summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2022-10-02 16:36:42 +0000
committerjsing <>2022-10-02 16:36:42 +0000
commit7a087580717329de5ef02600e4e1489d86249a88 (patch)
tree739f174130582d68ff159ff94cdb3fb2185e31ef
parentd5e660940f76ba9fedb2400c0fa888e996ee93c9 (diff)
downloadopenbsd-7a087580717329de5ef02600e4e1489d86249a88.tar.gz
openbsd-7a087580717329de5ef02600e4e1489d86249a88.tar.bz2
openbsd-7a087580717329de5ef02600e4e1489d86249a88.zip
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.
These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
Diffstat
-rw-r--r--src/lib/libssl/bio_ssl.c6
-rw-r--r--src/lib/libssl/d1_both.c134
-rw-r--r--src/lib/libssl/d1_lib.c4
-rw-r--r--src/lib/libssl/d1_pkt.c102
-rw-r--r--src/lib/libssl/d1_srtp.c16
-rw-r--r--src/lib/libssl/s3_lib.c132
-rw-r--r--src/lib/libssl/ssl_both.c84
-rw-r--r--src/lib/libssl/ssl_cert.c38
-rw-r--r--src/lib/libssl/ssl_ciphers.c6
-rw-r--r--src/lib/libssl/ssl_clnt.c202
-rw-r--r--src/lib/libssl/ssl_lib.c671
-rw-r--r--src/lib/libssl/ssl_locl.h180
-rw-r--r--src/lib/libssl/ssl_packet.c28
-rw-r--r--src/lib/libssl/ssl_pkt.c152
-rw-r--r--src/lib/libssl/ssl_seclevel.c6
-rw-r--r--src/lib/libssl/ssl_sess.c146
-rw-r--r--src/lib/libssl/ssl_srvr.c186
-rw-r--r--src/lib/libssl/ssl_stat.c6
-rw-r--r--src/lib/libssl/ssl_tlsext.c132
-rw-r--r--src/lib/libssl/ssl_versions.c10
-rw-r--r--src/lib/libssl/t1_enc.c12
-rw-r--r--src/lib/libssl/t1_lib.c106
-rw-r--r--src/lib/libssl/tls13_client.c4
-rw-r--r--src/lib/libssl/tls13_legacy.c72
-rw-r--r--src/lib/libssl/tls13_lib.c16
-rw-r--r--src/lib/libssl/tls13_server.c6
26 files changed, 1220 insertions, 1237 deletions
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index e86b9d83f2..e78bbc1851 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bio_ssl.c,v 1.33 2022/01/14 09:12:53 tb Exp $ */ 1/* $OpenBSD: bio_ssl.c,v 1.34 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -294,10 +294,10 @@ ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
294 case BIO_CTRL_RESET: 294 case BIO_CTRL_RESET:
295 SSL_shutdown(ssl); 295 SSL_shutdown(ssl);
296 296
297 if (ssl->internal->handshake_func == 297 if (ssl->handshake_func ==
298 ssl->method->ssl_connect) 298 ssl->method->ssl_connect)
299 SSL_set_connect_state(ssl); 299 SSL_set_connect_state(ssl);
300 else if (ssl->internal->handshake_func == 300 else if (ssl->handshake_func ==
301 ssl->method->ssl_accept) 301 ssl->method->ssl_accept)
302 SSL_set_accept_state(ssl); 302 SSL_set_accept_state(ssl);
303 303
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index fd7c07a4d5..4f7f8be6ce 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.81 2022/02/05 14:54:10 jsing Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.82 2022/10/02 16:36:41 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -206,7 +206,7 @@ dtls1_hm_fragment_free(hm_fragment *frag)
206 free(frag); 206 free(frag);
207} 207}
208 208
209/* send s->internal->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ 209/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
210int 210int
211dtls1_do_write(SSL *s, int type) 211dtls1_do_write(SSL *s, int type)
212{ 212{
@@ -237,15 +237,15 @@ dtls1_do_write(SSL *s, int type)
237 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); 237 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
238 /* should have something reasonable now */ 238 /* should have something reasonable now */
239 239
240 if (s->internal->init_off == 0 && type == SSL3_RT_HANDSHAKE) 240 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
241 OPENSSL_assert(s->internal->init_num == 241 OPENSSL_assert(s->init_num ==
242 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); 242 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
243 243
244 if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead)) 244 if (!tls12_record_layer_write_overhead(s->rl, &overhead))
245 return -1; 245 return -1;
246 246
247 frag_off = 0; 247 frag_off = 0;
248 while (s->internal->init_num) { 248 while (s->init_num) {
249 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 249 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
250 DTLS1_RT_HEADER_LENGTH - overhead; 250 DTLS1_RT_HEADER_LENGTH - overhead;
251 251
@@ -258,22 +258,22 @@ dtls1_do_write(SSL *s, int type)
258 overhead; 258 overhead;
259 } 259 }
260 260
261 if (s->internal->init_num > curr_mtu) 261 if (s->init_num > curr_mtu)
262 len = curr_mtu; 262 len = curr_mtu;
263 else 263 else
264 len = s->internal->init_num; 264 len = s->init_num;
265 265
266 /* XDTLS: this function is too long. split out the CCS part */ 266 /* XDTLS: this function is too long. split out the CCS part */
267 if (type == SSL3_RT_HANDSHAKE) { 267 if (type == SSL3_RT_HANDSHAKE) {
268 if (s->internal->init_off != 0) { 268 if (s->init_off != 0) {
269 OPENSSL_assert(s->internal->init_off > DTLS1_HM_HEADER_LENGTH); 269 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
270 s->internal->init_off -= DTLS1_HM_HEADER_LENGTH; 270 s->init_off -= DTLS1_HM_HEADER_LENGTH;
271 s->internal->init_num += DTLS1_HM_HEADER_LENGTH; 271 s->init_num += DTLS1_HM_HEADER_LENGTH;
272 272
273 if (s->internal->init_num > curr_mtu) 273 if (s->init_num > curr_mtu)
274 len = curr_mtu; 274 len = curr_mtu;
275 else 275 else
276 len = s->internal->init_num; 276 len = s->init_num;
277 } 277 }
278 278
279 dtls1_fix_message_header(s, frag_off, 279 dtls1_fix_message_header(s, frag_off,
@@ -281,14 +281,14 @@ dtls1_do_write(SSL *s, int type)
281 281
282 if (!dtls1_write_message_header(&s->d1->w_msg_hdr, 282 if (!dtls1_write_message_header(&s->d1->w_msg_hdr,
283 s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len, 283 s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len,
284 (unsigned char *)&s->internal->init_buf->data[s->internal->init_off])) 284 (unsigned char *)&s->init_buf->data[s->init_off]))
285 return -1; 285 return -1;
286 286
287 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH); 287 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
288 } 288 }
289 289
290 ret = dtls1_write_bytes(s, type, 290 ret = dtls1_write_bytes(s, type,
291 &s->internal->init_buf->data[s->internal->init_off], len); 291 &s->init_buf->data[s->init_off], len);
292 if (ret < 0) { 292 if (ret < 0) {
293 /* 293 /*
294 * Might need to update MTU here, but we don't know 294 * Might need to update MTU here, but we don't know
@@ -319,7 +319,7 @@ dtls1_do_write(SSL *s, int type)
319 * but in that case we'll ignore the result 319 * but in that case we'll ignore the result
320 * anyway 320 * anyway
321 */ 321 */
322 unsigned char *p = (unsigned char *)&s->internal->init_buf->data[s->internal->init_off]; 322 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
323 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 323 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
324 int xlen; 324 int xlen;
325 325
@@ -340,21 +340,21 @@ dtls1_do_write(SSL *s, int type)
340 tls1_transcript_record(s, p, xlen); 340 tls1_transcript_record(s, p, xlen);
341 } 341 }
342 342
343 if (ret == s->internal->init_num) { 343 if (ret == s->init_num) {
344 if (s->internal->msg_callback) 344 if (s->msg_callback)
345 s->internal->msg_callback(1, s->version, type, 345 s->msg_callback(1, s->version, type,
346 s->internal->init_buf->data, 346 s->init_buf->data,
347 (size_t)(s->internal->init_off + s->internal->init_num), 347 (size_t)(s->init_off + s->init_num),
348 s, s->internal->msg_callback_arg); 348 s, s->msg_callback_arg);
349 349
350 s->internal->init_off = 0; 350 s->init_off = 0;
351 /* done writing this message */ 351 /* done writing this message */
352 s->internal->init_num = 0; 352 s->init_num = 0;
353 353
354 return (1); 354 return (1);
355 } 355 }
356 s->internal->init_off += ret; 356 s->init_off += ret;
357 s->internal->init_num -= ret; 357 s->init_num -= ret;
358 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH); 358 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
359 } 359 }
360 } 360 }
@@ -377,7 +377,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
377 int i, al, ok; 377 int i, al, ok;
378 378
379 /* 379 /*
380 * s3->internal->tmp is used to store messages that are unexpected, caused 380 * s3->tmp is used to store messages that are unexpected, caused
381 * by the absence of an optional handshake message 381 * by the absence of an optional handshake message
382 */ 382 */
383 if (s->s3->hs.tls12.reuse_message) { 383 if (s->s3->hs.tls12.reuse_message) {
@@ -387,8 +387,8 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
387 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 387 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
388 goto fatal_err; 388 goto fatal_err;
389 } 389 }
390 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; 390 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
391 s->internal->init_num = (int)s->s3->hs.tls12.message_size; 391 s->init_num = (int)s->s3->hs.tls12.message_size;
392 return 1; 392 return 1;
393 } 393 }
394 394
@@ -403,7 +403,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
403 else if (i <= 0 && !ok) 403 else if (i <= 0 && !ok)
404 return i; 404 return i;
405 405
406 p = (unsigned char *)s->internal->init_buf->data; 406 p = (unsigned char *)s->init_buf->data;
407 msg_len = msg_hdr->msg_len; 407 msg_len = msg_hdr->msg_len;
408 408
409 /* reconstruct message header */ 409 /* reconstruct message header */
@@ -413,9 +413,9 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
413 msg_len += DTLS1_HM_HEADER_LENGTH; 413 msg_len += DTLS1_HM_HEADER_LENGTH;
414 414
415 tls1_transcript_record(s, p, msg_len); 415 tls1_transcript_record(s, p, msg_len);
416 if (s->internal->msg_callback) 416 if (s->msg_callback)
417 s->internal->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len, 417 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len,
418 s, s->internal->msg_callback_arg); 418 s, s->msg_callback_arg);
419 419
420 memset(msg_hdr, 0, sizeof(struct hm_header_st)); 420 memset(msg_hdr, 0, sizeof(struct hm_header_st));
421 421
@@ -423,7 +423,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
423 if (!s->d1->listen) 423 if (!s->d1->listen)
424 s->d1->handshake_read_seq++; 424 s->d1->handshake_read_seq++;
425 425
426 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; 426 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
427 return 1; 427 return 1;
428 428
429 fatal_err: 429 fatal_err:
@@ -457,7 +457,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
457 * msg_len is limited to 2^24, but is effectively checked 457 * msg_len is limited to 2^24, but is effectively checked
458 * against max above 458 * against max above
459 */ 459 */
460 if (!BUF_MEM_grow_clean(s->internal->init_buf, 460 if (!BUF_MEM_grow_clean(s->init_buf,
461 msg_len + DTLS1_HM_HEADER_LENGTH)) { 461 msg_len + DTLS1_HM_HEADER_LENGTH)) {
462 SSLerror(s, ERR_R_BUF_LIB); 462 SSLerror(s, ERR_R_BUF_LIB);
463 return SSL_AD_INTERNAL_ERROR; 463 return SSL_AD_INTERNAL_ERROR;
@@ -486,8 +486,8 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
486 /* 486 /*
487 * (0) check whether the desired fragment is available 487 * (0) check whether the desired fragment is available
488 * if so: 488 * if so:
489 * (1) copy over the fragment to s->internal->init_buf->data[] 489 * (1) copy over the fragment to s->init_buf->data[]
490 * (2) update s->internal->init_num 490 * (2) update s->init_num
491 */ 491 */
492 pitem *item; 492 pitem *item;
493 hm_fragment *frag; 493 hm_fragment *frag;
@@ -512,7 +512,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
512 512
513 if (al == 0) /* no alert */ 513 if (al == 0) /* no alert */
514 { 514 {
515 unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; 515 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
516 memcpy(&p[frag->msg_header.frag_off], 516 memcpy(&p[frag->msg_header.frag_off],
517 frag->fragment, frag->msg_header.frag_len); 517 frag->fragment, frag->msg_header.frag_len);
518 } 518 }
@@ -526,7 +526,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
526 } 526 }
527 527
528 ssl3_send_alert(s, SSL3_AL_FATAL, al); 528 ssl3_send_alert(s, SSL3_AL_FATAL, al);
529 s->internal->init_num = 0; 529 s->init_num = 0;
530 *ok = 0; 530 *ok = 0;
531 return -1; 531 return -1;
532 } else 532 } else
@@ -544,8 +544,8 @@ dtls1_max_handshake_message_len(const SSL *s)
544 unsigned long max_len; 544 unsigned long max_len;
545 545
546 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; 546 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
547 if (max_len < (unsigned long)s->internal->max_cert_list) 547 if (max_len < (unsigned long)s->max_cert_list)
548 return s->internal->max_cert_list; 548 return s->max_cert_list;
549 return max_len; 549 return max_len;
550} 550}
551 551
@@ -749,7 +749,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
749 /* see if we have the required fragment already */ 749 /* see if we have the required fragment already */
750 if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) { 750 if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
751 if (*ok) 751 if (*ok)
752 s->internal->init_num = frag_len; 752 s->init_num = frag_len;
753 return frag_len; 753 return frag_len;
754 } 754 }
755 755
@@ -758,7 +758,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
758 DTLS1_HM_HEADER_LENGTH, 0); 758 DTLS1_HM_HEADER_LENGTH, 0);
759 if (i <= 0) { 759 if (i <= 0) {
760 /* nbio, or an error */ 760 /* nbio, or an error */
761 s->internal->rwstate = SSL_READING; 761 s->rwstate = SSL_READING;
762 *ok = 0; 762 *ok = 0;
763 return i; 763 return i;
764 } 764 }
@@ -797,13 +797,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
797 * 'Finished' MAC. 797 * 'Finished' MAC.
798 */ 798 */
799 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { 799 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
800 if (s->internal->msg_callback) 800 if (s->msg_callback)
801 s->internal->msg_callback(0, s->version, 801 s->msg_callback(0, s->version,
802 SSL3_RT_HANDSHAKE, wire, 802 SSL3_RT_HANDSHAKE, wire,
803 DTLS1_HM_HEADER_LENGTH, s, 803 DTLS1_HM_HEADER_LENGTH, s,
804 s->internal->msg_callback_arg); 804 s->msg_callback_arg);
805 805
806 s->internal->init_num = 0; 806 s->init_num = 0;
807 goto again; 807 goto again;
808 } 808 }
809 else /* Incorrectly formated Hello request */ 809 else /* Incorrectly formated Hello request */
@@ -821,13 +821,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
821 s->s3->hs.state = stn; 821 s->s3->hs.state = stn;
822 822
823 if (frag_len > 0) { 823 if (frag_len > 0) {
824 unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; 824 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
825 825
826 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, 826 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
827 &p[frag_off], frag_len, 0); 827 &p[frag_off], frag_len, 0);
828 /* XDTLS: fix this--message fragments cannot span multiple packets */ 828 /* XDTLS: fix this--message fragments cannot span multiple packets */
829 if (i <= 0) { 829 if (i <= 0) {
830 s->internal->rwstate = SSL_READING; 830 s->rwstate = SSL_READING;
831 *ok = 0; 831 *ok = 0;
832 return i; 832 return i;
833 } 833 }
@@ -845,18 +845,18 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
845 } 845 }
846 846
847 /* 847 /*
848 * Note that s->internal->init_num is *not* used as current offset in 848 * Note that s->init_num is *not* used as current offset in
849 * s->internal->init_buf->data, but as a counter summing up fragments' 849 * s->init_buf->data, but as a counter summing up fragments'
850 * lengths: as soon as they sum up to handshake packet 850 * lengths: as soon as they sum up to handshake packet
851 * length, we assume we have got all the fragments. 851 * length, we assume we have got all the fragments.
852 */ 852 */
853 s->internal->init_num = frag_len; 853 s->init_num = frag_len;
854 *ok = 1; 854 *ok = 1;
855 return frag_len; 855 return frag_len;
856 856
857 fatal_err: 857 fatal_err:
858 ssl3_send_alert(s, SSL3_AL_FATAL, al); 858 ssl3_send_alert(s, SSL3_AL_FATAL, al);
859 s->internal->init_num = 0; 859 s->init_num = 0;
860 860
861 *ok = 0; 861 *ok = 0;
862 return (-1); 862 return (-1);
@@ -948,17 +948,17 @@ dtls1_buffer_message(SSL *s, int is_ccs)
948 * This function is called immediately after a message has 948 * This function is called immediately after a message has
949 * been serialized 949 * been serialized
950 */ 950 */
951 OPENSSL_assert(s->internal->init_off == 0); 951 OPENSSL_assert(s->init_off == 0);
952 952
953 frag = dtls1_hm_fragment_new(s->internal->init_num, 0); 953 frag = dtls1_hm_fragment_new(s->init_num, 0);
954 if (frag == NULL) 954 if (frag == NULL)
955 return 0; 955 return 0;
956 956
957 memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num); 957 memcpy(frag->fragment, s->init_buf->data, s->init_num);
958 958
959 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 959 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
960 (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) == 960 (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) ==
961 (unsigned int)s->internal->init_num); 961 (unsigned int)s->init_num);
962 962
963 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; 963 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
964 frag->msg_header.seq = s->d1->w_msg_hdr.seq; 964 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
@@ -970,7 +970,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
970 /* save current state*/ 970 /* save current state*/
971 frag->msg_header.saved_retransmit_state.session = s->session; 971 frag->msg_header.saved_retransmit_state.session = s->session;
972 frag->msg_header.saved_retransmit_state.epoch = 972 frag->msg_header.saved_retransmit_state.epoch =
973 tls12_record_layer_write_epoch(s->internal->rl); 973 tls12_record_layer_write_epoch(s->rl);
974 974
975 memset(seq64be, 0, sizeof(seq64be)); 975 memset(seq64be, 0, sizeof(seq64be));
976 seq64be[6] = (unsigned char)(dtls1_get_queue_priority( 976 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
@@ -1001,8 +1001,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1001 struct dtls1_retransmit_state saved_state; 1001 struct dtls1_retransmit_state saved_state;
1002 1002
1003 /* 1003 /*
1004 OPENSSL_assert(s->internal->init_num == 0); 1004 OPENSSL_assert(s->init_num == 0);
1005 OPENSSL_assert(s->internal->init_off == 0); 1005 OPENSSL_assert(s->init_off == 0);
1006 */ 1006 */
1007 1007
1008 /* XDTLS: the requested message ought to be found, otherwise error */ 1008 /* XDTLS: the requested message ought to be found, otherwise error */
@@ -1027,9 +1027,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1027 else 1027 else
1028 header_length = DTLS1_HM_HEADER_LENGTH; 1028 header_length = DTLS1_HM_HEADER_LENGTH;
1029 1029
1030 memcpy(s->internal->init_buf->data, frag->fragment, 1030 memcpy(s->init_buf->data, frag->fragment,
1031 frag->msg_header.msg_len + header_length); 1031 frag->msg_header.msg_len + header_length);
1032 s->internal->init_num = frag->msg_header.msg_len + header_length; 1032 s->init_num = frag->msg_header.msg_len + header_length;
1033 1033
1034 dtls1_set_message_header_int(s, frag->msg_header.type, 1034 dtls1_set_message_header_int(s, frag->msg_header.type,
1035 frag->msg_header.msg_len, frag->msg_header.seq, 0, 1035 frag->msg_header.msg_len, frag->msg_header.seq, 0,
@@ -1037,13 +1037,13 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1037 1037
1038 /* save current state */ 1038 /* save current state */
1039 saved_state.session = s->session; 1039 saved_state.session = s->session;
1040 saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl); 1040 saved_state.epoch = tls12_record_layer_write_epoch(s->rl);
1041 1041
1042 s->d1->retransmitting = 1; 1042 s->d1->retransmitting = 1;
1043 1043
1044 /* restore state in which the message was originally sent */ 1044 /* restore state in which the message was originally sent */
1045 s->session = frag->msg_header.saved_retransmit_state.session; 1045 s->session = frag->msg_header.saved_retransmit_state.session;
1046 if (!tls12_record_layer_use_write_epoch(s->internal->rl, 1046 if (!tls12_record_layer_use_write_epoch(s->rl,
1047 frag->msg_header.saved_retransmit_state.epoch)) 1047 frag->msg_header.saved_retransmit_state.epoch))
1048 return 0; 1048 return 0;
1049 1049
@@ -1052,7 +1052,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1052 1052
1053 /* restore current state */ 1053 /* restore current state */
1054 s->session = saved_state.session; 1054 s->session = saved_state.session;
1055 if (!tls12_record_layer_use_write_epoch(s->internal->rl, 1055 if (!tls12_record_layer_use_write_epoch(s->rl,
1056 saved_state.epoch)) 1056 saved_state.epoch))
1057 return 0; 1057 return 0;
1058 1058
@@ -1073,7 +1073,7 @@ dtls1_clear_record_buffer(SSL *s)
1073 item = pqueue_pop(s->d1->sent_messages)) { 1073 item = pqueue_pop(s->d1->sent_messages)) {
1074 frag = item->data; 1074 frag = item->data;
1075 if (frag->msg_header.is_ccs) 1075 if (frag->msg_header.is_ccs)
1076 tls12_record_layer_write_epoch_done(s->internal->rl, 1076 tls12_record_layer_write_epoch_done(s->rl,
1077 frag->msg_header.saved_retransmit_state.epoch); 1077 frag->msg_header.saved_retransmit_state.epoch);
1078 dtls1_hm_fragment_free(frag); 1078 dtls1_hm_fragment_free(frag);
1079 pitem_free(item); 1079 pitem_free(item);
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 770734e6ff..cf4c5100d5 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_lib.c,v 1.61 2021/10/23 13:36:03 jsing Exp $ */ 1/* $OpenBSD: d1_lib.c,v 1.62 2022/10/02 16:36:41 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -187,7 +187,7 @@ dtls1_clear(SSL *s)
187 memset(s->d1, 0, sizeof(*s->d1)); 187 memset(s->d1, 0, sizeof(*s->d1));
188 188
189 s->d1->unprocessed_rcds.epoch = 189 s->d1->unprocessed_rcds.epoch =
190 tls12_record_layer_read_epoch(s->internal->rl) + 1; 190 tls12_record_layer_read_epoch(s->rl) + 1;
191 191
192 if (s->server) { 192 if (s->server) {
193 s->d1->cookie_len = sizeof(s->d1->cookie); 193 s->d1->cookie_len = sizeof(s->d1->cookie);
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 456f871a43..1431434ba8 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.123 2022/03/26 15:05:53 jsing Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.124 2022/10/02 16:36:41 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -193,8 +193,8 @@ dtls1_copy_record(SSL *s, DTLS1_RECORD_DATA_INTERNAL *rdata)
193{ 193{
194 ssl3_release_buffer(&s->s3->rbuf); 194 ssl3_release_buffer(&s->s3->rbuf);
195 195
196 s->internal->packet = rdata->packet; 196 s->packet = rdata->packet;
197 s->internal->packet_length = rdata->packet_length; 197 s->packet_length = rdata->packet_length;
198 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); 198 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
199 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL)); 199 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
200 200
@@ -216,15 +216,15 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
216 if (rdata == NULL || item == NULL) 216 if (rdata == NULL || item == NULL)
217 goto init_err; 217 goto init_err;
218 218
219 rdata->packet = s->internal->packet; 219 rdata->packet = s->packet;
220 rdata->packet_length = s->internal->packet_length; 220 rdata->packet_length = s->packet_length;
221 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); 221 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
222 memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL)); 222 memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL));
223 223
224 item->data = rdata; 224 item->data = rdata;
225 225
226 s->internal->packet = NULL; 226 s->packet = NULL;
227 s->internal->packet_length = 0; 227 s->packet_length = 0;
228 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL)); 228 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
229 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL)); 229 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
230 230
@@ -271,13 +271,13 @@ dtls1_process_buffered_record(SSL *s)
271{ 271{
272 /* Check if epoch is current. */ 272 /* Check if epoch is current. */
273 if (s->d1->unprocessed_rcds.epoch != 273 if (s->d1->unprocessed_rcds.epoch !=
274 tls12_record_layer_read_epoch(s->internal->rl)) 274 tls12_record_layer_read_epoch(s->rl))
275 return (0); 275 return (0);
276 276
277 /* Update epoch once all unprocessed records have been processed. */ 277 /* Update epoch once all unprocessed records have been processed. */
278 if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) { 278 if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) {
279 s->d1->unprocessed_rcds.epoch = 279 s->d1->unprocessed_rcds.epoch =
280 tls12_record_layer_read_epoch(s->internal->rl) + 1; 280 tls12_record_layer_read_epoch(s->rl) + 1;
281 return (0); 281 return (0);
282 } 282 }
283 283
@@ -298,11 +298,11 @@ dtls1_process_record(SSL *s)
298 uint8_t *out; 298 uint8_t *out;
299 size_t out_len; 299 size_t out_len;
300 300
301 tls12_record_layer_set_version(s->internal->rl, s->version); 301 tls12_record_layer_set_version(s->rl, s->version);
302 302
303 if (!tls12_record_layer_open_record(s->internal->rl, s->internal->packet, 303 if (!tls12_record_layer_open_record(s->rl, s->packet,
304 s->internal->packet_length, &out, &out_len)) { 304 s->packet_length, &out, &out_len)) {
305 tls12_record_layer_alert(s->internal->rl, &alert_desc); 305 tls12_record_layer_alert(s->rl, &alert_desc);
306 306
307 if (alert_desc == 0) 307 if (alert_desc == 0)
308 goto err; 308 goto err;
@@ -327,7 +327,7 @@ dtls1_process_record(SSL *s)
327 rr->length = out_len; 327 rr->length = out_len;
328 rr->off = 0; 328 rr->off = 0;
329 329
330 s->internal->packet_length = 0; 330 s->packet_length = 0;
331 331
332 return (1); 332 return (1);
333 333
@@ -341,9 +341,9 @@ dtls1_process_record(SSL *s)
341 * It will return <= 0 if more data is needed, normally due to an error 341 * It will return <= 0 if more data is needed, normally due to an error
342 * or non-blocking IO. 342 * or non-blocking IO.
343 * When it finishes, one packet has been decoded and can be found in 343 * When it finishes, one packet has been decoded and can be found in
344 * ssl->s3->internal->rrec.type - is the type of record 344 * ssl->s3->rrec.type - is the type of record
345 * ssl->s3->internal->rrec.data, - data 345 * ssl->s3->rrec.data, - data
346 * ssl->s3->internal->rrec.length, - number of bytes 346 * ssl->s3->rrec.length, - number of bytes
347 */ 347 */
348/* used only by dtls1_read_bytes */ 348/* used only by dtls1_read_bytes */
349int 349int
@@ -364,12 +364,12 @@ dtls1_get_record(SSL *s)
364 again: 364 again:
365 /* dump this record on all retries */ 365 /* dump this record on all retries */
366 rr->length = 0; 366 rr->length = 0;
367 s->internal->packet_length = 0; 367 s->packet_length = 0;
368 } 368 }
369 369
370 /* check if we have the header */ 370 /* check if we have the header */
371 if ((s->internal->rstate != SSL_ST_READ_BODY) || 371 if ((s->rstate != SSL_ST_READ_BODY) ||
372 (s->internal->packet_length < DTLS1_RT_HEADER_LENGTH)) { 372 (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
373 CBS header, seq_no; 373 CBS header, seq_no;
374 uint16_t epoch, len, ssl_version; 374 uint16_t epoch, len, ssl_version;
375 uint8_t type; 375 uint8_t type;
@@ -382,9 +382,9 @@ dtls1_get_record(SSL *s)
382 if (n != DTLS1_RT_HEADER_LENGTH) 382 if (n != DTLS1_RT_HEADER_LENGTH)
383 goto again; 383 goto again;
384 384
385 s->internal->rstate = SSL_ST_READ_BODY; 385 s->rstate = SSL_ST_READ_BODY;
386 386
387 CBS_init(&header, s->internal->packet, s->internal->packet_length); 387 CBS_init(&header, s->packet, s->packet_length);
388 388
389 /* Pull apart the header into the DTLS1_RECORD */ 389 /* Pull apart the header into the DTLS1_RECORD */
390 if (!CBS_get_u8(&header, &type)) 390 if (!CBS_get_u8(&header, &type))
@@ -409,7 +409,7 @@ dtls1_get_record(SSL *s)
409 rr->length = len; 409 rr->length = len;
410 410
411 /* unexpected version, silently discard */ 411 /* unexpected version, silently discard */
412 if (!s->internal->first_packet && ssl_version != s->version) 412 if (!s->first_packet && ssl_version != s->version)
413 goto again; 413 goto again;
414 414
415 /* wrong version, silently discard record */ 415 /* wrong version, silently discard record */
@@ -420,11 +420,11 @@ dtls1_get_record(SSL *s)
420 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) 420 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
421 goto again; 421 goto again;
422 422
423 /* now s->internal->rstate == SSL_ST_READ_BODY */ 423 /* now s->rstate == SSL_ST_READ_BODY */
424 p = (unsigned char *)CBS_data(&header); 424 p = (unsigned char *)CBS_data(&header);
425 } 425 }
426 426
427 /* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */ 427 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
428 428
429 n = ssl3_packet_extend(s, DTLS1_RT_HEADER_LENGTH + rr->length); 429 n = ssl3_packet_extend(s, DTLS1_RT_HEADER_LENGTH + rr->length);
430 if (n <= 0) 430 if (n <= 0)
@@ -434,7 +434,7 @@ dtls1_get_record(SSL *s)
434 if (n != DTLS1_RT_HEADER_LENGTH + rr->length) 434 if (n != DTLS1_RT_HEADER_LENGTH + rr->length)
435 goto again; 435 goto again;
436 436
437 s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ 437 s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
438 438
439 /* match epochs. NULL means the packet is dropped on the floor */ 439 /* match epochs. NULL means the packet is dropped on the floor */
440 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); 440 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
@@ -463,7 +463,7 @@ dtls1_get_record(SSL *s)
463 * anything while listening. 463 * anything while listening.
464 */ 464 */
465 if (is_next_epoch) { 465 if (is_next_epoch) {
466 if ((SSL_in_init(s) || s->internal->in_handshake) && !s->d1->listen) { 466 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
467 if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), 467 if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
468 rr->seq_num) < 0) 468 rr->seq_num) < 0)
469 return (-1); 469 return (-1);
@@ -490,7 +490,7 @@ dtls1_read_handshake_unexpected(SSL *s)
490 CBS cbs; 490 CBS cbs;
491 int ret; 491 int ret;
492 492
493 if (s->internal->in_handshake) { 493 if (s->in_handshake) {
494 SSLerror(s, ERR_R_INTERNAL_ERROR); 494 SSLerror(s, ERR_R_INTERNAL_ERROR);
495 return -1; 495 return -1;
496 } 496 }
@@ -506,7 +506,7 @@ dtls1_read_handshake_unexpected(SSL *s)
506 return -1; /* XXX - probably should drop/continue. */ 506 return -1; /* XXX - probably should drop/continue. */
507 507
508 /* This may just be a stale retransmit. */ 508 /* This may just be a stale retransmit. */
509 if (rr->epoch != tls12_record_layer_read_epoch(s->internal->rl)) { 509 if (rr->epoch != tls12_record_layer_read_epoch(s->rl)) {
510 rr->length = 0; 510 rr->length = 0;
511 return 1; 511 return 1;
512 } 512 }
@@ -556,7 +556,7 @@ dtls1_read_handshake_unexpected(SSL *s)
556 s->d1->handshake_read_seq++; 556 s->d1->handshake_read_seq++;
557 557
558 /* XXX - why is this set here but not in ssl3? */ 558 /* XXX - why is this set here but not in ssl3? */
559 s->internal->new_session = 1; 559 s->new_session = 1;
560 560
561 if (!ssl3_renegotiate(s)) 561 if (!ssl3_renegotiate(s))
562 return 1; 562 return 1;
@@ -589,7 +589,7 @@ dtls1_read_handshake_unexpected(SSL *s)
589 return -1; 589 return -1;
590 } 590 }
591 591
592 if ((s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) { 592 if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) {
593 ssl3_send_alert(s, SSL3_AL_FATAL, 593 ssl3_send_alert(s, SSL3_AL_FATAL,
594 SSL_AD_NO_RENEGOTIATION); 594 SSL_AD_NO_RENEGOTIATION);
595 return -1; 595 return -1;
@@ -609,8 +609,8 @@ dtls1_read_handshake_unexpected(SSL *s)
609 } 609 }
610 610
611 s->s3->hs.state = SSL_ST_ACCEPT; 611 s->s3->hs.state = SSL_ST_ACCEPT;
612 s->internal->renegotiate = 1; 612 s->renegotiate = 1;
613 s->internal->new_session = 1; 613 s->new_session = 1;
614 614
615 } else if (hs_msg_hdr.type == SSL3_MT_FINISHED && s->server) { 615 } else if (hs_msg_hdr.type == SSL3_MT_FINISHED && s->server) {
616 /* 616 /*
@@ -634,14 +634,14 @@ dtls1_read_handshake_unexpected(SSL *s)
634 return -1; 634 return -1;
635 } 635 }
636 636
637 if ((ret = s->internal->handshake_func(s)) < 0) 637 if ((ret = s->handshake_func(s)) < 0)
638 return ret; 638 return ret;
639 if (ret == 0) { 639 if (ret == 0) {
640 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); 640 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
641 return -1; 641 return -1;
642 } 642 }
643 643
644 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { 644 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
645 if (s->s3->rbuf.left == 0) { 645 if (s->s3->rbuf.left == 0) {
646 ssl_force_want_read(s); 646 ssl_force_want_read(s);
647 return -1; 647 return -1;
@@ -710,8 +710,8 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
710 return -1; 710 return -1;
711 } 711 }
712 712
713 if (SSL_in_init(s) && !s->internal->in_handshake) { 713 if (SSL_in_init(s) && !s->in_handshake) {
714 if ((ret = s->internal->handshake_func(s)) < 0) 714 if ((ret = s->handshake_func(s)) < 0)
715 return ret; 715 return ret;
716 if (ret == 0) { 716 if (ret == 0) {
717 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); 717 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
@@ -733,7 +733,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
733 return -1; 733 return -1;
734 } 734 }
735 735
736 s->internal->rwstate = SSL_NOTHING; 736 s->rwstate = SSL_NOTHING;
737 737
738 rr = &s->s3->rrec; 738 rr = &s->s3->rrec;
739 739
@@ -747,7 +747,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
747 if (dtls1_handle_timeout(s) > 0) 747 if (dtls1_handle_timeout(s) > 0)
748 goto start; 748 goto start;
749 749
750 if (rr->length == 0 || s->internal->rstate == SSL_ST_READ_BODY) { 750 if (rr->length == 0 || s->rstate == SSL_ST_READ_BODY) {
751 if ((ret = dtls1_get_record(s)) <= 0) { 751 if ((ret = dtls1_get_record(s)) <= 0) {
752 /* Anything other than a timeout is an error. */ 752 /* Anything other than a timeout is an error. */
753 if ((ret = dtls1_read_failed(s, ret)) <= 0) 753 if ((ret = dtls1_read_failed(s, ret)) <= 0)
@@ -783,8 +783,8 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
783 * If the other end has shut down, throw anything we read away (even in 783 * If the other end has shut down, throw anything we read away (even in
784 * 'peek' mode). 784 * 'peek' mode).
785 */ 785 */
786 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { 786 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
787 s->internal->rwstate = SSL_NOTHING; 787 s->rwstate = SSL_NOTHING;
788 rr->length = 0; 788 rr->length = 0;
789 return 0; 789 return 0;
790 } 790 }
@@ -796,7 +796,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
796 * are doing a handshake for the first time. 796 * are doing a handshake for the first time.
797 */ 797 */
798 if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && 798 if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
799 !tls12_record_layer_read_protected(s->internal->rl)) { 799 !tls12_record_layer_read_protected(s->rl)) {
800 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); 800 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
801 ssl3_send_alert(s, SSL3_AL_FATAL, 801 ssl3_send_alert(s, SSL3_AL_FATAL,
802 SSL_AD_UNEXPECTED_MESSAGE); 802 SSL_AD_UNEXPECTED_MESSAGE);
@@ -817,7 +817,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
817 rr->length -= n; 817 rr->length -= n;
818 rr->off += n; 818 rr->off += n;
819 if (rr->length == 0) { 819 if (rr->length == 0) {
820 s->internal->rstate = SSL_ST_READ_HEADER; 820 s->rstate = SSL_ST_READ_HEADER;
821 rr->off = 0; 821 rr->off = 0;
822 } 822 }
823 } 823 }
@@ -836,8 +836,8 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
836 goto start; 836 goto start;
837 } 837 }
838 838
839 if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { 839 if (s->shutdown & SSL_SENT_SHUTDOWN) {
840 s->internal->rwstate = SSL_NOTHING; 840 s->rwstate = SSL_NOTHING;
841 rr->length = 0; 841 rr->length = 0;
842 return (0); 842 return (0);
843 } 843 }
@@ -891,9 +891,9 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
891{ 891{
892 int i; 892 int i;
893 893
894 if (SSL_in_init(s) && !s->internal->in_handshake) 894 if (SSL_in_init(s) && !s->in_handshake)
895 { 895 {
896 i = s->internal->handshake_func(s); 896 i = s->handshake_func(s);
897 if (i < 0) 897 if (i < 0)
898 return (i); 898 return (i);
899 if (i == 0) { 899 if (i == 0) {
@@ -920,7 +920,7 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
920 int i; 920 int i;
921 921
922 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); 922 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
923 s->internal->rwstate = SSL_NOTHING; 923 s->rwstate = SSL_NOTHING;
924 i = do_dtls1_write(s, type, buf, len); 924 i = do_dtls1_write(s, type, buf, len);
925 return i; 925 return i;
926} 926}
@@ -959,9 +959,9 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
959 if (!CBB_init_fixed(&cbb, wb->buf, wb->len)) 959 if (!CBB_init_fixed(&cbb, wb->buf, wb->len))
960 goto err; 960 goto err;
961 961
962 tls12_record_layer_set_version(s->internal->rl, s->version); 962 tls12_record_layer_set_version(s->rl, s->version);
963 963
964 if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb)) 964 if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb))
965 goto err; 965 goto err;
966 966
967 if (!CBB_finish(&cbb, NULL, &out_len)) 967 if (!CBB_finish(&cbb, NULL, &out_len))
@@ -1035,7 +1035,7 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
1035 1035
1036 *is_next_epoch = 0; 1036 *is_next_epoch = 0;
1037 1037
1038 read_epoch = tls12_record_layer_read_epoch(s->internal->rl); 1038 read_epoch = tls12_record_layer_read_epoch(s->rl);
1039 read_epoch_next = read_epoch + 1; 1039 read_epoch_next = read_epoch + 1;
1040 1040
1041 /* In current epoch, accept HM, CCS, DATA, & ALERT */ 1041 /* In current epoch, accept HM, CCS, DATA, & ALERT */
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index 793fa868d7..1c23409736 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srtp.c,v 1.30 2022/01/28 13:11:56 inoguchi Exp $ */ 1/* $OpenBSD: d1_srtp.c,v 1.31 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -227,13 +227,13 @@ ssl_ctx_make_profiles(const char *profiles_string,
227int 227int
228SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) 228SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
229{ 229{
230 return ssl_ctx_make_profiles(profiles, &ctx->internal->srtp_profiles); 230 return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
231} 231}
232 232
233int 233int
234SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) 234SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
235{ 235{
236 return ssl_ctx_make_profiles(profiles, &s->internal->srtp_profiles); 236 return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
237} 237}
238 238
239 239
@@ -241,11 +241,11 @@ STACK_OF(SRTP_PROTECTION_PROFILE) *
241SSL_get_srtp_profiles(SSL *s) 241SSL_get_srtp_profiles(SSL *s)
242{ 242{
243 if (s != NULL) { 243 if (s != NULL) {
244 if (s->internal->srtp_profiles != NULL) { 244 if (s->srtp_profiles != NULL) {
245 return s->internal->srtp_profiles; 245 return s->srtp_profiles;
246 } else if ((s->ctx != NULL) && 246 } else if ((s->ctx != NULL) &&
247 (s->ctx->internal->srtp_profiles != NULL)) { 247 (s->ctx->srtp_profiles != NULL)) {
248 return s->ctx->internal->srtp_profiles; 248 return s->ctx->srtp_profiles;
249 } 249 }
250 } 250 }
251 251
@@ -256,7 +256,7 @@ SRTP_PROTECTION_PROFILE *
256SSL_get_selected_srtp_profile(SSL *s) 256SSL_get_selected_srtp_profile(SSL *s)
257{ 257{
258 /* XXX cast away the const */ 258 /* XXX cast away the const */
259 return (SRTP_PROTECTION_PROFILE *)s->internal->srtp_profile; 259 return (SRTP_PROTECTION_PROFILE *)s->srtp_profile;
260} 260}
261 261
262#endif 262#endif
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 989165b207..52ad16a697 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.238 2022/08/21 19:39:44 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.239 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1441,7 +1441,7 @@ ssl3_cipher_get_value(const SSL_CIPHER *c)
1441int 1441int
1442ssl3_pending(const SSL *s) 1442ssl3_pending(const SSL *s)
1443{ 1443{
1444 if (s->internal->rstate == SSL_ST_READ_BODY) 1444 if (s->rstate == SSL_ST_READ_BODY)
1445 return 0; 1445 return 0;
1446 1446
1447 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? 1447 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
@@ -1493,13 +1493,13 @@ ssl3_handshake_msg_finish(SSL *s, CBB *handshake)
1493 if (outlen > INT_MAX) 1493 if (outlen > INT_MAX)
1494 goto err; 1494 goto err;
1495 1495
1496 if (!BUF_MEM_grow_clean(s->internal->init_buf, outlen)) 1496 if (!BUF_MEM_grow_clean(s->init_buf, outlen))
1497 goto err; 1497 goto err;
1498 1498
1499 memcpy(s->internal->init_buf->data, data, outlen); 1499 memcpy(s->init_buf->data, data, outlen);
1500 1500
1501 s->internal->init_num = (int)outlen; 1501 s->init_num = (int)outlen;
1502 s->internal->init_off = 0; 1502 s->init_off = 0;
1503 1503
1504 if (SSL_is_dtls(s)) { 1504 if (SSL_is_dtls(s)) {
1505 unsigned long len; 1505 unsigned long len;
@@ -1572,7 +1572,7 @@ ssl3_free(SSL *s)
1572 tls_buffer_free(s->s3->hs.tls13.quic_read_buffer); 1572 tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
1573 1573
1574 sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); 1574 sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
1575 sk_X509_pop_free(s->internal->verified_chain, X509_free); 1575 sk_X509_pop_free(s->verified_chain, X509_free);
1576 1576
1577 tls1_transcript_free(s); 1577 tls1_transcript_free(s);
1578 tls1_transcript_hash_free(s); 1578 tls1_transcript_hash_free(s);
@@ -1595,8 +1595,8 @@ ssl3_clear(SSL *s)
1595 1595
1596 tls1_cleanup_key_block(s); 1596 tls1_cleanup_key_block(s);
1597 sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); 1597 sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
1598 sk_X509_pop_free(s->internal->verified_chain, X509_free); 1598 sk_X509_pop_free(s->verified_chain, X509_free);
1599 s->internal->verified_chain = NULL; 1599 s->verified_chain = NULL;
1600 1600
1601 freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); 1601 freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
1602 s->s3->hs.sigalgs = NULL; 1602 s->s3->hs.sigalgs = NULL;
@@ -1656,7 +1656,7 @@ ssl3_clear(SSL *s)
1656 s->s3->num_renegotiations = 0; 1656 s->s3->num_renegotiations = 0;
1657 s->s3->in_read_app_data = 0; 1657 s->s3->in_read_app_data = 0;
1658 1658
1659 s->internal->packet_length = 0; 1659 s->packet_length = 0;
1660 s->version = TLS1_VERSION; 1660 s->version = TLS1_VERSION;
1661 1661
1662 s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); 1662 s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
@@ -1725,7 +1725,7 @@ _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
1725static int 1725static int
1726_SSL_session_reused(SSL *s) 1726_SSL_session_reused(SSL *s)
1727{ 1727{
1728 return s->internal->hit; 1728 return s->hit;
1729} 1729}
1730 1730
1731static int 1731static int
@@ -1834,7 +1834,7 @@ _SSL_set_tlsext_host_name(SSL *s, const char *name)
1834static int 1834static int
1835_SSL_set_tlsext_debug_arg(SSL *s, void *arg) 1835_SSL_set_tlsext_debug_arg(SSL *s, void *arg)
1836{ 1836{
1837 s->internal->tlsext_debug_arg = arg; 1837 s->tlsext_debug_arg = arg;
1838 return 1; 1838 return 1;
1839} 1839}
1840 1840
@@ -1854,7 +1854,7 @@ _SSL_set_tlsext_status_type(SSL *s, int type)
1854static int 1854static int
1855_SSL_get_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) **exts) 1855_SSL_get_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) **exts)
1856{ 1856{
1857 *exts = s->internal->tlsext_ocsp_exts; 1857 *exts = s->tlsext_ocsp_exts;
1858 return 1; 1858 return 1;
1859} 1859}
1860 1860
@@ -1862,14 +1862,14 @@ static int
1862_SSL_set_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) *exts) 1862_SSL_set_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) *exts)
1863{ 1863{
1864 /* XXX - leak... */ 1864 /* XXX - leak... */
1865 s->internal->tlsext_ocsp_exts = exts; 1865 s->tlsext_ocsp_exts = exts;
1866 return 1; 1866 return 1;
1867} 1867}
1868 1868
1869static int 1869static int
1870_SSL_get_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) **ids) 1870_SSL_get_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) **ids)
1871{ 1871{
1872 *ids = s->internal->tlsext_ocsp_ids; 1872 *ids = s->tlsext_ocsp_ids;
1873 return 1; 1873 return 1;
1874} 1874}
1875 1875
@@ -1877,17 +1877,17 @@ static int
1877_SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids) 1877_SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids)
1878{ 1878{
1879 /* XXX - leak... */ 1879 /* XXX - leak... */
1880 s->internal->tlsext_ocsp_ids = ids; 1880 s->tlsext_ocsp_ids = ids;
1881 return 1; 1881 return 1;
1882} 1882}
1883 1883
1884static int 1884static int
1885_SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp) 1885_SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp)
1886{ 1886{
1887 if (s->internal->tlsext_ocsp_resp != NULL && 1887 if (s->tlsext_ocsp_resp != NULL &&
1888 s->internal->tlsext_ocsp_resp_len < INT_MAX) { 1888 s->tlsext_ocsp_resp_len < INT_MAX) {
1889 *resp = s->internal->tlsext_ocsp_resp; 1889 *resp = s->tlsext_ocsp_resp;
1890 return (int)s->internal->tlsext_ocsp_resp_len; 1890 return (int)s->tlsext_ocsp_resp_len;
1891 } 1891 }
1892 1892
1893 *resp = NULL; 1893 *resp = NULL;
@@ -1898,15 +1898,15 @@ _SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp)
1898static int 1898static int
1899_SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len) 1899_SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len)
1900{ 1900{
1901 free(s->internal->tlsext_ocsp_resp); 1901 free(s->tlsext_ocsp_resp);
1902 s->internal->tlsext_ocsp_resp = NULL; 1902 s->tlsext_ocsp_resp = NULL;
1903 s->internal->tlsext_ocsp_resp_len = 0; 1903 s->tlsext_ocsp_resp_len = 0;
1904 1904
1905 if (resp_len < 0) 1905 if (resp_len < 0)
1906 return 0; 1906 return 0;
1907 1907
1908 s->internal->tlsext_ocsp_resp = resp; 1908 s->tlsext_ocsp_resp = resp;
1909 s->internal->tlsext_ocsp_resp_len = (size_t)resp_len; 1909 s->tlsext_ocsp_resp_len = (size_t)resp_len;
1910 1910
1911 return 1; 1911 return 1;
1912} 1912}
@@ -1955,15 +1955,15 @@ SSL_clear_chain_certs(SSL *ssl)
1955int 1955int
1956SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) 1956SSL_set1_groups(SSL *s, const int *groups, size_t groups_len)
1957{ 1957{
1958 return tls1_set_groups(&s->internal->tlsext_supportedgroups, 1958 return tls1_set_groups(&s->tlsext_supportedgroups,
1959 &s->internal->tlsext_supportedgroups_length, groups, groups_len); 1959 &s->tlsext_supportedgroups_length, groups, groups_len);
1960} 1960}
1961 1961
1962int 1962int
1963SSL_set1_groups_list(SSL *s, const char *groups) 1963SSL_set1_groups_list(SSL *s, const char *groups)
1964{ 1964{
1965 return tls1_set_group_list(&s->internal->tlsext_supportedgroups, 1965 return tls1_set_group_list(&s->tlsext_supportedgroups,
1966 &s->internal->tlsext_supportedgroups_length, groups); 1966 &s->tlsext_supportedgroups_length, groups);
1967} 1967}
1968 1968
1969static int 1969static int
@@ -2183,7 +2183,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2183 return 1; 2183 return 1;
2184 2184
2185 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 2185 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2186 s->internal->tlsext_debug_cb = (void (*)(SSL *, int , int, 2186 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
2187 unsigned char *, int, void *))fp; 2187 unsigned char *, int, void *))fp;
2188 return 1; 2188 return 1;
2189 } 2189 }
@@ -2211,8 +2211,8 @@ _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
2211 return 0; 2211 return 0;
2212 } 2212 }
2213 2213
2214 DH_free(ctx->internal->cert->dhe_params); 2214 DH_free(ctx->cert->dhe_params);
2215 ctx->internal->cert->dhe_params = dhe_params; 2215 ctx->cert->dhe_params = dhe_params;
2216 2216
2217 return 1; 2217 return 1;
2218} 2218}
@@ -2220,7 +2220,7 @@ _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
2220static int 2220static int
2221_SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state) 2221_SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)
2222{ 2222{
2223 ctx->internal->cert->dhe_params_auto = state; 2223 ctx->cert->dhe_params_auto = state;
2224 return 1; 2224 return 1;
2225} 2225}
2226 2226
@@ -2248,7 +2248,7 @@ _SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)
2248static int 2248static int
2249_SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) 2249_SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg)
2250{ 2250{
2251 ctx->internal->tlsext_servername_arg = arg; 2251 ctx->tlsext_servername_arg = arg;
2252 return 1; 2252 return 1;
2253} 2253}
2254 2254
@@ -2263,9 +2263,9 @@ _SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
2263 return 0; 2263 return 0;
2264 } 2264 }
2265 2265
2266 memcpy(keys, ctx->internal->tlsext_tick_key_name, 16); 2266 memcpy(keys, ctx->tlsext_tick_key_name, 16);
2267 memcpy(keys + 16, ctx->internal->tlsext_tick_hmac_key, 16); 2267 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2268 memcpy(keys + 32, ctx->internal->tlsext_tick_aes_key, 16); 2268 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2269 2269
2270 return 1; 2270 return 1;
2271} 2271}
@@ -2281,9 +2281,9 @@ _SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
2281 return 0; 2281 return 0;
2282 } 2282 }
2283 2283
2284 memcpy(ctx->internal->tlsext_tick_key_name, keys, 16); 2284 memcpy(ctx->tlsext_tick_key_name, keys, 16);
2285 memcpy(ctx->internal->tlsext_tick_hmac_key, keys + 16, 16); 2285 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2286 memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16); 2286 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2287 2287
2288 return 1; 2288 return 1;
2289} 2289}
@@ -2291,14 +2291,14 @@ _SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
2291static int 2291static int
2292_SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg) 2292_SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg)
2293{ 2293{
2294 *arg = ctx->internal->tlsext_status_arg; 2294 *arg = ctx->tlsext_status_arg;
2295 return 1; 2295 return 1;
2296} 2296}
2297 2297
2298static int 2298static int
2299_SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg) 2299_SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg)
2300{ 2300{
2301 ctx->internal->tlsext_status_arg = arg; 2301 ctx->tlsext_status_arg = arg;
2302 return 1; 2302 return 1;
2303} 2303}
2304 2304
@@ -2331,8 +2331,8 @@ SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain)
2331{ 2331{
2332 *out_chain = NULL; 2332 *out_chain = NULL;
2333 2333
2334 if (ctx->internal->cert->key != NULL) 2334 if (ctx->cert->key != NULL)
2335 *out_chain = ctx->internal->cert->key->chain; 2335 *out_chain = ctx->cert->key->chain;
2336 2336
2337 return 1; 2337 return 1;
2338} 2338}
@@ -2361,7 +2361,7 @@ _SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs)
2361{ 2361{
2362 *certs = ctx->extra_certs; 2362 *certs = ctx->extra_certs;
2363 if (*certs == NULL) 2363 if (*certs == NULL)
2364 *certs = ctx->internal->cert->key->chain; 2364 *certs = ctx->cert->key->chain;
2365 2365
2366 return 1; 2366 return 1;
2367} 2367}
@@ -2384,15 +2384,15 @@ _SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx)
2384int 2384int
2385SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) 2385SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)
2386{ 2386{
2387 return tls1_set_groups(&ctx->internal->tlsext_supportedgroups, 2387 return tls1_set_groups(&ctx->tlsext_supportedgroups,
2388 &ctx->internal->tlsext_supportedgroups_length, groups, groups_len); 2388 &ctx->tlsext_supportedgroups_length, groups, groups_len);
2389} 2389}
2390 2390
2391int 2391int
2392SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) 2392SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups)
2393{ 2393{
2394 return tls1_set_group_list(&ctx->internal->tlsext_supportedgroups, 2394 return tls1_set_group_list(&ctx->tlsext_supportedgroups,
2395 &ctx->internal->tlsext_supportedgroups_length, groups); 2395 &ctx->tlsext_supportedgroups_length, groups);
2396} 2396}
2397 2397
2398long 2398long
@@ -2507,7 +2507,7 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2507 return 0; 2507 return 0;
2508 2508
2509 case SSL_CTRL_SET_TMP_DH_CB: 2509 case SSL_CTRL_SET_TMP_DH_CB:
2510 ctx->internal->cert->dhe_params_cb = 2510 ctx->cert->dhe_params_cb =
2511 (DH *(*)(SSL *, int, int))fp; 2511 (DH *(*)(SSL *, int, int))fp;
2512 return 1; 2512 return 1;
2513 2513
@@ -2515,20 +2515,20 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2515 return 1; 2515 return 1;
2516 2516
2517 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2517 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2518 ctx->internal->tlsext_servername_callback = 2518 ctx->tlsext_servername_callback =
2519 (int (*)(SSL *, int *, void *))fp; 2519 (int (*)(SSL *, int *, void *))fp;
2520 return 1; 2520 return 1;
2521 2521
2522 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB: 2522 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
2523 *(int (**)(SSL *, void *))fp = ctx->internal->tlsext_status_cb; 2523 *(int (**)(SSL *, void *))fp = ctx->tlsext_status_cb;
2524 return 1; 2524 return 1;
2525 2525
2526 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2526 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2527 ctx->internal->tlsext_status_cb = (int (*)(SSL *, void *))fp; 2527 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
2528 return 1; 2528 return 1;
2529 2529
2530 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: 2530 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2531 ctx->internal->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, 2531 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
2532 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; 2532 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
2533 return 1; 2533 return 1;
2534 } 2534 }
@@ -2559,7 +2559,7 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2559 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 2559 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2560 */ 2560 */
2561 2561
2562 if (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { 2562 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
2563 prio = srvr; 2563 prio = srvr;
2564 allow = clnt; 2564 allow = clnt;
2565 } else { 2565 } else {
@@ -2670,13 +2670,13 @@ ssl3_shutdown(SSL *s)
2670 * Don't do anything much if we have not done the handshake or 2670 * Don't do anything much if we have not done the handshake or
2671 * we don't want to send messages :-) 2671 * we don't want to send messages :-)
2672 */ 2672 */
2673 if ((s->internal->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) { 2673 if ((s->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) {
2674 s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 2674 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2675 return (1); 2675 return (1);
2676 } 2676 }
2677 2677
2678 if (!(s->internal->shutdown & SSL_SENT_SHUTDOWN)) { 2678 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
2679 s->internal->shutdown|=SSL_SENT_SHUTDOWN; 2679 s->shutdown|=SSL_SENT_SHUTDOWN;
2680 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 2680 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
2681 /* 2681 /*
2682 * Our shutdown alert has been sent now, and if it still needs 2682 * Our shutdown alert has been sent now, and if it still needs
@@ -2696,15 +2696,15 @@ ssl3_shutdown(SSL *s)
2696 */ 2696 */
2697 return (ret); 2697 return (ret);
2698 } 2698 }
2699 } else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2699 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2700 /* If we are waiting for a close from our peer, we are closed */ 2700 /* If we are waiting for a close from our peer, we are closed */
2701 s->method->ssl_read_bytes(s, 0, NULL, 0, 0); 2701 s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
2702 if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { 2702 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2703 return (-1); /* return WANT_READ */ 2703 return (-1); /* return WANT_READ */
2704 } 2704 }
2705 } 2705 }
2706 2706
2707 if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 2707 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2708 !s->s3->alert_dispatch) 2708 !s->s3->alert_dispatch)
2709 return (1); 2709 return (1);
2710 else 2710 else
@@ -2737,16 +2737,16 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2737 peek); 2737 peek);
2738 if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 2738 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
2739 /* 2739 /*
2740 * ssl3_read_bytes decided to call s->internal->handshake_func, 2740 * ssl3_read_bytes decided to call s->handshake_func,
2741 * which called ssl3_read_bytes to read handshake data. 2741 * which called ssl3_read_bytes to read handshake data.
2742 * However, ssl3_read_bytes actually found application data 2742 * However, ssl3_read_bytes actually found application data
2743 * and thinks that application data makes sense here; so disable 2743 * and thinks that application data makes sense here; so disable
2744 * handshake processing and try to read application data again. 2744 * handshake processing and try to read application data again.
2745 */ 2745 */
2746 s->internal->in_handshake++; 2746 s->in_handshake++;
2747 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, 2747 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA,
2748 buf, len, peek); 2748 buf, len, peek);
2749 s->internal->in_handshake--; 2749 s->in_handshake--;
2750 } else 2750 } else
2751 s->s3->in_read_app_data = 0; 2751 s->s3->in_read_app_data = 0;
2752 2752
@@ -2768,7 +2768,7 @@ ssl3_peek(SSL *s, void *buf, int len)
2768int 2768int
2769ssl3_renegotiate(SSL *s) 2769ssl3_renegotiate(SSL *s)
2770{ 2770{
2771 if (s->internal->handshake_func == NULL) 2771 if (s->handshake_func == NULL)
2772 return 1; 2772 return 1;
2773 2773
2774 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 2774 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 801b5bea29..93f7384762 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.43 2022/10/01 16:23:15 jsing Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.44 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -128,7 +128,7 @@
128#include "ssl_locl.h" 128#include "ssl_locl.h"
129 129
130/* 130/*
131 * Send s->internal->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or 131 * Send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
132 * SSL3_RT_CHANGE_CIPHER_SPEC). 132 * SSL3_RT_CHANGE_CIPHER_SPEC).
133 */ 133 */
134int 134int
@@ -136,8 +136,8 @@ ssl3_do_write(SSL *s, int type)
136{ 136{
137 int ret; 137 int ret;
138 138
139 ret = ssl3_write_bytes(s, type, &s->internal->init_buf->data[s->internal->init_off], 139 ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
140 s->internal->init_num); 140 s->init_num);
141 if (ret < 0) 141 if (ret < 0)
142 return (-1); 142 return (-1);
143 143
@@ -147,16 +147,16 @@ ssl3_do_write(SSL *s, int type)
147 * we'll ignore the result anyway. 147 * we'll ignore the result anyway.
148 */ 148 */
149 tls1_transcript_record(s, 149 tls1_transcript_record(s,
150 (unsigned char *)&s->internal->init_buf->data[s->internal->init_off], ret); 150 (unsigned char *)&s->init_buf->data[s->init_off], ret);
151 151
152 if (ret == s->internal->init_num) { 152 if (ret == s->init_num) {
153 ssl_msg_callback(s, 1, type, s->internal->init_buf->data, 153 ssl_msg_callback(s, 1, type, s->init_buf->data,
154 (size_t)(s->internal->init_off + s->internal->init_num)); 154 (size_t)(s->init_off + s->init_num));
155 return (1); 155 return (1);
156 } 156 }
157 157
158 s->internal->init_off += ret; 158 s->init_off += ret;
159 s->internal->init_num -= ret; 159 s->init_num -= ret;
160 160
161 return (0); 161 return (0);
162} 162}
@@ -207,7 +207,7 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk)
207 if ((chain = cpk->chain) == NULL) 207 if ((chain = cpk->chain) == NULL)
208 chain = s->ctx->extra_certs; 208 chain = s->ctx->extra_certs;
209 209
210 if (chain != NULL || (s->internal->mode & SSL_MODE_NO_AUTO_CHAIN)) { 210 if (chain != NULL || (s->mode & SSL_MODE_NO_AUTO_CHAIN)) {
211 if (!ssl3_add_cert(&cert_list, cpk->x509)) 211 if (!ssl3_add_cert(&cert_list, cpk->x509))
212 goto err; 212 goto err;
213 } else { 213 } else {
@@ -269,27 +269,27 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
269 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 269 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
270 goto fatal_err; 270 goto fatal_err;
271 } 271 }
272 s->internal->init_msg = s->internal->init_buf->data + 272 s->init_msg = s->init_buf->data +
273 SSL3_HM_HEADER_LENGTH; 273 SSL3_HM_HEADER_LENGTH;
274 s->internal->init_num = (int)s->s3->hs.tls12.message_size; 274 s->init_num = (int)s->s3->hs.tls12.message_size;
275 return 1; 275 return 1;
276 } 276 }
277 277
278 p = (unsigned char *)s->internal->init_buf->data; 278 p = (unsigned char *)s->init_buf->data;
279 279
280 if (s->s3->hs.state == st1) { 280 if (s->s3->hs.state == st1) {
281 int skip_message; 281 int skip_message;
282 282
283 do { 283 do {
284 while (s->internal->init_num < SSL3_HM_HEADER_LENGTH) { 284 while (s->init_num < SSL3_HM_HEADER_LENGTH) {
285 i = s->method->ssl_read_bytes(s, 285 i = s->method->ssl_read_bytes(s,
286 SSL3_RT_HANDSHAKE, &p[s->internal->init_num], 286 SSL3_RT_HANDSHAKE, &p[s->init_num],
287 SSL3_HM_HEADER_LENGTH - s->internal->init_num, 0); 287 SSL3_HM_HEADER_LENGTH - s->init_num, 0);
288 if (i <= 0) { 288 if (i <= 0) {
289 s->internal->rwstate = SSL_READING; 289 s->rwstate = SSL_READING;
290 return i; 290 return i;
291 } 291 }
292 s->internal->init_num += i; 292 s->init_num += i;
293 } 293 }
294 294
295 skip_message = 0; 295 skip_message = 0;
@@ -301,7 +301,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
301 * correct. Does not count for 'Finished' MAC. 301 * correct. Does not count for 'Finished' MAC.
302 */ 302 */
303 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) { 303 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) {
304 s->internal->init_num = 0; 304 s->init_num = 0;
305 skip_message = 1; 305 skip_message = 1;
306 306
307 ssl_msg_callback(s, 0, 307 ssl_msg_callback(s, 0,
@@ -330,7 +330,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
330 SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE); 330 SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
331 goto fatal_err; 331 goto fatal_err;
332 } 332 }
333 if (l && !BUF_MEM_grow_clean(s->internal->init_buf, 333 if (l && !BUF_MEM_grow_clean(s->init_buf,
334 l + SSL3_HM_HEADER_LENGTH)) { 334 l + SSL3_HM_HEADER_LENGTH)) {
335 SSLerror(s, ERR_R_BUF_LIB); 335 SSLerror(s, ERR_R_BUF_LIB);
336 goto err; 336 goto err;
@@ -338,33 +338,33 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
338 s->s3->hs.tls12.message_size = l; 338 s->s3->hs.tls12.message_size = l;
339 s->s3->hs.state = stn; 339 s->s3->hs.state = stn;
340 340
341 s->internal->init_msg = s->internal->init_buf->data + 341 s->init_msg = s->init_buf->data +
342 SSL3_HM_HEADER_LENGTH; 342 SSL3_HM_HEADER_LENGTH;
343 s->internal->init_num = 0; 343 s->init_num = 0;
344 } 344 }
345 345
346 /* next state (stn) */ 346 /* next state (stn) */
347 p = s->internal->init_msg; 347 p = s->init_msg;
348 n = s->s3->hs.tls12.message_size - s->internal->init_num; 348 n = s->s3->hs.tls12.message_size - s->init_num;
349 while (n > 0) { 349 while (n > 0) {
350 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, 350 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
351 &p[s->internal->init_num], n, 0); 351 &p[s->init_num], n, 0);
352 if (i <= 0) { 352 if (i <= 0) {
353 s->internal->rwstate = SSL_READING; 353 s->rwstate = SSL_READING;
354 return i; 354 return i;
355 } 355 }
356 s->internal->init_num += i; 356 s->init_num += i;
357 n -= i; 357 n -= i;
358 } 358 }
359 359
360 /* Feed this message into MAC computation. */ 360 /* Feed this message into MAC computation. */
361 if (s->internal->mac_packet) { 361 if (s->mac_packet) {
362 tls1_transcript_record(s, (unsigned char *)s->internal->init_buf->data, 362 tls1_transcript_record(s, (unsigned char *)s->init_buf->data,
363 s->internal->init_num + SSL3_HM_HEADER_LENGTH); 363 s->init_num + SSL3_HM_HEADER_LENGTH);
364 364
365 ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, 365 ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE,
366 s->internal->init_buf->data, 366 s->init_buf->data,
367 (size_t)s->internal->init_num + SSL3_HM_HEADER_LENGTH); 367 (size_t)s->init_num + SSL3_HM_HEADER_LENGTH);
368 } 368 }
369 369
370 return 1; 370 return 1;
@@ -459,7 +459,7 @@ ssl3_setup_init_buffer(SSL *s)
459{ 459{
460 BUF_MEM *buf = NULL; 460 BUF_MEM *buf = NULL;
461 461
462 if (s->internal->init_buf != NULL) 462 if (s->init_buf != NULL)
463 return (1); 463 return (1);
464 464
465 if ((buf = BUF_MEM_new()) == NULL) 465 if ((buf = BUF_MEM_new()) == NULL)
@@ -467,7 +467,7 @@ ssl3_setup_init_buffer(SSL *s)
467 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) 467 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH))
468 goto err; 468 goto err;
469 469
470 s->internal->init_buf = buf; 470 s->init_buf = buf;
471 return (1); 471 return (1);
472 472
473 err: 473 err:
@@ -478,11 +478,11 @@ ssl3_setup_init_buffer(SSL *s)
478void 478void
479ssl3_release_init_buffer(SSL *s) 479ssl3_release_init_buffer(SSL *s)
480{ 480{
481 BUF_MEM_free(s->internal->init_buf); 481 BUF_MEM_free(s->init_buf);
482 s->internal->init_buf = NULL; 482 s->init_buf = NULL;
483 s->internal->init_msg = NULL; 483 s->init_msg = NULL;
484 s->internal->init_num = 0; 484 s->init_num = 0;
485 s->internal->init_off = 0; 485 s->init_off = 0;
486} 486}
487 487
488int 488int
@@ -507,7 +507,7 @@ ssl3_setup_read_buffer(SSL *s)
507 s->s3->rbuf.len = len; 507 s->s3->rbuf.len = len;
508 } 508 }
509 509
510 s->internal->packet = s->s3->rbuf.buf; 510 s->packet = s->s3->rbuf.buf;
511 return 1; 511 return 1;
512 512
513 err: 513 err:
@@ -531,7 +531,7 @@ ssl3_setup_write_buffer(SSL *s)
531 if (s->s3->wbuf.buf == NULL) { 531 if (s->s3->wbuf.buf == NULL) {
532 len = s->max_send_fragment + 532 len = s->max_send_fragment +
533 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; 533 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
534 if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 534 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
535 len += headerlen + align + 535 len += headerlen + align +
536 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 536 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
537 537
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 453d75771d..d102e2e29d 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.103 2022/07/07 13:04:39 tb Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.104 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -304,7 +304,7 @@ ssl_get0_cert(SSL_CTX *ctx, SSL *ssl)
304 if (ssl != NULL) 304 if (ssl != NULL)
305 return ssl->cert; 305 return ssl->cert;
306 306
307 return ctx->internal->cert; 307 return ctx->cert;
308} 308}
309 309
310int 310int
@@ -430,21 +430,21 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *certs)
430 */ 430 */
431 X509_VERIFY_PARAM_set1(param, s->param); 431 X509_VERIFY_PARAM_set1(param, s->param);
432 432
433 if (s->internal->verify_callback) 433 if (s->verify_callback)
434 X509_STORE_CTX_set_verify_cb(ctx, s->internal->verify_callback); 434 X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
435 435
436 if (s->ctx->internal->app_verify_callback != NULL) 436 if (s->ctx->app_verify_callback != NULL)
437 ret = s->ctx->internal->app_verify_callback(ctx, 437 ret = s->ctx->app_verify_callback(ctx,
438 s->ctx->internal->app_verify_arg); 438 s->ctx->app_verify_arg);
439 else 439 else
440 ret = X509_verify_cert(ctx); 440 ret = X509_verify_cert(ctx);
441 441
442 s->verify_result = X509_STORE_CTX_get_error(ctx); 442 s->verify_result = X509_STORE_CTX_get_error(ctx);
443 sk_X509_pop_free(s->internal->verified_chain, X509_free); 443 sk_X509_pop_free(s->verified_chain, X509_free);
444 s->internal->verified_chain = NULL; 444 s->verified_chain = NULL;
445 if (X509_STORE_CTX_get0_chain(ctx) != NULL) { 445 if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
446 s->internal->verified_chain = X509_STORE_CTX_get1_chain(ctx); 446 s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
447 if (s->internal->verified_chain == NULL) { 447 if (s->verified_chain == NULL) {
448 SSLerrorx(ERR_R_MALLOC_FAILURE); 448 SSLerrorx(ERR_R_MALLOC_FAILURE);
449 ret = 0; 449 ret = 0;
450 } 450 }
@@ -491,19 +491,19 @@ SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
491void 491void
492SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) 492SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
493{ 493{
494 set_client_CA_list(&(s->internal->client_CA), name_list); 494 set_client_CA_list(&(s->client_CA), name_list);
495} 495}
496 496
497void 497void
498SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) 498SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
499{ 499{
500 set_client_CA_list(&(ctx->internal->client_CA), name_list); 500 set_client_CA_list(&(ctx->client_CA), name_list);
501} 501}
502 502
503STACK_OF(X509_NAME) * 503STACK_OF(X509_NAME) *
504SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) 504SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
505{ 505{
506 return (ctx->internal->client_CA); 506 return (ctx->client_CA);
507} 507}
508 508
509STACK_OF(X509_NAME) * 509STACK_OF(X509_NAME) *
@@ -516,10 +516,10 @@ SSL_get_client_CA_list(const SSL *s)
516 else 516 else
517 return (NULL); 517 return (NULL);
518 } else { 518 } else {
519 if (s->internal->client_CA != NULL) 519 if (s->client_CA != NULL)
520 return (s->internal->client_CA); 520 return (s->client_CA);
521 else 521 else
522 return (s->ctx->internal->client_CA); 522 return (s->ctx->client_CA);
523 } 523 }
524} 524}
525 525
@@ -546,13 +546,13 @@ add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x)
546int 546int
547SSL_add_client_CA(SSL *ssl, X509 *x) 547SSL_add_client_CA(SSL *ssl, X509 *x)
548{ 548{
549 return (add_client_CA(&(ssl->internal->client_CA), x)); 549 return (add_client_CA(&(ssl->client_CA), x));
550} 550}
551 551
552int 552int
553SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) 553SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
554{ 554{
555 return (add_client_CA(&(ctx->internal->client_CA), x)); 555 return (add_client_CA(&(ctx->client_CA), x));
556} 556}
557 557
558static int 558static int
diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c
index f77f32ab7f..09b4805820 100644
--- a/src/lib/libssl/ssl_ciphers.c
+++ b/src/lib/libssl/ssl_ciphers.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciphers.c,v 1.15 2022/07/02 16:31:04 tb Exp $ */ 1/* $OpenBSD: ssl_ciphers.c,v 1.16 2022/10/02 16:36:41 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> 3 * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
4 * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org>
@@ -79,7 +79,7 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb)
79 } 79 }
80 80
81 /* Add SCSV if there are other ciphers and we're not renegotiating. */ 81 /* Add SCSV if there are other ciphers and we're not renegotiating. */
82 if (num_ciphers > 0 && !s->internal->renegotiate) { 82 if (num_ciphers > 0 && !s->renegotiate) {
83 if (!CBB_add_u16(cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK)) 83 if (!CBB_add_u16(cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK))
84 return 0; 84 return 0;
85 } 85 }
@@ -118,7 +118,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
118 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if 118 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if
119 * renegotiating. 119 * renegotiating.
120 */ 120 */
121 if (s->internal->renegotiate) { 121 if (s->renegotiate) {
122 SSLerror(s, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); 122 SSLerror(s, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
123 ssl3_send_alert(s, SSL3_AL_FATAL, 123 ssl3_send_alert(s, SSL3_AL_FATAL,
124 SSL_AD_HANDSHAKE_FAILURE); 124 SSL_AD_HANDSHAKE_FAILURE);
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 8b2f209a79..d5791e3ffc 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.154 2022/10/01 16:23:15 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.155 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -204,7 +204,7 @@ ssl3_connect(SSL *s)
204 ERR_clear_error(); 204 ERR_clear_error();
205 errno = 0; 205 errno = 0;
206 206
207 s->internal->in_handshake++; 207 s->in_handshake++;
208 if (!SSL_in_init(s) || SSL_in_before(s)) 208 if (!SSL_in_init(s) || SSL_in_before(s))
209 SSL_clear(s); 209 SSL_clear(s);
210 210
@@ -213,9 +213,9 @@ ssl3_connect(SSL *s)
213 213
214 switch (s->s3->hs.state) { 214 switch (s->s3->hs.state) {
215 case SSL_ST_RENEGOTIATE: 215 case SSL_ST_RENEGOTIATE:
216 s->internal->renegotiate = 1; 216 s->renegotiate = 1;
217 s->s3->hs.state = SSL_ST_CONNECT; 217 s->s3->hs.state = SSL_ST_CONNECT;
218 s->ctx->internal->stats.sess_connect_renegotiate++; 218 s->ctx->stats.sess_connect_renegotiate++;
219 /* break */ 219 /* break */
220 case SSL_ST_BEFORE: 220 case SSL_ST_BEFORE:
221 case SSL_ST_CONNECT: 221 case SSL_ST_CONNECT:
@@ -268,21 +268,21 @@ ssl3_connect(SSL *s)
268 } 268 }
269 269
270 s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A; 270 s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
271 s->ctx->internal->stats.sess_connect++; 271 s->ctx->stats.sess_connect++;
272 s->internal->init_num = 0; 272 s->init_num = 0;
273 273
274 if (SSL_is_dtls(s)) { 274 if (SSL_is_dtls(s)) {
275 /* mark client_random uninitialized */ 275 /* mark client_random uninitialized */
276 memset(s->s3->client_random, 0, 276 memset(s->s3->client_random, 0,
277 sizeof(s->s3->client_random)); 277 sizeof(s->s3->client_random));
278 s->d1->send_cookie = 0; 278 s->d1->send_cookie = 0;
279 s->internal->hit = 0; 279 s->hit = 0;
280 } 280 }
281 break; 281 break;
282 282
283 case SSL3_ST_CW_CLNT_HELLO_A: 283 case SSL3_ST_CW_CLNT_HELLO_A:
284 case SSL3_ST_CW_CLNT_HELLO_B: 284 case SSL3_ST_CW_CLNT_HELLO_B:
285 s->internal->shutdown = 0; 285 s->shutdown = 0;
286 286
287 if (SSL_is_dtls(s)) { 287 if (SSL_is_dtls(s)) {
288 /* every DTLS ClientHello resets Finished MAC */ 288 /* every DTLS ClientHello resets Finished MAC */
@@ -301,7 +301,7 @@ ssl3_connect(SSL *s)
301 } else 301 } else
302 s->s3->hs.state = SSL3_ST_CR_SRVR_HELLO_A; 302 s->s3->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
303 303
304 s->internal->init_num = 0; 304 s->init_num = 0;
305 305
306 /* turn on buffering for the next lot of output */ 306 /* turn on buffering for the next lot of output */
307 if (s->bbio != s->wbio) 307 if (s->bbio != s->wbio)
@@ -315,10 +315,10 @@ ssl3_connect(SSL *s)
315 if (ret <= 0) 315 if (ret <= 0)
316 goto end; 316 goto end;
317 317
318 if (s->internal->hit) { 318 if (s->hit) {
319 s->s3->hs.state = SSL3_ST_CR_FINISHED_A; 319 s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
320 if (!SSL_is_dtls(s)) { 320 if (!SSL_is_dtls(s)) {
321 if (s->internal->tlsext_ticket_expected) { 321 if (s->tlsext_ticket_expected) {
322 /* receive renewed session ticket */ 322 /* receive renewed session ticket */
323 s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A; 323 s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
324 } 324 }
@@ -331,7 +331,7 @@ ssl3_connect(SSL *s)
331 } else { 331 } else {
332 s->s3->hs.state = SSL3_ST_CR_CERT_A; 332 s->s3->hs.state = SSL3_ST_CR_CERT_A;
333 } 333 }
334 s->internal->init_num = 0; 334 s->init_num = 0;
335 break; 335 break;
336 336
337 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: 337 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
@@ -344,7 +344,7 @@ ssl3_connect(SSL *s)
344 s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A; 344 s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
345 else 345 else
346 s->s3->hs.state = SSL3_ST_CR_CERT_A; 346 s->s3->hs.state = SSL3_ST_CR_CERT_A;
347 s->internal->init_num = 0; 347 s->init_num = 0;
348 break; 348 break;
349 349
350 case SSL3_ST_CR_CERT_A: 350 case SSL3_ST_CR_CERT_A:
@@ -353,12 +353,12 @@ ssl3_connect(SSL *s)
353 if (ret <= 0) 353 if (ret <= 0)
354 goto end; 354 goto end;
355 if (ret == 2) { 355 if (ret == 2) {
356 s->internal->hit = 1; 356 s->hit = 1;
357 if (s->internal->tlsext_ticket_expected) 357 if (s->tlsext_ticket_expected)
358 s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A; 358 s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
359 else 359 else
360 s->s3->hs.state = SSL3_ST_CR_FINISHED_A; 360 s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
361 s->internal->init_num = 0; 361 s->init_num = 0;
362 break; 362 break;
363 } 363 }
364 /* Check if it is anon DH/ECDH. */ 364 /* Check if it is anon DH/ECDH. */
@@ -367,7 +367,7 @@ ssl3_connect(SSL *s)
367 ret = ssl3_get_server_certificate(s); 367 ret = ssl3_get_server_certificate(s);
368 if (ret <= 0) 368 if (ret <= 0)
369 goto end; 369 goto end;
370 if (s->internal->tlsext_status_expected) 370 if (s->tlsext_status_expected)
371 s->s3->hs.state = SSL3_ST_CR_CERT_STATUS_A; 371 s->s3->hs.state = SSL3_ST_CR_CERT_STATUS_A;
372 else 372 else
373 s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; 373 s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
@@ -375,7 +375,7 @@ ssl3_connect(SSL *s)
375 skip = 1; 375 skip = 1;
376 s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; 376 s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
377 } 377 }
378 s->internal->init_num = 0; 378 s->init_num = 0;
379 break; 379 break;
380 380
381 case SSL3_ST_CR_KEY_EXCH_A: 381 case SSL3_ST_CR_KEY_EXCH_A:
@@ -384,7 +384,7 @@ ssl3_connect(SSL *s)
384 if (ret <= 0) 384 if (ret <= 0)
385 goto end; 385 goto end;
386 s->s3->hs.state = SSL3_ST_CR_CERT_REQ_A; 386 s->s3->hs.state = SSL3_ST_CR_CERT_REQ_A;
387 s->internal->init_num = 0; 387 s->init_num = 0;
388 388
389 /* 389 /*
390 * At this point we check that we have the 390 * At this point we check that we have the
@@ -402,7 +402,7 @@ ssl3_connect(SSL *s)
402 if (ret <= 0) 402 if (ret <= 0)
403 goto end; 403 goto end;
404 s->s3->hs.state = SSL3_ST_CR_SRVR_DONE_A; 404 s->s3->hs.state = SSL3_ST_CR_SRVR_DONE_A;
405 s->internal->init_num = 0; 405 s->init_num = 0;
406 break; 406 break;
407 407
408 case SSL3_ST_CR_SRVR_DONE_A: 408 case SSL3_ST_CR_SRVR_DONE_A:
@@ -416,7 +416,7 @@ ssl3_connect(SSL *s)
416 s->s3->hs.state = SSL3_ST_CW_CERT_A; 416 s->s3->hs.state = SSL3_ST_CW_CERT_A;
417 else 417 else
418 s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A; 418 s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A;
419 s->internal->init_num = 0; 419 s->init_num = 0;
420 420
421 break; 421 break;
422 422
@@ -430,7 +430,7 @@ ssl3_connect(SSL *s)
430 if (ret <= 0) 430 if (ret <= 0)
431 goto end; 431 goto end;
432 s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A; 432 s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A;
433 s->internal->init_num = 0; 433 s->init_num = 0;
434 break; 434 break;
435 435
436 case SSL3_ST_CW_KEY_EXCH_A: 436 case SSL3_ST_CW_KEY_EXCH_A:
@@ -469,7 +469,7 @@ ssl3_connect(SSL *s)
469 } 469 }
470 } 470 }
471 471
472 s->internal->init_num = 0; 472 s->init_num = 0;
473 break; 473 break;
474 474
475 case SSL3_ST_CW_CERT_VRFY_A: 475 case SSL3_ST_CW_CERT_VRFY_A:
@@ -480,20 +480,20 @@ ssl3_connect(SSL *s)
480 if (ret <= 0) 480 if (ret <= 0)
481 goto end; 481 goto end;
482 s->s3->hs.state = SSL3_ST_CW_CHANGE_A; 482 s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
483 s->internal->init_num = 0; 483 s->init_num = 0;
484 s->s3->change_cipher_spec = 0; 484 s->s3->change_cipher_spec = 0;
485 break; 485 break;
486 486
487 case SSL3_ST_CW_CHANGE_A: 487 case SSL3_ST_CW_CHANGE_A:
488 case SSL3_ST_CW_CHANGE_B: 488 case SSL3_ST_CW_CHANGE_B:
489 if (SSL_is_dtls(s) && !s->internal->hit) 489 if (SSL_is_dtls(s) && !s->hit)
490 dtls1_start_timer(s); 490 dtls1_start_timer(s);
491 ret = ssl3_send_client_change_cipher_spec(s); 491 ret = ssl3_send_client_change_cipher_spec(s);
492 if (ret <= 0) 492 if (ret <= 0)
493 goto end; 493 goto end;
494 494
495 s->s3->hs.state = SSL3_ST_CW_FINISHED_A; 495 s->s3->hs.state = SSL3_ST_CW_FINISHED_A;
496 s->internal->init_num = 0; 496 s->init_num = 0;
497 s->session->cipher = s->s3->hs.cipher; 497 s->session->cipher = s->s3->hs.cipher;
498 498
499 if (!tls1_setup_key_block(s)) { 499 if (!tls1_setup_key_block(s)) {
@@ -508,7 +508,7 @@ ssl3_connect(SSL *s)
508 508
509 case SSL3_ST_CW_FINISHED_A: 509 case SSL3_ST_CW_FINISHED_A:
510 case SSL3_ST_CW_FINISHED_B: 510 case SSL3_ST_CW_FINISHED_B:
511 if (SSL_is_dtls(s) && !s->internal->hit) 511 if (SSL_is_dtls(s) && !s->hit)
512 dtls1_start_timer(s); 512 dtls1_start_timer(s);
513 ret = ssl3_send_client_finished(s); 513 ret = ssl3_send_client_finished(s);
514 if (ret <= 0) 514 if (ret <= 0)
@@ -518,18 +518,18 @@ ssl3_connect(SSL *s)
518 s->s3->hs.state = SSL3_ST_CW_FLUSH; 518 s->s3->hs.state = SSL3_ST_CW_FLUSH;
519 519
520 /* clear flags */ 520 /* clear flags */
521 if (s->internal->hit) { 521 if (s->hit) {
522 s->s3->hs.tls12.next_state = SSL_ST_OK; 522 s->s3->hs.tls12.next_state = SSL_ST_OK;
523 } else { 523 } else {
524 /* Allow NewSessionTicket if ticket expected */ 524 /* Allow NewSessionTicket if ticket expected */
525 if (s->internal->tlsext_ticket_expected) 525 if (s->tlsext_ticket_expected)
526 s->s3->hs.tls12.next_state = 526 s->s3->hs.tls12.next_state =
527 SSL3_ST_CR_SESSION_TICKET_A; 527 SSL3_ST_CR_SESSION_TICKET_A;
528 else 528 else
529 s->s3->hs.tls12.next_state = 529 s->s3->hs.tls12.next_state =
530 SSL3_ST_CR_FINISHED_A; 530 SSL3_ST_CR_FINISHED_A;
531 } 531 }
532 s->internal->init_num = 0; 532 s->init_num = 0;
533 break; 533 break;
534 534
535 case SSL3_ST_CR_SESSION_TICKET_A: 535 case SSL3_ST_CR_SESSION_TICKET_A:
@@ -538,7 +538,7 @@ ssl3_connect(SSL *s)
538 if (ret <= 0) 538 if (ret <= 0)
539 goto end; 539 goto end;
540 s->s3->hs.state = SSL3_ST_CR_FINISHED_A; 540 s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
541 s->internal->init_num = 0; 541 s->init_num = 0;
542 break; 542 break;
543 543
544 case SSL3_ST_CR_CERT_STATUS_A: 544 case SSL3_ST_CR_CERT_STATUS_A:
@@ -547,7 +547,7 @@ ssl3_connect(SSL *s)
547 if (ret <= 0) 547 if (ret <= 0)
548 goto end; 548 goto end;
549 s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; 549 s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
550 s->internal->init_num = 0; 550 s->init_num = 0;
551 break; 551 break;
552 552
553 case SSL3_ST_CR_FINISHED_A: 553 case SSL3_ST_CR_FINISHED_A:
@@ -562,27 +562,27 @@ ssl3_connect(SSL *s)
562 if (SSL_is_dtls(s)) 562 if (SSL_is_dtls(s))
563 dtls1_stop_timer(s); 563 dtls1_stop_timer(s);
564 564
565 if (s->internal->hit) 565 if (s->hit)
566 s->s3->hs.state = SSL3_ST_CW_CHANGE_A; 566 s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
567 else 567 else
568 s->s3->hs.state = SSL_ST_OK; 568 s->s3->hs.state = SSL_ST_OK;
569 s->internal->init_num = 0; 569 s->init_num = 0;
570 break; 570 break;
571 571
572 case SSL3_ST_CW_FLUSH: 572 case SSL3_ST_CW_FLUSH:
573 s->internal->rwstate = SSL_WRITING; 573 s->rwstate = SSL_WRITING;
574 if (BIO_flush(s->wbio) <= 0) { 574 if (BIO_flush(s->wbio) <= 0) {
575 if (SSL_is_dtls(s)) { 575 if (SSL_is_dtls(s)) {
576 /* If the write error was fatal, stop trying */ 576 /* If the write error was fatal, stop trying */
577 if (!BIO_should_retry(s->wbio)) { 577 if (!BIO_should_retry(s->wbio)) {
578 s->internal->rwstate = SSL_NOTHING; 578 s->rwstate = SSL_NOTHING;
579 s->s3->hs.state = s->s3->hs.tls12.next_state; 579 s->s3->hs.state = s->s3->hs.tls12.next_state;
580 } 580 }
581 } 581 }
582 ret = -1; 582 ret = -1;
583 goto end; 583 goto end;
584 } 584 }
585 s->internal->rwstate = SSL_NOTHING; 585 s->rwstate = SSL_NOTHING;
586 s->s3->hs.state = s->s3->hs.tls12.next_state; 586 s->s3->hs.state = s->s3->hs.tls12.next_state;
587 break; 587 break;
588 588
@@ -601,18 +601,18 @@ ssl3_connect(SSL *s)
601 601
602 ssl_free_wbio_buffer(s); 602 ssl_free_wbio_buffer(s);
603 603
604 s->internal->init_num = 0; 604 s->init_num = 0;
605 s->internal->renegotiate = 0; 605 s->renegotiate = 0;
606 s->internal->new_session = 0; 606 s->new_session = 0;
607 607
608 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); 608 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
609 if (s->internal->hit) 609 if (s->hit)
610 s->ctx->internal->stats.sess_hit++; 610 s->ctx->stats.sess_hit++;
611 611
612 ret = 1; 612 ret = 1;
613 /* s->server=0; */ 613 /* s->server=0; */
614 s->internal->handshake_func = ssl3_connect; 614 s->handshake_func = ssl3_connect;
615 s->ctx->internal->stats.sess_connect_good++; 615 s->ctx->stats.sess_connect_good++;
616 616
617 ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1); 617 ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1);
618 618
@@ -634,7 +634,7 @@ ssl3_connect(SSL *s)
634 634
635 /* did we do anything */ 635 /* did we do anything */
636 if (!s->s3->hs.tls12.reuse_message && !skip) { 636 if (!s->s3->hs.tls12.reuse_message && !skip) {
637 if (s->internal->debug) { 637 if (s->debug) {
638 if ((ret = BIO_flush(s->wbio)) <= 0) 638 if ((ret = BIO_flush(s->wbio)) <= 0)
639 goto end; 639 goto end;
640 } 640 }
@@ -650,7 +650,7 @@ ssl3_connect(SSL *s)
650 } 650 }
651 651
652 end: 652 end:
653 s->internal->in_handshake--; 653 s->in_handshake--;
654 ssl_info_callback(s, SSL_CB_CONNECT_EXIT, ret); 654 ssl_info_callback(s, SSL_CB_CONNECT_EXIT, ret);
655 655
656 return (ret); 656 return (ret);
@@ -706,7 +706,7 @@ ssl3_send_client_hello(SSL *s)
706 /* Session ID */ 706 /* Session ID */
707 if (!CBB_add_u8_length_prefixed(&client_hello, &session_id)) 707 if (!CBB_add_u8_length_prefixed(&client_hello, &session_id))
708 goto err; 708 goto err;
709 if (!s->internal->new_session && 709 if (!s->new_session &&
710 s->session->session_id_length > 0) { 710 s->session->session_id_length > 0) {
711 sl = s->session->session_id_length; 711 sl = s->session->session_id_length;
712 if (sl > sizeof(s->session->session_id)) { 712 if (sl > sizeof(s->session->session_id)) {
@@ -777,7 +777,7 @@ ssl3_get_dtls_hello_verify(SSL *s)
777 int al, ret; 777 int al, ret;
778 778
779 if ((ret = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, 779 if ((ret = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
780 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list)) <= 0) 780 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list)) <= 0)
781 return ret; 781 return ret;
782 782
783 if (s->s3->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { 783 if (s->s3->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
@@ -786,11 +786,11 @@ ssl3_get_dtls_hello_verify(SSL *s)
786 return (1); 786 return (1);
787 } 787 }
788 788
789 if (s->internal->init_num < 0) 789 if (s->init_num < 0)
790 goto decode_err; 790 goto decode_err;
791 791
792 CBS_init(&hello_verify_request, s->internal->init_msg, 792 CBS_init(&hello_verify_request, s->init_msg,
793 s->internal->init_num); 793 s->init_num);
794 794
795 if (!CBS_get_u16(&hello_verify_request, &ssl_version)) 795 if (!CBS_get_u16(&hello_verify_request, &ssl_version))
796 goto decode_err; 796 goto decode_err;
@@ -840,16 +840,16 @@ ssl3_get_server_hello(SSL *s)
840 unsigned long alg_k; 840 unsigned long alg_k;
841 int al, ret; 841 int al, ret;
842 842
843 s->internal->first_packet = 1; 843 s->first_packet = 1;
844 if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, 844 if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
845 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000 /* ?? */)) <= 0) 845 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000 /* ?? */)) <= 0)
846 return ret; 846 return ret;
847 s->internal->first_packet = 0; 847 s->first_packet = 0;
848 848
849 if (s->internal->init_num < 0) 849 if (s->init_num < 0)
850 goto decode_err; 850 goto decode_err;
851 851
852 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 852 CBS_init(&cbs, s->init_msg, s->init_num);
853 853
854 if (SSL_is_dtls(s)) { 854 if (SSL_is_dtls(s)) {
855 if (s->s3->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { 855 if (s->s3->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
@@ -944,13 +944,13 @@ ssl3_get_server_hello(SSL *s)
944 * Check if we want to resume the session based on external 944 * Check if we want to resume the session based on external
945 * pre-shared secret. 945 * pre-shared secret.
946 */ 946 */
947 if (s->internal->tls_session_secret_cb != NULL) { 947 if (s->tls_session_secret_cb != NULL) {
948 SSL_CIPHER *pref_cipher = NULL; 948 SSL_CIPHER *pref_cipher = NULL;
949 int master_key_length = sizeof(s->session->master_key); 949 int master_key_length = sizeof(s->session->master_key);
950 950
951 if (!s->internal->tls_session_secret_cb(s, 951 if (!s->tls_session_secret_cb(s,
952 s->session->master_key, &master_key_length, NULL, 952 s->session->master_key, &master_key_length, NULL,
953 &pref_cipher, s->internal->tls_session_secret_cb_arg)) { 953 &pref_cipher, s->tls_session_secret_cb_arg)) {
954 SSLerror(s, ERR_R_INTERNAL_ERROR); 954 SSLerror(s, ERR_R_INTERNAL_ERROR);
955 goto err; 955 goto err;
956 } 956 }
@@ -978,13 +978,13 @@ ssl3_get_server_hello(SSL *s)
978 goto fatal_err; 978 goto fatal_err;
979 } 979 }
980 s->s3->flags |= SSL3_FLAGS_CCS_OK; 980 s->s3->flags |= SSL3_FLAGS_CCS_OK;
981 s->internal->hit = 1; 981 s->hit = 1;
982 } else { 982 } else {
983 /* a miss or crap from the other end */ 983 /* a miss or crap from the other end */
984 984
985 /* If we were trying for session-id reuse, make a new 985 /* If we were trying for session-id reuse, make a new
986 * SSL_SESSION so we don't stuff up other people */ 986 * SSL_SESSION so we don't stuff up other people */
987 s->internal->hit = 0; 987 s->hit = 0;
988 if (s->session->session_id_length > 0) { 988 if (s->session->session_id_length > 0) {
989 if (!ssl_get_new_session(s, 0)) { 989 if (!ssl_get_new_session(s, 0)) {
990 al = SSL_AD_INTERNAL_ERROR; 990 al = SSL_AD_INTERNAL_ERROR;
@@ -1032,7 +1032,7 @@ ssl3_get_server_hello(SSL *s)
1032 */ 1032 */
1033 if (s->session->cipher) 1033 if (s->session->cipher)
1034 s->session->cipher_id = s->session->cipher->id; 1034 s->session->cipher_id = s->session->cipher->id;
1035 if (s->internal->hit && (s->session->cipher_id != cipher->id)) { 1035 if (s->hit && (s->session->cipher_id != cipher->id)) {
1036 al = SSL_AD_ILLEGAL_PARAMETER; 1036 al = SSL_AD_ILLEGAL_PARAMETER;
1037 SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 1037 SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
1038 goto fatal_err; 1038 goto fatal_err;
@@ -1076,7 +1076,7 @@ ssl3_get_server_hello(SSL *s)
1076 * absence on initial connect only. 1076 * absence on initial connect only.
1077 */ 1077 */
1078 if (!s->s3->renegotiate_seen && 1078 if (!s->s3->renegotiate_seen &&
1079 !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { 1079 !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
1080 al = SSL_AD_HANDSHAKE_FAILURE; 1080 al = SSL_AD_HANDSHAKE_FAILURE;
1081 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 1081 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1082 goto fatal_err; 1082 goto fatal_err;
@@ -1109,7 +1109,7 @@ ssl3_get_server_certificate(SSL *s)
1109 int al, ret; 1109 int al, ret;
1110 1110
1111 if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A, 1111 if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
1112 SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0) 1112 SSL3_ST_CR_CERT_B, -1, s->max_cert_list)) <= 0)
1113 return ret; 1113 return ret;
1114 1114
1115 ret = -1; 1115 ret = -1;
@@ -1130,10 +1130,10 @@ ssl3_get_server_certificate(SSL *s)
1130 goto err; 1130 goto err;
1131 } 1131 }
1132 1132
1133 if (s->internal->init_num < 0) 1133 if (s->init_num < 0)
1134 goto decode_err; 1134 goto decode_err;
1135 1135
1136 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 1136 CBS_init(&cbs, s->init_msg, s->init_num);
1137 1137
1138 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list)) 1138 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list))
1139 goto decode_err; 1139 goto decode_err;
@@ -1314,16 +1314,16 @@ ssl3_get_server_key_exchange(SSL *s)
1314 * as ServerKeyExchange message may be skipped. 1314 * as ServerKeyExchange message may be skipped.
1315 */ 1315 */
1316 if ((ret = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, 1316 if ((ret = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
1317 SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list)) <= 0) 1317 SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list)) <= 0)
1318 return ret; 1318 return ret;
1319 1319
1320 if ((md_ctx = EVP_MD_CTX_new()) == NULL) 1320 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
1321 goto err; 1321 goto err;
1322 1322
1323 if (s->internal->init_num < 0) 1323 if (s->init_num < 0)
1324 goto err; 1324 goto err;
1325 1325
1326 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 1326 CBS_init(&cbs, s->init_msg, s->init_num);
1327 1327
1328 if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { 1328 if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1329 /* 1329 /*
@@ -1454,7 +1454,7 @@ ssl3_get_certificate_request(SSL *s)
1454 int ret; 1454 int ret;
1455 1455
1456 if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A, 1456 if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A,
1457 SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list)) <= 0) 1457 SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list)) <= 0)
1458 return ret; 1458 return ret;
1459 1459
1460 ret = 0; 1460 ret = 0;
@@ -1484,9 +1484,9 @@ ssl3_get_certificate_request(SSL *s)
1484 goto err; 1484 goto err;
1485 } 1485 }
1486 1486
1487 if (s->internal->init_num < 0) 1487 if (s->init_num < 0)
1488 goto decode_err; 1488 goto decode_err;
1489 CBS_init(&cert_request, s->internal->init_msg, s->internal->init_num); 1489 CBS_init(&cert_request, s->init_msg, s->init_num);
1490 1490
1491 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { 1491 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1492 SSLerror(s, ERR_R_MALLOC_FAILURE); 1492 SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -1610,13 +1610,13 @@ ssl3_get_new_session_ticket(SSL *s)
1610 goto fatal_err; 1610 goto fatal_err;
1611 } 1611 }
1612 1612
1613 if (s->internal->init_num < 0) { 1613 if (s->init_num < 0) {
1614 al = SSL_AD_DECODE_ERROR; 1614 al = SSL_AD_DECODE_ERROR;
1615 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1615 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1616 goto fatal_err; 1616 goto fatal_err;
1617 } 1617 }
1618 1618
1619 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 1619 CBS_init(&cbs, s->init_msg, s->init_num);
1620 if (!CBS_get_u32(&cbs, &lifetime_hint) || 1620 if (!CBS_get_u32(&cbs, &lifetime_hint) ||
1621 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) || 1621 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
1622 CBS_len(&cbs) != 0) { 1622 CBS_len(&cbs) != 0) {
@@ -1679,13 +1679,13 @@ ssl3_get_cert_status(SSL *s)
1679 * Tell the callback the server did not send us an OSCP 1679 * Tell the callback the server did not send us an OSCP
1680 * response, and has decided to head directly to key exchange. 1680 * response, and has decided to head directly to key exchange.
1681 */ 1681 */
1682 if (s->ctx->internal->tlsext_status_cb) { 1682 if (s->ctx->tlsext_status_cb) {
1683 free(s->internal->tlsext_ocsp_resp); 1683 free(s->tlsext_ocsp_resp);
1684 s->internal->tlsext_ocsp_resp = NULL; 1684 s->tlsext_ocsp_resp = NULL;
1685 s->internal->tlsext_ocsp_resp_len = 0; 1685 s->tlsext_ocsp_resp_len = 0;
1686 1686
1687 ret = s->ctx->internal->tlsext_status_cb(s, 1687 ret = s->ctx->tlsext_status_cb(s,
1688 s->ctx->internal->tlsext_status_arg); 1688 s->ctx->tlsext_status_arg);
1689 if (ret == 0) { 1689 if (ret == 0) {
1690 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 1690 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1691 SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE); 1691 SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
@@ -1708,14 +1708,14 @@ ssl3_get_cert_status(SSL *s)
1708 goto fatal_err; 1708 goto fatal_err;
1709 } 1709 }
1710 1710
1711 if (s->internal->init_num < 0) { 1711 if (s->init_num < 0) {
1712 /* need at least status type + length */ 1712 /* need at least status type + length */
1713 al = SSL_AD_DECODE_ERROR; 1713 al = SSL_AD_DECODE_ERROR;
1714 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1714 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1715 goto fatal_err; 1715 goto fatal_err;
1716 } 1716 }
1717 1717
1718 CBS_init(&cert_status, s->internal->init_msg, s->internal->init_num); 1718 CBS_init(&cert_status, s->init_msg, s->init_num);
1719 if (!CBS_get_u8(&cert_status, &status_type) || 1719 if (!CBS_get_u8(&cert_status, &status_type) ||
1720 CBS_len(&cert_status) < 3) { 1720 CBS_len(&cert_status) < 3) {
1721 /* need at least status type + length */ 1721 /* need at least status type + length */
@@ -1737,16 +1737,16 @@ ssl3_get_cert_status(SSL *s)
1737 goto fatal_err; 1737 goto fatal_err;
1738 } 1738 }
1739 1739
1740 if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp, 1740 if (!CBS_stow(&response, &s->tlsext_ocsp_resp,
1741 &s->internal->tlsext_ocsp_resp_len)) { 1741 &s->tlsext_ocsp_resp_len)) {
1742 al = SSL_AD_INTERNAL_ERROR; 1742 al = SSL_AD_INTERNAL_ERROR;
1743 SSLerror(s, ERR_R_MALLOC_FAILURE); 1743 SSLerror(s, ERR_R_MALLOC_FAILURE);
1744 goto fatal_err; 1744 goto fatal_err;
1745 } 1745 }
1746 1746
1747 if (s->ctx->internal->tlsext_status_cb) { 1747 if (s->ctx->tlsext_status_cb) {
1748 ret = s->ctx->internal->tlsext_status_cb(s, 1748 ret = s->ctx->tlsext_status_cb(s,
1749 s->ctx->internal->tlsext_status_arg); 1749 s->ctx->tlsext_status_arg);
1750 if (ret == 0) { 1750 if (ret == 0) {
1751 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 1751 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1752 SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE); 1752 SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
@@ -1774,7 +1774,7 @@ ssl3_get_server_done(SSL *s)
1774 30 /* should be very small, like 0 :-) */)) <= 0) 1774 30 /* should be very small, like 0 :-) */)) <= 0)
1775 return ret; 1775 return ret;
1776 1776
1777 if (s->internal->init_num != 0) { 1777 if (s->init_num != 0) {
1778 /* should contain no data */ 1778 /* should contain no data */
1779 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1779 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1780 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1780 SSLerror(s, SSL_R_LENGTH_MISMATCH);
@@ -2383,15 +2383,15 @@ ssl3_send_client_certificate(SSL *s)
2383 if (s->s3->hs.state == SSL3_ST_CW_CERT_B) { 2383 if (s->s3->hs.state == SSL3_ST_CW_CERT_B) {
2384 /* 2384 /*
2385 * If we get an error, we need to 2385 * If we get an error, we need to
2386 * ssl->internal->rwstate = SSL_X509_LOOKUP; return(-1); 2386 * ssl->rwstate = SSL_X509_LOOKUP; return(-1);
2387 * We then get retried later. 2387 * We then get retried later.
2388 */ 2388 */
2389 i = ssl_do_client_cert_cb(s, &x509, &pkey); 2389 i = ssl_do_client_cert_cb(s, &x509, &pkey);
2390 if (i < 0) { 2390 if (i < 0) {
2391 s->internal->rwstate = SSL_X509_LOOKUP; 2391 s->rwstate = SSL_X509_LOOKUP;
2392 return (-1); 2392 return (-1);
2393 } 2393 }
2394 s->internal->rwstate = SSL_NOTHING; 2394 s->rwstate = SSL_NOTHING;
2395 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { 2395 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
2396 s->s3->hs.state = SSL3_ST_CW_CERT_B; 2396 s->s3->hs.state = SSL3_ST_CW_CERT_B;
2397 if (!SSL_use_certificate(s, x509) || 2397 if (!SSL_use_certificate(s, x509) ||
@@ -2508,7 +2508,7 @@ ssl3_check_finished(SSL *s)
2508 /* this function is called when we really expect a Certificate 2508 /* this function is called when we really expect a Certificate
2509 * message, so permit appropriate message length */ 2509 * message, so permit appropriate message length */
2510 if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A, 2510 if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
2511 SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0) 2511 SSL3_ST_CR_CERT_B, -1, s->max_cert_list)) <= 0)
2512 return ret; 2512 return ret;
2513 2513
2514 s->s3->hs.tls12.reuse_message = 1; 2514 s->s3->hs.tls12.reuse_message = 1;
@@ -2525,16 +2525,16 @@ ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
2525 int i = 0; 2525 int i = 0;
2526 2526
2527#ifndef OPENSSL_NO_ENGINE 2527#ifndef OPENSSL_NO_ENGINE
2528 if (s->ctx->internal->client_cert_engine) { 2528 if (s->ctx->client_cert_engine) {
2529 i = ENGINE_load_ssl_client_cert( 2529 i = ENGINE_load_ssl_client_cert(
2530 s->ctx->internal->client_cert_engine, s, 2530 s->ctx->client_cert_engine, s,
2531 SSL_get_client_CA_list(s), px509, ppkey, NULL, NULL, NULL); 2531 SSL_get_client_CA_list(s), px509, ppkey, NULL, NULL, NULL);
2532 if (i != 0) 2532 if (i != 0)
2533 return (i); 2533 return (i);
2534 } 2534 }
2535#endif 2535#endif
2536 if (s->ctx->internal->client_cert_cb) 2536 if (s->ctx->client_cert_cb)
2537 i = s->ctx->internal->client_cert_cb(s, px509, ppkey); 2537 i = s->ctx->client_cert_cb(s, px509, ppkey);
2538 return (i); 2538 return (i);
2539} 2539}
2540 2540
@@ -2547,8 +2547,8 @@ ssl3_send_client_change_cipher_spec(SSL *s)
2547 memset(&cbb, 0, sizeof(cbb)); 2547 memset(&cbb, 0, sizeof(cbb));
2548 2548
2549 if (s->s3->hs.state == SSL3_ST_CW_CHANGE_A) { 2549 if (s->s3->hs.state == SSL3_ST_CW_CHANGE_A) {
2550 if (!CBB_init_fixed(&cbb, s->internal->init_buf->data, 2550 if (!CBB_init_fixed(&cbb, s->init_buf->data,
2551 s->internal->init_buf->length)) 2551 s->init_buf->length))
2552 goto err; 2552 goto err;
2553 if (!CBB_add_u8(&cbb, SSL3_MT_CCS)) 2553 if (!CBB_add_u8(&cbb, SSL3_MT_CCS))
2554 goto err; 2554 goto err;
@@ -2558,8 +2558,8 @@ ssl3_send_client_change_cipher_spec(SSL *s)
2558 if (outlen > INT_MAX) 2558 if (outlen > INT_MAX)
2559 goto err; 2559 goto err;
2560 2560
2561 s->internal->init_num = (int)outlen; 2561 s->init_num = (int)outlen;
2562 s->internal->init_off = 0; 2562 s->init_off = 0;
2563 2563
2564 if (SSL_is_dtls(s)) { 2564 if (SSL_is_dtls(s)) {
2565 s->d1->handshake_write_seq = 2565 s->d1->handshake_write_seq =
@@ -2639,13 +2639,13 @@ ssl3_get_server_finished(SSL *s)
2639 2639
2640 md_len = TLS1_FINISH_MAC_LENGTH; 2640 md_len = TLS1_FINISH_MAC_LENGTH;
2641 2641
2642 if (s->internal->init_num < 0) { 2642 if (s->init_num < 0) {
2643 al = SSL_AD_DECODE_ERROR; 2643 al = SSL_AD_DECODE_ERROR;
2644 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); 2644 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
2645 goto fatal_err; 2645 goto fatal_err;
2646 } 2646 }
2647 2647
2648 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 2648 CBS_init(&cbs, s->init_msg, s->init_num);
2649 2649
2650 if (s->s3->hs.peer_finished_len != md_len || 2650 if (s->s3->hs.peer_finished_len != md_len ||
2651 CBS_len(&cbs) != md_len) { 2651 CBS_len(&cbs) != md_len) {
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index f5f7bf66c1..4b5f119a88 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.305 2022/09/10 15:29:33 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.306 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -180,33 +180,33 @@ SSL_clear(SSL *s)
180 } 180 }
181 181
182 s->error = 0; 182 s->error = 0;
183 s->internal->hit = 0; 183 s->hit = 0;
184 s->internal->shutdown = 0; 184 s->shutdown = 0;
185 185
186 if (s->internal->renegotiate) { 186 if (s->renegotiate) {
187 SSLerror(s, ERR_R_INTERNAL_ERROR); 187 SSLerror(s, ERR_R_INTERNAL_ERROR);
188 return (0); 188 return (0);
189 } 189 }
190 190
191 s->version = s->method->version; 191 s->version = s->method->version;
192 s->client_version = s->version; 192 s->client_version = s->version;
193 s->internal->rwstate = SSL_NOTHING; 193 s->rwstate = SSL_NOTHING;
194 s->internal->rstate = SSL_ST_READ_HEADER; 194 s->rstate = SSL_ST_READ_HEADER;
195 195
196 tls13_ctx_free(s->internal->tls13); 196 tls13_ctx_free(s->tls13);
197 s->internal->tls13 = NULL; 197 s->tls13 = NULL;
198 198
199 ssl3_release_init_buffer(s); 199 ssl3_release_init_buffer(s);
200 200
201 ssl_clear_cipher_state(s); 201 ssl_clear_cipher_state(s);
202 202
203 s->internal->first_packet = 0; 203 s->first_packet = 0;
204 204
205 /* 205 /*
206 * Check to see if we were changed into a different method, if 206 * Check to see if we were changed into a different method, if
207 * so, revert back if we are not doing session-id reuse. 207 * so, revert back if we are not doing session-id reuse.
208 */ 208 */
209 if (!s->internal->in_handshake && (s->session == NULL) && 209 if (!s->in_handshake && (s->session == NULL) &&
210 (s->method != s->ctx->method)) { 210 (s->method != s->ctx->method)) {
211 s->method->ssl_free(s); 211 s->method->ssl_free(s);
212 s->method = s->ctx->method; 212 s->method = s->ctx->method;
@@ -227,8 +227,8 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
227 ctx->method = meth; 227 ctx->method = meth;
228 228
229 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 229 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
230 ctx->internal->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST, 230 ctx->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST,
231 ctx->internal->cert); 231 ctx->cert);
232 if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) { 232 if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) {
233 SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 233 SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
234 return (0); 234 return (0);
@@ -253,87 +253,85 @@ SSL_new(SSL_CTX *ctx)
253 253
254 if ((s = calloc(1, sizeof(*s))) == NULL) 254 if ((s = calloc(1, sizeof(*s))) == NULL)
255 goto err; 255 goto err;
256 if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL)
257 goto err;
258 256
259 if ((s->internal->rl = tls12_record_layer_new()) == NULL) 257 if ((s->rl = tls12_record_layer_new()) == NULL)
260 goto err; 258 goto err;
261 259
262 s->internal->min_tls_version = ctx->internal->min_tls_version; 260 s->min_tls_version = ctx->min_tls_version;
263 s->internal->max_tls_version = ctx->internal->max_tls_version; 261 s->max_tls_version = ctx->max_tls_version;
264 s->internal->min_proto_version = ctx->internal->min_proto_version; 262 s->min_proto_version = ctx->min_proto_version;
265 s->internal->max_proto_version = ctx->internal->max_proto_version; 263 s->max_proto_version = ctx->max_proto_version;
266 264
267 s->internal->options = ctx->internal->options; 265 s->options = ctx->options;
268 s->internal->mode = ctx->internal->mode; 266 s->mode = ctx->mode;
269 s->internal->max_cert_list = ctx->internal->max_cert_list; 267 s->max_cert_list = ctx->max_cert_list;
270 s->internal->num_tickets = ctx->internal->num_tickets; 268 s->num_tickets = ctx->num_tickets;
271 269
272 if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL) 270 if ((s->cert = ssl_cert_dup(ctx->cert)) == NULL)
273 goto err; 271 goto err;
274 272
275 s->internal->read_ahead = ctx->internal->read_ahead; 273 s->read_ahead = ctx->read_ahead;
276 s->internal->msg_callback = ctx->internal->msg_callback; 274 s->msg_callback = ctx->msg_callback;
277 s->internal->msg_callback_arg = ctx->internal->msg_callback_arg; 275 s->msg_callback_arg = ctx->msg_callback_arg;
278 s->verify_mode = ctx->verify_mode; 276 s->verify_mode = ctx->verify_mode;
279 s->sid_ctx_length = ctx->sid_ctx_length; 277 s->sid_ctx_length = ctx->sid_ctx_length;
280 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); 278 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
281 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); 279 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
282 s->internal->verify_callback = ctx->internal->default_verify_callback; 280 s->verify_callback = ctx->default_verify_callback;
283 s->internal->generate_session_id = ctx->internal->generate_session_id; 281 s->generate_session_id = ctx->generate_session_id;
284 282
285 s->param = X509_VERIFY_PARAM_new(); 283 s->param = X509_VERIFY_PARAM_new();
286 if (!s->param) 284 if (!s->param)
287 goto err; 285 goto err;
288 X509_VERIFY_PARAM_inherit(s->param, ctx->param); 286 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
289 s->internal->quiet_shutdown = ctx->internal->quiet_shutdown; 287 s->quiet_shutdown = ctx->quiet_shutdown;
290 s->max_send_fragment = ctx->internal->max_send_fragment; 288 s->max_send_fragment = ctx->max_send_fragment;
291 289
292 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 290 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
293 s->ctx = ctx; 291 s->ctx = ctx;
294 s->internal->tlsext_debug_cb = 0; 292 s->tlsext_debug_cb = 0;
295 s->internal->tlsext_debug_arg = NULL; 293 s->tlsext_debug_arg = NULL;
296 s->internal->tlsext_ticket_expected = 0; 294 s->tlsext_ticket_expected = 0;
297 s->tlsext_status_type = -1; 295 s->tlsext_status_type = -1;
298 s->internal->tlsext_status_expected = 0; 296 s->tlsext_status_expected = 0;
299 s->internal->tlsext_ocsp_ids = NULL; 297 s->tlsext_ocsp_ids = NULL;
300 s->internal->tlsext_ocsp_exts = NULL; 298 s->tlsext_ocsp_exts = NULL;
301 s->internal->tlsext_ocsp_resp = NULL; 299 s->tlsext_ocsp_resp = NULL;
302 s->internal->tlsext_ocsp_resp_len = 0; 300 s->tlsext_ocsp_resp_len = 0;
303 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 301 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
304 s->initial_ctx = ctx; 302 s->initial_ctx = ctx;
305 303
306 if (ctx->internal->tlsext_ecpointformatlist != NULL) { 304 if (ctx->tlsext_ecpointformatlist != NULL) {
307 s->internal->tlsext_ecpointformatlist = 305 s->tlsext_ecpointformatlist =
308 calloc(ctx->internal->tlsext_ecpointformatlist_length, 306 calloc(ctx->tlsext_ecpointformatlist_length,
309 sizeof(ctx->internal->tlsext_ecpointformatlist[0])); 307 sizeof(ctx->tlsext_ecpointformatlist[0]));
310 if (s->internal->tlsext_ecpointformatlist == NULL) 308 if (s->tlsext_ecpointformatlist == NULL)
311 goto err; 309 goto err;
312 memcpy(s->internal->tlsext_ecpointformatlist, 310 memcpy(s->tlsext_ecpointformatlist,
313 ctx->internal->tlsext_ecpointformatlist, 311 ctx->tlsext_ecpointformatlist,
314 ctx->internal->tlsext_ecpointformatlist_length * 312 ctx->tlsext_ecpointformatlist_length *
315 sizeof(ctx->internal->tlsext_ecpointformatlist[0])); 313 sizeof(ctx->tlsext_ecpointformatlist[0]));
316 s->internal->tlsext_ecpointformatlist_length = 314 s->tlsext_ecpointformatlist_length =
317 ctx->internal->tlsext_ecpointformatlist_length; 315 ctx->tlsext_ecpointformatlist_length;
318 } 316 }
319 if (ctx->internal->tlsext_supportedgroups != NULL) { 317 if (ctx->tlsext_supportedgroups != NULL) {
320 s->internal->tlsext_supportedgroups = 318 s->tlsext_supportedgroups =
321 calloc(ctx->internal->tlsext_supportedgroups_length, 319 calloc(ctx->tlsext_supportedgroups_length,
322 sizeof(ctx->internal->tlsext_supportedgroups[0])); 320 sizeof(ctx->tlsext_supportedgroups[0]));
323 if (s->internal->tlsext_supportedgroups == NULL) 321 if (s->tlsext_supportedgroups == NULL)
324 goto err; 322 goto err;
325 memcpy(s->internal->tlsext_supportedgroups, 323 memcpy(s->tlsext_supportedgroups,
326 ctx->internal->tlsext_supportedgroups, 324 ctx->tlsext_supportedgroups,
327 ctx->internal->tlsext_supportedgroups_length * 325 ctx->tlsext_supportedgroups_length *
328 sizeof(ctx->internal->tlsext_supportedgroups[0])); 326 sizeof(ctx->tlsext_supportedgroups[0]));
329 s->internal->tlsext_supportedgroups_length = 327 s->tlsext_supportedgroups_length =
330 ctx->internal->tlsext_supportedgroups_length; 328 ctx->tlsext_supportedgroups_length;
331 } 329 }
332 330
333 CBS_init(&cbs, ctx->internal->alpn_client_proto_list, 331 CBS_init(&cbs, ctx->alpn_client_proto_list,
334 ctx->internal->alpn_client_proto_list_len); 332 ctx->alpn_client_proto_list_len);
335 if (!CBS_stow(&cbs, &s->internal->alpn_client_proto_list, 333 if (!CBS_stow(&cbs, &s->alpn_client_proto_list,
336 &s->internal->alpn_client_proto_list_len)) 334 &s->alpn_client_proto_list_len))
337 goto err; 335 goto err;
338 336
339 s->verify_result = X509_V_OK; 337 s->verify_result = X509_V_OK;
@@ -349,7 +347,7 @@ SSL_new(SSL_CTX *ctx)
349 347
350 SSL_clear(s); 348 SSL_clear(s);
351 349
352 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data); 350 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
353 351
354 return (s); 352 return (s);
355 353
@@ -391,7 +389,7 @@ int
391SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 389SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
392{ 390{
393 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 391 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
394 ctx->internal->generate_session_id = cb; 392 ctx->generate_session_id = cb;
395 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 393 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
396 return (1); 394 return (1);
397} 395}
@@ -400,7 +398,7 @@ int
400SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 398SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
401{ 399{
402 CRYPTO_w_lock(CRYPTO_LOCK_SSL); 400 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
403 ssl->internal->generate_session_id = cb; 401 ssl->generate_session_id = cb;
404 CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 402 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
405 return (1); 403 return (1);
406} 404}
@@ -426,7 +424,7 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
426 memcpy(r.session_id, id, id_len); 424 memcpy(r.session_id, id, id_len);
427 425
428 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 426 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
429 p = lh_SSL_SESSION_retrieve(ssl->ctx->internal->sessions, &r); 427 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
430 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 428 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
431 return (p != NULL); 429 return (p != NULL);
432} 430}
@@ -519,7 +517,7 @@ SSL_free(SSL *s)
519 517
520 X509_VERIFY_PARAM_free(s->param); 518 X509_VERIFY_PARAM_free(s->param);
521 519
522 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data); 520 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
523 521
524 if (s->bbio != NULL) { 522 if (s->bbio != NULL) {
525 /* If the buffering BIO is in place, pop it off */ 523 /* If the buffering BIO is in place, pop it off */
@@ -534,12 +532,12 @@ SSL_free(SSL *s)
534 BIO_free_all(s->rbio); 532 BIO_free_all(s->rbio);
535 BIO_free_all(s->wbio); 533 BIO_free_all(s->wbio);
536 534
537 tls13_ctx_free(s->internal->tls13); 535 tls13_ctx_free(s->tls13);
538 536
539 ssl3_release_init_buffer(s); 537 ssl3_release_init_buffer(s);
540 538
541 sk_SSL_CIPHER_free(s->cipher_list); 539 sk_SSL_CIPHER_free(s->cipher_list);
542 sk_SSL_CIPHER_free(s->internal->cipher_list_tls13); 540 sk_SSL_CIPHER_free(s->cipher_list_tls13);
543 541
544 /* Make the next call work :-) */ 542 /* Make the next call work :-) */
545 if (s->session != NULL) { 543 if (s->session != NULL) {
@@ -554,32 +552,31 @@ SSL_free(SSL *s)
554 free(s->tlsext_hostname); 552 free(s->tlsext_hostname);
555 SSL_CTX_free(s->initial_ctx); 553 SSL_CTX_free(s->initial_ctx);
556 554
557 free(s->internal->tlsext_ecpointformatlist); 555 free(s->tlsext_ecpointformatlist);
558 free(s->internal->tlsext_supportedgroups); 556 free(s->tlsext_supportedgroups);
559 557
560 sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts, 558 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
561 X509_EXTENSION_free); 559 X509_EXTENSION_free);
562 sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free); 560 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
563 free(s->internal->tlsext_ocsp_resp); 561 free(s->tlsext_ocsp_resp);
564 562
565 sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free); 563 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
566 564
567 if (s->method != NULL) 565 if (s->method != NULL)
568 s->method->ssl_free(s); 566 s->method->ssl_free(s);
569 567
570 SSL_CTX_free(s->ctx); 568 SSL_CTX_free(s->ctx);
571 569
572 free(s->internal->alpn_client_proto_list); 570 free(s->alpn_client_proto_list);
573 571
574 free(s->internal->quic_transport_params); 572 free(s->quic_transport_params);
575 573
576#ifndef OPENSSL_NO_SRTP 574#ifndef OPENSSL_NO_SRTP
577 sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles); 575 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
578#endif 576#endif
579 577
580 tls12_record_layer_free(s->internal->rl); 578 tls12_record_layer_free(s->rl);
581 579
582 free(s->internal);
583 free(s); 580 free(s);
584} 581}
585 582
@@ -768,25 +765,25 @@ SSL_get_verify_depth(const SSL *s)
768int 765int
769(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) 766(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
770{ 767{
771 return (s->internal->verify_callback); 768 return (s->verify_callback);
772} 769}
773 770
774void 771void
775SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) 772SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
776{ 773{
777 ctx->internal->keylog_callback = cb; 774 ctx->keylog_callback = cb;
778} 775}
779 776
780SSL_CTX_keylog_cb_func 777SSL_CTX_keylog_cb_func
781SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) 778SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
782{ 779{
783 return (ctx->internal->keylog_callback); 780 return (ctx->keylog_callback);
784} 781}
785 782
786int 783int
787SSL_set_num_tickets(SSL *s, size_t num_tickets) 784SSL_set_num_tickets(SSL *s, size_t num_tickets)
788{ 785{
789 s->internal->num_tickets = num_tickets; 786 s->num_tickets = num_tickets;
790 787
791 return 1; 788 return 1;
792} 789}
@@ -794,13 +791,13 @@ SSL_set_num_tickets(SSL *s, size_t num_tickets)
794size_t 791size_t
795SSL_get_num_tickets(const SSL *s) 792SSL_get_num_tickets(const SSL *s)
796{ 793{
797 return s->internal->num_tickets; 794 return s->num_tickets;
798} 795}
799 796
800int 797int
801SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) 798SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
802{ 799{
803 ctx->internal->num_tickets = num_tickets; 800 ctx->num_tickets = num_tickets;
804 801
805 return 1; 802 return 1;
806} 803}
@@ -808,7 +805,7 @@ SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
808size_t 805size_t
809SSL_CTX_get_num_tickets(const SSL_CTX *ctx) 806SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
810{ 807{
811 return ctx->internal->num_tickets; 808 return ctx->num_tickets;
812} 809}
813 810
814int 811int
@@ -826,7 +823,7 @@ SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
826int 823int
827(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) 824(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
828{ 825{
829 return (ctx->internal->default_verify_callback); 826 return (ctx->default_verify_callback);
830} 827}
831 828
832void 829void
@@ -835,7 +832,7 @@ SSL_set_verify(SSL *s, int mode,
835{ 832{
836 s->verify_mode = mode; 833 s->verify_mode = mode;
837 if (callback != NULL) 834 if (callback != NULL)
838 s->internal->verify_callback = callback; 835 s->verify_callback = callback;
839} 836}
840 837
841void 838void
@@ -847,13 +844,13 @@ SSL_set_verify_depth(SSL *s, int depth)
847void 844void
848SSL_set_read_ahead(SSL *s, int yes) 845SSL_set_read_ahead(SSL *s, int yes)
849{ 846{
850 s->internal->read_ahead = yes; 847 s->read_ahead = yes;
851} 848}
852 849
853int 850int
854SSL_get_read_ahead(const SSL *s) 851SSL_get_read_ahead(const SSL *s)
855{ 852{
856 return (s->internal->read_ahead); 853 return (s->read_ahead);
857} 854}
858 855
859int 856int
@@ -897,7 +894,7 @@ SSL_get_peer_cert_chain(const SSL *s)
897STACK_OF(X509) * 894STACK_OF(X509) *
898SSL_get0_verified_chain(const SSL *s) 895SSL_get0_verified_chain(const SSL *s)
899{ 896{
900 return s->internal->verified_chain; 897 return s->verified_chain;
901} 898}
902 899
903/* 900/*
@@ -939,17 +936,17 @@ SSL_copy_session_id(SSL *t, const SSL *f)
939int 936int
940SSL_CTX_check_private_key(const SSL_CTX *ctx) 937SSL_CTX_check_private_key(const SSL_CTX *ctx)
941{ 938{
942 if ((ctx == NULL) || (ctx->internal->cert == NULL) || 939 if ((ctx == NULL) || (ctx->cert == NULL) ||
943 (ctx->internal->cert->key->x509 == NULL)) { 940 (ctx->cert->key->x509 == NULL)) {
944 SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED); 941 SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED);
945 return (0); 942 return (0);
946 } 943 }
947 if (ctx->internal->cert->key->privatekey == NULL) { 944 if (ctx->cert->key->privatekey == NULL) {
948 SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED); 945 SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
949 return (0); 946 return (0);
950 } 947 }
951 return (X509_check_private_key(ctx->internal->cert->key->x509, 948 return (X509_check_private_key(ctx->cert->key->x509,
952 ctx->internal->cert->key->privatekey)); 949 ctx->cert->key->privatekey));
953} 950}
954 951
955/* Fix this function so that it takes an optional type parameter */ 952/* Fix this function so that it takes an optional type parameter */
@@ -979,7 +976,7 @@ SSL_check_private_key(const SSL *ssl)
979int 976int
980SSL_accept(SSL *s) 977SSL_accept(SSL *s)
981{ 978{
982 if (s->internal->handshake_func == NULL) 979 if (s->handshake_func == NULL)
983 SSL_set_accept_state(s); /* Not properly initialized yet */ 980 SSL_set_accept_state(s); /* Not properly initialized yet */
984 981
985 return (s->method->ssl_accept(s)); 982 return (s->method->ssl_accept(s));
@@ -988,7 +985,7 @@ SSL_accept(SSL *s)
988int 985int
989SSL_connect(SSL *s) 986SSL_connect(SSL *s)
990{ 987{
991 if (s->internal->handshake_func == NULL) 988 if (s->handshake_func == NULL)
992 SSL_set_connect_state(s); /* Not properly initialized yet */ 989 SSL_set_connect_state(s); /* Not properly initialized yet */
993 990
994 return (s->method->ssl_connect(s)); 991 return (s->method->ssl_connect(s));
@@ -1035,13 +1032,13 @@ SSL_read(SSL *s, void *buf, int num)
1035 return (-1); 1032 return (-1);
1036 } 1033 }
1037 1034
1038 if (s->internal->handshake_func == NULL) { 1035 if (s->handshake_func == NULL) {
1039 SSLerror(s, SSL_R_UNINITIALIZED); 1036 SSLerror(s, SSL_R_UNINITIALIZED);
1040 return (-1); 1037 return (-1);
1041 } 1038 }
1042 1039
1043 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { 1040 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1044 s->internal->rwstate = SSL_NOTHING; 1041 s->rwstate = SSL_NOTHING;
1045 return (0); 1042 return (0);
1046 } 1043 }
1047 return ssl3_read(s, buf, num); 1044 return ssl3_read(s, buf, num);
@@ -1079,12 +1076,12 @@ SSL_peek(SSL *s, void *buf, int num)
1079 return (-1); 1076 return (-1);
1080 } 1077 }
1081 1078
1082 if (s->internal->handshake_func == NULL) { 1079 if (s->handshake_func == NULL) {
1083 SSLerror(s, SSL_R_UNINITIALIZED); 1080 SSLerror(s, SSL_R_UNINITIALIZED);
1084 return (-1); 1081 return (-1);
1085 } 1082 }
1086 1083
1087 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { 1084 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1088 return (0); 1085 return (0);
1089 } 1086 }
1090 return ssl3_peek(s, buf, num); 1087 return ssl3_peek(s, buf, num);
@@ -1122,13 +1119,13 @@ SSL_write(SSL *s, const void *buf, int num)
1122 return (-1); 1119 return (-1);
1123 } 1120 }
1124 1121
1125 if (s->internal->handshake_func == NULL) { 1122 if (s->handshake_func == NULL) {
1126 SSLerror(s, SSL_R_UNINITIALIZED); 1123 SSLerror(s, SSL_R_UNINITIALIZED);
1127 return (-1); 1124 return (-1);
1128 } 1125 }
1129 1126
1130 if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { 1127 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1131 s->internal->rwstate = SSL_NOTHING; 1128 s->rwstate = SSL_NOTHING;
1132 SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN); 1129 SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN);
1133 return (-1); 1130 return (-1);
1134 } 1131 }
@@ -1221,7 +1218,7 @@ SSL_shutdown(SSL *s)
1221 * even if blocking I/O is used (see ssl3_shutdown). 1218 * even if blocking I/O is used (see ssl3_shutdown).
1222 */ 1219 */
1223 1220
1224 if (s->internal->handshake_func == NULL) { 1221 if (s->handshake_func == NULL) {
1225 SSLerror(s, SSL_R_UNINITIALIZED); 1222 SSLerror(s, SSL_R_UNINITIALIZED);
1226 return (-1); 1223 return (-1);
1227 } 1224 }
@@ -1235,10 +1232,10 @@ SSL_shutdown(SSL *s)
1235int 1232int
1236SSL_renegotiate(SSL *s) 1233SSL_renegotiate(SSL *s)
1237{ 1234{
1238 if (s->internal->renegotiate == 0) 1235 if (s->renegotiate == 0)
1239 s->internal->renegotiate = 1; 1236 s->renegotiate = 1;
1240 1237
1241 s->internal->new_session = 1; 1238 s->new_session = 1;
1242 1239
1243 return (s->method->ssl_renegotiate(s)); 1240 return (s->method->ssl_renegotiate(s));
1244} 1241}
@@ -1246,10 +1243,10 @@ SSL_renegotiate(SSL *s)
1246int 1243int
1247SSL_renegotiate_abbreviated(SSL *s) 1244SSL_renegotiate_abbreviated(SSL *s)
1248{ 1245{
1249 if (s->internal->renegotiate == 0) 1246 if (s->renegotiate == 0)
1250 s->internal->renegotiate = 1; 1247 s->renegotiate = 1;
1251 1248
1252 s->internal->new_session = 0; 1249 s->new_session = 0;
1253 1250
1254 return (s->method->ssl_renegotiate(s)); 1251 return (s->method->ssl_renegotiate(s));
1255} 1252}
@@ -1261,7 +1258,7 @@ SSL_renegotiate_pending(SSL *s)
1261 * Becomes true when negotiation is requested; 1258 * Becomes true when negotiation is requested;
1262 * false again once a handshake has finished. 1259 * false again once a handshake has finished.
1263 */ 1260 */
1264 return (s->internal->renegotiate != 0); 1261 return (s->renegotiate != 0);
1265} 1262}
1266 1263
1267long 1264long
@@ -1271,29 +1268,29 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1271 1268
1272 switch (cmd) { 1269 switch (cmd) {
1273 case SSL_CTRL_GET_READ_AHEAD: 1270 case SSL_CTRL_GET_READ_AHEAD:
1274 return (s->internal->read_ahead); 1271 return (s->read_ahead);
1275 case SSL_CTRL_SET_READ_AHEAD: 1272 case SSL_CTRL_SET_READ_AHEAD:
1276 l = s->internal->read_ahead; 1273 l = s->read_ahead;
1277 s->internal->read_ahead = larg; 1274 s->read_ahead = larg;
1278 return (l); 1275 return (l);
1279 1276
1280 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1277 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1281 s->internal->msg_callback_arg = parg; 1278 s->msg_callback_arg = parg;
1282 return (1); 1279 return (1);
1283 1280
1284 case SSL_CTRL_OPTIONS: 1281 case SSL_CTRL_OPTIONS:
1285 return (s->internal->options|=larg); 1282 return (s->options|=larg);
1286 case SSL_CTRL_CLEAR_OPTIONS: 1283 case SSL_CTRL_CLEAR_OPTIONS:
1287 return (s->internal->options&=~larg); 1284 return (s->options&=~larg);
1288 case SSL_CTRL_MODE: 1285 case SSL_CTRL_MODE:
1289 return (s->internal->mode|=larg); 1286 return (s->mode|=larg);
1290 case SSL_CTRL_CLEAR_MODE: 1287 case SSL_CTRL_CLEAR_MODE:
1291 return (s->internal->mode &=~larg); 1288 return (s->mode &=~larg);
1292 case SSL_CTRL_GET_MAX_CERT_LIST: 1289 case SSL_CTRL_GET_MAX_CERT_LIST:
1293 return (s->internal->max_cert_list); 1290 return (s->max_cert_list);
1294 case SSL_CTRL_SET_MAX_CERT_LIST: 1291 case SSL_CTRL_SET_MAX_CERT_LIST:
1295 l = s->internal->max_cert_list; 1292 l = s->max_cert_list;
1296 s->internal->max_cert_list = larg; 1293 s->max_cert_list = larg;
1297 return (l); 1294 return (l);
1298 case SSL_CTRL_SET_MTU: 1295 case SSL_CTRL_SET_MTU:
1299#ifndef OPENSSL_NO_DTLS1 1296#ifndef OPENSSL_NO_DTLS1
@@ -1326,7 +1323,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1326{ 1323{
1327 switch (cmd) { 1324 switch (cmd) {
1328 case SSL_CTRL_SET_MSG_CALLBACK: 1325 case SSL_CTRL_SET_MSG_CALLBACK:
1329 s->internal->msg_callback = (ssl_msg_callback_fn *)(fp); 1326 s->msg_callback = (ssl_msg_callback_fn *)(fp);
1330 return (1); 1327 return (1);
1331 1328
1332 default: 1329 default:
@@ -1337,7 +1334,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1337struct lhash_st_SSL_SESSION * 1334struct lhash_st_SSL_SESSION *
1338SSL_CTX_sessions(SSL_CTX *ctx) 1335SSL_CTX_sessions(SSL_CTX *ctx)
1339{ 1336{
1340 return (ctx->internal->sessions); 1337 return (ctx->sessions);
1341} 1338}
1342 1339
1343long 1340long
@@ -1347,72 +1344,72 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1347 1344
1348 switch (cmd) { 1345 switch (cmd) {
1349 case SSL_CTRL_GET_READ_AHEAD: 1346 case SSL_CTRL_GET_READ_AHEAD:
1350 return (ctx->internal->read_ahead); 1347 return (ctx->read_ahead);
1351 case SSL_CTRL_SET_READ_AHEAD: 1348 case SSL_CTRL_SET_READ_AHEAD:
1352 l = ctx->internal->read_ahead; 1349 l = ctx->read_ahead;
1353 ctx->internal->read_ahead = larg; 1350 ctx->read_ahead = larg;
1354 return (l); 1351 return (l);
1355 1352
1356 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1353 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1357 ctx->internal->msg_callback_arg = parg; 1354 ctx->msg_callback_arg = parg;
1358 return (1); 1355 return (1);
1359 1356
1360 case SSL_CTRL_GET_MAX_CERT_LIST: 1357 case SSL_CTRL_GET_MAX_CERT_LIST:
1361 return (ctx->internal->max_cert_list); 1358 return (ctx->max_cert_list);
1362 case SSL_CTRL_SET_MAX_CERT_LIST: 1359 case SSL_CTRL_SET_MAX_CERT_LIST:
1363 l = ctx->internal->max_cert_list; 1360 l = ctx->max_cert_list;
1364 ctx->internal->max_cert_list = larg; 1361 ctx->max_cert_list = larg;
1365 return (l); 1362 return (l);
1366 1363
1367 case SSL_CTRL_SET_SESS_CACHE_SIZE: 1364 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1368 l = ctx->internal->session_cache_size; 1365 l = ctx->session_cache_size;
1369 ctx->internal->session_cache_size = larg; 1366 ctx->session_cache_size = larg;
1370 return (l); 1367 return (l);
1371 case SSL_CTRL_GET_SESS_CACHE_SIZE: 1368 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1372 return (ctx->internal->session_cache_size); 1369 return (ctx->session_cache_size);
1373 case SSL_CTRL_SET_SESS_CACHE_MODE: 1370 case SSL_CTRL_SET_SESS_CACHE_MODE:
1374 l = ctx->internal->session_cache_mode; 1371 l = ctx->session_cache_mode;
1375 ctx->internal->session_cache_mode = larg; 1372 ctx->session_cache_mode = larg;
1376 return (l); 1373 return (l);
1377 case SSL_CTRL_GET_SESS_CACHE_MODE: 1374 case SSL_CTRL_GET_SESS_CACHE_MODE:
1378 return (ctx->internal->session_cache_mode); 1375 return (ctx->session_cache_mode);
1379 1376
1380 case SSL_CTRL_SESS_NUMBER: 1377 case SSL_CTRL_SESS_NUMBER:
1381 return (lh_SSL_SESSION_num_items(ctx->internal->sessions)); 1378 return (lh_SSL_SESSION_num_items(ctx->sessions));
1382 case SSL_CTRL_SESS_CONNECT: 1379 case SSL_CTRL_SESS_CONNECT:
1383 return (ctx->internal->stats.sess_connect); 1380 return (ctx->stats.sess_connect);
1384 case SSL_CTRL_SESS_CONNECT_GOOD: 1381 case SSL_CTRL_SESS_CONNECT_GOOD:
1385 return (ctx->internal->stats.sess_connect_good); 1382 return (ctx->stats.sess_connect_good);
1386 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 1383 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1387 return (ctx->internal->stats.sess_connect_renegotiate); 1384 return (ctx->stats.sess_connect_renegotiate);
1388 case SSL_CTRL_SESS_ACCEPT: 1385 case SSL_CTRL_SESS_ACCEPT:
1389 return (ctx->internal->stats.sess_accept); 1386 return (ctx->stats.sess_accept);
1390 case SSL_CTRL_SESS_ACCEPT_GOOD: 1387 case SSL_CTRL_SESS_ACCEPT_GOOD:
1391 return (ctx->internal->stats.sess_accept_good); 1388 return (ctx->stats.sess_accept_good);
1392 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 1389 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1393 return (ctx->internal->stats.sess_accept_renegotiate); 1390 return (ctx->stats.sess_accept_renegotiate);
1394 case SSL_CTRL_SESS_HIT: 1391 case SSL_CTRL_SESS_HIT:
1395 return (ctx->internal->stats.sess_hit); 1392 return (ctx->stats.sess_hit);
1396 case SSL_CTRL_SESS_CB_HIT: 1393 case SSL_CTRL_SESS_CB_HIT:
1397 return (ctx->internal->stats.sess_cb_hit); 1394 return (ctx->stats.sess_cb_hit);
1398 case SSL_CTRL_SESS_MISSES: 1395 case SSL_CTRL_SESS_MISSES:
1399 return (ctx->internal->stats.sess_miss); 1396 return (ctx->stats.sess_miss);
1400 case SSL_CTRL_SESS_TIMEOUTS: 1397 case SSL_CTRL_SESS_TIMEOUTS:
1401 return (ctx->internal->stats.sess_timeout); 1398 return (ctx->stats.sess_timeout);
1402 case SSL_CTRL_SESS_CACHE_FULL: 1399 case SSL_CTRL_SESS_CACHE_FULL:
1403 return (ctx->internal->stats.sess_cache_full); 1400 return (ctx->stats.sess_cache_full);
1404 case SSL_CTRL_OPTIONS: 1401 case SSL_CTRL_OPTIONS:
1405 return (ctx->internal->options|=larg); 1402 return (ctx->options|=larg);
1406 case SSL_CTRL_CLEAR_OPTIONS: 1403 case SSL_CTRL_CLEAR_OPTIONS:
1407 return (ctx->internal->options&=~larg); 1404 return (ctx->options&=~larg);
1408 case SSL_CTRL_MODE: 1405 case SSL_CTRL_MODE:
1409 return (ctx->internal->mode|=larg); 1406 return (ctx->mode|=larg);
1410 case SSL_CTRL_CLEAR_MODE: 1407 case SSL_CTRL_CLEAR_MODE:
1411 return (ctx->internal->mode&=~larg); 1408 return (ctx->mode&=~larg);
1412 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1409 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1413 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1410 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1414 return (0); 1411 return (0);
1415 ctx->internal->max_send_fragment = larg; 1412 ctx->max_send_fragment = larg;
1416 return (1); 1413 return (1);
1417 default: 1414 default:
1418 return (ssl3_ctx_ctrl(ctx, cmd, larg, parg)); 1415 return (ssl3_ctx_ctrl(ctx, cmd, larg, parg));
@@ -1424,7 +1421,7 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1424{ 1421{
1425 switch (cmd) { 1422 switch (cmd) {
1426 case SSL_CTRL_SET_MSG_CALLBACK: 1423 case SSL_CTRL_SET_MSG_CALLBACK:
1427 ctx->internal->msg_callback = (ssl_msg_callback_fn *)fp; 1424 ctx->msg_callback = (ssl_msg_callback_fn *)fp;
1428 return (1); 1425 return (1);
1429 1426
1430 default: 1427 default:
@@ -1562,7 +1559,7 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1562 * ctx->cipher_list has been updated. 1559 * ctx->cipher_list has been updated.
1563 */ 1560 */
1564 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 1561 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1565 ctx->internal->cipher_list_tls13, str, ctx->internal->cert); 1562 ctx->cipher_list_tls13, str, ctx->cert);
1566 if (ciphers == NULL) { 1563 if (ciphers == NULL) {
1567 return (0); 1564 return (0);
1568 } else if (sk_SSL_CIPHER_num(ciphers) == 0) { 1565 } else if (sk_SSL_CIPHER_num(ciphers) == 0) {
@@ -1575,12 +1572,12 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1575int 1572int
1576SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) 1573SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
1577{ 1574{
1578 if (!ssl_parse_ciphersuites(&ctx->internal->cipher_list_tls13, str)) { 1575 if (!ssl_parse_ciphersuites(&ctx->cipher_list_tls13, str)) {
1579 SSLerrorx(SSL_R_NO_CIPHER_MATCH); 1576 SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1580 return 0; 1577 return 0;
1581 } 1578 }
1582 if (!ssl_merge_cipherlists(ctx->cipher_list, 1579 if (!ssl_merge_cipherlists(ctx->cipher_list,
1583 ctx->internal->cipher_list_tls13, &ctx->cipher_list)) 1580 ctx->cipher_list_tls13, &ctx->cipher_list))
1584 return 0; 1581 return 0;
1585 1582
1586 return 1; 1583 return 1;
@@ -1592,8 +1589,8 @@ SSL_set_cipher_list(SSL *s, const char *str)
1592{ 1589{
1593 STACK_OF(SSL_CIPHER) *ciphers, *ciphers_tls13; 1590 STACK_OF(SSL_CIPHER) *ciphers, *ciphers_tls13;
1594 1591
1595 if ((ciphers_tls13 = s->internal->cipher_list_tls13) == NULL) 1592 if ((ciphers_tls13 = s->cipher_list_tls13) == NULL)
1596 ciphers_tls13 = s->ctx->internal->cipher_list_tls13; 1593 ciphers_tls13 = s->ctx->cipher_list_tls13;
1597 1594
1598 /* See comment in SSL_CTX_set_cipher_list. */ 1595 /* See comment in SSL_CTX_set_cipher_list. */
1599 ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, 1596 ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
@@ -1615,11 +1612,11 @@ SSL_set_ciphersuites(SSL *s, const char *str)
1615 if ((ciphers = s->cipher_list) == NULL) 1612 if ((ciphers = s->cipher_list) == NULL)
1616 ciphers = s->ctx->cipher_list; 1613 ciphers = s->ctx->cipher_list;
1617 1614
1618 if (!ssl_parse_ciphersuites(&s->internal->cipher_list_tls13, str)) { 1615 if (!ssl_parse_ciphersuites(&s->cipher_list_tls13, str)) {
1619 SSLerrorx(SSL_R_NO_CIPHER_MATCH); 1616 SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1620 return (0); 1617 return (0);
1621 } 1618 }
1622 if (!ssl_merge_cipherlists(ciphers, s->internal->cipher_list_tls13, 1619 if (!ssl_merge_cipherlists(ciphers, s->cipher_list_tls13,
1623 &s->cipher_list)) 1620 &s->cipher_list))
1624 return 0; 1621 return 0;
1625 1622
@@ -1791,8 +1788,8 @@ SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
1791 goto err; 1788 goto err;
1792 } 1789 }
1793 1790
1794 if (!CBS_stow(&cbs, &ctx->internal->alpn_client_proto_list, 1791 if (!CBS_stow(&cbs, &ctx->alpn_client_proto_list,
1795 &ctx->internal->alpn_client_proto_list_len)) 1792 &ctx->alpn_client_proto_list_len))
1796 goto err; 1793 goto err;
1797 1794
1798 failed = 0; 1795 failed = 0;
@@ -1824,8 +1821,8 @@ SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
1824 goto err; 1821 goto err;
1825 } 1822 }
1826 1823
1827 if (!CBS_stow(&cbs, &ssl->internal->alpn_client_proto_list, 1824 if (!CBS_stow(&cbs, &ssl->alpn_client_proto_list,
1828 &ssl->internal->alpn_client_proto_list_len)) 1825 &ssl->alpn_client_proto_list_len))
1829 goto err; 1826 goto err;
1830 1827
1831 failed = 0; 1828 failed = 0;
@@ -1845,8 +1842,8 @@ SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
1845 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen, 1842 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
1846 const unsigned char *in, unsigned int inlen, void *arg), void *arg) 1843 const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1847{ 1844{
1848 ctx->internal->alpn_select_cb = cb; 1845 ctx->alpn_select_cb = cb;
1849 ctx->internal->alpn_select_cb_arg = arg; 1846 ctx->alpn_select_cb_arg = arg;
1850} 1847}
1851 1848
1852/* 1849/*
@@ -1874,12 +1871,12 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1874 const char *label, size_t llen, const unsigned char *p, size_t plen, 1871 const char *label, size_t llen, const unsigned char *p, size_t plen,
1875 int use_context) 1872 int use_context)
1876{ 1873{
1877 if (s->internal->tls13 != NULL && s->version == TLS1_3_VERSION) { 1874 if (s->tls13 != NULL && s->version == TLS1_3_VERSION) {
1878 if (!use_context) { 1875 if (!use_context) {
1879 p = NULL; 1876 p = NULL;
1880 plen = 0; 1877 plen = 0;
1881 } 1878 }
1882 return tls13_exporter(s->internal->tls13, label, llen, p, plen, 1879 return tls13_exporter(s->tls13, label, llen, p, plen,
1883 out, olen); 1880 out, olen);
1884 } 1881 }
1885 1882
@@ -1961,11 +1958,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
1961 SSLerrorx(ERR_R_MALLOC_FAILURE); 1958 SSLerrorx(ERR_R_MALLOC_FAILURE);
1962 return (NULL); 1959 return (NULL);
1963 } 1960 }
1964 if ((ret->internal = calloc(1, sizeof(*ret->internal))) == NULL) {
1965 free(ret);
1966 SSLerrorx(ERR_R_MALLOC_FAILURE);
1967 return (NULL);
1968 }
1969 1961
1970 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 1962 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1971 SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1963 SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -1973,62 +1965,62 @@ SSL_CTX_new(const SSL_METHOD *meth)
1973 } 1965 }
1974 1966
1975 ret->method = meth; 1967 ret->method = meth;
1976 ret->internal->min_tls_version = meth->min_tls_version; 1968 ret->min_tls_version = meth->min_tls_version;
1977 ret->internal->max_tls_version = meth->max_tls_version; 1969 ret->max_tls_version = meth->max_tls_version;
1978 ret->internal->min_proto_version = 0; 1970 ret->min_proto_version = 0;
1979 ret->internal->max_proto_version = 0; 1971 ret->max_proto_version = 0;
1980 ret->internal->mode = SSL_MODE_AUTO_RETRY; 1972 ret->mode = SSL_MODE_AUTO_RETRY;
1981 1973
1982 ret->cert_store = NULL; 1974 ret->cert_store = NULL;
1983 ret->internal->session_cache_mode = SSL_SESS_CACHE_SERVER; 1975 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
1984 ret->internal->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 1976 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1985 ret->internal->session_cache_head = NULL; 1977 ret->session_cache_head = NULL;
1986 ret->internal->session_cache_tail = NULL; 1978 ret->session_cache_tail = NULL;
1987 1979
1988 /* We take the system default */ 1980 /* We take the system default */
1989 ret->session_timeout = ssl_get_default_timeout(); 1981 ret->session_timeout = ssl_get_default_timeout();
1990 1982
1991 ret->internal->new_session_cb = 0; 1983 ret->new_session_cb = 0;
1992 ret->internal->remove_session_cb = 0; 1984 ret->remove_session_cb = 0;
1993 ret->internal->get_session_cb = 0; 1985 ret->get_session_cb = 0;
1994 ret->internal->generate_session_id = 0; 1986 ret->generate_session_id = 0;
1995 1987
1996 memset((char *)&ret->internal->stats, 0, sizeof(ret->internal->stats)); 1988 memset((char *)&ret->stats, 0, sizeof(ret->stats));
1997 1989
1998 ret->references = 1; 1990 ret->references = 1;
1999 ret->internal->quiet_shutdown = 0; 1991 ret->quiet_shutdown = 0;
2000 1992
2001 ret->internal->info_callback = NULL; 1993 ret->info_callback = NULL;
2002 1994
2003 ret->internal->app_verify_callback = 0; 1995 ret->app_verify_callback = 0;
2004 ret->internal->app_verify_arg = NULL; 1996 ret->app_verify_arg = NULL;
2005 1997
2006 ret->internal->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; 1998 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
2007 ret->internal->read_ahead = 0; 1999 ret->read_ahead = 0;
2008 ret->internal->msg_callback = 0; 2000 ret->msg_callback = 0;
2009 ret->internal->msg_callback_arg = NULL; 2001 ret->msg_callback_arg = NULL;
2010 ret->verify_mode = SSL_VERIFY_NONE; 2002 ret->verify_mode = SSL_VERIFY_NONE;
2011 ret->sid_ctx_length = 0; 2003 ret->sid_ctx_length = 0;
2012 ret->internal->default_verify_callback = NULL; 2004 ret->default_verify_callback = NULL;
2013 2005
2014 if ((ret->internal->cert = ssl_cert_new()) == NULL) 2006 if ((ret->cert = ssl_cert_new()) == NULL)
2015 goto err; 2007 goto err;
2016 2008
2017 ret->default_passwd_callback = 0; 2009 ret->default_passwd_callback = 0;
2018 ret->default_passwd_callback_userdata = NULL; 2010 ret->default_passwd_callback_userdata = NULL;
2019 ret->internal->client_cert_cb = 0; 2011 ret->client_cert_cb = 0;
2020 ret->internal->app_gen_cookie_cb = 0; 2012 ret->app_gen_cookie_cb = 0;
2021 ret->internal->app_verify_cookie_cb = 0; 2013 ret->app_verify_cookie_cb = 0;
2022 2014
2023 ret->internal->sessions = lh_SSL_SESSION_new(); 2015 ret->sessions = lh_SSL_SESSION_new();
2024 if (ret->internal->sessions == NULL) 2016 if (ret->sessions == NULL)
2025 goto err; 2017 goto err;
2026 ret->cert_store = X509_STORE_new(); 2018 ret->cert_store = X509_STORE_new();
2027 if (ret->cert_store == NULL) 2019 if (ret->cert_store == NULL)
2028 goto err; 2020 goto err;
2029 2021
2030 ssl_create_cipher_list(ret->method, &ret->cipher_list, 2022 ssl_create_cipher_list(ret->method, &ret->cipher_list,
2031 NULL, SSL_DEFAULT_CIPHER_LIST, ret->internal->cert); 2023 NULL, SSL_DEFAULT_CIPHER_LIST, ret->cert);
2032 if (ret->cipher_list == NULL || 2024 if (ret->cipher_list == NULL ||
2033 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 2025 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
2034 SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS); 2026 SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS);
@@ -2039,28 +2031,28 @@ SSL_CTX_new(const SSL_METHOD *meth)
2039 if (!ret->param) 2031 if (!ret->param)
2040 goto err; 2032 goto err;
2041 2033
2042 if ((ret->internal->client_CA = sk_X509_NAME_new_null()) == NULL) 2034 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
2043 goto err; 2035 goto err;
2044 2036
2045 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->internal->ex_data); 2037 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
2046 2038
2047 ret->extra_certs = NULL; 2039 ret->extra_certs = NULL;
2048 2040
2049 ret->internal->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 2041 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
2050 2042
2051 ret->internal->tlsext_servername_callback = 0; 2043 ret->tlsext_servername_callback = 0;
2052 ret->internal->tlsext_servername_arg = NULL; 2044 ret->tlsext_servername_arg = NULL;
2053 2045
2054 /* Setup RFC4507 ticket keys */ 2046 /* Setup RFC4507 ticket keys */
2055 arc4random_buf(ret->internal->tlsext_tick_key_name, 16); 2047 arc4random_buf(ret->tlsext_tick_key_name, 16);
2056 arc4random_buf(ret->internal->tlsext_tick_hmac_key, 16); 2048 arc4random_buf(ret->tlsext_tick_hmac_key, 16);
2057 arc4random_buf(ret->internal->tlsext_tick_aes_key, 16); 2049 arc4random_buf(ret->tlsext_tick_aes_key, 16);
2058 2050
2059 ret->internal->tlsext_status_cb = 0; 2051 ret->tlsext_status_cb = 0;
2060 ret->internal->tlsext_status_arg = NULL; 2052 ret->tlsext_status_arg = NULL;
2061 2053
2062#ifndef OPENSSL_NO_ENGINE 2054#ifndef OPENSSL_NO_ENGINE
2063 ret->internal->client_cert_engine = NULL; 2055 ret->client_cert_engine = NULL;
2064#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO 2056#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
2065#define eng_strx(x) #x 2057#define eng_strx(x) #x
2066#define eng_str(x) eng_strx(x) 2058#define eng_str(x) eng_strx(x)
@@ -2083,7 +2075,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
2083 * Default is to connect to non-RI servers. When RI is more widely 2075 * Default is to connect to non-RI servers. When RI is more widely
2084 * deployed might change this. 2076 * deployed might change this.
2085 */ 2077 */
2086 ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT; 2078 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
2087 2079
2088 return (ret); 2080 return (ret);
2089 err: 2081 err:
@@ -2116,35 +2108,34 @@ SSL_CTX_free(SSL_CTX *ctx)
2116 * free ex_data, then finally free the cache. 2108 * free ex_data, then finally free the cache.
2117 * (See ticket [openssl.org #212].) 2109 * (See ticket [openssl.org #212].)
2118 */ 2110 */
2119 if (ctx->internal->sessions != NULL) 2111 if (ctx->sessions != NULL)
2120 SSL_CTX_flush_sessions(ctx, 0); 2112 SSL_CTX_flush_sessions(ctx, 0);
2121 2113
2122 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->internal->ex_data); 2114 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->ex_data);
2123 2115
2124 lh_SSL_SESSION_free(ctx->internal->sessions); 2116 lh_SSL_SESSION_free(ctx->sessions);
2125 2117
2126 X509_STORE_free(ctx->cert_store); 2118 X509_STORE_free(ctx->cert_store);
2127 sk_SSL_CIPHER_free(ctx->cipher_list); 2119 sk_SSL_CIPHER_free(ctx->cipher_list);
2128 sk_SSL_CIPHER_free(ctx->internal->cipher_list_tls13); 2120 sk_SSL_CIPHER_free(ctx->cipher_list_tls13);
2129 ssl_cert_free(ctx->internal->cert); 2121 ssl_cert_free(ctx->cert);
2130 sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free); 2122 sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free);
2131 sk_X509_pop_free(ctx->extra_certs, X509_free); 2123 sk_X509_pop_free(ctx->extra_certs, X509_free);
2132 2124
2133#ifndef OPENSSL_NO_SRTP 2125#ifndef OPENSSL_NO_SRTP
2134 if (ctx->internal->srtp_profiles) 2126 if (ctx->srtp_profiles)
2135 sk_SRTP_PROTECTION_PROFILE_free(ctx->internal->srtp_profiles); 2127 sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
2136#endif 2128#endif
2137 2129
2138#ifndef OPENSSL_NO_ENGINE 2130#ifndef OPENSSL_NO_ENGINE
2139 ENGINE_finish(ctx->internal->client_cert_engine); 2131 ENGINE_finish(ctx->client_cert_engine);
2140#endif 2132#endif
2141 2133
2142 free(ctx->internal->tlsext_ecpointformatlist); 2134 free(ctx->tlsext_ecpointformatlist);
2143 free(ctx->internal->tlsext_supportedgroups); 2135 free(ctx->tlsext_supportedgroups);
2144 2136
2145 free(ctx->internal->alpn_client_proto_list); 2137 free(ctx->alpn_client_proto_list);
2146 2138
2147 free(ctx->internal);
2148 free(ctx); 2139 free(ctx);
2149} 2140}
2150 2141
@@ -2183,15 +2174,15 @@ void
2183SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 2174SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
2184 int (*cb)(X509_STORE_CTX *, void *), void *arg) 2175 int (*cb)(X509_STORE_CTX *, void *), void *arg)
2185{ 2176{
2186 ctx->internal->app_verify_callback = cb; 2177 ctx->app_verify_callback = cb;
2187 ctx->internal->app_verify_arg = arg; 2178 ctx->app_verify_arg = arg;
2188} 2179}
2189 2180
2190void 2181void
2191SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) 2182SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
2192{ 2183{
2193 ctx->verify_mode = mode; 2184 ctx->verify_mode = mode;
2194 ctx->internal->default_verify_callback = cb; 2185 ctx->default_verify_callback = cb;
2195} 2186}
2196 2187
2197void 2188void
@@ -2363,14 +2354,14 @@ ssl_should_update_external_cache(SSL *s, int mode)
2363{ 2354{
2364 int cache_mode; 2355 int cache_mode;
2365 2356
2366 cache_mode = s->session_ctx->internal->session_cache_mode; 2357 cache_mode = s->session_ctx->session_cache_mode;
2367 2358
2368 /* Don't cache if mode says not to */ 2359 /* Don't cache if mode says not to */
2369 if ((cache_mode & mode) == 0) 2360 if ((cache_mode & mode) == 0)
2370 return 0; 2361 return 0;
2371 2362
2372 /* if it is not already cached, cache it */ 2363 /* if it is not already cached, cache it */
2373 if (!s->internal->hit) 2364 if (!s->hit)
2374 return 1; 2365 return 1;
2375 2366
2376 /* If it's TLS 1.3, do it to match OpenSSL */ 2367 /* If it's TLS 1.3, do it to match OpenSSL */
@@ -2385,14 +2376,14 @@ ssl_should_update_internal_cache(SSL *s, int mode)
2385{ 2376{
2386 int cache_mode; 2377 int cache_mode;
2387 2378
2388 cache_mode = s->session_ctx->internal->session_cache_mode; 2379 cache_mode = s->session_ctx->session_cache_mode;
2389 2380
2390 /* Don't cache if mode says not to */ 2381 /* Don't cache if mode says not to */
2391 if ((cache_mode & mode) == 0) 2382 if ((cache_mode & mode) == 0)
2392 return 0; 2383 return 0;
2393 2384
2394 /* If it is already cached, don't cache it again */ 2385 /* If it is already cached, don't cache it again */
2395 if (s->internal->hit) 2386 if (s->hit)
2396 return 0; 2387 return 0;
2397 2388
2398 if ((cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0) 2389 if ((cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0)
@@ -2415,11 +2406,11 @@ ssl_should_update_internal_cache(SSL *s, int mode)
2415 * to know about this even if it's a stateless ticket 2406 * to know about this even if it's a stateless ticket
2416 * from 1.3 so we can know when it is removed. 2407 * from 1.3 so we can know when it is removed.
2417 */ 2408 */
2418 if (s->session_ctx->internal->remove_session_cb != NULL) 2409 if (s->session_ctx->remove_session_cb != NULL)
2419 return 1; 2410 return 1;
2420 2411
2421 /* If we have set OP_NO_TICKET, cache it. */ 2412 /* If we have set OP_NO_TICKET, cache it. */
2422 if ((s->internal->options & SSL_OP_NO_TICKET) != 0) 2413 if ((s->options & SSL_OP_NO_TICKET) != 0)
2423 return 1; 2414 return 1;
2424 2415
2425 /* Otherwise do not cache */ 2416 /* Otherwise do not cache */
@@ -2434,7 +2425,7 @@ ssl_update_cache(SSL *s, int mode)
2434 if (s->session->session_id_length == 0) 2425 if (s->session->session_id_length == 0)
2435 return; 2426 return;
2436 2427
2437 cache_mode = s->session_ctx->internal->session_cache_mode; 2428 cache_mode = s->session_ctx->session_cache_mode;
2438 do_callback = ssl_should_update_external_cache(s, mode); 2429 do_callback = ssl_should_update_external_cache(s, mode);
2439 2430
2440 if (ssl_should_update_internal_cache(s, mode)) { 2431 if (ssl_should_update_internal_cache(s, mode)) {
@@ -2455,9 +2446,9 @@ ssl_update_cache(SSL *s, int mode)
2455 * same glorious experience they expect from OpenSSL which 2446 * same glorious experience they expect from OpenSSL which
2456 * does it this way. 2447 * does it this way.
2457 */ 2448 */
2458 if (do_callback && s->session_ctx->internal->new_session_cb != NULL) { 2449 if (do_callback && s->session_ctx->new_session_cb != NULL) {
2459 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); 2450 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2460 if (!s->session_ctx->internal->new_session_cb(s, s->session)) 2451 if (!s->session_ctx->new_session_cb(s, s->session))
2461 SSL_SESSION_free(s->session); 2452 SSL_SESSION_free(s->session);
2462 } 2453 }
2463 2454
@@ -2466,9 +2457,9 @@ ssl_update_cache(SSL *s, int mode)
2466 (cache_mode & mode) != 0) { 2457 (cache_mode & mode) != 0) {
2467 int connections; 2458 int connections;
2468 if (mode & SSL_SESS_CACHE_CLIENT) 2459 if (mode & SSL_SESS_CACHE_CLIENT)
2469 connections = s->session_ctx->internal->stats.sess_connect_good; 2460 connections = s->session_ctx->stats.sess_connect_good;
2470 else 2461 else
2471 connections = s->session_ctx->internal->stats.sess_accept_good; 2462 connections = s->session_ctx->stats.sess_accept_good;
2472 if ((connections & 0xff) == 0xff) 2463 if ((connections & 0xff) == 0xff)
2473 SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); 2464 SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2474 } 2465 }
@@ -2489,9 +2480,9 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method)
2489 if (s->method == method) 2480 if (s->method == method)
2490 return (ret); 2481 return (ret);
2491 2482
2492 if (s->internal->handshake_func == s->method->ssl_connect) 2483 if (s->handshake_func == s->method->ssl_connect)
2493 handshake_func = method->ssl_connect; 2484 handshake_func = method->ssl_connect;
2494 else if (s->internal->handshake_func == s->method->ssl_accept) 2485 else if (s->handshake_func == s->method->ssl_accept)
2495 handshake_func = method->ssl_accept; 2486 handshake_func = method->ssl_accept;
2496 2487
2497 if (s->method->version == method->version) { 2488 if (s->method->version == method->version) {
@@ -2501,7 +2492,7 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method)
2501 s->method = method; 2492 s->method = method;
2502 ret = s->method->ssl_new(s); 2493 ret = s->method->ssl_new(s);
2503 } 2494 }
2504 s->internal->handshake_func = handshake_func; 2495 s->handshake_func = handshake_func;
2505 2496
2506 return (ret); 2497 return (ret);
2507} 2498}
@@ -2537,7 +2528,7 @@ SSL_get_error(const SSL *s, int i)
2537 * try to write to the rbio, and an application 2528 * try to write to the rbio, and an application
2538 * program where rbio and wbio are separate couldn't 2529 * program where rbio and wbio are separate couldn't
2539 * even know what it should wait for. However if we 2530 * even know what it should wait for. However if we
2540 * ever set s->internal->rwstate incorrectly (so that we have 2531 * ever set s->rwstate incorrectly (so that we have
2541 * SSL_want_read(s) instead of SSL_want_write(s)) 2532 * SSL_want_read(s) instead of SSL_want_write(s))
2542 * and rbio and wbio *are* the same, this test works 2533 * and rbio and wbio *are* the same, this test works
2543 * around that bug; so it might be safer to keep it. 2534 * around that bug; so it might be safer to keep it.
@@ -2578,7 +2569,7 @@ SSL_get_error(const SSL *s, int i)
2578 if (SSL_want_x509_lookup(s)) 2569 if (SSL_want_x509_lookup(s))
2579 return (SSL_ERROR_WANT_X509_LOOKUP); 2570 return (SSL_ERROR_WANT_X509_LOOKUP);
2580 2571
2581 if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && 2572 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2582 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 2573 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2583 return (SSL_ERROR_ZERO_RETURN); 2574 return (SSL_ERROR_ZERO_RETURN);
2584 2575
@@ -2631,15 +2622,15 @@ SSL_quic_max_handshake_flight_len(const SSL *ssl,
2631 * to request client certificates. 2622 * to request client certificates.
2632 */ 2623 */
2633 if ((SSL_get_verify_mode(ssl) & SSL_VERIFY_PEER) != 0 && 2624 if ((SSL_get_verify_mode(ssl) & SSL_VERIFY_PEER) != 0 &&
2634 ssl->internal->max_cert_list > flight_len) 2625 ssl->max_cert_list > flight_len)
2635 flight_len = ssl->internal->max_cert_list; 2626 flight_len = ssl->max_cert_list;
2636 } else { 2627 } else {
2637 /* 2628 /*
2638 * Clients may receive both Certificate message and a 2629 * Clients may receive both Certificate message and a
2639 * CertificateRequest message. 2630 * CertificateRequest message.
2640 */ 2631 */
2641 if (ssl->internal->max_cert_list * 2 > flight_len) 2632 if (ssl->max_cert_list * 2 > flight_len)
2642 flight_len = ssl->internal->max_cert_list * 2; 2633 flight_len = ssl->max_cert_list * 2;
2643 } 2634 }
2644 return flight_len; 2635 return flight_len;
2645 case ssl_encryption_application: 2636 case ssl_encryption_application:
@@ -2709,7 +2700,7 @@ SSL_process_quic_post_handshake(SSL *ssl)
2709int 2700int
2710SSL_do_handshake(SSL *s) 2701SSL_do_handshake(SSL *s)
2711{ 2702{
2712 if (s->internal->handshake_func == NULL) { 2703 if (s->handshake_func == NULL) {
2713 SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET); 2704 SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET);
2714 return (-1); 2705 return (-1);
2715 } 2706 }
@@ -2719,7 +2710,7 @@ SSL_do_handshake(SSL *s)
2719 if (!SSL_in_init(s) && !SSL_in_before(s)) 2710 if (!SSL_in_init(s) && !SSL_in_before(s))
2720 return 1; 2711 return 1;
2721 2712
2722 return s->internal->handshake_func(s); 2713 return s->handshake_func(s);
2723} 2714}
2724 2715
2725/* 2716/*
@@ -2730,9 +2721,9 @@ void
2730SSL_set_accept_state(SSL *s) 2721SSL_set_accept_state(SSL *s)
2731{ 2722{
2732 s->server = 1; 2723 s->server = 1;
2733 s->internal->shutdown = 0; 2724 s->shutdown = 0;
2734 s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; 2725 s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2735 s->internal->handshake_func = s->method->ssl_accept; 2726 s->handshake_func = s->method->ssl_accept;
2736 ssl_clear_cipher_state(s); 2727 ssl_clear_cipher_state(s);
2737} 2728}
2738 2729
@@ -2740,9 +2731,9 @@ void
2740SSL_set_connect_state(SSL *s) 2731SSL_set_connect_state(SSL *s)
2741{ 2732{
2742 s->server = 0; 2733 s->server = 0;
2743 s->internal->shutdown = 0; 2734 s->shutdown = 0;
2744 s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; 2735 s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2745 s->internal->handshake_func = s->method->ssl_connect; 2736 s->handshake_func = s->method->ssl_connect;
2746 ssl_clear_cipher_state(s); 2737 ssl_clear_cipher_state(s);
2747} 2738}
2748 2739
@@ -2832,24 +2823,24 @@ SSL_dup(SSL *s)
2832 goto err; 2823 goto err;
2833 } 2824 }
2834 2825
2835 ret->internal->options = s->internal->options; 2826 ret->options = s->options;
2836 ret->internal->mode = s->internal->mode; 2827 ret->mode = s->mode;
2837 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); 2828 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2838 SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); 2829 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2839 ret->internal->msg_callback = s->internal->msg_callback; 2830 ret->msg_callback = s->msg_callback;
2840 ret->internal->msg_callback_arg = s->internal->msg_callback_arg; 2831 ret->msg_callback_arg = s->msg_callback_arg;
2841 SSL_set_verify(ret, SSL_get_verify_mode(s), 2832 SSL_set_verify(ret, SSL_get_verify_mode(s),
2842 SSL_get_verify_callback(s)); 2833 SSL_get_verify_callback(s));
2843 SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); 2834 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2844 ret->internal->generate_session_id = s->internal->generate_session_id; 2835 ret->generate_session_id = s->generate_session_id;
2845 2836
2846 SSL_set_info_callback(ret, SSL_get_info_callback(s)); 2837 SSL_set_info_callback(ret, SSL_get_info_callback(s));
2847 2838
2848 ret->internal->debug = s->internal->debug; 2839 ret->debug = s->debug;
2849 2840
2850 /* copy app data, a little dangerous perhaps */ 2841 /* copy app data, a little dangerous perhaps */
2851 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, 2842 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2852 &ret->internal->ex_data, &s->internal->ex_data)) 2843 &ret->ex_data, &s->ex_data))
2853 goto err; 2844 goto err;
2854 2845
2855 /* setup rbio, and wbio */ 2846 /* setup rbio, and wbio */
@@ -2864,25 +2855,25 @@ SSL_dup(SSL *s)
2864 } else 2855 } else
2865 ret->wbio = ret->rbio; 2856 ret->wbio = ret->rbio;
2866 } 2857 }
2867 ret->internal->rwstate = s->internal->rwstate; 2858 ret->rwstate = s->rwstate;
2868 ret->internal->in_handshake = s->internal->in_handshake; 2859 ret->in_handshake = s->in_handshake;
2869 ret->internal->handshake_func = s->internal->handshake_func; 2860 ret->handshake_func = s->handshake_func;
2870 ret->server = s->server; 2861 ret->server = s->server;
2871 ret->internal->renegotiate = s->internal->renegotiate; 2862 ret->renegotiate = s->renegotiate;
2872 ret->internal->new_session = s->internal->new_session; 2863 ret->new_session = s->new_session;
2873 ret->internal->quiet_shutdown = s->internal->quiet_shutdown; 2864 ret->quiet_shutdown = s->quiet_shutdown;
2874 ret->internal->shutdown = s->internal->shutdown; 2865 ret->shutdown = s->shutdown;
2875 /* SSL_dup does not really work at any state, though */ 2866 /* SSL_dup does not really work at any state, though */
2876 ret->s3->hs.state = s->s3->hs.state; 2867 ret->s3->hs.state = s->s3->hs.state;
2877 ret->internal->rstate = s->internal->rstate; 2868 ret->rstate = s->rstate;
2878 2869
2879 /* 2870 /*
2880 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, 2871 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
2881 * ret->init_off 2872 * ret->init_off
2882 */ 2873 */
2883 ret->internal->init_num = 0; 2874 ret->init_num = 0;
2884 2875
2885 ret->internal->hit = s->internal->hit; 2876 ret->hit = s->hit;
2886 2877
2887 X509_VERIFY_PARAM_inherit(ret->param, s->param); 2878 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2888 2879
@@ -2891,16 +2882,16 @@ SSL_dup(SSL *s)
2891 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 2882 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2892 goto err; 2883 goto err;
2893 } 2884 }
2894 if (s->internal->cipher_list_tls13 != NULL) { 2885 if (s->cipher_list_tls13 != NULL) {
2895 if ((ret->internal->cipher_list_tls13 = 2886 if ((ret->cipher_list_tls13 =
2896 sk_SSL_CIPHER_dup(s->internal->cipher_list_tls13)) == NULL) 2887 sk_SSL_CIPHER_dup(s->cipher_list_tls13)) == NULL)
2897 goto err; 2888 goto err;
2898 } 2889 }
2899 2890
2900 /* Dup the client_CA list */ 2891 /* Dup the client_CA list */
2901 if (s->internal->client_CA != NULL) { 2892 if (s->client_CA != NULL) {
2902 if ((sk = sk_X509_NAME_dup(s->internal->client_CA)) == NULL) goto err; 2893 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2903 ret->internal->client_CA = sk; 2894 ret->client_CA = sk;
2904 for (i = 0; i < sk_X509_NAME_num(sk); i++) { 2895 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2905 xn = sk_X509_NAME_value(sk, i); 2896 xn = sk_X509_NAME_value(sk, i);
2906 if (sk_X509_NAME_set(sk, i, 2897 if (sk_X509_NAME_set(sk, i,
@@ -2920,8 +2911,8 @@ SSL_dup(SSL *s)
2920void 2911void
2921ssl_clear_cipher_state(SSL *s) 2912ssl_clear_cipher_state(SSL *s)
2922{ 2913{
2923 tls12_record_layer_clear_read_state(s->internal->rl); 2914 tls12_record_layer_clear_read_state(s->rl);
2924 tls12_record_layer_clear_write_state(s->internal->rl); 2915 tls12_record_layer_clear_write_state(s->rl);
2925} 2916}
2926 2917
2927void 2918void
@@ -2929,8 +2920,8 @@ ssl_info_callback(const SSL *s, int type, int value)
2929{ 2920{
2930 ssl_info_callback_fn *cb; 2921 ssl_info_callback_fn *cb;
2931 2922
2932 if ((cb = s->internal->info_callback) == NULL) 2923 if ((cb = s->info_callback) == NULL)
2933 cb = s->ctx->internal->info_callback; 2924 cb = s->ctx->info_callback;
2934 if (cb != NULL) 2925 if (cb != NULL)
2935 cb(s, type, value); 2926 cb(s, type, value);
2936} 2927}
@@ -2939,11 +2930,11 @@ void
2939ssl_msg_callback(SSL *s, int is_write, int content_type, 2930ssl_msg_callback(SSL *s, int is_write, int content_type,
2940 const void *msg_buf, size_t msg_len) 2931 const void *msg_buf, size_t msg_len)
2941{ 2932{
2942 if (s->internal->msg_callback == NULL) 2933 if (s->msg_callback == NULL)
2943 return; 2934 return;
2944 2935
2945 s->internal->msg_callback(is_write, s->version, content_type, 2936 s->msg_callback(is_write, s->version, content_type,
2946 msg_buf, msg_len, s, s->internal->msg_callback_arg); 2937 msg_buf, msg_len, s, s->msg_callback_arg);
2947} 2938}
2948 2939
2949void 2940void
@@ -3068,37 +3059,37 @@ ssl_free_wbio_buffer(SSL *s)
3068void 3059void
3069SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) 3060SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
3070{ 3061{
3071 ctx->internal->quiet_shutdown = mode; 3062 ctx->quiet_shutdown = mode;
3072} 3063}
3073 3064
3074int 3065int
3075SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 3066SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
3076{ 3067{
3077 return (ctx->internal->quiet_shutdown); 3068 return (ctx->quiet_shutdown);
3078} 3069}
3079 3070
3080void 3071void
3081SSL_set_quiet_shutdown(SSL *s, int mode) 3072SSL_set_quiet_shutdown(SSL *s, int mode)
3082{ 3073{
3083 s->internal->quiet_shutdown = mode; 3074 s->quiet_shutdown = mode;
3084} 3075}
3085 3076
3086int 3077int
3087SSL_get_quiet_shutdown(const SSL *s) 3078SSL_get_quiet_shutdown(const SSL *s)
3088{ 3079{
3089 return (s->internal->quiet_shutdown); 3080 return (s->quiet_shutdown);
3090} 3081}
3091 3082
3092void 3083void
3093SSL_set_shutdown(SSL *s, int mode) 3084SSL_set_shutdown(SSL *s, int mode)
3094{ 3085{
3095 s->internal->shutdown = mode; 3086 s->shutdown = mode;
3096} 3087}
3097 3088
3098int 3089int
3099SSL_get_shutdown(const SSL *s) 3090SSL_get_shutdown(const SSL *s)
3100{ 3091{
3101 return (s->internal->shutdown); 3092 return (s->shutdown);
3102} 3093}
3103 3094
3104int 3095int
@@ -3123,7 +3114,7 @@ SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
3123 if (ssl->ctx == ctx) 3114 if (ssl->ctx == ctx)
3124 return (ssl->ctx); 3115 return (ssl->ctx);
3125 3116
3126 if ((new_cert = ssl_cert_dup(ctx->internal->cert)) == NULL) 3117 if ((new_cert = ssl_cert_dup(ctx->cert)) == NULL)
3127 return NULL; 3118 return NULL;
3128 ssl_cert_free(ssl->cert); 3119 ssl_cert_free(ssl->cert);
3129 ssl->cert = new_cert; 3120 ssl->cert = new_cert;
@@ -3157,12 +3148,12 @@ SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
3157void 3148void
3158SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val)) 3149SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
3159{ 3150{
3160 ssl->internal->info_callback = cb; 3151 ssl->info_callback = cb;
3161} 3152}
3162 3153
3163void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) 3154void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
3164{ 3155{
3165 return (ssl->internal->info_callback); 3156 return (ssl->info_callback);
3166} 3157}
3167 3158
3168int 3159int
@@ -3218,13 +3209,13 @@ SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
3218int 3209int
3219SSL_set_ex_data(SSL *s, int idx, void *arg) 3210SSL_set_ex_data(SSL *s, int idx, void *arg)
3220{ 3211{
3221 return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); 3212 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3222} 3213}
3223 3214
3224void * 3215void *
3225SSL_get_ex_data(const SSL *s, int idx) 3216SSL_get_ex_data(const SSL *s, int idx)
3226{ 3217{
3227 return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); 3218 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3228} 3219}
3229 3220
3230int 3221int
@@ -3238,13 +3229,13 @@ SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
3238int 3229int
3239SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) 3230SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
3240{ 3231{
3241 return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); 3232 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3242} 3233}
3243 3234
3244void * 3235void *
3245SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) 3236SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
3246{ 3237{
3247 return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); 3238 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3248} 3239}
3249 3240
3250int 3241int
@@ -3269,25 +3260,25 @@ SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
3269X509 * 3260X509 *
3270SSL_CTX_get0_certificate(const SSL_CTX *ctx) 3261SSL_CTX_get0_certificate(const SSL_CTX *ctx)
3271{ 3262{
3272 if (ctx->internal->cert == NULL) 3263 if (ctx->cert == NULL)
3273 return NULL; 3264 return NULL;
3274 3265
3275 return ctx->internal->cert->key->x509; 3266 return ctx->cert->key->x509;
3276} 3267}
3277 3268
3278EVP_PKEY * 3269EVP_PKEY *
3279SSL_CTX_get0_privatekey(const SSL_CTX *ctx) 3270SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
3280{ 3271{
3281 if (ctx->internal->cert == NULL) 3272 if (ctx->cert == NULL)
3282 return NULL; 3273 return NULL;
3283 3274
3284 return ctx->internal->cert->key->privatekey; 3275 return ctx->cert->key->privatekey;
3285} 3276}
3286 3277
3287int 3278int
3288SSL_want(const SSL *s) 3279SSL_want(const SSL *s)
3289{ 3280{
3290 return (s->internal->rwstate); 3281 return (s->rwstate);
3291} 3282}
3292 3283
3293void 3284void
@@ -3352,68 +3343,68 @@ SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
3352void 3343void
3353SSL_set_debug(SSL *s, int debug) 3344SSL_set_debug(SSL *s, int debug)
3354{ 3345{
3355 s->internal->debug = debug; 3346 s->debug = debug;
3356} 3347}
3357 3348
3358int 3349int
3359SSL_cache_hit(SSL *s) 3350SSL_cache_hit(SSL *s)
3360{ 3351{
3361 return (s->internal->hit); 3352 return (s->hit);
3362} 3353}
3363 3354
3364int 3355int
3365SSL_CTX_get_min_proto_version(SSL_CTX *ctx) 3356SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
3366{ 3357{
3367 return ctx->internal->min_proto_version; 3358 return ctx->min_proto_version;
3368} 3359}
3369 3360
3370int 3361int
3371SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) 3362SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)
3372{ 3363{
3373 return ssl_version_set_min(ctx->method, version, 3364 return ssl_version_set_min(ctx->method, version,
3374 ctx->internal->max_tls_version, &ctx->internal->min_tls_version, 3365 ctx->max_tls_version, &ctx->min_tls_version,
3375 &ctx->internal->min_proto_version); 3366 &ctx->min_proto_version);
3376} 3367}
3377 3368
3378int 3369int
3379SSL_CTX_get_max_proto_version(SSL_CTX *ctx) 3370SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
3380{ 3371{
3381 return ctx->internal->max_proto_version; 3372 return ctx->max_proto_version;
3382} 3373}
3383 3374
3384int 3375int
3385SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) 3376SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)
3386{ 3377{
3387 return ssl_version_set_max(ctx->method, version, 3378 return ssl_version_set_max(ctx->method, version,
3388 ctx->internal->min_tls_version, &ctx->internal->max_tls_version, 3379 ctx->min_tls_version, &ctx->max_tls_version,
3389 &ctx->internal->max_proto_version); 3380 &ctx->max_proto_version);
3390} 3381}
3391 3382
3392int 3383int
3393SSL_get_min_proto_version(SSL *ssl) 3384SSL_get_min_proto_version(SSL *ssl)
3394{ 3385{
3395 return ssl->internal->min_proto_version; 3386 return ssl->min_proto_version;
3396} 3387}
3397 3388
3398int 3389int
3399SSL_set_min_proto_version(SSL *ssl, uint16_t version) 3390SSL_set_min_proto_version(SSL *ssl, uint16_t version)
3400{ 3391{
3401 return ssl_version_set_min(ssl->method, version, 3392 return ssl_version_set_min(ssl->method, version,
3402 ssl->internal->max_tls_version, &ssl->internal->min_tls_version, 3393 ssl->max_tls_version, &ssl->min_tls_version,
3403 &ssl->internal->min_proto_version); 3394 &ssl->min_proto_version);
3404} 3395}
3405int 3396int
3406SSL_get_max_proto_version(SSL *ssl) 3397SSL_get_max_proto_version(SSL *ssl)
3407{ 3398{
3408 return ssl->internal->max_proto_version; 3399 return ssl->max_proto_version;
3409} 3400}
3410 3401
3411int 3402int
3412SSL_set_max_proto_version(SSL *ssl, uint16_t version) 3403SSL_set_max_proto_version(SSL *ssl, uint16_t version)
3413{ 3404{
3414 return ssl_version_set_max(ssl->method, version, 3405 return ssl_version_set_max(ssl->method, version,
3415 ssl->internal->min_tls_version, &ssl->internal->max_tls_version, 3406 ssl->min_tls_version, &ssl->max_tls_version,
3416 &ssl->internal->max_proto_version); 3407 &ssl->max_proto_version);
3417} 3408}
3418 3409
3419const SSL_METHOD * 3410const SSL_METHOD *
@@ -3425,13 +3416,13 @@ SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
3425int 3416int
3426SSL_CTX_get_security_level(const SSL_CTX *ctx) 3417SSL_CTX_get_security_level(const SSL_CTX *ctx)
3427{ 3418{
3428 return ctx->internal->cert->security_level; 3419 return ctx->cert->security_level;
3429} 3420}
3430 3421
3431void 3422void
3432SSL_CTX_set_security_level(SSL_CTX *ctx, int level) 3423SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
3433{ 3424{
3434 ctx->internal->cert->security_level = level; 3425 ctx->cert->security_level = level;
3435} 3426}
3436 3427
3437int 3428int
@@ -3456,16 +3447,16 @@ int
3456SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, 3447SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
3457 size_t params_len) 3448 size_t params_len)
3458{ 3449{
3459 freezero(ssl->internal->quic_transport_params, 3450 freezero(ssl->quic_transport_params,
3460 ssl->internal->quic_transport_params_len); 3451 ssl->quic_transport_params_len);
3461 ssl->internal->quic_transport_params = NULL; 3452 ssl->quic_transport_params = NULL;
3462 ssl->internal->quic_transport_params_len = 0; 3453 ssl->quic_transport_params_len = 0;
3463 3454
3464 if ((ssl->internal->quic_transport_params = malloc(params_len)) == NULL) 3455 if ((ssl->quic_transport_params = malloc(params_len)) == NULL)
3465 return 0; 3456 return 0;
3466 3457
3467 memcpy(ssl->internal->quic_transport_params, params, params_len); 3458 memcpy(ssl->quic_transport_params, params, params_len);
3468 ssl->internal->quic_transport_params_len = params_len; 3459 ssl->quic_transport_params_len = params_len;
3469 3460
3470 return 1; 3461 return 1;
3471} 3462}
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index a8d5308e8c..8046ad8c86 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.426 2022/10/01 16:23:15 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.427 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -713,7 +713,42 @@ typedef void (ssl_info_callback_fn)(const SSL *s, int type, int val);
713typedef void (ssl_msg_callback_fn)(int is_write, int version, int content_type, 713typedef void (ssl_msg_callback_fn)(int is_write, int version, int content_type,
714 const void *buf, size_t len, SSL *ssl, void *arg); 714 const void *buf, size_t len, SSL *ssl, void *arg);
715 715
716typedef struct ssl_ctx_internal_st { 716struct ssl_ctx_st {
717 const SSL_METHOD *method;
718 const SSL_QUIC_METHOD *quic_method;
719
720 STACK_OF(SSL_CIPHER) *cipher_list;
721
722 struct x509_store_st /* X509_STORE */ *cert_store;
723
724 /* If timeout is not 0, it is the default timeout value set
725 * when SSL_new() is called. This has been put in to make
726 * life easier to set things up */
727 long session_timeout;
728
729 int references;
730
731 /* Default values to use in SSL structures follow (these are copied by SSL_new) */
732
733 STACK_OF(X509) *extra_certs;
734
735 int verify_mode;
736 size_t sid_ctx_length;
737 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
738
739 X509_VERIFY_PARAM *param;
740
741 /*
742 * XXX
743 * default_passwd_cb used by python and openvpn, need to keep it until we
744 * add an accessor
745 */
746 /* Default password callback. */
747 pem_password_cb *default_passwd_callback;
748
749 /* Default password callback user data. */
750 void *default_passwd_callback_userdata;
751
717 uint16_t min_tls_version; 752 uint16_t min_tls_version;
718 uint16_t max_tls_version; 753 uint16_t max_tls_version;
719 754
@@ -879,48 +914,72 @@ typedef struct ssl_ctx_internal_st {
879 uint16_t *tlsext_supportedgroups; /* our list */ 914 uint16_t *tlsext_supportedgroups; /* our list */
880 SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */ 915 SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */
881 size_t num_tickets; /* Unused, for OpenSSL compatibility */ 916 size_t num_tickets; /* Unused, for OpenSSL compatibility */
882} SSL_CTX_INTERNAL; 917};
918
919struct ssl_st {
920 /* protocol version
921 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
922 */
923 int version;
883 924
884struct ssl_ctx_st {
885 const SSL_METHOD *method; 925 const SSL_METHOD *method;
886 const SSL_QUIC_METHOD *quic_method; 926 const SSL_QUIC_METHOD *quic_method;
887 927
888 STACK_OF(SSL_CIPHER) *cipher_list; 928 /* There are 2 BIO's even though they are normally both the
929 * same. This is so data can be read and written to different
930 * handlers */
889 931
890 struct x509_store_st /* X509_STORE */ *cert_store; 932 BIO *rbio; /* used by SSL_read */
933 BIO *wbio; /* used by SSL_write */
934 BIO *bbio; /* used during session-id reuse to concatenate
935 * messages */
936 int server; /* are we the server side? - mostly used by SSL_clear*/
891 937
892 /* If timeout is not 0, it is the default timeout value set 938 struct ssl3_state_st *s3; /* SSLv3 variables */
893 * when SSL_new() is called. This has been put in to make 939 struct dtls1_state_st *d1; /* DTLSv1 variables */
894 * life easier to set things up */
895 long session_timeout;
896 940
897 int references; 941 X509_VERIFY_PARAM *param;
898 942
899 /* Default values to use in SSL structures follow (these are copied by SSL_new) */ 943 /* crypto */
944 STACK_OF(SSL_CIPHER) *cipher_list;
900 945
901 STACK_OF(X509) *extra_certs; 946 /* This is used to hold the server certificate used */
947 SSL_CERT *cert;
902 948
903 int verify_mode; 949 /* the session_id_context is used to ensure sessions are only reused
950 * in the appropriate context */
904 size_t sid_ctx_length; 951 size_t sid_ctx_length;
905 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 952 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
906 953
907 X509_VERIFY_PARAM *param; 954 /* This can also be in the session once a session is established */
955 SSL_SESSION *session;
908 956
909 /* 957 /* Used in SSL2 and SSL3 */
910 * XXX 958 int verify_mode; /* 0 don't care about verify failure.
911 * default_passwd_cb used by python and openvpn, need to keep it until we 959 * 1 fail if verify fails */
912 * add an accessor 960 int error; /* error bytes to be written */
913 */ 961 int error_code; /* actual code */
914 /* Default password callback. */
915 pem_password_cb *default_passwd_callback;
916 962
917 /* Default password callback user data. */ 963 SSL_CTX *ctx;
918 void *default_passwd_callback_userdata;
919 964
920 struct ssl_ctx_internal_st *internal; 965 long verify_result;
921}; 966
967 int references;
968
969 int client_version; /* what was passed, used for
970 * SSLv3/TLS rollback check */
971
972 unsigned int max_send_fragment;
973
974 char *tlsext_hostname;
975
976 /* certificate status request info */
977 /* Status type or -1 if no status type */
978 int tlsext_status_type;
979
980 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
981#define session_ctx initial_ctx
922 982
923typedef struct ssl_internal_st {
924 struct tls13_ctx *tls13; 983 struct tls13_ctx *tls13;
925 984
926 uint16_t min_tls_version; 985 uint16_t min_tls_version;
@@ -1066,73 +1125,6 @@ typedef struct ssl_internal_st {
1066 1125
1067 size_t num_tickets; /* Unused, for OpenSSL compatibility */ 1126 size_t num_tickets; /* Unused, for OpenSSL compatibility */
1068 STACK_OF(X509) *verified_chain; 1127 STACK_OF(X509) *verified_chain;
1069} SSL_INTERNAL;
1070
1071struct ssl_st {
1072 /* protocol version
1073 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
1074 */
1075 int version;
1076
1077 const SSL_METHOD *method;
1078 const SSL_QUIC_METHOD *quic_method;
1079
1080 /* There are 2 BIO's even though they are normally both the
1081 * same. This is so data can be read and written to different
1082 * handlers */
1083
1084 BIO *rbio; /* used by SSL_read */
1085 BIO *wbio; /* used by SSL_write */
1086 BIO *bbio; /* used during session-id reuse to concatenate
1087 * messages */
1088 int server; /* are we the server side? - mostly used by SSL_clear*/
1089
1090 struct ssl3_state_st *s3; /* SSLv3 variables */
1091 struct dtls1_state_st *d1; /* DTLSv1 variables */
1092
1093 X509_VERIFY_PARAM *param;
1094
1095 /* crypto */
1096 STACK_OF(SSL_CIPHER) *cipher_list;
1097
1098 /* This is used to hold the server certificate used */
1099 SSL_CERT *cert;
1100
1101 /* the session_id_context is used to ensure sessions are only reused
1102 * in the appropriate context */
1103 size_t sid_ctx_length;
1104 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
1105
1106 /* This can also be in the session once a session is established */
1107 SSL_SESSION *session;
1108
1109 /* Used in SSL2 and SSL3 */
1110 int verify_mode; /* 0 don't care about verify failure.
1111 * 1 fail if verify fails */
1112 int error; /* error bytes to be written */
1113 int error_code; /* actual code */
1114
1115 SSL_CTX *ctx;
1116
1117 long verify_result;
1118
1119 int references;
1120
1121 int client_version; /* what was passed, used for
1122 * SSLv3/TLS rollback check */
1123
1124 unsigned int max_send_fragment;
1125
1126 char *tlsext_hostname;
1127
1128 /* certificate status request info */
1129 /* Status type or -1 if no status type */
1130 int tlsext_status_type;
1131
1132 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1133#define session_ctx initial_ctx
1134
1135 struct ssl_internal_st *internal;
1136}; 1128};
1137 1129
1138typedef struct ssl3_record_internal_st { 1130typedef struct ssl3_record_internal_st {
diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c
index 091685b217..b2c3d0f2a0 100644
--- a/src/lib/libssl/ssl_packet.c
+++ b/src/lib/libssl/ssl_packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_packet.c,v 1.13 2022/02/05 14:54:10 jsing Exp $ */ 1/* $OpenBSD: ssl_packet.c,v 1.14 2022/10/02 16:36:41 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -84,7 +84,7 @@ ssl_convert_sslv2_client_hello(SSL *s)
84 84
85 memset(&cbb, 0, sizeof(cbb)); 85 memset(&cbb, 0, sizeof(cbb));
86 86
87 CBS_init(&cbs, s->internal->packet, SSL3_RT_HEADER_LENGTH); 87 CBS_init(&cbs, s->packet, SSL3_RT_HEADER_LENGTH);
88 88
89 if (!CBS_get_u16(&cbs, &record_length) || 89 if (!CBS_get_u16(&cbs, &record_length) ||
90 !CBS_get_u8(&cbs, &message_type) || 90 !CBS_get_u8(&cbs, &message_type) ||
@@ -119,17 +119,17 @@ ssl_convert_sslv2_client_hello(SSL *s)
119 if (n != record_length + 2) 119 if (n != record_length + 2)
120 return n; 120 return n;
121 121
122 tls1_transcript_record(s, s->internal->packet + 2, 122 tls1_transcript_record(s, s->packet + 2,
123 s->internal->packet_length - 2); 123 s->packet_length - 2);
124 s->internal->mac_packet = 0; 124 s->mac_packet = 0;
125 125
126 if (s->internal->msg_callback) 126 if (s->msg_callback)
127 s->internal->msg_callback(0, SSL2_VERSION, 0, 127 s->msg_callback(0, SSL2_VERSION, 0,
128 s->internal->packet + 2, s->internal->packet_length - 2, s, 128 s->packet + 2, s->packet_length - 2, s,
129 s->internal->msg_callback_arg); 129 s->msg_callback_arg);
130 130
131 /* Decode the SSLv2 record containing the client hello. */ 131 /* Decode the SSLv2 record containing the client hello. */
132 CBS_init(&cbs, s->internal->packet, s->internal->packet_length); 132 CBS_init(&cbs, s->packet, s->packet_length);
133 133
134 if (!CBS_get_u16(&cbs, &record_length)) 134 if (!CBS_get_u16(&cbs, &record_length))
135 return -1; 135 return -1;
@@ -212,9 +212,9 @@ ssl_convert_sslv2_client_hello(SSL *s)
212 if (data_len > s->s3->rbuf.len) 212 if (data_len > s->s3->rbuf.len)
213 goto err; 213 goto err;
214 214
215 s->internal->packet = s->s3->rbuf.buf; 215 s->packet = s->s3->rbuf.buf;
216 s->internal->packet_length = data_len; 216 s->packet_length = data_len;
217 memcpy(s->internal->packet, data, data_len); 217 memcpy(s->packet, data, data_len);
218 ret = 1; 218 ret = 1;
219 219
220 err: 220 err:
@@ -240,7 +240,7 @@ ssl_server_legacy_first_packet(SSL *s)
240 if (SSL_is_dtls(s)) 240 if (SSL_is_dtls(s))
241 return 1; 241 return 1;
242 242
243 CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH); 243 CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH);
244 244
245 if (ssl_is_sslv3_handshake(&header) == 1) 245 if (ssl_is_sslv3_handshake(&header) == 1)
246 return 1; 246 return 1;
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index d9f5a0d057..8462d03967 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.60 2022/09/11 13:51:25 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.61 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -136,16 +136,16 @@ ssl_force_want_read(SSL *s)
136 BIO_clear_retry_flags(bio); 136 BIO_clear_retry_flags(bio);
137 BIO_set_retry_read(bio); 137 BIO_set_retry_read(bio);
138 138
139 s->internal->rwstate = SSL_READING; 139 s->rwstate = SSL_READING;
140} 140}
141 141
142/* 142/*
143 * If extend == 0, obtain new n-byte packet; if extend == 1, increase 143 * If extend == 0, obtain new n-byte packet; if extend == 1, increase
144 * packet by another n bytes. 144 * packet by another n bytes.
145 * The packet will be in the sub-array of s->s3->rbuf.buf specified 145 * The packet will be in the sub-array of s->s3->rbuf.buf specified
146 * by s->internal->packet and s->internal->packet_length. 146 * by s->packet and s->packet_length.
147 * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf 147 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
148 * [plus s->internal->packet_length bytes if extend == 1].) 148 * [plus s->packet_length bytes if extend == 1].)
149 */ 149 */
150static int 150static int
151ssl3_read_n(SSL *s, int n, int max, int extend) 151ssl3_read_n(SSL *s, int n, int max, int extend)
@@ -187,8 +187,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
187 rb->offset = align; 187 rb->offset = align;
188 } 188 }
189 } 189 }
190 s->internal->packet = rb->buf + rb->offset; 190 s->packet = rb->buf + rb->offset;
191 s->internal->packet_length = 0; 191 s->packet_length = 0;
192 /* ... now we can act as if 'extend' was set */ 192 /* ... now we can act as if 'extend' was set */
193 } 193 }
194 194
@@ -202,7 +202,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
202 202
203 /* if there is enough in the buffer from a previous read, take some */ 203 /* if there is enough in the buffer from a previous read, take some */
204 if (left >= n) { 204 if (left >= n) {
205 s->internal->packet_length += n; 205 s->packet_length += n;
206 rb->left = left - n; 206 rb->left = left - n;
207 rb->offset += n; 207 rb->offset += n;
208 return (n); 208 return (n);
@@ -210,15 +210,15 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
210 210
211 /* else we need to read more data */ 211 /* else we need to read more data */
212 212
213 len = s->internal->packet_length; 213 len = s->packet_length;
214 pkt = rb->buf + align; 214 pkt = rb->buf + align;
215 /* Move any available bytes to front of buffer: 215 /* Move any available bytes to front of buffer:
216 * 'len' bytes already pointed to by 'packet', 216 * 'len' bytes already pointed to by 'packet',
217 * 'left' extra ones at the end */ 217 * 'left' extra ones at the end */
218 if (s->internal->packet != pkt) { 218 if (s->packet != pkt) {
219 /* len > 0 */ 219 /* len > 0 */
220 memmove(pkt, s->internal->packet, len + left); 220 memmove(pkt, s->packet, len + left);
221 s->internal->packet = pkt; 221 s->packet = pkt;
222 rb->offset = len + align; 222 rb->offset = len + align;
223 } 223 }
224 224
@@ -228,7 +228,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
228 return -1; 228 return -1;
229 } 229 }
230 230
231 if (s->internal->read_ahead || SSL_is_dtls(s)) { 231 if (s->read_ahead || SSL_is_dtls(s)) {
232 if (max < n) 232 if (max < n)
233 max = n; 233 max = n;
234 if (max > (int)(rb->len - rb->offset)) 234 if (max > (int)(rb->len - rb->offset))
@@ -245,7 +245,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
245 245
246 errno = 0; 246 errno = 0;
247 if (s->rbio != NULL) { 247 if (s->rbio != NULL) {
248 s->internal->rwstate = SSL_READING; 248 s->rwstate = SSL_READING;
249 i = BIO_read(s->rbio, pkt + len + left, max - left); 249 i = BIO_read(s->rbio, pkt + len + left, max - left);
250 } else { 250 } else {
251 SSLerror(s, SSL_R_READ_BIO_NOT_SET); 251 SSLerror(s, SSL_R_READ_BIO_NOT_SET);
@@ -254,7 +254,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
254 254
255 if (i <= 0) { 255 if (i <= 0) {
256 rb->left = left; 256 rb->left = left;
257 if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && 257 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
258 !SSL_is_dtls(s)) { 258 !SSL_is_dtls(s)) {
259 if (len + left == 0) 259 if (len + left == 0)
260 ssl3_release_read_buffer(s); 260 ssl3_release_read_buffer(s);
@@ -277,8 +277,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
277 /* done reading, now the book-keeping */ 277 /* done reading, now the book-keeping */
278 rb->offset += n; 278 rb->offset += n;
279 rb->left = left - n; 279 rb->left = left - n;
280 s->internal->packet_length += n; 280 s->packet_length += n;
281 s->internal->rwstate = SSL_NOTHING; 281 s->rwstate = SSL_NOTHING;
282 282
283 return (n); 283 return (n);
284} 284}
@@ -291,8 +291,8 @@ ssl3_packet_read(SSL *s, int plen)
291 n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0); 291 n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0);
292 if (n <= 0) 292 if (n <= 0)
293 return n; 293 return n;
294 if (s->internal->packet_length < plen) 294 if (s->packet_length < plen)
295 return s->internal->packet_length; 295 return s->packet_length;
296 296
297 return plen; 297 return plen;
298} 298}
@@ -302,15 +302,15 @@ ssl3_packet_extend(SSL *s, int plen)
302{ 302{
303 int rlen, n; 303 int rlen, n;
304 304
305 if (s->internal->packet_length >= plen) 305 if (s->packet_length >= plen)
306 return plen; 306 return plen;
307 rlen = plen - s->internal->packet_length; 307 rlen = plen - s->packet_length;
308 308
309 n = ssl3_read_n(s, rlen, rlen, 1); 309 n = ssl3_read_n(s, rlen, rlen, 1);
310 if (n <= 0) 310 if (n <= 0)
311 return n; 311 return n;
312 if (s->internal->packet_length < plen) 312 if (s->packet_length < plen)
313 return s->internal->packet_length; 313 return s->packet_length;
314 314
315 return plen; 315 return plen;
316} 316}
@@ -319,9 +319,9 @@ ssl3_packet_extend(SSL *s, int plen)
319 * It will return <= 0 if more data is needed, normally due to an error 319 * It will return <= 0 if more data is needed, normally due to an error
320 * or non-blocking IO. 320 * or non-blocking IO.
321 * When it finishes, one packet has been decoded and can be found in 321 * When it finishes, one packet has been decoded and can be found in
322 * ssl->s3->internal->rrec.type - is the type of record 322 * ssl->s3->rrec.type - is the type of record
323 * ssl->s3->internal->rrec.data, - data 323 * ssl->s3->rrec.data, - data
324 * ssl->s3->internal->rrec.length, - number of bytes 324 * ssl->s3->rrec.length, - number of bytes
325 */ 325 */
326/* used only by ssl3_read_bytes */ 326/* used only by ssl3_read_bytes */
327static int 327static int
@@ -337,8 +337,8 @@ ssl3_get_record(SSL *s)
337 337
338 again: 338 again:
339 /* check if we have the header */ 339 /* check if we have the header */
340 if ((s->internal->rstate != SSL_ST_READ_BODY) || 340 if ((s->rstate != SSL_ST_READ_BODY) ||
341 (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) { 341 (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
342 CBS header; 342 CBS header;
343 uint16_t len, ssl_version; 343 uint16_t len, ssl_version;
344 uint8_t type; 344 uint8_t type;
@@ -347,16 +347,16 @@ ssl3_get_record(SSL *s)
347 if (n <= 0) 347 if (n <= 0)
348 return (n); 348 return (n);
349 349
350 s->internal->mac_packet = 1; 350 s->mac_packet = 1;
351 s->internal->rstate = SSL_ST_READ_BODY; 351 s->rstate = SSL_ST_READ_BODY;
352 352
353 if (s->server && s->internal->first_packet) { 353 if (s->server && s->first_packet) {
354 if ((ret = ssl_server_legacy_first_packet(s)) != 1) 354 if ((ret = ssl_server_legacy_first_packet(s)) != 1)
355 return (ret); 355 return (ret);
356 ret = -1; 356 ret = -1;
357 } 357 }
358 358
359 CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH); 359 CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH);
360 360
361 /* Pull apart the header into the SSL3_RECORD_INTERNAL */ 361 /* Pull apart the header into the SSL3_RECORD_INTERNAL */
362 if (!CBS_get_u8(&header, &type) || 362 if (!CBS_get_u8(&header, &type) ||
@@ -370,9 +370,9 @@ ssl3_get_record(SSL *s)
370 rr->length = len; 370 rr->length = len;
371 371
372 /* Lets check version */ 372 /* Lets check version */
373 if (!s->internal->first_packet && ssl_version != s->version) { 373 if (!s->first_packet && ssl_version != s->version) {
374 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && 374 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
375 !tls12_record_layer_write_protected(s->internal->rl)) { 375 !tls12_record_layer_write_protected(s->rl)) {
376 /* Send back error using their minor version number :-) */ 376 /* Send back error using their minor version number :-) */
377 s->version = ssl_version; 377 s->version = ssl_version;
378 } 378 }
@@ -399,17 +399,17 @@ ssl3_get_record(SSL *s)
399 if (n != SSL3_RT_HEADER_LENGTH + rr->length) 399 if (n != SSL3_RT_HEADER_LENGTH + rr->length)
400 return (n); 400 return (n);
401 401
402 s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ 402 s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
403 403
404 /* 404 /*
405 * A full record has now been read from the wire, which now needs 405 * A full record has now been read from the wire, which now needs
406 * to be processed. 406 * to be processed.
407 */ 407 */
408 tls12_record_layer_set_version(s->internal->rl, s->version); 408 tls12_record_layer_set_version(s->rl, s->version);
409 409
410 if (!tls12_record_layer_open_record(s->internal->rl, s->internal->packet, 410 if (!tls12_record_layer_open_record(s->rl, s->packet,
411 s->internal->packet_length, &out, &out_len)) { 411 s->packet_length, &out, &out_len)) {
412 tls12_record_layer_alert(s->internal->rl, &alert_desc); 412 tls12_record_layer_alert(s->rl, &alert_desc);
413 413
414 if (alert_desc == 0) 414 if (alert_desc == 0)
415 goto err; 415 goto err;
@@ -428,7 +428,7 @@ ssl3_get_record(SSL *s)
428 rr->off = 0; 428 rr->off = 0;
429 429
430 /* we have pulled in a full packet so zero things */ 430 /* we have pulled in a full packet so zero things */
431 s->internal->packet_length = 0; 431 s->packet_length = 0;
432 432
433 if (rr->length == 0) { 433 if (rr->length == 0) {
434 /* 434 /*
@@ -446,18 +446,18 @@ ssl3_get_record(SSL *s)
446 * insert a single empty record, so we allow ourselves to read 446 * insert a single empty record, so we allow ourselves to read
447 * once past a single empty record without forcing want_read. 447 * once past a single empty record without forcing want_read.
448 */ 448 */
449 if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) { 449 if (s->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
450 SSLerror(s, SSL_R_PEER_BEHAVING_BADLY); 450 SSLerror(s, SSL_R_PEER_BEHAVING_BADLY);
451 return -1; 451 return -1;
452 } 452 }
453 if (s->internal->empty_record_count > 1) { 453 if (s->empty_record_count > 1) {
454 ssl_force_want_read(s); 454 ssl_force_want_read(s);
455 return -1; 455 return -1;
456 } 456 }
457 goto again; 457 goto again;
458 } 458 }
459 459
460 s->internal->empty_record_count = 0; 460 s->empty_record_count = 0;
461 461
462 return (1); 462 return (1);
463 463
@@ -482,12 +482,12 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
482 return -1; 482 return -1;
483 } 483 }
484 484
485 s->internal->rwstate = SSL_NOTHING; 485 s->rwstate = SSL_NOTHING;
486 tot = s->s3->wnum; 486 tot = s->s3->wnum;
487 s->s3->wnum = 0; 487 s->s3->wnum = 0;
488 488
489 if (SSL_in_init(s) && !s->internal->in_handshake) { 489 if (SSL_in_init(s) && !s->in_handshake) {
490 i = s->internal->handshake_func(s); 490 i = s->handshake_func(s);
491 if (i < 0) 491 if (i < 0)
492 return (i); 492 return (i);
493 if (i == 0) { 493 if (i == 0) {
@@ -512,7 +512,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
512 } 512 }
513 513
514 if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA && 514 if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
515 (s->internal->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { 515 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
516 /* 516 /*
517 * Next chunk of data should get another prepended 517 * Next chunk of data should get another prepended
518 * empty fragment in ciphersuites with known-IV 518 * empty fragment in ciphersuites with known-IV
@@ -573,7 +573,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
573 */ 573 */
574 version = s->version; 574 version = s->version;
575 if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B && 575 if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B &&
576 !s->internal->renegotiate && 576 !s->renegotiate &&
577 s->s3->hs.our_max_tls_version > TLS1_VERSION) 577 s->s3->hs.our_max_tls_version > TLS1_VERSION)
578 version = TLS1_VERSION; 578 version = TLS1_VERSION;
579 579
@@ -582,7 +582,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
582 * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this 582 * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this
583 * is unnecessary for AEAD. 583 * is unnecessary for AEAD.
584 */ 584 */
585 if (sess != NULL && tls12_record_layer_write_protected(s->internal->rl)) { 585 if (sess != NULL && tls12_record_layer_write_protected(s->rl)) {
586 if (s->s3->need_empty_fragments && 586 if (s->s3->need_empty_fragments &&
587 !s->s3->empty_fragment_done && 587 !s->s3->empty_fragment_done &&
588 type == SSL3_RT_APPLICATION_DATA) 588 type == SSL3_RT_APPLICATION_DATA)
@@ -603,16 +603,16 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
603 if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align)) 603 if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align))
604 goto err; 604 goto err;
605 605
606 tls12_record_layer_set_version(s->internal->rl, version); 606 tls12_record_layer_set_version(s->rl, version);
607 607
608 if (need_empty_fragment) { 608 if (need_empty_fragment) {
609 if (!tls12_record_layer_seal_record(s->internal->rl, type, 609 if (!tls12_record_layer_seal_record(s->rl, type,
610 buf, 0, &cbb)) 610 buf, 0, &cbb))
611 goto err; 611 goto err;
612 s->s3->empty_fragment_done = 1; 612 s->s3->empty_fragment_done = 1;
613 } 613 }
614 614
615 if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb)) 615 if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb))
616 goto err; 616 goto err;
617 617
618 if (!CBB_finish(&cbb, NULL, &out_len)) 618 if (!CBB_finish(&cbb, NULL, &out_len))
@@ -647,7 +647,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
647 647
648 /* XXXX */ 648 /* XXXX */
649 if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) && 649 if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) &&
650 !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || 650 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
651 (s->s3->wpend_type != type)) { 651 (s->s3->wpend_type != type)) {
652 SSLerror(s, SSL_R_BAD_WRITE_RETRY); 652 SSLerror(s, SSL_R_BAD_WRITE_RETRY);
653 return (-1); 653 return (-1);
@@ -656,7 +656,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
656 for (;;) { 656 for (;;) {
657 errno = 0; 657 errno = 0;
658 if (s->wbio != NULL) { 658 if (s->wbio != NULL) {
659 s->internal->rwstate = SSL_WRITING; 659 s->rwstate = SSL_WRITING;
660 i = BIO_write(s->wbio, (char *)&(wb->buf[wb->offset]), 660 i = BIO_write(s->wbio, (char *)&(wb->buf[wb->offset]),
661 (unsigned int)wb->left); 661 (unsigned int)wb->left);
662 } else { 662 } else {
@@ -666,10 +666,10 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
666 if (i == wb->left) { 666 if (i == wb->left) {
667 wb->left = 0; 667 wb->left = 0;
668 wb->offset += i; 668 wb->offset += i;
669 if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && 669 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
670 !SSL_is_dtls(s)) 670 !SSL_is_dtls(s))
671 ssl3_release_write_buffer(s); 671 ssl3_release_write_buffer(s);
672 s->internal->rwstate = SSL_NOTHING; 672 s->rwstate = SSL_NOTHING;
673 return (s->s3->wpend_ret); 673 return (s->s3->wpend_ret);
674 } else if (i <= 0) { 674 } else if (i <= 0) {
675 /* 675 /*
@@ -731,7 +731,7 @@ ssl3_read_alert(SSL *s)
731 if (alert_level == SSL3_AL_WARNING) { 731 if (alert_level == SSL3_AL_WARNING) {
732 s->s3->warn_alert = alert_descr; 732 s->s3->warn_alert = alert_descr;
733 if (alert_descr == SSL_AD_CLOSE_NOTIFY) { 733 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
734 s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; 734 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
735 return 0; 735 return 0;
736 } 736 }
737 /* We requested renegotiation and the peer rejected it. */ 737 /* We requested renegotiation and the peer rejected it. */
@@ -742,11 +742,11 @@ ssl3_read_alert(SSL *s)
742 return -1; 742 return -1;
743 } 743 }
744 } else if (alert_level == SSL3_AL_FATAL) { 744 } else if (alert_level == SSL3_AL_FATAL) {
745 s->internal->rwstate = SSL_NOTHING; 745 s->rwstate = SSL_NOTHING;
746 s->s3->fatal_alert = alert_descr; 746 s->s3->fatal_alert = alert_descr;
747 SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); 747 SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
748 ERR_asprintf_error_data("SSL alert number %d", alert_descr); 748 ERR_asprintf_error_data("SSL alert number %d", alert_descr);
749 s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; 749 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
750 SSL_CTX_remove_session(s->ctx, s->session); 750 SSL_CTX_remove_session(s->ctx, s->session);
751 return 0; 751 return 0;
752 } else { 752 } else {
@@ -847,7 +847,7 @@ ssl3_read_handshake_unexpected(SSL *s)
847 if (s->s3->handshake_fragment_len < sizeof(s->s3->handshake_fragment)) 847 if (s->s3->handshake_fragment_len < sizeof(s->s3->handshake_fragment))
848 return 1; 848 return 1;
849 849
850 if (s->internal->in_handshake) { 850 if (s->in_handshake) {
851 SSLerror(s, ERR_R_INTERNAL_ERROR); 851 SSLerror(s, ERR_R_INTERNAL_ERROR);
852 return -1; 852 return -1;
853 } 853 }
@@ -937,7 +937,7 @@ ssl3_read_handshake_unexpected(SSL *s)
937 return -1; 937 return -1;
938 } 938 }
939 939
940 if ((s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) { 940 if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) {
941 ssl3_send_alert(s, SSL3_AL_FATAL, 941 ssl3_send_alert(s, SSL3_AL_FATAL,
942 SSL_AD_NO_RENEGOTIATION); 942 SSL_AD_NO_RENEGOTIATION);
943 return -1; 943 return -1;
@@ -957,8 +957,8 @@ ssl3_read_handshake_unexpected(SSL *s)
957 } 957 }
958 958
959 s->s3->hs.state = SSL_ST_ACCEPT; 959 s->s3->hs.state = SSL_ST_ACCEPT;
960 s->internal->renegotiate = 1; 960 s->renegotiate = 1;
961 s->internal->new_session = 1; 961 s->new_session = 1;
962 962
963 } else { 963 } else {
964 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 964 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
@@ -966,14 +966,14 @@ ssl3_read_handshake_unexpected(SSL *s)
966 return -1; 966 return -1;
967 } 967 }
968 968
969 if ((ret = s->internal->handshake_func(s)) < 0) 969 if ((ret = s->handshake_func(s)) < 0)
970 return ret; 970 return ret;
971 if (ret == 0) { 971 if (ret == 0) {
972 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); 972 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
973 return -1; 973 return -1;
974 } 974 }
975 975
976 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { 976 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
977 if (s->s3->rbuf.left == 0) { 977 if (s->s3->rbuf.left == 0) {
978 ssl_force_want_read(s); 978 ssl_force_want_read(s);
979 return -1; 979 return -1;
@@ -1062,8 +1062,8 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1062 return n; 1062 return n;
1063 } 1063 }
1064 1064
1065 if (SSL_in_init(s) && !s->internal->in_handshake) { 1065 if (SSL_in_init(s) && !s->in_handshake) {
1066 if ((ret = s->internal->handshake_func(s)) < 0) 1066 if ((ret = s->handshake_func(s)) < 0)
1067 return ret; 1067 return ret;
1068 if (ret == 0) { 1068 if (ret == 0) {
1069 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); 1069 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
@@ -1085,11 +1085,11 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1085 return -1; 1085 return -1;
1086 } 1086 }
1087 1087
1088 s->internal->rwstate = SSL_NOTHING; 1088 s->rwstate = SSL_NOTHING;
1089 1089
1090 rr = &s->s3->rrec; 1090 rr = &s->s3->rrec;
1091 1091
1092 if (rr->length == 0 || s->internal->rstate == SSL_ST_READ_BODY) { 1092 if (rr->length == 0 || s->rstate == SSL_ST_READ_BODY) {
1093 if ((ret = ssl3_get_record(s)) <= 0) 1093 if ((ret = ssl3_get_record(s)) <= 0)
1094 return ret; 1094 return ret;
1095 } 1095 }
@@ -1106,8 +1106,8 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1106 * If the other end has shut down, throw anything we read away (even in 1106 * If the other end has shut down, throw anything we read away (even in
1107 * 'peek' mode). 1107 * 'peek' mode).
1108 */ 1108 */
1109 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { 1109 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1110 s->internal->rwstate = SSL_NOTHING; 1110 s->rwstate = SSL_NOTHING;
1111 rr->length = 0; 1111 rr->length = 0;
1112 return 0; 1112 return 0;
1113 } 1113 }
@@ -1119,7 +1119,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1119 * are doing a handshake for the first time. 1119 * are doing a handshake for the first time.
1120 */ 1120 */
1121 if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && 1121 if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
1122 !tls12_record_layer_read_protected(s->internal->rl)) { 1122 !tls12_record_layer_read_protected(s->rl)) {
1123 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); 1123 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
1124 ssl3_send_alert(s, SSL3_AL_FATAL, 1124 ssl3_send_alert(s, SSL3_AL_FATAL,
1125 SSL_AD_UNEXPECTED_MESSAGE); 1125 SSL_AD_UNEXPECTED_MESSAGE);
@@ -1140,9 +1140,9 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1140 rr->length -= n; 1140 rr->length -= n;
1141 rr->off += n; 1141 rr->off += n;
1142 if (rr->length == 0) { 1142 if (rr->length == 0) {
1143 s->internal->rstate = SSL_ST_READ_HEADER; 1143 s->rstate = SSL_ST_READ_HEADER;
1144 rr->off = 0; 1144 rr->off = 0;
1145 if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && 1145 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
1146 s->s3->rbuf.left == 0) 1146 s->s3->rbuf.left == 0)
1147 ssl3_release_read_buffer(s); 1147 ssl3_release_read_buffer(s);
1148 } 1148 }
@@ -1162,8 +1162,8 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1162 goto start; 1162 goto start;
1163 } 1163 }
1164 1164
1165 if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { 1165 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1166 s->internal->rwstate = SSL_NOTHING; 1166 s->rwstate = SSL_NOTHING;
1167 rr->length = 0; 1167 rr->length = 0;
1168 return 0; 1168 return 0;
1169 } 1169 }
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c
index b691b9bc4b..7026b330cf 100644
--- a/src/lib/libssl/ssl_seclevel.c
+++ b/src/lib/libssl/ssl_seclevel.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_seclevel.c,v 1.25 2022/08/17 18:41:17 tb Exp $ */ 1/* $OpenBSD: ssl_seclevel.c,v 1.26 2022/10/02 16:36:41 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org>
4 * 4 *
@@ -224,8 +224,8 @@ ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int secop, int bits,
224static int 224static int
225ssl_ctx_security(const SSL_CTX *ctx, int secop, int bits, int nid, void *other) 225ssl_ctx_security(const SSL_CTX *ctx, int secop, int bits, int nid, void *other)
226{ 226{
227 return ctx->internal->cert->security_cb(NULL, ctx, secop, bits, nid, 227 return ctx->cert->security_cb(NULL, ctx, secop, bits, nid,
228 other, ctx->internal->cert->security_ex_data); 228 other, ctx->cert->security_ex_data);
229} 229}
230 230
231static int 231static int
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 7cf36f8984..45c6ddb682 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.117 2022/08/17 07:39:19 jsing Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.118 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -354,17 +354,17 @@ ssl_get_new_session(SSL *s, int session)
354 } 354 }
355 355
356 /* If RFC4507 ticket use empty session ID. */ 356 /* If RFC4507 ticket use empty session ID. */
357 if (s->internal->tlsext_ticket_expected) { 357 if (s->tlsext_ticket_expected) {
358 ss->session_id_length = 0; 358 ss->session_id_length = 0;
359 goto sess_id_done; 359 goto sess_id_done;
360 } 360 }
361 361
362 /* Choose which callback will set the session ID. */ 362 /* Choose which callback will set the session ID. */
363 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 363 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
364 if (s->internal->generate_session_id) 364 if (s->generate_session_id)
365 cb = s->internal->generate_session_id; 365 cb = s->generate_session_id;
366 else if (s->session_ctx->internal->generate_session_id) 366 else if (s->session_ctx->generate_session_id)
367 cb = s->session_ctx->internal->generate_session_id; 367 cb = s->session_ctx->generate_session_id;
368 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 368 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
369 369
370 /* Choose a session ID. */ 370 /* Choose a session ID. */
@@ -430,7 +430,7 @@ ssl_session_from_cache(SSL *s, CBS *session_id)
430 SSL_SESSION *sess; 430 SSL_SESSION *sess;
431 SSL_SESSION data; 431 SSL_SESSION data;
432 432
433 if ((s->session_ctx->internal->session_cache_mode & 433 if ((s->session_ctx->session_cache_mode &
434 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) 434 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
435 return NULL; 435 return NULL;
436 436
@@ -443,13 +443,13 @@ ssl_session_from_cache(SSL *s, CBS *session_id)
443 return NULL; 443 return NULL;
444 444
445 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 445 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
446 sess = lh_SSL_SESSION_retrieve(s->session_ctx->internal->sessions, &data); 446 sess = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
447 if (sess != NULL) 447 if (sess != NULL)
448 CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); 448 CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
449 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 449 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
450 450
451 if (sess == NULL) 451 if (sess == NULL)
452 s->session_ctx->internal->stats.sess_miss++; 452 s->session_ctx->stats.sess_miss++;
453 453
454 return sess; 454 return sess;
455} 455}
@@ -460,11 +460,11 @@ ssl_session_from_callback(SSL *s, CBS *session_id)
460 SSL_SESSION *sess; 460 SSL_SESSION *sess;
461 int copy; 461 int copy;
462 462
463 if (s->session_ctx->internal->get_session_cb == NULL) 463 if (s->session_ctx->get_session_cb == NULL)
464 return NULL; 464 return NULL;
465 465
466 copy = 1; 466 copy = 1;
467 if ((sess = s->session_ctx->internal->get_session_cb(s, 467 if ((sess = s->session_ctx->get_session_cb(s,
468 CBS_data(session_id), CBS_len(session_id), &copy)) == NULL) 468 CBS_data(session_id), CBS_len(session_id), &copy)) == NULL)
469 return NULL; 469 return NULL;
470 /* 470 /*
@@ -476,10 +476,10 @@ ssl_session_from_callback(SSL *s, CBS *session_id)
476 if (copy) 476 if (copy)
477 CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); 477 CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
478 478
479 s->session_ctx->internal->stats.sess_cb_hit++; 479 s->session_ctx->stats.sess_cb_hit++;
480 480
481 /* Add the externally cached session to the internal cache as well. */ 481 /* Add the externally cached session to the internal cache as well. */
482 if (!(s->session_ctx->internal->session_cache_mode & 482 if (!(s->session_ctx->session_cache_mode &
483 SSL_SESS_CACHE_NO_INTERNAL_STORE)) { 483 SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
484 /* 484 /*
485 * The following should not return 1, 485 * The following should not return 1,
@@ -523,7 +523,7 @@ ssl_session_by_id(SSL *s, CBS *session_id)
523 * - If a session is found then s->session is pointed at it (after freeing 523 * - If a session is found then s->session is pointed at it (after freeing
524 * an existing session if need be) and s->verify_result is set from the 524 * an existing session if need be) and s->verify_result is set from the
525 * session. 525 * session.
526 * - For both new and resumed sessions, s->internal->tlsext_ticket_expected 526 * - For both new and resumed sessions, s->tlsext_ticket_expected
527 * indicates whether the server should issue a new session ticket or not. 527 * indicates whether the server should issue a new session ticket or not.
528 */ 528 */
529int 529int
@@ -538,7 +538,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
538 if (CBS_len(session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) 538 if (CBS_len(session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH)
539 goto err; 539 goto err;
540 540
541 /* Sets s->internal->tlsext_ticket_expected. */ 541 /* Sets s->tlsext_ticket_expected. */
542 switch (tls1_process_ticket(s, ext_block, &alert_desc, &sess)) { 542 switch (tls1_process_ticket(s, ext_block, &alert_desc, &sess)) {
543 case TLS1_TICKET_FATAL_ERROR: 543 case TLS1_TICKET_FATAL_ERROR:
544 fatal = 1; 544 fatal = 1;
@@ -605,7 +605,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
605 } 605 }
606 606
607 if (sess->timeout < (time(NULL) - sess->time)) { 607 if (sess->timeout < (time(NULL) - sess->time)) {
608 s->session_ctx->internal->stats.sess_timeout++; 608 s->session_ctx->stats.sess_timeout++;
609 if (!ticket_decrypted) { 609 if (!ticket_decrypted) {
610 /* The session was from the cache, so remove it. */ 610 /* The session was from the cache, so remove it. */
611 SSL_CTX_remove_session(s->session_ctx, sess); 611 SSL_CTX_remove_session(s->session_ctx, sess);
@@ -613,7 +613,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
613 goto err; 613 goto err;
614 } 614 }
615 615
616 s->session_ctx->internal->stats.sess_hit++; 616 s->session_ctx->stats.sess_hit++;
617 617
618 SSL_SESSION_free(s->session); 618 SSL_SESSION_free(s->session);
619 s->session = sess; 619 s->session = sess;
@@ -628,7 +628,7 @@ ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
628 * The session was from a ticket. Issue a ticket for the new 628 * The session was from a ticket. Issue a ticket for the new
629 * session. 629 * session.
630 */ 630 */
631 s->internal->tlsext_ticket_expected = 1; 631 s->tlsext_ticket_expected = 1;
632 } 632 }
633 if (fatal) { 633 if (fatal) {
634 *alert = alert_desc; 634 *alert = alert_desc;
@@ -655,12 +655,12 @@ SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
655 * later. 655 * later.
656 */ 656 */
657 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 657 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
658 s = lh_SSL_SESSION_insert(ctx->internal->sessions, c); 658 s = lh_SSL_SESSION_insert(ctx->sessions, c);
659 659
660 /* 660 /*
661 * s != NULL iff we already had a session with the given PID. 661 * s != NULL iff we already had a session with the given PID.
662 * In this case, s == c should hold (then we did not really modify 662 * In this case, s == c should hold (then we did not really modify
663 * ctx->internal->sessions), or we're in trouble. 663 * ctx->sessions), or we're in trouble.
664 */ 664 */
665 if (s != NULL && s != c) { 665 if (s != NULL && s != c) {
666 /* We *are* in trouble ... */ 666 /* We *are* in trouble ... */
@@ -700,10 +700,10 @@ SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
700 while (SSL_CTX_sess_number(ctx) > 700 while (SSL_CTX_sess_number(ctx) >
701 SSL_CTX_sess_get_cache_size(ctx)) { 701 SSL_CTX_sess_get_cache_size(ctx)) {
702 if (!remove_session_lock(ctx, 702 if (!remove_session_lock(ctx,
703 ctx->internal->session_cache_tail, 0)) 703 ctx->session_cache_tail, 0))
704 break; 704 break;
705 else 705 else
706 ctx->internal->stats.sess_cache_full++; 706 ctx->stats.sess_cache_full++;
707 } 707 }
708 } 708 }
709 } 709 }
@@ -728,9 +728,9 @@ remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
728 728
729 if (lck) 729 if (lck)
730 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 730 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
731 if ((r = lh_SSL_SESSION_retrieve(ctx->internal->sessions, c)) == c) { 731 if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
732 ret = 1; 732 ret = 1;
733 r = lh_SSL_SESSION_delete(ctx->internal->sessions, c); 733 r = lh_SSL_SESSION_delete(ctx->sessions, c);
734 SSL_SESSION_list_remove(ctx, c); 734 SSL_SESSION_list_remove(ctx, c);
735 } 735 }
736 if (lck) 736 if (lck)
@@ -738,8 +738,8 @@ remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
738 738
739 if (ret) { 739 if (ret) {
740 r->not_resumable = 1; 740 r->not_resumable = 1;
741 if (ctx->internal->remove_session_cb != NULL) 741 if (ctx->remove_session_cb != NULL)
742 ctx->internal->remove_session_cb(ctx, r); 742 ctx->remove_session_cb(ctx, r);
743 SSL_SESSION_free(r); 743 SSL_SESSION_free(r);
744 } 744 }
745 745
@@ -942,8 +942,8 @@ SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s,
942{ 942{
943 if (s == NULL) 943 if (s == NULL)
944 return (0); 944 return (0);
945 s->internal->tls_session_secret_cb = tls_session_secret_cb; 945 s->tls_session_secret_cb = tls_session_secret_cb;
946 s->internal->tls_session_secret_cb_arg = arg; 946 s->tls_session_secret_cb_arg = arg;
947 return (1); 947 return (1);
948} 948}
949 949
@@ -953,8 +953,8 @@ SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
953{ 953{
954 if (s == NULL) 954 if (s == NULL)
955 return (0); 955 return (0);
956 s->internal->tls_session_ticket_ext_cb = cb; 956 s->tls_session_ticket_ext_cb = cb;
957 s->internal->tls_session_ticket_ext_cb_arg = arg; 957 s->tls_session_ticket_ext_cb_arg = arg;
958 return (1); 958 return (1);
959} 959}
960 960
@@ -962,23 +962,23 @@ int
962SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) 962SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
963{ 963{
964 if (s->version >= TLS1_VERSION) { 964 if (s->version >= TLS1_VERSION) {
965 free(s->internal->tlsext_session_ticket); 965 free(s->tlsext_session_ticket);
966 s->internal->tlsext_session_ticket = 966 s->tlsext_session_ticket =
967 malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 967 malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
968 if (!s->internal->tlsext_session_ticket) { 968 if (!s->tlsext_session_ticket) {
969 SSLerror(s, ERR_R_MALLOC_FAILURE); 969 SSLerror(s, ERR_R_MALLOC_FAILURE);
970 return 0; 970 return 0;
971 } 971 }
972 972
973 if (ext_data) { 973 if (ext_data) {
974 s->internal->tlsext_session_ticket->length = ext_len; 974 s->tlsext_session_ticket->length = ext_len;
975 s->internal->tlsext_session_ticket->data = 975 s->tlsext_session_ticket->data =
976 s->internal->tlsext_session_ticket + 1; 976 s->tlsext_session_ticket + 1;
977 memcpy(s->internal->tlsext_session_ticket->data, 977 memcpy(s->tlsext_session_ticket->data,
978 ext_data, ext_len); 978 ext_data, ext_len);
979 } else { 979 } else {
980 s->internal->tlsext_session_ticket->length = 0; 980 s->tlsext_session_ticket->length = 0;
981 s->internal->tlsext_session_ticket->data = NULL; 981 s->tlsext_session_ticket->data = NULL;
982 } 982 }
983 983
984 return 1; 984 return 1;
@@ -1003,8 +1003,8 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
1003 (void)lh_SSL_SESSION_delete(p->cache, s); 1003 (void)lh_SSL_SESSION_delete(p->cache, s);
1004 SSL_SESSION_list_remove(p->ctx, s); 1004 SSL_SESSION_list_remove(p->ctx, s);
1005 s->not_resumable = 1; 1005 s->not_resumable = 1;
1006 if (p->ctx->internal->remove_session_cb != NULL) 1006 if (p->ctx->remove_session_cb != NULL)
1007 p->ctx->internal->remove_session_cb(p->ctx, s); 1007 p->ctx->remove_session_cb(p->ctx, s);
1008 SSL_SESSION_free(s); 1008 SSL_SESSION_free(s);
1009 } 1009 }
1010} 1010}
@@ -1026,7 +1026,7 @@ SSL_CTX_flush_sessions(SSL_CTX *s, long t)
1026 TIMEOUT_PARAM tp; 1026 TIMEOUT_PARAM tp;
1027 1027
1028 tp.ctx = s; 1028 tp.ctx = s;
1029 tp.cache = s->internal->sessions; 1029 tp.cache = s->sessions;
1030 if (tp.cache == NULL) 1030 if (tp.cache == NULL)
1031 return; 1031 return;
1032 tp.time = t; 1032 tp.time = t;
@@ -1042,7 +1042,7 @@ SSL_CTX_flush_sessions(SSL_CTX *s, long t)
1042int 1042int
1043ssl_clear_bad_session(SSL *s) 1043ssl_clear_bad_session(SSL *s)
1044{ 1044{
1045 if ((s->session != NULL) && !(s->internal->shutdown & SSL_SENT_SHUTDOWN) && 1045 if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) &&
1046 !(SSL_in_init(s) || SSL_in_before(s))) { 1046 !(SSL_in_init(s) || SSL_in_before(s))) {
1047 SSL_CTX_remove_session(s->ctx, s->session); 1047 SSL_CTX_remove_session(s->ctx, s->session);
1048 return (1); 1048 return (1);
@@ -1057,23 +1057,23 @@ SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
1057 if (s->next == NULL || s->prev == NULL) 1057 if (s->next == NULL || s->prev == NULL)
1058 return; 1058 return;
1059 1059
1060 if (s->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) { 1060 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
1061 /* last element in list */ 1061 /* last element in list */
1062 if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { 1062 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1063 /* only one element in list */ 1063 /* only one element in list */
1064 ctx->internal->session_cache_head = NULL; 1064 ctx->session_cache_head = NULL;
1065 ctx->internal->session_cache_tail = NULL; 1065 ctx->session_cache_tail = NULL;
1066 } else { 1066 } else {
1067 ctx->internal->session_cache_tail = s->prev; 1067 ctx->session_cache_tail = s->prev;
1068 s->prev->next = 1068 s->prev->next =
1069 (SSL_SESSION *)&(ctx->internal->session_cache_tail); 1069 (SSL_SESSION *)&(ctx->session_cache_tail);
1070 } 1070 }
1071 } else { 1071 } else {
1072 if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { 1072 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
1073 /* first element in list */ 1073 /* first element in list */
1074 ctx->internal->session_cache_head = s->next; 1074 ctx->session_cache_head = s->next;
1075 s->next->prev = 1075 s->next->prev =
1076 (SSL_SESSION *)&(ctx->internal->session_cache_head); 1076 (SSL_SESSION *)&(ctx->session_cache_head);
1077 } else { 1077 } else {
1078 /* middle of list */ 1078 /* middle of list */
1079 s->next->prev = s->prev; 1079 s->next->prev = s->prev;
@@ -1089,83 +1089,83 @@ SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
1089 if (s->next != NULL && s->prev != NULL) 1089 if (s->next != NULL && s->prev != NULL)
1090 SSL_SESSION_list_remove(ctx, s); 1090 SSL_SESSION_list_remove(ctx, s);
1091 1091
1092 if (ctx->internal->session_cache_head == NULL) { 1092 if (ctx->session_cache_head == NULL) {
1093 ctx->internal->session_cache_head = s; 1093 ctx->session_cache_head = s;
1094 ctx->internal->session_cache_tail = s; 1094 ctx->session_cache_tail = s;
1095 s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); 1095 s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1096 s->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail); 1096 s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
1097 } else { 1097 } else {
1098 s->next = ctx->internal->session_cache_head; 1098 s->next = ctx->session_cache_head;
1099 s->next->prev = s; 1099 s->next->prev = s;
1100 s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); 1100 s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
1101 ctx->internal->session_cache_head = s; 1101 ctx->session_cache_head = s;
1102 } 1102 }
1103} 1103}
1104 1104
1105void 1105void
1106SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, 1106SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1107 int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { 1107 int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) {
1108 ctx->internal->new_session_cb = cb; 1108 ctx->new_session_cb = cb;
1109} 1109}
1110 1110
1111int 1111int
1112(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) 1112(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
1113{ 1113{
1114 return ctx->internal->new_session_cb; 1114 return ctx->new_session_cb;
1115} 1115}
1116 1116
1117void 1117void
1118SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, 1118SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1119 void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) 1119 void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess))
1120{ 1120{
1121 ctx->internal->remove_session_cb = cb; 1121 ctx->remove_session_cb = cb;
1122} 1122}
1123 1123
1124void 1124void
1125(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess) 1125(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess)
1126{ 1126{
1127 return ctx->internal->remove_session_cb; 1127 return ctx->remove_session_cb;
1128} 1128}
1129 1129
1130void 1130void
1131SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl, 1131SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl,
1132 const unsigned char *data, int len, int *copy)) 1132 const unsigned char *data, int len, int *copy))
1133{ 1133{
1134 ctx->internal->get_session_cb = cb; 1134 ctx->get_session_cb = cb;
1135} 1135}
1136 1136
1137SSL_SESSION * 1137SSL_SESSION *
1138(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, const unsigned char *data, 1138(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, const unsigned char *data,
1139 int len, int *copy) 1139 int len, int *copy)
1140{ 1140{
1141 return ctx->internal->get_session_cb; 1141 return ctx->get_session_cb;
1142} 1142}
1143 1143
1144void 1144void
1145SSL_CTX_set_info_callback(SSL_CTX *ctx, 1145SSL_CTX_set_info_callback(SSL_CTX *ctx,
1146 void (*cb)(const SSL *ssl, int type, int val)) 1146 void (*cb)(const SSL *ssl, int type, int val))
1147{ 1147{
1148 ctx->internal->info_callback = cb; 1148 ctx->info_callback = cb;
1149} 1149}
1150 1150
1151void 1151void
1152(*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val) 1152(*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val)
1153{ 1153{
1154 return ctx->internal->info_callback; 1154 return ctx->info_callback;
1155} 1155}
1156 1156
1157void 1157void
1158SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, 1158SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1159 int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) 1159 int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
1160{ 1160{
1161 ctx->internal->client_cert_cb = cb; 1161 ctx->client_cert_cb = cb;
1162} 1162}
1163 1163
1164int 1164int
1165(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509, 1165(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509,
1166 EVP_PKEY **pkey) 1166 EVP_PKEY **pkey)
1167{ 1167{
1168 return ctx->internal->client_cert_cb; 1168 return ctx->client_cert_cb;
1169} 1169}
1170 1170
1171#ifndef OPENSSL_NO_ENGINE 1171#ifndef OPENSSL_NO_ENGINE
@@ -1181,7 +1181,7 @@ SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
1181 ENGINE_finish(e); 1181 ENGINE_finish(e);
1182 return 0; 1182 return 0;
1183 } 1183 }
1184 ctx->internal->client_cert_engine = e; 1184 ctx->client_cert_engine = e;
1185 return 1; 1185 return 1;
1186} 1186}
1187#endif 1187#endif
@@ -1190,14 +1190,14 @@ void
1190SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 1190SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1191 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) 1191 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
1192{ 1192{
1193 ctx->internal->app_gen_cookie_cb = cb; 1193 ctx->app_gen_cookie_cb = cb;
1194} 1194}
1195 1195
1196void 1196void
1197SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, 1197SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1198 int (*cb)(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len)) 1198 int (*cb)(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len))
1199{ 1199{
1200 ctx->internal->app_verify_cookie_cb = cb; 1200 ctx->app_verify_cookie_cb = cb;
1201} 1201}
1202 1202
1203int 1203int
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 821006af81..098e82e339 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.150 2022/10/01 16:23:15 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.151 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -204,7 +204,7 @@ ssl3_accept(SSL *s)
204 listen = s->d1->listen; 204 listen = s->d1->listen;
205 205
206 /* init things to blank */ 206 /* init things to blank */
207 s->internal->in_handshake++; 207 s->in_handshake++;
208 if (!SSL_in_init(s) || SSL_in_before(s)) 208 if (!SSL_in_init(s) || SSL_in_before(s))
209 SSL_clear(s); 209 SSL_clear(s);
210 210
@@ -216,7 +216,7 @@ ssl3_accept(SSL *s)
216 216
217 switch (s->s3->hs.state) { 217 switch (s->s3->hs.state) {
218 case SSL_ST_RENEGOTIATE: 218 case SSL_ST_RENEGOTIATE:
219 s->internal->renegotiate = 1; 219 s->renegotiate = 1;
220 /* s->s3->hs.state=SSL_ST_ACCEPT; */ 220 /* s->s3->hs.state=SSL_ST_ACCEPT; */
221 221
222 case SSL_ST_BEFORE: 222 case SSL_ST_BEFORE:
@@ -257,7 +257,7 @@ ssl3_accept(SSL *s)
257 goto end; 257 goto end;
258 } 258 }
259 259
260 s->internal->init_num = 0; 260 s->init_num = 0;
261 261
262 if (s->s3->hs.state != SSL_ST_RENEGOTIATE) { 262 if (s->s3->hs.state != SSL_ST_RENEGOTIATE) {
263 /* 263 /*
@@ -276,7 +276,7 @@ ssl3_accept(SSL *s)
276 } 276 }
277 277
278 s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A; 278 s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
279 s->ctx->internal->stats.sess_accept++; 279 s->ctx->stats.sess_accept++;
280 } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) { 280 } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) {
281 /* 281 /*
282 * Server attempting to renegotiate with 282 * Server attempting to renegotiate with
@@ -293,14 +293,14 @@ ssl3_accept(SSL *s)
293 * s->s3->hs.state == SSL_ST_RENEGOTIATE, 293 * s->s3->hs.state == SSL_ST_RENEGOTIATE,
294 * we will just send a HelloRequest. 294 * we will just send a HelloRequest.
295 */ 295 */
296 s->ctx->internal->stats.sess_accept_renegotiate++; 296 s->ctx->stats.sess_accept_renegotiate++;
297 s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A; 297 s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A;
298 } 298 }
299 break; 299 break;
300 300
301 case SSL3_ST_SW_HELLO_REQ_A: 301 case SSL3_ST_SW_HELLO_REQ_A:
302 case SSL3_ST_SW_HELLO_REQ_B: 302 case SSL3_ST_SW_HELLO_REQ_B:
303 s->internal->shutdown = 0; 303 s->shutdown = 0;
304 if (SSL_is_dtls(s)) { 304 if (SSL_is_dtls(s)) {
305 dtls1_clear_record_buffer(s); 305 dtls1_clear_record_buffer(s);
306 dtls1_start_timer(s); 306 dtls1_start_timer(s);
@@ -313,7 +313,7 @@ ssl3_accept(SSL *s)
313 else 313 else
314 s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C; 314 s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C;
315 s->s3->hs.state = SSL3_ST_SW_FLUSH; 315 s->s3->hs.state = SSL3_ST_SW_FLUSH;
316 s->internal->init_num = 0; 316 s->init_num = 0;
317 317
318 if (SSL_is_dtls(s)) { 318 if (SSL_is_dtls(s)) {
319 if (!tls1_transcript_init(s)) { 319 if (!tls1_transcript_init(s)) {
@@ -330,7 +330,7 @@ ssl3_accept(SSL *s)
330 case SSL3_ST_SR_CLNT_HELLO_A: 330 case SSL3_ST_SR_CLNT_HELLO_A:
331 case SSL3_ST_SR_CLNT_HELLO_B: 331 case SSL3_ST_SR_CLNT_HELLO_B:
332 case SSL3_ST_SR_CLNT_HELLO_C: 332 case SSL3_ST_SR_CLNT_HELLO_C:
333 s->internal->shutdown = 0; 333 s->shutdown = 0;
334 if (SSL_is_dtls(s)) { 334 if (SSL_is_dtls(s)) {
335 ret = ssl3_get_client_hello(s); 335 ret = ssl3_get_client_hello(s);
336 if (ret <= 0) 336 if (ret <= 0)
@@ -343,7 +343,7 @@ ssl3_accept(SSL *s)
343 else 343 else
344 s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; 344 s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
345 345
346 s->internal->init_num = 0; 346 s->init_num = 0;
347 347
348 /* 348 /*
349 * Reflect ClientHello sequence to remain 349 * Reflect ClientHello sequence to remain
@@ -351,7 +351,7 @@ ssl3_accept(SSL *s)
351 */ 351 */
352 if (listen) { 352 if (listen) {
353 tls12_record_layer_reflect_seq_num( 353 tls12_record_layer_reflect_seq_num(
354 s->internal->rl); 354 s->rl);
355 } 355 }
356 356
357 /* If we're just listening, stop here */ 357 /* If we're just listening, stop here */
@@ -368,15 +368,15 @@ ssl3_accept(SSL *s)
368 goto end; 368 goto end;
369 } 369 }
370 } else { 370 } else {
371 if (s->internal->rwstate != SSL_X509_LOOKUP) { 371 if (s->rwstate != SSL_X509_LOOKUP) {
372 ret = ssl3_get_client_hello(s); 372 ret = ssl3_get_client_hello(s);
373 if (ret <= 0) 373 if (ret <= 0)
374 goto end; 374 goto end;
375 } 375 }
376 376
377 s->internal->renegotiate = 2; 377 s->renegotiate = 2;
378 s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; 378 s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
379 s->internal->init_num = 0; 379 s->init_num = 0;
380 } 380 }
381 break; 381 break;
382 382
@@ -395,21 +395,21 @@ ssl3_accept(SSL *s)
395 case SSL3_ST_SW_SRVR_HELLO_A: 395 case SSL3_ST_SW_SRVR_HELLO_A:
396 case SSL3_ST_SW_SRVR_HELLO_B: 396 case SSL3_ST_SW_SRVR_HELLO_B:
397 if (SSL_is_dtls(s)) { 397 if (SSL_is_dtls(s)) {
398 s->internal->renegotiate = 2; 398 s->renegotiate = 2;
399 dtls1_start_timer(s); 399 dtls1_start_timer(s);
400 } 400 }
401 ret = ssl3_send_server_hello(s); 401 ret = ssl3_send_server_hello(s);
402 if (ret <= 0) 402 if (ret <= 0)
403 goto end; 403 goto end;
404 if (s->internal->hit) { 404 if (s->hit) {
405 if (s->internal->tlsext_ticket_expected) 405 if (s->tlsext_ticket_expected)
406 s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; 406 s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
407 else 407 else
408 s->s3->hs.state = SSL3_ST_SW_CHANGE_A; 408 s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
409 } else { 409 } else {
410 s->s3->hs.state = SSL3_ST_SW_CERT_A; 410 s->s3->hs.state = SSL3_ST_SW_CERT_A;
411 } 411 }
412 s->internal->init_num = 0; 412 s->init_num = 0;
413 break; 413 break;
414 414
415 case SSL3_ST_SW_CERT_A: 415 case SSL3_ST_SW_CERT_A:
@@ -422,7 +422,7 @@ ssl3_accept(SSL *s)
422 ret = ssl3_send_server_certificate(s); 422 ret = ssl3_send_server_certificate(s);
423 if (ret <= 0) 423 if (ret <= 0)
424 goto end; 424 goto end;
425 if (s->internal->tlsext_status_expected) 425 if (s->tlsext_status_expected)
426 s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A; 426 s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A;
427 else 427 else
428 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; 428 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
@@ -430,7 +430,7 @@ ssl3_accept(SSL *s)
430 skip = 1; 430 skip = 1;
431 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; 431 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
432 } 432 }
433 s->internal->init_num = 0; 433 s->init_num = 0;
434 break; 434 break;
435 435
436 case SSL3_ST_SW_KEY_EXCH_A: 436 case SSL3_ST_SW_KEY_EXCH_A:
@@ -455,7 +455,7 @@ ssl3_accept(SSL *s)
455 skip = 1; 455 skip = 1;
456 456
457 s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A; 457 s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A;
458 s->internal->init_num = 0; 458 s->init_num = 0;
459 break; 459 break;
460 460
461 case SSL3_ST_SW_CERT_REQ_A: 461 case SSL3_ST_SW_CERT_REQ_A:
@@ -498,7 +498,7 @@ ssl3_accept(SSL *s)
498 if (ret <= 0) 498 if (ret <= 0)
499 goto end; 499 goto end;
500 s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; 500 s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A;
501 s->internal->init_num = 0; 501 s->init_num = 0;
502 } 502 }
503 break; 503 break;
504 504
@@ -511,7 +511,7 @@ ssl3_accept(SSL *s)
511 goto end; 511 goto end;
512 s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A; 512 s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A;
513 s->s3->hs.state = SSL3_ST_SW_FLUSH; 513 s->s3->hs.state = SSL3_ST_SW_FLUSH;
514 s->internal->init_num = 0; 514 s->init_num = 0;
515 break; 515 break;
516 516
517 case SSL3_ST_SW_FLUSH: 517 case SSL3_ST_SW_FLUSH:
@@ -525,19 +525,19 @@ ssl3_accept(SSL *s)
525 * still exist. So instead we just flush 525 * still exist. So instead we just flush
526 * unconditionally. 526 * unconditionally.
527 */ 527 */
528 s->internal->rwstate = SSL_WRITING; 528 s->rwstate = SSL_WRITING;
529 if (BIO_flush(s->wbio) <= 0) { 529 if (BIO_flush(s->wbio) <= 0) {
530 if (SSL_is_dtls(s)) { 530 if (SSL_is_dtls(s)) {
531 /* If the write error was fatal, stop trying. */ 531 /* If the write error was fatal, stop trying. */
532 if (!BIO_should_retry(s->wbio)) { 532 if (!BIO_should_retry(s->wbio)) {
533 s->internal->rwstate = SSL_NOTHING; 533 s->rwstate = SSL_NOTHING;
534 s->s3->hs.state = s->s3->hs.tls12.next_state; 534 s->s3->hs.state = s->s3->hs.tls12.next_state;
535 } 535 }
536 } 536 }
537 ret = -1; 537 ret = -1;
538 goto end; 538 goto end;
539 } 539 }
540 s->internal->rwstate = SSL_NOTHING; 540 s->rwstate = SSL_NOTHING;
541 s->s3->hs.state = s->s3->hs.tls12.next_state; 541 s->s3->hs.state = s->s3->hs.tls12.next_state;
542 break; 542 break;
543 543
@@ -548,7 +548,7 @@ ssl3_accept(SSL *s)
548 if (ret <= 0) 548 if (ret <= 0)
549 goto end; 549 goto end;
550 } 550 }
551 s->internal->init_num = 0; 551 s->init_num = 0;
552 s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A; 552 s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A;
553 break; 553 break;
554 554
@@ -560,7 +560,7 @@ ssl3_accept(SSL *s)
560 560
561 if (SSL_is_dtls(s)) { 561 if (SSL_is_dtls(s)) {
562 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; 562 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
563 s->internal->init_num = 0; 563 s->init_num = 0;
564 } 564 }
565 565
566 alg_k = s->s3->hs.cipher->algorithm_mkey; 566 alg_k = s->s3->hs.cipher->algorithm_mkey;
@@ -571,10 +571,10 @@ ssl3_accept(SSL *s)
571 * the CertificateVerify message is not sent. 571 * the CertificateVerify message is not sent.
572 */ 572 */
573 s->s3->hs.state = SSL3_ST_SR_FINISHED_A; 573 s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
574 s->internal->init_num = 0; 574 s->init_num = 0;
575 } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { 575 } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
576 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; 576 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
577 s->internal->init_num = 0; 577 s->init_num = 0;
578 if (!s->session->peer_cert) 578 if (!s->session->peer_cert)
579 break; 579 break;
580 /* 580 /*
@@ -584,7 +584,7 @@ ssl3_accept(SSL *s)
584 tls1_transcript_freeze(s); 584 tls1_transcript_freeze(s);
585 } else { 585 } else {
586 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; 586 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
587 s->internal->init_num = 0; 587 s->init_num = 0;
588 588
589 tls1_transcript_free(s); 589 tls1_transcript_free(s);
590 590
@@ -614,7 +614,7 @@ ssl3_accept(SSL *s)
614 if (ret <= 0) 614 if (ret <= 0)
615 goto end; 615 goto end;
616 s->s3->hs.state = SSL3_ST_SR_FINISHED_A; 616 s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
617 s->internal->init_num = 0; 617 s->init_num = 0;
618 break; 618 break;
619 619
620 case SSL3_ST_SR_FINISHED_A: 620 case SSL3_ST_SR_FINISHED_A:
@@ -628,13 +628,13 @@ ssl3_accept(SSL *s)
628 goto end; 628 goto end;
629 if (SSL_is_dtls(s)) 629 if (SSL_is_dtls(s))
630 dtls1_stop_timer(s); 630 dtls1_stop_timer(s);
631 if (s->internal->hit) 631 if (s->hit)
632 s->s3->hs.state = SSL_ST_OK; 632 s->s3->hs.state = SSL_ST_OK;
633 else if (s->internal->tlsext_ticket_expected) 633 else if (s->tlsext_ticket_expected)
634 s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; 634 s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
635 else 635 else
636 s->s3->hs.state = SSL3_ST_SW_CHANGE_A; 636 s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
637 s->internal->init_num = 0; 637 s->init_num = 0;
638 break; 638 break;
639 639
640 case SSL3_ST_SW_SESSION_TICKET_A: 640 case SSL3_ST_SW_SESSION_TICKET_A:
@@ -643,7 +643,7 @@ ssl3_accept(SSL *s)
643 if (ret <= 0) 643 if (ret <= 0)
644 goto end; 644 goto end;
645 s->s3->hs.state = SSL3_ST_SW_CHANGE_A; 645 s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
646 s->internal->init_num = 0; 646 s->init_num = 0;
647 break; 647 break;
648 648
649 case SSL3_ST_SW_CERT_STATUS_A: 649 case SSL3_ST_SW_CERT_STATUS_A:
@@ -652,7 +652,7 @@ ssl3_accept(SSL *s)
652 if (ret <= 0) 652 if (ret <= 0)
653 goto end; 653 goto end;
654 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; 654 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
655 s->internal->init_num = 0; 655 s->init_num = 0;
656 break; 656 break;
657 657
658 case SSL3_ST_SW_CHANGE_A: 658 case SSL3_ST_SW_CHANGE_A:
@@ -661,7 +661,7 @@ ssl3_accept(SSL *s)
661 if (ret <= 0) 661 if (ret <= 0)
662 goto end; 662 goto end;
663 s->s3->hs.state = SSL3_ST_SW_FINISHED_A; 663 s->s3->hs.state = SSL3_ST_SW_FINISHED_A;
664 s->internal->init_num = 0; 664 s->init_num = 0;
665 s->session->cipher = s->s3->hs.cipher; 665 s->session->cipher = s->s3->hs.cipher;
666 666
667 if (!tls1_setup_key_block(s)) { 667 if (!tls1_setup_key_block(s)) {
@@ -680,12 +680,12 @@ ssl3_accept(SSL *s)
680 if (ret <= 0) 680 if (ret <= 0)
681 goto end; 681 goto end;
682 s->s3->hs.state = SSL3_ST_SW_FLUSH; 682 s->s3->hs.state = SSL3_ST_SW_FLUSH;
683 if (s->internal->hit) { 683 if (s->hit) {
684 s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A; 684 s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A;
685 tls1_transcript_free(s); 685 tls1_transcript_free(s);
686 } else 686 } else
687 s->s3->hs.tls12.next_state = SSL_ST_OK; 687 s->s3->hs.tls12.next_state = SSL_ST_OK;
688 s->internal->init_num = 0; 688 s->init_num = 0;
689 break; 689 break;
690 690
691 case SSL_ST_OK: 691 case SSL_ST_OK:
@@ -704,18 +704,18 @@ ssl3_accept(SSL *s)
704 /* remove buffering on output */ 704 /* remove buffering on output */
705 ssl_free_wbio_buffer(s); 705 ssl_free_wbio_buffer(s);
706 706
707 s->internal->init_num = 0; 707 s->init_num = 0;
708 708
709 /* Skipped if we just sent a HelloRequest. */ 709 /* Skipped if we just sent a HelloRequest. */
710 if (s->internal->renegotiate == 2) { 710 if (s->renegotiate == 2) {
711 s->internal->renegotiate = 0; 711 s->renegotiate = 0;
712 s->internal->new_session = 0; 712 s->new_session = 0;
713 713
714 ssl_update_cache(s, SSL_SESS_CACHE_SERVER); 714 ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
715 715
716 s->ctx->internal->stats.sess_accept_good++; 716 s->ctx->stats.sess_accept_good++;
717 /* s->server=1; */ 717 /* s->server=1; */
718 s->internal->handshake_func = ssl3_accept; 718 s->handshake_func = ssl3_accept;
719 719
720 ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1); 720 ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1);
721 } 721 }
@@ -740,7 +740,7 @@ ssl3_accept(SSL *s)
740 } 740 }
741 741
742 if (!s->s3->hs.tls12.reuse_message && !skip) { 742 if (!s->s3->hs.tls12.reuse_message && !skip) {
743 if (s->internal->debug) { 743 if (s->debug) {
744 if ((ret = BIO_flush(s->wbio)) <= 0) 744 if ((ret = BIO_flush(s->wbio)) <= 0)
745 goto end; 745 goto end;
746 } 746 }
@@ -757,7 +757,7 @@ ssl3_accept(SSL *s)
757 } 757 }
758 end: 758 end:
759 /* BIO_flush(s->wbio); */ 759 /* BIO_flush(s->wbio); */
760 s->internal->in_handshake--; 760 s->in_handshake--;
761 ssl_info_callback(s, SSL_CB_ACCEPT_EXIT, ret); 761 ssl_info_callback(s, SSL_CB_ACCEPT_EXIT, ret);
762 762
763 return (ret); 763 return (ret);
@@ -815,19 +815,19 @@ ssl3_get_client_hello(SSL *s)
815 if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A) 815 if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A)
816 s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B; 816 s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
817 817
818 s->internal->first_packet = 1; 818 s->first_packet = 1;
819 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, 819 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
820 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, 820 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
821 SSL3_RT_MAX_PLAIN_LENGTH)) <= 0) 821 SSL3_RT_MAX_PLAIN_LENGTH)) <= 0)
822 return ret; 822 return ret;
823 s->internal->first_packet = 0; 823 s->first_packet = 0;
824 824
825 ret = -1; 825 ret = -1;
826 826
827 if (s->internal->init_num < 0) 827 if (s->init_num < 0)
828 goto err; 828 goto err;
829 829
830 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 830 CBS_init(&cbs, s->init_msg, s->init_num);
831 831
832 /* Parse client hello up until the extensions (if any). */ 832 /* Parse client hello up until the extensions (if any). */
833 if (!CBS_get_u16(&cbs, &client_version)) 833 if (!CBS_get_u16(&cbs, &client_version))
@@ -856,7 +856,7 @@ ssl3_get_client_hello(SSL *s)
856 */ 856 */
857 if (!ssl_max_shared_version(s, client_version, &shared_version)) { 857 if (!ssl_max_shared_version(s, client_version, &shared_version)) {
858 if ((client_version >> 8) == SSL3_VERSION_MAJOR && 858 if ((client_version >> 8) == SSL3_VERSION_MAJOR &&
859 !tls12_record_layer_write_protected(s->internal->rl)) { 859 !tls12_record_layer_write_protected(s->rl)) {
860 /* 860 /*
861 * Similar to ssl3_get_record, send alert using remote 861 * Similar to ssl3_get_record, send alert using remote
862 * version number. 862 * version number.
@@ -898,7 +898,7 @@ ssl3_get_client_hello(SSL *s)
898 sizeof(s->s3->client_random), NULL)) 898 sizeof(s->s3->client_random), NULL))
899 goto err; 899 goto err;
900 900
901 s->internal->hit = 0; 901 s->hit = 0;
902 902
903 /* 903 /*
904 * Versions before 0.9.7 always allow clients to resume sessions in 904 * Versions before 0.9.7 always allow clients to resume sessions in
@@ -910,12 +910,12 @@ ssl3_get_client_hello(SSL *s)
910 * library versions). 910 * library versions).
911 * 911 *
912 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() 912 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated()
913 * to request renegotiation but not a new session (s->internal->new_session 913 * to request renegotiation but not a new session (s->new_session
914 * remains unset): for servers, this essentially just means that the 914 * remains unset): for servers, this essentially just means that the
915 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be 915 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
916 * ignored. 916 * ignored.
917 */ 917 */
918 if ((s->internal->new_session && (s->internal->options & 918 if ((s->new_session && (s->options &
919 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { 919 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
920 if (!ssl_get_new_session(s, 1)) 920 if (!ssl_get_new_session(s, 1))
921 goto err; 921 goto err;
@@ -926,7 +926,7 @@ ssl3_get_client_hello(SSL *s)
926 926
927 i = ssl_get_prev_session(s, &session_id, &ext_block, &al); 927 i = ssl_get_prev_session(s, &session_id, &ext_block, &al);
928 if (i == 1) { /* previous session */ 928 if (i == 1) { /* previous session */
929 s->internal->hit = 1; 929 s->hit = 1;
930 } else if (i == -1) 930 } else if (i == -1)
931 goto fatal_err; 931 goto fatal_err;
932 else { 932 else {
@@ -958,8 +958,8 @@ ssl3_get_client_hello(SSL *s)
958 sizeof(s->d1->rcvd_cookie), &cookie_len)) 958 sizeof(s->d1->rcvd_cookie), &cookie_len))
959 goto err; 959 goto err;
960 960
961 if (s->ctx->internal->app_verify_cookie_cb != NULL) { 961 if (s->ctx->app_verify_cookie_cb != NULL) {
962 if (s->ctx->internal->app_verify_cookie_cb(s, 962 if (s->ctx->app_verify_cookie_cb(s,
963 s->d1->rcvd_cookie, cookie_len) == 0) { 963 s->d1->rcvd_cookie, cookie_len) == 0) {
964 al = SSL_AD_HANDSHAKE_FAILURE; 964 al = SSL_AD_HANDSHAKE_FAILURE;
965 SSLerror(s, SSL_R_COOKIE_MISMATCH); 965 SSLerror(s, SSL_R_COOKIE_MISMATCH);
@@ -994,7 +994,7 @@ ssl3_get_client_hello(SSL *s)
994 994
995 /* If it is a hit, check that the cipher is in the list */ 995 /* If it is a hit, check that the cipher is in the list */
996 /* XXX - CBS_len(&cipher_suites) will always be zero here... */ 996 /* XXX - CBS_len(&cipher_suites) will always be zero here... */
997 if (s->internal->hit && CBS_len(&cipher_suites) > 0) { 997 if (s->hit && CBS_len(&cipher_suites) > 0) {
998 j = 0; 998 j = 0;
999 id = s->session->cipher->id; 999 id = s->session->cipher->id;
1000 1000
@@ -1037,7 +1037,7 @@ ssl3_get_client_hello(SSL *s)
1037 if (CBS_len(&cbs) != 0) 1037 if (CBS_len(&cbs) != 0)
1038 goto decode_err; 1038 goto decode_err;
1039 1039
1040 if (!s->s3->renegotiate_seen && s->internal->renegotiate) { 1040 if (!s->s3->renegotiate_seen && s->renegotiate) {
1041 al = SSL_AD_HANDSHAKE_FAILURE; 1041 al = SSL_AD_HANDSHAKE_FAILURE;
1042 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 1042 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1043 goto fatal_err; 1043 goto fatal_err;
@@ -1077,13 +1077,13 @@ ssl3_get_client_hello(SSL *s)
1077 } 1077 }
1078 } 1078 }
1079 1079
1080 if (!s->internal->hit && s->internal->tls_session_secret_cb != NULL) { 1080 if (!s->hit && s->tls_session_secret_cb != NULL) {
1081 SSL_CIPHER *pref_cipher = NULL; 1081 SSL_CIPHER *pref_cipher = NULL;
1082 int master_key_length = sizeof(s->session->master_key); 1082 int master_key_length = sizeof(s->session->master_key);
1083 1083
1084 if (!s->internal->tls_session_secret_cb(s, 1084 if (!s->tls_session_secret_cb(s,
1085 s->session->master_key, &master_key_length, ciphers, 1085 s->session->master_key, &master_key_length, ciphers,
1086 &pref_cipher, s->internal->tls_session_secret_cb_arg)) { 1086 &pref_cipher, s->tls_session_secret_cb_arg)) {
1087 SSLerror(s, ERR_R_INTERNAL_ERROR); 1087 SSLerror(s, ERR_R_INTERNAL_ERROR);
1088 goto err; 1088 goto err;
1089 } 1089 }
@@ -1093,7 +1093,7 @@ ssl3_get_client_hello(SSL *s)
1093 } 1093 }
1094 s->session->master_key_length = master_key_length; 1094 s->session->master_key_length = master_key_length;
1095 1095
1096 s->internal->hit = 1; 1096 s->hit = 1;
1097 s->session->verify_result = X509_V_OK; 1097 s->session->verify_result = X509_V_OK;
1098 1098
1099 sk_SSL_CIPHER_free(s->session->ciphers); 1099 sk_SSL_CIPHER_free(s->session->ciphers);
@@ -1120,7 +1120,7 @@ ssl3_get_client_hello(SSL *s)
1120 * pick a cipher 1120 * pick a cipher
1121 */ 1121 */
1122 1122
1123 if (!s->internal->hit) { 1123 if (!s->hit) {
1124 if (ciphers == NULL) { 1124 if (ciphers == NULL) {
1125 al = SSL_AD_ILLEGAL_PARAMETER; 1125 al = SSL_AD_ILLEGAL_PARAMETER;
1126 SSLerror(s, SSL_R_NO_CIPHERS_PASSED); 1126 SSLerror(s, SSL_R_NO_CIPHERS_PASSED);
@@ -1157,7 +1157,7 @@ ssl3_get_client_hello(SSL *s)
1157 * compression - basically ignored right now 1157 * compression - basically ignored right now
1158 * ssl version is set - sslv3 1158 * ssl version is set - sslv3
1159 * s->session - The ssl session has been setup. 1159 * s->session - The ssl session has been setup.
1160 * s->internal->hit - session reuse flag 1160 * s->hit - session reuse flag
1161 * s->hs.cipher - the new cipher to use. 1161 * s->hs.cipher - the new cipher to use.
1162 */ 1162 */
1163 1163
@@ -1190,8 +1190,8 @@ ssl3_send_dtls_hello_verify_request(SSL *s)
1190 memset(&cbb, 0, sizeof(cbb)); 1190 memset(&cbb, 0, sizeof(cbb));
1191 1191
1192 if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { 1192 if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
1193 if (s->ctx->internal->app_gen_cookie_cb == NULL || 1193 if (s->ctx->app_gen_cookie_cb == NULL ||
1194 s->ctx->internal->app_gen_cookie_cb(s, s->d1->cookie, 1194 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
1195 &(s->d1->cookie_len)) == 0) { 1195 &(s->d1->cookie_len)) == 0) {
1196 SSLerror(s, ERR_R_INTERNAL_ERROR); 1196 SSLerror(s, ERR_R_INTERNAL_ERROR);
1197 return 0; 1197 return 0;
@@ -1259,12 +1259,12 @@ ssl3_send_server_hello(SSL *s)
1259 * - However, if we want the new session to be single-use, 1259 * - However, if we want the new session to be single-use,
1260 * we send back a 0-length session ID. 1260 * we send back a 0-length session ID.
1261 * 1261 *
1262 * s->internal->hit is non-zero in either case of session reuse, 1262 * s->hit is non-zero in either case of session reuse,
1263 * so the following won't overwrite an ID that we're supposed 1263 * so the following won't overwrite an ID that we're supposed
1264 * to send back. 1264 * to send back.
1265 */ 1265 */
1266 if (!(s->ctx->internal->session_cache_mode & SSL_SESS_CACHE_SERVER) 1266 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
1267 && !s->internal->hit) 1267 && !s->hit)
1268 s->session->session_id_length = 0; 1268 s->session->session_id_length = 0;
1269 1269
1270 sl = s->session->session_id_length; 1270 sl = s->session->session_id_length;
@@ -1895,10 +1895,10 @@ ssl3_get_client_key_exchange(SSL *s)
1895 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048)) <= 0) 1895 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048)) <= 0)
1896 return ret; 1896 return ret;
1897 1897
1898 if (s->internal->init_num < 0) 1898 if (s->init_num < 0)
1899 goto err; 1899 goto err;
1900 1900
1901 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 1901 CBS_init(&cbs, s->init_msg, s->init_num);
1902 1902
1903 alg_k = s->s3->hs.cipher->algorithm_mkey; 1903 alg_k = s->s3->hs.cipher->algorithm_mkey;
1904 1904
@@ -1955,13 +1955,13 @@ ssl3_get_cert_verify(SSL *s)
1955 1955
1956 ret = 0; 1956 ret = 0;
1957 1957
1958 if (s->internal->init_num < 0) 1958 if (s->init_num < 0)
1959 goto err; 1959 goto err;
1960 1960
1961 if ((mctx = EVP_MD_CTX_new()) == NULL) 1961 if ((mctx = EVP_MD_CTX_new()) == NULL)
1962 goto err; 1962 goto err;
1963 1963
1964 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 1964 CBS_init(&cbs, s->init_msg, s->init_num);
1965 1965
1966 peer_cert = s->session->peer_cert; 1966 peer_cert = s->session->peer_cert;
1967 pkey = X509_get0_pubkey(peer_cert); 1967 pkey = X509_get0_pubkey(peer_cert);
@@ -2178,7 +2178,7 @@ ssl3_get_client_certificate(SSL *s)
2178 int al, ret; 2178 int al, ret;
2179 2179
2180 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, 2180 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
2181 -1, s->internal->max_cert_list)) <= 0) 2181 -1, s->max_cert_list)) <= 0)
2182 return ret; 2182 return ret;
2183 2183
2184 ret = -1; 2184 ret = -1;
@@ -2210,10 +2210,10 @@ ssl3_get_client_certificate(SSL *s)
2210 goto fatal_err; 2210 goto fatal_err;
2211 } 2211 }
2212 2212
2213 if (s->internal->init_num < 0) 2213 if (s->init_num < 0)
2214 goto decode_err; 2214 goto decode_err;
2215 2215
2216 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 2216 CBS_init(&cbs, s->init_msg, s->init_num);
2217 2217
2218 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list)) 2218 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list))
2219 goto decode_err; 2219 goto decode_err;
@@ -2367,17 +2367,17 @@ ssl3_send_newsession_ticket(SSL *s)
2367 * it does all the work, otherwise use generated values from 2367 * it does all the work, otherwise use generated values from
2368 * parent context. 2368 * parent context.
2369 */ 2369 */
2370 if (tctx->internal->tlsext_ticket_key_cb != NULL) { 2370 if (tctx->tlsext_ticket_key_cb != NULL) {
2371 if (tctx->internal->tlsext_ticket_key_cb(s, 2371 if (tctx->tlsext_ticket_key_cb(s,
2372 key_name, iv, ctx, hctx, 1) < 0) 2372 key_name, iv, ctx, hctx, 1) < 0)
2373 goto err; 2373 goto err;
2374 } else { 2374 } else {
2375 arc4random_buf(iv, 16); 2375 arc4random_buf(iv, 16);
2376 EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, 2376 EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
2377 tctx->internal->tlsext_tick_aes_key, iv); 2377 tctx->tlsext_tick_aes_key, iv);
2378 HMAC_Init_ex(hctx, tctx->internal->tlsext_tick_hmac_key, 2378 HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
2379 16, EVP_sha256(), NULL); 2379 16, EVP_sha256(), NULL);
2380 memcpy(key_name, tctx->internal->tlsext_tick_key_name, 16); 2380 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
2381 } 2381 }
2382 2382
2383 /* Encrypt the session state. */ 2383 /* Encrypt the session state. */
@@ -2415,7 +2415,7 @@ ssl3_send_newsession_ticket(SSL *s)
2415 * sessions will live as long as their sessions. 2415 * sessions will live as long as their sessions.
2416 */ 2416 */
2417 if (!CBB_add_u32(&session_ticket, 2417 if (!CBB_add_u32(&session_ticket,
2418 s->internal->hit ? 0 : s->session->timeout)) 2418 s->hit ? 0 : s->session->timeout))
2419 goto err; 2419 goto err;
2420 2420
2421 if (!CBB_add_u16_length_prefixed(&session_ticket, &ticket)) 2421 if (!CBB_add_u16_length_prefixed(&session_ticket, &ticket))
@@ -2473,8 +2473,8 @@ ssl3_send_cert_status(SSL *s)
2473 goto err; 2473 goto err;
2474 if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp)) 2474 if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp))
2475 goto err; 2475 goto err;
2476 if (!CBB_add_bytes(&ocspresp, s->internal->tlsext_ocsp_resp, 2476 if (!CBB_add_bytes(&ocspresp, s->tlsext_ocsp_resp,
2477 s->internal->tlsext_ocsp_resp_len)) 2477 s->tlsext_ocsp_resp_len))
2478 goto err; 2478 goto err;
2479 if (!ssl3_handshake_msg_finish(s, &cbb)) 2479 if (!ssl3_handshake_msg_finish(s, &cbb))
2480 goto err; 2480 goto err;
@@ -2500,8 +2500,8 @@ ssl3_send_server_change_cipher_spec(SSL *s)
2500 memset(&cbb, 0, sizeof(cbb)); 2500 memset(&cbb, 0, sizeof(cbb));
2501 2501
2502 if (s->s3->hs.state == SSL3_ST_SW_CHANGE_A) { 2502 if (s->s3->hs.state == SSL3_ST_SW_CHANGE_A) {
2503 if (!CBB_init_fixed(&cbb, s->internal->init_buf->data, 2503 if (!CBB_init_fixed(&cbb, s->init_buf->data,
2504 s->internal->init_buf->length)) 2504 s->init_buf->length))
2505 goto err; 2505 goto err;
2506 if (!CBB_add_u8(&cbb, SSL3_MT_CCS)) 2506 if (!CBB_add_u8(&cbb, SSL3_MT_CCS))
2507 goto err; 2507 goto err;
@@ -2511,8 +2511,8 @@ ssl3_send_server_change_cipher_spec(SSL *s)
2511 if (outlen > INT_MAX) 2511 if (outlen > INT_MAX)
2512 goto err; 2512 goto err;
2513 2513
2514 s->internal->init_num = (int)outlen; 2514 s->init_num = (int)outlen;
2515 s->internal->init_off = 0; 2515 s->init_off = 0;
2516 2516
2517 if (SSL_is_dtls(s)) { 2517 if (SSL_is_dtls(s)) {
2518 s->d1->handshake_write_seq = 2518 s->d1->handshake_write_seq =
@@ -2555,13 +2555,13 @@ ssl3_get_client_finished(SSL *s)
2555 2555
2556 md_len = TLS1_FINISH_MAC_LENGTH; 2556 md_len = TLS1_FINISH_MAC_LENGTH;
2557 2557
2558 if (s->internal->init_num < 0) { 2558 if (s->init_num < 0) {
2559 al = SSL_AD_DECODE_ERROR; 2559 al = SSL_AD_DECODE_ERROR;
2560 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); 2560 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
2561 goto fatal_err; 2561 goto fatal_err;
2562 } 2562 }
2563 2563
2564 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 2564 CBS_init(&cbs, s->init_msg, s->init_num);
2565 2565
2566 if (s->s3->hs.peer_finished_len != md_len || 2566 if (s->s3->hs.peer_finished_len != md_len ||
2567 CBS_len(&cbs) != md_len) { 2567 CBS_len(&cbs) != md_len) {
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
index 5d35528acd..e4303e171a 100644
--- a/src/lib/libssl/ssl_stat.c
+++ b/src/lib/libssl/ssl_stat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_stat.c,v 1.18 2022/02/05 14:54:10 jsing Exp $ */ 1/* $OpenBSD: ssl_stat.c,v 1.19 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -325,7 +325,7 @@ SSL_rstate_string_long(const SSL *s)
325{ 325{
326 const char *str; 326 const char *str;
327 327
328 switch (s->internal->rstate) { 328 switch (s->rstate) {
329 case SSL_ST_READ_HEADER: 329 case SSL_ST_READ_HEADER:
330 str = "read header"; 330 str = "read header";
331 break; 331 break;
@@ -771,7 +771,7 @@ SSL_rstate_string(const SSL *s)
771{ 771{
772 const char *str; 772 const char *str;
773 773
774 switch (s->internal->rstate) { 774 switch (s->rstate) {
775 case SSL_ST_READ_HEADER: 775 case SSL_ST_READ_HEADER:
776 str = "RH"; 776 str = "RH";
777 break; 777 break;
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index a42856264b..647a95e485 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.129 2022/08/15 10:46:53 tb Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.130 2022/10/02 16:36:41 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -40,7 +40,7 @@ static int
40tlsext_alpn_client_needs(SSL *s, uint16_t msg_type) 40tlsext_alpn_client_needs(SSL *s, uint16_t msg_type)
41{ 41{
42 /* ALPN protos have been specified and this is the initial handshake */ 42 /* ALPN protos have been specified and this is the initial handshake */
43 return s->internal->alpn_client_proto_list != NULL && 43 return s->alpn_client_proto_list != NULL &&
44 s->s3->hs.finished_len == 0; 44 s->s3->hs.finished_len == 0;
45} 45}
46 46
@@ -52,8 +52,8 @@ tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
52 if (!CBB_add_u16_length_prefixed(cbb, &protolist)) 52 if (!CBB_add_u16_length_prefixed(cbb, &protolist))
53 return 0; 53 return 0;
54 54
55 if (!CBB_add_bytes(&protolist, s->internal->alpn_client_proto_list, 55 if (!CBB_add_bytes(&protolist, s->alpn_client_proto_list,
56 s->internal->alpn_client_proto_list_len)) 56 s->alpn_client_proto_list_len))
57 return 0; 57 return 0;
58 58
59 if (!CBB_flush(cbb)) 59 if (!CBB_flush(cbb))
@@ -97,7 +97,7 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)
97 if (!tlsext_alpn_check_format(&alpn)) 97 if (!tlsext_alpn_check_format(&alpn))
98 return 0; 98 return 0;
99 99
100 if (s->ctx->internal->alpn_select_cb == NULL) 100 if (s->ctx->alpn_select_cb == NULL)
101 return 1; 101 return 1;
102 102
103 /* 103 /*
@@ -106,9 +106,9 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)
106 * 2. Should the callback be called even if no ALPN extension was sent? 106 * 2. Should the callback be called even if no ALPN extension was sent?
107 * 3. TLSv1.2 and earlier: ensure that SNI has already been processed. 107 * 3. TLSv1.2 and earlier: ensure that SNI has already been processed.
108 */ 108 */
109 r = s->ctx->internal->alpn_select_cb(s, &selected, &selected_len, 109 r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
110 CBS_data(&alpn), CBS_len(&alpn), 110 CBS_data(&alpn), CBS_len(&alpn),
111 s->ctx->internal->alpn_select_cb_arg); 111 s->ctx->alpn_select_cb_arg);
112 112
113 if (r == SSL_TLSEXT_ERR_OK) { 113 if (r == SSL_TLSEXT_ERR_OK) {
114 CBS_init(&selected_cbs, selected, selected_len); 114 CBS_init(&selected_cbs, selected, selected_len);
@@ -164,7 +164,7 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
164{ 164{
165 CBS list, proto; 165 CBS list, proto;
166 166
167 if (s->internal->alpn_client_proto_list == NULL) { 167 if (s->alpn_client_proto_list == NULL) {
168 *alert = SSL_AD_UNSUPPORTED_EXTENSION; 168 *alert = SSL_AD_UNSUPPORTED_EXTENSION;
169 return 0; 169 return 0;
170 } 170 }
@@ -243,7 +243,7 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
243 return 0; 243 return 0;
244 groups_len /= 2; 244 groups_len /= 2;
245 245
246 if (s->internal->hit) 246 if (s->hit)
247 return 1; 247 return 1;
248 248
249 if (s->s3->hs.tls13.hrr) { 249 if (s->s3->hs.tls13.hrr) {
@@ -365,7 +365,7 @@ tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
365 return 0; 365 return 0;
366 } 366 }
367 367
368 if (!s->internal->hit) { 368 if (!s->hit) {
369 if (!CBS_stow(&ecpf, &(s->session->tlsext_ecpointformatlist), 369 if (!CBS_stow(&ecpf, &(s->session->tlsext_ecpointformatlist),
370 &(s->session->tlsext_ecpointformatlist_length))) { 370 &(s->session->tlsext_ecpointformatlist_length))) {
371 *alert = SSL_AD_INTERNAL_ERROR; 371 *alert = SSL_AD_INTERNAL_ERROR;
@@ -418,7 +418,7 @@ tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
418static int 418static int
419tlsext_ri_client_needs(SSL *s, uint16_t msg_type) 419tlsext_ri_client_needs(SSL *s, uint16_t msg_type)
420{ 420{
421 return (s->internal->renegotiate); 421 return (s->renegotiate);
422} 422}
423 423
424static int 424static int
@@ -779,7 +779,7 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
779 goto err; 779 goto err;
780 } 780 }
781 781
782 if (s->internal->hit || s->s3->hs.tls13.hrr) { 782 if (s->hit || s->s3->hs.tls13.hrr) {
783 if (s->session->tlsext_hostname == NULL) { 783 if (s->session->tlsext_hostname == NULL) {
784 *alert = SSL_AD_UNRECOGNIZED_NAME; 784 *alert = SSL_AD_UNRECOGNIZED_NAME;
785 goto err; 785 goto err;
@@ -817,7 +817,7 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
817static int 817static int
818tlsext_sni_server_needs(SSL *s, uint16_t msg_type) 818tlsext_sni_server_needs(SSL *s, uint16_t msg_type)
819{ 819{
820 if (s->internal->hit) 820 if (s->hit)
821 return 0; 821 return 0;
822 822
823 return (s->session->tlsext_hostname != NULL); 823 return (s->session->tlsext_hostname != NULL);
@@ -837,7 +837,7 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
837 return 0; 837 return 0;
838 } 838 }
839 839
840 if (s->internal->hit) { 840 if (s->hit) {
841 if (s->session->tlsext_hostname == NULL) { 841 if (s->session->tlsext_hostname == NULL) {
842 *alert = SSL_AD_UNRECOGNIZED_NAME; 842 *alert = SSL_AD_UNRECOGNIZED_NAME;
843 return 0; 843 return 0;
@@ -885,12 +885,12 @@ tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
885 return 0; 885 return 0;
886 if (!CBB_add_u16_length_prefixed(cbb, &respid_list)) 886 if (!CBB_add_u16_length_prefixed(cbb, &respid_list))
887 return 0; 887 return 0;
888 for (i = 0; i < sk_OCSP_RESPID_num(s->internal->tlsext_ocsp_ids); i++) { 888 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
889 unsigned char *respid_data; 889 unsigned char *respid_data;
890 OCSP_RESPID *id; 890 OCSP_RESPID *id;
891 size_t id_len; 891 size_t id_len;
892 892
893 if ((id = sk_OCSP_RESPID_value(s->internal->tlsext_ocsp_ids, 893 if ((id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids,
894 i)) == NULL) 894 i)) == NULL)
895 return 0; 895 return 0;
896 if ((id_len = i2d_OCSP_RESPID(id, NULL)) == -1) 896 if ((id_len = i2d_OCSP_RESPID(id, NULL)) == -1)
@@ -904,12 +904,12 @@ tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
904 } 904 }
905 if (!CBB_add_u16_length_prefixed(cbb, &exts)) 905 if (!CBB_add_u16_length_prefixed(cbb, &exts))
906 return 0; 906 return 0;
907 if ((ext_len = i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, 907 if ((ext_len = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts,
908 NULL)) == -1) 908 NULL)) == -1)
909 return 0; 909 return 0;
910 if (!CBB_add_space(&exts, &ext_data, ext_len)) 910 if (!CBB_add_space(&exts, &ext_data, ext_len))
911 return 0; 911 return 0;
912 if ((i2d_X509_EXTENSIONS(s->internal->tlsext_ocsp_exts, &ext_data) != 912 if ((i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ext_data) !=
913 ext_len)) 913 ext_len))
914 return 0; 914 return 0;
915 if (!CBB_flush(cbb)) 915 if (!CBB_flush(cbb))
@@ -946,11 +946,11 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
946 goto err; 946 goto err;
947 947
948 /* XXX */ 948 /* XXX */
949 sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free); 949 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
950 s->internal->tlsext_ocsp_ids = NULL; 950 s->tlsext_ocsp_ids = NULL;
951 if (CBS_len(&respid_list) > 0) { 951 if (CBS_len(&respid_list) > 0) {
952 s->internal->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null(); 952 s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
953 if (s->internal->tlsext_ocsp_ids == NULL) { 953 if (s->tlsext_ocsp_ids == NULL) {
954 alert_desc = SSL_AD_INTERNAL_ERROR; 954 alert_desc = SSL_AD_INTERNAL_ERROR;
955 goto err; 955 goto err;
956 } 956 }
@@ -964,7 +964,7 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
964 p = CBS_data(&respid); 964 p = CBS_data(&respid);
965 if ((id = d2i_OCSP_RESPID(NULL, &p, CBS_len(&respid))) == NULL) 965 if ((id = d2i_OCSP_RESPID(NULL, &p, CBS_len(&respid))) == NULL)
966 goto err; 966 goto err;
967 if (!sk_OCSP_RESPID_push(s->internal->tlsext_ocsp_ids, id)) { 967 if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
968 alert_desc = SSL_AD_INTERNAL_ERROR; 968 alert_desc = SSL_AD_INTERNAL_ERROR;
969 OCSP_RESPID_free(id); 969 OCSP_RESPID_free(id);
970 goto err; 970 goto err;
@@ -975,10 +975,10 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
975 if (!CBS_get_u16_length_prefixed(cbs, &exts)) 975 if (!CBS_get_u16_length_prefixed(cbs, &exts))
976 goto err; 976 goto err;
977 if (CBS_len(&exts) > 0) { 977 if (CBS_len(&exts) > 0) {
978 sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts, 978 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
979 X509_EXTENSION_free); 979 X509_EXTENSION_free);
980 p = CBS_data(&exts); 980 p = CBS_data(&exts);
981 if ((s->internal->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, 981 if ((s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL,
982 &p, CBS_len(&exts))) == NULL) 982 &p, CBS_len(&exts))) == NULL)
983 goto err; 983 goto err;
984 } 984 }
@@ -995,14 +995,14 @@ tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type)
995{ 995{
996 if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && 996 if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&
997 s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && 997 s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
998 s->ctx->internal->tlsext_status_cb != NULL) { 998 s->ctx->tlsext_status_cb != NULL) {
999 s->internal->tlsext_status_expected = 0; 999 s->tlsext_status_expected = 0;
1000 if (s->ctx->internal->tlsext_status_cb(s, 1000 if (s->ctx->tlsext_status_cb(s,
1001 s->ctx->internal->tlsext_status_arg) == SSL_TLSEXT_ERR_OK && 1001 s->ctx->tlsext_status_arg) == SSL_TLSEXT_ERR_OK &&
1002 s->internal->tlsext_ocsp_resp_len > 0) 1002 s->tlsext_ocsp_resp_len > 0)
1003 s->internal->tlsext_status_expected = 1; 1003 s->tlsext_status_expected = 1;
1004 } 1004 }
1005 return s->internal->tlsext_status_expected; 1005 return s->tlsext_status_expected;
1006} 1006}
1007 1007
1008static int 1008static int
@@ -1016,8 +1016,8 @@ tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
1016 if (!CBB_add_u24_length_prefixed(cbb, &ocsp_response)) 1016 if (!CBB_add_u24_length_prefixed(cbb, &ocsp_response))
1017 return 0; 1017 return 0;
1018 if (!CBB_add_bytes(&ocsp_response, 1018 if (!CBB_add_bytes(&ocsp_response,
1019 s->internal->tlsext_ocsp_resp, 1019 s->tlsext_ocsp_resp,
1020 s->internal->tlsext_ocsp_resp_len)) 1020 s->tlsext_ocsp_resp_len))
1021 return 0; 1021 return 0;
1022 if (!CBB_flush(cbb)) 1022 if (!CBB_flush(cbb))
1023 return 0; 1023 return 0;
@@ -1059,8 +1059,8 @@ tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1059 SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); 1059 SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
1060 return 0; 1060 return 0;
1061 } 1061 }
1062 if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp, 1062 if (!CBS_stow(&response, &s->tlsext_ocsp_resp,
1063 &s->internal->tlsext_ocsp_resp_len)) { 1063 &s->tlsext_ocsp_resp_len)) {
1064 *alert = SSL_AD_INTERNAL_ERROR; 1064 *alert = SSL_AD_INTERNAL_ERROR;
1065 return 0; 1065 return 0;
1066 } 1066 }
@@ -1070,7 +1070,7 @@ tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1070 return 0; 1070 return 0;
1071 } 1071 }
1072 /* Set flag to expect CertificateStatus message */ 1072 /* Set flag to expect CertificateStatus message */
1073 s->internal->tlsext_status_expected = 1; 1073 s->tlsext_status_expected = 1;
1074 } 1074 }
1075 return 1; 1075 return 1;
1076} 1076}
@@ -1092,11 +1092,11 @@ tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type)
1092 if (!ssl_security_tickets(s)) 1092 if (!ssl_security_tickets(s))
1093 return 0; 1093 return 0;
1094 1094
1095 if (s->internal->new_session) 1095 if (s->new_session)
1096 return 1; 1096 return 1;
1097 1097
1098 if (s->internal->tlsext_session_ticket != NULL && 1098 if (s->tlsext_session_ticket != NULL &&
1099 s->internal->tlsext_session_ticket->data == NULL) 1099 s->tlsext_session_ticket->data == NULL)
1100 return 0; 1100 return 0;
1101 1101
1102 return 1; 1102 return 1;
@@ -1109,7 +1109,7 @@ tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
1109 * Signal that we support session tickets by sending an empty 1109 * Signal that we support session tickets by sending an empty
1110 * extension when renegotiating or no session found. 1110 * extension when renegotiating or no session found.
1111 */ 1111 */
1112 if (s->internal->new_session || s->session == NULL) 1112 if (s->new_session || s->session == NULL)
1113 return 1; 1113 return 1;
1114 1114
1115 if (s->session->tlsext_tick != NULL) { 1115 if (s->session->tlsext_tick != NULL) {
@@ -1118,18 +1118,18 @@ tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
1118 s->session->tlsext_ticklen)) 1118 s->session->tlsext_ticklen))
1119 return 0; 1119 return 0;
1120 1120
1121 } else if (s->internal->tlsext_session_ticket != NULL) { 1121 } else if (s->tlsext_session_ticket != NULL) {
1122 /* 1122 /*
1123 * Attempt to resume with a custom provided session ticket set 1123 * Attempt to resume with a custom provided session ticket set
1124 * by SSL_set_session_ticket_ext(). 1124 * by SSL_set_session_ticket_ext().
1125 */ 1125 */
1126 if (s->internal->tlsext_session_ticket->length > 0) { 1126 if (s->tlsext_session_ticket->length > 0) {
1127 size_t ticklen = s->internal->tlsext_session_ticket->length; 1127 size_t ticklen = s->tlsext_session_ticket->length;
1128 1128
1129 if ((s->session->tlsext_tick = malloc(ticklen)) == NULL) 1129 if ((s->session->tlsext_tick = malloc(ticklen)) == NULL)
1130 return 0; 1130 return 0;
1131 memcpy(s->session->tlsext_tick, 1131 memcpy(s->session->tlsext_tick,
1132 s->internal->tlsext_session_ticket->data, 1132 s->tlsext_session_ticket->data,
1133 ticklen); 1133 ticklen);
1134 s->session->tlsext_ticklen = ticklen; 1134 s->session->tlsext_ticklen = ticklen;
1135 1135
@@ -1149,10 +1149,10 @@ static int
1149tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, 1149tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
1150 int *alert) 1150 int *alert)
1151{ 1151{
1152 if (s->internal->tls_session_ticket_ext_cb) { 1152 if (s->tls_session_ticket_ext_cb) {
1153 if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs), 1153 if (!s->tls_session_ticket_ext_cb(s, CBS_data(cbs),
1154 (int)CBS_len(cbs), 1154 (int)CBS_len(cbs),
1155 s->internal->tls_session_ticket_ext_cb_arg)) { 1155 s->tls_session_ticket_ext_cb_arg)) {
1156 *alert = SSL_AD_INTERNAL_ERROR; 1156 *alert = SSL_AD_INTERNAL_ERROR;
1157 return 0; 1157 return 0;
1158 } 1158 }
@@ -1170,7 +1170,7 @@ tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
1170static int 1170static int
1171tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type) 1171tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type)
1172{ 1172{
1173 return (s->internal->tlsext_ticket_expected && 1173 return (s->tlsext_ticket_expected &&
1174 !(SSL_get_options(s) & SSL_OP_NO_TICKET) && 1174 !(SSL_get_options(s) & SSL_OP_NO_TICKET) &&
1175 ssl_security_tickets(s)); 1175 ssl_security_tickets(s));
1176} 1176}
@@ -1186,10 +1186,10 @@ static int
1186tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, 1186tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
1187 int *alert) 1187 int *alert)
1188{ 1188{
1189 if (s->internal->tls_session_ticket_ext_cb) { 1189 if (s->tls_session_ticket_ext_cb) {
1190 if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs), 1190 if (!s->tls_session_ticket_ext_cb(s, CBS_data(cbs),
1191 (int)CBS_len(cbs), 1191 (int)CBS_len(cbs),
1192 s->internal->tls_session_ticket_ext_cb_arg)) { 1192 s->tls_session_ticket_ext_cb_arg)) {
1193 *alert = SSL_AD_INTERNAL_ERROR; 1193 *alert = SSL_AD_INTERNAL_ERROR;
1194 return 0; 1194 return 0;
1195 } 1195 }
@@ -1200,7 +1200,7 @@ tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
1200 return 0; 1200 return 0;
1201 } 1201 }
1202 1202
1203 s->internal->tlsext_ticket_expected = 1; 1203 s->tlsext_ticket_expected = 1;
1204 1204
1205 return 1; 1205 return 1;
1206} 1206}
@@ -1310,7 +1310,7 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1310 goto err; 1310 goto err;
1311 1311
1312 if (cprof->id == sprof->id) { 1312 if (cprof->id == sprof->id) {
1313 s->internal->srtp_profile = sprof; 1313 s->srtp_profile = sprof;
1314 ret = 1; 1314 ret = 1;
1315 goto done; 1315 goto done;
1316 } 1316 }
@@ -1397,7 +1397,7 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1397 } 1397 }
1398 1398
1399 if (prof->id == id) { 1399 if (prof->id == id) {
1400 s->internal->srtp_profile = prof; 1400 s->srtp_profile = prof;
1401 return 1; 1401 return 1;
1402 } 1402 }
1403 } 1403 }
@@ -1899,15 +1899,15 @@ tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1899static int 1899static int
1900tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type) 1900tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)
1901{ 1901{
1902 return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0; 1902 return SSL_is_quic(s) && s->quic_transport_params_len > 0;
1903} 1903}
1904 1904
1905static int 1905static int
1906tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type, 1906tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
1907 CBB *cbb) 1907 CBB *cbb)
1908{ 1908{
1909 if (!CBB_add_bytes(cbb, s->internal->quic_transport_params, 1909 if (!CBB_add_bytes(cbb, s->quic_transport_params,
1910 s->internal->quic_transport_params_len)) 1910 s->quic_transport_params_len))
1911 return 0; 1911 return 0;
1912 1912
1913 return 1; 1913 return 1;
@@ -1934,15 +1934,15 @@ tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
1934static int 1934static int
1935tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type) 1935tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)
1936{ 1936{
1937 return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0; 1937 return SSL_is_quic(s) && s->quic_transport_params_len > 0;
1938} 1938}
1939 1939
1940static int 1940static int
1941tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type, 1941tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
1942 CBB *cbb) 1942 CBB *cbb)
1943{ 1943{
1944 if (!CBB_add_bytes(cbb, s->internal->quic_transport_params, 1944 if (!CBB_add_bytes(cbb, s->quic_transport_params,
1945 s->internal->quic_transport_params_len)) 1945 s->quic_transport_params_len))
1946 return 0; 1946 return 0;
1947 1947
1948 return 1; 1948 return 1;
@@ -2294,7 +2294,7 @@ tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs)
2294 * RFC 8446 4.1.2. For subsequent CH, early data will be removed, 2294 * RFC 8446 4.1.2. For subsequent CH, early data will be removed,
2295 * cookie may be added, padding may be removed. 2295 * cookie may be added, padding may be removed.
2296 */ 2296 */
2297 struct tls13_ctx *ctx = s->internal->tls13; 2297 struct tls13_ctx *ctx = s->tls13;
2298 2298
2299 if (type == TLSEXT_TYPE_early_data || type == TLSEXT_TYPE_cookie || 2299 if (type == TLSEXT_TYPE_early_data || type == TLSEXT_TYPE_cookie ||
2300 type == TLSEXT_TYPE_padding) 2300 type == TLSEXT_TYPE_padding)
@@ -2344,11 +2344,11 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert)
2344 if (!CBS_get_u16_length_prefixed(&extensions, &extension_data)) 2344 if (!CBS_get_u16_length_prefixed(&extensions, &extension_data))
2345 goto err; 2345 goto err;
2346 2346
2347 if (s->internal->tlsext_debug_cb != NULL) 2347 if (s->tlsext_debug_cb != NULL)
2348 s->internal->tlsext_debug_cb(s, !is_server, type, 2348 s->tlsext_debug_cb(s, !is_server, type,
2349 (unsigned char *)CBS_data(&extension_data), 2349 (unsigned char *)CBS_data(&extension_data),
2350 CBS_len(&extension_data), 2350 CBS_len(&extension_data),
2351 s->internal->tlsext_debug_arg); 2351 s->tlsext_debug_arg);
2352 2352
2353 /* Unknown extensions are ignored. */ 2353 /* Unknown extensions are ignored. */
2354 if ((tlsext = tls_extension_find(type, &idx)) == NULL) 2354 if ((tlsext = tls_extension_find(type, &idx)) == NULL)
@@ -2397,7 +2397,7 @@ tlsext_server_reset_state(SSL *s)
2397 free(s->s3->alpn_selected); 2397 free(s->s3->alpn_selected);
2398 s->s3->alpn_selected = NULL; 2398 s->s3->alpn_selected = NULL;
2399 s->s3->alpn_selected_len = 0; 2399 s->s3->alpn_selected_len = 0;
2400 s->internal->srtp_profile = NULL; 2400 s->srtp_profile = NULL;
2401} 2401}
2402 2402
2403int 2403int
diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c
index 4a58f14ccd..3cd6db01ca 100644
--- a/src/lib/libssl/ssl_versions.c
+++ b/src/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_versions.c,v 1.24 2022/09/11 18:13:30 jsing Exp $ */ 1/* $OpenBSD: ssl_versions.c,v 1.25 2022/10/02 16:36:41 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -140,13 +140,13 @@ ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
140 140
141 min_version = 0; 141 min_version = 0;
142 max_version = TLS1_3_VERSION; 142 max_version = TLS1_3_VERSION;
143 options = s->internal->options; 143 options = s->options;
144 144
145 if (SSL_is_dtls(s)) { 145 if (SSL_is_dtls(s)) {
146 options = 0; 146 options = 0;
147 if (s->internal->options & SSL_OP_NO_DTLSv1) 147 if (s->options & SSL_OP_NO_DTLSv1)
148 options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1; 148 options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
149 if (s->internal->options & SSL_OP_NO_DTLSv1_2) 149 if (s->options & SSL_OP_NO_DTLSv1_2)
150 options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2; 150 options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2;
151 } 151 }
152 152
@@ -174,7 +174,7 @@ ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
174 174
175 /* Limit to configured version range. */ 175 /* Limit to configured version range. */
176 if (!ssl_clamp_tls_version_range(&min_version, &max_version, 176 if (!ssl_clamp_tls_version_range(&min_version, &max_version,
177 s->internal->min_tls_version, s->internal->max_tls_version)) 177 s->min_tls_version, s->max_tls_version))
178 return 0; 178 return 0;
179 179
180 /* QUIC requires a minimum of TLSv1.3. */ 180 /* QUIC requires a minimum of TLSv1.3. */
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index c996159a47..66a7aea2f5 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.154 2022/02/05 14:54:10 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.155 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -311,13 +311,13 @@ tls1_change_cipher_state(SSL *s, int is_write)
311 } 311 }
312 312
313 if (!is_write) { 313 if (!is_write) {
314 if (!tls12_record_layer_change_read_cipher_state(s->internal->rl, 314 if (!tls12_record_layer_change_read_cipher_state(s->rl,
315 &mac_key, &key, &iv)) 315 &mac_key, &key, &iv))
316 goto err; 316 goto err;
317 if (SSL_is_dtls(s)) 317 if (SSL_is_dtls(s))
318 dtls1_reset_read_seq_numbers(s); 318 dtls1_reset_read_seq_numbers(s);
319 } else { 319 } else {
320 if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, 320 if (!tls12_record_layer_change_write_cipher_state(s->rl,
321 &mac_key, &key, &iv)) 321 &mac_key, &key, &iv))
322 goto err; 322 goto err;
323 } 323 }
@@ -375,8 +375,8 @@ tls1_setup_key_block(SSL *s)
375 if (!ssl_get_handshake_evp_md(s, &handshake_hash)) 375 if (!ssl_get_handshake_evp_md(s, &handshake_hash))
376 return (0); 376 return (0);
377 377
378 tls12_record_layer_set_aead(s->internal->rl, aead); 378 tls12_record_layer_set_aead(s->rl, aead);
379 tls12_record_layer_set_cipher_hash(s->internal->rl, cipher, 379 tls12_record_layer_set_cipher_hash(s->rl, cipher,
380 handshake_hash, mac_hash); 380 handshake_hash, mac_hash);
381 381
382 if ((key_block = tls12_key_block_new()) == NULL) 382 if ((key_block = tls12_key_block_new()) == NULL)
@@ -387,7 +387,7 @@ tls1_setup_key_block(SSL *s)
387 s->s3->hs.tls12.key_block = key_block; 387 s->s3->hs.tls12.key_block = key_block;
388 key_block = NULL; 388 key_block = NULL;
389 389
390 if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && 390 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
391 s->method->version <= TLS1_VERSION) { 391 s->method->version <= TLS1_VERSION) {
392 /* 392 /*
393 * Enable vulnerability countermeasure for CBC ciphers with 393 * Enable vulnerability countermeasure for CBC ciphers with
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 355c9827ef..c326575231 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.195 2022/08/17 18:45:25 tb Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.196 2022/10/02 16:36:42 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -139,7 +139,7 @@ tls1_free(SSL *s)
139 if (s == NULL) 139 if (s == NULL)
140 return; 140 return;
141 141
142 free(s->internal->tlsext_session_ticket); 142 free(s->tlsext_session_ticket);
143 ssl3_free(s); 143 ssl3_free(s);
144} 144}
145 145
@@ -404,8 +404,8 @@ tls1_get_formatlist(const SSL *s, int client_formats, const uint8_t **pformats,
404 return; 404 return;
405 } 405 }
406 406
407 *pformats = s->internal->tlsext_ecpointformatlist; 407 *pformats = s->tlsext_ecpointformatlist;
408 *pformatslen = s->internal->tlsext_ecpointformatlist_length; 408 *pformatslen = s->tlsext_ecpointformatlist_length;
409 if (*pformats == NULL) { 409 if (*pformats == NULL) {
410 *pformats = ecformats_default; 410 *pformats = ecformats_default;
411 *pformatslen = sizeof(ecformats_default); 411 *pformatslen = sizeof(ecformats_default);
@@ -427,8 +427,8 @@ tls1_get_group_list(const SSL *s, int client_groups, const uint16_t **pgroups,
427 return; 427 return;
428 } 428 }
429 429
430 *pgroups = s->internal->tlsext_supportedgroups; 430 *pgroups = s->tlsext_supportedgroups;
431 *pgroupslen = s->internal->tlsext_supportedgroups_length; 431 *pgroupslen = s->tlsext_supportedgroups_length;
432 if (*pgroups != NULL) 432 if (*pgroups != NULL)
433 return; 433 return;
434 434
@@ -451,7 +451,7 @@ tls1_get_group_lists(const SSL *ssl, const uint16_t **pref, size_t *preflen,
451 if (!ssl->server) 451 if (!ssl->server)
452 return 0; 452 return 0;
453 453
454 server_pref = (ssl->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE); 454 server_pref = (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
455 tls1_get_group_list(ssl, (server_pref == 0), pref, preflen); 455 tls1_get_group_list(ssl, (server_pref == 0), pref, preflen);
456 tls1_get_group_list(ssl, (server_pref != 0), supp, supplen); 456 tls1_get_group_list(ssl, (server_pref != 0), supp, supplen);
457 457
@@ -738,12 +738,12 @@ ssl_check_clienthello_tlsext_early(SSL *s)
738 * ssl3_choose_cipher in s3_lib.c. 738 * ssl3_choose_cipher in s3_lib.c.
739 */ 739 */
740 740
741 if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0) 741 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
742 ret = s->ctx->internal->tlsext_servername_callback(s, &al, 742 ret = s->ctx->tlsext_servername_callback(s, &al,
743 s->ctx->internal->tlsext_servername_arg); 743 s->ctx->tlsext_servername_arg);
744 else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0) 744 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
745 ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al, 745 ret = s->initial_ctx->tlsext_servername_callback(s, &al,
746 s->initial_ctx->internal->tlsext_servername_arg); 746 s->initial_ctx->tlsext_servername_arg);
747 747
748 switch (ret) { 748 switch (ret) {
749 case SSL_TLSEXT_ERR_ALERT_FATAL: 749 case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -770,32 +770,32 @@ ssl_check_clienthello_tlsext_late(SSL *s)
770 * has been chosen because this may influence which certificate is sent 770 * has been chosen because this may influence which certificate is sent
771 */ 771 */
772 if ((s->tlsext_status_type != -1) && 772 if ((s->tlsext_status_type != -1) &&
773 s->ctx && s->ctx->internal->tlsext_status_cb) { 773 s->ctx && s->ctx->tlsext_status_cb) {
774 int r; 774 int r;
775 SSL_CERT_PKEY *certpkey; 775 SSL_CERT_PKEY *certpkey;
776 certpkey = ssl_get_server_send_pkey(s); 776 certpkey = ssl_get_server_send_pkey(s);
777 /* If no certificate can't return certificate status */ 777 /* If no certificate can't return certificate status */
778 if (certpkey == NULL) { 778 if (certpkey == NULL) {
779 s->internal->tlsext_status_expected = 0; 779 s->tlsext_status_expected = 0;
780 return 1; 780 return 1;
781 } 781 }
782 /* Set current certificate to one we will use so 782 /* Set current certificate to one we will use so
783 * SSL_get_certificate et al can pick it up. 783 * SSL_get_certificate et al can pick it up.
784 */ 784 */
785 s->cert->key = certpkey; 785 s->cert->key = certpkey;
786 r = s->ctx->internal->tlsext_status_cb(s, 786 r = s->ctx->tlsext_status_cb(s,
787 s->ctx->internal->tlsext_status_arg); 787 s->ctx->tlsext_status_arg);
788 switch (r) { 788 switch (r) {
789 /* We don't want to send a status request response */ 789 /* We don't want to send a status request response */
790 case SSL_TLSEXT_ERR_NOACK: 790 case SSL_TLSEXT_ERR_NOACK:
791 s->internal->tlsext_status_expected = 0; 791 s->tlsext_status_expected = 0;
792 break; 792 break;
793 /* status request response should be sent */ 793 /* status request response should be sent */
794 case SSL_TLSEXT_ERR_OK: 794 case SSL_TLSEXT_ERR_OK:
795 if (s->internal->tlsext_ocsp_resp) 795 if (s->tlsext_ocsp_resp)
796 s->internal->tlsext_status_expected = 1; 796 s->tlsext_status_expected = 1;
797 else 797 else
798 s->internal->tlsext_status_expected = 0; 798 s->tlsext_status_expected = 0;
799 break; 799 break;
800 /* something bad happened */ 800 /* something bad happened */
801 case SSL_TLSEXT_ERR_ALERT_FATAL: 801 case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -804,7 +804,7 @@ ssl_check_clienthello_tlsext_late(SSL *s)
804 goto err; 804 goto err;
805 } 805 }
806 } else 806 } else
807 s->internal->tlsext_status_expected = 0; 807 s->tlsext_status_expected = 0;
808 808
809 err: 809 err:
810 switch (ret) { 810 switch (ret) {
@@ -827,26 +827,26 @@ ssl_check_serverhello_tlsext(SSL *s)
827 827
828 ret = SSL_TLSEXT_ERR_OK; 828 ret = SSL_TLSEXT_ERR_OK;
829 829
830 if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0) 830 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
831 ret = s->ctx->internal->tlsext_servername_callback(s, &al, 831 ret = s->ctx->tlsext_servername_callback(s, &al,
832 s->ctx->internal->tlsext_servername_arg); 832 s->ctx->tlsext_servername_arg);
833 else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0) 833 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
834 ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al, 834 ret = s->initial_ctx->tlsext_servername_callback(s, &al,
835 s->initial_ctx->internal->tlsext_servername_arg); 835 s->initial_ctx->tlsext_servername_arg);
836 836
837 /* If we've requested certificate status and we wont get one 837 /* If we've requested certificate status and we wont get one
838 * tell the callback 838 * tell the callback
839 */ 839 */
840 if ((s->tlsext_status_type != -1) && !(s->internal->tlsext_status_expected) && 840 if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) &&
841 s->ctx && s->ctx->internal->tlsext_status_cb) { 841 s->ctx && s->ctx->tlsext_status_cb) {
842 int r; 842 int r;
843 843
844 free(s->internal->tlsext_ocsp_resp); 844 free(s->tlsext_ocsp_resp);
845 s->internal->tlsext_ocsp_resp = NULL; 845 s->tlsext_ocsp_resp = NULL;
846 s->internal->tlsext_ocsp_resp_len = 0; 846 s->tlsext_ocsp_resp_len = 0;
847 847
848 r = s->ctx->internal->tlsext_status_cb(s, 848 r = s->ctx->tlsext_status_cb(s,
849 s->ctx->internal->tlsext_status_arg); 849 s->ctx->tlsext_status_arg);
850 if (r == 0) { 850 if (r == 0) {
851 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 851 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
852 ret = SSL_TLSEXT_ERR_ALERT_FATAL; 852 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
@@ -878,27 +878,27 @@ ssl_check_serverhello_tlsext(SSL *s)
878 * ret: (output) on return, if a ticket was decrypted, then this is set to 878 * ret: (output) on return, if a ticket was decrypted, then this is set to
879 * point to the resulting session. 879 * point to the resulting session.
880 * 880 *
881 * If s->internal->tls_session_secret_cb is set then we are expecting a pre-shared key 881 * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
882 * ciphersuite, in which case we have no use for session tickets and one will 882 * ciphersuite, in which case we have no use for session tickets and one will
883 * never be decrypted, nor will s->internal->tlsext_ticket_expected be set to 1. 883 * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
884 * 884 *
885 * Returns: 885 * Returns:
886 * TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket. 886 * TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket.
887 * TLS1_TICKET_NONE: no ticket was found (or was ignored, based on settings). 887 * TLS1_TICKET_NONE: no ticket was found (or was ignored, based on settings).
888 * TLS1_TICKET_EMPTY: a zero length extension was found, indicating that the 888 * TLS1_TICKET_EMPTY: a zero length extension was found, indicating that the
889 * client supports session tickets but doesn't currently have one to offer. 889 * client supports session tickets but doesn't currently have one to offer.
890 * TLS1_TICKET_NOT_DECRYPTED: either s->internal->tls_session_secret_cb was 890 * TLS1_TICKET_NOT_DECRYPTED: either s->tls_session_secret_cb was
891 * set, or a ticket was offered but couldn't be decrypted because of a 891 * set, or a ticket was offered but couldn't be decrypted because of a
892 * non-fatal error. 892 * non-fatal error.
893 * TLS1_TICKET_DECRYPTED: a ticket was successfully decrypted and *ret was set. 893 * TLS1_TICKET_DECRYPTED: a ticket was successfully decrypted and *ret was set.
894 * 894 *
895 * Side effects: 895 * Side effects:
896 * Sets s->internal->tlsext_ticket_expected to 1 if the server will have to issue 896 * Sets s->tlsext_ticket_expected to 1 if the server will have to issue
897 * a new session ticket to the client because the client indicated support 897 * a new session ticket to the client because the client indicated support
898 * (and s->internal->tls_session_secret_cb is NULL) but the client either doesn't have 898 * (and s->tls_session_secret_cb is NULL) but the client either doesn't have
899 * a session ticket or we couldn't use the one it gave us, or if 899 * a session ticket or we couldn't use the one it gave us, or if
900 * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket. 900 * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
901 * Otherwise, s->internal->tlsext_ticket_expected is set to 0. 901 * Otherwise, s->tlsext_ticket_expected is set to 0.
902 */ 902 */
903int 903int
904tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret) 904tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret)
@@ -906,7 +906,7 @@ tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret)
906 CBS extensions, ext_data; 906 CBS extensions, ext_data;
907 uint16_t ext_type = 0; 907 uint16_t ext_type = 0;
908 908
909 s->internal->tlsext_ticket_expected = 0; 909 s->tlsext_ticket_expected = 0;
910 *ret = NULL; 910 *ret = NULL;
911 911
912 /* 912 /*
@@ -947,11 +947,11 @@ tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret)
947 * The client will accept a ticket but does not currently 947 * The client will accept a ticket but does not currently
948 * have one. 948 * have one.
949 */ 949 */
950 s->internal->tlsext_ticket_expected = 1; 950 s->tlsext_ticket_expected = 1;
951 return TLS1_TICKET_EMPTY; 951 return TLS1_TICKET_EMPTY;
952 } 952 }
953 953
954 if (s->internal->tls_session_secret_cb != NULL) { 954 if (s->tls_session_secret_cb != NULL) {
955 /* 955 /*
956 * Indicate that the ticket could not be decrypted rather than 956 * Indicate that the ticket could not be decrypted rather than
957 * generating the session from ticket now, trigger abbreviated 957 * generating the session from ticket now, trigger abbreviated
@@ -1004,7 +1004,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
1004 if ((hctx = HMAC_CTX_new()) == NULL) 1004 if ((hctx = HMAC_CTX_new()) == NULL)
1005 goto err; 1005 goto err;
1006 1006
1007 if (tctx->internal->tlsext_ticket_key_cb != NULL) { 1007 if (tctx->tlsext_ticket_key_cb != NULL) {
1008 int rv; 1008 int rv;
1009 1009
1010 /* 1010 /*
@@ -1016,7 +1016,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
1016 if (CBS_len(ticket) < EVP_MAX_IV_LENGTH) 1016 if (CBS_len(ticket) < EVP_MAX_IV_LENGTH)
1017 goto derr; 1017 goto derr;
1018 1018
1019 if ((rv = tctx->internal->tlsext_ticket_key_cb(s, 1019 if ((rv = tctx->tlsext_ticket_key_cb(s,
1020 (unsigned char *)CBS_data(&ticket_name), 1020 (unsigned char *)CBS_data(&ticket_name),
1021 (unsigned char *)CBS_data(ticket), cctx, hctx, 0)) < 0) 1021 (unsigned char *)CBS_data(ticket), cctx, hctx, 0)) < 0)
1022 goto err; 1022 goto err;
@@ -1024,7 +1024,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
1024 goto derr; 1024 goto derr;
1025 if (rv == 2) { 1025 if (rv == 2) {
1026 /* Renew ticket. */ 1026 /* Renew ticket. */
1027 s->internal->tlsext_ticket_expected = 1; 1027 s->tlsext_ticket_expected = 1;
1028 } 1028 }
1029 1029
1030 /* 1030 /*
@@ -1037,17 +1037,17 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
1037 } else { 1037 } else {
1038 /* Check that the key name matches. */ 1038 /* Check that the key name matches. */
1039 if (!CBS_mem_equal(&ticket_name, 1039 if (!CBS_mem_equal(&ticket_name,
1040 tctx->internal->tlsext_tick_key_name, 1040 tctx->tlsext_tick_key_name,
1041 sizeof(tctx->internal->tlsext_tick_key_name))) 1041 sizeof(tctx->tlsext_tick_key_name)))
1042 goto derr; 1042 goto derr;
1043 if (!CBS_get_bytes(ticket, &ticket_iv, 1043 if (!CBS_get_bytes(ticket, &ticket_iv,
1044 EVP_CIPHER_iv_length(EVP_aes_128_cbc()))) 1044 EVP_CIPHER_iv_length(EVP_aes_128_cbc())))
1045 goto derr; 1045 goto derr;
1046 if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL, 1046 if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL,
1047 tctx->internal->tlsext_tick_aes_key, CBS_data(&ticket_iv))) 1047 tctx->tlsext_tick_aes_key, CBS_data(&ticket_iv)))
1048 goto err; 1048 goto err;
1049 if (!HMAC_Init_ex(hctx, tctx->internal->tlsext_tick_hmac_key, 1049 if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
1050 sizeof(tctx->internal->tlsext_tick_hmac_key), EVP_sha256(), 1050 sizeof(tctx->tlsext_tick_hmac_key), EVP_sha256(),
1051 NULL)) 1051 NULL))
1052 goto err; 1052 goto err;
1053 } 1053 }
@@ -1113,7 +1113,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
1113 1113
1114 derr: 1114 derr:
1115 ERR_clear_error(); 1115 ERR_clear_error();
1116 s->internal->tlsext_ticket_expected = 1; 1116 s->tlsext_ticket_expected = 1;
1117 ret = TLS1_TICKET_NOT_DECRYPTED; 1117 ret = TLS1_TICKET_NOT_DECRYPTED;
1118 goto done; 1118 goto done;
1119 1119
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 33ef55d2ec..746447cc13 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.99 2022/09/11 14:33:07 jsing Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.100 2022/10/02 16:36:42 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -39,7 +39,7 @@ tls13_client_init(struct tls13_ctx *ctx)
39 s->version = ctx->hs->our_max_tls_version; 39 s->version = ctx->hs->our_max_tls_version;
40 40
41 tls13_record_layer_set_retry_after_phh(ctx->rl, 41 tls13_record_layer_set_retry_after_phh(ctx->rl,
42 (s->internal->mode & SSL_MODE_AUTO_RETRY) != 0); 42 (s->mode & SSL_MODE_AUTO_RETRY) != 0);
43 43
44 if (!ssl_get_new_session(s, 0)) /* XXX */ 44 if (!ssl_get_new_session(s, 0)) /* XXX */
45 return 0; 45 return 0;
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 545f2cd978..57fb84cefb 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_legacy.c,v 1.38 2022/07/17 15:49:20 jsing Exp $ */ 1/* $OpenBSD: tls13_legacy.c,v 1.39 2022/10/02 16:36:42 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -30,7 +30,7 @@ tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len)
30 return TLS13_IO_FAILURE; 30 return TLS13_IO_FAILURE;
31 } 31 }
32 32
33 ssl->internal->rwstate = SSL_READING; 33 ssl->rwstate = SSL_READING;
34 errno = 0; 34 errno = 0;
35 35
36 if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) { 36 if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) {
@@ -46,7 +46,7 @@ tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len)
46 } 46 }
47 47
48 if (n == len) 48 if (n == len)
49 ssl->internal->rwstate = SSL_NOTHING; 49 ssl->rwstate = SSL_NOTHING;
50 50
51 return n; 51 return n;
52} 52}
@@ -69,7 +69,7 @@ tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len)
69 return TLS13_IO_FAILURE; 69 return TLS13_IO_FAILURE;
70 } 70 }
71 71
72 ssl->internal->rwstate = SSL_WRITING; 72 ssl->rwstate = SSL_WRITING;
73 errno = 0; 73 errno = 0;
74 74
75 if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) { 75 if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) {
@@ -83,7 +83,7 @@ tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len)
83 } 83 }
84 84
85 if (n == len) 85 if (n == len)
86 ssl->internal->rwstate = SSL_NOTHING; 86 ssl->rwstate = SSL_NOTHING;
87 87
88 return n; 88 return n;
89} 89}
@@ -123,7 +123,7 @@ tls13_legacy_wire_flush_cb(void *arg)
123static void 123static void
124tls13_legacy_error(SSL *ssl) 124tls13_legacy_error(SSL *ssl)
125{ 125{
126 struct tls13_ctx *ctx = ssl->internal->tls13; 126 struct tls13_ctx *ctx = ssl->tls13;
127 int reason = SSL_R_UNKNOWN; 127 int reason = SSL_R_UNKNOWN;
128 128
129 /* If we received a fatal alert we already put an error on the stack. */ 129 /* If we received a fatal alert we already put an error on the stack. */
@@ -171,7 +171,7 @@ tls13_legacy_return_code(SSL *ssl, ssize_t ret)
171 if (ret > 0) 171 if (ret > 0)
172 return ret; 172 return ret;
173 173
174 ssl->internal->rwstate = SSL_NOTHING; 174 ssl->rwstate = SSL_NOTHING;
175 175
176 switch (ret) { 176 switch (ret) {
177 case TLS13_IO_EOF: 177 case TLS13_IO_EOF:
@@ -187,12 +187,12 @@ tls13_legacy_return_code(SSL *ssl, ssize_t ret)
187 187
188 case TLS13_IO_WANT_POLLIN: 188 case TLS13_IO_WANT_POLLIN:
189 BIO_set_retry_read(ssl->rbio); 189 BIO_set_retry_read(ssl->rbio);
190 ssl->internal->rwstate = SSL_READING; 190 ssl->rwstate = SSL_READING;
191 return -1; 191 return -1;
192 192
193 case TLS13_IO_WANT_POLLOUT: 193 case TLS13_IO_WANT_POLLOUT:
194 BIO_set_retry_write(ssl->wbio); 194 BIO_set_retry_write(ssl->wbio);
195 ssl->internal->rwstate = SSL_WRITING; 195 ssl->rwstate = SSL_WRITING;
196 return -1; 196 return -1;
197 197
198 case TLS13_IO_WANT_RETRY: 198 case TLS13_IO_WANT_RETRY:
@@ -207,7 +207,7 @@ tls13_legacy_return_code(SSL *ssl, ssize_t ret)
207int 207int
208tls13_legacy_pending(const SSL *ssl) 208tls13_legacy_pending(const SSL *ssl)
209{ 209{
210 struct tls13_ctx *ctx = ssl->internal->tls13; 210 struct tls13_ctx *ctx = ssl->tls13;
211 ssize_t ret; 211 ssize_t ret;
212 212
213 if (ctx == NULL) 213 if (ctx == NULL)
@@ -223,11 +223,11 @@ tls13_legacy_pending(const SSL *ssl)
223int 223int
224tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int peek) 224tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int peek)
225{ 225{
226 struct tls13_ctx *ctx = ssl->internal->tls13; 226 struct tls13_ctx *ctx = ssl->tls13;
227 ssize_t ret; 227 ssize_t ret;
228 228
229 if (ctx == NULL || !ctx->handshake_completed) { 229 if (ctx == NULL || !ctx->handshake_completed) {
230 if ((ret = ssl->internal->handshake_func(ssl)) <= 0) 230 if ((ret = ssl->handshake_func(ssl)) <= 0)
231 return ret; 231 return ret;
232 if (len == 0) 232 if (len == 0)
233 return 0; 233 return 0;
@@ -235,7 +235,7 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee
235 } 235 }
236 236
237 tls13_record_layer_set_retry_after_phh(ctx->rl, 237 tls13_record_layer_set_retry_after_phh(ctx->rl,
238 (ctx->ssl->internal->mode & SSL_MODE_AUTO_RETRY) != 0); 238 (ctx->ssl->mode & SSL_MODE_AUTO_RETRY) != 0);
239 239
240 if (type != SSL3_RT_APPLICATION_DATA) { 240 if (type != SSL3_RT_APPLICATION_DATA) {
241 SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 241 SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -257,13 +257,13 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee
257int 257int
258tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) 258tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len)
259{ 259{
260 struct tls13_ctx *ctx = ssl->internal->tls13; 260 struct tls13_ctx *ctx = ssl->tls13;
261 const uint8_t *buf = vbuf; 261 const uint8_t *buf = vbuf;
262 size_t n, sent; 262 size_t n, sent;
263 ssize_t ret; 263 ssize_t ret;
264 264
265 if (ctx == NULL || !ctx->handshake_completed) { 265 if (ctx == NULL || !ctx->handshake_completed) {
266 if ((ret = ssl->internal->handshake_func(ssl)) <= 0) 266 if ((ret = ssl->handshake_func(ssl)) <= 0)
267 return ret; 267 return ret;
268 if (len == 0) 268 if (len == 0)
269 return 0; 269 return 0;
@@ -283,7 +283,7 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len)
283 * The TLSv1.3 record layer write behaviour is the same as 283 * The TLSv1.3 record layer write behaviour is the same as
284 * SSL_MODE_ENABLE_PARTIAL_WRITE. 284 * SSL_MODE_ENABLE_PARTIAL_WRITE.
285 */ 285 */
286 if (ssl->internal->mode & SSL_MODE_ENABLE_PARTIAL_WRITE) { 286 if (ssl->mode & SSL_MODE_ENABLE_PARTIAL_WRITE) {
287 ret = tls13_write_application_data(ctx->rl, buf, len); 287 ret = tls13_write_application_data(ctx->rl, buf, len);
288 return tls13_legacy_return_code(ssl, ret); 288 return tls13_legacy_return_code(ssl, ret);
289 } 289 }
@@ -352,18 +352,18 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
352 s->s3->rbuf.left = CBS_len(&cbs); 352 s->s3->rbuf.left = CBS_len(&cbs);
353 s->s3->rrec.type = SSL3_RT_HANDSHAKE; 353 s->s3->rrec.type = SSL3_RT_HANDSHAKE;
354 s->s3->rrec.length = CBS_len(&cbs); 354 s->s3->rrec.length = CBS_len(&cbs);
355 s->internal->rstate = SSL_ST_READ_BODY; 355 s->rstate = SSL_ST_READ_BODY;
356 s->internal->packet = s->s3->rbuf.buf; 356 s->packet = s->s3->rbuf.buf;
357 s->internal->packet_length = SSL3_RT_HEADER_LENGTH; 357 s->packet_length = SSL3_RT_HEADER_LENGTH;
358 s->internal->mac_packet = 1; 358 s->mac_packet = 1;
359 } 359 }
360 360
361 /* Stash the current handshake message. */ 361 /* Stash the current handshake message. */
362 tls13_handshake_msg_data(ctx->hs_msg, &cbs); 362 tls13_handshake_msg_data(ctx->hs_msg, &cbs);
363 if (!BUF_MEM_grow_clean(s->internal->init_buf, CBS_len(&cbs))) 363 if (!BUF_MEM_grow_clean(s->init_buf, CBS_len(&cbs)))
364 goto err; 364 goto err;
365 if (!CBS_write_bytes(&cbs, s->internal->init_buf->data, 365 if (!CBS_write_bytes(&cbs, s->init_buf->data,
366 s->internal->init_buf->length, NULL)) 366 s->init_buf->length, NULL))
367 goto err; 367 goto err;
368 368
369 s->s3->hs.tls12.reuse_message = 1; 369 s->s3->hs.tls12.reuse_message = 1;
@@ -386,7 +386,7 @@ tls13_use_legacy_client(struct tls13_ctx *ctx)
386 if (!tls13_use_legacy_stack(ctx)) 386 if (!tls13_use_legacy_stack(ctx))
387 return 0; 387 return 0;
388 388
389 s->internal->handshake_func = s->method->ssl_connect; 389 s->handshake_func = s->method->ssl_connect;
390 s->version = s->method->max_tls_version; 390 s->version = s->method->max_tls_version;
391 391
392 return 1; 392 return 1;
@@ -400,7 +400,7 @@ tls13_use_legacy_server(struct tls13_ctx *ctx)
400 if (!tls13_use_legacy_stack(ctx)) 400 if (!tls13_use_legacy_stack(ctx))
401 return 0; 401 return 0;
402 402
403 s->internal->handshake_func = s->method->ssl_accept; 403 s->handshake_func = s->method->ssl_accept;
404 s->version = s->method->max_tls_version; 404 s->version = s->method->max_tls_version;
405 s->server = 1; 405 s->server = 1;
406 406
@@ -410,7 +410,7 @@ tls13_use_legacy_server(struct tls13_ctx *ctx)
410int 410int
411tls13_legacy_accept(SSL *ssl) 411tls13_legacy_accept(SSL *ssl)
412{ 412{
413 struct tls13_ctx *ctx = ssl->internal->tls13; 413 struct tls13_ctx *ctx = ssl->tls13;
414 int ret; 414 int ret;
415 415
416 if (ctx == NULL) { 416 if (ctx == NULL) {
@@ -442,7 +442,7 @@ tls13_legacy_accept(SSL *ssl)
442int 442int
443tls13_legacy_connect(SSL *ssl) 443tls13_legacy_connect(SSL *ssl)
444{ 444{
445 struct tls13_ctx *ctx = ssl->internal->tls13; 445 struct tls13_ctx *ctx = ssl->tls13;
446 int ret; 446 int ret;
447 447
448 if (ctx == NULL) { 448 if (ctx == NULL) {
@@ -474,7 +474,7 @@ tls13_legacy_connect(SSL *ssl)
474int 474int
475tls13_legacy_shutdown(SSL *ssl) 475tls13_legacy_shutdown(SSL *ssl)
476{ 476{
477 struct tls13_ctx *ctx = ssl->internal->tls13; 477 struct tls13_ctx *ctx = ssl->tls13;
478 uint8_t buf[512]; /* XXX */ 478 uint8_t buf[512]; /* XXX */
479 ssize_t ret; 479 ssize_t ret;
480 480
@@ -484,15 +484,15 @@ tls13_legacy_shutdown(SSL *ssl)
484 * alerts. All other cases, including EOF, return -1 and set internal 484 * alerts. All other cases, including EOF, return -1 and set internal
485 * state appropriately. 485 * state appropriately.
486 */ 486 */
487 if (ctx == NULL || ssl->internal->quiet_shutdown) { 487 if (ctx == NULL || ssl->quiet_shutdown) {
488 ssl->internal->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN; 488 ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
489 return 1; 489 return 1;
490 } 490 }
491 491
492 if (!ctx->close_notify_sent) { 492 if (!ctx->close_notify_sent) {
493 /* Enqueue and send close notify. */ 493 /* Enqueue and send close notify. */
494 if (!(ssl->internal->shutdown & SSL_SENT_SHUTDOWN)) { 494 if (!(ssl->shutdown & SSL_SENT_SHUTDOWN)) {
495 ssl->internal->shutdown |= SSL_SENT_SHUTDOWN; 495 ssl->shutdown |= SSL_SENT_SHUTDOWN;
496 if ((ret = tls13_send_alert(ctx->rl, 496 if ((ret = tls13_send_alert(ctx->rl,
497 TLS13_ALERT_CLOSE_NOTIFY)) < 0) 497 TLS13_ALERT_CLOSE_NOTIFY)) < 0)
498 return tls13_legacy_return_code(ssl, ret); 498 return tls13_legacy_return_code(ssl, ret);
@@ -533,13 +533,13 @@ tls13_legacy_servername_process(struct tls13_ctx *ctx, uint8_t *alert)
533 SSL_CTX *ssl_ctx = ctx->ssl->ctx; 533 SSL_CTX *ssl_ctx = ctx->ssl->ctx;
534 SSL *s = ctx->ssl; 534 SSL *s = ctx->ssl;
535 535
536 if (ssl_ctx->internal->tlsext_servername_callback == NULL) 536 if (ssl_ctx->tlsext_servername_callback == NULL)
537 ssl_ctx = s->initial_ctx; 537 ssl_ctx = s->initial_ctx;
538 if (ssl_ctx->internal->tlsext_servername_callback == NULL) 538 if (ssl_ctx->tlsext_servername_callback == NULL)
539 return 1; 539 return 1;
540 540
541 ret = ssl_ctx->internal->tlsext_servername_callback(s, &legacy_alert, 541 ret = ssl_ctx->tlsext_servername_callback(s, &legacy_alert,
542 ssl_ctx->internal->tlsext_servername_arg); 542 ssl_ctx->tlsext_servername_arg);
543 543
544 /* 544 /*
545 * Ignore SSL_TLSEXT_ERR_ALERT_WARNING returns to match OpenSSL's 545 * Ignore SSL_TLSEXT_ERR_ALERT_WARNING returns to match OpenSSL's
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 651c34ca29..017cc887b8 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.71 2022/09/10 15:29:33 jsing Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.72 2022/10/02 16:36:42 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -110,7 +110,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
110 110
111 if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { 111 if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
112 ctx->close_notify_recv = 1; 112 ctx->close_notify_recv = 1;
113 ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; 113 ctx->ssl->shutdown |= SSL_RECEIVED_SHUTDOWN;
114 ctx->ssl->s3->warn_alert = alert_desc; 114 ctx->ssl->s3->warn_alert = alert_desc;
115 return; 115 return;
116 } 116 }
@@ -158,7 +158,7 @@ tls13_legacy_handshake_message_recv_cb(void *arg)
158 SSL *s = ctx->ssl; 158 SSL *s = ctx->ssl;
159 CBS cbs; 159 CBS cbs;
160 160
161 if (s->internal->msg_callback == NULL) 161 if (s->msg_callback == NULL)
162 return; 162 return;
163 163
164 tls13_handshake_msg_data(ctx->hs_msg, &cbs); 164 tls13_handshake_msg_data(ctx->hs_msg, &cbs);
@@ -172,7 +172,7 @@ tls13_legacy_handshake_message_sent_cb(void *arg)
172 SSL *s = ctx->ssl; 172 SSL *s = ctx->ssl;
173 CBS cbs; 173 CBS cbs;
174 174
175 if (s->internal->msg_callback == NULL) 175 if (s->msg_callback == NULL)
176 return; 176 return;
177 177
178 tls13_handshake_msg_data(ctx->hs_msg, &cbs); 178 tls13_handshake_msg_data(ctx->hs_msg, &cbs);
@@ -195,11 +195,11 @@ tls13_legacy_ocsp_status_recv_cb(void *arg)
195 SSL *s = ctx->ssl; 195 SSL *s = ctx->ssl;
196 int ret; 196 int ret;
197 197
198 if (s->ctx->internal->tlsext_status_cb == NULL) 198 if (s->ctx->tlsext_status_cb == NULL)
199 return 1; 199 return 1;
200 200
201 ret = s->ctx->internal->tlsext_status_cb(s, 201 ret = s->ctx->tlsext_status_cb(s,
202 s->ctx->internal->tlsext_status_arg); 202 s->ctx->tlsext_status_arg);
203 if (ret < 0) { 203 if (ret < 0) {
204 ctx->alert = TLS13_ALERT_INTERNAL_ERROR; 204 ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
205 SSLerror(s, ERR_R_MALLOC_FAILURE); 205 SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -413,7 +413,7 @@ tls13_ctx_new(int mode, SSL *ssl)
413 413
414 ctx->middlebox_compat = 1; 414 ctx->middlebox_compat = 1;
415 415
416 ssl->internal->tls13 = ctx; 416 ssl->tls13 = ctx;
417 417
418 if (SSL_is_quic(ssl)) { 418 if (SSL_is_quic(ssl)) {
419 if (!tls13_quic_init(ctx)) 419 if (!tls13_quic_init(ctx))
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 82350702dc..7bbc541c82 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.103 2022/09/17 17:14:06 jsing Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.104 2022/10/02 16:36:42 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -37,7 +37,7 @@ tls13_server_init(struct tls13_ctx *ctx)
37 s->version = ctx->hs->our_max_tls_version; 37 s->version = ctx->hs->our_max_tls_version;
38 38
39 tls13_record_layer_set_retry_after_phh(ctx->rl, 39 tls13_record_layer_set_retry_after_phh(ctx->rl,
40 (s->internal->mode & SSL_MODE_AUTO_RETRY) != 0); 40 (s->mode & SSL_MODE_AUTO_RETRY) != 0);
41 41
42 if (!ssl_get_new_session(s, 0)) /* XXX */ 42 if (!ssl_get_new_session(s, 0)) /* XXX */
43 return 0; 43 return 0;
@@ -656,7 +656,7 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
656 if ((chain = cpk->chain) == NULL) 656 if ((chain = cpk->chain) == NULL)
657 chain = s->ctx->extra_certs; 657 chain = s->ctx->extra_certs;
658 658
659 if (chain == NULL && !(s->internal->mode & SSL_MODE_NO_AUTO_CHAIN)) { 659 if (chain == NULL && !(s->mode & SSL_MODE_NO_AUTO_CHAIN)) {
660 if ((xsc = X509_STORE_CTX_new()) == NULL) 660 if ((xsc = X509_STORE_CTX_new()) == NULL)
661 goto err; 661 goto err;
662 if (!X509_STORE_CTX_init(xsc, s->ctx->cert_store, cpk->x509, NULL)) 662 if (!X509_STORE_CTX_init(xsc, s->ctx->cert_store, cpk->x509, NULL))
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:18:40 +0000