Move most of the SSL3_STATE fields to internal - the ones that remain are

known to be used by ports. ok beck@
author: jsing <> 2017-01-22 09:02:07 +0000
committer: jsing <> 2017-01-22 09:02:07 +0000
commit: fcfe199cc99431d4e250ada852b3989b210b67ca (patch)
tree: 74edac7239262d369a6f63b69bea3291a4184000 /src/lib/libssl/d1_srvr.c
parent: 0356ccc6b32439d6cef453be9bd3c4786baa75d3 (diff)
download: openbsd-fcfe199cc99431d4e250ada852b3989b210b67ca.tar.gz
openbsd-fcfe199cc99431d4e250ada852b3989b210b67ca.tar.bz2
openbsd-fcfe199cc99431d4e250ada852b3989b210b67ca.zip
1 files changed, 20 insertions, 20 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 6990e39f60..8722c1690d 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.71 2017/01/22 07:16:39 beck Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.72 2017/01/22 09:02:07 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -278,7 +278,7 @@ dtls1_accept(SSL *s)
                        ret = ssl3_send_hello_request(s);
                        if (ret <= 0)
                                goto end;
-                        s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+                        S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
                        s->state = SSL3_ST_SW_FLUSH;
                        s->init_num = 0;
@@ -311,7 +311,7 @@ dtls1_accept(SSL *s)
                        /* Reflect ClientHello sequence to remain stateless while listening */
                        if (listen) {
-                                memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
+                                memcpy(S3I(s)->write_sequence, S3I(s)->read_sequence, sizeof(S3I(s)->write_sequence));
                        }
                        /* If we're just listening, stop here */
@@ -336,7 +336,7 @@ dtls1_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        s->state = SSL3_ST_SW_FLUSH;
-                        s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+                        S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
                        /* HelloVerifyRequest resets Finished MAC */
                        if (!tls1_init_finished_mac(s)) {
@@ -367,7 +367,7 @@ dtls1_accept(SSL *s)
                case SSL3_ST_SW_CERT_A:
                case SSL3_ST_SW_CERT_B:
                        /* Check if it is anon DH. */
-                        if (!(s->s3->tmp.new_cipher->algorithm_auth &
+                        if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
                            SSL_aNULL)) {
                                dtls1_start_timer(s);
                                ret = ssl3_send_server_certificate(s);
@@ -386,7 +386,7 @@ dtls1_accept(SSL *s)
                case SSL3_ST_SW_KEY_EXCH_A:
                case SSL3_ST_SW_KEY_EXCH_B:
-                        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+                        alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
                        /* Only send if using a DH key exchange. */
                        if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
@@ -423,15 +423,15 @@ dtls1_accept(SSL *s)
                        if (!(s->verify_mode & SSL_VERIFY_PEER) ||
                            ((s->session->peer != NULL) &&
                             (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-                            ((s->s3->tmp.new_cipher->algorithm_auth &
+                            ((S3I(s)->tmp.new_cipher->algorithm_auth &
                             SSL_aNULL) && !(s->verify_mode &
                             SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
                                /* no cert request */
                                skip = 1;
-                                s->s3->tmp.cert_request = 0;
+                                S3I(s)->tmp.cert_request = 0;
                                s->state = SSL3_ST_SW_SRVR_DONE_A;
                        } else {
-                                s->s3->tmp.cert_request = 1;
+                                S3I(s)->tmp.cert_request = 1;
                                dtls1_start_timer(s);
                                ret = ssl3_send_certificate_request(s);
                                if (ret <= 0)
@@ -447,7 +447,7 @@ dtls1_accept(SSL *s)
                        ret = ssl3_send_server_done(s);
                        if (ret <= 0)
                                goto end;
-                        s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
+                        S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
                        s->state = SSL3_ST_SW_FLUSH;
                        s->init_num = 0;
                        break;
@@ -458,19 +458,19 @@ dtls1_accept(SSL *s)
                                /* If the write error was fatal, stop trying */
                                if (!BIO_should_retry(s->wbio)) {
                                        s->rwstate = SSL_NOTHING;
-                                        s->state = s->s3->tmp.next_state;
+                                        s->state = S3I(s)->tmp.next_state;
                                }
                                ret = -1;
                                goto end;
                        }
                        s->rwstate = SSL_NOTHING;
-                        s->state = s->s3->tmp.next_state;
+                        s->state = S3I(s)->tmp.next_state;
                        break;
                case SSL3_ST_SR_CERT_A:
                case SSL3_ST_SR_CERT_B:
-                        if (s->s3->tmp.cert_request) {
+                        if (S3I(s)->tmp.cert_request) {
                                ret = ssl3_get_client_certificate(s);
                                if (ret <= 0)
                                        goto end;
@@ -506,7 +506,7 @@ dtls1_accept(SSL *s)
                                 * For sigalgs freeze the handshake buffer
                                 * at this point and digest cached records.
                                 */
-                                if (!s->s3->handshake_buffer) {
+                                if (!S3I(s)->handshake_buffer) {
                                        SSLerr(SSL_F_SSL3_ACCEPT,
                                            ERR_R_INTERNAL_ERROR);
                                        ret = -1;
@@ -524,10 +524,10 @@ dtls1_accept(SSL *s)
                                /* We need to get hashes here so if there is
                                 * a client cert, it can be verified */
                                s->method->ssl3_enc->cert_verify_mac(s,
-                                    NID_md5, &(s->s3->tmp.cert_verify_md[0]));
+                                    NID_md5, &(S3I(s)->tmp.cert_verify_md[0]));
                                s->method->ssl3_enc->cert_verify_mac(s,
                                    NID_sha1,
-                                    &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+                                    &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
                        }
                        break;
@@ -582,7 +582,7 @@ dtls1_accept(SSL *s)
                case SSL3_ST_SW_CHANGE_A:
                case SSL3_ST_SW_CHANGE_B:
-                        s->session->cipher = s->s3->tmp.new_cipher;
+                        s->session->cipher = S3I(s)->tmp.new_cipher;
                        if (!s->method->ssl3_enc->setup_key_block(s)) {
                                ret = -1;
                                goto end;
@@ -617,10 +617,10 @@ dtls1_accept(SSL *s)
                                goto end;
                        s->state = SSL3_ST_SW_FLUSH;
                        if (s->hit) {
-                                s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
+                                S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A;
                        } else {
-                                s->s3->tmp.next_state = SSL_ST_OK;
+                                S3I(s)->tmp.next_state = SSL_ST_OK;
                        }
                        s->init_num = 0;
                        break;
@@ -666,7 +666,7 @@ dtls1_accept(SSL *s)
                        /* break; */
                }
-                if (!s->s3->tmp.reuse_message && !skip) {
+                if (!S3I(s)->tmp.reuse_message && !skip) {
                        if (s->debug) {
                                if ((ret = BIO_flush(s->wbio)) <= 0)
                                        goto end;
author	jsing <>	2017-01-22 09:02:07 +0000
committer	jsing <>	2017-01-22 09:02:07 +0000
commit	fcfe199cc99431d4e250ada852b3989b210b67ca (patch)
tree	74edac7239262d369a6f63b69bea3291a4184000 /src/lib/libssl/d1_srvr.c
parent	0356ccc6b32439d6cef453be9bd3c4786baa75d3 (diff)
download	openbsd-fcfe199cc99431d4e250ada852b3989b210b67ca.tar.gz openbsd-fcfe199cc99431d4e250ada852b3989b210b67ca.tar.bz2 openbsd-fcfe199cc99431d4e250ada852b3989b210b67ca.zip

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 6990e39f60..8722c1690d 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.71 2017/01/22 07:16:39 beck Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.72 2017/01/22 09:02:07 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -278,7 +278,7 @@ dtls1_accept(SSL *s)
278	ret = ssl3_send_hello_request(s);	278	ret = ssl3_send_hello_request(s);
279	if (ret <= 0)	279	if (ret <= 0)
280	goto end;	280	goto end;
281	s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;	281	S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
282	s->state = SSL3_ST_SW_FLUSH;	282	s->state = SSL3_ST_SW_FLUSH;
283	s->init_num = 0;	283	s->init_num = 0;
284		284
@@ -311,7 +311,7 @@ dtls1_accept(SSL *s)
311		311
312	/* Reflect ClientHello sequence to remain stateless while listening */	312	/* Reflect ClientHello sequence to remain stateless while listening */
313	if (listen) {	313	if (listen) {
314	memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));	314	memcpy(S3I(s)->write_sequence, S3I(s)->read_sequence, sizeof(S3I(s)->write_sequence));
315	}	315	}
316		316
317	/* If we're just listening, stop here */	317	/* If we're just listening, stop here */
@@ -336,7 +336,7 @@ dtls1_accept(SSL *s)
336	if (ret <= 0)	336	if (ret <= 0)
337	goto end;	337	goto end;
338	s->state = SSL3_ST_SW_FLUSH;	338	s->state = SSL3_ST_SW_FLUSH;
339	s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;	339	S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
340		340
341	/* HelloVerifyRequest resets Finished MAC */	341	/* HelloVerifyRequest resets Finished MAC */
342	if (!tls1_init_finished_mac(s)) {	342	if (!tls1_init_finished_mac(s)) {
@@ -367,7 +367,7 @@ dtls1_accept(SSL *s)
367	case SSL3_ST_SW_CERT_A:	367	case SSL3_ST_SW_CERT_A:
368	case SSL3_ST_SW_CERT_B:	368	case SSL3_ST_SW_CERT_B:
369	/* Check if it is anon DH. */	369	/* Check if it is anon DH. */
370	if (!(s->s3->tmp.new_cipher->algorithm_auth &	370	if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
371	SSL_aNULL)) {	371	SSL_aNULL)) {
372	dtls1_start_timer(s);	372	dtls1_start_timer(s);
373	ret = ssl3_send_server_certificate(s);	373	ret = ssl3_send_server_certificate(s);
@@ -386,7 +386,7 @@ dtls1_accept(SSL *s)
386		386
387	case SSL3_ST_SW_KEY_EXCH_A:	387	case SSL3_ST_SW_KEY_EXCH_A:
388	case SSL3_ST_SW_KEY_EXCH_B:	388	case SSL3_ST_SW_KEY_EXCH_B:
389	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;	389	alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
390		390
391	/* Only send if using a DH key exchange. */	391	/* Only send if using a DH key exchange. */
392	if (alg_k & (SSL_kDHE\|SSL_kECDHE)) {	392	if (alg_k & (SSL_kDHE\|SSL_kECDHE)) {
@@ -423,15 +423,15 @@ dtls1_accept(SSL *s)
423	if (!(s->verify_mode & SSL_VERIFY_PEER) \|\|	423	if (!(s->verify_mode & SSL_VERIFY_PEER) \|\|
424	((s->session->peer != NULL) &&	424	((s->session->peer != NULL) &&
425	(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) \|\|	425	(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) \|\|
426	((s->s3->tmp.new_cipher->algorithm_auth &	426	((S3I(s)->tmp.new_cipher->algorithm_auth &
427	SSL_aNULL) && !(s->verify_mode &	427	SSL_aNULL) && !(s->verify_mode &
428	SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {	428	SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
429	/* no cert request */	429	/* no cert request */
430	skip = 1;	430	skip = 1;
431	s->s3->tmp.cert_request = 0;	431	S3I(s)->tmp.cert_request = 0;
432	s->state = SSL3_ST_SW_SRVR_DONE_A;	432	s->state = SSL3_ST_SW_SRVR_DONE_A;
433	} else {	433	} else {
434	s->s3->tmp.cert_request = 1;	434	S3I(s)->tmp.cert_request = 1;
435	dtls1_start_timer(s);	435	dtls1_start_timer(s);
436	ret = ssl3_send_certificate_request(s);	436	ret = ssl3_send_certificate_request(s);
437	if (ret <= 0)	437	if (ret <= 0)
@@ -447,7 +447,7 @@ dtls1_accept(SSL *s)
447	ret = ssl3_send_server_done(s);	447	ret = ssl3_send_server_done(s);
448	if (ret <= 0)	448	if (ret <= 0)
449	goto end;	449	goto end;
450	s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;	450	S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
451	s->state = SSL3_ST_SW_FLUSH;	451	s->state = SSL3_ST_SW_FLUSH;
452	s->init_num = 0;	452	s->init_num = 0;
453	break;	453	break;
@@ -458,19 +458,19 @@ dtls1_accept(SSL *s)
458	/* If the write error was fatal, stop trying */	458	/* If the write error was fatal, stop trying */
459	if (!BIO_should_retry(s->wbio)) {	459	if (!BIO_should_retry(s->wbio)) {
460	s->rwstate = SSL_NOTHING;	460	s->rwstate = SSL_NOTHING;
461	s->state = s->s3->tmp.next_state;	461	s->state = S3I(s)->tmp.next_state;
462	}	462	}
463		463
464	ret = -1;	464	ret = -1;
465	goto end;	465	goto end;
466	}	466	}
467	s->rwstate = SSL_NOTHING;	467	s->rwstate = SSL_NOTHING;
468	s->state = s->s3->tmp.next_state;	468	s->state = S3I(s)->tmp.next_state;
469	break;	469	break;
470		470
471	case SSL3_ST_SR_CERT_A:	471	case SSL3_ST_SR_CERT_A:
472	case SSL3_ST_SR_CERT_B:	472	case SSL3_ST_SR_CERT_B:
473	if (s->s3->tmp.cert_request) {	473	if (S3I(s)->tmp.cert_request) {
474	ret = ssl3_get_client_certificate(s);	474	ret = ssl3_get_client_certificate(s);
475	if (ret <= 0)	475	if (ret <= 0)
476	goto end;	476	goto end;
@@ -506,7 +506,7 @@ dtls1_accept(SSL *s)
506	* For sigalgs freeze the handshake buffer	506	* For sigalgs freeze the handshake buffer
507	* at this point and digest cached records.	507	* at this point and digest cached records.
508	*/	508	*/
509	if (!s->s3->handshake_buffer) {	509	if (!S3I(s)->handshake_buffer) {
510	SSLerr(SSL_F_SSL3_ACCEPT,	510	SSLerr(SSL_F_SSL3_ACCEPT,
511	ERR_R_INTERNAL_ERROR);	511	ERR_R_INTERNAL_ERROR);
512	ret = -1;	512	ret = -1;
@@ -524,10 +524,10 @@ dtls1_accept(SSL *s)
524	/* We need to get hashes here so if there is	524	/* We need to get hashes here so if there is
525	* a client cert, it can be verified */	525	* a client cert, it can be verified */
526	s->method->ssl3_enc->cert_verify_mac(s,	526	s->method->ssl3_enc->cert_verify_mac(s,
527	NID_md5, &(s->s3->tmp.cert_verify_md[0]));	527	NID_md5, &(S3I(s)->tmp.cert_verify_md[0]));
528	s->method->ssl3_enc->cert_verify_mac(s,	528	s->method->ssl3_enc->cert_verify_mac(s,
529	NID_sha1,	529	NID_sha1,
530	&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));	530	&(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
531	}	531	}
532	break;	532	break;
533		533
@@ -582,7 +582,7 @@ dtls1_accept(SSL *s)
582	case SSL3_ST_SW_CHANGE_A:	582	case SSL3_ST_SW_CHANGE_A:
583	case SSL3_ST_SW_CHANGE_B:	583	case SSL3_ST_SW_CHANGE_B:
584		584
585	s->session->cipher = s->s3->tmp.new_cipher;	585	s->session->cipher = S3I(s)->tmp.new_cipher;
586	if (!s->method->ssl3_enc->setup_key_block(s)) {	586	if (!s->method->ssl3_enc->setup_key_block(s)) {
587	ret = -1;	587	ret = -1;
588	goto end;	588	goto end;
@@ -617,10 +617,10 @@ dtls1_accept(SSL *s)
617	goto end;	617	goto end;
618	s->state = SSL3_ST_SW_FLUSH;	618	s->state = SSL3_ST_SW_FLUSH;
619	if (s->hit) {	619	if (s->hit) {
620	s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;	620	S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A;
621		621
622	} else {	622	} else {
623	s->s3->tmp.next_state = SSL_ST_OK;	623	S3I(s)->tmp.next_state = SSL_ST_OK;
624	}	624	}
625	s->init_num = 0;	625	s->init_num = 0;
626	break;	626	break;
@@ -666,7 +666,7 @@ dtls1_accept(SSL *s)
666	/* break; */	666	/* break; */
667	}	667	}
668		668
669	if (!s->s3->tmp.reuse_message && !skip) {	669	if (!S3I(s)->tmp.reuse_message && !skip) {
670	if (s->debug) {	670	if (s->debug) {
671	if ((ret = BIO_flush(s->wbio)) <= 0)	671	if ((ret = BIO_flush(s->wbio)) <= 0)
672	goto end;	672	goto end;