Use internal versions of SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA.

SSL3_BUFFER, SSL3_RECORD and DTLS1_RECORD_DATA are currently still in public headers, even though their usage is internal. This moves to using _INTERNAL suffixed versions that are in internal headers, which then allows us to change them without any potential public API fallout. ok inoguchi@ tb@
author: jsing <> 2020-03-12 17:01:53 +0000
committer: jsing <> 2020-03-12 17:01:53 +0000
commit: 63b0f131cbf0e20ff888516045c6693e8515333f (patch)
tree: 1386c6711648c45e415953677ee13b17cdc299a3 /src/lib/libssl/d1_pkt.c
parent: 60df56973f50116d575f4d157ca8d70699a4a1b7 (diff)
download: openbsd-63b0f131cbf0e20ff888516045c6693e8515333f.tar.gz
openbsd-63b0f131cbf0e20ff888516045c6693e8515333f.tar.bz2
openbsd-63b0f131cbf0e20ff888516045c6693e8515333f.zip
1 files changed, 19 insertions, 20 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 101017449c..31415b7c3a 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.70 2020/03/10 17:02:21 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.71 2020/03/12 17:01:53 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -186,7 +186,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
    int len, int peek);
 static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
 static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr,
    unsigned int *is_next_epoch);
 static int dtls1_buffer_record(SSL *s, record_pqueue *q,
    unsigned char *priority);
@@ -196,16 +196,16 @@ static int dtls1_process_record(SSL *s);
 static int
 dtls1_copy_record(SSL *s, pitem *item)
 {
-        DTLS1_RECORD_DATA *rdata;
+        DTLS1_RECORD_DATA_INTERNAL *rdata;
-        rdata = (DTLS1_RECORD_DATA *)item->data;
+        rdata = (DTLS1_RECORD_DATA_INTERNAL *)item->data;
        free(S3I(s)->rbuf.buf);
        s->internal->packet = rdata->packet;
        s->internal->packet_length = rdata->packet_length;
-        memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
+        memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
-        memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+        memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
        /* Set proper sequence number for mac calculation */
        memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);
@@ -217,30 +217,29 @@ dtls1_copy_record(SSL *s, pitem *item)
 static int
 dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
 {
-        DTLS1_RECORD_DATA *rdata;
+        DTLS1_RECORD_DATA_INTERNAL *rdata;
        pitem *item;
        /* Limit the size of the queue to prevent DOS attacks */
        if (pqueue_size(queue->q) >= 100)
                return 0;
-        rdata = malloc(sizeof(DTLS1_RECORD_DATA));
+        rdata = malloc(sizeof(DTLS1_RECORD_DATA_INTERNAL));
        item = pitem_new(priority, rdata);
        if (rdata == NULL || item == NULL)
                goto init_err;
        rdata->packet = s->internal->packet;
        rdata->packet_length = s->internal->packet_length;
-        memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER));
+        memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
-        memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));
+        memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD_INTERNAL));
        item->data = rdata;
        s->internal->packet = NULL;
        s->internal->packet_length = 0;
-        memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER));
+        memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
-        memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));
+        memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
        if (!ssl3_setup_buffers(s))
                goto err;
@@ -329,7 +328,7 @@ dtls1_process_record(SSL *s)
        int i, al;
        int enc_err;
        SSL_SESSION *sess;
-        SSL3_RECORD *rr;
+        SSL3_RECORD_INTERNAL *rr;
        unsigned int mac_size, orig_len;
        unsigned char md[EVP_MAX_MD_SIZE];
@@ -467,7 +466,7 @@ err:
 int
 dtls1_get_record(SSL *s)
 {
-        SSL3_RECORD *rr;
+        SSL3_RECORD_INTERNAL *rr;
        unsigned char *p = NULL;
        DTLS1_BITMAP *bitmap;
        unsigned int is_next_epoch;
@@ -638,7 +637,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 {
        int al, i, j, ret;
        unsigned int n;
-        SSL3_RECORD *rr;
+        SSL3_RECORD_INTERNAL *rr;
        void (*cb)(const SSL *ssl, int type2, int val) = NULL;
        if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
@@ -1178,15 +1177,15 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 {
        unsigned char *p;
        int i, mac_size, clear = 0;
-        SSL3_RECORD *wr;
+        SSL3_RECORD_INTERNAL *wr;
-        SSL3_BUFFER *wb;
+        SSL3_BUFFER_INTERNAL *wb;
        SSL_SESSION *sess;
        int bs;
        CBB cbb;
        memset(&cbb, 0, sizeof(cbb));
-        /* first check if there is a SSL3_BUFFER still being written
+        /* first check if there is a SSL3_BUFFER_INTERNAL still being written
         * out.  This will happen with non blocking IO */
        if (S3I(s)->wbuf.left != 0) {
                OPENSSL_assert(0); /* XDTLS:  want to see if we ever get here */
@@ -1408,7 +1407,7 @@ dtls1_dispatch_alert(SSL *s)
 static DTLS1_BITMAP *
-dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
+dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
 {
        *is_next_epoch = 0;
author	jsing <>	2020-03-12 17:01:53 +0000
committer	jsing <>	2020-03-12 17:01:53 +0000
commit	63b0f131cbf0e20ff888516045c6693e8515333f (patch)
tree	1386c6711648c45e415953677ee13b17cdc299a3 /src/lib/libssl/d1_pkt.c
parent	60df56973f50116d575f4d157ca8d70699a4a1b7 (diff)
download	openbsd-63b0f131cbf0e20ff888516045c6693e8515333f.tar.gz openbsd-63b0f131cbf0e20ff888516045c6693e8515333f.tar.bz2 openbsd-63b0f131cbf0e20ff888516045c6693e8515333f.zip

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 101017449c..31415b7c3a 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.70 2020/03/10 17:02:21 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.71 2020/03/12 17:01:53 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -186,7 +186,7 @@ static int have_handshake_fragment(SSL s, int type, unsigned char buf,
186	int len, int peek);	186	int len, int peek);
187	static int dtls1_record_replay_check(SSL s, DTLS1_BITMAP bitmap);	187	static int dtls1_record_replay_check(SSL s, DTLS1_BITMAP bitmap);
188	static void dtls1_record_bitmap_update(SSL s, DTLS1_BITMAP bitmap);	188	static void dtls1_record_bitmap_update(SSL s, DTLS1_BITMAP bitmap);
189	static DTLS1_BITMAP dtls1_get_bitmap(SSL s, SSL3_RECORD *rr,	189	static DTLS1_BITMAP dtls1_get_bitmap(SSL s, SSL3_RECORD_INTERNAL *rr,
190	unsigned int *is_next_epoch);	190	unsigned int *is_next_epoch);
191	static int dtls1_buffer_record(SSL s, record_pqueue q,	191	static int dtls1_buffer_record(SSL s, record_pqueue q,
192	unsigned char *priority);	192	unsigned char *priority);
@@ -196,16 +196,16 @@ static int dtls1_process_record(SSL *s);
196	static int	196	static int
197	dtls1_copy_record(SSL s, pitem item)	197	dtls1_copy_record(SSL s, pitem item)
198	{	198	{
199	DTLS1_RECORD_DATA *rdata;	199	DTLS1_RECORD_DATA_INTERNAL *rdata;
200		200
201	rdata = (DTLS1_RECORD_DATA *)item->data;	201	rdata = (DTLS1_RECORD_DATA_INTERNAL *)item->data;
202		202
203	free(S3I(s)->rbuf.buf);	203	free(S3I(s)->rbuf.buf);
204		204
205	s->internal->packet = rdata->packet;	205	s->internal->packet = rdata->packet;
206	s->internal->packet_length = rdata->packet_length;	206	s->internal->packet_length = rdata->packet_length;
207	memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));	207	memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
208	memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));	208	memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
209		209
210	/* Set proper sequence number for mac calculation */	210	/* Set proper sequence number for mac calculation */
211	memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);	211	memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);
@@ -217,30 +217,29 @@ dtls1_copy_record(SSL s, pitem item)
217	static int	217	static int
218	dtls1_buffer_record(SSL s, record_pqueue queue, unsigned char *priority)	218	dtls1_buffer_record(SSL s, record_pqueue queue, unsigned char *priority)
219	{	219	{
220	DTLS1_RECORD_DATA *rdata;	220	DTLS1_RECORD_DATA_INTERNAL *rdata;
221	pitem *item;	221	pitem *item;
222		222
223	/* Limit the size of the queue to prevent DOS attacks */	223	/* Limit the size of the queue to prevent DOS attacks */
224	if (pqueue_size(queue->q) >= 100)	224	if (pqueue_size(queue->q) >= 100)
225	return 0;	225	return 0;
226		226
227	rdata = malloc(sizeof(DTLS1_RECORD_DATA));	227	rdata = malloc(sizeof(DTLS1_RECORD_DATA_INTERNAL));
228	item = pitem_new(priority, rdata);	228	item = pitem_new(priority, rdata);
229	if (rdata == NULL \|\| item == NULL)	229	if (rdata == NULL \|\| item == NULL)
230	goto init_err;	230	goto init_err;
231		231
232	rdata->packet = s->internal->packet;	232	rdata->packet = s->internal->packet;
233	rdata->packet_length = s->internal->packet_length;	233	rdata->packet_length = s->internal->packet_length;
234	memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER));	234	memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
235	memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));	235	memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD_INTERNAL));
236		236
237	item->data = rdata;	237	item->data = rdata;
238		238
239
240	s->internal->packet = NULL;	239	s->internal->packet = NULL;
241	s->internal->packet_length = 0;	240	s->internal->packet_length = 0;
242	memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER));	241	memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
243	memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));	242	memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
244		243
245	if (!ssl3_setup_buffers(s))	244	if (!ssl3_setup_buffers(s))
246	goto err;	245	goto err;
@@ -329,7 +328,7 @@ dtls1_process_record(SSL *s)
329	int i, al;	328	int i, al;
330	int enc_err;	329	int enc_err;
331	SSL_SESSION *sess;	330	SSL_SESSION *sess;
332	SSL3_RECORD *rr;	331	SSL3_RECORD_INTERNAL *rr;
333	unsigned int mac_size, orig_len;	332	unsigned int mac_size, orig_len;
334	unsigned char md[EVP_MAX_MD_SIZE];	333	unsigned char md[EVP_MAX_MD_SIZE];
335		334
@@ -467,7 +466,7 @@ err:
467	int	466	int
468	dtls1_get_record(SSL *s)	467	dtls1_get_record(SSL *s)
469	{	468	{
470	SSL3_RECORD *rr;	469	SSL3_RECORD_INTERNAL *rr;
471	unsigned char *p = NULL;	470	unsigned char *p = NULL;
472	DTLS1_BITMAP *bitmap;	471	DTLS1_BITMAP *bitmap;
473	unsigned int is_next_epoch;	472	unsigned int is_next_epoch;
@@ -638,7 +637,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
638	{	637	{
639	int al, i, j, ret;	638	int al, i, j, ret;
640	unsigned int n;	639	unsigned int n;
641	SSL3_RECORD *rr;	640	SSL3_RECORD_INTERNAL *rr;
642	void (cb)(const SSL ssl, int type2, int val) = NULL;	641	void (cb)(const SSL ssl, int type2, int val) = NULL;
643		642
644	if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */	643	if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
@@ -1178,15 +1177,15 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
1178	{	1177	{
1179	unsigned char *p;	1178	unsigned char *p;
1180	int i, mac_size, clear = 0;	1179	int i, mac_size, clear = 0;
1181	SSL3_RECORD *wr;	1180	SSL3_RECORD_INTERNAL *wr;
1182	SSL3_BUFFER *wb;	1181	SSL3_BUFFER_INTERNAL *wb;
1183	SSL_SESSION *sess;	1182	SSL_SESSION *sess;
1184	int bs;	1183	int bs;
1185	CBB cbb;	1184	CBB cbb;
1186		1185
1187	memset(&cbb, 0, sizeof(cbb));	1186	memset(&cbb, 0, sizeof(cbb));
1188		1187
1189	/* first check if there is a SSL3_BUFFER still being written	1188	/* first check if there is a SSL3_BUFFER_INTERNAL still being written
1190	* out. This will happen with non blocking IO */	1189	* out. This will happen with non blocking IO */
1191	if (S3I(s)->wbuf.left != 0) {	1190	if (S3I(s)->wbuf.left != 0) {
1192	OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */	1191	OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
@@ -1408,7 +1407,7 @@ dtls1_dispatch_alert(SSL *s)
1408		1407
1409		1408
1410	static DTLS1_BITMAP *	1409	static DTLS1_BITMAP *
1411	dtls1_get_bitmap(SSL s, SSL3_RECORD rr, unsigned int *is_next_epoch)	1410	dtls1_get_bitmap(SSL s, SSL3_RECORD_INTERNAL rr, unsigned int *is_next_epoch)
1412	{	1411	{
1413		1412
1414	*is_next_epoch = 0;	1413	*is_next_epoch = 0;