summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2021-10-23 13:36:03 +0000
committerjsing <>2021-10-23 13:36:03 +0000
commitfc467ef0c8f7ce69a78b11fce57aabbf9c78b886 (patch)
tree933fd8ce5aa09d290a07a30663a317d29bdd33c1
parentbdc7a9ce585075f6e573a40acd747cf572b9ef69 (diff)
downloadopenbsd-fc467ef0c8f7ce69a78b11fce57aabbf9c78b886.tar.gz
openbsd-fc467ef0c8f7ce69a78b11fce57aabbf9c78b886.tar.bz2
openbsd-fc467ef0c8f7ce69a78b11fce57aabbf9c78b886.zip
Fold DTLS1_STATE_INTERNAL into DTLS1_STATE.
Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into DTLS1_STATE and remove D1I() usage. ok tb@
Diffstat
-rw-r--r--src/lib/libssl/d1_both.c100
-rw-r--r--src/lib/libssl/d1_lib.c70
-rw-r--r--src/lib/libssl/d1_pkt.c36
-rw-r--r--src/lib/libssl/dtls_locl.h29
-rw-r--r--src/lib/libssl/ssl_both.c8
-rw-r--r--src/lib/libssl/ssl_clnt.c36
-rw-r--r--src/lib/libssl/ssl_lib.c4
-rw-r--r--src/lib/libssl/ssl_srvr.c42
8 files changed, 154 insertions, 171 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 7365968db6..07c868f45e 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.79 2021/10/23 08:34:36 jsing Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.80 2021/10/23 13:36:03 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -216,9 +216,9 @@ dtls1_do_write(SSL *s, int type)
216 size_t overhead; 216 size_t overhead;
217 217
218 /* AHA! Figure out the MTU, and stick to the right size */ 218 /* AHA! Figure out the MTU, and stick to the right size */
219 if (D1I(s)->mtu < dtls1_min_mtu() && 219 if (s->d1->mtu < dtls1_min_mtu() &&
220 !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { 220 !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
221 D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), 221 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
222 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); 222 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
223 223
224 /* 224 /*
@@ -226,27 +226,27 @@ dtls1_do_write(SSL *s, int type)
226 * doesn't know the MTU (ie., the initial write), so just 226 * doesn't know the MTU (ie., the initial write), so just
227 * make sure we have a reasonable number 227 * make sure we have a reasonable number
228 */ 228 */
229 if (D1I(s)->mtu < dtls1_min_mtu()) { 229 if (s->d1->mtu < dtls1_min_mtu()) {
230 D1I(s)->mtu = 0; 230 s->d1->mtu = 0;
231 D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu); 231 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
232 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, 232 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
233 D1I(s)->mtu, NULL); 233 s->d1->mtu, NULL);
234 } 234 }
235 } 235 }
236 236
237 OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu()); 237 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
238 /* should have something reasonable now */ 238 /* should have something reasonable now */
239 239
240 if (s->internal->init_off == 0 && type == SSL3_RT_HANDSHAKE) 240 if (s->internal->init_off == 0 && type == SSL3_RT_HANDSHAKE)
241 OPENSSL_assert(s->internal->init_num == 241 OPENSSL_assert(s->internal->init_num ==
242 (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); 242 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
243 243
244 if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead)) 244 if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead))
245 return -1; 245 return -1;
246 246
247 frag_off = 0; 247 frag_off = 0;
248 while (s->internal->init_num) { 248 while (s->internal->init_num) {
249 curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) - 249 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
250 DTLS1_RT_HEADER_LENGTH - overhead; 250 DTLS1_RT_HEADER_LENGTH - overhead;
251 251
252 if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) { 252 if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
@@ -254,7 +254,7 @@ dtls1_do_write(SSL *s, int type)
254 ret = BIO_flush(SSL_get_wbio(s)); 254 ret = BIO_flush(SSL_get_wbio(s));
255 if (ret <= 0) 255 if (ret <= 0)
256 return ret; 256 return ret;
257 curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH - 257 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
258 overhead; 258 overhead;
259 } 259 }
260 260
@@ -279,8 +279,8 @@ dtls1_do_write(SSL *s, int type)
279 dtls1_fix_message_header(s, frag_off, 279 dtls1_fix_message_header(s, frag_off,
280 len - DTLS1_HM_HEADER_LENGTH); 280 len - DTLS1_HM_HEADER_LENGTH);
281 281
282 if (!dtls1_write_message_header(&D1I(s)->w_msg_hdr, 282 if (!dtls1_write_message_header(&s->d1->w_msg_hdr,
283 D1I(s)->w_msg_hdr.frag_off, D1I(s)->w_msg_hdr.frag_len, 283 s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len,
284 (unsigned char *)&s->internal->init_buf->data[s->internal->init_off])) 284 (unsigned char *)&s->internal->init_buf->data[s->internal->init_off]))
285 return -1; 285 return -1;
286 286
@@ -299,7 +299,7 @@ dtls1_do_write(SSL *s, int type)
299 */ 299 */
300 if (BIO_ctrl(SSL_get_wbio(s), 300 if (BIO_ctrl(SSL_get_wbio(s),
301 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) 301 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
302 D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), 302 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
303 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); 303 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
304 else 304 else
305 return (-1); 305 return (-1);
@@ -313,14 +313,14 @@ dtls1_do_write(SSL *s, int type)
313 OPENSSL_assert(len == (unsigned int)ret); 313 OPENSSL_assert(len == (unsigned int)ret);
314 314
315 if (type == SSL3_RT_HANDSHAKE && 315 if (type == SSL3_RT_HANDSHAKE &&
316 !D1I(s)->retransmitting) { 316 !s->d1->retransmitting) {
317 /* 317 /*
318 * Should not be done for 'Hello Request's, 318 * Should not be done for 'Hello Request's,
319 * but in that case we'll ignore the result 319 * but in that case we'll ignore the result
320 * anyway 320 * anyway
321 */ 321 */
322 unsigned char *p = (unsigned char *)&s->internal->init_buf->data[s->internal->init_off]; 322 unsigned char *p = (unsigned char *)&s->internal->init_buf->data[s->internal->init_off];
323 const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; 323 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
324 int xlen; 324 int xlen;
325 325
326 if (frag_off == 0) { 326 if (frag_off == 0) {
@@ -392,7 +392,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
392 return 1; 392 return 1;
393 } 393 }
394 394
395 msg_hdr = &D1I(s)->r_msg_hdr; 395 msg_hdr = &s->d1->r_msg_hdr;
396 memset(msg_hdr, 0, sizeof(struct hm_header_st)); 396 memset(msg_hdr, 0, sizeof(struct hm_header_st));
397 397
398 again: 398 again:
@@ -420,8 +420,8 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
420 memset(msg_hdr, 0, sizeof(struct hm_header_st)); 420 memset(msg_hdr, 0, sizeof(struct hm_header_st));
421 421
422 /* Don't change sequence numbers while listening */ 422 /* Don't change sequence numbers while listening */
423 if (!D1I(s)->listen) 423 if (!s->d1->listen)
424 D1I(s)->handshake_read_seq++; 424 s->d1->handshake_read_seq++;
425 425
426 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; 426 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
427 return 1; 427 return 1;
@@ -451,7 +451,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
451 return SSL_AD_ILLEGAL_PARAMETER; 451 return SSL_AD_ILLEGAL_PARAMETER;
452 } 452 }
453 453
454 if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */ 454 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
455 { 455 {
456 /* 456 /*
457 * msg_len is limited to 2^24, but is effectively checked 457 * msg_len is limited to 2^24, but is effectively checked
@@ -464,11 +464,11 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
464 } 464 }
465 465
466 S3I(s)->hs.tls12.message_size = msg_len; 466 S3I(s)->hs.tls12.message_size = msg_len;
467 D1I(s)->r_msg_hdr.msg_len = msg_len; 467 s->d1->r_msg_hdr.msg_len = msg_len;
468 S3I(s)->hs.tls12.message_type = msg_hdr->type; 468 S3I(s)->hs.tls12.message_type = msg_hdr->type;
469 D1I(s)->r_msg_hdr.type = msg_hdr->type; 469 s->d1->r_msg_hdr.type = msg_hdr->type;
470 D1I(s)->r_msg_hdr.seq = msg_hdr->seq; 470 s->d1->r_msg_hdr.seq = msg_hdr->seq;
471 } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { 471 } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
472 /* 472 /*
473 * They must be playing with us! BTW, failure to enforce 473 * They must be playing with us! BTW, failure to enforce
474 * upper limit would open possibility for buffer overrun. 474 * upper limit would open possibility for buffer overrun.
@@ -494,7 +494,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
494 int al; 494 int al;
495 495
496 *ok = 0; 496 *ok = 0;
497 item = pqueue_peek(D1I(s)->buffered_messages); 497 item = pqueue_peek(s->d1->buffered_messages);
498 if (item == NULL) 498 if (item == NULL)
499 return 0; 499 return 0;
500 500
@@ -504,9 +504,9 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
504 if (frag->reassembly != NULL) 504 if (frag->reassembly != NULL)
505 return 0; 505 return 0;
506 506
507 if (D1I(s)->handshake_read_seq == frag->msg_header.seq) { 507 if (s->d1->handshake_read_seq == frag->msg_header.seq) {
508 unsigned long frag_len = frag->msg_header.frag_len; 508 unsigned long frag_len = frag->msg_header.frag_len;
509 pqueue_pop(D1I(s)->buffered_messages); 509 pqueue_pop(s->d1->buffered_messages);
510 510
511 al = dtls1_preprocess_fragment(s, &frag->msg_header, max); 511 al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
512 512
@@ -571,7 +571,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
571 memset(seq64be, 0, sizeof(seq64be)); 571 memset(seq64be, 0, sizeof(seq64be));
572 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); 572 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
573 seq64be[7] = (unsigned char)msg_hdr->seq; 573 seq64be[7] = (unsigned char)msg_hdr->seq;
574 item = pqueue_find(D1I(s)->buffered_messages, seq64be); 574 item = pqueue_find(s->d1->buffered_messages, seq64be);
575 575
576 if (item == NULL) { 576 if (item == NULL) {
577 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); 577 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
@@ -636,7 +636,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
636 goto err; 636 goto err;
637 } 637 }
638 638
639 pqueue_insert(D1I(s)->buffered_messages, item); 639 pqueue_insert(s->d1->buffered_messages, item);
640 } 640 }
641 641
642 return DTLS1_HM_FRAGMENT_RETRY; 642 return DTLS1_HM_FRAGMENT_RETRY;
@@ -665,7 +665,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
665 memset(seq64be, 0, sizeof(seq64be)); 665 memset(seq64be, 0, sizeof(seq64be));
666 seq64be[6] = (unsigned char) (msg_hdr->seq >> 8); 666 seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
667 seq64be[7] = (unsigned char) msg_hdr->seq; 667 seq64be[7] = (unsigned char) msg_hdr->seq;
668 item = pqueue_find(D1I(s)->buffered_messages, seq64be); 668 item = pqueue_find(s->d1->buffered_messages, seq64be);
669 669
670 /* 670 /*
671 * If we already have an entry and this one is a fragment, 671 * If we already have an entry and this one is a fragment,
@@ -680,9 +680,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
680 * a FINISHED before the SERVER_HELLO, which then must be a stale 680 * a FINISHED before the SERVER_HELLO, which then must be a stale
681 * retransmit. 681 * retransmit.
682 */ 682 */
683 if (msg_hdr->seq <= D1I(s)->handshake_read_seq || 683 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
684 msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL || 684 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
685 (D1I(s)->handshake_read_seq == 0 && 685 (s->d1->handshake_read_seq == 0 &&
686 msg_hdr->type == SSL3_MT_FINISHED)) { 686 msg_hdr->type == SSL3_MT_FINISHED)) {
687 unsigned char devnull [256]; 687 unsigned char devnull [256];
688 688
@@ -723,7 +723,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
723 if (item == NULL) 723 if (item == NULL)
724 goto err; 724 goto err;
725 725
726 pqueue_insert(D1I(s)->buffered_messages, item); 726 pqueue_insert(s->d1->buffered_messages, item);
727 } 727 }
728 728
729 return DTLS1_HM_FRAGMENT_RETRY; 729 return DTLS1_HM_FRAGMENT_RETRY;
@@ -777,8 +777,8 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
777 * While listening, we accept seq 1 (ClientHello with cookie) 777 * While listening, we accept seq 1 (ClientHello with cookie)
778 * although we're still expecting seq 0 (ClientHello) 778 * although we're still expecting seq 0 (ClientHello)
779 */ 779 */
780 if (msg_hdr.seq != D1I(s)->handshake_read_seq && 780 if (msg_hdr.seq != s->d1->handshake_read_seq &&
781 !(D1I(s)->listen && msg_hdr.seq == 1)) 781 !(s->d1->listen && msg_hdr.seq == 1))
782 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); 782 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
783 783
784 len = msg_hdr.msg_len; 784 len = msg_hdr.msg_len;
@@ -788,7 +788,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
788 if (frag_len && frag_len < len) 788 if (frag_len && frag_len < len)
789 return dtls1_reassemble_fragment(s, &msg_hdr, ok); 789 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
790 790
791 if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 && 791 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
792 wire[0] == SSL3_MT_HELLO_REQUEST) { 792 wire[0] == SSL3_MT_HELLO_REQUEST) {
793 /* 793 /*
794 * The server may always send 'Hello Request' messages -- 794 * The server may always send 'Hello Request' messages --
@@ -956,15 +956,15 @@ dtls1_buffer_message(SSL *s, int is_ccs)
956 956
957 memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num); 957 memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num);
958 958
959 OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + 959 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
960 (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) == 960 (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) ==
961 (unsigned int)s->internal->init_num); 961 (unsigned int)s->internal->init_num);
962 962
963 frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len; 963 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
964 frag->msg_header.seq = D1I(s)->w_msg_hdr.seq; 964 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
965 frag->msg_header.type = D1I(s)->w_msg_hdr.type; 965 frag->msg_header.type = s->d1->w_msg_hdr.type;
966 frag->msg_header.frag_off = 0; 966 frag->msg_header.frag_off = 0;
967 frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len; 967 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
968 frag->msg_header.is_ccs = is_ccs; 968 frag->msg_header.is_ccs = is_ccs;
969 969
970 /* save current state*/ 970 /* save current state*/
@@ -1039,7 +1039,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1039 saved_state.session = s->session; 1039 saved_state.session = s->session;
1040 saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl); 1040 saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl);
1041 1041
1042 D1I(s)->retransmitting = 1; 1042 s->d1->retransmitting = 1;
1043 1043
1044 /* restore state in which the message was originally sent */ 1044 /* restore state in which the message was originally sent */
1045 s->session = frag->msg_header.saved_retransmit_state.session; 1045 s->session = frag->msg_header.saved_retransmit_state.session;
@@ -1056,7 +1056,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1056 saved_state.epoch)) 1056 saved_state.epoch))
1057 return 0; 1057 return 0;
1058 1058
1059 D1I(s)->retransmitting = 0; 1059 s->d1->retransmitting = 0;
1060 1060
1061 (void)BIO_flush(SSL_get_wbio(s)); 1061 (void)BIO_flush(SSL_get_wbio(s));
1062 return ret; 1062 return ret;
@@ -1085,12 +1085,12 @@ dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len,
1085 unsigned long frag_off, unsigned long frag_len) 1085 unsigned long frag_off, unsigned long frag_len)
1086{ 1086{
1087 /* Don't change sequence numbers while listening */ 1087 /* Don't change sequence numbers while listening */
1088 if (frag_off == 0 && !D1I(s)->listen) { 1088 if (frag_off == 0 && !s->d1->listen) {
1089 D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; 1089 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1090 D1I(s)->next_handshake_write_seq++; 1090 s->d1->next_handshake_write_seq++;
1091 } 1091 }
1092 1092
1093 dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq, 1093 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1094 frag_off, frag_len); 1094 frag_off, frag_len);
1095} 1095}
1096 1096
@@ -1099,7 +1099,7 @@ void
1099dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, 1099dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
1100 unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) 1100 unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
1101{ 1101{
1102 struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; 1102 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1103 1103
1104 msg_hdr->type = mt; 1104 msg_hdr->type = mt;
1105 msg_hdr->msg_len = len; 1105 msg_hdr->msg_len = len;
@@ -1111,7 +1111,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
1111static void 1111static void
1112dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) 1112dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
1113{ 1113{
1114 struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; 1114 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1115 1115
1116 msg_hdr->frag_off = frag_off; 1116 msg_hdr->frag_off = frag_off;
1117 msg_hdr->frag_len = frag_len; 1117 msg_hdr->frag_len = frag_len;
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index ec68b25140..770734e6ff 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_lib.c,v 1.60 2021/10/21 08:30:14 tb Exp $ */ 1/* $OpenBSD: d1_lib.c,v 1.61 2021/10/23 13:36:03 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -83,20 +83,18 @@ dtls1_new(SSL *s)
83 83
84 if ((s->d1 = calloc(1, sizeof(*s->d1))) == NULL) 84 if ((s->d1 = calloc(1, sizeof(*s->d1))) == NULL)
85 goto err; 85 goto err;
86 if ((s->d1->internal = calloc(1, sizeof(*s->d1->internal))) == NULL)
87 goto err;
88 86
89 if ((s->d1->internal->unprocessed_rcds.q = pqueue_new()) == NULL) 87 if ((s->d1->unprocessed_rcds.q = pqueue_new()) == NULL)
90 goto err; 88 goto err;
91 if ((s->d1->internal->buffered_messages = pqueue_new()) == NULL) 89 if ((s->d1->buffered_messages = pqueue_new()) == NULL)
92 goto err; 90 goto err;
93 if ((s->d1->sent_messages = pqueue_new()) == NULL) 91 if ((s->d1->sent_messages = pqueue_new()) == NULL)
94 goto err; 92 goto err;
95 if ((s->d1->internal->buffered_app_data.q = pqueue_new()) == NULL) 93 if ((s->d1->buffered_app_data.q = pqueue_new()) == NULL)
96 goto err; 94 goto err;
97 95
98 if (s->server) 96 if (s->server)
99 s->d1->internal->cookie_len = sizeof(D1I(s)->cookie); 97 s->d1->cookie_len = sizeof(s->d1->cookie);
100 98
101 s->method->ssl_clear(s); 99 s->method->ssl_clear(s);
102 return (1); 100 return (1);
@@ -140,10 +138,10 @@ dtls1_drain_fragments(pqueue queue)
140static void 138static void
141dtls1_clear_queues(SSL *s) 139dtls1_clear_queues(SSL *s)
142{ 140{
143 dtls1_drain_records(D1I(s)->unprocessed_rcds.q); 141 dtls1_drain_records(s->d1->unprocessed_rcds.q);
144 dtls1_drain_fragments(D1I(s)->buffered_messages); 142 dtls1_drain_fragments(s->d1->buffered_messages);
145 dtls1_drain_fragments(s->d1->sent_messages); 143 dtls1_drain_fragments(s->d1->sent_messages);
146 dtls1_drain_records(D1I(s)->buffered_app_data.q); 144 dtls1_drain_records(s->d1->buffered_app_data.q);
147} 145}
148 146
149void 147void
@@ -156,18 +154,14 @@ dtls1_free(SSL *s)
156 154
157 if (s->d1 == NULL) 155 if (s->d1 == NULL)
158 return; 156 return;
159 if (D1I(s) == NULL)
160 goto out;
161 157
162 dtls1_clear_queues(s); 158 dtls1_clear_queues(s);
163 159
164 pqueue_free(D1I(s)->unprocessed_rcds.q); 160 pqueue_free(s->d1->unprocessed_rcds.q);
165 pqueue_free(D1I(s)->buffered_messages); 161 pqueue_free(s->d1->buffered_messages);
166 pqueue_free(s->d1->sent_messages); 162 pqueue_free(s->d1->sent_messages);
167 pqueue_free(D1I(s)->buffered_app_data.q); 163 pqueue_free(s->d1->buffered_app_data.q);
168 164
169 out:
170 freezero(s->d1->internal, sizeof(*s->d1->internal));
171 freezero(s->d1, sizeof(*s->d1)); 165 freezero(s->d1, sizeof(*s->d1));
172 s->d1 = NULL; 166 s->d1 = NULL;
173} 167}
@@ -175,7 +169,6 @@ dtls1_free(SSL *s)
175void 169void
176dtls1_clear(SSL *s) 170dtls1_clear(SSL *s)
177{ 171{
178 struct dtls1_state_internal_st *internal;
179 pqueue unprocessed_rcds; 172 pqueue unprocessed_rcds;
180 pqueue buffered_messages; 173 pqueue buffered_messages;
181 pqueue sent_messages; 174 pqueue sent_messages;
@@ -183,34 +176,31 @@ dtls1_clear(SSL *s)
183 unsigned int mtu; 176 unsigned int mtu;
184 177
185 if (s->d1) { 178 if (s->d1) {
186 unprocessed_rcds = D1I(s)->unprocessed_rcds.q; 179 unprocessed_rcds = s->d1->unprocessed_rcds.q;
187 buffered_messages = D1I(s)->buffered_messages; 180 buffered_messages = s->d1->buffered_messages;
188 sent_messages = s->d1->sent_messages; 181 sent_messages = s->d1->sent_messages;
189 buffered_app_data = D1I(s)->buffered_app_data.q; 182 buffered_app_data = s->d1->buffered_app_data.q;
190 mtu = D1I(s)->mtu; 183 mtu = s->d1->mtu;
191 184
192 dtls1_clear_queues(s); 185 dtls1_clear_queues(s);
193 186
194 memset(s->d1->internal, 0, sizeof(*s->d1->internal));
195 internal = s->d1->internal;
196 memset(s->d1, 0, sizeof(*s->d1)); 187 memset(s->d1, 0, sizeof(*s->d1));
197 s->d1->internal = internal;
198 188
199 D1I(s)->unprocessed_rcds.epoch = 189 s->d1->unprocessed_rcds.epoch =
200 tls12_record_layer_read_epoch(s->internal->rl) + 1; 190 tls12_record_layer_read_epoch(s->internal->rl) + 1;
201 191
202 if (s->server) { 192 if (s->server) {
203 D1I(s)->cookie_len = sizeof(D1I(s)->cookie); 193 s->d1->cookie_len = sizeof(s->d1->cookie);
204 } 194 }
205 195
206 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { 196 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
207 D1I(s)->mtu = mtu; 197 s->d1->mtu = mtu;
208 } 198 }
209 199
210 D1I(s)->unprocessed_rcds.q = unprocessed_rcds; 200 s->d1->unprocessed_rcds.q = unprocessed_rcds;
211 D1I(s)->buffered_messages = buffered_messages; 201 s->d1->buffered_messages = buffered_messages;
212 s->d1->sent_messages = sent_messages; 202 s->d1->sent_messages = sent_messages;
213 D1I(s)->buffered_app_data.q = buffered_app_data; 203 s->d1->buffered_app_data.q = buffered_app_data;
214 } 204 }
215 205
216 ssl3_clear(s); 206 ssl3_clear(s);
@@ -356,7 +346,7 @@ void
356dtls1_stop_timer(SSL *s) 346dtls1_stop_timer(SSL *s)
357{ 347{
358 /* Reset everything */ 348 /* Reset everything */
359 memset(&(D1I(s)->timeout), 0, sizeof(struct dtls1_timeout_st)); 349 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
360 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); 350 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
361 s->d1->timeout_duration = 1; 351 s->d1->timeout_duration = 1;
362 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, 352 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
@@ -368,16 +358,16 @@ dtls1_stop_timer(SSL *s)
368int 358int
369dtls1_check_timeout_num(SSL *s) 359dtls1_check_timeout_num(SSL *s)
370{ 360{
371 D1I(s)->timeout.num_alerts++; 361 s->d1->timeout.num_alerts++;
372 362
373 /* Reduce MTU after 2 unsuccessful retransmissions */ 363 /* Reduce MTU after 2 unsuccessful retransmissions */
374 if (D1I(s)->timeout.num_alerts > 2) { 364 if (s->d1->timeout.num_alerts > 2) {
375 D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), 365 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
376 BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); 366 BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
377 367
378 } 368 }
379 369
380 if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { 370 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
381 /* fail the connection, enough alerts have been sent */ 371 /* fail the connection, enough alerts have been sent */
382 SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED); 372 SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED);
383 return -1; 373 return -1;
@@ -399,9 +389,9 @@ dtls1_handle_timeout(SSL *s)
399 if (dtls1_check_timeout_num(s) < 0) 389 if (dtls1_check_timeout_num(s) < 0)
400 return -1; 390 return -1;
401 391
402 D1I(s)->timeout.read_timeouts++; 392 s->d1->timeout.read_timeouts++;
403 if (D1I(s)->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { 393 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
404 D1I(s)->timeout.read_timeouts = 1; 394 s->d1->timeout.read_timeouts = 1;
405 } 395 }
406 396
407 dtls1_start_timer(s); 397 dtls1_start_timer(s);
@@ -417,7 +407,7 @@ dtls1_listen(SSL *s, struct sockaddr *client)
417 SSL_clear(s); 407 SSL_clear(s);
418 408
419 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); 409 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
420 D1I(s)->listen = 1; 410 s->d1->listen = 1;
421 411
422 ret = SSL_accept(s); 412 ret = SSL_accept(s);
423 if (ret <= 0) 413 if (ret <= 0)
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index aafadf16ef..7aea85a4c4 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.112 2021/09/04 14:31:54 jsing Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.113 2021/10/23 13:36:03 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -271,19 +271,19 @@ static int
271dtls1_process_buffered_record(SSL *s) 271dtls1_process_buffered_record(SSL *s)
272{ 272{
273 /* Check if epoch is current. */ 273 /* Check if epoch is current. */
274 if (D1I(s)->unprocessed_rcds.epoch != 274 if (s->d1->unprocessed_rcds.epoch !=
275 tls12_record_layer_read_epoch(s->internal->rl)) 275 tls12_record_layer_read_epoch(s->internal->rl))
276 return (0); 276 return (0);
277 277
278 /* Update epoch once all unprocessed records have been processed. */ 278 /* Update epoch once all unprocessed records have been processed. */
279 if (pqueue_peek(D1I(s)->unprocessed_rcds.q) == NULL) { 279 if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) {
280 D1I(s)->unprocessed_rcds.epoch = 280 s->d1->unprocessed_rcds.epoch =
281 tls12_record_layer_read_epoch(s->internal->rl) + 1; 281 tls12_record_layer_read_epoch(s->internal->rl) + 1;
282 return (0); 282 return (0);
283 } 283 }
284 284
285 /* Process one of the records. */ 285 /* Process one of the records. */
286 if (!dtls1_retrieve_buffered_record(s, &D1I(s)->unprocessed_rcds)) 286 if (!dtls1_retrieve_buffered_record(s, &s->d1->unprocessed_rcds))
287 return (-1); 287 return (-1);
288 if (!dtls1_process_record(s)) 288 if (!dtls1_process_record(s))
289 return (-1); 289 return (-1);
@@ -449,7 +449,7 @@ dtls1_get_record(SSL *s)
449 * since they arrive from different connections and 449 * since they arrive from different connections and
450 * would be dropped unnecessarily. 450 * would be dropped unnecessarily.
451 */ 451 */
452 if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE && 452 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
453 p != NULL && *p == SSL3_MT_CLIENT_HELLO) && 453 p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
454 !dtls1_record_replay_check(s, bitmap, rr->seq_num)) 454 !dtls1_record_replay_check(s, bitmap, rr->seq_num))
455 goto again; 455 goto again;
@@ -464,8 +464,8 @@ dtls1_get_record(SSL *s)
464 * anything while listening. 464 * anything while listening.
465 */ 465 */
466 if (is_next_epoch) { 466 if (is_next_epoch) {
467 if ((SSL_in_init(s) || s->internal->in_handshake) && !D1I(s)->listen) { 467 if ((SSL_in_init(s) || s->internal->in_handshake) && !s->d1->listen) {
468 if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds), 468 if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
469 rr->seq_num) < 0) 469 rr->seq_num) < 0)
470 return (-1); 470 return (-1);
471 /* Mark receipt of record. */ 471 /* Mark receipt of record. */
@@ -552,7 +552,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
552 * in advance, if any. 552 * in advance, if any.
553 */ 553 */
554 if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0) 554 if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0)
555 dtls1_retrieve_buffered_record(s, &(D1I(s)->buffered_app_data)); 555 dtls1_retrieve_buffered_record(s, &(s->d1->buffered_app_data));
556 556
557 /* Check for timeout */ 557 /* Check for timeout */
558 if (dtls1_handle_timeout(s) > 0) 558 if (dtls1_handle_timeout(s) > 0)
@@ -571,7 +571,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
571 } 571 }
572 } 572 }
573 573
574 if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) { 574 if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
575 rr->length = 0; 575 rr->length = 0;
576 goto start; 576 goto start;
577 } 577 }
@@ -586,7 +586,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
586 * buffer the application data for later processing rather 586 * buffer the application data for later processing rather
587 * than dropping the connection. 587 * than dropping the connection.
588 */ 588 */
589 if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data), 589 if (dtls1_buffer_record(s, &(s->d1->buffered_app_data),
590 rr->seq_num) < 0) { 590 rr->seq_num) < 0) {
591 SSLerror(s, ERR_R_INTERNAL_ERROR); 591 SSLerror(s, ERR_R_INTERNAL_ERROR);
592 return (-1); 592 return (-1);
@@ -701,7 +701,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
701 if (SSL_is_init_finished(s) && 701 if (SSL_is_init_finished(s) &&
702 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 702 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
703 !S3I(s)->renegotiate) { 703 !S3I(s)->renegotiate) {
704 D1I(s)->handshake_read_seq++; 704 s->d1->handshake_read_seq++;
705 s->internal->new_session = 1; 705 s->internal->new_session = 1;
706 ssl3_renegotiate(s); 706 ssl3_renegotiate(s);
707 if (ssl3_renegotiate_check(s)) { 707 if (ssl3_renegotiate_check(s)) {
@@ -793,12 +793,12 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
793 /* We can't process a CCS now, because previous handshake 793 /* We can't process a CCS now, because previous handshake
794 * messages are still missing, so just drop it. 794 * messages are still missing, so just drop it.
795 */ 795 */
796 if (!D1I(s)->change_cipher_spec_ok) { 796 if (!s->d1->change_cipher_spec_ok) {
797 rr->length = 0; 797 rr->length = 0;
798 goto start; 798 goto start;
799 } 799 }
800 800
801 D1I(s)->change_cipher_spec_ok = 0; 801 s->d1->change_cipher_spec_ok = 0;
802 802
803 S3I(s)->change_cipher_spec = 1; 803 S3I(s)->change_cipher_spec = 1;
804 if (!ssl3_do_change_cipher_spec(s)) 804 if (!ssl3_do_change_cipher_spec(s))
@@ -1069,13 +1069,13 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
1069 1069
1070 /* In current epoch, accept HM, CCS, DATA, & ALERT */ 1070 /* In current epoch, accept HM, CCS, DATA, & ALERT */
1071 if (rr->epoch == read_epoch) 1071 if (rr->epoch == read_epoch)
1072 return &D1I(s)->bitmap; 1072 return &s->d1->bitmap;
1073 1073
1074 /* Only HM and ALERT messages can be from the next epoch */ 1074 /* Only HM and ALERT messages can be from the next epoch */
1075 if (rr->epoch == read_epoch_next && 1075 if (rr->epoch == read_epoch_next &&
1076 (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { 1076 (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
1077 *is_next_epoch = 1; 1077 *is_next_epoch = 1;
1078 return &D1I(s)->next_bitmap; 1078 return &s->d1->next_bitmap;
1079 } 1079 }
1080 1080
1081 return NULL; 1081 return NULL;
@@ -1084,6 +1084,6 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
1084void 1084void
1085dtls1_reset_read_seq_numbers(SSL *s) 1085dtls1_reset_read_seq_numbers(SSL *s)
1086{ 1086{
1087 memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP)); 1087 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
1088 memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP)); 1088 memset(&(s->d1->next_bitmap), 0, sizeof(DTLS1_BITMAP));
1089} 1089}
diff --git a/src/lib/libssl/dtls_locl.h b/src/lib/libssl/dtls_locl.h
index 306fab2559..3e4334bf91 100644
--- a/src/lib/libssl/dtls_locl.h
+++ b/src/lib/libssl/dtls_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: dtls_locl.h,v 1.8 2021/10/23 08:34:36 jsing Exp $ */ 1/* $OpenBSD: dtls_locl.h,v 1.9 2021/10/23 13:36:03 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -124,9 +124,16 @@ typedef struct dtls1_record_data_internal_st {
124 SSL3_RECORD_INTERNAL rrec; 124 SSL3_RECORD_INTERNAL rrec;
125} DTLS1_RECORD_DATA_INTERNAL; 125} DTLS1_RECORD_DATA_INTERNAL;
126 126
127struct dtls1_state_internal_st; 127struct dtls1_state_st {
128 /* Buffered (sent) handshake records */
129 struct _pqueue *sent_messages;
130
131 /* Indicates when the last handshake msg or heartbeat sent will timeout */
132 struct timeval next_timeout;
133
134 /* Timeout duration */
135 unsigned short timeout_duration;
128 136
129typedef struct dtls1_state_internal_st {
130 unsigned int send_cookie; 137 unsigned int send_cookie;
131 unsigned char cookie[DTLS1_COOKIE_LENGTH]; 138 unsigned char cookie[DTLS1_COOKIE_LENGTH];
132 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; 139 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
@@ -169,21 +176,7 @@ typedef struct dtls1_state_internal_st {
169 176
170 unsigned int retransmitting; 177 unsigned int retransmitting;
171 unsigned int change_cipher_spec_ok; 178 unsigned int change_cipher_spec_ok;
172} DTLS1_STATE_INTERNAL; 179};
173#define D1I(s) (s->d1->internal)
174
175typedef struct dtls1_state_st {
176 /* Buffered (sent) handshake records */
177 struct _pqueue *sent_messages;
178
179 /* Indicates when the last handshake msg or heartbeat sent will timeout */
180 struct timeval next_timeout;
181
182 /* Timeout duration */
183 unsigned short timeout_duration;
184
185 struct dtls1_state_internal_st *internal;
186} DTLS1_STATE;
187 180
188int dtls1_do_write(SSL *s, int type); 181int dtls1_do_write(SSL *s, int type);
189int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); 182int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index fe7173e8a4..6e38463e27 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.37 2021/10/23 13:12:55 tb Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.38 2021/10/23 13:36:03 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -288,10 +288,10 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b)
288 s->internal->init_off = 0; 288 s->internal->init_off = 0;
289 289
290 if (SSL_is_dtls(s)) { 290 if (SSL_is_dtls(s)) {
291 D1I(s)->handshake_write_seq = 291 s->d1->handshake_write_seq =
292 D1I(s)->next_handshake_write_seq; 292 s->d1->next_handshake_write_seq;
293 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, 293 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
294 D1I(s)->handshake_write_seq, 0, 0); 294 s->d1->handshake_write_seq, 0, 0);
295 dtls1_buffer_message(s, 1); 295 dtls1_buffer_message(s, 1);
296 } 296 }
297 297
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 8a4c54e7b7..ea13f81596 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.113 2021/10/23 08:34:36 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.114 2021/10/23 13:36:03 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -249,7 +249,7 @@ ssl3_connect(SSL *s)
249 /* mark client_random uninitialized */ 249 /* mark client_random uninitialized */
250 memset(s->s3->client_random, 0, 250 memset(s->s3->client_random, 0,
251 sizeof(s->s3->client_random)); 251 sizeof(s->s3->client_random));
252 D1I(s)->send_cookie = 0; 252 s->d1->send_cookie = 0;
253 s->internal->hit = 0; 253 s->internal->hit = 0;
254 } 254 }
255 break; 255 break;
@@ -269,7 +269,7 @@ ssl3_connect(SSL *s)
269 if (ret <= 0) 269 if (ret <= 0)
270 goto end; 270 goto end;
271 271
272 if (SSL_is_dtls(s) && D1I(s)->send_cookie) { 272 if (SSL_is_dtls(s) && s->d1->send_cookie) {
273 S3I(s)->hs.state = SSL3_ST_CW_FLUSH; 273 S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
274 S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A; 274 S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A;
275 } else 275 } else
@@ -314,7 +314,7 @@ ssl3_connect(SSL *s)
314 if (ret <= 0) 314 if (ret <= 0)
315 goto end; 315 goto end;
316 dtls1_stop_timer(s); 316 dtls1_stop_timer(s);
317 if (D1I(s)->send_cookie) /* start again, with a cookie */ 317 if (s->d1->send_cookie) /* start again, with a cookie */
318 S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; 318 S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
319 else 319 else
320 S3I(s)->hs.state = SSL3_ST_CR_CERT_A; 320 S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
@@ -529,7 +529,7 @@ ssl3_connect(SSL *s)
529 case SSL3_ST_CR_FINISHED_A: 529 case SSL3_ST_CR_FINISHED_A:
530 case SSL3_ST_CR_FINISHED_B: 530 case SSL3_ST_CR_FINISHED_B:
531 if (SSL_is_dtls(s)) 531 if (SSL_is_dtls(s))
532 D1I(s)->change_cipher_spec_ok = 1; 532 s->d1->change_cipher_spec_ok = 1;
533 else 533 else
534 s->s3->flags |= SSL3_FLAGS_CCS_OK; 534 s->s3->flags |= SSL3_FLAGS_CCS_OK;
535 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, 535 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
@@ -595,8 +595,8 @@ ssl3_connect(SSL *s)
595 595
596 if (SSL_is_dtls(s)) { 596 if (SSL_is_dtls(s)) {
597 /* done with handshaking */ 597 /* done with handshaking */
598 D1I(s)->handshake_read_seq = 0; 598 s->d1->handshake_read_seq = 0;
599 D1I(s)->next_handshake_write_seq = 0; 599 s->d1->next_handshake_write_seq = 0;
600 } 600 }
601 601
602 goto end; 602 goto end;
@@ -666,7 +666,7 @@ ssl3_send_client_hello(SSL *s)
666 * HelloVerifyRequest, we must retain the original client 666 * HelloVerifyRequest, we must retain the original client
667 * random value. 667 * random value.
668 */ 668 */
669 if (!SSL_is_dtls(s) || D1I(s)->send_cookie == 0) 669 if (!SSL_is_dtls(s) || s->d1->send_cookie == 0)
670 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); 670 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
671 671
672 if (!ssl3_handshake_msg_start(s, &cbb, &client_hello, 672 if (!ssl3_handshake_msg_start(s, &cbb, &client_hello,
@@ -728,14 +728,14 @@ ssl3_send_client_hello(SSL *s)
728 728
729 /* DTLS Cookie. */ 729 /* DTLS Cookie. */
730 if (SSL_is_dtls(s)) { 730 if (SSL_is_dtls(s)) {
731 if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) { 731 if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
732 SSLerror(s, ERR_R_INTERNAL_ERROR); 732 SSLerror(s, ERR_R_INTERNAL_ERROR);
733 goto err; 733 goto err;
734 } 734 }
735 if (!CBB_add_u8_length_prefixed(&client_hello, &cookie)) 735 if (!CBB_add_u8_length_prefixed(&client_hello, &cookie))
736 goto err; 736 goto err;
737 if (!CBB_add_bytes(&cookie, D1I(s)->cookie, 737 if (!CBB_add_bytes(&cookie, s->d1->cookie,
738 D1I(s)->cookie_len)) 738 s->d1->cookie_len))
739 goto err; 739 goto err;
740 } 740 }
741 741
@@ -789,7 +789,7 @@ ssl3_get_dtls_hello_verify(SSL *s)
789 return ret; 789 return ret;
790 790
791 if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { 791 if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
792 D1I(s)->send_cookie = 0; 792 s->d1->send_cookie = 0;
793 S3I(s)->hs.tls12.reuse_message = 1; 793 S3I(s)->hs.tls12.reuse_message = 1;
794 return (1); 794 return (1);
795 } 795 }
@@ -819,14 +819,14 @@ ssl3_get_dtls_hello_verify(SSL *s)
819 goto fatal_err; 819 goto fatal_err;
820 } 820 }
821 821
822 if (!CBS_write_bytes(&cookie, D1I(s)->cookie, 822 if (!CBS_write_bytes(&cookie, s->d1->cookie,
823 sizeof(D1I(s)->cookie), &cookie_len)) { 823 sizeof(s->d1->cookie), &cookie_len)) {
824 D1I(s)->cookie_len = 0; 824 s->d1->cookie_len = 0;
825 al = SSL_AD_ILLEGAL_PARAMETER; 825 al = SSL_AD_ILLEGAL_PARAMETER;
826 goto fatal_err; 826 goto fatal_err;
827 } 827 }
828 D1I(s)->cookie_len = cookie_len; 828 s->d1->cookie_len = cookie_len;
829 D1I(s)->send_cookie = 1; 829 s->d1->send_cookie = 1;
830 830
831 return 1; 831 return 1;
832 832
@@ -862,7 +862,7 @@ ssl3_get_server_hello(SSL *s)
862 862
863 if (SSL_is_dtls(s)) { 863 if (SSL_is_dtls(s)) {
864 if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { 864 if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
865 if (D1I(s)->send_cookie == 0) { 865 if (s->d1->send_cookie == 0) {
866 S3I(s)->hs.tls12.reuse_message = 1; 866 S3I(s)->hs.tls12.reuse_message = 1;
867 return (1); 867 return (1);
868 } else { 868 } else {
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index cb8c02844c..df02599739 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.269 2021/10/23 11:41:52 beck Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.270 2021/10/23 13:36:03 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1178,7 +1178,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1178 return (0); 1178 return (0);
1179#endif 1179#endif
1180 if (SSL_is_dtls(s)) { 1180 if (SSL_is_dtls(s)) {
1181 D1I(s)->mtu = larg; 1181 s->d1->mtu = larg;
1182 return (larg); 1182 return (larg);
1183 } 1183 }
1184 return (0); 1184 return (0);
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 1bbe551b3c..1aa0324b15 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.120 2021/10/23 08:34:36 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.121 2021/10/23 13:36:03 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -183,7 +183,7 @@ ssl3_accept(SSL *s)
183 errno = 0; 183 errno = 0;
184 184
185 if (SSL_is_dtls(s)) 185 if (SSL_is_dtls(s))
186 listen = D1I(s)->listen; 186 listen = s->d1->listen;
187 187
188 /* init things to blank */ 188 /* init things to blank */
189 s->internal->in_handshake++; 189 s->internal->in_handshake++;
@@ -191,7 +191,7 @@ ssl3_accept(SSL *s)
191 SSL_clear(s); 191 SSL_clear(s);
192 192
193 if (SSL_is_dtls(s)) 193 if (SSL_is_dtls(s))
194 D1I(s)->listen = listen; 194 s->d1->listen = listen;
195 195
196 for (;;) { 196 for (;;) {
197 state = S3I(s)->hs.state; 197 state = S3I(s)->hs.state;
@@ -332,14 +332,14 @@ ssl3_accept(SSL *s)
332 /* If we're just listening, stop here */ 332 /* If we're just listening, stop here */
333 if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { 333 if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
334 ret = 2; 334 ret = 2;
335 D1I(s)->listen = 0; 335 s->d1->listen = 0;
336 /* 336 /*
337 * Set expected sequence numbers to 337 * Set expected sequence numbers to
338 * continue the handshake. 338 * continue the handshake.
339 */ 339 */
340 D1I(s)->handshake_read_seq = 2; 340 s->d1->handshake_read_seq = 2;
341 D1I(s)->handshake_write_seq = 1; 341 s->d1->handshake_write_seq = 1;
342 D1I(s)->next_handshake_write_seq = 1; 342 s->d1->next_handshake_write_seq = 1;
343 goto end; 343 goto end;
344 } 344 }
345 } else { 345 } else {
@@ -584,7 +584,7 @@ ssl3_accept(SSL *s)
584 case SSL3_ST_SR_CERT_VRFY_A: 584 case SSL3_ST_SR_CERT_VRFY_A:
585 case SSL3_ST_SR_CERT_VRFY_B: 585 case SSL3_ST_SR_CERT_VRFY_B:
586 if (SSL_is_dtls(s)) 586 if (SSL_is_dtls(s))
587 D1I(s)->change_cipher_spec_ok = 1; 587 s->d1->change_cipher_spec_ok = 1;
588 else 588 else
589 s->s3->flags |= SSL3_FLAGS_CCS_OK; 589 s->s3->flags |= SSL3_FLAGS_CCS_OK;
590 590
@@ -599,7 +599,7 @@ ssl3_accept(SSL *s)
599 case SSL3_ST_SR_FINISHED_A: 599 case SSL3_ST_SR_FINISHED_A:
600 case SSL3_ST_SR_FINISHED_B: 600 case SSL3_ST_SR_FINISHED_B:
601 if (SSL_is_dtls(s)) 601 if (SSL_is_dtls(s))
602 D1I(s)->change_cipher_spec_ok = 1; 602 s->d1->change_cipher_spec_ok = 1;
603 else 603 else
604 s->s3->flags |= SSL3_FLAGS_CCS_OK; 604 s->s3->flags |= SSL3_FLAGS_CCS_OK;
605 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, 605 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
@@ -706,10 +706,10 @@ ssl3_accept(SSL *s)
706 706
707 if (SSL_is_dtls(s)) { 707 if (SSL_is_dtls(s)) {
708 /* Done handshaking, next message is client hello. */ 708 /* Done handshaking, next message is client hello. */
709 D1I(s)->handshake_read_seq = 0; 709 s->d1->handshake_read_seq = 0;
710 /* Next message is server hello. */ 710 /* Next message is server hello. */
711 D1I(s)->handshake_write_seq = 0; 711 s->d1->handshake_write_seq = 0;
712 D1I(s)->next_handshake_write_seq = 0; 712 s->d1->next_handshake_write_seq = 0;
713 } 713 }
714 goto end; 714 goto end;
715 /* break; */ 715 /* break; */
@@ -924,7 +924,7 @@ ssl3_get_client_hello(SSL *s)
924 * message has not been sent - make sure that it does not cause 924 * message has not been sent - make sure that it does not cause
925 * an overflow. 925 * an overflow.
926 */ 926 */
927 if (CBS_len(&cookie) > sizeof(D1I(s)->rcvd_cookie)) { 927 if (CBS_len(&cookie) > sizeof(s->d1->rcvd_cookie)) {
928 al = SSL_AD_DECODE_ERROR; 928 al = SSL_AD_DECODE_ERROR;
929 SSLerror(s, SSL_R_COOKIE_MISMATCH); 929 SSLerror(s, SSL_R_COOKIE_MISMATCH);
930 goto fatal_err; 930 goto fatal_err;
@@ -936,21 +936,21 @@ ssl3_get_client_hello(SSL *s)
936 size_t cookie_len; 936 size_t cookie_len;
937 937
938 /* XXX - rcvd_cookie seems to only be used here... */ 938 /* XXX - rcvd_cookie seems to only be used here... */
939 if (!CBS_write_bytes(&cookie, D1I(s)->rcvd_cookie, 939 if (!CBS_write_bytes(&cookie, s->d1->rcvd_cookie,
940 sizeof(D1I(s)->rcvd_cookie), &cookie_len)) 940 sizeof(s->d1->rcvd_cookie), &cookie_len))
941 goto err; 941 goto err;
942 942
943 if (s->ctx->internal->app_verify_cookie_cb != NULL) { 943 if (s->ctx->internal->app_verify_cookie_cb != NULL) {
944 if (s->ctx->internal->app_verify_cookie_cb(s, 944 if (s->ctx->internal->app_verify_cookie_cb(s,
945 D1I(s)->rcvd_cookie, cookie_len) == 0) { 945 s->d1->rcvd_cookie, cookie_len) == 0) {
946 al = SSL_AD_HANDSHAKE_FAILURE; 946 al = SSL_AD_HANDSHAKE_FAILURE;
947 SSLerror(s, SSL_R_COOKIE_MISMATCH); 947 SSLerror(s, SSL_R_COOKIE_MISMATCH);
948 goto fatal_err; 948 goto fatal_err;
949 } 949 }
950 /* else cookie verification succeeded */ 950 /* else cookie verification succeeded */
951 /* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */ 951 /* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */
952 } else if (timingsafe_memcmp(D1I(s)->rcvd_cookie, 952 } else if (timingsafe_memcmp(s->d1->rcvd_cookie,
953 D1I(s)->cookie, D1I(s)->cookie_len) != 0) { 953 s->d1->cookie, s->d1->cookie_len) != 0) {
954 /* default verification */ 954 /* default verification */
955 al = SSL_AD_HANDSHAKE_FAILURE; 955 al = SSL_AD_HANDSHAKE_FAILURE;
956 SSLerror(s, SSL_R_COOKIE_MISMATCH); 956 SSLerror(s, SSL_R_COOKIE_MISMATCH);
@@ -1166,8 +1166,8 @@ ssl3_send_dtls_hello_verify_request(SSL *s)
1166 1166
1167 if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { 1167 if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
1168 if (s->ctx->internal->app_gen_cookie_cb == NULL || 1168 if (s->ctx->internal->app_gen_cookie_cb == NULL ||
1169 s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie, 1169 s->ctx->internal->app_gen_cookie_cb(s, s->d1->cookie,
1170 &(D1I(s)->cookie_len)) == 0) { 1170 &(s->d1->cookie_len)) == 0) {
1171 SSLerror(s, ERR_R_INTERNAL_ERROR); 1171 SSLerror(s, ERR_R_INTERNAL_ERROR);
1172 return 0; 1172 return 0;
1173 } 1173 }
@@ -1184,7 +1184,7 @@ ssl3_send_dtls_hello_verify_request(SSL *s)
1184 goto err; 1184 goto err;
1185 if (!CBB_add_u8_length_prefixed(&verify, &cookie)) 1185 if (!CBB_add_u8_length_prefixed(&verify, &cookie))
1186 goto err; 1186 goto err;
1187 if (!CBB_add_bytes(&cookie, D1I(s)->cookie, D1I(s)->cookie_len)) 1187 if (!CBB_add_bytes(&cookie, s->d1->cookie, s->d1->cookie_len))
1188 goto err; 1188 goto err;
1189 if (!ssl3_handshake_msg_finish(s, &cbb)) 1189 if (!ssl3_handshake_msg_finish(s, &cbb))
1190 goto err; 1190 goto err;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:18:59 +0000