSL_NOTHING; | 538 | s->rwstate = SSL_NOTHING; | 
| 539 | s->state = s->s3->tmp.next_state; | 539 | s->state = S3I(s)->tmp.next_state; | 
| 540 | break; | 540 | break; | 
| 541 | 541 | ||
| 542 | case SSL_ST_OK: | 542 | case SSL_ST_OK: | 
| @@ -579,7 +579,7 @@ dtls1_connect(SSL *s) | |||
| 579 | } | 579 | } | 
| 580 | 580 | ||
| 581 | /* did we do anything */ | 581 | /* did we do anything */ | 
| 582 | if (!s->s3->tmp.reuse_message && !skip) { | 582 | if (!S3I(s)->tmp.reuse_message && !skip) { | 
| 583 | if (s->debug) { | 583 | if (s->debug) { | 
| 584 | if ((ret = BIO_flush(s->wbio)) <= 0) | 584 | if ((ret = BIO_flush(s->wbio)) <= 0) | 
| 585 | goto end; | 585 | goto end; | 
| @@ -618,9 +618,9 @@ dtls1_get_hello_verify(SSL *s) | |||
| 618 | if (!ok) | 618 | if (!ok) | 
| 619 | return ((int)n); | 619 | return ((int)n); | 
| 620 | 620 | ||
| 621 | if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { | 621 | if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { | 
| 622 | D1I(s)->send_cookie = 0; | 622 | D1I(s)->send_cookie = 0; | 
| 623 | s->s3->tmp.reuse_message = 1; | 623 | S3I(s)->tmp.reuse_message = 1; | 
| 624 | return (1); | 624 | return (1); | 
| 625 | } | 625 | } | 
| 626 | 626 | ||
| diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c index 8445ceb10f..4b13e094fe 100644 --- a/src/lib/libssl/d1_enc.c +++ b/src/lib/libssl/d1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_enc.c,v 1.11 2016/03/06 14:52:15 beck Exp $ */ | 1 | /* $OpenBSD: d1_enc.c,v 1.12 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu | 
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 
| @@ -145,7 +145,7 @@ dtls1_enc(SSL *s, int send) | |||
| 145 | return -1; | 145 | return -1; | 
| 146 | } | 146 | } | 
| 147 | ds = s->enc_write_ctx; | 147 | ds = s->enc_write_ctx; | 
| 148 | rec = &(s->s3->wrec); | 148 | rec = &(S3I(s)->wrec); | 
| 149 | if (s->enc_write_ctx == NULL) | 149 | if (s->enc_write_ctx == NULL) | 
| 150 | enc = NULL; | 150 | enc = NULL; | 
| 151 | else { | 151 | else { | 
| @@ -167,7 +167,7 @@ dtls1_enc(SSL *s, int send) | |||
| 167 | OPENSSL_assert(mac_size >= 0); | 167 | OPENSSL_assert(mac_size >= 0); | 
| 168 | } | 168 | } | 
| 169 | ds = s->enc_read_ctx; | 169 | ds = s->enc_read_ctx; | 
| 170 | rec = &(s->s3->rrec); | 170 | rec = &(S3I(s)->rrec); | 
| 171 | if (s->enc_read_ctx == NULL) | 171 | if (s->enc_read_ctx == NULL) | 
| 172 | enc = NULL; | 172 | enc = NULL; | 
| 173 | else | 173 | else | 
| diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index c44f8f0f58..315960b587 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.50 2017/01/22 07:16:39 beck Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.51 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu | 
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 
| @@ -205,10 +205,10 @@ dtls1_copy_record(SSL *s, pitem *item) | |||
| 205 | s->packet = rdata->packet; | 205 | s->packet = rdata->packet; | 
| 206 | s->packet_length = rdata->packet_length; | 206 | s->packet_length = rdata->packet_length; | 
| 207 | memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); | 207 | memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); | 
| 208 | memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); | 208 | memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); | 
| 209 | 209 | ||
| 210 | /* Set proper sequence number for mac calculation */ | 210 | /* Set proper sequence number for mac calculation */ | 
| 211 | memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); | 211 | memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6); | 
| 212 | 212 | ||
| 213 | return (1); | 213 | return (1); | 
| 214 | } | 214 | } | 
| @@ -232,7 +232,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) | |||
| 232 | rdata->packet = s->packet; | 232 | rdata->packet = s->packet; | 
| 233 | rdata->packet_length = s->packet_length; | 233 | rdata->packet_length = s->packet_length; | 
| 234 | memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); | 234 | memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); | 
| 235 | memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD)); | 235 | memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD)); | 
| 236 | 236 | ||
| 237 | item->data = rdata; | 237 | item->data = rdata; | 
| 238 | 238 | ||
| @@ -240,7 +240,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) | |||
| 240 | s->packet = NULL; | 240 | s->packet = NULL; | 
| 241 | s->packet_length = 0; | 241 | s->packet_length = 0; | 
| 242 | memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); | 242 | memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); | 
| 243 | memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); | 243 | memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD)); | 
| 244 | 244 | ||
| 245 | if (!ssl3_setup_buffers(s)) | 245 | if (!ssl3_setup_buffers(s)) | 
| 246 | goto err; | 246 | goto err; | 
| @@ -310,7 +310,7 @@ dtls1_process_buffered_records(SSL *s) | |||
| 310 | if (! dtls1_process_record(s)) | 310 | if (! dtls1_process_record(s)) | 
| 311 | return (0); | 311 | return (0); | 
| 312 | if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds), | 312 | if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds), | 
| 313 | s->s3->rrec.seq_num) < 0) | 313 | S3I(s)->rrec.seq_num) < 0) | 
| 314 | return (-1); | 314 | return (-1); | 
| 315 | } | 315 | } | 
| 316 | } | 316 | } | 
| @@ -333,7 +333,7 @@ dtls1_process_record(SSL *s) | |||
| 333 | unsigned int mac_size, orig_len; | 333 | unsigned int mac_size, orig_len; | 
| 334 | unsigned char md[EVP_MAX_MD_SIZE]; | 334 | unsigned char md[EVP_MAX_MD_SIZE]; | 
| 335 | 335 | ||
| 336 | rr = &(s->s3->rrec); | 336 | rr = &(S3I(s)->rrec); | 
| 337 | sess = s->session; | 337 | sess = s->session; | 
| 338 | 338 | ||
| 339 | /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | 339 | /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | 
| @@ -439,10 +439,10 @@ dtls1_process_record(SSL *s) | |||
| 439 | 439 | ||
| 440 | rr->off = 0; | 440 | rr->off = 0; | 
| 441 | /* So at this point the following is true | 441 | /* So at this point the following is true | 
| 442 | * ssl->s3->rrec.type is the type of record | 442 | * ssl->s3->internal->rrec.type is the type of record | 
| 443 | * ssl->s3->rrec.length == number of bytes in record | 443 | * ssl->s3->internal->rrec.length == number of bytes in record | 
| 444 | * ssl->s3->rrec.off == offset to first valid byte | 444 | * ssl->s3->internal->rrec.off == offset to first valid byte | 
| 445 | * ssl->s3->rrec.data == where to take bytes from, increment | 445 | * ssl->s3->internal->rrec.data == where to take bytes from, increment | 
| 446 | * after use :-). | 446 | * after use :-). | 
| 447 | */ | 447 | */ | 
| 448 | 448 | ||
| @@ -461,9 +461,9 @@ err: | |||
| 461 | * It will return <= 0 if more data is needed, normally due to an error | 461 | * It will return <= 0 if more data is needed, normally due to an error | 
| 462 | * or non-blocking IO. | 462 | * or non-blocking IO. | 
| 463 | * When it finishes, one packet has been decoded and can be found in | 463 | * When it finishes, one packet has been decoded and can be found in | 
| 464 | * ssl->s3->rrec.type - is the type of record | 464 | * ssl->s3->internal->rrec.type - is the type of record | 
| 465 | * ssl->s3->rrec.data, - data | 465 | * ssl->s3->internal->rrec.data, - data | 
| 466 | * ssl->s3->rrec.length, - number of bytes | 466 | * ssl->s3->internal->rrec.length, - number of bytes | 
| 467 | */ | 467 | */ | 
| 468 | /* used only by dtls1_read_bytes */ | 468 | /* used only by dtls1_read_bytes */ | 
| 469 | int | 469 | int | 
| @@ -475,7 +475,7 @@ dtls1_get_record(SSL *s) | |||
| 475 | DTLS1_BITMAP *bitmap; | 475 | DTLS1_BITMAP *bitmap; | 
| 476 | unsigned int is_next_epoch; | 476 | unsigned int is_next_epoch; | 
| 477 | 477 | ||
| 478 | rr = &(s->s3->rrec); | 478 | rr = &(S3I(s)->rrec); | 
| 479 | 479 | ||
| 480 | /* The epoch may have changed. If so, process all the | 480 | /* The epoch may have changed. If so, process all the | 
| 481 | * pending records. This is a non-blocking operation. */ | 481 | * pending records. This is a non-blocking operation. */ | 
| @@ -525,8 +525,8 @@ again: | |||
| 525 | !CBS_get_bytes(&header, &seq_no, 6)) | 525 | !CBS_get_bytes(&header, &seq_no, 6)) | 
| 526 | goto again; | 526 | goto again; | 
| 527 | 527 | ||
| 528 | if (!CBS_write_bytes(&seq_no, &(s->s3->read_sequence[2]), | 528 | if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]), | 
| 529 | sizeof(s->s3->read_sequence) - 2, NULL)) | 529 | sizeof(S3I(s)->read_sequence) - 2, NULL)) | 
| 530 | goto again; | 530 | goto again; | 
| 531 | if (!CBS_get_u16(&header, &len)) | 531 | if (!CBS_get_u16(&header, &len)) | 
| 532 | goto again; | 532 | goto again; | 
| @@ -682,11 +682,11 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | |||
| 682 | start: | 682 | start: | 
| 683 | s->rwstate = SSL_NOTHING; | 683 | s->rwstate = SSL_NOTHING; | 
| 684 | 684 | ||
| 685 | /* s->s3->rrec.type - is the type of record | 685 | /* S3I(s)->rrec.type - is the type of record | 
| 686 | * s->s3->rrec.data, - data | 686 | * S3I(s)->rrec.data, - data | 
| 687 | * s->s3->rrec.off, - offset into 'data' for next read | 687 | * S3I(s)->rrec.off, - offset into 'data' for next read | 
| 688 | * s->s3->rrec.length, - number of bytes. */ | 688 | * S3I(s)->rrec.length, - number of bytes. */ | 
| 689 | rr = &(s->s3->rrec); | 689 | rr = &(S3I(s)->rrec); | 
| 690 | 690 | ||
| 691 | /* We are not handshaking and have no data yet, | 691 | /* We are not handshaking and have no data yet, | 
| 692 | * so process data buffered during the last handshake | 692 | * so process data buffered during the last handshake | 
| @@ -728,7 +728,7 @@ start: | |||
| 728 | 728 | ||
| 729 | /* we now have a packet which can be read and processed */ | 729 | /* we now have a packet which can be read and processed */ | 
| 730 | 730 | ||
| 731 | if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, | 731 | if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec, | 
| 732 | * reset by ssl3_get_finished */ | 732 | * reset by ssl3_get_finished */ | 
| 733 | && (rr->type != SSL3_RT_HANDSHAKE)) { | 733 | && (rr->type != SSL3_RT_HANDSHAKE)) { | 
| 734 | /* We now have application data between CCS and Finished. | 734 | /* We now have application data between CCS and Finished. | 
| @@ -814,7 +814,7 @@ start: | |||
| 814 | */ | 814 | */ | 
| 815 | if (rr->type == SSL3_RT_APPLICATION_DATA) { | 815 | if (rr->type == SSL3_RT_APPLICATION_DATA) { | 
| 816 | BIO *bio; | 816 | BIO *bio; | 
| 817 | s->s3->in_read_app_data = 2; | 817 | S3I(s)->in_read_app_data = 2; | 
| 818 | bio = SSL_get_rbio(s); | 818 | bio = SSL_get_rbio(s); | 
| 819 | s->rwstate = SSL_READING; | 819 | s->rwstate = SSL_READING; | 
| 820 | BIO_clear_retry_flags(bio); | 820 | BIO_clear_retry_flags(bio); | 
| @@ -881,7 +881,7 @@ start: | |||
| 881 | 881 | ||
| 882 | if (SSL_is_init_finished(s) && | 882 | if (SSL_is_init_finished(s) && | 
| 883 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 883 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 
| 884 | !s->s3->renegotiate) { | 884 | !S3I(s)->renegotiate) { | 
| 885 | D1I(s)->handshake_read_seq++; | 885 | D1I(s)->handshake_read_seq++; | 
| 886 | s->new_session = 1; | 886 | s->new_session = 1; | 
| 887 | ssl3_renegotiate(s); | 887 | ssl3_renegotiate(s); | 
| @@ -938,7 +938,7 @@ start: | |||
| 938 | 938 | ||
| 939 | if (alert_level == 1) /* warning */ | 939 | if (alert_level == 1) /* warning */ | 
| 940 | { | 940 | { | 
| 941 | s->s3->warn_alert = alert_descr; | 941 | S3I(s)->warn_alert = alert_descr; | 
| 942 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) { | 942 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) { | 
| 943 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | 943 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | 
| 944 | return (0); | 944 | return (0); | 
| @@ -946,7 +946,7 @@ start: | |||
| 946 | } else if (alert_level == 2) /* fatal */ | 946 | } else if (alert_level == 2) /* fatal */ | 
| 947 | { | 947 | { | 
| 948 | s->rwstate = SSL_NOTHING; | 948 | s->rwstate = SSL_NOTHING; | 
| 949 | s->s3->fatal_alert = alert_descr; | 949 | S3I(s)->fatal_alert = alert_descr; | 
| 950 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); | 950 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); | 
| 951 | ERR_asprintf_error_data("SSL alert number %d", | 951 | ERR_asprintf_error_data("SSL alert number %d", | 
| 952 | alert_descr); | 952 | alert_descr); | 
| @@ -1000,7 +1000,7 @@ start: | |||
| 1000 | 1000 | ||
| 1001 | D1I(s)->change_cipher_spec_ok = 0; | 1001 | D1I(s)->change_cipher_spec_ok = 0; | 
| 1002 | 1002 | ||
| 1003 | s->s3->change_cipher_spec = 1; | 1003 | S3I(s)->change_cipher_spec = 1; | 
| 1004 | if (!ssl3_do_change_cipher_spec(s)) | 1004 | if (!ssl3_do_change_cipher_spec(s)) | 
| 1005 | goto err; | 1005 | goto err; | 
| 1006 | 1006 | ||
| @@ -1094,15 +1094,15 @@ start: | |||
| 1094 | * at this point (session renegotiation not yet started), | 1094 | * at this point (session renegotiation not yet started), | 
| 1095 | * we will indulge it. | 1095 | * we will indulge it. | 
| 1096 | */ | 1096 | */ | 
| 1097 | if (s->s3->in_read_app_data && | 1097 | if (S3I(s)->in_read_app_data && | 
| 1098 | (s->s3->total_renegotiations != 0) && | 1098 | (S3I(s)->total_renegotiations != 0) && | 
| 1099 | (((s->state & SSL_ST_CONNECT) && | 1099 | (((s->state & SSL_ST_CONNECT) && | 
| 1100 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | 1100 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | 
| 1101 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( | 1101 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( | 
| 1102 | (s->state & SSL_ST_ACCEPT) && | 1102 | (s->state & SSL_ST_ACCEPT) && | 
| 1103 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | 1103 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | 
| 1104 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { | 1104 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { | 
| 1105 | s->s3->in_read_app_data = 2; | 1105 | S3I(s)->in_read_app_data = 2; | 
| 1106 | return (-1); | 1106 | return (-1); | 
| 1107 | } else { | 1107 | } else { | 
| 1108 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1108 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| @@ -1219,7 +1219,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 1219 | if (len == 0) | 1219 | if (len == 0) | 
| 1220 | return 0; | 1220 | return 0; | 
| 1221 | 1221 | ||
| 1222 | wr = &(s->s3->wrec); | 1222 | wr = &(S3I(s)->wrec); | 
| 1223 | wb = &(s->s3->wbuf); | 1223 | wb = &(s->s3->wbuf); | 
| 1224 | sess = s->session; | 1224 | sess = s->session; | 
| 1225 | 1225 | ||
| @@ -1313,7 +1313,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 1313 | s2n(D1I(s)->handshake_epoch, pseq); | 1313 | s2n(D1I(s)->handshake_epoch, pseq); | 
| 1314 | */ | 1314 | */ | 
| 1315 | 1315 | ||
| 1316 | memcpy(pseq, &(s->s3->write_sequence[2]), 6); | 1316 | memcpy(pseq, &(S3I(s)->write_sequence[2]), 6); | 
| 1317 | pseq += 6; | 1317 | pseq += 6; | 
| 1318 | s2n(wr->length, pseq); | 1318 | s2n(wr->length, pseq); | 
| 1319 | 1319 | ||
| @@ -1323,17 +1323,17 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 1323 | wr->type=type; /* not needed but helps for debugging */ | 1323 | wr->type=type; /* not needed but helps for debugging */ | 
| 1324 | wr->length += DTLS1_RT_HEADER_LENGTH; | 1324 | wr->length += DTLS1_RT_HEADER_LENGTH; | 
| 1325 | 1325 | ||
| 1326 | tls1_record_sequence_increment(s->s3->write_sequence); | 1326 | tls1_record_sequence_increment(S3I(s)->write_sequence); | 
| 1327 | 1327 | ||
| 1328 | /* now let's set up wb */ | 1328 | /* now let's set up wb */ | 
| 1329 | wb->left = prefix_len + wr->length; | 1329 | wb->left = prefix_len + wr->length; | 
| 1330 | wb->offset = 0; | 1330 | wb->offset = 0; | 
| 1331 | 1331 | ||
| 1332 | /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ | 1332 | /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ | 
| 1333 | s->s3->wpend_tot = len; | 1333 | S3I(s)->wpend_tot = len; | 
| 1334 | s->s3->wpend_buf = buf; | 1334 | S3I(s)->wpend_buf = buf; | 
| 1335 | s->s3->wpend_type = type; | 1335 | S3I(s)->wpend_type = type; | 
| 1336 | s->s3->wpend_ret = len; | 1336 | S3I(s)->wpend_ret = len; | 
| 1337 | 1337 | ||
| 1338 | /* we now just need to write the buffer */ | 1338 | /* we now just need to write the buffer */ | 
| 1339 | return ssl3_write_pending(s, type, buf, len); | 1339 | return ssl3_write_pending(s, type, buf, len); | 
| @@ -1348,11 +1348,11 @@ dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) | |||
| 1348 | { | 1348 | { | 
| 1349 | int cmp; | 1349 | int cmp; | 
| 1350 | unsigned int shift; | 1350 | unsigned int shift; | 
| 1351 | const unsigned char *seq = s->s3->read_sequence; | 1351 | const unsigned char *seq = S3I(s)->read_sequence; | 
| 1352 | 1352 | ||
| 1353 | cmp = satsub64be(seq, bitmap->max_seq_num); | 1353 | cmp = satsub64be(seq, bitmap->max_seq_num); | 
| 1354 | if (cmp > 0) { | 1354 | if (cmp > 0) { | 
| 1355 | memcpy (s->s3->rrec.seq_num, seq, 8); | 1355 | memcpy (S3I(s)->rrec.seq_num, seq, 8); | 
| 1356 | return 1; /* this record in new */ | 1356 | return 1; /* this record in new */ | 
| 1357 | } | 1357 | } | 
| 1358 | shift = -cmp; | 1358 | shift = -cmp; | 
| @@ -1361,7 +1361,7 @@ dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) | |||
| 1361 | else if (bitmap->map & (1UL << shift)) | 1361 | else if (bitmap->map & (1UL << shift)) | 
| 1362 | return 0; /* record previously received */ | 1362 | return 0; /* record previously received */ | 
| 1363 | 1363 | ||
| 1364 | memcpy(s->s3->rrec.seq_num, seq, 8); | 1364 | memcpy(S3I(s)->rrec.seq_num, seq, 8); | 
| 1365 | return 1; | 1365 | return 1; | 
| 1366 | } | 1366 | } | 
| 1367 | 1367 | ||
| @@ -1371,7 +1371,7 @@ dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) | |||
| 1371 | { | 1371 | { | 
| 1372 | int cmp; | 1372 | int cmp; | 
| 1373 | unsigned int shift; | 1373 | unsigned int shift; | 
| 1374 | const unsigned char *seq = s->s3->read_sequence; | 1374 | const unsigned char *seq = S3I(s)->read_sequence; | 
| 1375 | 1375 | ||
| 1376 | cmp = satsub64be(seq, bitmap->max_seq_num); | 1376 | cmp = satsub64be(seq, bitmap->max_seq_num); | 
| 1377 | if (cmp > 0) { | 1377 | if (cmp > 0) { | 
| @@ -1464,16 +1464,16 @@ void | |||
| 1464 | dtls1_reset_seq_numbers(SSL *s, int rw) | 1464 | dtls1_reset_seq_numbers(SSL *s, int rw) | 
| 1465 | { | 1465 | { | 
| 1466 | unsigned char *seq; | 1466 | unsigned char *seq; | 
| 1467 | unsigned int seq_bytes = sizeof(s->s3->read_sequence); | 1467 | unsigned int seq_bytes = sizeof(S3I(s)->read_sequence); | 
| 1468 | 1468 | ||
| 1469 | if (rw & SSL3_CC_READ) { | 1469 | if (rw & SSL3_CC_READ) { | 
| 1470 | seq = s->s3->read_sequence; | 1470 | seq = S3I(s)->read_sequence; | 
| 1471 | D1I(s)->r_epoch++; | 1471 | D1I(s)->r_epoch++; | 
| 1472 | memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP)); | 1472 | memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP)); | 
| 1473 | memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); | 1473 | memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); | 
| 1474 | } else { | 1474 | } else { | 
| 1475 | seq = s->s3->write_sequence; | 1475 | seq = S3I(s)->write_sequence; | 
| 1476 | memcpy(D1I(s)->last_write_sequence, seq, sizeof(s->s3->write_sequence)); | 1476 | memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write_sequence)); | 
| 1477 | D1I(s)->w_epoch++; | 1477 | D1I(s)->w_epoch++; | 
| 1478 | } | 1478 | } | 
| 1479 | 1479 | ||
| diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 6990e39f60..8722c1690d 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.71 2017/01/22 07:16:39 beck Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.72 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu | 
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 
| @@ -278,7 +278,7 @@ dtls1_accept(SSL *s) | |||
| 278 | ret = ssl3_send_hello_request(s); | 278 | ret = ssl3_send_hello_request(s); | 
| 279 | if (ret <= 0) | 279 | if (ret <= 0) | 
| 280 | goto end; | 280 | goto end; | 
| 281 | s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; | 281 | S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; | 
| 282 | s->state = SSL3_ST_SW_FLUSH; | 282 | s->state = SSL3_ST_SW_FLUSH; | 
| 283 | s->init_num = 0; | 283 | s->init_num = 0; | 
| 284 | 284 | ||
| @@ -311,7 +311,7 @@ dtls1_accept(SSL *s) | |||
| 311 | 311 | ||
| 312 | /* Reflect ClientHello sequence to remain stateless while listening */ | 312 | /* Reflect ClientHello sequence to remain stateless while listening */ | 
| 313 | if (listen) { | 313 | if (listen) { | 
| 314 | memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); | 314 | memcpy(S3I(s)->write_sequence, S3I(s)->read_sequence, sizeof(S3I(s)->write_sequence)); | 
| 315 | } | 315 | } | 
| 316 | 316 | ||
| 317 | /* If we're just listening, stop here */ | 317 | /* If we're just listening, stop here */ | 
| @@ -336,7 +336,7 @@ dtls1_accept(SSL *s) | |||
| 336 | if (ret <= 0) | 336 | if (ret <= 0) | 
| 337 | goto end; | 337 | goto end; | 
| 338 | s->state = SSL3_ST_SW_FLUSH; | 338 | s->state = SSL3_ST_SW_FLUSH; | 
| 339 | s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; | 339 | S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; | 
| 340 | 340 | ||
| 341 | /* HelloVerifyRequest resets Finished MAC */ | 341 | /* HelloVerifyRequest resets Finished MAC */ | 
| 342 | if (!tls1_init_finished_mac(s)) { | 342 | if (!tls1_init_finished_mac(s)) { | 
| @@ -367,7 +367,7 @@ dtls1_accept(SSL *s) | |||
| 367 | case SSL3_ST_SW_CERT_A: | 367 | case SSL3_ST_SW_CERT_A: | 
| 368 | case SSL3_ST_SW_CERT_B: | 368 | case SSL3_ST_SW_CERT_B: | 
| 369 | /* Check if it is anon DH. */ | 369 | /* Check if it is anon DH. */ | 
| 370 | if (!(s->s3->tmp.new_cipher->algorithm_auth & | 370 | if (!(S3I(s)->tmp.new_cipher->algorithm_auth & | 
| 371 | SSL_aNULL)) { | 371 | SSL_aNULL)) { | 
| 372 | dtls1_start_timer(s); | 372 | dtls1_start_timer(s); | 
| 373 | ret = ssl3_send_server_certificate(s); | 373 | ret = ssl3_send_server_certificate(s); | 
| @@ -386,7 +386,7 @@ dtls1_accept(SSL *s) | |||
| 386 | 386 | ||
| 387 | case SSL3_ST_SW_KEY_EXCH_A: | 387 | case SSL3_ST_SW_KEY_EXCH_A: | 
| 388 | case SSL3_ST_SW_KEY_EXCH_B: | 388 | case SSL3_ST_SW_KEY_EXCH_B: | 
| 389 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 389 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 390 | 390 | ||
| 391 | /* Only send if using a DH key exchange. */ | 391 | /* Only send if using a DH key exchange. */ | 
| 392 | if (alg_k & (SSL_kDHE|SSL_kECDHE)) { | 392 | if (alg_k & (SSL_kDHE|SSL_kECDHE)) { | 
| @@ -423,15 +423,15 @@ dtls1_accept(SSL *s) | |||
| 423 | if (!(s->verify_mode & SSL_VERIFY_PEER) || | 423 | if (!(s->verify_mode & SSL_VERIFY_PEER) || | 
| 424 | ((s->session->peer != NULL) && | 424 | ((s->session->peer != NULL) && | 
| 425 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | 425 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | 
| 426 | ((s->s3->tmp.new_cipher->algorithm_auth & | 426 | ((S3I(s)->tmp.new_cipher->algorithm_auth & | 
| 427 | SSL_aNULL) && !(s->verify_mode & | 427 | SSL_aNULL) && !(s->verify_mode & | 
| 428 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { | 428 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { | 
| 429 | /* no cert request */ | 429 | /* no cert request */ | 
| 430 | skip = 1; | 430 | skip = 1; | 
| 431 | s->s3->tmp.cert_request = 0; | 431 | S3I(s)->tmp.cert_request = 0; | 
| 432 | s->state = SSL3_ST_SW_SRVR_DONE_A; | 432 | s->state = SSL3_ST_SW_SRVR_DONE_A; | 
| 433 | } else { | 433 | } else { | 
| 434 | s->s3->tmp.cert_request = 1; | 434 | S3I(s)->tmp.cert_request = 1; | 
| 435 | dtls1_start_timer(s); | 435 | dtls1_start_timer(s); | 
| 436 | ret = ssl3_send_certificate_request(s); | 436 | ret = ssl3_send_certificate_request(s); | 
| 437 | if (ret <= 0) | 437 | if (ret <= 0) | 
| @@ -447,7 +447,7 @@ dtls1_accept(SSL *s) | |||
| 447 | ret = ssl3_send_server_done(s); | 447 | ret = ssl3_send_server_done(s); | 
| 448 | if (ret <= 0) | 448 | if (ret <= 0) | 
| 449 | goto end; | 449 | goto end; | 
| 450 | s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; | 450 | S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; | 
| 451 | s->state = SSL3_ST_SW_FLUSH; | 451 | s->state = SSL3_ST_SW_FLUSH; | 
| 452 | s->init_num = 0; | 452 | s->init_num = 0; | 
| 453 | break; | 453 | break; | 
| @@ -458,19 +458,19 @@ dtls1_accept(SSL *s) | |||
| 458 | /* If the write error was fatal, stop trying */ | 458 | /* If the write error was fatal, stop trying */ | 
| 459 | if (!BIO_should_retry(s->wbio)) { | 459 | if (!BIO_should_retry(s->wbio)) { | 
| 460 | s->rwstate = SSL_NOTHING; | 460 | s->rwstate = SSL_NOTHING; | 
| 461 | s->state = s->s3->tmp.next_state; | 461 | s->state = S3I(s)->tmp.next_state; | 
| 462 | } | 462 | } | 
| 463 | 463 | ||
| 464 | ret = -1; | 464 | ret = -1; | 
| 465 | goto end; | 465 | goto end; | 
| 466 | } | 466 | } | 
| 467 | s->rwstate = SSL_NOTHING; | 467 | s->rwstate = SSL_NOTHING; | 
| 468 | s->state = s->s3->tmp.next_state; | 468 | s->state = S3I(s)->tmp.next_state; | 
| 469 | break; | 469 | break; | 
| 470 | 470 | ||
| 471 | case SSL3_ST_SR_CERT_A: | 471 | case SSL3_ST_SR_CERT_A: | 
| 472 | case SSL3_ST_SR_CERT_B: | 472 | case SSL3_ST_SR_CERT_B: | 
| 473 | if (s->s3->tmp.cert_request) { | 473 | if (S3I(s)->tmp.cert_request) { | 
| 474 | ret = ssl3_get_client_certificate(s); | 474 | ret = ssl3_get_client_certificate(s); | 
| 475 | if (ret <= 0) | 475 | if (ret <= 0) | 
| 476 | goto end; | 476 | goto end; | 
| @@ -506,7 +506,7 @@ dtls1_accept(SSL *s) | |||
| 506 | * For sigalgs freeze the handshake buffer | 506 | * For sigalgs freeze the handshake buffer | 
| 507 | * at this point and digest cached records. | 507 | * at this point and digest cached records. | 
| 508 | */ | 508 | */ | 
| 509 | if (!s->s3->handshake_buffer) { | 509 | if (!S3I(s)->handshake_buffer) { | 
| 510 | SSLerr(SSL_F_SSL3_ACCEPT, | 510 | SSLerr(SSL_F_SSL3_ACCEPT, | 
| 511 | ERR_R_INTERNAL_ERROR); | 511 | ERR_R_INTERNAL_ERROR); | 
| 512 | ret = -1; | 512 | ret = -1; | 
| @@ -524,10 +524,10 @@ dtls1_accept(SSL *s) | |||
| 524 | /* We need to get hashes here so if there is | 524 | /* We need to get hashes here so if there is | 
| 525 | * a client cert, it can be verified */ | 525 | * a client cert, it can be verified */ | 
| 526 | s->method->ssl3_enc->cert_verify_mac(s, | 526 | s->method->ssl3_enc->cert_verify_mac(s, | 
| 527 | NID_md5, &(s->s3->tmp.cert_verify_md[0])); | 527 | NID_md5, &(S3I(s)->tmp.cert_verify_md[0])); | 
| 528 | s->method->ssl3_enc->cert_verify_mac(s, | 528 | s->method->ssl3_enc->cert_verify_mac(s, | 
| 529 | NID_sha1, | 529 | NID_sha1, | 
| 530 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); | 530 | &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); | 
| 531 | } | 531 | } | 
| 532 | break; | 532 | break; | 
| 533 | 533 | ||
| @@ -582,7 +582,7 @@ dtls1_accept(SSL *s) | |||
| 582 | case SSL3_ST_SW_CHANGE_A: | 582 | case SSL3_ST_SW_CHANGE_A: | 
| 583 | case SSL3_ST_SW_CHANGE_B: | 583 | case SSL3_ST_SW_CHANGE_B: | 
| 584 | 584 | ||
| 585 | s->session->cipher = s->s3->tmp.new_cipher; | 585 | s->session->cipher = S3I(s)->tmp.new_cipher; | 
| 586 | if (!s->method->ssl3_enc->setup_key_block(s)) { | 586 | if (!s->method->ssl3_enc->setup_key_block(s)) { | 
| 587 | ret = -1; | 587 | ret = -1; | 
| 588 | goto end; | 588 | goto end; | 
| @@ -617,10 +617,10 @@ dtls1_accept(SSL *s) | |||
| 617 | goto end; | 617 | goto end; | 
| 618 | s->state = SSL3_ST_SW_FLUSH; | 618 | s->state = SSL3_ST_SW_FLUSH; | 
| 619 | if (s->hit) { | 619 | if (s->hit) { | 
| 620 | s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; | 620 | S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A; | 
| 621 | 621 | ||
| 622 | } else { | 622 | } else { | 
| 623 | s->s3->tmp.next_state = SSL_ST_OK; | 623 | S3I(s)->tmp.next_state = SSL_ST_OK; | 
| 624 | } | 624 | } | 
| 625 | s->init_num = 0; | 625 | s->init_num = 0; | 
| 626 | break; | 626 | break; | 
| @@ -666,7 +666,7 @@ dtls1_accept(SSL *s) | |||
| 666 | /* break; */ | 666 | /* break; */ | 
| 667 | } | 667 | } | 
| 668 | 668 | ||
| 669 | if (!s->s3->tmp.reuse_message && !skip) { | 669 | if (!S3I(s)->tmp.reuse_message && !skip) { | 
| 670 | if (s->debug) { | 670 | if (s->debug) { | 
| 671 | if ((ret = BIO_flush(s->wbio)) <= 0) | 671 | if ((ret = BIO_flush(s->wbio)) <= 0) | 
| 672 | goto end; | 672 | goto end; | 
| diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index 35bc271f00..a80d196290 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s23_srvr.c,v 1.49 2017/01/03 16:57:15 jsing Exp $ */ | 1 | /* $OpenBSD: s23_srvr.c,v 1.50 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -407,9 +407,9 @@ ssl23_get_client_hello(SSL *s) | |||
| 407 | l2n3((long)i, d_len); | 407 | l2n3((long)i, d_len); | 
| 408 | 408 | ||
| 409 | /* get the data reused from the init_buf */ | 409 | /* get the data reused from the init_buf */ | 
| 410 | s->s3->tmp.reuse_message = 1; | 410 | S3I(s)->tmp.reuse_message = 1; | 
| 411 | s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO; | 411 | S3I(s)->tmp.message_type = SSL3_MT_CLIENT_HELLO; | 
| 412 | s->s3->tmp.message_size = i; | 412 | S3I(s)->tmp.message_size = i; | 
| 413 | } | 413 | } | 
| 414 | 414 | ||
| 415 | /* imaginary new state (for program structure): */ | 415 | /* imaginary new state (for program structure): */ | 
| diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 51429d907a..7381286326 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_both.c,v 1.50 2016/12/30 15:12:45 jsing Exp $ */ | 1 | /* $OpenBSD: s3_both.c,v 1.51 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -174,23 +174,23 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) | |||
| 174 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); | 174 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); | 
| 175 | 175 | ||
| 176 | if (s->method->ssl3_enc->final_finish_mac(s, sender, slen, | 176 | if (s->method->ssl3_enc->final_finish_mac(s, sender, slen, | 
| 177 | s->s3->tmp.finish_md) != md_len) | 177 | S3I(s)->tmp.finish_md) != md_len) | 
| 178 | return (0); | 178 | return (0); | 
| 179 | s->s3->tmp.finish_md_len = md_len; | 179 | S3I(s)->tmp.finish_md_len = md_len; | 
| 180 | 180 | ||
| 181 | /* Copy finished so we can use it for renegotiation checks. */ | 181 | /* Copy finished so we can use it for renegotiation checks. */ | 
| 182 | if (s->type == SSL_ST_CONNECT) { | 182 | if (s->type == SSL_ST_CONNECT) { | 
| 183 | memcpy(s->s3->previous_client_finished, | 183 | memcpy(S3I(s)->previous_client_finished, | 
| 184 | s->s3->tmp.finish_md, md_len); | 184 | S3I(s)->tmp.finish_md, md_len); | 
| 185 | s->s3->previous_client_finished_len = md_len; | 185 | S3I(s)->previous_client_finished_len = md_len; | 
| 186 | } else { | 186 | } else { | 
| 187 | memcpy(s->s3->previous_server_finished, | 187 | memcpy(S3I(s)->previous_server_finished, | 
| 188 | s->s3->tmp.finish_md, md_len); | 188 | S3I(s)->tmp.finish_md, md_len); | 
| 189 | s->s3->previous_server_finished_len = md_len; | 189 | S3I(s)->previous_server_finished_len = md_len; | 
| 190 | } | 190 | } | 
| 191 | 191 | ||
| 192 | p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED); | 192 | p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED); | 
| 193 | memcpy(p, s->s3->tmp.finish_md, md_len); | 193 | memcpy(p, S3I(s)->tmp.finish_md, md_len); | 
| 194 | ssl3_handshake_msg_finish(s, md_len); | 194 | ssl3_handshake_msg_finish(s, md_len); | 
| 195 | 195 | ||
| 196 | s->state = b; | 196 | s->state = b; | 
| @@ -213,7 +213,7 @@ ssl3_take_mac(SSL *s) | |||
| 213 | * If no new cipher setup return immediately: other functions will | 213 | * If no new cipher setup return immediately: other functions will | 
| 214 | * set the appropriate error. | 214 | * set the appropriate error. | 
| 215 | */ | 215 | */ | 
| 216 | if (s->s3->tmp.new_cipher == NULL) | 216 | if (S3I(s)->tmp.new_cipher == NULL) | 
| 217 | return; | 217 | return; | 
| 218 | 218 | ||
| 219 | if (s->state & SSL_ST_CONNECT) { | 219 | if (s->state & SSL_ST_CONNECT) { | 
| @@ -224,9 +224,9 @@ ssl3_take_mac(SSL *s) | |||
| 224 | slen = s->method->ssl3_enc->client_finished_label_len; | 224 | slen = s->method->ssl3_enc->client_finished_label_len; | 
| 225 | } | 225 | } | 
| 226 | 226 | ||
| 227 | s->s3->tmp.peer_finish_md_len = | 227 | S3I(s)->tmp.peer_finish_md_len = | 
| 228 | s->method->ssl3_enc->final_finish_mac(s, sender, slen, | 228 | s->method->ssl3_enc->final_finish_mac(s, sender, slen, | 
| 229 | s->s3->tmp.peer_finish_md); | 229 | S3I(s)->tmp.peer_finish_md); | 
| 230 | } | 230 | } | 
| 231 | 231 | ||
| 232 | int | 232 | int | 
| @@ -242,12 +242,12 @@ ssl3_get_finished(SSL *s, int a, int b) | |||
| 242 | return ((int)n); | 242 | return ((int)n); | 
| 243 | 243 | ||
| 244 | /* If this occurs, we have missed a message */ | 244 | /* If this occurs, we have missed a message */ | 
| 245 | if (!s->s3->change_cipher_spec) { | 245 | if (!S3I(s)->change_cipher_spec) { | 
| 246 | al = SSL_AD_UNEXPECTED_MESSAGE; | 246 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| 247 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS); | 247 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS); | 
| 248 | goto f_err; | 248 | goto f_err; | 
| 249 | } | 249 | } | 
| 250 | s->s3->change_cipher_spec = 0; | 250 | S3I(s)->change_cipher_spec = 0; | 
| 251 | 251 | ||
| 252 | md_len = s->method->ssl3_enc->finish_mac_length; | 252 | md_len = s->method->ssl3_enc->finish_mac_length; | 
| 253 | 253 | ||
| @@ -259,14 +259,14 @@ ssl3_get_finished(SSL *s, int a, int b) | |||
| 259 | 259 | ||
| 260 | CBS_init(&cbs, s->init_msg, n); | 260 | CBS_init(&cbs, s->init_msg, n); | 
| 261 | 261 | ||
| 262 | if (s->s3->tmp.peer_finish_md_len != md_len || | 262 | if (S3I(s)->tmp.peer_finish_md_len != md_len || | 
| 263 | CBS_len(&cbs) != md_len) { | 263 | CBS_len(&cbs) != md_len) { | 
| 264 | al = SSL_AD_DECODE_ERROR; | 264 | al = SSL_AD_DECODE_ERROR; | 
| 265 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); | 265 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); | 
| 266 | goto f_err; | 266 | goto f_err; | 
| 267 | } | 267 | } | 
| 268 | 268 | ||
| 269 | if (!CBS_mem_equal(&cbs, s->s3->tmp.peer_finish_md, CBS_len(&cbs))) { | 269 | if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) { | 
| 270 | al = SSL_AD_DECRYPT_ERROR; | 270 | al = SSL_AD_DECRYPT_ERROR; | 
| 271 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); | 271 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); | 
| 272 | goto f_err; | 272 | goto f_err; | 
| @@ -275,13 +275,13 @@ ssl3_get_finished(SSL *s, int a, int b) | |||
| 275 | /* Copy finished so we can use it for renegotiation checks. */ | 275 | /* Copy finished so we can use it for renegotiation checks. */ | 
| 276 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); | 276 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); | 
| 277 | if (s->type == SSL_ST_ACCEPT) { | 277 | if (s->type == SSL_ST_ACCEPT) { | 
| 278 | memcpy(s->s3->previous_client_finished, | 278 | memcpy(S3I(s)->previous_client_finished, | 
| 279 | s->s3->tmp.peer_finish_md, md_len); | 279 | S3I(s)->tmp.peer_finish_md, md_len); | 
| 280 | s->s3->previous_client_finished_len = md_len; | 280 | S3I(s)->previous_client_finished_len = md_len; | 
| 281 | } else { | 281 | } else { | 
| 282 | memcpy(s->s3->previous_server_finished, | 282 | memcpy(S3I(s)->previous_server_finished, | 
| 283 | s->s3->tmp.peer_finish_md, md_len); | 283 | S3I(s)->tmp.peer_finish_md, md_len); | 
| 284 | s->s3->previous_server_finished_len = md_len; | 284 | S3I(s)->previous_server_finished_len = md_len; | 
| 285 | } | 285 | } | 
| 286 | 286 | ||
| 287 | return (1); | 287 | return (1); | 
| @@ -292,8 +292,8 @@ f_err: | |||
| 292 | 292 | ||
| 293 | /* for these 2 messages, we need to | 293 | /* for these 2 messages, we need to | 
| 294 | * ssl->enc_read_ctx re-init | 294 | * ssl->enc_read_ctx re-init | 
| 295 | * ssl->s3->read_sequence zero | 295 | * ssl->s3->internal->read_sequence zero | 
| 296 | * ssl->s3->read_mac_secret re-init | 296 | * ssl->s3->internal->read_mac_secret re-init | 
| 297 | * ssl->session->read_sym_enc assign | 297 | * ssl->session->read_sym_enc assign | 
| 298 | * ssl->session->read_hash assign | 298 | * ssl->session->read_hash assign | 
| 299 | */ | 299 | */ | 
| @@ -416,9 +416,9 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 416 | CBS cbs; | 416 | CBS cbs; | 
| 417 | uint8_t u8; | 417 | uint8_t u8; | 
| 418 | 418 | ||
| 419 | if (s->s3->tmp.reuse_message) { | 419 | if (S3I(s)->tmp.reuse_message) { | 
| 420 | s->s3->tmp.reuse_message = 0; | 420 | S3I(s)->tmp.reuse_message = 0; | 
| 421 | if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { | 421 | if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { | 
| 422 | al = SSL_AD_UNEXPECTED_MESSAGE; | 422 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| 423 | SSLerr(SSL_F_SSL3_GET_MESSAGE, | 423 | SSLerr(SSL_F_SSL3_GET_MESSAGE, | 
| 424 | SSL_R_UNEXPECTED_MESSAGE); | 424 | SSL_R_UNEXPECTED_MESSAGE); | 
| @@ -426,7 +426,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 426 | } | 426 | } | 
| 427 | *ok = 1; | 427 | *ok = 1; | 
| 428 | s->init_msg = s->init_buf->data + 4; | 428 | s->init_msg = s->init_buf->data + 4; | 
| 429 | s->init_num = (int)s->s3->tmp.message_size; | 429 | s->init_num = (int)S3I(s)->tmp.message_size; | 
| 430 | return s->init_num; | 430 | return s->init_num; | 
| 431 | } | 431 | } | 
| 432 | 432 | ||
| @@ -484,7 +484,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 484 | SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); | 484 | SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); | 
| 485 | goto err; | 485 | goto err; | 
| 486 | } | 486 | } | 
| 487 | s->s3->tmp.message_type = u8; | 487 | S3I(s)->tmp.message_type = u8; | 
| 488 | 488 | ||
| 489 | if (l > (unsigned long)max) { | 489 | if (l > (unsigned long)max) { | 
| 490 | al = SSL_AD_ILLEGAL_PARAMETER; | 490 | al = SSL_AD_ILLEGAL_PARAMETER; | 
| @@ -496,7 +496,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 496 | SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); | 496 | SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); | 
| 497 | goto err; | 497 | goto err; | 
| 498 | } | 498 | } | 
| 499 | s->s3->tmp.message_size = l; | 499 | S3I(s)->tmp.message_size = l; | 
| 500 | s->state = stn; | 500 | s->state = stn; | 
| 501 | 501 | ||
| 502 | s->init_msg = s->init_buf->data + 4; | 502 | s->init_msg = s->init_buf->data + 4; | 
| @@ -505,7 +505,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 505 | 505 | ||
| 506 | /* next state (stn) */ | 506 | /* next state (stn) */ | 
| 507 | p = s->init_msg; | 507 | p = s->init_msg; | 
| 508 | n = s->s3->tmp.message_size - s->init_num; | 508 | n = S3I(s)->tmp.message_size - s->init_num; | 
| 509 | while (n > 0) { | 509 | while (n > 0) { | 
| 510 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, | 510 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, | 
| 511 | &p[s->init_num], n, 0); | 511 | &p[s->init_num], n, 0); | 
| diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index d75ceb9d2d..0d3f09728e 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.161 2017/01/22 07:16:39 beck Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.162 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -293,7 +293,7 @@ ssl3_connect(SSL *s) | |||
| 293 | break; | 293 | break; | 
| 294 | } | 294 | } | 
| 295 | /* Check if it is anon DH/ECDH. */ | 295 | /* Check if it is anon DH/ECDH. */ | 
| 296 | if (!(s->s3->tmp.new_cipher->algorithm_auth & | 296 | if (!(S3I(s)->tmp.new_cipher->algorithm_auth & | 
| 297 | SSL_aNULL)) { | 297 | SSL_aNULL)) { | 
| 298 | ret = ssl3_get_server_certificate(s); | 298 | ret = ssl3_get_server_certificate(s); | 
| 299 | if (ret <= 0) | 299 | if (ret <= 0) | 
| @@ -341,7 +341,7 @@ ssl3_connect(SSL *s) | |||
| 341 | ret = ssl3_get_server_done(s); | 341 | ret = ssl3_get_server_done(s); | 
| 342 | if (ret <= 0) | 342 | if (ret <= 0) | 
| 343 | goto end; | 343 | goto end; | 
| 344 | if (s->s3->tmp.cert_req) | 344 | if (S3I(s)->tmp.cert_req) | 
| 345 | s->state = SSL3_ST_CW_CERT_A; | 345 | s->state = SSL3_ST_CW_CERT_A; | 
| 346 | else | 346 | else | 
| 347 | s->state = SSL3_ST_CW_KEY_EXCH_A; | 347 | s->state = SSL3_ST_CW_KEY_EXCH_A; | 
| @@ -381,15 +381,15 @@ ssl3_connect(SSL *s) | |||
| 381 | * message when client's ECDH public key is sent | 381 | * message when client's ECDH public key is sent | 
| 382 | * inside the client certificate. | 382 | * inside the client certificate. | 
| 383 | */ | 383 | */ | 
| 384 | if (s->s3->tmp.cert_req == 1) { | 384 | if (S3I(s)->tmp.cert_req == 1) { | 
| 385 | s->state = SSL3_ST_CW_CERT_VRFY_A; | 385 | s->state = SSL3_ST_CW_CERT_VRFY_A; | 
| 386 | } else { | 386 | } else { | 
| 387 | s->state = SSL3_ST_CW_CHANGE_A; | 387 | s->state = SSL3_ST_CW_CHANGE_A; | 
| 388 | s->s3->change_cipher_spec = 0; | 388 | S3I(s)->change_cipher_spec = 0; | 
| 389 | } | 389 | } | 
| 390 | if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { | 390 | if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { | 
| 391 | s->state = SSL3_ST_CW_CHANGE_A; | 391 | s->state = SSL3_ST_CW_CHANGE_A; | 
| 392 | s->s3->change_cipher_spec = 0; | 392 | S3I(s)->change_cipher_spec = 0; | 
| 393 | } | 393 | } | 
| 394 | 394 | ||
| 395 | s->init_num = 0; | 395 | s->init_num = 0; | 
| @@ -402,7 +402,7 @@ ssl3_connect(SSL *s) | |||
| 402 | goto end; | 402 | goto end; | 
| 403 | s->state = SSL3_ST_CW_CHANGE_A; | 403 | s->state = SSL3_ST_CW_CHANGE_A; | 
| 404 | s->init_num = 0; | 404 | s->init_num = 0; | 
| 405 | s->s3->change_cipher_spec = 0; | 405 | S3I(s)->change_cipher_spec = 0; | 
| 406 | break; | 406 | break; | 
| 407 | 407 | ||
| 408 | case SSL3_ST_CW_CHANGE_A: | 408 | case SSL3_ST_CW_CHANGE_A: | 
| @@ -412,13 +412,13 @@ ssl3_connect(SSL *s) | |||
| 412 | if (ret <= 0) | 412 | if (ret <= 0) | 
| 413 | goto end; | 413 | goto end; | 
| 414 | 414 | ||
| 415 | if (s->s3->next_proto_neg_seen) | 415 | if (S3I(s)->next_proto_neg_seen) | 
| 416 | s->state = SSL3_ST_CW_NEXT_PROTO_A; | 416 | s->state = SSL3_ST_CW_NEXT_PROTO_A; | 
| 417 | else | 417 | else | 
| 418 | s->state = SSL3_ST_CW_FINISHED_A; | 418 | s->state = SSL3_ST_CW_FINISHED_A; | 
| 419 | s->init_num = 0; | 419 | s->init_num = 0; | 
| 420 | 420 | ||
| 421 | s->session->cipher = s->s3->tmp.new_cipher; | 421 | s->session->cipher = S3I(s)->tmp.new_cipher; | 
| 422 | if (!s->method->ssl3_enc->setup_key_block(s)) { | 422 | if (!s->method->ssl3_enc->setup_key_block(s)) { | 
| 423 | ret = -1; | 423 | ret = -1; | 
| 424 | goto end; | 424 | goto end; | 
| @@ -454,21 +454,21 @@ ssl3_connect(SSL *s) | |||
| 454 | /* clear flags */ | 454 | /* clear flags */ | 
| 455 | s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; | 455 | s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; | 
| 456 | if (s->hit) { | 456 | if (s->hit) { | 
| 457 | s->s3->tmp.next_state = SSL_ST_OK; | 457 | S3I(s)->tmp.next_state = SSL_ST_OK; | 
| 458 | if (s->s3->flags & | 458 | if (s->s3->flags & | 
| 459 | SSL3_FLAGS_DELAY_CLIENT_FINISHED) { | 459 | SSL3_FLAGS_DELAY_CLIENT_FINISHED) { | 
| 460 | s->state = SSL_ST_OK; | 460 | s->state = SSL_ST_OK; | 
| 461 | s->s3->flags|=SSL3_FLAGS_POP_BUFFER; | 461 | s->s3->flags|=SSL3_FLAGS_POP_BUFFER; | 
| 462 | s->s3->delay_buf_pop_ret = 0; | 462 | S3I(s)->delay_buf_pop_ret = 0; | 
| 463 | } | 463 | } | 
| 464 | } else { | 464 | } else { | 
| 465 | /* Allow NewSessionTicket if ticket expected */ | 465 | /* Allow NewSessionTicket if ticket expected */ | 
| 466 | if (s->tlsext_ticket_expected) | 466 | if (s->tlsext_ticket_expected) | 
| 467 | s->s3->tmp.next_state = | 467 | S3I(s)->tmp.next_state = | 
| 468 | SSL3_ST_CR_SESSION_TICKET_A; | 468 | SSL3_ST_CR_SESSION_TICKET_A; | 
| 469 | else | 469 | else | 
| 470 | 470 | ||
| 471 | s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; | 471 | S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A; | 
| 472 | } | 472 | } | 
| 473 | s->init_num = 0; | 473 | s->init_num = 0; | 
| 474 | break; | 474 | break; | 
| @@ -513,7 +513,7 @@ ssl3_connect(SSL *s) | |||
| 513 | goto end; | 513 | goto end; | 
| 514 | } | 514 | } | 
| 515 | s->rwstate = SSL_NOTHING; | 515 | s->rwstate = SSL_NOTHING; | 
| 516 | s->state = s->s3->tmp.next_state; | 516 | s->state = S3I(s)->tmp.next_state; | 
| 517 | break; | 517 | break; | 
| 518 | 518 | ||
| 519 | case SSL_ST_OK: | 519 | case SSL_ST_OK: | 
| @@ -561,7 +561,7 @@ ssl3_connect(SSL *s) | |||
| 561 | } | 561 | } | 
| 562 | 562 | ||
| 563 | /* did we do anything */ | 563 | /* did we do anything */ | 
| 564 | if (!s->s3->tmp.reuse_message && !skip) { | 564 | if (!S3I(s)->tmp.reuse_message && !skip) { | 
| 565 | if (s->debug) { | 565 | if (s->debug) { | 
| 566 | if ((ret = BIO_flush(s->wbio)) <= 0) | 566 | if ((ret = BIO_flush(s->wbio)) <= 0) | 
| 567 | goto end; | 567 | goto end; | 
| @@ -742,9 +742,9 @@ ssl3_get_server_hello(SSL *s) | |||
| 742 | CBS_init(&cbs, s->init_msg, n); | 742 | CBS_init(&cbs, s->init_msg, n); | 
| 743 | 743 | ||
| 744 | if (SSL_IS_DTLS(s)) { | 744 | if (SSL_IS_DTLS(s)) { | 
| 745 | if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { | 745 | if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { | 
| 746 | if (D1I(s)->send_cookie == 0) { | 746 | if (D1I(s)->send_cookie == 0) { | 
| 747 | s->s3->tmp.reuse_message = 1; | 747 | S3I(s)->tmp.reuse_message = 1; | 
| 748 | return (1); | 748 | return (1); | 
| 749 | } else { | 749 | } else { | 
| 750 | /* Already sent a cookie. */ | 750 | /* Already sent a cookie. */ | 
| @@ -756,7 +756,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 756 | } | 756 | } | 
| 757 | } | 757 | } | 
| 758 | 758 | ||
| 759 | if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) { | 759 | if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) { | 
| 760 | al = SSL_AD_UNEXPECTED_MESSAGE; | 760 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| 761 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | 761 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | 
| 762 | SSL_R_BAD_MESSAGE_TYPE); | 762 | SSL_R_BAD_MESSAGE_TYPE); | 
| @@ -887,13 +887,13 @@ ssl3_get_server_hello(SSL *s) | |||
| 887 | SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); | 887 | SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); | 
| 888 | goto f_err; | 888 | goto f_err; | 
| 889 | } | 889 | } | 
| 890 | s->s3->tmp.new_cipher = cipher; | 890 | S3I(s)->tmp.new_cipher = cipher; | 
| 891 | 891 | ||
| 892 | /* | 892 | /* | 
| 893 | * Don't digest cached records if no sigalgs: we may need them for | 893 | * Don't digest cached records if no sigalgs: we may need them for | 
| 894 | * client authentication. | 894 | * client authentication. | 
| 895 | */ | 895 | */ | 
| 896 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 896 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 897 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && | 897 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && | 
| 898 | !tls1_digest_cached_records(s)) { | 898 | !tls1_digest_cached_records(s)) { | 
| 899 | al = SSL_AD_INTERNAL_ERROR; | 899 | al = SSL_AD_INTERNAL_ERROR; | 
| @@ -956,12 +956,12 @@ ssl3_get_server_certificate(SSL *s) | |||
| 956 | if (!ok) | 956 | if (!ok) | 
| 957 | return ((int)n); | 957 | return ((int)n); | 
| 958 | 958 | ||
| 959 | if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { | 959 | if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { | 
| 960 | s->s3->tmp.reuse_message = 1; | 960 | S3I(s)->tmp.reuse_message = 1; | 
| 961 | return (1); | 961 | return (1); | 
| 962 | } | 962 | } | 
| 963 | 963 | ||
| 964 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { | 964 | if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { | 
| 965 | al = SSL_AD_UNEXPECTED_MESSAGE; | 965 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| 966 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 966 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 
| 967 | SSL_R_BAD_MESSAGE_TYPE); | 967 | SSL_R_BAD_MESSAGE_TYPE); | 
| @@ -1113,7 +1113,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) | |||
| 1113 | long alg_a; | 1113 | long alg_a; | 
| 1114 | int al; | 1114 | int al; | 
| 1115 | 1115 | ||
| 1116 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 1116 | alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 
| 1117 | sc = s->session->sess_cert; | 1117 | sc = s->session->sess_cert; | 
| 1118 | 1118 | ||
| 1119 | if (*nn < 0) | 1119 | if (*nn < 0) | 
| @@ -1280,7 +1280,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) | |||
| 1280 | int nid; | 1280 | int nid; | 
| 1281 | int al; | 1281 | int al; | 
| 1282 | 1282 | ||
| 1283 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 1283 | alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 
| 1284 | sc = s->session->sess_cert; | 1284 | sc = s->session->sess_cert; | 
| 1285 | 1285 | ||
| 1286 | if (*nn < 0) | 1286 | if (*nn < 0) | 
| @@ -1366,8 +1366,8 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1366 | const EVP_MD *md = NULL; | 1366 | const EVP_MD *md = NULL; | 
| 1367 | RSA *rsa = NULL; | 1367 | RSA *rsa = NULL; | 
| 1368 | 1368 | ||
| 1369 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 1369 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 1370 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 1370 | alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 
| 1371 | 1371 | ||
| 1372 | /* | 1372 | /* | 
| 1373 | * Use same message size as in ssl3_get_certificate_request() | 1373 | * Use same message size as in ssl3_get_certificate_request() | 
| @@ -1380,7 +1380,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1380 | 1380 | ||
| 1381 | EVP_MD_CTX_init(&md_ctx); | 1381 | EVP_MD_CTX_init(&md_ctx); | 
| 1382 | 1382 | ||
| 1383 | if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { | 1383 | if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { | 
| 1384 | /* | 1384 | /* | 
| 1385 | * Do not skip server key exchange if this cipher suite uses | 1385 | * Do not skip server key exchange if this cipher suite uses | 
| 1386 | * ephemeral keys. | 1386 | * ephemeral keys. | 
| @@ -1392,7 +1392,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1392 | goto f_err; | 1392 | goto f_err; | 
| 1393 | } | 1393 | } | 
| 1394 | 1394 | ||
| 1395 | s->s3->tmp.reuse_message = 1; | 1395 | S3I(s)->tmp.reuse_message = 1; | 
| 1396 | EVP_MD_CTX_cleanup(&md_ctx); | 1396 | EVP_MD_CTX_cleanup(&md_ctx); | 
| 1397 | return (1); | 1397 | return (1); | 
| 1398 | } | 1398 | } | 
| @@ -1585,22 +1585,22 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1585 | if (!ok) | 1585 | if (!ok) | 
| 1586 | return ((int)n); | 1586 | return ((int)n); | 
| 1587 | 1587 | ||
| 1588 | s->s3->tmp.cert_req = 0; | 1588 | S3I(s)->tmp.cert_req = 0; | 
| 1589 | 1589 | ||
| 1590 | if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) { | 1590 | if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_DONE) { | 
| 1591 | s->s3->tmp.reuse_message = 1; | 1591 | S3I(s)->tmp.reuse_message = 1; | 
| 1592 | /* | 1592 | /* | 
| 1593 | * If we get here we don't need any cached handshake records | 1593 | * If we get here we don't need any cached handshake records | 
| 1594 | * as we wont be doing client auth. | 1594 | * as we wont be doing client auth. | 
| 1595 | */ | 1595 | */ | 
| 1596 | if (s->s3->handshake_buffer) { | 1596 | if (S3I(s)->handshake_buffer) { | 
| 1597 | if (!tls1_digest_cached_records(s)) | 1597 | if (!tls1_digest_cached_records(s)) | 
| 1598 | goto err; | 1598 | goto err; | 
| 1599 | } | 1599 | } | 
| 1600 | return (1); | 1600 | return (1); | 
| 1601 | } | 1601 | } | 
| 1602 | 1602 | ||
| 1603 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { | 1603 | if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { | 
| 1604 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); | 1604 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); | 
| 1605 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1605 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 
| 1606 | SSL_R_WRONG_MESSAGE_TYPE); | 1606 | SSL_R_WRONG_MESSAGE_TYPE); | 
| @@ -1608,7 +1608,7 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1608 | } | 1608 | } | 
| 1609 | 1609 | ||
| 1610 | /* TLS does not like anon-DH with client cert */ | 1610 | /* TLS does not like anon-DH with client cert */ | 
| 1611 | if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { | 1611 | if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) { | 
| 1612 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); | 1612 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); | 
| 1613 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1613 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 
| 1614 | SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); | 1614 | SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); | 
| @@ -1632,8 +1632,8 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1632 | if (ctype_num > SSL3_CT_NUMBER) | 1632 | if (ctype_num > SSL3_CT_NUMBER) | 
| 1633 | ctype_num = SSL3_CT_NUMBER; | 1633 | ctype_num = SSL3_CT_NUMBER; | 
| 1634 | if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) || | 1634 | if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) || | 
| 1635 | !CBS_write_bytes(&ctypes, (uint8_t *)s->s3->tmp.ctype, | 1635 | !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype, | 
| 1636 | sizeof(s->s3->tmp.ctype), NULL)) { | 1636 | sizeof(S3I(s)->tmp.ctype), NULL)) { | 
| 1637 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 1637 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | 
| 1638 | SSL_R_DATA_LENGTH_TOO_LONG); | 1638 | SSL_R_DATA_LENGTH_TOO_LONG); | 
| 1639 | goto err; | 1639 | goto err; | 
| @@ -1722,11 +1722,11 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1722 | } | 1722 | } | 
| 1723 | 1723 | ||
| 1724 | /* we should setup a certificate to return.... */ | 1724 | /* we should setup a certificate to return.... */ | 
| 1725 | s->s3->tmp.cert_req = 1; | 1725 | S3I(s)->tmp.cert_req = 1; | 
| 1726 | s->s3->tmp.ctype_num = ctype_num; | 1726 | S3I(s)->tmp.ctype_num = ctype_num; | 
| 1727 | if (s->s3->tmp.ca_names != NULL) | 1727 | if (S3I(s)->tmp.ca_names != NULL) | 
| 1728 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); | 1728 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); | 
| 1729 | s->s3->tmp.ca_names = ca_sk; | 1729 | S3I(s)->tmp.ca_names = ca_sk; | 
| 1730 | ca_sk = NULL; | 1730 | ca_sk = NULL; | 
| 1731 | 1731 | ||
| 1732 | ret = 1; | 1732 | ret = 1; | 
| @@ -1761,11 +1761,11 @@ ssl3_get_new_session_ticket(SSL *s) | |||
| 1761 | if (!ok) | 1761 | if (!ok) | 
| 1762 | return ((int)n); | 1762 | return ((int)n); | 
| 1763 | 1763 | ||
| 1764 | if (s->s3->tmp.message_type == SSL3_MT_FINISHED) { | 1764 | if (S3I(s)->tmp.message_type == SSL3_MT_FINISHED) { | 
| 1765 | s->s3->tmp.reuse_message = 1; | 1765 | S3I(s)->tmp.reuse_message = 1; | 
| 1766 | return (1); | 1766 | return (1); | 
| 1767 | } | 1767 | } | 
| 1768 | if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { | 1768 | if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { | 
| 1769 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1769 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| 1770 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, | 1770 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, | 
| 1771 | SSL_R_BAD_MESSAGE_TYPE); | 1771 | SSL_R_BAD_MESSAGE_TYPE); | 
| @@ -2255,7 +2255,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb) | |||
| 2255 | /* | 2255 | /* | 
| 2256 | * If we have client certificate, use its secret as peer key. | 2256 | * If we have client certificate, use its secret as peer key. | 
| 2257 | */ | 2257 | */ | 
| 2258 | if (s->s3->tmp.cert_req && s->cert->key->privatekey) { | 2258 | if (S3I(s)->tmp.cert_req && s->cert->key->privatekey) { | 
| 2259 | if (EVP_PKEY_derive_set_peer(pkey_ctx, | 2259 | if (EVP_PKEY_derive_set_peer(pkey_ctx, | 
| 2260 | s->cert->key->privatekey) <=0) { | 2260 | s->cert->key->privatekey) <=0) { | 
| 2261 | /* | 2261 | /* | 
| @@ -2339,7 +2339,7 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2339 | memset(&cbb, 0, sizeof(cbb)); | 2339 | memset(&cbb, 0, sizeof(cbb)); | 
| 2340 | 2340 | ||
| 2341 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) { | 2341 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) { | 
| 2342 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 2342 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 2343 | 2343 | ||
| 2344 | if ((sess_cert = s->session->sess_cert) == NULL) { | 2344 | if ((sess_cert = s->session->sess_cert) == NULL) { | 
| 2345 | ssl3_send_alert(s, SSL3_AL_FATAL, | 2345 | ssl3_send_alert(s, SSL3_AL_FATAL, | 
| @@ -2427,7 +2427,7 @@ ssl3_send_client_verify(SSL *s) | |||
| 2427 | long hdatalen = 0; | 2427 | long hdatalen = 0; | 
| 2428 | void *hdata; | 2428 | void *hdata; | 
| 2429 | const EVP_MD *md = s->cert->key->digest; | 2429 | const EVP_MD *md = s->cert->key->digest; | 
| 2430 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, | 2430 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, | 
| 2431 | &hdata); | 2431 | &hdata); | 
| 2432 | if (hdatalen <= 0 || | 2432 | if (hdatalen <= 0 || | 
| 2433 | !tls12_get_sigandhash(p, pkey, md)) { | 2433 | !tls12_get_sigandhash(p, pkey, md)) { | 
| @@ -2491,7 +2491,7 @@ ssl3_send_client_verify(SSL *s) | |||
| 2491 | int nid; | 2491 | int nid; | 
| 2492 | size_t sigsize; | 2492 | size_t sigsize; | 
| 2493 | 2493 | ||
| 2494 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); | 2494 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); | 
| 2495 | if (hdatalen <= 0) { | 2495 | if (hdatalen <= 0) { | 
| 2496 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | 2496 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | 
| 2497 | ERR_R_INTERNAL_ERROR); | 2497 | ERR_R_INTERNAL_ERROR); | 
| @@ -2590,7 +2590,7 @@ ssl3_send_client_certificate(SSL *s) | |||
| 2590 | X509_free(x509); | 2590 | X509_free(x509); | 
| 2591 | EVP_PKEY_free(pkey); | 2591 | EVP_PKEY_free(pkey); | 
| 2592 | if (i == 0) | 2592 | if (i == 0) | 
| 2593 | s->s3->tmp.cert_req = 2; | 2593 | S3I(s)->tmp.cert_req = 2; | 
| 2594 | 2594 | ||
| 2595 | /* Ok, we have a cert */ | 2595 | /* Ok, we have a cert */ | 
| 2596 | s->state = SSL3_ST_CW_CERT_C; | 2596 | s->state = SSL3_ST_CW_CERT_C; | 
| @@ -2601,7 +2601,7 @@ ssl3_send_client_certificate(SSL *s) | |||
| 2601 | SSL3_MT_CERTIFICATE)) | 2601 | SSL3_MT_CERTIFICATE)) | 
| 2602 | goto err; | 2602 | goto err; | 
| 2603 | if (!ssl3_output_cert_chain(s, &client_cert, | 2603 | if (!ssl3_output_cert_chain(s, &client_cert, | 
| 2604 | (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509)) | 2604 | (S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key->x509)) | 
| 2605 | goto err; | 2605 | goto err; | 
| 2606 | if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) | 2606 | if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) | 
| 2607 | goto err; | 2607 | goto err; | 
| @@ -2629,8 +2629,8 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2629 | SESS_CERT *sc; | 2629 | SESS_CERT *sc; | 
| 2630 | DH *dh; | 2630 | DH *dh; | 
| 2631 | 2631 | ||
| 2632 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 2632 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 2633 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 2633 | alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 
| 2634 | 2634 | ||
| 2635 | /* We don't have a certificate. */ | 2635 | /* We don't have a certificate. */ | 
| 2636 | if (alg_a & SSL_aNULL) | 2636 | if (alg_a & SSL_aNULL) | 
| @@ -2740,9 +2740,9 @@ ssl3_check_finished(SSL *s) | |||
| 2740 | SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); | 2740 | SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); | 
| 2741 | if (!ok) | 2741 | if (!ok) | 
| 2742 | return ((int)n); | 2742 | return ((int)n); | 
| 2743 | s->s3->tmp.reuse_message = 1; | 2743 | S3I(s)->tmp.reuse_message = 1; | 
| 2744 | if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) || | 2744 | if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) || | 
| 2745 | (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) | 2745 | (S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) | 
| 2746 | return (2); | 2746 | return (2); | 
| 2747 | 2747 | ||
| 2748 | return (1); | 2748 | return (1); | 
| diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index ef7a368d8f..990ce2153d 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.119 2017/01/22 06:36:49 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.120 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -1681,8 +1681,8 @@ ssl3_pending(const SSL *s) | |||
| 1681 | if (s->rstate == SSL_ST_READ_BODY) | 1681 | if (s->rstate == SSL_ST_READ_BODY) | 
| 1682 | return 0; | 1682 | return 0; | 
| 1683 | 1683 | ||
| 1684 | return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? | 1684 | return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ? | 
| 1685 | s->s3->rrec.length : 0; | 1685 | S3I(s)->rrec.length : 0; | 
| 1686 | } | 1686 | } | 
| 1687 | 1687 | ||
| 1688 | int | 1688 | int | 
| @@ -1811,7 +1811,7 @@ ssl3_new(SSL *s) | |||
| 1811 | { | 1811 | { | 
| 1812 | if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL) | 1812 | if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL) | 
| 1813 | return (0); | 1813 | return (0); | 
| 1814 | if ((s->s3->internal = calloc(1, sizeof(*s->s3->internal))) == NULL) { | 1814 | if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) { | 
| 1815 | free(s->s3); | 1815 | free(s->s3); | 
| 1816 | return (0); | 1816 | return (0); | 
| 1817 | } | 1817 | } | 
| @@ -1831,21 +1831,21 @@ ssl3_free(SSL *s) | |||
| 1831 | ssl3_release_read_buffer(s); | 1831 | ssl3_release_read_buffer(s); | 
| 1832 | ssl3_release_write_buffer(s); | 1832 | ssl3_release_write_buffer(s); | 
| 1833 | 1833 | ||
| 1834 | DH_free(s->s3->tmp.dh); | 1834 | DH_free(S3I(s)->tmp.dh); | 
| 1835 | EC_KEY_free(s->s3->tmp.ecdh); | 1835 | EC_KEY_free(S3I(s)->tmp.ecdh); | 
| 1836 | 1836 | ||
| 1837 | if (s->s3->tmp.x25519 != NULL) | 1837 | if (S3I(s)->tmp.x25519 != NULL) | 
| 1838 | explicit_bzero(s->s3->tmp.x25519, X25519_KEY_LENGTH); | 1838 | explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); | 
| 1839 | free(s->s3->tmp.x25519); | 1839 | free(S3I(s)->tmp.x25519); | 
| 1840 | 1840 | ||
| 1841 | if (s->s3->tmp.ca_names != NULL) | 1841 | if (S3I(s)->tmp.ca_names != NULL) | 
| 1842 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); | 1842 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); | 
| 1843 | BIO_free(s->s3->handshake_buffer); | 1843 | BIO_free(S3I(s)->handshake_buffer); | 
| 1844 | tls1_free_digest_list(s); | 1844 | tls1_free_digest_list(s); | 
| 1845 | free(s->s3->alpn_selected); | 1845 | free(S3I(s)->alpn_selected); | 
| 1846 | 1846 | ||
| 1847 | explicit_bzero(s->s3->internal, sizeof(*s->s3->internal)); | 1847 | explicit_bzero(S3I(s), sizeof(*S3I(s))); | 
| 1848 | free(s->s3->internal); | 1848 | free(S3I(s)); | 
| 1849 | 1849 | ||
| 1850 | explicit_bzero(s->s3, sizeof(*s->s3)); | 1850 | explicit_bzero(s->s3, sizeof(*s->s3)); | 
| 1851 | free(s->s3); | 1851 | free(s->s3); | 
| @@ -1861,36 +1861,36 @@ ssl3_clear(SSL *s) | |||
| 1861 | size_t rlen, wlen; | 1861 | size_t rlen, wlen; | 
| 1862 | 1862 | ||
| 1863 | tls1_cleanup_key_block(s); | 1863 | tls1_cleanup_key_block(s); | 
| 1864 | if (s->s3->tmp.ca_names != NULL) | 1864 | if (S3I(s)->tmp.ca_names != NULL) | 
| 1865 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); | 1865 | sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); | 
| 1866 | 1866 | ||
| 1867 | DH_free(s->s3->tmp.dh); | 1867 | DH_free(S3I(s)->tmp.dh); | 
| 1868 | s->s3->tmp.dh = NULL; | 1868 | S3I(s)->tmp.dh = NULL; | 
| 1869 | EC_KEY_free(s->s3->tmp.ecdh); | 1869 | EC_KEY_free(S3I(s)->tmp.ecdh); | 
| 1870 | s->s3->tmp.ecdh = NULL; | 1870 | S3I(s)->tmp.ecdh = NULL; | 
| 1871 | 1871 | ||
| 1872 | if (s->s3->tmp.x25519 != NULL) | 1872 | if (S3I(s)->tmp.x25519 != NULL) | 
| 1873 | explicit_bzero(s->s3->tmp.x25519, X25519_KEY_LENGTH); | 1873 | explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); | 
| 1874 | free(s->s3->tmp.x25519); | 1874 | free(S3I(s)->tmp.x25519); | 
| 1875 | s->s3->tmp.x25519 = NULL; | 1875 | S3I(s)->tmp.x25519 = NULL; | 
| 1876 | 1876 | ||
| 1877 | rp = s->s3->rbuf.buf; | 1877 | rp = s->s3->rbuf.buf; | 
| 1878 | wp = s->s3->wbuf.buf; | 1878 | wp = s->s3->wbuf.buf; | 
| 1879 | rlen = s->s3->rbuf.len; | 1879 | rlen = s->s3->rbuf.len; | 
| 1880 | wlen = s->s3->wbuf.len; | 1880 | wlen = s->s3->wbuf.len; | 
| 1881 | 1881 | ||
| 1882 | BIO_free(s->s3->handshake_buffer); | 1882 | BIO_free(S3I(s)->handshake_buffer); | 
| 1883 | s->s3->handshake_buffer = NULL; | 1883 | S3I(s)->handshake_buffer = NULL; | 
| 1884 | 1884 | ||
| 1885 | tls1_free_digest_list(s); | 1885 | tls1_free_digest_list(s); | 
| 1886 | 1886 | ||
| 1887 | free(s->s3->alpn_selected); | 1887 | free(S3I(s)->alpn_selected); | 
| 1888 | s->s3->alpn_selected = NULL; | 1888 | S3I(s)->alpn_selected = NULL; | 
| 1889 | 1889 | ||
| 1890 | memset(s->s3->internal, 0, sizeof(*s->s3->internal)); | 1890 | memset(S3I(s), 0, sizeof(*S3I(s))); | 
| 1891 | internal = s->s3->internal; | 1891 | internal = S3I(s); | 
| 1892 | memset(s->s3, 0, sizeof(*s->s3)); | 1892 | memset(s->s3, 0, sizeof(*s->s3)); | 
| 1893 | s->s3->internal = internal; | 1893 | S3I(s) = internal; | 
| 1894 | 1894 | ||
| 1895 | s->s3->rbuf.buf = rp; | 1895 | s->s3->rbuf.buf = rp; | 
| 1896 | s->s3->wbuf.buf = wp; | 1896 | s->s3->wbuf.buf = wp; | 
| @@ -1899,6 +1899,12 @@ ssl3_clear(SSL *s) | |||
| 1899 | 1899 | ||
| 1900 | ssl_free_wbio_buffer(s); | 1900 | ssl_free_wbio_buffer(s); | 
| 1901 | 1901 | ||
| 1902 | /* Not needed... */ | ||
| 1903 | S3I(s)->renegotiate = 0; | ||
| 1904 | S3I(s)->total_renegotiations = 0; | ||
| 1905 | S3I(s)->num_renegotiations = 0; | ||
| 1906 | S3I(s)->in_read_app_data = 0; | ||
| 1907 | |||
| 1902 | s->packet_length = 0; | 1908 | s->packet_length = 0; | 
| 1903 | s->version = TLS1_VERSION; | 1909 | s->version = TLS1_VERSION; | 
| 1904 | 1910 | ||
| @@ -1989,14 +1995,14 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1989 | case SSL_CTRL_GET_CLIENT_CERT_REQUEST: | 1995 | case SSL_CTRL_GET_CLIENT_CERT_REQUEST: | 
| 1990 | break; | 1996 | break; | 
| 1991 | case SSL_CTRL_GET_NUM_RENEGOTIATIONS: | 1997 | case SSL_CTRL_GET_NUM_RENEGOTIATIONS: | 
| 1992 | ret = s->s3->num_renegotiations; | 1998 | ret = S3I(s)->num_renegotiations; | 
| 1993 | break; | 1999 | break; | 
| 1994 | case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: | 2000 | case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: | 
| 1995 | ret = s->s3->num_renegotiations; | 2001 | ret = S3I(s)->num_renegotiations; | 
| 1996 | s->s3->num_renegotiations = 0; | 2002 | S3I(s)->num_renegotiations = 0; | 
| 1997 | break; | 2003 | break; | 
| 1998 | case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: | 2004 | case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: | 
| 1999 | ret = s->s3->total_renegotiations; | 2005 | ret = S3I(s)->total_renegotiations; | 
| 2000 | break; | 2006 | break; | 
| 2001 | case SSL_CTRL_GET_FLAGS: | 2007 | case SSL_CTRL_GET_FLAGS: | 
| 2002 | ret = (int)(s->s3->flags); | 2008 | ret = (int)(s->s3->flags); | 
| @@ -2463,7 +2469,7 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) | |||
| 2463 | int ret = 0; | 2469 | int ret = 0; | 
| 2464 | unsigned long alg_k; | 2470 | unsigned long alg_k; | 
| 2465 | 2471 | ||
| 2466 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 2472 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 2467 | 2473 | ||
| 2468 | #ifndef OPENSSL_NO_GOST | 2474 | #ifndef OPENSSL_NO_GOST | 
| 2469 | if ((alg_k & SSL_kGOST)) { | 2475 | if ((alg_k & SSL_kGOST)) { | 
| @@ -2552,7 +2558,7 @@ ssl3_write(SSL *s, const void *buf, int len) | |||
| 2552 | } | 2558 | } | 
| 2553 | #endif | 2559 | #endif | 
| 2554 | errno = 0; | 2560 | errno = 0; | 
| 2555 | if (s->s3->renegotiate) | 2561 | if (S3I(s)->renegotiate) | 
| 2556 | ssl3_renegotiate_check(s); | 2562 | ssl3_renegotiate_check(s); | 
| 2557 | 2563 | ||
| 2558 | /* | 2564 | /* | 
| @@ -2564,13 +2570,13 @@ ssl3_write(SSL *s, const void *buf, int len) | |||
| 2564 | /* The second test is because the buffer may have been removed */ | 2570 | /* The second test is because the buffer may have been removed */ | 
| 2565 | if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { | 2571 | if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { | 
| 2566 | /* First time through, we write into the buffer */ | 2572 | /* First time through, we write into the buffer */ | 
| 2567 | if (s->s3->delay_buf_pop_ret == 0) { | 2573 | if (S3I(s)->delay_buf_pop_ret == 0) { | 
| 2568 | ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, | 2574 | ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, | 
| 2569 | buf, len); | 2575 | buf, len); | 
| 2570 | if (ret <= 0) | 2576 | if (ret <= 0) | 
| 2571 | return (ret); | 2577 | return (ret); | 
| 2572 | 2578 | ||
| 2573 | s->s3->delay_buf_pop_ret = ret; | 2579 | S3I(s)->delay_buf_pop_ret = ret; | 
| 2574 | } | 2580 | } | 
| 2575 | 2581 | ||
| 2576 | s->rwstate = SSL_WRITING; | 2582 | s->rwstate = SSL_WRITING; | 
| @@ -2583,8 +2589,8 @@ ssl3_write(SSL *s, const void *buf, int len) | |||
| 2583 | ssl_free_wbio_buffer(s); | 2589 | ssl_free_wbio_buffer(s); | 
| 2584 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | 2590 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | 
| 2585 | 2591 | ||
| 2586 | ret = s->s3->delay_buf_pop_ret; | 2592 | ret = S3I(s)->delay_buf_pop_ret; | 
| 2587 | s->s3->delay_buf_pop_ret = 0; | 2593 | S3I(s)->delay_buf_pop_ret = 0; | 
| 2588 | } else { | 2594 | } else { | 
| 2589 | ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, | 2595 | ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, | 
| 2590 | buf, len); | 2596 | buf, len); | 
| @@ -2601,12 +2607,12 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek) | |||
| 2601 | int ret; | 2607 | int ret; | 
| 2602 | 2608 | ||
| 2603 | errno = 0; | 2609 | errno = 0; | 
| 2604 | if (s->s3->renegotiate) | 2610 | if (S3I(s)->renegotiate) | 
| 2605 | ssl3_renegotiate_check(s); | 2611 | ssl3_renegotiate_check(s); | 
| 2606 | s->s3->in_read_app_data = 1; | 2612 | S3I(s)->in_read_app_data = 1; | 
| 2607 | ret = s->method->ssl_read_bytes(s, | 2613 | ret = s->method->ssl_read_bytes(s, | 
| 2608 | SSL3_RT_APPLICATION_DATA, buf, len, peek); | 2614 | SSL3_RT_APPLICATION_DATA, buf, len, peek); | 
| 2609 | if ((ret == -1) && (s->s3->in_read_app_data == 2)) { | 2615 | if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) { | 
| 2610 | /* | 2616 | /* | 
| 2611 | * ssl3_read_bytes decided to call s->handshake_func, which | 2617 | * ssl3_read_bytes decided to call s->handshake_func, which | 
| 2612 | * called ssl3_read_bytes to read handshake data. | 2618 | * called ssl3_read_bytes to read handshake data. | 
| @@ -2619,7 +2625,7 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek) | |||
| 2619 | SSL3_RT_APPLICATION_DATA, buf, len, peek); | 2625 | SSL3_RT_APPLICATION_DATA, buf, len, peek); | 
| 2620 | s->in_handshake--; | 2626 | s->in_handshake--; | 
| 2621 | } else | 2627 | } else | 
| 2622 | s->s3->in_read_app_data = 0; | 2628 | S3I(s)->in_read_app_data = 0; | 
| 2623 | 2629 | ||
| 2624 | return (ret); | 2630 | return (ret); | 
| 2625 | } | 2631 | } | 
| @@ -2645,7 +2651,7 @@ ssl3_renegotiate(SSL *s) | |||
| 2645 | if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) | 2651 | if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) | 
| 2646 | return (0); | 2652 | return (0); | 
| 2647 | 2653 | ||
| 2648 | s->s3->renegotiate = 1; | 2654 | S3I(s)->renegotiate = 1; | 
| 2649 | return (1); | 2655 | return (1); | 
| 2650 | } | 2656 | } | 
| 2651 | 2657 | ||
| @@ -2654,7 +2660,7 @@ ssl3_renegotiate_check(SSL *s) | |||
| 2654 | { | 2660 | { | 
| 2655 | int ret = 0; | 2661 | int ret = 0; | 
| 2656 | 2662 | ||
| 2657 | if (s->s3->renegotiate) { | 2663 | if (S3I(s)->renegotiate) { | 
| 2658 | if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && | 2664 | if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && | 
| 2659 | !SSL_in_init(s)) { | 2665 | !SSL_in_init(s)) { | 
| 2660 | /* | 2666 | /* | 
| @@ -2664,9 +2670,9 @@ ssl3_renegotiate_check(SSL *s) | |||
| 2664 | */ | 2670 | */ | 
| 2665 | /* SSL_ST_ACCEPT */ | 2671 | /* SSL_ST_ACCEPT */ | 
| 2666 | s->state = SSL_ST_RENEGOTIATE; | 2672 | s->state = SSL_ST_RENEGOTIATE; | 
| 2667 | s->s3->renegotiate = 0; | 2673 | S3I(s)->renegotiate = 0; | 
| 2668 | s->s3->num_renegotiations++; | 2674 | S3I(s)->num_renegotiations++; | 
| 2669 | s->s3->total_renegotiations++; | 2675 | S3I(s)->total_renegotiations++; | 
| 2670 | ret = 1; | 2676 | ret = 1; | 
| 2671 | } | 2677 | } | 
| 2672 | } | 2678 | } | 
| @@ -2679,7 +2685,7 @@ ssl3_renegotiate_check(SSL *s) | |||
| 2679 | long | 2685 | long | 
| 2680 | ssl_get_algorithm2(SSL *s) | 2686 | ssl_get_algorithm2(SSL *s) | 
| 2681 | { | 2687 | { | 
| 2682 | long alg2 = s->s3->tmp.new_cipher->algorithm2; | 2688 | long alg2 = S3I(s)->tmp.new_cipher->algorithm2; | 
| 2683 | 2689 | ||
| 2684 | if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && | 2690 | if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && | 
| 2685 | alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) | 2691 | alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) | 
| diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 20e66a707c..857d35b5a8 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_pkt.c,v 1.60 2016/11/17 15:06:22 jsing Exp $ */ | 1 | /* $OpenBSD: s3_pkt.c,v 1.61 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -270,9 +270,9 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 270 | * It will return <= 0 if more data is needed, normally due to an error | 270 | * It will return <= 0 if more data is needed, normally due to an error | 
| 271 | * or non-blocking IO. | 271 | * or non-blocking IO. | 
| 272 | * When it finishes, one packet has been decoded and can be found in | 272 | * When it finishes, one packet has been decoded and can be found in | 
| 273 | * ssl->s3->rrec.type - is the type of record | 273 | * ssl->s3->internal->rrec.type - is the type of record | 
| 274 | * ssl->s3->rrec.data, - data | 274 | * ssl->s3->internal->rrec.data, - data | 
| 275 | * ssl->s3->rrec.length, - number of bytes | 275 | * ssl->s3->internal->rrec.length, - number of bytes | 
| 276 | */ | 276 | */ | 
| 277 | /* used only by ssl3_read_bytes */ | 277 | /* used only by ssl3_read_bytes */ | 
| 278 | static int | 278 | static int | 
| @@ -285,7 +285,7 @@ ssl3_get_record(SSL *s) | |||
| 285 | unsigned char md[EVP_MAX_MD_SIZE]; | 285 | unsigned char md[EVP_MAX_MD_SIZE]; | 
| 286 | unsigned mac_size, orig_len; | 286 | unsigned mac_size, orig_len; | 
| 287 | 287 | ||
| 288 | rr = &(s->s3->rrec); | 288 | rr = &(S3I(s)->rrec); | 
| 289 | sess = s->session; | 289 | sess = s->session; | 
| 290 | 290 | ||
| 291 | again: | 291 | again: | 
| @@ -472,10 +472,10 @@ again: | |||
| 472 | /* | 472 | /* | 
| 473 | * So at this point the following is true | 473 | * So at this point the following is true | 
| 474 | * | 474 | * | 
| 475 | * ssl->s3->rrec.type is the type of record | 475 | * ssl->s3->internal->rrec.type is the type of record | 
| 476 | * ssl->s3->rrec.length == number of bytes in record | 476 | * ssl->s3->internal->rrec.length == number of bytes in record | 
| 477 | * ssl->s3->rrec.off == offset to first valid byte | 477 | * ssl->s3->internal->rrec.off == offset to first valid byte | 
| 478 | * ssl->s3->rrec.data == where to take bytes from, increment | 478 | * ssl->s3->internal->rrec.data == where to take bytes from, increment | 
| 479 | * after use :-). | 479 | * after use :-). | 
| 480 | */ | 480 | */ | 
| 481 | 481 | ||
| @@ -510,8 +510,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
| 510 | } | 510 | } | 
| 511 | 511 | ||
| 512 | s->rwstate = SSL_NOTHING; | 512 | s->rwstate = SSL_NOTHING; | 
| 513 | tot = s->s3->wnum; | 513 | tot = S3I(s)->wnum; | 
| 514 | s->s3->wnum = 0; | 514 | S3I(s)->wnum = 0; | 
| 515 | 515 | ||
| 516 | if (SSL_in_init(s) && !s->in_handshake) { | 516 | if (SSL_in_init(s) && !s->in_handshake) { | 
| 517 | i = s->handshake_func(s); | 517 | i = s->handshake_func(s); | 
| @@ -535,7 +535,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
| 535 | 535 | ||
| 536 | i = do_ssl3_write(s, type, &(buf[tot]), nw, 0); | 536 | i = do_ssl3_write(s, type, &(buf[tot]), nw, 0); | 
| 537 | if (i <= 0) { | 537 | if (i <= 0) { | 
| 538 | s->s3->wnum = tot; | 538 | S3I(s)->wnum = tot; | 
| 539 | return i; | 539 | return i; | 
| 540 | } | 540 | } | 
| 541 | 541 | ||
| @@ -546,7 +546,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
| 546 | * empty fragment in ciphersuites with known-IV | 546 | * empty fragment in ciphersuites with known-IV | 
| 547 | * weakness. | 547 | * weakness. | 
| 548 | */ | 548 | */ | 
| 549 | s->s3->empty_fragment_done = 0; | 549 | S3I(s)->empty_fragment_done = 0; | 
| 550 | 550 | ||
| 551 | return tot + i; | 551 | return tot + i; | 
| 552 | } | 552 | } | 
| @@ -593,7 +593,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 593 | if (len == 0 && !create_empty_fragment) | 593 | if (len == 0 && !create_empty_fragment) | 
| 594 | return 0; | 594 | return 0; | 
| 595 | 595 | ||
| 596 | wr = &(s->s3->wrec); | 596 | wr = &(S3I(s)->wrec); | 
| 597 | sess = s->session; | 597 | sess = s->session; | 
| 598 | 598 | ||
| 599 | if ((sess == NULL) || (s->enc_write_ctx == NULL) || | 599 | if ((sess == NULL) || (s->enc_write_ctx == NULL) || | 
| @@ -610,12 +610,12 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 610 | * 'create_empty_fragment' is true only when this function calls | 610 | * 'create_empty_fragment' is true only when this function calls | 
| 611 | * itself. | 611 | * itself. | 
| 612 | */ | 612 | */ | 
| 613 | if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { | 613 | if (!clear && !create_empty_fragment && !S3I(s)->empty_fragment_done) { | 
| 614 | /* | 614 | /* | 
| 615 | * Countermeasure against known-IV weakness in CBC ciphersuites | 615 | * Countermeasure against known-IV weakness in CBC ciphersuites | 
| 616 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) | 616 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) | 
| 617 | */ | 617 | */ | 
| 618 | if (s->s3->need_empty_fragments && | 618 | if (S3I(s)->need_empty_fragments && | 
| 619 | type == SSL3_RT_APPLICATION_DATA) { | 619 | type == SSL3_RT_APPLICATION_DATA) { | 
| 620 | /* recursive function call with 'create_empty_fragment' set; | 620 | /* recursive function call with 'create_empty_fragment' set; | 
| 621 | * this prepares and buffers the data for an empty fragment | 621 | * this prepares and buffers the data for an empty fragment | 
| @@ -634,7 +634,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 634 | } | 634 | } | 
| 635 | } | 635 | } | 
| 636 | 636 | ||
| 637 | s->s3->empty_fragment_done = 1; | 637 | S3I(s)->empty_fragment_done = 1; | 
| 638 | } | 638 | } | 
| 639 | 639 | ||
| 640 | if (create_empty_fragment) { | 640 | if (create_empty_fragment) { | 
| @@ -750,10 +750,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 750 | 750 | ||
| 751 | /* memorize arguments so that ssl3_write_pending can detect | 751 | /* memorize arguments so that ssl3_write_pending can detect | 
| 752 | * bad write retries later */ | 752 | * bad write retries later */ | 
| 753 | s->s3->wpend_tot = len; | 753 | S3I(s)->wpend_tot = len; | 
| 754 | s->s3->wpend_buf = buf; | 754 | S3I(s)->wpend_buf = buf; | 
| 755 | s->s3->wpend_type = type; | 755 | S3I(s)->wpend_type = type; | 
| 756 | s->s3->wpend_ret = len; | 756 | S3I(s)->wpend_ret = len; | 
| 757 | 757 | ||
| 758 | /* we now just need to write the buffer */ | 758 | /* we now just need to write the buffer */ | 
| 759 | return ssl3_write_pending(s, type, buf, len); | 759 | return ssl3_write_pending(s, type, buf, len); | 
| @@ -769,9 +769,9 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 769 | SSL3_BUFFER *wb = &(s->s3->wbuf); | 769 | SSL3_BUFFER *wb = &(s->s3->wbuf); | 
| 770 | 770 | ||
| 771 | /* XXXX */ | 771 | /* XXXX */ | 
| 772 | if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) && | 772 | if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) && | 
| 773 | !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || | 773 | !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || | 
| 774 | (s->s3->wpend_type != type)) { | 774 | (S3I(s)->wpend_type != type)) { | 
| 775 | SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); | 775 | SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); | 
| 776 | return (-1); | 776 | return (-1); | 
| 777 | } | 777 | } | 
| @@ -794,7 +794,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 794 | !SSL_IS_DTLS(s)) | 794 | !SSL_IS_DTLS(s)) | 
| 795 | ssl3_release_write_buffer(s); | 795 | ssl3_release_write_buffer(s); | 
| 796 | s->rwstate = SSL_NOTHING; | 796 | s->rwstate = SSL_NOTHING; | 
| 797 | return (s->s3->wpend_ret); | 797 | return (S3I(s)->wpend_ret); | 
| 798 | } else if (i <= 0) { | 798 | } else if (i <= 0) { | 
| 799 | /* | 799 | /* | 
| 800 | * For DTLS, just drop it. That's kind of the | 800 | * For DTLS, just drop it. That's kind of the | 
| @@ -862,28 +862,28 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | |||
| 862 | } | 862 | } | 
| 863 | 863 | ||
| 864 | if ((type == SSL3_RT_HANDSHAKE) && | 864 | if ((type == SSL3_RT_HANDSHAKE) && | 
| 865 | (s->s3->handshake_fragment_len > 0)) { | 865 | (S3I(s)->handshake_fragment_len > 0)) { | 
| 866 | /* (partially) satisfy request from storage */ | 866 | /* (partially) satisfy request from storage */ | 
| 867 | unsigned char *src = s->s3->handshake_fragment; | 867 | unsigned char *src = S3I(s)->handshake_fragment; | 
| 868 | unsigned char *dst = buf; | 868 | unsigned char *dst = buf; | 
| 869 | unsigned int k; | 869 | unsigned int k; | 
| 870 | 870 | ||
| 871 | /* peek == 0 */ | 871 | /* peek == 0 */ | 
| 872 | n = 0; | 872 | n = 0; | 
| 873 | while ((len > 0) && (s->s3->handshake_fragment_len > 0)) { | 873 | while ((len > 0) && (S3I(s)->handshake_fragment_len > 0)) { | 
| 874 | *dst++ = *src++; | 874 | *dst++ = *src++; | 
| 875 | len--; | 875 | len--; | 
| 876 | s->s3->handshake_fragment_len--; | 876 | S3I(s)->handshake_fragment_len--; | 
| 877 | n++; | 877 | n++; | 
| 878 | } | 878 | } | 
| 879 | /* move any remaining fragment bytes: */ | 879 | /* move any remaining fragment bytes: */ | 
| 880 | for (k = 0; k < s->s3->handshake_fragment_len; k++) | 880 | for (k = 0; k < S3I(s)->handshake_fragment_len; k++) | 
| 881 | s->s3->handshake_fragment[k] = *src++; | 881 | S3I(s)->handshake_fragment[k] = *src++; | 
| 882 | return n; | 882 | return n; | 
| 883 | } | 883 | } | 
| 884 | 884 | ||
| 885 | /* | 885 | /* | 
| 886 | * Now s->s3->handshake_fragment_len == 0 if | 886 | * Now S3I(s)->handshake_fragment_len == 0 if | 
| 887 | * type == SSL3_RT_HANDSHAKE. | 887 | * type == SSL3_RT_HANDSHAKE. | 
| 888 | */ | 888 | */ | 
| 889 | if (!s->in_handshake && SSL_in_init(s)) { | 889 | if (!s->in_handshake && SSL_in_init(s)) { | 
| @@ -921,12 +921,12 @@ start: | |||
| 921 | s->rwstate = SSL_NOTHING; | 921 | s->rwstate = SSL_NOTHING; | 
| 922 | 922 | ||
| 923 | /* | 923 | /* | 
| 924 | * s->s3->rrec.type - is the type of record | 924 | * S3I(s)->rrec.type - is the type of record | 
| 925 | * s->s3->rrec.data, - data | 925 | * S3I(s)->rrec.data, - data | 
| 926 | * s->s3->rrec.off, - offset into 'data' for next read | 926 | * S3I(s)->rrec.off, - offset into 'data' for next read | 
| 927 | * s->s3->rrec.length, - number of bytes. | 927 | * S3I(s)->rrec.length, - number of bytes. | 
| 928 | */ | 928 | */ | 
| 929 | rr = &(s->s3->rrec); | 929 | rr = &(S3I(s)->rrec); | 
| 930 | 930 | ||
| 931 | /* get new packet if necessary */ | 931 | /* get new packet if necessary */ | 
| 932 | if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { | 932 | if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { | 
| @@ -937,7 +937,7 @@ start: | |||
| 937 | 937 | ||
| 938 | /* we now have a packet which can be read and processed */ | 938 | /* we now have a packet which can be read and processed */ | 
| 939 | 939 | ||
| 940 | if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, | 940 | if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec, | 
| 941 | * reset by ssl3_get_finished */ | 941 | * reset by ssl3_get_finished */ | 
| 942 | && (rr->type != SSL3_RT_HANDSHAKE)) { | 942 | && (rr->type != SSL3_RT_HANDSHAKE)) { | 
| 943 | al = SSL_AD_UNEXPECTED_MESSAGE; | 943 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| @@ -1006,13 +1006,13 @@ start: | |||
| 1006 | unsigned int *dest_len = NULL; | 1006 | unsigned int *dest_len = NULL; | 
| 1007 | 1007 | ||
| 1008 | if (rr->type == SSL3_RT_HANDSHAKE) { | 1008 | if (rr->type == SSL3_RT_HANDSHAKE) { | 
| 1009 | dest_maxlen = sizeof s->s3->handshake_fragment; | 1009 | dest_maxlen = sizeof S3I(s)->handshake_fragment; | 
| 1010 | dest = s->s3->handshake_fragment; | 1010 | dest = S3I(s)->handshake_fragment; | 
| 1011 | dest_len = &s->s3->handshake_fragment_len; | 1011 | dest_len = &S3I(s)->handshake_fragment_len; | 
| 1012 | } else if (rr->type == SSL3_RT_ALERT) { | 1012 | } else if (rr->type == SSL3_RT_ALERT) { | 
| 1013 | dest_maxlen = sizeof s->s3->alert_fragment; | 1013 | dest_maxlen = sizeof S3I(s)->alert_fragment; | 
| 1014 | dest = s->s3->alert_fragment; | 1014 | dest = S3I(s)->alert_fragment; | 
| 1015 | dest_len = &s->s3->alert_fragment_len; | 1015 | dest_len = &S3I(s)->alert_fragment_len; | 
| 1016 | } | 1016 | } | 
| 1017 | if (dest_maxlen > 0) { | 1017 | if (dest_maxlen > 0) { | 
| 1018 | /* available space in 'dest' */ | 1018 | /* available space in 'dest' */ | 
| @@ -1031,19 +1031,19 @@ start: | |||
| 1031 | } | 1031 | } | 
| 1032 | } | 1032 | } | 
| 1033 | 1033 | ||
| 1034 | /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; | 1034 | /* S3I(s)->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; | 
| 1035 | * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. | 1035 | * S3I(s)->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. | 
| 1036 | * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ | 1036 | * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ | 
| 1037 | 1037 | ||
| 1038 | /* If we are a client, check for an incoming 'Hello Request': */ | 1038 | /* If we are a client, check for an incoming 'Hello Request': */ | 
| 1039 | if ((!s->server) && (s->s3->handshake_fragment_len >= 4) && | 1039 | if ((!s->server) && (S3I(s)->handshake_fragment_len >= 4) && | 
| 1040 | (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && | 1040 | (S3I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && | 
| 1041 | (s->session != NULL) && (s->session->cipher != NULL)) { | 1041 | (s->session != NULL) && (s->session->cipher != NULL)) { | 
| 1042 | s->s3->handshake_fragment_len = 0; | 1042 | S3I(s)->handshake_fragment_len = 0; | 
| 1043 | 1043 | ||
| 1044 | if ((s->s3->handshake_fragment[1] != 0) || | 1044 | if ((S3I(s)->handshake_fragment[1] != 0) || | 
| 1045 | (s->s3->handshake_fragment[2] != 0) || | 1045 | (S3I(s)->handshake_fragment[2] != 0) || | 
| 1046 | (s->s3->handshake_fragment[3] != 0)) { | 1046 | (S3I(s)->handshake_fragment[3] != 0)) { | 
| 1047 | al = SSL_AD_DECODE_ERROR; | 1047 | al = SSL_AD_DECODE_ERROR; | 
| 1048 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); | 1048 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); | 
| 1049 | goto f_err; | 1049 | goto f_err; | 
| @@ -1051,12 +1051,12 @@ start: | |||
| 1051 | 1051 | ||
| 1052 | if (s->msg_callback) | 1052 | if (s->msg_callback) | 
| 1053 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, | 1053 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, | 
| 1054 | s->s3->handshake_fragment, 4, s, | 1054 | S3I(s)->handshake_fragment, 4, s, | 
| 1055 | s->msg_callback_arg); | 1055 | s->msg_callback_arg); | 
| 1056 | 1056 | ||
| 1057 | if (SSL_is_init_finished(s) && | 1057 | if (SSL_is_init_finished(s) && | 
| 1058 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 1058 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 
| 1059 | !s->s3->renegotiate) { | 1059 | !S3I(s)->renegotiate) { | 
| 1060 | ssl3_renegotiate(s); | 1060 | ssl3_renegotiate(s); | 
| 1061 | if (ssl3_renegotiate_check(s)) { | 1061 | if (ssl3_renegotiate_check(s)) { | 
| 1062 | i = s->handshake_func(s); | 1062 | i = s->handshake_func(s); | 
| @@ -1094,24 +1094,24 @@ start: | |||
| 1094 | */ | 1094 | */ | 
| 1095 | if (s->server && | 1095 | if (s->server && | 
| 1096 | SSL_is_init_finished(s) && | 1096 | SSL_is_init_finished(s) && | 
| 1097 | !s->s3->send_connection_binding && | 1097 | !S3I(s)->send_connection_binding && | 
| 1098 | (s->s3->handshake_fragment_len >= 4) && | 1098 | (S3I(s)->handshake_fragment_len >= 4) && | 
| 1099 | (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && | 1099 | (S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && | 
| 1100 | (s->session != NULL) && (s->session->cipher != NULL)) { | 1100 | (s->session != NULL) && (s->session->cipher != NULL)) { | 
| 1101 | /*s->s3->handshake_fragment_len = 0;*/ | 1101 | /*S3I(s)->handshake_fragment_len = 0;*/ | 
| 1102 | rr->length = 0; | 1102 | rr->length = 0; | 
| 1103 | ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); | 1103 | ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); | 
| 1104 | goto start; | 1104 | goto start; | 
| 1105 | } | 1105 | } | 
| 1106 | if (s->s3->alert_fragment_len >= 2) { | 1106 | if (S3I(s)->alert_fragment_len >= 2) { | 
| 1107 | int alert_level = s->s3->alert_fragment[0]; | 1107 | int alert_level = S3I(s)->alert_fragment[0]; | 
| 1108 | int alert_descr = s->s3->alert_fragment[1]; | 1108 | int alert_descr = S3I(s)->alert_fragment[1]; | 
| 1109 | 1109 | ||
| 1110 | s->s3->alert_fragment_len = 0; | 1110 | S3I(s)->alert_fragment_len = 0; | 
| 1111 | 1111 | ||
| 1112 | if (s->msg_callback) | 1112 | if (s->msg_callback) | 
| 1113 | s->msg_callback(0, s->version, SSL3_RT_ALERT, | 1113 | s->msg_callback(0, s->version, SSL3_RT_ALERT, | 
| 1114 | s->s3->alert_fragment, 2, s, s->msg_callback_arg); | 1114 | S3I(s)->alert_fragment, 2, s, s->msg_callback_arg); | 
| 1115 | 1115 | ||
| 1116 | if (s->info_callback != NULL) | 1116 | if (s->info_callback != NULL) | 
| 1117 | cb = s->info_callback; | 1117 | cb = s->info_callback; | 
| @@ -1124,7 +1124,7 @@ start: | |||
| 1124 | } | 1124 | } | 
| 1125 | 1125 | ||
| 1126 | if (alert_level == SSL3_AL_WARNING) { | 1126 | if (alert_level == SSL3_AL_WARNING) { | 
| 1127 | s->s3->warn_alert = alert_descr; | 1127 | S3I(s)->warn_alert = alert_descr; | 
| 1128 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) { | 1128 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) { | 
| 1129 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | 1129 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | 
| 1130 | return (0); | 1130 | return (0); | 
| @@ -1146,7 +1146,7 @@ start: | |||
| 1146 | } | 1146 | } | 
| 1147 | } else if (alert_level == SSL3_AL_FATAL) { | 1147 | } else if (alert_level == SSL3_AL_FATAL) { | 
| 1148 | s->rwstate = SSL_NOTHING; | 1148 | s->rwstate = SSL_NOTHING; | 
| 1149 | s->s3->fatal_alert = alert_descr; | 1149 | S3I(s)->fatal_alert = alert_descr; | 
| 1150 | SSLerr(SSL_F_SSL3_READ_BYTES, | 1150 | SSLerr(SSL_F_SSL3_READ_BYTES, | 
| 1151 | SSL_AD_REASON_OFFSET + alert_descr); | 1151 | SSL_AD_REASON_OFFSET + alert_descr); | 
| 1152 | ERR_asprintf_error_data("SSL alert number %d", | 1152 | ERR_asprintf_error_data("SSL alert number %d", | 
| @@ -1182,7 +1182,7 @@ start: | |||
| 1182 | } | 1182 | } | 
| 1183 | 1183 | ||
| 1184 | /* Check we have a cipher to change to */ | 1184 | /* Check we have a cipher to change to */ | 
| 1185 | if (s->s3->tmp.new_cipher == NULL) { | 1185 | if (S3I(s)->tmp.new_cipher == NULL) { | 
| 1186 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1186 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| 1187 | SSLerr(SSL_F_SSL3_READ_BYTES, | 1187 | SSLerr(SSL_F_SSL3_READ_BYTES, | 
| 1188 | SSL_R_CCS_RECEIVED_EARLY); | 1188 | SSL_R_CCS_RECEIVED_EARLY); | 
| @@ -1206,7 +1206,7 @@ start: | |||
| 1206 | s->msg_callback_arg); | 1206 | s->msg_callback_arg); | 
| 1207 | } | 1207 | } | 
| 1208 | 1208 | ||
| 1209 | s->s3->change_cipher_spec = 1; | 1209 | S3I(s)->change_cipher_spec = 1; | 
| 1210 | if (!ssl3_do_change_cipher_spec(s)) | 1210 | if (!ssl3_do_change_cipher_spec(s)) | 
| 1211 | goto err; | 1211 | goto err; | 
| 1212 | else | 1212 | else | 
| @@ -1214,7 +1214,7 @@ start: | |||
| 1214 | } | 1214 | } | 
| 1215 | 1215 | ||
| 1216 | /* Unexpected handshake message (Client Hello, or protocol violation) */ | 1216 | /* Unexpected handshake message (Client Hello, or protocol violation) */ | 
| 1217 | if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { | 1217 | if ((S3I(s)->handshake_fragment_len >= 4) && !s->in_handshake) { | 
| 1218 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | 1218 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | 
| 1219 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { | 1219 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { | 
| 1220 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; | 1220 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; | 
| @@ -1278,15 +1278,15 @@ start: | |||
| 1278 | * at this point (session renegotiation not yet started), | 1278 | * at this point (session renegotiation not yet started), | 
| 1279 | * we will indulge it. | 1279 | * we will indulge it. | 
| 1280 | */ | 1280 | */ | 
| 1281 | if (s->s3->in_read_app_data && | 1281 | if (S3I(s)->in_read_app_data && | 
| 1282 | (s->s3->total_renegotiations != 0) && | 1282 | (S3I(s)->total_renegotiations != 0) && | 
| 1283 | (((s->state & SSL_ST_CONNECT) && | 1283 | (((s->state & SSL_ST_CONNECT) && | 
| 1284 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | 1284 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | 
| 1285 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || | 1285 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || | 
| 1286 | ((s->state & SSL_ST_ACCEPT) && | 1286 | ((s->state & SSL_ST_ACCEPT) && | 
| 1287 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | 1287 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | 
| 1288 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { | 1288 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { | 
| 1289 | s->s3->in_read_app_data = 2; | 1289 | S3I(s)->in_read_app_data = 2; | 
| 1290 | return (-1); | 1290 | return (-1); | 
| 1291 | } else { | 1291 | } else { | 
| 1292 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1292 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| @@ -1314,7 +1314,7 @@ ssl3_do_change_cipher_spec(SSL *s) | |||
| 1314 | else | 1314 | else | 
| 1315 | i = SSL3_CHANGE_CIPHER_CLIENT_READ; | 1315 | i = SSL3_CHANGE_CIPHER_CLIENT_READ; | 
| 1316 | 1316 | ||
| 1317 | if (s->s3->tmp.key_block == NULL) { | 1317 | if (S3I(s)->tmp.key_block == NULL) { | 
| 1318 | if (s->session == NULL || s->session->master_key_length == 0) { | 1318 | if (s->session == NULL || s->session->master_key_length == 0) { | 
| 1319 | /* might happen if dtls1_read_bytes() calls this */ | 1319 | /* might happen if dtls1_read_bytes() calls this */ | 
| 1320 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, | 1320 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, | 
| @@ -1322,7 +1322,7 @@ ssl3_do_change_cipher_spec(SSL *s) | |||
| 1322 | return (0); | 1322 | return (0); | 
| 1323 | } | 1323 | } | 
| 1324 | 1324 | ||
| 1325 | s->session->cipher = s->s3->tmp.new_cipher; | 1325 | s->session->cipher = S3I(s)->tmp.new_cipher; | 
| 1326 | if (!s->method->ssl3_enc->setup_key_block(s)) | 1326 | if (!s->method->ssl3_enc->setup_key_block(s)) | 
| 1327 | return (0); | 1327 | return (0); | 
| 1328 | } | 1328 | } | 
| @@ -1342,12 +1342,12 @@ ssl3_do_change_cipher_spec(SSL *s) | |||
| 1342 | } | 1342 | } | 
| 1343 | 1343 | ||
| 1344 | i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, | 1344 | i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, | 
| 1345 | s->s3->tmp.peer_finish_md); | 1345 | S3I(s)->tmp.peer_finish_md); | 
| 1346 | if (i == 0) { | 1346 | if (i == 0) { | 
| 1347 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); | 1347 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); | 
| 1348 | return 0; | 1348 | return 0; | 
| 1349 | } | 1349 | } | 
| 1350 | s->s3->tmp.peer_finish_md_len = i; | 1350 | S3I(s)->tmp.peer_finish_md_len = i; | 
| 1351 | 1351 | ||
| 1352 | return (1); | 1352 | return (1); | 
| 1353 | } | 1353 | } | 
| diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 7912206785..099537f7ea 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.140 2017/01/22 07:16:39 beck Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.141 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -247,7 +247,7 @@ ssl3_accept(SSL *s) | |||
| 247 | 247 | ||
| 248 | s->state = SSL3_ST_SR_CLNT_HELLO_A; | 248 | s->state = SSL3_ST_SR_CLNT_HELLO_A; | 
| 249 | s->ctx->stats.sess_accept++; | 249 | s->ctx->stats.sess_accept++; | 
| 250 | } else if (!s->s3->send_connection_binding) { | 250 | } else if (!S3I(s)->send_connection_binding) { | 
| 251 | /* | 251 | /* | 
| 252 | * Server attempting to renegotiate with | 252 | * Server attempting to renegotiate with | 
| 253 | * client that doesn't support secure | 253 | * client that doesn't support secure | 
| @@ -276,7 +276,7 @@ ssl3_accept(SSL *s) | |||
| 276 | ret = ssl3_send_hello_request(s); | 276 | ret = ssl3_send_hello_request(s); | 
| 277 | if (ret <= 0) | 277 | if (ret <= 0) | 
| 278 | goto end; | 278 | goto end; | 
| 279 | s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C; | 279 | S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C; | 
| 280 | s->state = SSL3_ST_SW_FLUSH; | 280 | s->state = SSL3_ST_SW_FLUSH; | 
| 281 | s->init_num = 0; | 281 | s->init_num = 0; | 
| 282 | 282 | ||
| @@ -325,7 +325,7 @@ ssl3_accept(SSL *s) | |||
| 325 | case SSL3_ST_SW_CERT_A: | 325 | case SSL3_ST_SW_CERT_A: | 
| 326 | case SSL3_ST_SW_CERT_B: | 326 | case SSL3_ST_SW_CERT_B: | 
| 327 | /* Check if it is anon DH or anon ECDH. */ | 327 | /* Check if it is anon DH or anon ECDH. */ | 
| 328 | if (!(s->s3->tmp.new_cipher->algorithm_auth & | 328 | if (!(S3I(s)->tmp.new_cipher->algorithm_auth & | 
| 329 | SSL_aNULL)) { | 329 | SSL_aNULL)) { | 
| 330 | ret = ssl3_send_server_certificate(s); | 330 | ret = ssl3_send_server_certificate(s); | 
| 331 | if (ret <= 0) | 331 | if (ret <= 0) | 
| @@ -343,7 +343,7 @@ ssl3_accept(SSL *s) | |||
| 343 | 343 | ||
| 344 | case SSL3_ST_SW_KEY_EXCH_A: | 344 | case SSL3_ST_SW_KEY_EXCH_A: | 
| 345 | case SSL3_ST_SW_KEY_EXCH_B: | 345 | case SSL3_ST_SW_KEY_EXCH_B: | 
| 346 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 346 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 347 | 347 | ||
| 348 | /* | 348 | /* | 
| 349 | * Only send if using a DH key exchange. | 349 | * Only send if using a DH key exchange. | 
| @@ -386,21 +386,21 @@ ssl3_accept(SSL *s) | |||
| 386 | if (!(s->verify_mode & SSL_VERIFY_PEER) || | 386 | if (!(s->verify_mode & SSL_VERIFY_PEER) || | 
| 387 | ((s->session->peer != NULL) && | 387 | ((s->session->peer != NULL) && | 
| 388 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | 388 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | 
| 389 | ((s->s3->tmp.new_cipher->algorithm_auth & | 389 | ((S3I(s)->tmp.new_cipher->algorithm_auth & | 
| 390 | SSL_aNULL) && !(s->verify_mode & | 390 | SSL_aNULL) && !(s->verify_mode & | 
| 391 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { | 391 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { | 
| 392 | /* No cert request */ | 392 | /* No cert request */ | 
| 393 | skip = 1; | 393 | skip = 1; | 
| 394 | s->s3->tmp.cert_request = 0; | 394 | S3I(s)->tmp.cert_request = 0; | 
| 395 | s->state = SSL3_ST_SW_SRVR_DONE_A; | 395 | s->state = SSL3_ST_SW_SRVR_DONE_A; | 
| 396 | if (s->s3->handshake_buffer) { | 396 | if (S3I(s)->handshake_buffer) { | 
| 397 | if (!tls1_digest_cached_records(s)) { | 397 | if (!tls1_digest_cached_records(s)) { | 
| 398 | ret = -1; | 398 | ret = -1; | 
| 399 | goto end; | 399 | goto end; | 
| 400 | } | 400 | } | 
| 401 | } | 401 | } | 
| 402 | } else { | 402 | } else { | 
| 403 | s->s3->tmp.cert_request = 1; | 403 | S3I(s)->tmp.cert_request = 1; | 
| 404 | ret = ssl3_send_certificate_request(s); | 404 | ret = ssl3_send_certificate_request(s); | 
| 405 | if (ret <= 0) | 405 | if (ret <= 0) | 
| 406 | goto end; | 406 | goto end; | 
| @@ -414,7 +414,7 @@ ssl3_accept(SSL *s) | |||
| 414 | ret = ssl3_send_server_done(s); | 414 | ret = ssl3_send_server_done(s); | 
| 415 | if (ret <= 0) | 415 | if (ret <= 0) | 
| 416 | goto end; | 416 | goto end; | 
| 417 | s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; | 417 | S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; | 
| 418 | s->state = SSL3_ST_SW_FLUSH; | 418 | s->state = SSL3_ST_SW_FLUSH; | 
| 419 | s->init_num = 0; | 419 | s->init_num = 0; | 
| 420 | break; | 420 | break; | 
| @@ -439,12 +439,12 @@ ssl3_accept(SSL *s) | |||
| 439 | } | 439 | } | 
| 440 | s->rwstate = SSL_NOTHING; | 440 | s->rwstate = SSL_NOTHING; | 
| 441 | 441 | ||
| 442 | s->state = s->s3->tmp.next_state; | 442 | s->state = S3I(s)->tmp.next_state; | 
| 443 | break; | 443 | break; | 
| 444 | 444 | ||
| 445 | case SSL3_ST_SR_CERT_A: | 445 | case SSL3_ST_SR_CERT_A: | 
| 446 | case SSL3_ST_SR_CERT_B: | 446 | case SSL3_ST_SR_CERT_B: | 
| 447 | if (s->s3->tmp.cert_request) { | 447 | if (S3I(s)->tmp.cert_request) { | 
| 448 | ret = ssl3_get_client_certificate(s); | 448 | ret = ssl3_get_client_certificate(s); | 
| 449 | if (ret <= 0) | 449 | if (ret <= 0) | 
| 450 | goto end; | 450 | goto end; | 
| @@ -458,7 +458,7 @@ ssl3_accept(SSL *s) | |||
| 458 | ret = ssl3_get_client_key_exchange(s); | 458 | ret = ssl3_get_client_key_exchange(s); | 
| 459 | if (ret <= 0) | 459 | if (ret <= 0) | 
| 460 | goto end; | 460 | goto end; | 
| 461 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 461 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 462 | if (ret == 2) { | 462 | if (ret == 2) { | 
| 463 | /* | 463 | /* | 
| 464 | * For the ECDH ciphersuites when | 464 | * For the ECDH ciphersuites when | 
| @@ -469,7 +469,7 @@ ssl3_accept(SSL *s) | |||
| 469 | * the client uses its key from the certificate | 469 | * the client uses its key from the certificate | 
| 470 | * for key exchange. | 470 | * for key exchange. | 
| 471 | */ | 471 | */ | 
| 472 | if (s->s3->next_proto_neg_seen) | 472 | if (S3I(s)->next_proto_neg_seen) | 
| 473 | s->state = SSL3_ST_SR_NEXT_PROTO_A; | 473 | s->state = SSL3_ST_SR_NEXT_PROTO_A; | 
| 474 | else | 474 | else | 
| 475 | s->state = SSL3_ST_SR_FINISHED_A; | 475 | s->state = SSL3_ST_SR_FINISHED_A; | 
| @@ -483,7 +483,7 @@ ssl3_accept(SSL *s) | |||
| 483 | * For sigalgs freeze the handshake buffer | 483 | * For sigalgs freeze the handshake buffer | 
| 484 | * at this point and digest cached records. | 484 | * at this point and digest cached records. | 
| 485 | */ | 485 | */ | 
| 486 | if (!s->s3->handshake_buffer) { | 486 | if (!S3I(s)->handshake_buffer) { | 
| 487 | SSLerr(SSL_F_SSL3_ACCEPT, | 487 | SSLerr(SSL_F_SSL3_ACCEPT, | 
| 488 | ERR_R_INTERNAL_ERROR); | 488 | ERR_R_INTERNAL_ERROR); | 
| 489 | ret = -1; | 489 | ret = -1; | 
| @@ -508,7 +508,7 @@ ssl3_accept(SSL *s) | |||
| 508 | * CertificateVerify should be generalized. | 508 | * CertificateVerify should be generalized. | 
| 509 | * But it is next step | 509 | * But it is next step | 
| 510 | */ | 510 | */ | 
| 511 | if (s->s3->handshake_buffer) { | 511 | if (S3I(s)->handshake_buffer) { | 
| 512 | if (!tls1_digest_cached_records(s)) { | 512 | if (!tls1_digest_cached_records(s)) { | 
| 513 | ret = -1; | 513 | ret = -1; | 
| 514 | goto end; | 514 | goto end; | 
| @@ -516,15 +516,15 @@ ssl3_accept(SSL *s) | |||
| 516 | } | 516 | } | 
| 517 | for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; | 517 | for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; | 
| 518 | dgst_num++) | 518 | dgst_num++) | 
| 519 | if (s->s3->handshake_dgst[dgst_num]) { | 519 | if (S3I(s)->handshake_dgst[dgst_num]) { | 
| 520 | int dgst_size; | 520 | int dgst_size; | 
| 521 | 521 | ||
| 522 | s->method->ssl3_enc->cert_verify_mac(s, | 522 | s->method->ssl3_enc->cert_verify_mac(s, | 
| 523 | EVP_MD_CTX_type( | 523 | EVP_MD_CTX_type( | 
| 524 | s->s3->handshake_dgst[dgst_num]), | 524 | S3I(s)->handshake_dgst[dgst_num]), | 
| 525 | &(s->s3->tmp.cert_verify_md[offset])); | 525 | &(S3I(s)->tmp.cert_verify_md[offset])); | 
| 526 | dgst_size = EVP_MD_CTX_size( | 526 | dgst_size = EVP_MD_CTX_size( | 
| 527 | s->s3->handshake_dgst[dgst_num]); | 527 | S3I(s)->handshake_dgst[dgst_num]); | 
| 528 | if (dgst_size < 0) { | 528 | if (dgst_size < 0) { | 
| 529 | ret = -1; | 529 | ret = -1; | 
| 530 | goto end; | 530 | goto end; | 
| @@ -543,7 +543,7 @@ ssl3_accept(SSL *s) | |||
| 543 | if (ret <= 0) | 543 | if (ret <= 0) | 
| 544 | goto end; | 544 | goto end; | 
| 545 | 545 | ||
| 546 | if (s->s3->next_proto_neg_seen) | 546 | if (S3I(s)->next_proto_neg_seen) | 
| 547 | s->state = SSL3_ST_SR_NEXT_PROTO_A; | 547 | s->state = SSL3_ST_SR_NEXT_PROTO_A; | 
| 548 | else | 548 | else | 
| 549 | s->state = SSL3_ST_SR_FINISHED_A; | 549 | s->state = SSL3_ST_SR_FINISHED_A; | 
| @@ -597,7 +597,7 @@ ssl3_accept(SSL *s) | |||
| 597 | case SSL3_ST_SW_CHANGE_A: | 597 | case SSL3_ST_SW_CHANGE_A: | 
| 598 | case SSL3_ST_SW_CHANGE_B: | 598 | case SSL3_ST_SW_CHANGE_B: | 
| 599 | 599 | ||
| 600 | s->session->cipher = s->s3->tmp.new_cipher; | 600 | s->session->cipher = S3I(s)->tmp.new_cipher; | 
| 601 | if (!s->method->ssl3_enc->setup_key_block(s)) { | 601 | if (!s->method->ssl3_enc->setup_key_block(s)) { | 
| 602 | ret = -1; | 602 | ret = -1; | 
| 603 | goto end; | 603 | goto end; | 
| @@ -629,15 +629,15 @@ ssl3_accept(SSL *s) | |||
| 629 | goto end; | 629 | goto end; | 
| 630 | s->state = SSL3_ST_SW_FLUSH; | 630 | s->state = SSL3_ST_SW_FLUSH; | 
| 631 | if (s->hit) { | 631 | if (s->hit) { | 
| 632 | if (s->s3->next_proto_neg_seen) { | 632 | if (S3I(s)->next_proto_neg_seen) { | 
| 633 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | 633 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | 
| 634 | s->s3->tmp.next_state = | 634 | S3I(s)->tmp.next_state = | 
| 635 | SSL3_ST_SR_NEXT_PROTO_A; | 635 | SSL3_ST_SR_NEXT_PROTO_A; | 
| 636 | } else | 636 | } else | 
| 637 | s->s3->tmp.next_state = | 637 | S3I(s)->tmp.next_state = | 
| 638 | SSL3_ST_SR_FINISHED_A; | 638 | SSL3_ST_SR_FINISHED_A; | 
| 639 | } else | 639 | } else | 
| 640 | s->s3->tmp.next_state = SSL_ST_OK; | 640 | S3I(s)->tmp.next_state = SSL_ST_OK; | 
| 641 | s->init_num = 0; | 641 | s->init_num = 0; | 
| 642 | break; | 642 | break; | 
| 643 | 643 | ||
| @@ -680,7 +680,7 @@ ssl3_accept(SSL *s) | |||
| 680 | /* break; */ | 680 | /* break; */ | 
| 681 | } | 681 | } | 
| 682 | 682 | ||
| 683 | if (!s->s3->tmp.reuse_message && !skip) { | 683 | if (!S3I(s)->tmp.reuse_message && !skip) { | 
| 684 | if (s->debug) { | 684 | if (s->debug) { | 
| 685 | if ((ret = BIO_flush(s->wbio)) <= 0) | 685 | if ((ret = BIO_flush(s->wbio)) <= 0) | 
| 686 | goto end; | 686 | goto end; | 
| @@ -1039,12 +1039,12 @@ ssl3_get_client_hello(SSL *s) | |||
| 1039 | SSL_R_NO_SHARED_CIPHER); | 1039 | SSL_R_NO_SHARED_CIPHER); | 
| 1040 | goto f_err; | 1040 | goto f_err; | 
| 1041 | } | 1041 | } | 
| 1042 | s->s3->tmp.new_cipher = c; | 1042 | S3I(s)->tmp.new_cipher = c; | 
| 1043 | } else { | 1043 | } else { | 
| 1044 | s->s3->tmp.new_cipher = s->session->cipher; | 1044 | S3I(s)->tmp.new_cipher = s->session->cipher; | 
| 1045 | } | 1045 | } | 
| 1046 | 1046 | ||
| 1047 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 1047 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 1048 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || | 1048 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || | 
| 1049 | !(s->verify_mode & SSL_VERIFY_PEER)) { | 1049 | !(s->verify_mode & SSL_VERIFY_PEER)) { | 
| 1050 | if (!tls1_digest_cached_records(s)) { | 1050 | if (!tls1_digest_cached_records(s)) { | 
| @@ -1147,7 +1147,7 @@ ssl3_send_server_hello(SSL *s) | |||
| 1147 | 1147 | ||
| 1148 | /* Cipher suite. */ | 1148 | /* Cipher suite. */ | 
| 1149 | if (!CBB_add_u16(&cbb, | 1149 | if (!CBB_add_u16(&cbb, | 
| 1150 | ssl3_cipher_get_value(s->s3->tmp.new_cipher))) | 1150 | ssl3_cipher_get_value(S3I(s)->tmp.new_cipher))) | 
| 1151 | goto err; | 1151 | goto err; | 
| 1152 | 1152 | ||
| 1153 | /* Compression method. */ | 1153 | /* Compression method. */ | 
| @@ -1210,7 +1210,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) | |||
| 1210 | 1210 | ||
| 1211 | if (dhp == NULL && s->cert->dh_tmp_cb != NULL) | 1211 | if (dhp == NULL && s->cert->dh_tmp_cb != NULL) | 
| 1212 | dhp = s->cert->dh_tmp_cb(s, 0, | 1212 | dhp = s->cert->dh_tmp_cb(s, 0, | 
| 1213 | SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); | 1213 | SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher)); | 
| 1214 | 1214 | ||
| 1215 | if (dhp == NULL) { | 1215 | if (dhp == NULL) { | 
| 1216 | al = SSL_AD_HANDSHAKE_FAILURE; | 1216 | al = SSL_AD_HANDSHAKE_FAILURE; | 
| @@ -1219,7 +1219,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) | |||
| 1219 | goto f_err; | 1219 | goto f_err; | 
| 1220 | } | 1220 | } | 
| 1221 | 1221 | ||
| 1222 | if (s->s3->tmp.dh != NULL) { | 1222 | if (S3I(s)->tmp.dh != NULL) { | 
| 1223 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | 1223 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | 
| 1224 | ERR_R_INTERNAL_ERROR); | 1224 | ERR_R_INTERNAL_ERROR); | 
| 1225 | goto err; | 1225 | goto err; | 
| @@ -1231,7 +1231,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) | |||
| 1231 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); | 1231 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); | 
| 1232 | goto err; | 1232 | goto err; | 
| 1233 | } | 1233 | } | 
| 1234 | s->s3->tmp.dh = dh; | 1234 | S3I(s)->tmp.dh = dh; | 
| 1235 | if (!DH_generate_key(dh)) { | 1235 | if (!DH_generate_key(dh)) { | 
| 1236 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); | 1236 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); | 
| 1237 | goto err; | 1237 | goto err; | 
| @@ -1288,7 +1288,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) | |||
| 1288 | ecdhp = EC_KEY_new_by_curve_name(nid); | 1288 | ecdhp = EC_KEY_new_by_curve_name(nid); | 
| 1289 | } else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) { | 1289 | } else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) { | 
| 1290 | ecdhp = s->cert->ecdh_tmp_cb(s, 0, | 1290 | ecdhp = s->cert->ecdh_tmp_cb(s, 0, | 
| 1291 | SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); | 1291 | SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher)); | 
| 1292 | } | 1292 | } | 
| 1293 | if (ecdhp == NULL) { | 1293 | if (ecdhp == NULL) { | 
| 1294 | al = SSL_AD_HANDSHAKE_FAILURE; | 1294 | al = SSL_AD_HANDSHAKE_FAILURE; | 
| @@ -1297,7 +1297,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) | |||
| 1297 | goto f_err; | 1297 | goto f_err; | 
| 1298 | } | 1298 | } | 
| 1299 | 1299 | ||
| 1300 | if (s->s3->tmp.ecdh != NULL) { | 1300 | if (S3I(s)->tmp.ecdh != NULL) { | 
| 1301 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | 1301 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | 
| 1302 | ERR_R_INTERNAL_ERROR); | 1302 | ERR_R_INTERNAL_ERROR); | 
| 1303 | goto err; | 1303 | goto err; | 
| @@ -1311,7 +1311,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) | |||
| 1311 | ERR_R_ECDH_LIB); | 1311 | ERR_R_ECDH_LIB); | 
| 1312 | goto err; | 1312 | goto err; | 
| 1313 | } | 1313 | } | 
| 1314 | s->s3->tmp.ecdh = ecdh; | 1314 | S3I(s)->tmp.ecdh = ecdh; | 
| 1315 | 1315 | ||
| 1316 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || | 1316 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || | 
| 1317 | (EC_KEY_get0_private_key(ecdh) == NULL) || | 1317 | (EC_KEY_get0_private_key(ecdh) == NULL) || | 
| @@ -1413,16 +1413,16 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb) | |||
| 1413 | int ret = -1; | 1413 | int ret = -1; | 
| 1414 | 1414 | ||
| 1415 | /* Generate an X25519 key pair. */ | 1415 | /* Generate an X25519 key pair. */ | 
| 1416 | if (s->s3->tmp.x25519 != NULL) { | 1416 | if (S3I(s)->tmp.x25519 != NULL) { | 
| 1417 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | 1417 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | 
| 1418 | ERR_R_INTERNAL_ERROR); | 1418 | ERR_R_INTERNAL_ERROR); | 
| 1419 | goto err; | 1419 | goto err; | 
| 1420 | } | 1420 | } | 
| 1421 | if ((s->s3->tmp.x25519 = malloc(X25519_KEY_LENGTH)) == NULL) | 1421 | if ((S3I(s)->tmp.x25519 = malloc(X25519_KEY_LENGTH)) == NULL) | 
| 1422 | goto err; | 1422 | goto err; | 
| 1423 | if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) | 1423 | if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) | 
| 1424 | goto err; | 1424 | goto err; | 
| 1425 | X25519_keypair(public_key, s->s3->tmp.x25519); | 1425 | X25519_keypair(public_key, S3I(s)->tmp.x25519); | 
| 1426 | 1426 | ||
| 1427 | /* Serialize public key. */ | 1427 | /* Serialize public key. */ | 
| 1428 | if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { | 1428 | if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { | 
| @@ -1488,7 +1488,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1488 | 1488 | ||
| 1489 | EVP_MD_CTX_init(&md_ctx); | 1489 | EVP_MD_CTX_init(&md_ctx); | 
| 1490 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) { | 1490 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) { | 
| 1491 | type = s->s3->tmp.new_cipher->algorithm_mkey; | 1491 | type = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 1492 | cert = s->cert; | 1492 | cert = s->cert; | 
| 1493 | 1493 | ||
| 1494 | buf = s->init_buf; | 1494 | buf = s->init_buf; | 
| @@ -1512,9 +1512,9 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1512 | if (!CBB_finish(&cbb, ¶ms, ¶ms_len)) | 1512 | if (!CBB_finish(&cbb, ¶ms, ¶ms_len)) | 
| 1513 | goto err; | 1513 | goto err; | 
| 1514 | 1514 | ||
| 1515 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) { | 1515 | if (!(S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL)) { | 
| 1516 | if ((pkey = ssl_get_sign_pkey( | 1516 | if ((pkey = ssl_get_sign_pkey( | 
| 1517 | s, s->s3->tmp.new_cipher, &md)) == NULL) { | 1517 | s, S3I(s)->tmp.new_cipher, &md)) == NULL) { | 
| 1518 | al = SSL_AD_DECODE_ERROR; | 1518 | al = SSL_AD_DECODE_ERROR; | 
| 1519 | goto f_err; | 1519 | goto f_err; | 
| 1520 | } | 1520 | } | 
| @@ -1837,13 +1837,13 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n) | |||
| 1837 | if (CBS_len(&cbs) != 0) | 1837 | if (CBS_len(&cbs) != 0) | 
| 1838 | goto truncated; | 1838 | goto truncated; | 
| 1839 | 1839 | ||
| 1840 | if (s->s3->tmp.dh == NULL) { | 1840 | if (S3I(s)->tmp.dh == NULL) { | 
| 1841 | al = SSL_AD_HANDSHAKE_FAILURE; | 1841 | al = SSL_AD_HANDSHAKE_FAILURE; | 
| 1842 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1842 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 
| 1843 | SSL_R_MISSING_TMP_DH_KEY); | 1843 | SSL_R_MISSING_TMP_DH_KEY); | 
| 1844 | goto f_err; | 1844 | goto f_err; | 
| 1845 | } | 1845 | } | 
| 1846 | dh = s->s3->tmp.dh; | 1846 | dh = S3I(s)->tmp.dh; | 
| 1847 | 1847 | ||
| 1848 | if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) { | 1848 | if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) { | 
| 1849 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1849 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 
| @@ -1864,8 +1864,8 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n) | |||
| 1864 | 1864 | ||
| 1865 | explicit_bzero(p, key_size); | 1865 | explicit_bzero(p, key_size); | 
| 1866 | 1866 | ||
| 1867 | DH_free(s->s3->tmp.dh); | 1867 | DH_free(S3I(s)->tmp.dh); | 
| 1868 | s->s3->tmp.dh = NULL; | 1868 | S3I(s)->tmp.dh = NULL; | 
| 1869 | 1869 | ||
| 1870 | BN_clear_free(bn); | 1870 | BN_clear_free(bn); | 
| 1871 | 1871 | ||
| @@ -1906,7 +1906,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) | |||
| 1906 | * Use the ephemeral values we saved when | 1906 | * Use the ephemeral values we saved when | 
| 1907 | * generating the ServerKeyExchange message. | 1907 | * generating the ServerKeyExchange message. | 
| 1908 | */ | 1908 | */ | 
| 1909 | tkey = s->s3->tmp.ecdh; | 1909 | tkey = S3I(s)->tmp.ecdh; | 
| 1910 | 1910 | ||
| 1911 | group = EC_KEY_get0_group(tkey); | 1911 | group = EC_KEY_get0_group(tkey); | 
| 1912 | priv_key = EC_KEY_get0_private_key(tkey); | 1912 | priv_key = EC_KEY_get0_private_key(tkey); | 
| @@ -2008,8 +2008,8 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) | |||
| 2008 | EC_POINT_free(clnt_ecpoint); | 2008 | EC_POINT_free(clnt_ecpoint); | 
| 2009 | EC_KEY_free(srvr_ecdh); | 2009 | EC_KEY_free(srvr_ecdh); | 
| 2010 | BN_CTX_free(bn_ctx); | 2010 | BN_CTX_free(bn_ctx); | 
| 2011 | EC_KEY_free(s->s3->tmp.ecdh); | 2011 | EC_KEY_free(S3I(s)->tmp.ecdh); | 
| 2012 | s->s3->tmp.ecdh = NULL; | 2012 | S3I(s)->tmp.ecdh = NULL; | 
| 2013 | 2013 | ||
| 2014 | /* Compute the master secret */ | 2014 | /* Compute the master secret */ | 
| 2015 | s->session->master_key_length = | 2015 | s->session->master_key_length = | 
| @@ -2047,12 +2047,12 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, unsigned char *p, long n) | |||
| 2047 | 2047 | ||
| 2048 | if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) | 2048 | if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) | 
| 2049 | goto err; | 2049 | goto err; | 
| 2050 | if (!X25519(shared_key, s->s3->tmp.x25519, CBS_data(&ecpoint))) | 2050 | if (!X25519(shared_key, S3I(s)->tmp.x25519, CBS_data(&ecpoint))) | 
| 2051 | goto err; | 2051 | goto err; | 
| 2052 | 2052 | ||
| 2053 | explicit_bzero(s->s3->tmp.x25519, X25519_KEY_LENGTH); | 2053 | explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); | 
| 2054 | free(s->s3->tmp.x25519); | 2054 | free(S3I(s)->tmp.x25519); | 
| 2055 | s->s3->tmp.x25519 = NULL; | 2055 | S3I(s)->tmp.x25519 = NULL; | 
| 2056 | 2056 | ||
| 2057 | s->session->master_key_length = | 2057 | s->session->master_key_length = | 
| 2058 | s->method->ssl3_enc->generate_master_secret( | 2058 | s->method->ssl3_enc->generate_master_secret( | 
| @@ -2071,7 +2071,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, unsigned char *p, long n) | |||
| 2071 | static int | 2071 | static int | 
| 2072 | ssl3_get_client_kex_ecdhe(SSL *s, unsigned char *p, long n) | 2072 | ssl3_get_client_kex_ecdhe(SSL *s, unsigned char *p, long n) | 
| 2073 | { | 2073 | { | 
| 2074 | if (s->s3->tmp.x25519 != NULL) | 2074 | if (S3I(s)->tmp.x25519 != NULL) | 
| 2075 | return ssl3_get_client_kex_ecdhe_ecx(s, p, n); | 2075 | return ssl3_get_client_kex_ecdhe_ecx(s, p, n); | 
| 2076 | 2076 | ||
| 2077 | return ssl3_get_client_kex_ecdhe_ecp(s, p, n); | 2077 | return ssl3_get_client_kex_ecdhe_ecp(s, p, n); | 
| @@ -2092,7 +2092,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n) | |||
| 2092 | int ret = 0; | 2092 | int ret = 0; | 
| 2093 | 2093 | ||
| 2094 | /* Get our certificate private key*/ | 2094 | /* Get our certificate private key*/ | 
| 2095 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 2095 | alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 
| 2096 | if (alg_a & SSL_aGOST01) | 2096 | if (alg_a & SSL_aGOST01) | 
| 2097 | pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; | 2097 | pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; | 
| 2098 | 2098 | ||
| @@ -2171,7 +2171,7 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 2171 | 2171 | ||
| 2172 | p = (unsigned char *)s->init_msg; | 2172 | p = (unsigned char *)s->init_msg; | 
| 2173 | 2173 | ||
| 2174 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 2174 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 2175 | 2175 | ||
| 2176 | if (alg_k & SSL_kRSA) { | 2176 | if (alg_k & SSL_kRSA) { | 
| 2177 | if (ssl3_get_client_kex_rsa(s, p, n) != 1) | 2177 | if (ssl3_get_client_kex_rsa(s, p, n) != 1) | 
| @@ -2227,8 +2227,8 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2227 | pkey = NULL; | 2227 | pkey = NULL; | 
| 2228 | } | 2228 | } | 
| 2229 | 2229 | ||
| 2230 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { | 2230 | if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { | 
| 2231 | s->s3->tmp.reuse_message = 1; | 2231 | S3I(s)->tmp.reuse_message = 1; | 
| 2232 | if (peer != NULL) { | 2232 | if (peer != NULL) { | 
| 2233 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2233 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| 2234 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2234 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 
| @@ -2253,7 +2253,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2253 | goto f_err; | 2253 | goto f_err; | 
| 2254 | } | 2254 | } | 
| 2255 | 2255 | ||
| 2256 | if (s->s3->change_cipher_spec) { | 2256 | if (S3I(s)->change_cipher_spec) { | 
| 2257 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2257 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 
| 2258 | SSL_R_CCS_RECEIVED_EARLY); | 2258 | SSL_R_CCS_RECEIVED_EARLY); | 
| 2259 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2259 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| @@ -2318,7 +2318,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2318 | if (SSL_USE_SIGALGS(s)) { | 2318 | if (SSL_USE_SIGALGS(s)) { | 
| 2319 | long hdatalen = 0; | 2319 | long hdatalen = 0; | 
| 2320 | void *hdata; | 2320 | void *hdata; | 
| 2321 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); | 2321 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); | 
| 2322 | if (hdatalen <= 0) { | 2322 | if (hdatalen <= 0) { | 
| 2323 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2323 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 
| 2324 | ERR_R_INTERNAL_ERROR); | 2324 | ERR_R_INTERNAL_ERROR); | 
| @@ -2341,7 +2341,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2341 | } | 2341 | } | 
| 2342 | } else | 2342 | } else | 
| 2343 | if (pkey->type == EVP_PKEY_RSA) { | 2343 | if (pkey->type == EVP_PKEY_RSA) { | 
| 2344 | i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, | 2344 | i = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md, | 
| 2345 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i, | 2345 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i, | 
| 2346 | pkey->pkey.rsa); | 2346 | pkey->pkey.rsa); | 
| 2347 | if (i < 0) { | 2347 | if (i < 0) { | 
| @@ -2359,7 +2359,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2359 | } else | 2359 | } else | 
| 2360 | if (pkey->type == EVP_PKEY_DSA) { | 2360 | if (pkey->type == EVP_PKEY_DSA) { | 
| 2361 | j = DSA_verify(pkey->save_type, | 2361 | j = DSA_verify(pkey->save_type, | 
| 2362 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | 2362 | &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | 
| 2363 | SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa); | 2363 | SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa); | 
| 2364 | if (j <= 0) { | 2364 | if (j <= 0) { | 
| 2365 | /* bad signature */ | 2365 | /* bad signature */ | 
| @@ -2371,7 +2371,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2371 | } else | 2371 | } else | 
| 2372 | if (pkey->type == EVP_PKEY_EC) { | 2372 | if (pkey->type == EVP_PKEY_EC) { | 
| 2373 | j = ECDSA_verify(pkey->save_type, | 2373 | j = ECDSA_verify(pkey->save_type, | 
| 2374 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | 2374 | &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | 
| 2375 | SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec); | 2375 | SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec); | 
| 2376 | if (j <= 0) { | 2376 | if (j <= 0) { | 
| 2377 | /* bad signature */ | 2377 | /* bad signature */ | 
| @@ -2391,7 +2391,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2391 | int nid; | 2391 | int nid; | 
| 2392 | EVP_PKEY_CTX *pctx; | 2392 | EVP_PKEY_CTX *pctx; | 
| 2393 | 2393 | ||
| 2394 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); | 2394 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); | 
| 2395 | if (hdatalen <= 0) { | 2395 | if (hdatalen <= 0) { | 
| 2396 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 2396 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | 
| 2397 | ERR_R_INTERNAL_ERROR); | 2397 | ERR_R_INTERNAL_ERROR); | 
| @@ -2456,9 +2456,9 @@ f_err: | |||
| 2456 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 2456 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 
| 2457 | } | 2457 | } | 
| 2458 | end: | 2458 | end: | 
| 2459 | if (s->s3->handshake_buffer) { | 2459 | if (S3I(s)->handshake_buffer) { | 
| 2460 | BIO_free(s->s3->handshake_buffer); | 2460 | BIO_free(S3I(s)->handshake_buffer); | 
| 2461 | s->s3->handshake_buffer = NULL; | 2461 | S3I(s)->handshake_buffer = NULL; | 
| 2462 | s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE; | 2462 | s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE; | 
| 2463 | } | 2463 | } | 
| 2464 | EVP_MD_CTX_cleanup(&mctx); | 2464 | EVP_MD_CTX_cleanup(&mctx); | 
| @@ -2482,7 +2482,7 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2482 | if (!ok) | 2482 | if (!ok) | 
| 2483 | return ((int)n); | 2483 | return ((int)n); | 
| 2484 | 2484 | ||
| 2485 | if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { | 2485 | if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { | 
| 2486 | if ((s->verify_mode & SSL_VERIFY_PEER) && | 2486 | if ((s->verify_mode & SSL_VERIFY_PEER) && | 
| 2487 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { | 2487 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { | 
| 2488 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | 2488 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | 
| @@ -2494,18 +2494,18 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2494 | * If tls asked for a client cert, | 2494 | * If tls asked for a client cert, | 
| 2495 | * the client must return a 0 list. | 2495 | * the client must return a 0 list. | 
| 2496 | */ | 2496 | */ | 
| 2497 | if (s->s3->tmp.cert_request) { | 2497 | if (S3I(s)->tmp.cert_request) { | 
| 2498 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | 2498 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | 
| 2499 | SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST | 2499 | SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST | 
| 2500 | ); | 2500 | ); | 
| 2501 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2501 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| 2502 | goto f_err; | 2502 | goto f_err; | 
| 2503 | } | 2503 | } | 
| 2504 | s->s3->tmp.reuse_message = 1; | 2504 | S3I(s)->tmp.reuse_message = 1; | 
| 2505 | return (1); | 2505 | return (1); | 
| 2506 | } | 2506 | } | 
| 2507 | 2507 | ||
| 2508 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { | 2508 | if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { | 
| 2509 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2509 | al = SSL_AD_UNEXPECTED_MESSAGE; | 
| 2510 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | 2510 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | 
| 2511 | SSL_R_WRONG_MESSAGE_TYPE); | 2511 | SSL_R_WRONG_MESSAGE_TYPE); | 
| @@ -2571,7 +2571,7 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2571 | goto f_err; | 2571 | goto f_err; | 
| 2572 | } | 2572 | } | 
| 2573 | /* No client certificate so digest cached records */ | 2573 | /* No client certificate so digest cached records */ | 
| 2574 | if (s->s3->handshake_buffer && !tls1_digest_cached_records(s)) { | 2574 | if (S3I(s)->handshake_buffer && !tls1_digest_cached_records(s)) { | 
| 2575 | al = SSL_AD_INTERNAL_ERROR; | 2575 | al = SSL_AD_INTERNAL_ERROR; | 
| 2576 | goto f_err; | 2576 | goto f_err; | 
| 2577 | } | 2577 | } | 
| @@ -2860,7 +2860,7 @@ ssl3_get_next_proto(SSL *s) | |||
| 2860 | * Clients cannot send a NextProtocol message if we didn't see the | 2860 | * Clients cannot send a NextProtocol message if we didn't see the | 
| 2861 | * extension in their ClientHello | 2861 | * extension in their ClientHello | 
| 2862 | */ | 2862 | */ | 
| 2863 | if (!s->s3->next_proto_neg_seen) { | 2863 | if (!S3I(s)->next_proto_neg_seen) { | 
| 2864 | SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, | 2864 | SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, | 
| 2865 | SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); | 2865 | SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); | 
| 2866 | return (-1); | 2866 | return (-1); | 
| @@ -2874,10 +2874,10 @@ ssl3_get_next_proto(SSL *s) | |||
| 2874 | 2874 | ||
| 2875 | /* | 2875 | /* | 
| 2876 | * s->state doesn't reflect whether ChangeCipherSpec has been received | 2876 | * s->state doesn't reflect whether ChangeCipherSpec has been received | 
| 2877 | * in this handshake, but s->s3->change_cipher_spec does (will be reset | 2877 | * in this handshake, but S3I(s)->change_cipher_spec does (will be reset | 
| 2878 | * by ssl3_get_finished). | 2878 | * by ssl3_get_finished). | 
| 2879 | */ | 2879 | */ | 
| 2880 | if (!s->s3->change_cipher_spec) { | 2880 | if (!S3I(s)->change_cipher_spec) { | 
| 2881 | SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, | 2881 | SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, | 
| 2882 | SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); | 2882 | SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); | 
| 2883 | return (-1); | 2883 | return (-1); | 
| diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 6344176105..91cbaf29e3 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.44 2017/01/22 03:50:45 jsing Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.45 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -363,135 +363,22 @@ struct ssl3_state_internal_st; | |||
| 363 | 363 | ||
| 364 | typedef struct ssl3_state_st { | 364 | typedef struct ssl3_state_st { | 
| 365 | long flags; | 365 | long flags; | 
| 366 | int delay_buf_pop_ret; | ||
| 367 | |||
| 368 | unsigned char read_sequence[SSL3_SEQUENCE_SIZE]; | ||
| 369 | int read_mac_secret_size; | ||
| 370 | unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; | ||
| 371 | unsigned char write_sequence[SSL3_SEQUENCE_SIZE]; | ||
| 372 | int write_mac_secret_size; | ||
| 373 | unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; | ||
| 374 | 366 | ||
| 375 | unsigned char server_random[SSL3_RANDOM_SIZE]; | 367 | unsigned char server_random[SSL3_RANDOM_SIZE]; | 
| 376 | unsigned char client_random[SSL3_RANDOM_SIZE]; | 368 | unsigned char client_random[SSL3_RANDOM_SIZE]; | 
| 377 | 369 | ||
| 378 | /* flags for countermeasure against known-IV weakness */ | ||
| 379 | int need_empty_fragments; | ||
| 380 | int empty_fragment_done; | ||
| 381 | |||
| 382 | SSL3_BUFFER rbuf; /* read IO goes into here */ | 370 | SSL3_BUFFER rbuf; /* read IO goes into here */ | 
| 383 | SSL3_BUFFER wbuf; /* write IO goes into here */ | 371 | SSL3_BUFFER wbuf; /* write IO goes into here */ | 
| 384 | 372 | ||
| 385 | SSL3_RECORD rrec; /* each decoded record goes in here */ | ||
| 386 | SSL3_RECORD wrec; /* goes out from here */ | ||
| 387 | |||
| 388 | /* storage for Alert/Handshake protocol data received but not | ||
| 389 | * yet processed by ssl3_read_bytes: */ | ||
| 390 | unsigned char alert_fragment[2]; | ||
| 391 | unsigned int alert_fragment_len; | ||
| 392 | unsigned char handshake_fragment[4]; | ||
| 393 | unsigned int handshake_fragment_len; | ||
| 394 | |||
| 395 | /* partial write - check the numbers match */ | ||
| 396 | unsigned int wnum; /* number of bytes sent so far */ | ||
| 397 | int wpend_tot; /* number bytes written */ | ||
| 398 | int wpend_type; | ||
| 399 | int wpend_ret; /* number of bytes submitted */ | ||
| 400 | const unsigned char *wpend_buf; | ||
| 401 | |||
| 402 | /* used during startup, digest all incoming/outgoing packets */ | ||
| 403 | BIO *handshake_buffer; | ||
| 404 | /* When set of handshake digests is determined, buffer is hashed | ||
| 405 | * and freed and MD_CTX-es for all required digests are stored in | ||
| 406 | * this array */ | ||
| 407 | EVP_MD_CTX **handshake_dgst; | ||
| 408 | /* this is set whenerver we see a change_cipher_spec message | ||
| 409 | * come in when we are not looking for one */ | ||
| 410 | int change_cipher_spec; | ||
| 411 | |||
| 412 | int warn_alert; | ||
| 413 | int fatal_alert; | ||
| 414 | /* we allow one fatal and one warning alert to be outstanding, | 373 | /* we allow one fatal and one warning alert to be outstanding, | 
| 415 | * send close alert via the warning alert */ | 374 | * send close alert via the warning alert */ | 
| 416 | int alert_dispatch; | 375 | int alert_dispatch; | 
| 417 | unsigned char send_alert[2]; | 376 | unsigned char send_alert[2]; | 
| 418 | 377 | ||
| 419 | /* This flag is set when we should renegotiate ASAP, basically when | 378 | struct { | 
| 420 | * there is no more data in the read or write buffers */ | ||
| 421 | int renegotiate; | ||
| 422 | int total_renegotiations; | ||
| 423 | int num_renegotiations; | ||
| 424 | |||
| 425 | int in_read_app_data; | ||
| 426 | |||
| 427 | struct { | ||
| 428 | /* actually only needs to be 16+20 */ | ||
| 429 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; | ||
| 430 | |||
| 431 | /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ | ||
| 432 | unsigned char finish_md[EVP_MAX_MD_SIZE*2]; | ||
| 433 | int finish_md_len; | ||
| 434 | unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; | ||
| 435 | int peer_finish_md_len; | ||
| 436 | |||
| 437 | unsigned long message_size; | ||
| 438 | int message_type; | ||
| 439 | |||
| 440 | /* used to hold the new cipher we are going to use */ | ||
| 441 | const SSL_CIPHER *new_cipher; | ||
| 442 | DH *dh; | ||
| 443 | |||
| 444 | EC_KEY *ecdh; /* holds short lived ECDH key */ | ||
| 445 | |||
| 446 | uint8_t *x25519; | ||
| 447 | |||
| 448 | /* used when SSL_ST_FLUSH_DATA is entered */ | ||
| 449 | int next_state; | ||
| 450 | |||
| 451 | int reuse_message; | ||
| 452 | |||
| 453 | /* used for certificate requests */ | ||
| 454 | int cert_req; | ||
| 455 | int ctype_num; | ||
| 456 | char ctype[SSL3_CT_NUMBER]; | ||
| 457 | STACK_OF(X509_NAME) *ca_names; | ||
| 458 | |||
| 459 | int key_block_length; | ||
| 460 | unsigned char *key_block; | ||
| 461 | |||
| 462 | const EVP_CIPHER *new_sym_enc; | ||
| 463 | const EVP_AEAD *new_aead; | ||
| 464 | const EVP_MD *new_hash; | ||
| 465 | int new_mac_pkey_type; | ||
| 466 | int new_mac_secret_size; | 379 | int new_mac_secret_size; | 
| 467 | int cert_request; | ||
| 468 | } tmp; | 380 | } tmp; | 
| 469 | 381 | ||
| 470 | /* Connection binding to prevent renegotiation attacks */ | ||
| 471 | unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; | ||
| 472 | unsigned char previous_client_finished_len; | ||
| 473 | unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; | ||
| 474 | unsigned char previous_server_finished_len; | ||
| 475 | int send_connection_binding; /* TODOEKR */ | ||
| 476 | |||
| 477 | /* Set if we saw the Next Protocol Negotiation extension from our peer. | ||
| 478 | */ | ||
| 479 | int next_proto_neg_seen; | ||
| 480 | |||
| 481 | /* | ||
| 482 | * ALPN information | ||
| 483 | * (we are in the process of transitioning from NPN to ALPN). | ||
| 484 | */ | ||
| 485 | |||
| 486 | /* | ||
| 487 | * In a server these point to the selected ALPN protocol after the | ||
| 488 | * ClientHello has been processed. In a client these contain the | ||
| 489 | * protocol that the server selected once the ServerHello has been | ||
| 490 | * processed. | ||
| 491 | */ | ||
| 492 | unsigned char *alpn_selected; | ||
| 493 | unsigned int alpn_selected_len; | ||
| 494 | |||
| 495 | struct ssl3_state_internal_st *internal; | 382 | struct ssl3_state_internal_st *internal; | 
| 496 | } SSL3_STATE; | 383 | } SSL3_STATE; | 
| 497 | 384 | ||
| diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 294745c9f9..d520a6d249 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_cert.c,v 1.53 2016/12/21 16:44:31 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_cert.c,v 1.54 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -507,7 +507,7 @@ SSL_get_client_CA_list(const SSL *s) | |||
| 507 | /* We are in the client. */ | 507 | /* We are in the client. */ | 
| 508 | if (((s->version >> 8) == SSL3_VERSION_MAJOR) && | 508 | if (((s->version >> 8) == SSL3_VERSION_MAJOR) && | 
| 509 | (s->s3 != NULL)) | 509 | (s->s3 != NULL)) | 
| 510 | return (s->s3->tmp.ca_names); | 510 | return (S3I(s)->tmp.ca_names); | 
| 511 | else | 511 | else | 
| 512 | return (NULL); | 512 | return (NULL); | 
| 513 | } else { | 513 | } else { | 
| diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 50c764ae86..96aea4c5dd 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.128 2017/01/22 07:16:39 beck Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.129 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -702,10 +702,10 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) | |||
| 702 | size_t ret = 0; | 702 | size_t ret = 0; | 
| 703 | 703 | ||
| 704 | if (s->s3 != NULL) { | 704 | if (s->s3 != NULL) { | 
| 705 | ret = s->s3->tmp.finish_md_len; | 705 | ret = S3I(s)->tmp.finish_md_len; | 
| 706 | if (count > ret) | 706 | if (count > ret) | 
| 707 | count = ret; | 707 | count = ret; | 
| 708 | memcpy(buf, s->s3->tmp.finish_md, count); | 708 | memcpy(buf, S3I(s)->tmp.finish_md, count); | 
| 709 | } | 709 | } | 
| 710 | return (ret); | 710 | return (ret); | 
| 711 | } | 711 | } | 
| @@ -717,10 +717,10 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count) | |||
| 717 | size_t ret = 0; | 717 | size_t ret = 0; | 
| 718 | 718 | ||
| 719 | if (s->s3 != NULL) { | 719 | if (s->s3 != NULL) { | 
| 720 | ret = s->s3->tmp.peer_finish_md_len; | 720 | ret = S3I(s)->tmp.peer_finish_md_len; | 
| 721 | if (count > ret) | 721 | if (count > ret) | 
| 722 | count = ret; | 722 | count = ret; | 
| 723 | memcpy(buf, s->s3->tmp.peer_finish_md, count); | 723 | memcpy(buf, S3I(s)->tmp.peer_finish_md, count); | 
| 724 | } | 724 | } | 
| 725 | return (ret); | 725 | return (ret); | 
| 726 | } | 726 | } | 
| @@ -1089,7 +1089,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1089 | return (1); | 1089 | return (1); | 
| 1090 | case SSL_CTRL_GET_RI_SUPPORT: | 1090 | case SSL_CTRL_GET_RI_SUPPORT: | 
| 1091 | if (s->s3) | 1091 | if (s->s3) | 
| 1092 | return (s->s3->send_connection_binding); | 1092 | return (S3I(s)->send_connection_binding); | 
| 1093 | else return (0); | 1093 | else return (0); | 
| 1094 | default: | 1094 | default: | 
| 1095 | return (s->method->ssl_ctrl(s, cmd, larg, parg)); | 1095 | return (s->method->ssl_ctrl(s, cmd, larg, parg)); | 
| @@ -1425,7 +1425,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) | |||
| 1425 | uint16_t cipher_value, max_version; | 1425 | uint16_t cipher_value, max_version; | 
| 1426 | 1426 | ||
| 1427 | if (s->s3) | 1427 | if (s->s3) | 
| 1428 | s->s3->send_connection_binding = 0; | 1428 | S3I(s)->send_connection_binding = 0; | 
| 1429 | 1429 | ||
| 1430 | /* | 1430 | /* | 
| 1431 | * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. | 1431 | * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. | 
| @@ -1464,7 +1464,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) | |||
| 1464 | 1464 | ||
| 1465 | goto err; | 1465 | goto err; | 
| 1466 | } | 1466 | } | 
| 1467 | s->s3->send_connection_binding = 1; | 1467 | S3I(s)->send_connection_binding = 1; | 
| 1468 | continue; | 1468 | continue; | 
| 1469 | } | 1469 | } | 
| 1470 | 1470 | ||
| @@ -1725,8 +1725,8 @@ SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, | |||
| 1725 | *len = 0; | 1725 | *len = 0; | 
| 1726 | 1726 | ||
| 1727 | if (ssl->s3 != NULL) { | 1727 | if (ssl->s3 != NULL) { | 
| 1728 | *data = ssl->s3->alpn_selected; | 1728 | *data = ssl->s3->internal->alpn_selected; | 
| 1729 | *len = ssl->s3->alpn_selected_len; | 1729 | *len = ssl->s3->internal->alpn_selected_len; | 
| 1730 | } | 1730 | } | 
| 1731 | } | 1731 | } | 
| 1732 | 1732 | ||
| @@ -2119,7 +2119,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2119 | int | 2119 | int | 
| 2120 | ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) | 2120 | ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) | 
| 2121 | { | 2121 | { | 
| 2122 | const SSL_CIPHER *cs = s->s3->tmp.new_cipher; | 2122 | const SSL_CIPHER *cs = S3I(s)->tmp.new_cipher; | 
| 2123 | unsigned long alg_a; | 2123 | unsigned long alg_a; | 
| 2124 | 2124 | ||
| 2125 | alg_a = cs->algorithm_auth; | 2125 | alg_a = cs->algorithm_auth; | 
| @@ -2148,9 +2148,9 @@ ssl_get_server_send_pkey(const SSL *s) | |||
| 2148 | int i; | 2148 | int i; | 
| 2149 | 2149 | ||
| 2150 | c = s->cert; | 2150 | c = s->cert; | 
| 2151 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); | 2151 | ssl_set_cert_masks(c, S3I(s)->tmp.new_cipher); | 
| 2152 | 2152 | ||
| 2153 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 2153 | alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 
| 2154 | 2154 | ||
| 2155 | if (alg_a & SSL_aECDSA) { | 2155 | if (alg_a & SSL_aECDSA) { | 
| 2156 | i = SSL_PKEY_ECC; | 2156 | i = SSL_PKEY_ECC; | 
| @@ -2221,9 +2221,9 @@ ssl_get_auto_dh(SSL *s) | |||
| 2221 | 2221 | ||
| 2222 | if (s->cert->dh_tmp_auto == 2) { | 2222 | if (s->cert->dh_tmp_auto == 2) { | 
| 2223 | keylen = 1024; | 2223 | keylen = 1024; | 
| 2224 | } else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { | 2224 | } else if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) { | 
| 2225 | keylen = 1024; | 2225 | keylen = 1024; | 
| 2226 | if (s->s3->tmp.new_cipher->strength_bits == 256) | 2226 | if (S3I(s)->tmp.new_cipher->strength_bits == 256) | 
| 2227 | keylen = 3072; | 2227 | keylen = 3072; | 
| 2228 | } else { | 2228 | } else { | 
| 2229 | if ((cpk = ssl_get_server_send_pkey(s)) == NULL) | 2229 | if ((cpk = ssl_get_server_send_pkey(s)) == NULL) | 
| @@ -2396,7 +2396,7 @@ SSL_get_error(const SSL *s, int i) | |||
| 2396 | 2396 | ||
| 2397 | if (i == 0) { | 2397 | if (i == 0) { | 
| 2398 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && | 2398 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && | 
| 2399 | (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) | 2399 | (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY)) | 
| 2400 | return (SSL_ERROR_ZERO_RETURN); | 2400 | return (SSL_ERROR_ZERO_RETURN); | 
| 2401 | } | 2401 | } | 
| 2402 | return (SSL_ERROR_SYSCALL); | 2402 | return (SSL_ERROR_SYSCALL); | 
| diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 5681167242..a187c8d77a 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.150 2017/01/22 07:16:39 beck Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.151 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -445,8 +445,125 @@ typedef struct ssl_internal_st { | |||
| 445 | } SSL_INTERNAL; | 445 | } SSL_INTERNAL; | 
| 446 | 446 | ||
| 447 | typedef struct ssl3_state_internal_st { | 447 | typedef struct ssl3_state_internal_st { | 
| 448 | int delay_buf_pop_ret; | ||
| 448 | 449 | ||
| 450 | unsigned char read_sequence[SSL3_SEQUENCE_SIZE]; | ||
| 451 | int read_mac_secret_size; | ||
| 452 | unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; | ||
| 453 | unsigned char write_sequence[SSL3_SEQUENCE_SIZE]; | ||
| 454 | int write_mac_secret_size; | ||
| 455 | unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; | ||
| 456 | |||
| 457 | /* flags for countermeasure against known-IV weakness */ | ||
| 458 | int need_empty_fragments; | ||
| 459 | int empty_fragment_done; | ||
| 460 | |||
| 461 | SSL3_RECORD rrec; /* each decoded record goes in here */ | ||
| 462 | SSL3_RECORD wrec; /* goes out from here */ | ||
| 463 | |||
| 464 | /* storage for Alert/Handshake protocol data received but not | ||
| 465 | * yet processed by ssl3_read_bytes: */ | ||
| 466 | unsigned char alert_fragment[2]; | ||
| 467 | unsigned int alert_fragment_len; | ||
| 468 | unsigned char handshake_fragment[4]; | ||
| 469 | unsigned int handshake_fragment_len; | ||
| 470 | |||
| 471 | /* partial write - check the numbers match */ | ||
| 472 | unsigned int wnum; /* number of bytes sent so far */ | ||
| 473 | int wpend_tot; /* number bytes written */ | ||
| 474 | int wpend_type; | ||
| 475 | int wpend_ret; /* number of bytes submitted */ | ||
| 476 | const unsigned char *wpend_buf; | ||
| 477 | |||
| 478 | /* used during startup, digest all incoming/outgoing packets */ | ||
| 479 | BIO *handshake_buffer; | ||
| 480 | /* When set of handshake digests is determined, buffer is hashed | ||
| 481 | * and freed and MD_CTX-es for all required digests are stored in | ||
| 482 | * this array */ | ||
| 483 | EVP_MD_CTX **handshake_dgst; | ||
| 484 | /* this is set whenerver we see a change_cipher_spec message | ||
| 485 | * come in when we are not looking for one */ | ||
| 486 | int change_cipher_spec; | ||
| 487 | |||
| 488 | int warn_alert; | ||
| 489 | int fatal_alert; | ||
| 490 | |||
| 491 | /* This flag is set when we should renegotiate ASAP, basically when | ||
| 492 | * there is no more data in the read or write buffers */ | ||
| 493 | int renegotiate; | ||
| 494 | int total_renegotiations; | ||
| 495 | int num_renegotiations; | ||
| 496 | |||
| 497 | int in_read_app_data; | ||
| 498 | |||
| 499 | struct { | ||
| 500 | /* actually only needs to be 16+20 */ | ||
| 501 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; | ||
| 502 | |||
| 503 | /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ | ||
| 504 | unsigned char finish_md[EVP_MAX_MD_SIZE*2]; | ||
| 505 | int finish_md_len; | ||
| 506 | unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; | ||
| 507 | int peer_finish_md_len; | ||
| 508 | |||
| 509 | unsigned long message_size; | ||
| 510 | int message_type; | ||
| 511 | |||
| 512 | /* used to hold the new cipher we are going to use */ | ||
| 513 | const SSL_CIPHER *new_cipher; | ||
| 514 | DH *dh; | ||
| 515 | |||
| 516 | EC_KEY *ecdh; /* holds short lived ECDH key */ | ||
| 517 | |||
| 518 | uint8_t *x25519; | ||
| 519 | |||
| 520 | /* used when SSL_ST_FLUSH_DATA is entered */ | ||
| 521 | int next_state; | ||
| 522 | |||
| 523 | int reuse_message; | ||
| 524 | |||
| 525 | /* used for certificate requests */ | ||
| 526 | int cert_req; | ||
| 527 | int ctype_num; | ||
| 528 | char ctype[SSL3_CT_NUMBER]; | ||
| 529 | STACK_OF(X509_NAME) *ca_names; | ||
| 530 | |||
| 531 | int key_block_length; | ||
| 532 | unsigned char *key_block; | ||
| 533 | |||
| 534 | const EVP_CIPHER *new_sym_enc; | ||
| 535 | const EVP_AEAD *new_aead; | ||
| 536 | const EVP_MD *new_hash; | ||
| 537 | int new_mac_pkey_type; | ||
| 538 | int cert_request; | ||
| 539 | } tmp; | ||
| 540 | |||
| 541 | /* Connection binding to prevent renegotiation attacks */ | ||
| 542 | unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; | ||
| 543 | unsigned char previous_client_finished_len; | ||
| 544 | unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; | ||
| 545 | unsigned char previous_server_finished_len; | ||
| 546 | int send_connection_binding; /* TODOEKR */ | ||
| 547 | |||
| 548 | /* Set if we saw the Next Protocol Negotiation extension from our peer. | ||
| 549 | */ | ||
| 550 | int next_proto_neg_seen; | ||
| 551 | |||
| 552 | /* | ||
| 553 | * ALPN information | ||
| 554 | * (we are in the process of transitioning from NPN to ALPN). | ||
| 555 | */ | ||
| 556 | |||
| 557 | /* | ||
| 558 | * In a server these point to the selected ALPN protocol after the | ||
| 559 | * ClientHello has been processed. In a client these contain the | ||
| 560 | * protocol that the server selected once the ServerHello has been | ||
| 561 | * processed. | ||
| 562 | */ | ||
| 563 | unsigned char *alpn_selected; | ||
| 564 | unsigned int alpn_selected_len; | ||
| 449 | } SSL3_STATE_INTERNAL; | 565 | } SSL3_STATE_INTERNAL; | 
| 566 | #define S3I(s) (s->s3->internal) | ||
| 450 | 567 | ||
| 451 | typedef struct dtls1_state_internal_st { | 568 | typedef struct dtls1_state_internal_st { | 
| 452 | unsigned int send_cookie; | 569 | unsigned int send_cookie; | 
| @@ -564,7 +681,6 @@ typedef struct sess_cert_st { | |||
| 564 | int references; /* actually always 1 at the moment */ | 681 | int references; /* actually always 1 at the moment */ | 
| 565 | } SESS_CERT; | 682 | } SESS_CERT; | 
| 566 | 683 | ||
| 567 | |||
| 568 | /*#define SSL_DEBUG */ | 684 | /*#define SSL_DEBUG */ | 
| 569 | /*#define RSA_DEBUG */ | 685 | /*#define RSA_DEBUG */ | 
| 570 | 686 | ||
| diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 67ad1ae924..a8998b4dec 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.88 2017/01/22 07:16:39 beck Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.89 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -146,26 +146,26 @@ | |||
| 146 | void | 146 | void | 
| 147 | tls1_cleanup_key_block(SSL *s) | 147 | tls1_cleanup_key_block(SSL *s) | 
| 148 | { | 148 | { | 
| 149 | if (s->s3->tmp.key_block != NULL) { | 149 | if (S3I(s)->tmp.key_block != NULL) { | 
| 150 | explicit_bzero(s->s3->tmp.key_block, | 150 | explicit_bzero(S3I(s)->tmp.key_block, | 
| 151 | s->s3->tmp.key_block_length); | 151 | S3I(s)->tmp.key_block_length); | 
| 152 | free(s->s3->tmp.key_block); | 152 | free(S3I(s)->tmp.key_block); | 
| 153 | s->s3->tmp.key_block = NULL; | 153 | S3I(s)->tmp.key_block = NULL; | 
| 154 | } | 154 | } | 
| 155 | s->s3->tmp.key_block_length = 0; | 155 | S3I(s)->tmp.key_block_length = 0; | 
| 156 | } | 156 | } | 
| 157 | 157 | ||
| 158 | int | 158 | int | 
| 159 | tls1_init_finished_mac(SSL *s) | 159 | tls1_init_finished_mac(SSL *s) | 
| 160 | { | 160 | { | 
| 161 | BIO_free(s->s3->handshake_buffer); | 161 | BIO_free(S3I(s)->handshake_buffer); | 
| 162 | tls1_free_digest_list(s); | 162 | tls1_free_digest_list(s); | 
| 163 | 163 | ||
| 164 | s->s3->handshake_buffer = BIO_new(BIO_s_mem()); | 164 | S3I(s)->handshake_buffer = BIO_new(BIO_s_mem()); | 
| 165 | if (s->s3->handshake_buffer == NULL) | 165 | if (S3I(s)->handshake_buffer == NULL) | 
| 166 | return (0); | 166 | return (0); | 
| 167 | 167 | ||
| 168 | (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); | 168 | (void)BIO_set_close(S3I(s)->handshake_buffer, BIO_CLOSE); | 
| 169 | 169 | ||
| 170 | return (1); | 170 | return (1); | 
| 171 | } | 171 | } | 
| @@ -177,15 +177,15 @@ tls1_free_digest_list(SSL *s) | |||
| 177 | 177 | ||
| 178 | if (s == NULL) | 178 | if (s == NULL) | 
| 179 | return; | 179 | return; | 
| 180 | if (s->s3->handshake_dgst == NULL) | 180 | if (S3I(s)->handshake_dgst == NULL) | 
| 181 | return; | 181 | return; | 
| 182 | 182 | ||
| 183 | for (i = 0; i < SSL_MAX_DIGEST; i++) { | 183 | for (i = 0; i < SSL_MAX_DIGEST; i++) { | 
| 184 | if (s->s3->handshake_dgst[i]) | 184 | if (S3I(s)->handshake_dgst[i]) | 
| 185 | EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]); | 185 | EVP_MD_CTX_destroy(S3I(s)->handshake_dgst[i]); | 
| 186 | } | 186 | } | 
| 187 | free(s->s3->handshake_dgst); | 187 | free(S3I(s)->handshake_dgst); | 
| 188 | s->s3->handshake_dgst = NULL; | 188 | S3I(s)->handshake_dgst = NULL; | 
| 189 | } | 189 | } | 
| 190 | 190 | ||
| 191 | int | 191 | int | 
| @@ -193,16 +193,16 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len) | |||
| 193 | { | 193 | { | 
| 194 | int i; | 194 | int i; | 
| 195 | 195 | ||
| 196 | if (s->s3->handshake_buffer && | 196 | if (S3I(s)->handshake_buffer && | 
| 197 | !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { | 197 | !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { | 
| 198 | BIO_write(s->s3->handshake_buffer, (void *)buf, len); | 198 | BIO_write(S3I(s)->handshake_buffer, (void *)buf, len); | 
| 199 | return 1; | 199 | return 1; | 
| 200 | } | 200 | } | 
| 201 | 201 | ||
| 202 | for (i = 0; i < SSL_MAX_DIGEST; i++) { | 202 | for (i = 0; i < SSL_MAX_DIGEST; i++) { | 
| 203 | if (s->s3->handshake_dgst[i] == NULL) | 203 | if (S3I(s)->handshake_dgst[i] == NULL) | 
| 204 | continue; | 204 | continue; | 
| 205 | if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len)) { | 205 | if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) { | 
| 206 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); | 206 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); | 
| 207 | return 0; | 207 | return 0; | 
| 208 | } | 208 | } | 
| @@ -221,12 +221,12 @@ tls1_digest_cached_records(SSL *s) | |||
| 221 | 221 | ||
| 222 | tls1_free_digest_list(s); | 222 | tls1_free_digest_list(s); | 
| 223 | 223 | ||
| 224 | s->s3->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *)); | 224 | S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *)); | 
| 225 | if (s->s3->handshake_dgst == NULL) { | 225 | if (S3I(s)->handshake_dgst == NULL) { | 
| 226 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); | 226 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); | 
| 227 | goto err; | 227 | goto err; | 
| 228 | } | 228 | } | 
| 229 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); | 229 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); | 
| 230 | if (hdatalen <= 0) { | 230 | if (hdatalen <= 0) { | 
| 231 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, | 231 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, | 
| 232 | SSL_R_BAD_HANDSHAKE_LENGTH); | 232 | SSL_R_BAD_HANDSHAKE_LENGTH); | 
| @@ -238,17 +238,17 @@ tls1_digest_cached_records(SSL *s) | |||
| 238 | if ((mask & ssl_get_algorithm2(s)) == 0 || md == NULL) | 238 | if ((mask & ssl_get_algorithm2(s)) == 0 || md == NULL) | 
| 239 | continue; | 239 | continue; | 
| 240 | 240 | ||
| 241 | s->s3->handshake_dgst[i] = EVP_MD_CTX_create(); | 241 | S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create(); | 
| 242 | if (s->s3->handshake_dgst[i] == NULL) { | 242 | if (S3I(s)->handshake_dgst[i] == NULL) { | 
| 243 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, | 243 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, | 
| 244 | ERR_R_MALLOC_FAILURE); | 244 | ERR_R_MALLOC_FAILURE); | 
| 245 | goto err; | 245 | goto err; | 
| 246 | } | 246 | } | 
| 247 | if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL)) { | 247 | if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) { | 
| 248 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); | 248 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); | 
| 249 | goto err; | 249 | goto err; | 
| 250 | } | 250 | } | 
| 251 | if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, | 251 | if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata, | 
| 252 | hdatalen)) { | 252 | hdatalen)) { | 
| 253 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); | 253 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); | 
| 254 | goto err; | 254 | goto err; | 
| @@ -256,8 +256,8 @@ tls1_digest_cached_records(SSL *s) | |||
| 256 | } | 256 | } | 
| 257 | 257 | ||
| 258 | if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { | 258 | if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { | 
| 259 | BIO_free(s->s3->handshake_buffer); | 259 | BIO_free(S3I(s)->handshake_buffer); | 
| 260 | s->s3->handshake_buffer = NULL; | 260 | S3I(s)->handshake_buffer = NULL; | 
| 261 | } | 261 | } | 
| 262 | 262 | ||
| 263 | return 1; | 263 | return 1; | 
| @@ -457,7 +457,7 @@ static int | |||
| 457 | tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, | 457 | tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, | 
| 458 | unsigned key_len, const unsigned char *iv, unsigned iv_len) | 458 | unsigned key_len, const unsigned char *iv, unsigned iv_len) | 
| 459 | { | 459 | { | 
| 460 | const EVP_AEAD *aead = s->s3->tmp.new_aead; | 460 | const EVP_AEAD *aead = S3I(s)->tmp.new_aead; | 
| 461 | SSL_AEAD_CTX *aead_ctx; | 461 | SSL_AEAD_CTX *aead_ctx; | 
| 462 | 462 | ||
| 463 | if (is_read) { | 463 | if (is_read) { | 
| @@ -482,10 +482,10 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, | |||
| 482 | aead_ctx->fixed_nonce_len = iv_len; | 482 | aead_ctx->fixed_nonce_len = iv_len; | 
| 483 | aead_ctx->variable_nonce_len = 8; /* always the case, currently. */ | 483 | aead_ctx->variable_nonce_len = 8; /* always the case, currently. */ | 
| 484 | aead_ctx->variable_nonce_in_record = | 484 | aead_ctx->variable_nonce_in_record = | 
| 485 | (s->s3->tmp.new_cipher->algorithm2 & | 485 | (S3I(s)->tmp.new_cipher->algorithm2 & | 
| 486 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0; | 486 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0; | 
| 487 | aead_ctx->xor_fixed_nonce = | 487 | aead_ctx->xor_fixed_nonce = | 
| 488 | s->s3->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305; | 488 | S3I(s)->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305; | 
| 489 | aead_ctx->tag_len = EVP_AEAD_max_overhead(aead); | 489 | aead_ctx->tag_len = EVP_AEAD_max_overhead(aead); | 
| 490 | 490 | ||
| 491 | if (aead_ctx->xor_fixed_nonce) { | 491 | if (aead_ctx->xor_fixed_nonce) { | 
| @@ -526,12 +526,12 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, | |||
| 526 | const EVP_MD *mac; | 526 | const EVP_MD *mac; | 
| 527 | int mac_type; | 527 | int mac_type; | 
| 528 | 528 | ||
| 529 | cipher = s->s3->tmp.new_sym_enc; | 529 | cipher = S3I(s)->tmp.new_sym_enc; | 
| 530 | mac = s->s3->tmp.new_hash; | 530 | mac = S3I(s)->tmp.new_hash; | 
| 531 | mac_type = s->s3->tmp.new_mac_pkey_type; | 531 | mac_type = S3I(s)->tmp.new_mac_pkey_type; | 
| 532 | 532 | ||
| 533 | if (is_read) { | 533 | if (is_read) { | 
| 534 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | 534 | if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | 
| 535 | s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; | 535 | s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; | 
| 536 | else | 536 | else | 
| 537 | s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; | 537 | s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; | 
| @@ -548,7 +548,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, | |||
| 548 | goto err; | 548 | goto err; | 
| 549 | s->read_hash = mac_ctx; | 549 | s->read_hash = mac_ctx; | 
| 550 | } else { | 550 | } else { | 
| 551 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | 551 | if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | 
| 552 | s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; | 552 | s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; | 
| 553 | else | 553 | else | 
| 554 | s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; | 554 | s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; | 
| @@ -595,15 +595,15 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, | |||
| 595 | mac_secret_size, (unsigned char *)mac_secret); | 595 | mac_secret_size, (unsigned char *)mac_secret); | 
| 596 | } | 596 | } | 
| 597 | 597 | ||
| 598 | if (s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) { | 598 | if (S3I(s)->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) { | 
| 599 | int nid; | 599 | int nid; | 
| 600 | if (s->s3->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) | 600 | if (S3I(s)->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) | 
| 601 | nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; | 601 | nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; | 
| 602 | else | 602 | else | 
| 603 | nid = NID_id_tc26_gost_28147_param_Z; | 603 | nid = NID_id_tc26_gost_28147_param_Z; | 
| 604 | 604 | ||
| 605 | EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0); | 605 | EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0); | 
| 606 | if (s->s3->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC) | 606 | if (S3I(s)->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC) | 
| 607 | EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0); | 607 | EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0); | 
| 608 | } | 608 | } | 
| 609 | 609 | ||
| @@ -628,8 +628,8 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 628 | char is_read, use_client_keys; | 628 | char is_read, use_client_keys; | 
| 629 | 629 | ||
| 630 | 630 | ||
| 631 | cipher = s->s3->tmp.new_sym_enc; | 631 | cipher = S3I(s)->tmp.new_sym_enc; | 
| 632 | aead = s->s3->tmp.new_aead; | 632 | aead = S3I(s)->tmp.new_aead; | 
| 633 | 633 | ||
| 634 | /* | 634 | /* | 
| 635 | * is_read is true if we have just read a ChangeCipherSpec message, | 635 | * is_read is true if we have just read a ChangeCipherSpec message, | 
| @@ -652,13 +652,13 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 652 | * dtls1_reset_seq_numbers(). | 652 | * dtls1_reset_seq_numbers(). | 
| 653 | */ | 653 | */ | 
| 654 | if (!SSL_IS_DTLS(s)) { | 654 | if (!SSL_IS_DTLS(s)) { | 
| 655 | seq = is_read ? s->s3->read_sequence : s->s3->write_sequence; | 655 | seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence; | 
| 656 | memset(seq, 0, SSL3_SEQUENCE_SIZE); | 656 | memset(seq, 0, SSL3_SEQUENCE_SIZE); | 
| 657 | } | 657 | } | 
| 658 | 658 | ||
| 659 | if (aead != NULL) { | 659 | if (aead != NULL) { | 
| 660 | key_len = EVP_AEAD_key_length(aead); | 660 | key_len = EVP_AEAD_key_length(aead); | 
| 661 | iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->s3->tmp.new_cipher); | 661 | iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->tmp.new_cipher); | 
| 662 | } else { | 662 | } else { | 
| 663 | key_len = EVP_CIPHER_key_length(cipher); | 663 | key_len = EVP_CIPHER_key_length(cipher); | 
| 664 | iv_len = EVP_CIPHER_iv_length(cipher); | 664 | iv_len = EVP_CIPHER_iv_length(cipher); | 
| @@ -670,7 +670,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 670 | 670 | ||
| 671 | mac_secret_size = s->s3->tmp.new_mac_secret_size; | 671 | mac_secret_size = s->s3->tmp.new_mac_secret_size; | 
| 672 | 672 | ||
| 673 | key_block = s->s3->tmp.key_block; | 673 | key_block = S3I(s)->tmp.key_block; | 
| 674 | client_write_mac_secret = key_block; | 674 | client_write_mac_secret = key_block; | 
| 675 | key_block += mac_secret_size; | 675 | key_block += mac_secret_size; | 
| 676 | server_write_mac_secret = key_block; | 676 | server_write_mac_secret = key_block; | 
| @@ -694,17 +694,17 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 694 | iv = server_write_iv; | 694 | iv = server_write_iv; | 
| 695 | } | 695 | } | 
| 696 | 696 | ||
| 697 | if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) { | 697 | if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) { | 
| 698 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); | 698 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); | 
| 699 | goto err2; | 699 | goto err2; | 
| 700 | } | 700 | } | 
| 701 | 701 | ||
| 702 | if (is_read) { | 702 | if (is_read) { | 
| 703 | memcpy(s->s3->read_mac_secret, mac_secret, mac_secret_size); | 703 | memcpy(S3I(s)->read_mac_secret, mac_secret, mac_secret_size); | 
| 704 | s->s3->read_mac_secret_size = mac_secret_size; | 704 | S3I(s)->read_mac_secret_size = mac_secret_size; | 
| 705 | } else { | 705 | } else { | 
| 706 | memcpy(s->s3->write_mac_secret, mac_secret, mac_secret_size); | 706 | memcpy(S3I(s)->write_mac_secret, mac_secret, mac_secret_size); | 
| 707 | s->s3->write_mac_secret_size = mac_secret_size; | 707 | S3I(s)->write_mac_secret_size = mac_secret_size; | 
| 708 | } | 708 | } | 
| 709 | 709 | ||
| 710 | if (aead != NULL) { | 710 | if (aead != NULL) { | 
| @@ -730,7 +730,7 @@ tls1_setup_key_block(SSL *s) | |||
| 730 | const EVP_MD *mac = NULL; | 730 | const EVP_MD *mac = NULL; | 
| 731 | int ret = 0; | 731 | int ret = 0; | 
| 732 | 732 | ||
| 733 | if (s->s3->tmp.key_block_length != 0) | 733 | if (S3I(s)->tmp.key_block_length != 0) | 
| 734 | return (1); | 734 | return (1); | 
| 735 | 735 | ||
| 736 | if (s->session->cipher && | 736 | if (s->session->cipher && | 
| @@ -757,10 +757,10 @@ tls1_setup_key_block(SSL *s) | |||
| 757 | iv_len = EVP_GCM_TLS_FIXED_IV_LEN; | 757 | iv_len = EVP_GCM_TLS_FIXED_IV_LEN; | 
| 758 | } | 758 | } | 
| 759 | 759 | ||
| 760 | s->s3->tmp.new_aead = aead; | 760 | S3I(s)->tmp.new_aead = aead; | 
| 761 | s->s3->tmp.new_sym_enc = cipher; | 761 | S3I(s)->tmp.new_sym_enc = cipher; | 
| 762 | s->s3->tmp.new_hash = mac; | 762 | S3I(s)->tmp.new_hash = mac; | 
| 763 | s->s3->tmp.new_mac_pkey_type = mac_type; | 763 | S3I(s)->tmp.new_mac_pkey_type = mac_type; | 
| 764 | s->s3->tmp.new_mac_secret_size = mac_secret_size; | 764 | s->s3->tmp.new_mac_secret_size = mac_secret_size; | 
| 765 | 765 | ||
| 766 | tls1_cleanup_key_block(s); | 766 | tls1_cleanup_key_block(s); | 
| @@ -772,8 +772,8 @@ tls1_setup_key_block(SSL *s) | |||
| 772 | } | 772 | } | 
| 773 | key_block_len = (mac_secret_size + key_len + iv_len) * 2; | 773 | key_block_len = (mac_secret_size + key_len + iv_len) * 2; | 
| 774 | 774 | ||
| 775 | s->s3->tmp.key_block_length = key_block_len; | 775 | S3I(s)->tmp.key_block_length = key_block_len; | 
| 776 | s->s3->tmp.key_block = key_block; | 776 | S3I(s)->tmp.key_block = key_block; | 
| 777 | 777 | ||
| 778 | if ((tmp_block = malloc(key_block_len)) == NULL) { | 778 | if ((tmp_block = malloc(key_block_len)) == NULL) { | 
| 779 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); | 779 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); | 
| @@ -789,15 +789,15 @@ tls1_setup_key_block(SSL *s) | |||
| 789 | * Enable vulnerability countermeasure for CBC ciphers with | 789 | * Enable vulnerability countermeasure for CBC ciphers with | 
| 790 | * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) | 790 | * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) | 
| 791 | */ | 791 | */ | 
| 792 | s->s3->need_empty_fragments = 1; | 792 | S3I(s)->need_empty_fragments = 1; | 
| 793 | 793 | ||
| 794 | if (s->session->cipher != NULL) { | 794 | if (s->session->cipher != NULL) { | 
| 795 | if (s->session->cipher->algorithm_enc == SSL_eNULL) | 795 | if (s->session->cipher->algorithm_enc == SSL_eNULL) | 
| 796 | s->s3->need_empty_fragments = 0; | 796 | S3I(s)->need_empty_fragments = 0; | 
| 797 | 797 | ||
| 798 | #ifndef OPENSSL_NO_RC4 | 798 | #ifndef OPENSSL_NO_RC4 | 
| 799 | if (s->session->cipher->algorithm_enc == SSL_RC4) | 799 | if (s->session->cipher->algorithm_enc == SSL_RC4) | 
| 800 | s->s3->need_empty_fragments = 0; | 800 | S3I(s)->need_empty_fragments = 0; | 
| 801 | #endif | 801 | #endif | 
| 802 | } | 802 | } | 
| 803 | } | 803 | } | 
| @@ -834,12 +834,12 @@ tls1_enc(SSL *s, int send) | |||
| 834 | 834 | ||
| 835 | if (send) { | 835 | if (send) { | 
| 836 | aead = s->aead_write_ctx; | 836 | aead = s->aead_write_ctx; | 
| 837 | rec = &s->s3->wrec; | 837 | rec = &S3I(s)->wrec; | 
| 838 | seq = s->s3->write_sequence; | 838 | seq = S3I(s)->write_sequence; | 
| 839 | } else { | 839 | } else { | 
| 840 | aead = s->aead_read_ctx; | 840 | aead = s->aead_read_ctx; | 
| 841 | rec = &s->s3->rrec; | 841 | rec = &S3I(s)->rrec; | 
| 842 | seq = s->s3->read_sequence; | 842 | seq = S3I(s)->read_sequence; | 
| 843 | } | 843 | } | 
| 844 | 844 | ||
| 845 | if (aead) { | 845 | if (aead) { | 
| @@ -1102,14 +1102,14 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) | |||
| 1102 | unsigned int ret; | 1102 | unsigned int ret; | 
| 1103 | int i; | 1103 | int i; | 
| 1104 | 1104 | ||
| 1105 | if (s->s3->handshake_buffer) | 1105 | if (S3I(s)->handshake_buffer) | 
| 1106 | if (!tls1_digest_cached_records(s)) | 1106 | if (!tls1_digest_cached_records(s)) | 
| 1107 | return 0; | 1107 | return 0; | 
| 1108 | 1108 | ||
| 1109 | for (i = 0; i < SSL_MAX_DIGEST; i++) { | 1109 | for (i = 0; i < SSL_MAX_DIGEST; i++) { | 
| 1110 | if (s->s3->handshake_dgst[i] && | 1110 | if (S3I(s)->handshake_dgst[i] && | 
| 1111 | EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) { | 1111 | EVP_MD_CTX_type(S3I(s)->handshake_dgst[i]) == md_nid) { | 
| 1112 | d = s->s3->handshake_dgst[i]; | 1112 | d = S3I(s)->handshake_dgst[i]; | 
| 1113 | break; | 1113 | break; | 
| 1114 | } | 1114 | } | 
| 1115 | } | 1115 | } | 
| @@ -1141,7 +1141,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) | |||
| 1141 | 1141 | ||
| 1142 | q = buf; | 1142 | q = buf; | 
| 1143 | 1143 | ||
| 1144 | if (s->s3->handshake_buffer) | 1144 | if (S3I(s)->handshake_buffer) | 
| 1145 | if (!tls1_digest_cached_records(s)) | 1145 | if (!tls1_digest_cached_records(s)) | 
| 1146 | return 0; | 1146 | return 0; | 
| 1147 | 1147 | ||
| @@ -1150,7 +1150,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) | |||
| 1150 | for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) { | 1150 | for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) { | 
| 1151 | if (ssl_get_algorithm2(s) & mask) { | 1151 | if (ssl_get_algorithm2(s) & mask) { | 
| 1152 | int hashsize = EVP_MD_size(md); | 1152 | int hashsize = EVP_MD_size(md); | 
| 1153 | EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; | 1153 | EVP_MD_CTX *hdgst = S3I(s)->handshake_dgst[idx]; | 
| 1154 | if (!hdgst || hashsize < 0 || | 1154 | if (!hdgst || hashsize < 0 || | 
| 1155 | hashsize > (int)(sizeof buf - (size_t)(q - buf))) { | 1155 | hashsize > (int)(sizeof buf - (size_t)(q - buf))) { | 
| 1156 | /* internal error: 'buf' is too small for this cipersuite! */ | 1156 | /* internal error: 'buf' is too small for this cipersuite! */ | 
| @@ -1193,12 +1193,12 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 1193 | int t; | 1193 | int t; | 
| 1194 | 1194 | ||
| 1195 | if (send) { | 1195 | if (send) { | 
| 1196 | rec = &(ssl->s3->wrec); | 1196 | rec = &(ssl->s3->internal->wrec); | 
| 1197 | seq = &(ssl->s3->write_sequence[0]); | 1197 | seq = &(ssl->s3->internal->write_sequence[0]); | 
| 1198 | hash = ssl->write_hash; | 1198 | hash = ssl->write_hash; | 
| 1199 | } else { | 1199 | } else { | 
| 1200 | rec = &(ssl->s3->rrec); | 1200 | rec = &(ssl->s3->internal->rrec); | 
| 1201 | seq = &(ssl->s3->read_sequence[0]); | 1201 | seq = &(ssl->s3->internal->read_sequence[0]); | 
| 1202 | hash = ssl->read_hash; | 1202 | hash = ssl->read_hash; | 
| 1203 | } | 1203 | } | 
| 1204 | 1204 | ||
| @@ -1241,8 +1241,8 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 1241 | if (!ssl3_cbc_digest_record(mac_ctx, | 1241 | if (!ssl3_cbc_digest_record(mac_ctx, | 
| 1242 | md, &md_size, header, rec->input, | 1242 | md, &md_size, header, rec->input, | 
| 1243 | rec->length + md_size, orig_len, | 1243 | rec->length + md_size, orig_len, | 
| 1244 | ssl->s3->read_mac_secret, | 1244 | ssl->s3->internal->read_mac_secret, | 
| 1245 | ssl->s3->read_mac_secret_size)) | 1245 | ssl->s3->internal->read_mac_secret_size)) | 
| 1246 | return -1; | 1246 | return -1; | 
| 1247 | } else { | 1247 | } else { | 
| 1248 | EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); | 1248 | EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); | 
| diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 55624a2d24..d1d20b6bda 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.98 2017/01/22 06:36:49 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.99 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -863,7 +863,7 @@ skip_ext: | |||
| 863 | } | 863 | } | 
| 864 | 864 | ||
| 865 | if (s->ctx->internal->next_proto_select_cb && | 865 | if (s->ctx->internal->next_proto_select_cb && | 
| 866 | !s->s3->tmp.finish_md_len) { | 866 | !S3I(s)->tmp.finish_md_len) { | 
| 867 | /* The client advertises an emtpy extension to indicate its | 867 | /* The client advertises an emtpy extension to indicate its | 
| 868 | * support for Next Protocol Negotiation */ | 868 | * support for Next Protocol Negotiation */ | 
| 869 | if ((size_t)(limit - ret) < 4) | 869 | if ((size_t)(limit - ret) < 4) | 
| @@ -873,7 +873,7 @@ skip_ext: | |||
| 873 | } | 873 | } | 
| 874 | 874 | ||
| 875 | if (s->internal->alpn_client_proto_list != NULL && | 875 | if (s->internal->alpn_client_proto_list != NULL && | 
| 876 | s->s3->tmp.finish_md_len == 0) { | 876 | S3I(s)->tmp.finish_md_len == 0) { | 
| 877 | if ((size_t)(limit - ret) < | 877 | if ((size_t)(limit - ret) < | 
| 878 | 6 + s->internal->alpn_client_proto_list_len) | 878 | 6 + s->internal->alpn_client_proto_list_len) | 
| 879 | return (NULL); | 879 | return (NULL); | 
| @@ -955,8 +955,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 955 | unsigned char *ret = p; | 955 | unsigned char *ret = p; | 
| 956 | int next_proto_neg_seen; | 956 | int next_proto_neg_seen; | 
| 957 | 957 | ||
| 958 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 958 | alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 
| 959 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 959 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 960 | using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && | 960 | using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && | 
| 961 | SSI(s)->tlsext_ecpointformatlist != NULL; | 961 | SSI(s)->tlsext_ecpointformatlist != NULL; | 
| 962 | 962 | ||
| @@ -973,7 +973,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 973 | s2n(0, ret); | 973 | s2n(0, ret); | 
| 974 | } | 974 | } | 
| 975 | 975 | ||
| 976 | if (s->s3->send_connection_binding) { | 976 | if (S3I(s)->send_connection_binding) { | 
| 977 | int el; | 977 | int el; | 
| 978 | 978 | ||
| 979 | if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { | 979 | if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { | 
| @@ -1068,8 +1068,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 1068 | } | 1068 | } | 
| 1069 | #endif | 1069 | #endif | 
| 1070 | 1070 | ||
| 1071 | if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 || | 1071 | if (((S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x80 || | 
| 1072 | (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) && | 1072 | (S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x81) && | 
| 1073 | (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) { | 1073 | (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) { | 
| 1074 | static const unsigned char cryptopro_ext[36] = { | 1074 | static const unsigned char cryptopro_ext[36] = { | 
| 1075 | 0xfd, 0xe8, /*65000*/ | 1075 | 0xfd, 0xe8, /*65000*/ | 
| @@ -1085,8 +1085,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 1085 | ret += sizeof(cryptopro_ext); | 1085 | ret += sizeof(cryptopro_ext); | 
| 1086 | } | 1086 | } | 
| 1087 | 1087 | ||
| 1088 | next_proto_neg_seen = s->s3->next_proto_neg_seen; | 1088 | next_proto_neg_seen = S3I(s)->next_proto_neg_seen; | 
| 1089 | s->s3->next_proto_neg_seen = 0; | 1089 | S3I(s)->next_proto_neg_seen = 0; | 
| 1090 | if (next_proto_neg_seen && s->ctx->internal->next_protos_advertised_cb) { | 1090 | if (next_proto_neg_seen && s->ctx->internal->next_protos_advertised_cb) { | 
| 1091 | const unsigned char *npa; | 1091 | const unsigned char *npa; | 
| 1092 | unsigned int npalen; | 1092 | unsigned int npalen; | 
| @@ -1101,13 +1101,13 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 1101 | s2n(npalen, ret); | 1101 | s2n(npalen, ret); | 
| 1102 | memcpy(ret, npa, npalen); | 1102 | memcpy(ret, npa, npalen); | 
| 1103 | ret += npalen; | 1103 | ret += npalen; | 
| 1104 | s->s3->next_proto_neg_seen = 1; | 1104 | S3I(s)->next_proto_neg_seen = 1; | 
| 1105 | } | 1105 | } | 
| 1106 | } | 1106 | } | 
| 1107 | 1107 | ||
| 1108 | if (s->s3->alpn_selected != NULL) { | 1108 | if (S3I(s)->alpn_selected != NULL) { | 
| 1109 | const unsigned char *selected = s->s3->alpn_selected; | 1109 | const unsigned char *selected = S3I(s)->alpn_selected; | 
| 1110 | unsigned int len = s->s3->alpn_selected_len; | 1110 | unsigned int len = S3I(s)->alpn_selected_len; | 
| 1111 | 1111 | ||
| 1112 | if ((long)(limit - ret - 4 - 2 - 1 - len) < 0) | 1112 | if ((long)(limit - ret - 4 - 2 - 1 - len) < 0) | 
| 1113 | return (NULL); | 1113 | return (NULL); | 
| @@ -1175,13 +1175,13 @@ tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, | |||
| 1175 | CBS_data(&alpn), CBS_len(&alpn), | 1175 | CBS_data(&alpn), CBS_len(&alpn), | 
| 1176 | s->ctx->internal->alpn_select_cb_arg); | 1176 | s->ctx->internal->alpn_select_cb_arg); | 
| 1177 | if (r == SSL_TLSEXT_ERR_OK) { | 1177 | if (r == SSL_TLSEXT_ERR_OK) { | 
| 1178 | free(s->s3->alpn_selected); | 1178 | free(S3I(s)->alpn_selected); | 
| 1179 | if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { | 1179 | if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) { | 
| 1180 | *al = SSL_AD_INTERNAL_ERROR; | 1180 | *al = SSL_AD_INTERNAL_ERROR; | 
| 1181 | return (-1); | 1181 | return (-1); | 
| 1182 | } | 1182 | } | 
| 1183 | memcpy(s->s3->alpn_selected, selected, selected_len); | 1183 | memcpy(S3I(s)->alpn_selected, selected, selected_len); | 
| 1184 | s->s3->alpn_selected_len = selected_len; | 1184 | S3I(s)->alpn_selected_len = selected_len; | 
| 1185 | } | 1185 | } | 
| 1186 | 1186 | ||
| 1187 | return (1); | 1187 | return (1); | 
| @@ -1205,9 +1205,9 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1205 | 1205 | ||
| 1206 | s->servername_done = 0; | 1206 | s->servername_done = 0; | 
| 1207 | s->tlsext_status_type = -1; | 1207 | s->tlsext_status_type = -1; | 
| 1208 | s->s3->next_proto_neg_seen = 0; | 1208 | S3I(s)->next_proto_neg_seen = 0; | 
| 1209 | free(s->s3->alpn_selected); | 1209 | free(S3I(s)->alpn_selected); | 
| 1210 | s->s3->alpn_selected = NULL; | 1210 | S3I(s)->alpn_selected = NULL; | 
| 1211 | s->srtp_profile = NULL; | 1211 | s->srtp_profile = NULL; | 
| 1212 | 1212 | ||
| 1213 | if (data == end) | 1213 | if (data == end) | 
| @@ -1529,8 +1529,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1529 | } | 1529 | } | 
| 1530 | } | 1530 | } | 
| 1531 | else if (type == TLSEXT_TYPE_next_proto_neg && | 1531 | else if (type == TLSEXT_TYPE_next_proto_neg && | 
| 1532 | s->s3->tmp.finish_md_len == 0 && | 1532 | S3I(s)->tmp.finish_md_len == 0 && | 
| 1533 | s->s3->alpn_selected == NULL) { | 1533 | S3I(s)->alpn_selected == NULL) { | 
| 1534 | /* We shouldn't accept this extension on a | 1534 | /* We shouldn't accept this extension on a | 
| 1535 | * renegotiation. | 1535 | * renegotiation. | 
| 1536 | * | 1536 | * | 
| @@ -1542,21 +1542,21 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1542 | * anything like that, but this might change). | 1542 | * anything like that, but this might change). | 
| 1543 | 1543 | ||
| 1544 | * A valid sign that there's been a previous handshake | 1544 | * A valid sign that there's been a previous handshake | 
| 1545 | * in this connection is if s->s3->tmp.finish_md_len > | 1545 | * in this connection is if S3I(s)->tmp.finish_md_len > | 
| 1546 | * 0. (We are talking about a check that will happen | 1546 | * 0. (We are talking about a check that will happen | 
| 1547 | * in the Hello protocol round, well before a new | 1547 | * in the Hello protocol round, well before a new | 
| 1548 | * Finished message could have been computed.) */ | 1548 | * Finished message could have been computed.) */ | 
| 1549 | s->s3->next_proto_neg_seen = 1; | 1549 | S3I(s)->next_proto_neg_seen = 1; | 
| 1550 | } | 1550 | } | 
| 1551 | else if (type == | 1551 | else if (type == | 
| 1552 | TLSEXT_TYPE_application_layer_protocol_negotiation && | 1552 | TLSEXT_TYPE_application_layer_protocol_negotiation && | 
| 1553 | s->ctx->internal->alpn_select_cb != NULL && | 1553 | s->ctx->internal->alpn_select_cb != NULL && | 
| 1554 | s->s3->tmp.finish_md_len == 0) { | 1554 | S3I(s)->tmp.finish_md_len == 0) { | 
| 1555 | if (tls1_alpn_handle_client_hello(s, data, | 1555 | if (tls1_alpn_handle_client_hello(s, data, | 
| 1556 | size, al) != 1) | 1556 | size, al) != 1) | 
| 1557 | return (0); | 1557 | return (0); | 
| 1558 | /* ALPN takes precedence over NPN. */ | 1558 | /* ALPN takes precedence over NPN. */ | 
| 1559 | s->s3->next_proto_neg_seen = 0; | 1559 | S3I(s)->next_proto_neg_seen = 0; | 
| 1560 | } | 1560 | } | 
| 1561 | 1561 | ||
| 1562 | /* session ticket processed earlier */ | 1562 | /* session ticket processed earlier */ | 
| @@ -1624,9 +1624,9 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) | |||
| 1624 | int tlsext_servername = 0; | 1624 | int tlsext_servername = 0; | 
| 1625 | int renegotiate_seen = 0; | 1625 | int renegotiate_seen = 0; | 
| 1626 | 1626 | ||
| 1627 | s->s3->next_proto_neg_seen = 0; | 1627 | S3I(s)->next_proto_neg_seen = 0; | 
| 1628 | free(s->s3->alpn_selected); | 1628 | free(S3I(s)->alpn_selected); | 
| 1629 | s->s3->alpn_selected = NULL; | 1629 | S3I(s)->alpn_selected = NULL; | 
| 1630 | 1630 | ||
| 1631 | if (data == end) | 1631 | if (data == end) | 
| 1632 | goto ri_check; | 1632 | goto ri_check; | 
| @@ -1714,7 +1714,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) | |||
| 1714 | s->tlsext_status_expected = 1; | 1714 | s->tlsext_status_expected = 1; | 
| 1715 | } | 1715 | } | 
| 1716 | else if (type == TLSEXT_TYPE_next_proto_neg && | 1716 | else if (type == TLSEXT_TYPE_next_proto_neg && | 
| 1717 | s->s3->tmp.finish_md_len == 0) { | 1717 | S3I(s)->tmp.finish_md_len == 0) { | 
| 1718 | unsigned char *selected; | 1718 | unsigned char *selected; | 
| 1719 | unsigned char selected_len; | 1719 | unsigned char selected_len; | 
| 1720 | 1720 | ||
| @@ -1742,7 +1742,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) | |||
| 1742 | } | 1742 | } | 
| 1743 | memcpy(s->internal->next_proto_negotiated, selected, selected_len); | 1743 | memcpy(s->internal->next_proto_negotiated, selected, selected_len); | 
| 1744 | s->internal->next_proto_negotiated_len = selected_len; | 1744 | s->internal->next_proto_negotiated_len = selected_len; | 
| 1745 | s->s3->next_proto_neg_seen = 1; | 1745 | S3I(s)->next_proto_neg_seen = 1; | 
| 1746 | } | 1746 | } | 
| 1747 | else if (type == | 1747 | else if (type == | 
| 1748 | TLSEXT_TYPE_application_layer_protocol_negotiation) { | 1748 | TLSEXT_TYPE_application_layer_protocol_negotiation) { | 
| @@ -1773,14 +1773,14 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) | |||
| 1773 | *al = TLS1_AD_DECODE_ERROR; | 1773 | *al = TLS1_AD_DECODE_ERROR; | 
| 1774 | return (0); | 1774 | return (0); | 
| 1775 | } | 1775 | } | 
| 1776 | free(s->s3->alpn_selected); | 1776 | free(S3I(s)->alpn_selected); | 
| 1777 | s->s3->alpn_selected = malloc(len); | 1777 | S3I(s)->alpn_selected = malloc(len); | 
| 1778 | if (s->s3->alpn_selected == NULL) { | 1778 | if (S3I(s)->alpn_selected == NULL) { | 
| 1779 | *al = TLS1_AD_INTERNAL_ERROR; | 1779 | *al = TLS1_AD_INTERNAL_ERROR; | 
| 1780 | return (0); | 1780 | return (0); | 
| 1781 | } | 1781 | } | 
| 1782 | memcpy(s->s3->alpn_selected, data + 3, len); | 1782 | memcpy(S3I(s)->alpn_selected, data + 3, len); | 
| 1783 | s->s3->alpn_selected_len = len; | 1783 | S3I(s)->alpn_selected_len = len; | 
| 1784 | 1784 | ||
| 1785 | } else if (type == TLSEXT_TYPE_renegotiate) { | 1785 | } else if (type == TLSEXT_TYPE_renegotiate) { | 
| 1786 | if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) | 1786 | if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) | 
| @@ -1948,8 +1948,8 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1948 | * suite, then if server returns an EC point formats lists extension | 1948 | * suite, then if server returns an EC point formats lists extension | 
| 1949 | * it must contain uncompressed. | 1949 | * it must contain uncompressed. | 
| 1950 | */ | 1950 | */ | 
| 1951 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 1951 | unsigned long alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 
| 1952 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 1952 | unsigned long alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 
| 1953 | if ((s->tlsext_ecpointformatlist != NULL) && | 1953 | if ((s->tlsext_ecpointformatlist != NULL) && | 
| 1954 | (s->tlsext_ecpointformatlist_length > 0) && | 1954 | (s->tlsext_ecpointformatlist_length > 0) && | 
| 1955 | (SSI(s)->tlsext_ecpointformatlist != NULL) && | 1955 | (SSI(s)->tlsext_ecpointformatlist != NULL) && | 
| diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 294a632b8f..52f17b7d2b 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_reneg.c,v 1.11 2015/06/20 16:42:48 doug Exp $ */ | 1 | /* $OpenBSD: t1_reneg.c,v 1.12 2017/01/22 09:02:07 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -122,22 +122,22 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |||
| 122 | int maxlen) | 122 | int maxlen) | 
| 123 | { | 123 | { | 
| 124 | if (p) { | 124 | if (p) { | 
| 125 | if ((s->s3->previous_client_finished_len + 1) > maxlen) { | 125 | if ((S3I(s)->previous_client_finished_len + 1) > maxlen) { | 
| 126 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, | 126 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, | 
| 127 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | 127 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | 
| 128 | return 0; | 128 | return 0; | 
| 129 | } | 129 | } | 
| 130 | 130 | ||
| 131 | /* Length byte */ | 131 | /* Length byte */ | 
| 132 | *p = s->s3->previous_client_finished_len; | 132 | *p = S3I(s)->previous_client_finished_len; | 
| 133 | p++; | 133 | p++; | 
| 134 | 134 | ||
| 135 | memcpy(p, s->s3->previous_client_finished, | 135 | memcpy(p, S3I(s)->previous_client_finished, | 
| 136 | s->s3->previous_client_finished_len); | 136 | S3I(s)->previous_client_finished_len); | 
| 137 | 137 | ||
| 138 | } | 138 | } | 
| 139 | 139 | ||
| 140 | *len = s->s3->previous_client_finished_len + 1; | 140 | *len = S3I(s)->previous_client_finished_len + 1; | 
| 141 | 141 | ||
| 142 | return 1; | 142 | return 1; | 
| 143 | } | 143 | } | 
| @@ -168,22 +168,22 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len, | |||
| 168 | } | 168 | } | 
| 169 | 169 | ||
| 170 | /* Check that the extension matches */ | 170 | /* Check that the extension matches */ | 
| 171 | if (CBS_len(&reneg) != s->s3->previous_client_finished_len) { | 171 | if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) { | 
| 172 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | 172 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | 
| 173 | SSL_R_RENEGOTIATION_MISMATCH); | 173 | SSL_R_RENEGOTIATION_MISMATCH); | 
| 174 | *al = SSL_AD_HANDSHAKE_FAILURE; | 174 | *al = SSL_AD_HANDSHAKE_FAILURE; | 
| 175 | return 0; | 175 | return 0; | 
| 176 | } | 176 | } | 
| 177 | 177 | ||
| 178 | if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished, | 178 | if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished, | 
| 179 | s->s3->previous_client_finished_len)) { | 179 | S3I(s)->previous_client_finished_len)) { | 
| 180 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | 180 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | 
| 181 | SSL_R_RENEGOTIATION_MISMATCH); | 181 | SSL_R_RENEGOTIATION_MISMATCH); | 
| 182 | *al = SSL_AD_HANDSHAKE_FAILURE; | 182 | *al = SSL_AD_HANDSHAKE_FAILURE; | 
| 183 | return 0; | 183 | return 0; | 
| 184 | } | 184 | } | 
| 185 | 185 | ||
| 186 | s->s3->send_connection_binding = 1; | 186 | S3I(s)->send_connection_binding = 1; | 
| 187 | 187 | ||
| 188 | return 1; | 188 | return 1; | 
| 189 | } | 189 | } | 
| @@ -194,29 +194,29 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |||
| 194 | int maxlen) | 194 | int maxlen) | 
| 195 | { | 195 | { | 
| 196 | if (p) { | 196 | if (p) { | 
| 197 | if ((s->s3->previous_client_finished_len + | 197 | if ((S3I(s)->previous_client_finished_len + | 
| 198 | s->s3->previous_server_finished_len + 1) > maxlen) { | 198 | S3I(s)->previous_server_finished_len + 1) > maxlen) { | 
| 199 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, | 199 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, | 
| 200 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | 200 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | 
| 201 | return 0; | 201 | return 0; | 
| 202 | } | 202 | } | 
| 203 | 203 | ||
| 204 | /* Length byte */ | 204 | /* Length byte */ | 
| 205 | *p = s->s3->previous_client_finished_len + | 205 | *p = S3I(s)->previous_client_finished_len + | 
| 206 | s->s3->previous_server_finished_len; | 206 | S3I(s)->previous_server_finished_len; | 
| 207 | p++; | 207 | p++; | 
| 208 | 208 | ||
| 209 | memcpy(p, s->s3->previous_client_finished, | 209 | memcpy(p, S3I(s)->previous_client_finished, | 
| 210 | s->s3->previous_client_finished_len); | 210 | S3I(s)->previous_client_finished_len); | 
| 211 | p += s->s3->previous_client_finished_len; | 211 | p += S3I(s)->previous_client_finished_len; | 
| 212 | 212 | ||
| 213 | memcpy(p, s->s3->previous_server_finished, | 213 | memcpy(p, S3I(s)->previous_server_finished, | 
| 214 | s->s3->previous_server_finished_len); | 214 | S3I(s)->previous_server_finished_len); | 
| 215 | 215 | ||
| 216 | } | 216 | } | 
| 217 | 217 | ||
| 218 | *len = s->s3->previous_client_finished_len + | 218 | *len = S3I(s)->previous_client_finished_len + | 
| 219 | s->s3->previous_server_finished_len + 1; | 219 | S3I(s)->previous_server_finished_len + 1; | 
| 220 | 220 | ||
| 221 | return 1; | 221 | return 1; | 
| 222 | } | 222 | } | 
| @@ -227,12 +227,12 @@ int | |||
| 227 | ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al) | 227 | ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al) | 
| 228 | { | 228 | { | 
| 229 | CBS cbs, reneg, previous_client, previous_server; | 229 | CBS cbs, reneg, previous_client, previous_server; | 
| 230 | int expected_len = s->s3->previous_client_finished_len + | 230 | int expected_len = S3I(s)->previous_client_finished_len + | 
| 231 | s->s3->previous_server_finished_len; | 231 | S3I(s)->previous_server_finished_len; | 
| 232 | 232 | ||
| 233 | /* Check for logic errors */ | 233 | /* Check for logic errors */ | 
| 234 | OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); | 234 | OPENSSL_assert(!expected_len || S3I(s)->previous_client_finished_len); | 
| 235 | OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); | 235 | OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len); | 
| 236 | 236 | ||
| 237 | if (len < 0) { | 237 | if (len < 0) { | 
| 238 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 238 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 
| @@ -255,9 +255,9 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i | |||
| 255 | /* Check that the extension matches */ | 255 | /* Check that the extension matches */ | 
| 256 | if (CBS_len(&reneg) != expected_len || | 256 | if (CBS_len(&reneg) != expected_len || | 
| 257 | !CBS_get_bytes(&reneg, &previous_client, | 257 | !CBS_get_bytes(&reneg, &previous_client, | 
| 258 | s->s3->previous_client_finished_len) || | 258 | S3I(s)->previous_client_finished_len) || | 
| 259 | !CBS_get_bytes(&reneg, &previous_server, | 259 | !CBS_get_bytes(&reneg, &previous_server, | 
| 260 | s->s3->previous_server_finished_len) || | 260 | S3I(s)->previous_server_finished_len) || | 
| 261 | CBS_len(&reneg) != 0) { | 261 | CBS_len(&reneg) != 0) { | 
| 262 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 262 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 
| 263 | SSL_R_RENEGOTIATION_MISMATCH); | 263 | SSL_R_RENEGOTIATION_MISMATCH); | 
| @@ -265,14 +265,14 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i | |||
| 265 | return 0; | 265 | return 0; | 
| 266 | } | 266 | } | 
| 267 | 267 | ||
| 268 | if (!CBS_mem_equal(&previous_client, s->s3->previous_client_finished, | 268 | if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished, | 
| 269 | CBS_len(&previous_client))) { | 269 | CBS_len(&previous_client))) { | 
| 270 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 270 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 
| 271 | SSL_R_RENEGOTIATION_MISMATCH); | 271 | SSL_R_RENEGOTIATION_MISMATCH); | 
| 272 | *al = SSL_AD_HANDSHAKE_FAILURE; | 272 | *al = SSL_AD_HANDSHAKE_FAILURE; | 
| 273 | return 0; | 273 | return 0; | 
| 274 | } | 274 | } | 
| 275 | if (!CBS_mem_equal(&previous_server, s->s3->previous_server_finished, | 275 | if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished, | 
| 276 | CBS_len(&previous_server))) { | 276 | CBS_len(&previous_server))) { | 
| 277 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 277 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 
| 278 | SSL_R_RENEGOTIATION_MISMATCH); | 278 | SSL_R_RENEGOTIATION_MISMATCH); | 
| @@ -280,7 +280,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i | |||
| 280 | return 0; | 280 | return 0; | 
| 281 | } | 281 | } | 
| 282 | 282 | ||
| 283 | s->s3->send_connection_binding = 1; | 283 | S3I(s)->send_connection_binding = 1; | 
| 284 | 284 | ||
| 285 | return 1; | 285 | return 1; | 
| 286 | } | 286 | } | 
