Make more of libssl's record layer state internal.

In January 2017, we changed large amounts of libssl's data structures to be non-visible/internal, however intentionally left things that the software ecosystem was needing to use. The four or so applications that reached into libssl for record layer related state now implement alternative code. As such, make these data structures internal. ok tb@
author: jsing <> 2018-10-24 18:04:50 +0000
committer: jsing <> 2018-10-24 18:04:50 +0000
commit: d7e0aa4b59fc46f038370bf8dc64821eb4a7d804 (patch)
tree: ce8dad95e6021ab405b0ec175b26682e47bea424 /src/lib/libssl/d1_pkt.c
parent: c988048231bcb1d2abd6613e83760d63c461a080 (diff)
download: openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.tar.gz
openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.tar.bz2
openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.zip
1 files changed, 18 insertions, 18 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index b3104d21e7..825c1838a1 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.64 2018/08/24 19:35:05 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.65 2018/10/24 18:04:50 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -200,11 +200,11 @@ dtls1_copy_record(SSL *s, pitem *item)
        rdata = (DTLS1_RECORD_DATA *)item->data;
-        free(s->s3->rbuf.buf);
+        free(S3I(s)->rbuf.buf);
        s->internal->packet = rdata->packet;
        s->internal->packet_length = rdata->packet_length;
-        memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
+        memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
        memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
        /* Set proper sequence number for mac calculation */
@@ -231,7 +231,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        rdata->packet = s->internal->packet;
        rdata->packet_length = s->internal->packet_length;
-        memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
+        memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER));
        memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));
        item->data = rdata;
@@ -239,7 +239,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        s->internal->packet = NULL;
        s->internal->packet_length = 0;
-        memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
+        memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER));
        memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));
        if (!ssl3_setup_buffers(s))
@@ -643,7 +643,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
        SSL3_RECORD *rr;
        void (*cb)(const SSL *ssl, int type2, int val) = NULL;
-        if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
+        if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
                if (!ssl3_setup_buffers(s))
                        return (-1);
@@ -880,7 +880,7 @@ start:
                                }
                                if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
-                                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                                        if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */
                                        {
                                                BIO *bio;
                                                /* In the case where we try to read application data,
@@ -1035,7 +1035,7 @@ start:
                }
                if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
-                        if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+                        if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */
                        {
                                BIO *bio;
                                /* In the case where we try to read application data,
@@ -1188,13 +1188,13 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
        /* first check if there is a SSL3_BUFFER still being written
         * out.  This will happen with non blocking IO */
-        if (s->s3->wbuf.left != 0) {
+        if (S3I(s)->wbuf.left != 0) {
                OPENSSL_assert(0); /* XDTLS:  want to see if we ever get here */
                return (ssl3_write_pending(s, type, buf, len));
        }
        /* If we have an alert to send, lets send it */
-        if (s->s3->alert_dispatch) {
+        if (S3I(s)->alert_dispatch) {
                i = s->method->ssl_dispatch_alert(s);
                if (i <= 0)
                        return (i);
@@ -1205,7 +1205,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
                return 0;
        wr = &(S3I(s)->wrec);
-        wb = &(s->s3->wbuf);
+        wb = &(S3I(s)->wbuf);
        sess = s->session;
        if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) ||
@@ -1382,23 +1382,23 @@ dtls1_dispatch_alert(SSL *s)
        unsigned char buf[DTLS1_AL_HEADER_LENGTH];
        unsigned char *ptr = &buf[0];
-        s->s3->alert_dispatch = 0;
+        S3I(s)->alert_dispatch = 0;
        memset(buf, 0x00, sizeof(buf));
-        *ptr++ = s->s3->send_alert[0];
+        *ptr++ = S3I(s)->send_alert[0];
-        *ptr++ = s->s3->send_alert[1];
+        *ptr++ = S3I(s)->send_alert[1];
        i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
        if (i <= 0) {
-                s->s3->alert_dispatch = 1;
+                S3I(s)->alert_dispatch = 1;
                /* fprintf( stderr, "not done with alert\n" ); */
        } else {
-                if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+                if (S3I(s)->send_alert[0] == SSL3_AL_FATAL)
                        (void)BIO_flush(s->wbio);
                if (s->internal->msg_callback)
                        s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,
-                            s->s3->send_alert, 2, s, s->internal->msg_callback_arg);
+                            S3I(s)->send_alert, 2, s, s->internal->msg_callback_arg);
                if (s->internal->info_callback != NULL)
                        cb = s->internal->info_callback;
@@ -1406,7 +1406,7 @@ dtls1_dispatch_alert(SSL *s)
                        cb = s->ctx->internal->info_callback;
                if (cb != NULL) {
-                        j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
+                        j = (S3I(s)->send_alert[0]<<8)|S3I(s)->send_alert[1];
                        cb(s, SSL_CB_WRITE_ALERT, j);
                }
        }
author	jsing <>	2018-10-24 18:04:50 +0000
committer	jsing <>	2018-10-24 18:04:50 +0000
commit	d7e0aa4b59fc46f038370bf8dc64821eb4a7d804 (patch)
tree	ce8dad95e6021ab405b0ec175b26682e47bea424 /src/lib/libssl/d1_pkt.c
parent	c988048231bcb1d2abd6613e83760d63c461a080 (diff)
download	openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.tar.gz openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.tar.bz2 openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.zip

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index b3104d21e7..825c1838a1 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.64 2018/08/24 19:35:05 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.65 2018/10/24 18:04:50 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -200,11 +200,11 @@ dtls1_copy_record(SSL s, pitem item)
200		200
201	rdata = (DTLS1_RECORD_DATA *)item->data;	201	rdata = (DTLS1_RECORD_DATA *)item->data;
202		202
203	free(s->s3->rbuf.buf);	203	free(S3I(s)->rbuf.buf);
204		204
205	s->internal->packet = rdata->packet;	205	s->internal->packet = rdata->packet;
206	s->internal->packet_length = rdata->packet_length;	206	s->internal->packet_length = rdata->packet_length;
207	memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));	207	memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
208	memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));	208	memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
209		209
210	/* Set proper sequence number for mac calculation */	210	/* Set proper sequence number for mac calculation */
@@ -231,7 +231,7 @@ dtls1_buffer_record(SSL s, record_pqueue queue, unsigned char *priority)
231		231
232	rdata->packet = s->internal->packet;	232	rdata->packet = s->internal->packet;
233	rdata->packet_length = s->internal->packet_length;	233	rdata->packet_length = s->internal->packet_length;
234	memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));	234	memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER));
235	memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));	235	memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));
236		236
237	item->data = rdata;	237	item->data = rdata;
@@ -239,7 +239,7 @@ dtls1_buffer_record(SSL s, record_pqueue queue, unsigned char *priority)
239		239
240	s->internal->packet = NULL;	240	s->internal->packet = NULL;
241	s->internal->packet_length = 0;	241	s->internal->packet_length = 0;
242	memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));	242	memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER));
243	memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));	243	memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));
244		244
245	if (!ssl3_setup_buffers(s))	245	if (!ssl3_setup_buffers(s))
@@ -643,7 +643,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
643	SSL3_RECORD *rr;	643	SSL3_RECORD *rr;
644	void (cb)(const SSL ssl, int type2, int val) = NULL;	644	void (cb)(const SSL ssl, int type2, int val) = NULL;
645		645
646	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */	646	if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
647	if (!ssl3_setup_buffers(s))	647	if (!ssl3_setup_buffers(s))
648	return (-1);	648	return (-1);
649		649
@@ -880,7 +880,7 @@ start:
880	}	880	}
881		881
882	if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {	882	if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
883	if (s->s3->rbuf.left == 0) /* no read-ahead left? */	883	if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */
884	{	884	{
885	BIO *bio;	885	BIO *bio;
886	/* In the case where we try to read application data,	886	/* In the case where we try to read application data,
@@ -1035,7 +1035,7 @@ start:
1035	}	1035	}
1036		1036
1037	if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {	1037	if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
1038	if (s->s3->rbuf.left == 0) /* no read-ahead left? */	1038	if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */
1039	{	1039	{
1040	BIO *bio;	1040	BIO *bio;
1041	/* In the case where we try to read application data,	1041	/* In the case where we try to read application data,
@@ -1188,13 +1188,13 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
1188		1188
1189	/* first check if there is a SSL3_BUFFER still being written	1189	/* first check if there is a SSL3_BUFFER still being written
1190	* out. This will happen with non blocking IO */	1190	* out. This will happen with non blocking IO */
1191	if (s->s3->wbuf.left != 0) {	1191	if (S3I(s)->wbuf.left != 0) {
1192	OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */	1192	OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1193	return (ssl3_write_pending(s, type, buf, len));	1193	return (ssl3_write_pending(s, type, buf, len));
1194	}	1194	}
1195		1195
1196	/* If we have an alert to send, lets send it */	1196	/* If we have an alert to send, lets send it */
1197	if (s->s3->alert_dispatch) {	1197	if (S3I(s)->alert_dispatch) {
1198	i = s->method->ssl_dispatch_alert(s);	1198	i = s->method->ssl_dispatch_alert(s);
1199	if (i <= 0)	1199	if (i <= 0)
1200	return (i);	1200	return (i);
@@ -1205,7 +1205,7 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
1205	return 0;	1205	return 0;
1206		1206
1207	wr = &(S3I(s)->wrec);	1207	wr = &(S3I(s)->wrec);
1208	wb = &(s->s3->wbuf);	1208	wb = &(S3I(s)->wbuf);
1209	sess = s->session;	1209	sess = s->session;
1210		1210
1211	if ((sess == NULL) \|\| (s->internal->enc_write_ctx == NULL) \|\|	1211	if ((sess == NULL) \|\| (s->internal->enc_write_ctx == NULL) \|\|
@@ -1382,23 +1382,23 @@ dtls1_dispatch_alert(SSL *s)
1382	unsigned char buf[DTLS1_AL_HEADER_LENGTH];	1382	unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1383	unsigned char *ptr = &buf[0];	1383	unsigned char *ptr = &buf[0];
1384		1384
1385	s->s3->alert_dispatch = 0;	1385	S3I(s)->alert_dispatch = 0;
1386		1386
1387	memset(buf, 0x00, sizeof(buf));	1387	memset(buf, 0x00, sizeof(buf));
1388	*ptr++ = s->s3->send_alert[0];	1388	*ptr++ = S3I(s)->send_alert[0];
1389	*ptr++ = s->s3->send_alert[1];	1389	*ptr++ = S3I(s)->send_alert[1];
1390		1390
1391	i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));	1391	i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
1392	if (i <= 0) {	1392	if (i <= 0) {
1393	s->s3->alert_dispatch = 1;	1393	S3I(s)->alert_dispatch = 1;
1394	/* fprintf( stderr, "not done with alert\n" ); */	1394	/* fprintf( stderr, "not done with alert\n" ); */
1395	} else {	1395	} else {
1396	if (s->s3->send_alert[0] == SSL3_AL_FATAL)	1396	if (S3I(s)->send_alert[0] == SSL3_AL_FATAL)
1397	(void)BIO_flush(s->wbio);	1397	(void)BIO_flush(s->wbio);
1398		1398
1399	if (s->internal->msg_callback)	1399	if (s->internal->msg_callback)
1400	s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,	1400	s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,
1401	s->s3->send_alert, 2, s, s->internal->msg_callback_arg);	1401	S3I(s)->send_alert, 2, s, s->internal->msg_callback_arg);
1402		1402
1403	if (s->internal->info_callback != NULL)	1403	if (s->internal->info_callback != NULL)
1404	cb = s->internal->info_callback;	1404	cb = s->internal->info_callback;
@@ -1406,7 +1406,7 @@ dtls1_dispatch_alert(SSL *s)
1406	cb = s->ctx->internal->info_callback;	1406	cb = s->ctx->internal->info_callback;
1407		1407
1408	if (cb != NULL) {	1408	if (cb != NULL) {
1409	j = (s->s3->send_alert[0]<<8)\|s->s3->send_alert[1];	1409	j = (S3I(s)->send_alert[0]<<8)\|S3I(s)->send_alert[1];
1410	cb(s, SSL_CB_WRITE_ALERT, j);	1410	cb(s, SSL_CB_WRITE_ALERT, j);
1411	}	1411	}
1412	}	1412	}