diff options
| author | jsing <> | 2017-01-22 09:02:07 +0000 |
|---|---|---|
| committer | jsing <> | 2017-01-22 09:02:07 +0000 |
| commit | bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1 (patch) | |
| tree | 74edac7239262d369a6f63b69bea3291a4184000 /src/lib/libssl/d1_srvr.c | |
| parent | d549b46158cee11991715ad9f53e1adaa39d2280 (diff) | |
| download | openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.gz openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.bz2 openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.zip | |
Move most of the SSL3_STATE fields to internal - the ones that remain are
known to be used by ports.
ok beck@
Diffstat (limited to 'src/lib/libssl/d1_srvr.c')
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 6990e39f60..8722c1690d 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.71 2017/01/22 07:16:39 beck Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.72 2017/01/22 09:02:07 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -278,7 +278,7 @@ dtls1_accept(SSL *s) | |||
| 278 | ret = ssl3_send_hello_request(s); | 278 | ret = ssl3_send_hello_request(s); |
| 279 | if (ret <= 0) | 279 | if (ret <= 0) |
| 280 | goto end; | 280 | goto end; |
| 281 | s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; | 281 | S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; |
| 282 | s->state = SSL3_ST_SW_FLUSH; | 282 | s->state = SSL3_ST_SW_FLUSH; |
| 283 | s->init_num = 0; | 283 | s->init_num = 0; |
| 284 | 284 | ||
| @@ -311,7 +311,7 @@ dtls1_accept(SSL *s) | |||
| 311 | 311 | ||
| 312 | /* Reflect ClientHello sequence to remain stateless while listening */ | 312 | /* Reflect ClientHello sequence to remain stateless while listening */ |
| 313 | if (listen) { | 313 | if (listen) { |
| 314 | memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); | 314 | memcpy(S3I(s)->write_sequence, S3I(s)->read_sequence, sizeof(S3I(s)->write_sequence)); |
| 315 | } | 315 | } |
| 316 | 316 | ||
| 317 | /* If we're just listening, stop here */ | 317 | /* If we're just listening, stop here */ |
| @@ -336,7 +336,7 @@ dtls1_accept(SSL *s) | |||
| 336 | if (ret <= 0) | 336 | if (ret <= 0) |
| 337 | goto end; | 337 | goto end; |
| 338 | s->state = SSL3_ST_SW_FLUSH; | 338 | s->state = SSL3_ST_SW_FLUSH; |
| 339 | s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; | 339 | S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; |
| 340 | 340 | ||
| 341 | /* HelloVerifyRequest resets Finished MAC */ | 341 | /* HelloVerifyRequest resets Finished MAC */ |
| 342 | if (!tls1_init_finished_mac(s)) { | 342 | if (!tls1_init_finished_mac(s)) { |
| @@ -367,7 +367,7 @@ dtls1_accept(SSL *s) | |||
| 367 | case SSL3_ST_SW_CERT_A: | 367 | case SSL3_ST_SW_CERT_A: |
| 368 | case SSL3_ST_SW_CERT_B: | 368 | case SSL3_ST_SW_CERT_B: |
| 369 | /* Check if it is anon DH. */ | 369 | /* Check if it is anon DH. */ |
| 370 | if (!(s->s3->tmp.new_cipher->algorithm_auth & | 370 | if (!(S3I(s)->tmp.new_cipher->algorithm_auth & |
| 371 | SSL_aNULL)) { | 371 | SSL_aNULL)) { |
| 372 | dtls1_start_timer(s); | 372 | dtls1_start_timer(s); |
| 373 | ret = ssl3_send_server_certificate(s); | 373 | ret = ssl3_send_server_certificate(s); |
| @@ -386,7 +386,7 @@ dtls1_accept(SSL *s) | |||
| 386 | 386 | ||
| 387 | case SSL3_ST_SW_KEY_EXCH_A: | 387 | case SSL3_ST_SW_KEY_EXCH_A: |
| 388 | case SSL3_ST_SW_KEY_EXCH_B: | 388 | case SSL3_ST_SW_KEY_EXCH_B: |
| 389 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 389 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; |
| 390 | 390 | ||
| 391 | /* Only send if using a DH key exchange. */ | 391 | /* Only send if using a DH key exchange. */ |
| 392 | if (alg_k & (SSL_kDHE|SSL_kECDHE)) { | 392 | if (alg_k & (SSL_kDHE|SSL_kECDHE)) { |
| @@ -423,15 +423,15 @@ dtls1_accept(SSL *s) | |||
| 423 | if (!(s->verify_mode & SSL_VERIFY_PEER) || | 423 | if (!(s->verify_mode & SSL_VERIFY_PEER) || |
| 424 | ((s->session->peer != NULL) && | 424 | ((s->session->peer != NULL) && |
| 425 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | 425 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || |
| 426 | ((s->s3->tmp.new_cipher->algorithm_auth & | 426 | ((S3I(s)->tmp.new_cipher->algorithm_auth & |
| 427 | SSL_aNULL) && !(s->verify_mode & | 427 | SSL_aNULL) && !(s->verify_mode & |
| 428 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { | 428 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { |
| 429 | /* no cert request */ | 429 | /* no cert request */ |
| 430 | skip = 1; | 430 | skip = 1; |
| 431 | s->s3->tmp.cert_request = 0; | 431 | S3I(s)->tmp.cert_request = 0; |
| 432 | s->state = SSL3_ST_SW_SRVR_DONE_A; | 432 | s->state = SSL3_ST_SW_SRVR_DONE_A; |
| 433 | } else { | 433 | } else { |
| 434 | s->s3->tmp.cert_request = 1; | 434 | S3I(s)->tmp.cert_request = 1; |
| 435 | dtls1_start_timer(s); | 435 | dtls1_start_timer(s); |
| 436 | ret = ssl3_send_certificate_request(s); | 436 | ret = ssl3_send_certificate_request(s); |
| 437 | if (ret <= 0) | 437 | if (ret <= 0) |
| @@ -447,7 +447,7 @@ dtls1_accept(SSL *s) | |||
| 447 | ret = ssl3_send_server_done(s); | 447 | ret = ssl3_send_server_done(s); |
| 448 | if (ret <= 0) | 448 | if (ret <= 0) |
| 449 | goto end; | 449 | goto end; |
| 450 | s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; | 450 | S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; |
| 451 | s->state = SSL3_ST_SW_FLUSH; | 451 | s->state = SSL3_ST_SW_FLUSH; |
| 452 | s->init_num = 0; | 452 | s->init_num = 0; |
| 453 | break; | 453 | break; |
| @@ -458,19 +458,19 @@ dtls1_accept(SSL *s) | |||
| 458 | /* If the write error was fatal, stop trying */ | 458 | /* If the write error was fatal, stop trying */ |
| 459 | if (!BIO_should_retry(s->wbio)) { | 459 | if (!BIO_should_retry(s->wbio)) { |
| 460 | s->rwstate = SSL_NOTHING; | 460 | s->rwstate = SSL_NOTHING; |
| 461 | s->state = s->s3->tmp.next_state; | 461 | s->state = S3I(s)->tmp.next_state; |
| 462 | } | 462 | } |
| 463 | 463 | ||
| 464 | ret = -1; | 464 | ret = -1; |
| 465 | goto end; | 465 | goto end; |
| 466 | } | 466 | } |
| 467 | s->rwstate = SSL_NOTHING; | 467 | s->rwstate = SSL_NOTHING; |
| 468 | s->state = s->s3->tmp.next_state; | 468 | s->state = S3I(s)->tmp.next_state; |
| 469 | break; | 469 | break; |
| 470 | 470 | ||
| 471 | case SSL3_ST_SR_CERT_A: | 471 | case SSL3_ST_SR_CERT_A: |
| 472 | case SSL3_ST_SR_CERT_B: | 472 | case SSL3_ST_SR_CERT_B: |
| 473 | if (s->s3->tmp.cert_request) { | 473 | if (S3I(s)->tmp.cert_request) { |
| 474 | ret = ssl3_get_client_certificate(s); | 474 | ret = ssl3_get_client_certificate(s); |
| 475 | if (ret <= 0) | 475 | if (ret <= 0) |
| 476 | goto end; | 476 | goto end; |
| @@ -506,7 +506,7 @@ dtls1_accept(SSL *s) | |||
| 506 | * For sigalgs freeze the handshake buffer | 506 | * For sigalgs freeze the handshake buffer |
| 507 | * at this point and digest cached records. | 507 | * at this point and digest cached records. |
| 508 | */ | 508 | */ |
| 509 | if (!s->s3->handshake_buffer) { | 509 | if (!S3I(s)->handshake_buffer) { |
| 510 | SSLerr(SSL_F_SSL3_ACCEPT, | 510 | SSLerr(SSL_F_SSL3_ACCEPT, |
| 511 | ERR_R_INTERNAL_ERROR); | 511 | ERR_R_INTERNAL_ERROR); |
| 512 | ret = -1; | 512 | ret = -1; |
| @@ -524,10 +524,10 @@ dtls1_accept(SSL *s) | |||
| 524 | /* We need to get hashes here so if there is | 524 | /* We need to get hashes here so if there is |
| 525 | * a client cert, it can be verified */ | 525 | * a client cert, it can be verified */ |
| 526 | s->method->ssl3_enc->cert_verify_mac(s, | 526 | s->method->ssl3_enc->cert_verify_mac(s, |
| 527 | NID_md5, &(s->s3->tmp.cert_verify_md[0])); | 527 | NID_md5, &(S3I(s)->tmp.cert_verify_md[0])); |
| 528 | s->method->ssl3_enc->cert_verify_mac(s, | 528 | s->method->ssl3_enc->cert_verify_mac(s, |
| 529 | NID_sha1, | 529 | NID_sha1, |
| 530 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); | 530 | &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); |
| 531 | } | 531 | } |
| 532 | break; | 532 | break; |
| 533 | 533 | ||
| @@ -582,7 +582,7 @@ dtls1_accept(SSL *s) | |||
| 582 | case SSL3_ST_SW_CHANGE_A: | 582 | case SSL3_ST_SW_CHANGE_A: |
| 583 | case SSL3_ST_SW_CHANGE_B: | 583 | case SSL3_ST_SW_CHANGE_B: |
| 584 | 584 | ||
| 585 | s->session->cipher = s->s3->tmp.new_cipher; | 585 | s->session->cipher = S3I(s)->tmp.new_cipher; |
| 586 | if (!s->method->ssl3_enc->setup_key_block(s)) { | 586 | if (!s->method->ssl3_enc->setup_key_block(s)) { |
| 587 | ret = -1; | 587 | ret = -1; |
| 588 | goto end; | 588 | goto end; |
| @@ -617,10 +617,10 @@ dtls1_accept(SSL *s) | |||
| 617 | goto end; | 617 | goto end; |
| 618 | s->state = SSL3_ST_SW_FLUSH; | 618 | s->state = SSL3_ST_SW_FLUSH; |
| 619 | if (s->hit) { | 619 | if (s->hit) { |
| 620 | s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; | 620 | S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A; |
| 621 | 621 | ||
| 622 | } else { | 622 | } else { |
| 623 | s->s3->tmp.next_state = SSL_ST_OK; | 623 | S3I(s)->tmp.next_state = SSL_ST_OK; |
| 624 | } | 624 | } |
| 625 | s->init_num = 0; | 625 | s->init_num = 0; |
| 626 | break; | 626 | break; |
| @@ -666,7 +666,7 @@ dtls1_accept(SSL *s) | |||
| 666 | /* break; */ | 666 | /* break; */ |
| 667 | } | 667 | } |
| 668 | 668 | ||
| 669 | if (!s->s3->tmp.reuse_message && !skip) { | 669 | if (!S3I(s)->tmp.reuse_message && !skip) { |
| 670 | if (s->debug) { | 670 | if (s->debug) { |
| 671 | if ((ret = BIO_flush(s->wbio)) <= 0) | 671 | if ((ret = BIO_flush(s->wbio)) <= 0) |
| 672 | goto end; | 672 | goto end; |