summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2018-10-24 18:04:50 +0000
committerjsing <>2018-10-24 18:04:50 +0000
commitd7e0aa4b59fc46f038370bf8dc64821eb4a7d804 (patch)
treece8dad95e6021ab405b0ec175b26682e47bea424
parentc988048231bcb1d2abd6613e83760d63c461a080 (diff)
downloadopenbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.tar.gz
openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.tar.bz2
openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.zip
Make more of libssl's record layer state internal.
In January 2017, we changed large amounts of libssl's data structures to be non-visible/internal, however intentionally left things that the software ecosystem was needing to use. The four or so applications that reached into libssl for record layer related state now implement alternative code. As such, make these data structures internal. ok tb@
Diffstat
-rw-r--r--src/lib/libssl/d1_pkt.c36
-rw-r--r--src/lib/libssl/s3_lib.c28
-rw-r--r--src/lib/libssl/ssl3.h14
-rw-r--r--src/lib/libssl/ssl_both.c24
-rw-r--r--src/lib/libssl/ssl_locl.h12
-rw-r--r--src/lib/libssl/ssl_packet.c6
-rw-r--r--src/lib/libssl/ssl_pkt.c48
-rw-r--r--src/lib/libssl/t1_enc.c6
8 files changed, 86 insertions, 88 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index b3104d21e7..825c1838a1 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.64 2018/08/24 19:35:05 jsing Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.65 2018/10/24 18:04:50 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -200,11 +200,11 @@ dtls1_copy_record(SSL *s, pitem *item)
200 200
201 rdata = (DTLS1_RECORD_DATA *)item->data; 201 rdata = (DTLS1_RECORD_DATA *)item->data;
202 202
203 free(s->s3->rbuf.buf); 203 free(S3I(s)->rbuf.buf);
204 204
205 s->internal->packet = rdata->packet; 205 s->internal->packet = rdata->packet;
206 s->internal->packet_length = rdata->packet_length; 206 s->internal->packet_length = rdata->packet_length;
207 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 207 memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
208 memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); 208 memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
209 209
210 /* Set proper sequence number for mac calculation */ 210 /* Set proper sequence number for mac calculation */
@@ -231,7 +231,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
231 231
232 rdata->packet = s->internal->packet; 232 rdata->packet = s->internal->packet;
233 rdata->packet_length = s->internal->packet_length; 233 rdata->packet_length = s->internal->packet_length;
234 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); 234 memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER));
235 memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD)); 235 memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));
236 236
237 item->data = rdata; 237 item->data = rdata;
@@ -239,7 +239,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
239 239
240 s->internal->packet = NULL; 240 s->internal->packet = NULL;
241 s->internal->packet_length = 0; 241 s->internal->packet_length = 0;
242 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); 242 memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER));
243 memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD)); 243 memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));
244 244
245 if (!ssl3_setup_buffers(s)) 245 if (!ssl3_setup_buffers(s))
@@ -643,7 +643,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
643 SSL3_RECORD *rr; 643 SSL3_RECORD *rr;
644 void (*cb)(const SSL *ssl, int type2, int val) = NULL; 644 void (*cb)(const SSL *ssl, int type2, int val) = NULL;
645 645
646 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 646 if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
647 if (!ssl3_setup_buffers(s)) 647 if (!ssl3_setup_buffers(s))
648 return (-1); 648 return (-1);
649 649
@@ -880,7 +880,7 @@ start:
880 } 880 }
881 881
882 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { 882 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
883 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 883 if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */
884 { 884 {
885 BIO *bio; 885 BIO *bio;
886 /* In the case where we try to read application data, 886 /* In the case where we try to read application data,
@@ -1035,7 +1035,7 @@ start:
1035 } 1035 }
1036 1036
1037 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { 1037 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
1038 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1038 if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */
1039 { 1039 {
1040 BIO *bio; 1040 BIO *bio;
1041 /* In the case where we try to read application data, 1041 /* In the case where we try to read application data,
@@ -1188,13 +1188,13 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1188 1188
1189 /* first check if there is a SSL3_BUFFER still being written 1189 /* first check if there is a SSL3_BUFFER still being written
1190 * out. This will happen with non blocking IO */ 1190 * out. This will happen with non blocking IO */
1191 if (s->s3->wbuf.left != 0) { 1191 if (S3I(s)->wbuf.left != 0) {
1192 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ 1192 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1193 return (ssl3_write_pending(s, type, buf, len)); 1193 return (ssl3_write_pending(s, type, buf, len));
1194 } 1194 }
1195 1195
1196 /* If we have an alert to send, lets send it */ 1196 /* If we have an alert to send, lets send it */
1197 if (s->s3->alert_dispatch) { 1197 if (S3I(s)->alert_dispatch) {
1198 i = s->method->ssl_dispatch_alert(s); 1198 i = s->method->ssl_dispatch_alert(s);
1199 if (i <= 0) 1199 if (i <= 0)
1200 return (i); 1200 return (i);
@@ -1205,7 +1205,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1205 return 0; 1205 return 0;
1206 1206
1207 wr = &(S3I(s)->wrec); 1207 wr = &(S3I(s)->wrec);
1208 wb = &(s->s3->wbuf); 1208 wb = &(S3I(s)->wbuf);
1209 sess = s->session; 1209 sess = s->session;
1210 1210
1211 if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) || 1211 if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) ||
@@ -1382,23 +1382,23 @@ dtls1_dispatch_alert(SSL *s)
1382 unsigned char buf[DTLS1_AL_HEADER_LENGTH]; 1382 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1383 unsigned char *ptr = &buf[0]; 1383 unsigned char *ptr = &buf[0];
1384 1384
1385 s->s3->alert_dispatch = 0; 1385 S3I(s)->alert_dispatch = 0;
1386 1386
1387 memset(buf, 0x00, sizeof(buf)); 1387 memset(buf, 0x00, sizeof(buf));
1388 *ptr++ = s->s3->send_alert[0]; 1388 *ptr++ = S3I(s)->send_alert[0];
1389 *ptr++ = s->s3->send_alert[1]; 1389 *ptr++ = S3I(s)->send_alert[1];
1390 1390
1391 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf)); 1391 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
1392 if (i <= 0) { 1392 if (i <= 0) {
1393 s->s3->alert_dispatch = 1; 1393 S3I(s)->alert_dispatch = 1;
1394 /* fprintf( stderr, "not done with alert\n" ); */ 1394 /* fprintf( stderr, "not done with alert\n" ); */
1395 } else { 1395 } else {
1396 if (s->s3->send_alert[0] == SSL3_AL_FATAL) 1396 if (S3I(s)->send_alert[0] == SSL3_AL_FATAL)
1397 (void)BIO_flush(s->wbio); 1397 (void)BIO_flush(s->wbio);
1398 1398
1399 if (s->internal->msg_callback) 1399 if (s->internal->msg_callback)
1400 s->internal->msg_callback(1, s->version, SSL3_RT_ALERT, 1400 s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,
1401 s->s3->send_alert, 2, s, s->internal->msg_callback_arg); 1401 S3I(s)->send_alert, 2, s, s->internal->msg_callback_arg);
1402 1402
1403 if (s->internal->info_callback != NULL) 1403 if (s->internal->info_callback != NULL)
1404 cb = s->internal->info_callback; 1404 cb = s->internal->info_callback;
@@ -1406,7 +1406,7 @@ dtls1_dispatch_alert(SSL *s)
1406 cb = s->ctx->internal->info_callback; 1406 cb = s->ctx->internal->info_callback;
1407 1407
1408 if (cb != NULL) { 1408 if (cb != NULL) {
1409 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1409 j = (S3I(s)->send_alert[0]<<8)|S3I(s)->send_alert[1];
1410 cb(s, SSL_CB_WRITE_ALERT, j); 1410 cb(s, SSL_CB_WRITE_ALERT, j);
1411 } 1411 }
1412 } 1412 }
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 02e6c66a47..6fcbbfc2c5 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.170 2018/09/06 16:40:45 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.171 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1543,10 +1543,10 @@ ssl3_clear(SSL *s)
1543 freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); 1543 freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
1544 S3I(s)->tmp.x25519 = NULL; 1544 S3I(s)->tmp.x25519 = NULL;
1545 1545
1546 rp = s->s3->rbuf.buf; 1546 rp = S3I(s)->rbuf.buf;
1547 wp = s->s3->wbuf.buf; 1547 wp = S3I(s)->wbuf.buf;
1548 rlen = s->s3->rbuf.len; 1548 rlen = S3I(s)->rbuf.len;
1549 wlen = s->s3->wbuf.len; 1549 wlen = S3I(s)->wbuf.len;
1550 1550
1551 BIO_free(S3I(s)->handshake_buffer); 1551 BIO_free(S3I(s)->handshake_buffer);
1552 S3I(s)->handshake_buffer = NULL; 1552 S3I(s)->handshake_buffer = NULL;
@@ -1561,10 +1561,10 @@ ssl3_clear(SSL *s)
1561 memset(s->s3, 0, sizeof(*s->s3)); 1561 memset(s->s3, 0, sizeof(*s->s3));
1562 S3I(s) = internal; 1562 S3I(s) = internal;
1563 1563
1564 s->s3->rbuf.buf = rp; 1564 S3I(s)->rbuf.buf = rp;
1565 s->s3->wbuf.buf = wp; 1565 S3I(s)->wbuf.buf = wp;
1566 s->s3->rbuf.len = rlen; 1566 S3I(s)->rbuf.len = rlen;
1567 s->s3->wbuf.len = wlen; 1567 S3I(s)->wbuf.len = wlen;
1568 1568
1569 ssl_free_wbio_buffer(s); 1569 ssl_free_wbio_buffer(s);
1570 1570
@@ -2406,11 +2406,11 @@ ssl3_shutdown(SSL *s)
2406 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 2406 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
2407 /* 2407 /*
2408 * Our shutdown alert has been sent now, and if it still needs 2408 * Our shutdown alert has been sent now, and if it still needs
2409 * to be written, s->s3->alert_dispatch will be true 2409 * to be written, S3I(s)->alert_dispatch will be true
2410 */ 2410 */
2411 if (s->s3->alert_dispatch) 2411 if (S3I(s)->alert_dispatch)
2412 return(-1); /* return WANT_WRITE */ 2412 return(-1); /* return WANT_WRITE */
2413 } else if (s->s3->alert_dispatch) { 2413 } else if (S3I(s)->alert_dispatch) {
2414 /* resend it if not sent */ 2414 /* resend it if not sent */
2415 ret = s->method->ssl_dispatch_alert(s); 2415 ret = s->method->ssl_dispatch_alert(s);
2416 if (ret == -1) { 2416 if (ret == -1) {
@@ -2431,7 +2431,7 @@ ssl3_shutdown(SSL *s)
2431 } 2431 }
2432 2432
2433 if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 2433 if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2434 !s->s3->alert_dispatch) 2434 !S3I(s)->alert_dispatch)
2435 return (1); 2435 return (1);
2436 else 2436 else
2437 return (0); 2437 return (0);
@@ -2509,7 +2509,7 @@ ssl3_renegotiate_check(SSL *s)
2509 int ret = 0; 2509 int ret = 0;
2510 2510
2511 if (S3I(s)->renegotiate) { 2511 if (S3I(s)->renegotiate) {
2512 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 2512 if ((S3I(s)->rbuf.left == 0) && (S3I(s)->wbuf.left == 0) &&
2513 !SSL_in_init(s)) { 2513 !SSL_in_init(s)) {
2514 /* 2514 /*
2515 * If we are the server, and we have sent 2515 * If we are the server, and we have sent
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index f8833fa1bb..726fb9db0b 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl3.h,v 1.47 2018/04/07 16:55:13 jsing Exp $ */ 1/* $OpenBSD: ssl3.h,v 1.48 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -363,18 +363,6 @@ typedef struct ssl3_state_st {
363 unsigned char server_random[SSL3_RANDOM_SIZE]; 363 unsigned char server_random[SSL3_RANDOM_SIZE];
364 unsigned char client_random[SSL3_RANDOM_SIZE]; 364 unsigned char client_random[SSL3_RANDOM_SIZE];
365 365
366 SSL3_BUFFER rbuf; /* read IO goes into here */
367 SSL3_BUFFER wbuf; /* write IO goes into here */
368
369 /* we allow one fatal and one warning alert to be outstanding,
370 * send close alert via the warning alert */
371 int alert_dispatch;
372 unsigned char send_alert[2];
373
374 struct {
375 int new_mac_secret_size;
376 } tmp;
377
378 struct ssl3_state_internal_st *internal; 366 struct ssl3_state_internal_st *internal;
379} SSL3_STATE; 367} SSL3_STATE;
380 368
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 788505e602..81fd1f80c5 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.12 2018/08/24 17:30:32 jsing Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.13 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -700,16 +700,16 @@ ssl3_setup_read_buffer(SSL *s)
700 700
701 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); 701 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
702 702
703 if (s->s3->rbuf.buf == NULL) { 703 if (S3I(s)->rbuf.buf == NULL) {
704 len = SSL3_RT_MAX_PLAIN_LENGTH + 704 len = SSL3_RT_MAX_PLAIN_LENGTH +
705 SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; 705 SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
706 if ((p = malloc(len)) == NULL) 706 if ((p = malloc(len)) == NULL)
707 goto err; 707 goto err;
708 s->s3->rbuf.buf = p; 708 S3I(s)->rbuf.buf = p;
709 s->s3->rbuf.len = len; 709 S3I(s)->rbuf.len = len;
710 } 710 }
711 711
712 s->internal->packet = &(s->s3->rbuf.buf[0]); 712 s->internal->packet = &(S3I(s)->rbuf.buf[0]);
713 return 1; 713 return 1;
714 714
715err: 715err:
@@ -730,7 +730,7 @@ ssl3_setup_write_buffer(SSL *s)
730 730
731 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); 731 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
732 732
733 if (s->s3->wbuf.buf == NULL) { 733 if (S3I(s)->wbuf.buf == NULL) {
734 len = s->max_send_fragment + 734 len = s->max_send_fragment +
735 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; 735 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
736 if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 736 if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
@@ -739,8 +739,8 @@ ssl3_setup_write_buffer(SSL *s)
739 739
740 if ((p = malloc(len)) == NULL) 740 if ((p = malloc(len)) == NULL)
741 goto err; 741 goto err;
742 s->s3->wbuf.buf = p; 742 S3I(s)->wbuf.buf = p;
743 s->s3->wbuf.len = len; 743 S3I(s)->wbuf.len = len;
744 } 744 }
745 745
746 return 1; 746 return 1;
@@ -763,15 +763,15 @@ ssl3_setup_buffers(SSL *s)
763int 763int
764ssl3_release_write_buffer(SSL *s) 764ssl3_release_write_buffer(SSL *s)
765{ 765{
766 free(s->s3->wbuf.buf); 766 free(S3I(s)->wbuf.buf);
767 s->s3->wbuf.buf = NULL; 767 S3I(s)->wbuf.buf = NULL;
768 return 1; 768 return 1;
769} 769}
770 770
771int 771int
772ssl3_release_read_buffer(SSL *s) 772ssl3_release_read_buffer(SSL *s)
773{ 773{
774 free(s->s3->rbuf.buf); 774 free(S3I(s)->rbuf.buf);
775 s->s3->rbuf.buf = NULL; 775 S3I(s)->rbuf.buf = NULL;
776 return 1; 776 return 1;
777} 777}
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index d022d21568..9a018547ab 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.215 2018/09/08 14:29:52 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.216 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -748,6 +748,14 @@ typedef struct ssl3_state_internal_st {
748 int write_mac_secret_size; 748 int write_mac_secret_size;
749 unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; 749 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
750 750
751 SSL3_BUFFER rbuf; /* read IO goes into here */
752 SSL3_BUFFER wbuf; /* write IO goes into here */
753
754 /* we allow one fatal and one warning alert to be outstanding,
755 * send close alert via the warning alert */
756 int alert_dispatch;
757 unsigned char send_alert[2];
758
751 /* flags for countermeasure against known-IV weakness */ 759 /* flags for countermeasure against known-IV weakness */
752 int need_empty_fragments; 760 int need_empty_fragments;
753 int empty_fragment_done; 761 int empty_fragment_done;
@@ -793,6 +801,8 @@ typedef struct ssl3_state_internal_st {
793 SSL_HANDSHAKE hs; 801 SSL_HANDSHAKE hs;
794 802
795 struct { 803 struct {
804 int new_mac_secret_size;
805
796 /* actually only needs to be 16+20 */ 806 /* actually only needs to be 16+20 */
797 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; 807 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
798 808
diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c
index 5556ffb9f1..ca5afb7d93 100644
--- a/src/lib/libssl/ssl_packet.c
+++ b/src/lib/libssl/ssl_packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_packet.c,v 1.6 2017/05/06 16:18:36 jsing Exp $ */ 1/* $OpenBSD: ssl_packet.c,v 1.7 2018/10/24 18:04:50 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -210,10 +210,10 @@ ssl_convert_sslv2_client_hello(SSL *s)
210 if (!CBB_finish(&cbb, &data, &data_len)) 210 if (!CBB_finish(&cbb, &data, &data_len))
211 goto err; 211 goto err;
212 212
213 if (data_len > s->s3->rbuf.len) 213 if (data_len > S3I(s)->rbuf.len)
214 goto err; 214 goto err;
215 215
216 s->internal->packet = s->s3->rbuf.buf; 216 s->internal->packet = S3I(s)->rbuf.buf;
217 s->internal->packet_length = data_len; 217 s->internal->packet_length = data_len;
218 memcpy(s->internal->packet, data, data_len); 218 memcpy(s->internal->packet, data, data_len);
219 ret = 1; 219 ret = 1;
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 4e3ac7722a..6e3764d360 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.13 2018/09/08 14:39:41 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.14 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -141,7 +141,7 @@ ssl_force_want_read(SSL *s)
141/* 141/*
142 * If extend == 0, obtain new n-byte packet; if extend == 1, increase 142 * If extend == 0, obtain new n-byte packet; if extend == 1, increase
143 * packet by another n bytes. 143 * packet by another n bytes.
144 * The packet will be in the sub-array of s->s3->rbuf.buf specified 144 * The packet will be in the sub-array of S3I(s)->rbuf.buf specified
145 * by s->internal->packet and s->internal->packet_length. 145 * by s->internal->packet and s->internal->packet_length.
146 * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf 146 * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf
147 * [plus s->internal->packet_length bytes if extend == 1].) 147 * [plus s->internal->packet_length bytes if extend == 1].)
@@ -157,7 +157,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
157 if (n <= 0) 157 if (n <= 0)
158 return n; 158 return n;
159 159
160 rb = &(s->s3->rbuf); 160 rb = &(S3I(s)->rbuf);
161 if (rb->buf == NULL) 161 if (rb->buf == NULL)
162 if (!ssl3_setup_read_buffer(s)) 162 if (!ssl3_setup_read_buffer(s))
163 return -1; 163 return -1;
@@ -239,7 +239,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
239 } 239 }
240 240
241 while (left < n) { 241 while (left < n) {
242 /* Now we have len+left bytes at the front of s->s3->rbuf.buf 242 /* Now we have len+left bytes at the front of S3I(s)->rbuf.buf
243 * and need to read in more until we have len+n (up to 243 * and need to read in more until we have len+n (up to
244 * len+max if possible) */ 244 * len+max if possible) */
245 245
@@ -288,7 +288,7 @@ ssl3_packet_read(SSL *s, int plen)
288{ 288{
289 int n; 289 int n;
290 290
291 n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0); 291 n = ssl3_read_n(s, plen, S3I(s)->rbuf.len, 0);
292 if (n <= 0) 292 if (n <= 0)
293 return n; 293 return n;
294 if (s->internal->packet_length < plen) 294 if (s->internal->packet_length < plen)
@@ -387,7 +387,7 @@ ssl3_get_record(SSL *s)
387 goto err; 387 goto err;
388 } 388 }
389 389
390 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { 390 if (rr->length > S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH) {
391 al = SSL_AD_RECORD_OVERFLOW; 391 al = SSL_AD_RECORD_OVERFLOW;
392 SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG); 392 SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
393 goto f_err; 393 goto f_err;
@@ -629,7 +629,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
629 int eivlen; 629 int eivlen;
630 size_t align; 630 size_t align;
631 SSL3_RECORD *wr; 631 SSL3_RECORD *wr;
632 SSL3_BUFFER *wb = &(s->s3->wbuf); 632 SSL3_BUFFER *wb = &(S3I(s)->wbuf);
633 SSL_SESSION *sess; 633 SSL_SESSION *sess;
634 634
635 if (wb->buf == NULL) 635 if (wb->buf == NULL)
@@ -642,7 +642,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
642 return (ssl3_write_pending(s, type, buf, len)); 642 return (ssl3_write_pending(s, type, buf, len));
643 643
644 /* If we have an alert to send, lets send it */ 644 /* If we have an alert to send, lets send it */
645 if (s->s3->alert_dispatch) { 645 if (S3I(s)->alert_dispatch) {
646 i = s->method->ssl_dispatch_alert(s); 646 i = s->method->ssl_dispatch_alert(s);
647 if (i <= 0) 647 if (i <= 0)
648 return (i); 648 return (i);
@@ -818,12 +818,12 @@ err:
818 return -1; 818 return -1;
819} 819}
820 820
821/* if s->s3->wbuf.left != 0, we need to call this */ 821/* if S3I(s)->wbuf.left != 0, we need to call this */
822int 822int
823ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) 823ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
824{ 824{
825 int i; 825 int i;
826 SSL3_BUFFER *wb = &(s->s3->wbuf); 826 SSL3_BUFFER *wb = &(S3I(s)->wbuf);
827 827
828 /* XXXX */ 828 /* XXXX */
829 if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) && 829 if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
@@ -901,7 +901,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
901 unsigned int n; 901 unsigned int n;
902 SSL3_RECORD *rr; 902 SSL3_RECORD *rr;
903 903
904 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 904 if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
905 if (!ssl3_setup_read_buffer(s)) 905 if (!ssl3_setup_read_buffer(s))
906 return (-1); 906 return (-1);
907 907
@@ -1031,7 +1031,7 @@ start:
1031 s->internal->rstate = SSL_ST_READ_HEADER; 1031 s->internal->rstate = SSL_ST_READ_HEADER;
1032 rr->off = 0; 1032 rr->off = 0;
1033 if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && 1033 if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&
1034 s->s3->rbuf.left == 0) 1034 S3I(s)->rbuf.left == 0)
1035 ssl3_release_read_buffer(s); 1035 ssl3_release_read_buffer(s);
1036 } 1036 }
1037 } 1037 }
@@ -1115,7 +1115,7 @@ start:
1115 } 1115 }
1116 1116
1117 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { 1117 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
1118 if (s->s3->rbuf.left == 0) { 1118 if (S3I(s)->rbuf.left == 0) {
1119 /* no read-ahead left? */ 1119 /* no read-ahead left? */
1120 /* In the case where we try to read application data, 1120 /* In the case where we try to read application data,
1121 * but we trigger an SSL handshake, we return -1 with 1121 * but we trigger an SSL handshake, we return -1 with
@@ -1276,7 +1276,7 @@ start:
1276 } 1276 }
1277 1277
1278 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { 1278 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
1279 if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ 1279 if (S3I(s)->rbuf.left == 0) { /* no read-ahead left? */
1280 /* In the case where we try to read application data, 1280 /* In the case where we try to read application data,
1281 * but we trigger an SSL handshake, we return -1 with 1281 * but we trigger an SSL handshake, we return -1 with
1282 * the retry option set. Otherwise renegotiation may 1282 * the retry option set. Otherwise renegotiation may
@@ -1403,10 +1403,10 @@ ssl3_send_alert(SSL *s, int level, int desc)
1403 if ((level == 2) && (s->session != NULL)) 1403 if ((level == 2) && (s->session != NULL))
1404 SSL_CTX_remove_session(s->ctx, s->session); 1404 SSL_CTX_remove_session(s->ctx, s->session);
1405 1405
1406 s->s3->alert_dispatch = 1; 1406 S3I(s)->alert_dispatch = 1;
1407 s->s3->send_alert[0] = level; 1407 S3I(s)->send_alert[0] = level;
1408 s->s3->send_alert[1] = desc; 1408 S3I(s)->send_alert[1] = desc;
1409 if (s->s3->wbuf.left == 0) /* data still being written out? */ 1409 if (S3I(s)->wbuf.left == 0) /* data still being written out? */
1410 return s->method->ssl_dispatch_alert(s); 1410 return s->method->ssl_dispatch_alert(s);
1411 1411
1412 /* else data is still being written out, we will get written 1412 /* else data is still being written out, we will get written
@@ -1420,20 +1420,20 @@ ssl3_dispatch_alert(SSL *s)
1420 int i, j; 1420 int i, j;
1421 void (*cb)(const SSL *ssl, int type, int val) = NULL; 1421 void (*cb)(const SSL *ssl, int type, int val) = NULL;
1422 1422
1423 s->s3->alert_dispatch = 0; 1423 S3I(s)->alert_dispatch = 0;
1424 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); 1424 i = do_ssl3_write(s, SSL3_RT_ALERT, &S3I(s)->send_alert[0], 2, 0);
1425 if (i <= 0) { 1425 if (i <= 0) {
1426 s->s3->alert_dispatch = 1; 1426 S3I(s)->alert_dispatch = 1;
1427 } else { 1427 } else {
1428 /* Alert sent to BIO. If it is important, flush it now. 1428 /* Alert sent to BIO. If it is important, flush it now.
1429 * If the message does not get sent due to non-blocking IO, 1429 * If the message does not get sent due to non-blocking IO,
1430 * we will not worry too much. */ 1430 * we will not worry too much. */
1431 if (s->s3->send_alert[0] == SSL3_AL_FATAL) 1431 if (S3I(s)->send_alert[0] == SSL3_AL_FATAL)
1432 (void)BIO_flush(s->wbio); 1432 (void)BIO_flush(s->wbio);
1433 1433
1434 if (s->internal->msg_callback) 1434 if (s->internal->msg_callback)
1435 s->internal->msg_callback(1, s->version, SSL3_RT_ALERT, 1435 s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,
1436 s->s3->send_alert, 2, s, s->internal->msg_callback_arg); 1436 S3I(s)->send_alert, 2, s, s->internal->msg_callback_arg);
1437 1437
1438 if (s->internal->info_callback != NULL) 1438 if (s->internal->info_callback != NULL)
1439 cb = s->internal->info_callback; 1439 cb = s->internal->info_callback;
@@ -1441,7 +1441,7 @@ ssl3_dispatch_alert(SSL *s)
1441 cb = s->ctx->internal->info_callback; 1441 cb = s->ctx->internal->info_callback;
1442 1442
1443 if (cb != NULL) { 1443 if (cb != NULL) {
1444 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1444 j = (S3I(s)->send_alert[0]<<8)|S3I(s)->send_alert[1];
1445 cb(s, SSL_CB_WRITE_ALERT, j); 1445 cb(s, SSL_CB_WRITE_ALERT, j);
1446 } 1446 }
1447 } 1447 }
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index b8ebf52417..2a38d8de6a 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.114 2018/09/08 14:39:41 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.115 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -579,7 +579,7 @@ tls1_change_cipher_state(SSL *s, int which)
579 iv_len = EVP_CIPHER_iv_length(cipher); 579 iv_len = EVP_CIPHER_iv_length(cipher);
580 } 580 }
581 581
582 mac_secret_size = s->s3->tmp.new_mac_secret_size; 582 mac_secret_size = S3I(s)->tmp.new_mac_secret_size;
583 583
584 key_block = S3I(s)->hs.key_block; 584 key_block = S3I(s)->hs.key_block;
585 client_write_mac_secret = key_block; 585 client_write_mac_secret = key_block;
@@ -666,7 +666,7 @@ tls1_setup_key_block(SSL *s)
666 S3I(s)->tmp.new_sym_enc = cipher; 666 S3I(s)->tmp.new_sym_enc = cipher;
667 S3I(s)->tmp.new_hash = mac; 667 S3I(s)->tmp.new_hash = mac;
668 S3I(s)->tmp.new_mac_pkey_type = mac_type; 668 S3I(s)->tmp.new_mac_pkey_type = mac_type;
669 s->s3->tmp.new_mac_secret_size = mac_secret_size; 669 S3I(s)->tmp.new_mac_secret_size = mac_secret_size;
670 670
671 tls1_cleanup_key_block(s); 671 tls1_cleanup_key_block(s);
672 672
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 05:47:41 +0000