diff options
| author | beck <> | 2017-01-23 06:45:30 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-23 06:45:30 +0000 |
| commit | fedd988b9f44e5e0ccf1a340f14354f32800d524 (patch) | |
| tree | dfb700c2a3d1498e8069f1fab4c6691ef0f3fef1 /src/lib/libssl/d1_pkt.c | |
| parent | 3b1c7c5973d7e6aca42940bd4e07900c35d585f5 (diff) | |
| download | openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.tar.gz openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.tar.bz2 openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.zip | |
Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@
Diffstat (limited to 'src/lib/libssl/d1_pkt.c')
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 100 |
1 files changed, 50 insertions, 50 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 88c2fa9adf..34e6d58c00 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.53 2017/01/23 04:55:26 beck Exp $ */ | 1 | /* $OpenBSD: d1_pkt.c,v 1.54 2017/01/23 06:45:30 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -202,8 +202,8 @@ dtls1_copy_record(SSL *s, pitem *item) | |||
| 202 | 202 | ||
| 203 | free(s->s3->rbuf.buf); | 203 | free(s->s3->rbuf.buf); |
| 204 | 204 | ||
| 205 | s->packet = rdata->packet; | 205 | s->internal->packet = rdata->packet; |
| 206 | s->packet_length = rdata->packet_length; | 206 | s->internal->packet_length = rdata->packet_length; |
| 207 | memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); | 207 | memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); |
| 208 | memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); | 208 | memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); |
| 209 | 209 | ||
| @@ -229,16 +229,16 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) | |||
| 229 | if (rdata == NULL || item == NULL) | 229 | if (rdata == NULL || item == NULL) |
| 230 | goto init_err; | 230 | goto init_err; |
| 231 | 231 | ||
| 232 | rdata->packet = s->packet; | 232 | rdata->packet = s->internal->packet; |
| 233 | rdata->packet_length = s->packet_length; | 233 | rdata->packet_length = s->internal->packet_length; |
| 234 | memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); | 234 | memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); |
| 235 | memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD)); | 235 | memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD)); |
| 236 | 236 | ||
| 237 | item->data = rdata; | 237 | item->data = rdata; |
| 238 | 238 | ||
| 239 | 239 | ||
| 240 | s->packet = NULL; | 240 | s->internal->packet = NULL; |
| 241 | s->packet_length = 0; | 241 | s->internal->packet_length = 0; |
| 242 | memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); | 242 | memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); |
| 243 | memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD)); | 243 | memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD)); |
| 244 | 244 | ||
| @@ -336,12 +336,12 @@ dtls1_process_record(SSL *s) | |||
| 336 | rr = &(S3I(s)->rrec); | 336 | rr = &(S3I(s)->rrec); |
| 337 | sess = s->session; | 337 | sess = s->session; |
| 338 | 338 | ||
| 339 | /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | 339 | /* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, |
| 340 | * and we have that many bytes in s->packet | 340 | * and we have that many bytes in s->internal->packet |
| 341 | */ | 341 | */ |
| 342 | rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]); | 342 | rr->input = &(s->internal->packet[DTLS1_RT_HEADER_LENGTH]); |
| 343 | 343 | ||
| 344 | /* ok, we can now read from 's->packet' data into 'rr' | 344 | /* ok, we can now read from 's->internal->packet' data into 'rr' |
| 345 | * rr->input points at rr->length bytes, which | 345 | * rr->input points at rr->length bytes, which |
| 346 | * need to be copied into rr->data by either | 346 | * need to be copied into rr->data by either |
| 347 | * the decryption or by the decompression | 347 | * the decryption or by the decompression |
| @@ -369,18 +369,18 @@ dtls1_process_record(SSL *s) | |||
| 369 | if (enc_err == 0) { | 369 | if (enc_err == 0) { |
| 370 | /* For DTLS we simply ignore bad packets. */ | 370 | /* For DTLS we simply ignore bad packets. */ |
| 371 | rr->length = 0; | 371 | rr->length = 0; |
| 372 | s->packet_length = 0; | 372 | s->internal->packet_length = 0; |
| 373 | goto err; | 373 | goto err; |
| 374 | } | 374 | } |
| 375 | 375 | ||
| 376 | 376 | ||
| 377 | /* r->length is now the compressed data plus mac */ | 377 | /* r->length is now the compressed data plus mac */ |
| 378 | if ((sess != NULL) && (s->enc_read_ctx != NULL) && | 378 | if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) && |
| 379 | (EVP_MD_CTX_md(s->read_hash) != NULL)) { | 379 | (EVP_MD_CTX_md(s->internal->read_hash) != NULL)) { |
| 380 | /* s->read_hash != NULL => mac_size != -1 */ | 380 | /* s->internal->read_hash != NULL => mac_size != -1 */ |
| 381 | unsigned char *mac = NULL; | 381 | unsigned char *mac = NULL; |
| 382 | unsigned char mac_tmp[EVP_MAX_MD_SIZE]; | 382 | unsigned char mac_tmp[EVP_MAX_MD_SIZE]; |
| 383 | mac_size = EVP_MD_CTX_size(s->read_hash); | 383 | mac_size = EVP_MD_CTX_size(s->internal->read_hash); |
| 384 | OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); | 384 | OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); |
| 385 | 385 | ||
| 386 | /* kludge: *_cbc_remove_padding passes padding length in rr->type */ | 386 | /* kludge: *_cbc_remove_padding passes padding length in rr->type */ |
| @@ -393,14 +393,14 @@ dtls1_process_record(SSL *s) | |||
| 393 | */ | 393 | */ |
| 394 | if (orig_len < mac_size || | 394 | if (orig_len < mac_size || |
| 395 | /* CBC records must have a padding length byte too. */ | 395 | /* CBC records must have a padding length byte too. */ |
| 396 | (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && | 396 | (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE && |
| 397 | orig_len < mac_size + 1)) { | 397 | orig_len < mac_size + 1)) { |
| 398 | al = SSL_AD_DECODE_ERROR; | 398 | al = SSL_AD_DECODE_ERROR; |
| 399 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT); | 399 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT); |
| 400 | goto f_err; | 400 | goto f_err; |
| 401 | } | 401 | } |
| 402 | 402 | ||
| 403 | if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { | 403 | if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) { |
| 404 | /* We update the length so that the TLS header bytes | 404 | /* We update the length so that the TLS header bytes |
| 405 | * can be constructed correctly but we need to extract | 405 | * can be constructed correctly but we need to extract |
| 406 | * the MAC in constant time from within the record, | 406 | * the MAC in constant time from within the record, |
| @@ -427,7 +427,7 @@ dtls1_process_record(SSL *s) | |||
| 427 | if (enc_err < 0) { | 427 | if (enc_err < 0) { |
| 428 | /* decryption failed, silently discard message */ | 428 | /* decryption failed, silently discard message */ |
| 429 | rr->length = 0; | 429 | rr->length = 0; |
| 430 | s->packet_length = 0; | 430 | s->internal->packet_length = 0; |
| 431 | goto err; | 431 | goto err; |
| 432 | } | 432 | } |
| 433 | 433 | ||
| @@ -447,7 +447,7 @@ dtls1_process_record(SSL *s) | |||
| 447 | */ | 447 | */ |
| 448 | 448 | ||
| 449 | /* we have pulled in a full packet so zero things */ | 449 | /* we have pulled in a full packet so zero things */ |
| 450 | s->packet_length = 0; | 450 | s->internal->packet_length = 0; |
| 451 | return (1); | 451 | return (1); |
| 452 | 452 | ||
| 453 | f_err: | 453 | f_err: |
| @@ -491,12 +491,12 @@ dtls1_get_record(SSL *s) | |||
| 491 | again: | 491 | again: |
| 492 | /* dump this record on all retries */ | 492 | /* dump this record on all retries */ |
| 493 | rr->length = 0; | 493 | rr->length = 0; |
| 494 | s->packet_length = 0; | 494 | s->internal->packet_length = 0; |
| 495 | } | 495 | } |
| 496 | 496 | ||
| 497 | /* check if we have the header */ | 497 | /* check if we have the header */ |
| 498 | if ((s->rstate != SSL_ST_READ_BODY) || | 498 | if ((s->rstate != SSL_ST_READ_BODY) || |
| 499 | (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { | 499 | (s->internal->packet_length < DTLS1_RT_HEADER_LENGTH)) { |
| 500 | CBS header, seq_no; | 500 | CBS header, seq_no; |
| 501 | uint16_t epoch, len, ssl_version; | 501 | uint16_t epoch, len, ssl_version; |
| 502 | uint8_t type; | 502 | uint8_t type; |
| @@ -507,12 +507,12 @@ again: | |||
| 507 | return(n); /* error or non-blocking */ | 507 | return(n); /* error or non-blocking */ |
| 508 | 508 | ||
| 509 | /* this packet contained a partial record, dump it */ | 509 | /* this packet contained a partial record, dump it */ |
| 510 | if (s->packet_length != DTLS1_RT_HEADER_LENGTH) | 510 | if (s->internal->packet_length != DTLS1_RT_HEADER_LENGTH) |
| 511 | goto again; | 511 | goto again; |
| 512 | 512 | ||
| 513 | s->rstate = SSL_ST_READ_BODY; | 513 | s->rstate = SSL_ST_READ_BODY; |
| 514 | 514 | ||
| 515 | CBS_init(&header, s->packet, s->packet_length); | 515 | CBS_init(&header, s->internal->packet, s->internal->packet_length); |
| 516 | 516 | ||
| 517 | /* Pull apart the header into the DTLS1_RECORD */ | 517 | /* Pull apart the header into the DTLS1_RECORD */ |
| 518 | if (!CBS_get_u8(&header, &type)) | 518 | if (!CBS_get_u8(&header, &type)) |
| @@ -536,7 +536,7 @@ again: | |||
| 536 | rr->length = len; | 536 | rr->length = len; |
| 537 | 537 | ||
| 538 | /* unexpected version, silently discard */ | 538 | /* unexpected version, silently discard */ |
| 539 | if (!s->first_packet && ssl_version != s->version) | 539 | if (!s->internal->first_packet && ssl_version != s->version) |
| 540 | goto again; | 540 | goto again; |
| 541 | 541 | ||
| 542 | /* wrong version, silently discard record */ | 542 | /* wrong version, silently discard record */ |
| @@ -553,8 +553,8 @@ again: | |||
| 553 | 553 | ||
| 554 | /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ | 554 | /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ |
| 555 | 555 | ||
| 556 | if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) { | 556 | if (rr->length > s->internal->packet_length - DTLS1_RT_HEADER_LENGTH) { |
| 557 | /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ | 557 | /* now s->internal->packet_length == DTLS1_RT_HEADER_LENGTH */ |
| 558 | i = rr->length; | 558 | i = rr->length; |
| 559 | n = ssl3_read_n(s, i, i, 1); | 559 | n = ssl3_read_n(s, i, i, 1); |
| 560 | if (n <= 0) | 560 | if (n <= 0) |
| @@ -565,7 +565,7 @@ again: | |||
| 565 | goto again; | 565 | goto again; |
| 566 | 566 | ||
| 567 | /* now n == rr->length, | 567 | /* now n == rr->length, |
| 568 | * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ | 568 | * and s->internal->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ |
| 569 | } | 569 | } |
| 570 | s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ | 570 | s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ |
| 571 | 571 | ||
| @@ -680,7 +680,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | |||
| 680 | } | 680 | } |
| 681 | 681 | ||
| 682 | start: | 682 | start: |
| 683 | s->rwstate = SSL_NOTHING; | 683 | s->internal->rwstate = SSL_NOTHING; |
| 684 | 684 | ||
| 685 | /* S3I(s)->rrec.type - is the type of record | 685 | /* S3I(s)->rrec.type - is the type of record |
| 686 | * S3I(s)->rrec.data, - data | 686 | * S3I(s)->rrec.data, - data |
| @@ -747,9 +747,9 @@ start: | |||
| 747 | 747 | ||
| 748 | /* If the other end has shut down, throw anything we read away | 748 | /* If the other end has shut down, throw anything we read away |
| 749 | * (even in 'peek' mode) */ | 749 | * (even in 'peek' mode) */ |
| 750 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { | 750 | if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 751 | rr->length = 0; | 751 | rr->length = 0; |
| 752 | s->rwstate = SSL_NOTHING; | 752 | s->internal->rwstate = SSL_NOTHING; |
| 753 | return (0); | 753 | return (0); |
| 754 | } | 754 | } |
| 755 | 755 | ||
| @@ -759,7 +759,7 @@ start: | |||
| 759 | /* make sure that we are not getting application data when we | 759 | /* make sure that we are not getting application data when we |
| 760 | * are doing a handshake for the first time */ | 760 | * are doing a handshake for the first time */ |
| 761 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | 761 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && |
| 762 | (s->enc_read_ctx == NULL)) { | 762 | (s->internal->enc_read_ctx == NULL)) { |
| 763 | al = SSL_AD_UNEXPECTED_MESSAGE; | 763 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 764 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); | 764 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); |
| 765 | goto f_err; | 765 | goto f_err; |
| @@ -816,7 +816,7 @@ start: | |||
| 816 | BIO *bio; | 816 | BIO *bio; |
| 817 | S3I(s)->in_read_app_data = 2; | 817 | S3I(s)->in_read_app_data = 2; |
| 818 | bio = SSL_get_rbio(s); | 818 | bio = SSL_get_rbio(s); |
| 819 | s->rwstate = SSL_READING; | 819 | s->internal->rwstate = SSL_READING; |
| 820 | BIO_clear_retry_flags(bio); | 820 | BIO_clear_retry_flags(bio); |
| 821 | BIO_set_retry_read(bio); | 821 | BIO_set_retry_read(bio); |
| 822 | return (-1); | 822 | return (-1); |
| @@ -883,7 +883,7 @@ start: | |||
| 883 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 883 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && |
| 884 | !S3I(s)->renegotiate) { | 884 | !S3I(s)->renegotiate) { |
| 885 | D1I(s)->handshake_read_seq++; | 885 | D1I(s)->handshake_read_seq++; |
| 886 | s->new_session = 1; | 886 | s->internal->new_session = 1; |
| 887 | ssl3_renegotiate(s); | 887 | ssl3_renegotiate(s); |
| 888 | if (ssl3_renegotiate_check(s)) { | 888 | if (ssl3_renegotiate_check(s)) { |
| 889 | i = s->internal->handshake_func(s); | 889 | i = s->internal->handshake_func(s); |
| @@ -902,7 +902,7 @@ start: | |||
| 902 | * but we trigger an SSL handshake, we return -1 with | 902 | * but we trigger an SSL handshake, we return -1 with |
| 903 | * the retry option set. Otherwise renegotiation may | 903 | * the retry option set. Otherwise renegotiation may |
| 904 | * cause nasty problems in the blocking world */ | 904 | * cause nasty problems in the blocking world */ |
| 905 | s->rwstate = SSL_READING; | 905 | s->internal->rwstate = SSL_READING; |
| 906 | bio = SSL_get_rbio(s); | 906 | bio = SSL_get_rbio(s); |
| 907 | BIO_clear_retry_flags(bio); | 907 | BIO_clear_retry_flags(bio); |
| 908 | BIO_set_retry_read(bio); | 908 | BIO_set_retry_read(bio); |
| @@ -940,17 +940,17 @@ start: | |||
| 940 | { | 940 | { |
| 941 | S3I(s)->warn_alert = alert_descr; | 941 | S3I(s)->warn_alert = alert_descr; |
| 942 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) { | 942 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) { |
| 943 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | 943 | s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; |
| 944 | return (0); | 944 | return (0); |
| 945 | } | 945 | } |
| 946 | } else if (alert_level == 2) /* fatal */ | 946 | } else if (alert_level == 2) /* fatal */ |
| 947 | { | 947 | { |
| 948 | s->rwstate = SSL_NOTHING; | 948 | s->internal->rwstate = SSL_NOTHING; |
| 949 | S3I(s)->fatal_alert = alert_descr; | 949 | S3I(s)->fatal_alert = alert_descr; |
| 950 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); | 950 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); |
| 951 | ERR_asprintf_error_data("SSL alert number %d", | 951 | ERR_asprintf_error_data("SSL alert number %d", |
| 952 | alert_descr); | 952 | alert_descr); |
| 953 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | 953 | s->internal->shutdown|=SSL_RECEIVED_SHUTDOWN; |
| 954 | SSL_CTX_remove_session(s->ctx, s->session); | 954 | SSL_CTX_remove_session(s->ctx, s->session); |
| 955 | return (0); | 955 | return (0); |
| 956 | } else { | 956 | } else { |
| @@ -962,9 +962,9 @@ start: | |||
| 962 | goto start; | 962 | goto start; |
| 963 | } | 963 | } |
| 964 | 964 | ||
| 965 | if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ | 965 | if (s->internal->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ |
| 966 | { | 966 | { |
| 967 | s->rwstate = SSL_NOTHING; | 967 | s->internal->rwstate = SSL_NOTHING; |
| 968 | rr->length = 0; | 968 | rr->length = 0; |
| 969 | return (0); | 969 | return (0); |
| 970 | } | 970 | } |
| @@ -1038,8 +1038,8 @@ start: | |||
| 1038 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | 1038 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && |
| 1039 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { | 1039 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { |
| 1040 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; | 1040 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; |
| 1041 | s->renegotiate = 1; | 1041 | s->internal->renegotiate = 1; |
| 1042 | s->new_session = 1; | 1042 | s->internal->new_session = 1; |
| 1043 | } | 1043 | } |
| 1044 | i = s->internal->handshake_func(s); | 1044 | i = s->internal->handshake_func(s); |
| 1045 | if (i < 0) | 1045 | if (i < 0) |
| @@ -1057,7 +1057,7 @@ start: | |||
| 1057 | * but we trigger an SSL handshake, we return -1 with | 1057 | * but we trigger an SSL handshake, we return -1 with |
| 1058 | * the retry option set. Otherwise renegotiation may | 1058 | * the retry option set. Otherwise renegotiation may |
| 1059 | * cause nasty problems in the blocking world */ | 1059 | * cause nasty problems in the blocking world */ |
| 1060 | s->rwstate = SSL_READING; | 1060 | s->internal->rwstate = SSL_READING; |
| 1061 | bio = SSL_get_rbio(s); | 1061 | bio = SSL_get_rbio(s); |
| 1062 | BIO_clear_retry_flags(bio); | 1062 | BIO_clear_retry_flags(bio); |
| 1063 | BIO_set_retry_read(bio); | 1063 | BIO_set_retry_read(bio); |
| @@ -1185,7 +1185,7 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len) | |||
| 1185 | int i; | 1185 | int i; |
| 1186 | 1186 | ||
| 1187 | OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); | 1187 | OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); |
| 1188 | s->rwstate = SSL_NOTHING; | 1188 | s->internal->rwstate = SSL_NOTHING; |
| 1189 | i = do_dtls1_write(s, type, buf, len); | 1189 | i = do_dtls1_write(s, type, buf, len); |
| 1190 | return i; | 1190 | return i; |
| 1191 | } | 1191 | } |
| @@ -1223,14 +1223,14 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 1223 | wb = &(s->s3->wbuf); | 1223 | wb = &(s->s3->wbuf); |
| 1224 | sess = s->session; | 1224 | sess = s->session; |
| 1225 | 1225 | ||
| 1226 | if ((sess == NULL) || (s->enc_write_ctx == NULL) || | 1226 | if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) || |
| 1227 | (EVP_MD_CTX_md(s->write_hash) == NULL)) | 1227 | (EVP_MD_CTX_md(s->internal->write_hash) == NULL)) |
| 1228 | clear = 1; | 1228 | clear = 1; |
| 1229 | 1229 | ||
| 1230 | if (clear) | 1230 | if (clear) |
| 1231 | mac_size = 0; | 1231 | mac_size = 0; |
| 1232 | else { | 1232 | else { |
| 1233 | mac_size = EVP_MD_CTX_size(s->write_hash); | 1233 | mac_size = EVP_MD_CTX_size(s->internal->write_hash); |
| 1234 | if (mac_size < 0) | 1234 | if (mac_size < 0) |
| 1235 | goto err; | 1235 | goto err; |
| 1236 | } | 1236 | } |
| @@ -1257,9 +1257,9 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 1257 | /* Make space for the explicit IV in case of CBC. | 1257 | /* Make space for the explicit IV in case of CBC. |
| 1258 | * (this is a bit of a boundary violation, but what the heck). | 1258 | * (this is a bit of a boundary violation, but what the heck). |
| 1259 | */ | 1259 | */ |
| 1260 | if (s->enc_write_ctx && | 1260 | if (s->internal->enc_write_ctx && |
| 1261 | (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE)) | 1261 | (EVP_CIPHER_mode( s->internal->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE)) |
| 1262 | bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher); | 1262 | bs = EVP_CIPHER_block_size(s->internal->enc_write_ctx->cipher); |
| 1263 | else | 1263 | else |
| 1264 | bs = 0; | 1264 | bs = 0; |
| 1265 | 1265 | ||