diff options
| author | beck <> | 2017-01-23 06:45:30 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-23 06:45:30 +0000 |
| commit | fedd988b9f44e5e0ccf1a340f14354f32800d524 (patch) | |
| tree | dfb700c2a3d1498e8069f1fab4c6691ef0f3fef1 /src/lib/libssl/s3_pkt.c | |
| parent | 3b1c7c5973d7e6aca42940bd4e07900c35d585f5 (diff) | |
| download | openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.tar.gz openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.tar.bz2 openbsd-fedd988b9f44e5e0ccf1a340f14354f32800d524.zip | |
Move a large part of ssl_st into internal, so we can see what squeals.
ok jsing@
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 122 |
1 files changed, 61 insertions, 61 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 004ede2ef0..458a355692 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_pkt.c,v 1.63 2017/01/23 04:55:26 beck Exp $ */ | 1 | /* $OpenBSD: s3_pkt.c,v 1.64 2017/01/23 06:45:30 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -126,9 +126,9 @@ static int ssl3_get_record(SSL *s); | |||
| 126 | /* If extend == 0, obtain new n-byte packet; if extend == 1, increase | 126 | /* If extend == 0, obtain new n-byte packet; if extend == 1, increase |
| 127 | * packet by another n bytes. | 127 | * packet by another n bytes. |
| 128 | * The packet will be in the sub-array of s->s3->rbuf.buf specified | 128 | * The packet will be in the sub-array of s->s3->rbuf.buf specified |
| 129 | * by s->packet and s->packet_length. | 129 | * by s->internal->packet and s->internal->packet_length. |
| 130 | * (If s->read_ahead is set, 'max' bytes may be stored in rbuf | 130 | * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf |
| 131 | * [plus s->packet_length bytes if extend == 1].) | 131 | * [plus s->internal->packet_length bytes if extend == 1].) |
| 132 | */ | 132 | */ |
| 133 | int | 133 | int |
| 134 | ssl3_read_n(SSL *s, int n, int max, int extend) | 134 | ssl3_read_n(SSL *s, int n, int max, int extend) |
| @@ -171,8 +171,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 171 | rb->offset = align; | 171 | rb->offset = align; |
| 172 | } | 172 | } |
| 173 | } | 173 | } |
| 174 | s->packet = rb->buf + rb->offset; | 174 | s->internal->packet = rb->buf + rb->offset; |
| 175 | s->packet_length = 0; | 175 | s->internal->packet_length = 0; |
| 176 | /* ... now we can act as if 'extend' was set */ | 176 | /* ... now we can act as if 'extend' was set */ |
| 177 | } | 177 | } |
| 178 | 178 | ||
| @@ -186,7 +186,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 186 | 186 | ||
| 187 | /* if there is enough in the buffer from a previous read, take some */ | 187 | /* if there is enough in the buffer from a previous read, take some */ |
| 188 | if (left >= n) { | 188 | if (left >= n) { |
| 189 | s->packet_length += n; | 189 | s->internal->packet_length += n; |
| 190 | rb->left = left - n; | 190 | rb->left = left - n; |
| 191 | rb->offset += n; | 191 | rb->offset += n; |
| 192 | return (n); | 192 | return (n); |
| @@ -194,15 +194,15 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 194 | 194 | ||
| 195 | /* else we need to read more data */ | 195 | /* else we need to read more data */ |
| 196 | 196 | ||
| 197 | len = s->packet_length; | 197 | len = s->internal->packet_length; |
| 198 | pkt = rb->buf + align; | 198 | pkt = rb->buf + align; |
| 199 | /* Move any available bytes to front of buffer: | 199 | /* Move any available bytes to front of buffer: |
| 200 | * 'len' bytes already pointed to by 'packet', | 200 | * 'len' bytes already pointed to by 'packet', |
| 201 | * 'left' extra ones at the end */ | 201 | * 'left' extra ones at the end */ |
| 202 | if (s->packet != pkt) { | 202 | if (s->internal->packet != pkt) { |
| 203 | /* len > 0 */ | 203 | /* len > 0 */ |
| 204 | memmove(pkt, s->packet, len + left); | 204 | memmove(pkt, s->internal->packet, len + left); |
| 205 | s->packet = pkt; | 205 | s->internal->packet = pkt; |
| 206 | rb->offset = len + align; | 206 | rb->offset = len + align; |
| 207 | } | 207 | } |
| 208 | 208 | ||
| @@ -212,7 +212,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 212 | return -1; | 212 | return -1; |
| 213 | } | 213 | } |
| 214 | 214 | ||
| 215 | if (!s->read_ahead) { | 215 | if (!s->internal->read_ahead) { |
| 216 | /* ignore max parameter */ | 216 | /* ignore max parameter */ |
| 217 | max = n; | 217 | max = n; |
| 218 | } else { | 218 | } else { |
| @@ -229,7 +229,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 229 | 229 | ||
| 230 | errno = 0; | 230 | errno = 0; |
| 231 | if (s->rbio != NULL) { | 231 | if (s->rbio != NULL) { |
| 232 | s->rwstate = SSL_READING; | 232 | s->internal->rwstate = SSL_READING; |
| 233 | i = BIO_read(s->rbio, pkt + len + left, max - left); | 233 | i = BIO_read(s->rbio, pkt + len + left, max - left); |
| 234 | } else { | 234 | } else { |
| 235 | SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET); | 235 | SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET); |
| @@ -261,8 +261,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 261 | /* done reading, now the book-keeping */ | 261 | /* done reading, now the book-keeping */ |
| 262 | rb->offset += n; | 262 | rb->offset += n; |
| 263 | rb->left = left - n; | 263 | rb->left = left - n; |
| 264 | s->packet_length += n; | 264 | s->internal->packet_length += n; |
| 265 | s->rwstate = SSL_NOTHING; | 265 | s->internal->rwstate = SSL_NOTHING; |
| 266 | return (n); | 266 | return (n); |
| 267 | } | 267 | } |
| 268 | 268 | ||
| @@ -291,7 +291,7 @@ ssl3_get_record(SSL *s) | |||
| 291 | again: | 291 | again: |
| 292 | /* check if we have the header */ | 292 | /* check if we have the header */ |
| 293 | if ((s->rstate != SSL_ST_READ_BODY) || | 293 | if ((s->rstate != SSL_ST_READ_BODY) || |
| 294 | (s->packet_length < SSL3_RT_HEADER_LENGTH)) { | 294 | (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) { |
| 295 | CBS header; | 295 | CBS header; |
| 296 | uint16_t len, ssl_version; | 296 | uint16_t len, ssl_version; |
| 297 | uint8_t type; | 297 | uint8_t type; |
| @@ -301,7 +301,7 @@ again: | |||
| 301 | return(n); /* error or non-blocking */ | 301 | return(n); /* error or non-blocking */ |
| 302 | s->rstate = SSL_ST_READ_BODY; | 302 | s->rstate = SSL_ST_READ_BODY; |
| 303 | 303 | ||
| 304 | CBS_init(&header, s->packet, n); | 304 | CBS_init(&header, s->internal->packet, n); |
| 305 | 305 | ||
| 306 | /* Pull apart the header into the SSL3_RECORD */ | 306 | /* Pull apart the header into the SSL3_RECORD */ |
| 307 | if (!CBS_get_u8(&header, &type) || | 307 | if (!CBS_get_u8(&header, &type) || |
| @@ -316,11 +316,11 @@ again: | |||
| 316 | rr->length = len; | 316 | rr->length = len; |
| 317 | 317 | ||
| 318 | /* Lets check version */ | 318 | /* Lets check version */ |
| 319 | if (!s->first_packet && ssl_version != s->version) { | 319 | if (!s->internal->first_packet && ssl_version != s->version) { |
| 320 | SSLerr(SSL_F_SSL3_GET_RECORD, | 320 | SSLerr(SSL_F_SSL3_GET_RECORD, |
| 321 | SSL_R_WRONG_VERSION_NUMBER); | 321 | SSL_R_WRONG_VERSION_NUMBER); |
| 322 | if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && | 322 | if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && |
| 323 | !s->enc_write_ctx && !s->write_hash) | 323 | !s->internal->enc_write_ctx && !s->internal->write_hash) |
| 324 | /* Send back error using their minor version number :-) */ | 324 | /* Send back error using their minor version number :-) */ |
| 325 | s->version = ssl_version; | 325 | s->version = ssl_version; |
| 326 | al = SSL_AD_PROTOCOL_VERSION; | 326 | al = SSL_AD_PROTOCOL_VERSION; |
| @@ -345,24 +345,24 @@ again: | |||
| 345 | 345 | ||
| 346 | /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ | 346 | /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ |
| 347 | 347 | ||
| 348 | if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) { | 348 | if (rr->length > s->internal->packet_length - SSL3_RT_HEADER_LENGTH) { |
| 349 | /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ | 349 | /* now s->internal->packet_length == SSL3_RT_HEADER_LENGTH */ |
| 350 | i = rr->length; | 350 | i = rr->length; |
| 351 | n = ssl3_read_n(s, i, i, 1); | 351 | n = ssl3_read_n(s, i, i, 1); |
| 352 | if (n <= 0) | 352 | if (n <= 0) |
| 353 | return(n); /* error or non-blocking io */ | 353 | return(n); /* error or non-blocking io */ |
| 354 | /* now n == rr->length, | 354 | /* now n == rr->length, |
| 355 | * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ | 355 | * and s->internal->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ |
| 356 | } | 356 | } |
| 357 | 357 | ||
| 358 | s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ | 358 | s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ |
| 359 | 359 | ||
| 360 | /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | 360 | /* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, |
| 361 | * and we have that many bytes in s->packet | 361 | * and we have that many bytes in s->internal->packet |
| 362 | */ | 362 | */ |
| 363 | rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]); | 363 | rr->input = &(s->internal->packet[SSL3_RT_HEADER_LENGTH]); |
| 364 | 364 | ||
| 365 | /* ok, we can now read from 's->packet' data into 'rr' | 365 | /* ok, we can now read from 's->internal->packet' data into 'rr' |
| 366 | * rr->input points at rr->length bytes, which | 366 | * rr->input points at rr->length bytes, which |
| 367 | * need to be copied into rr->data by either | 367 | * need to be copied into rr->data by either |
| 368 | * the decryption or by the decompression | 368 | * the decryption or by the decompression |
| @@ -395,13 +395,13 @@ again: | |||
| 395 | 395 | ||
| 396 | 396 | ||
| 397 | /* r->length is now the compressed data plus mac */ | 397 | /* r->length is now the compressed data plus mac */ |
| 398 | if ((sess != NULL) && (s->enc_read_ctx != NULL) && | 398 | if ((sess != NULL) && (s->internal->enc_read_ctx != NULL) && |
| 399 | (EVP_MD_CTX_md(s->read_hash) != NULL)) { | 399 | (EVP_MD_CTX_md(s->internal->read_hash) != NULL)) { |
| 400 | /* s->read_hash != NULL => mac_size != -1 */ | 400 | /* s->internal->read_hash != NULL => mac_size != -1 */ |
| 401 | unsigned char *mac = NULL; | 401 | unsigned char *mac = NULL; |
| 402 | unsigned char mac_tmp[EVP_MAX_MD_SIZE]; | 402 | unsigned char mac_tmp[EVP_MAX_MD_SIZE]; |
| 403 | 403 | ||
| 404 | mac_size = EVP_MD_CTX_size(s->read_hash); | 404 | mac_size = EVP_MD_CTX_size(s->internal->read_hash); |
| 405 | OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); | 405 | OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); |
| 406 | 406 | ||
| 407 | /* kludge: *_cbc_remove_padding passes padding length in rr->type */ | 407 | /* kludge: *_cbc_remove_padding passes padding length in rr->type */ |
| @@ -414,14 +414,14 @@ again: | |||
| 414 | */ | 414 | */ |
| 415 | if (orig_len < mac_size || | 415 | if (orig_len < mac_size || |
| 416 | /* CBC records must have a padding length byte too. */ | 416 | /* CBC records must have a padding length byte too. */ |
| 417 | (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && | 417 | (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE && |
| 418 | orig_len < mac_size + 1)) { | 418 | orig_len < mac_size + 1)) { |
| 419 | al = SSL_AD_DECODE_ERROR; | 419 | al = SSL_AD_DECODE_ERROR; |
| 420 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); | 420 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); |
| 421 | goto f_err; | 421 | goto f_err; |
| 422 | } | 422 | } |
| 423 | 423 | ||
| 424 | if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { | 424 | if (EVP_CIPHER_CTX_mode(s->internal->enc_read_ctx) == EVP_CIPH_CBC_MODE) { |
| 425 | /* We update the length so that the TLS header bytes | 425 | /* We update the length so that the TLS header bytes |
| 426 | * can be constructed correctly but we need to extract | 426 | * can be constructed correctly but we need to extract |
| 427 | * the MAC in constant time from within the record, | 427 | * the MAC in constant time from within the record, |
| @@ -480,7 +480,7 @@ again: | |||
| 480 | */ | 480 | */ |
| 481 | 481 | ||
| 482 | /* we have pulled in a full packet so zero things */ | 482 | /* we have pulled in a full packet so zero things */ |
| 483 | s->packet_length = 0; | 483 | s->internal->packet_length = 0; |
| 484 | 484 | ||
| 485 | /* just read a 0 length packet */ | 485 | /* just read a 0 length packet */ |
| 486 | if (rr->length == 0) | 486 | if (rr->length == 0) |
| @@ -509,7 +509,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
| 509 | return -1; | 509 | return -1; |
| 510 | } | 510 | } |
| 511 | 511 | ||
| 512 | s->rwstate = SSL_NOTHING; | 512 | s->internal->rwstate = SSL_NOTHING; |
| 513 | tot = S3I(s)->wnum; | 513 | tot = S3I(s)->wnum; |
| 514 | S3I(s)->wnum = 0; | 514 | S3I(s)->wnum = 0; |
| 515 | 515 | ||
| @@ -596,12 +596,12 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 596 | wr = &(S3I(s)->wrec); | 596 | wr = &(S3I(s)->wrec); |
| 597 | sess = s->session; | 597 | sess = s->session; |
| 598 | 598 | ||
| 599 | if ((sess == NULL) || (s->enc_write_ctx == NULL) || | 599 | if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) || |
| 600 | (EVP_MD_CTX_md(s->write_hash) == NULL)) { | 600 | (EVP_MD_CTX_md(s->internal->write_hash) == NULL)) { |
| 601 | clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ | 601 | clear = s->internal->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ |
| 602 | mac_size = 0; | 602 | mac_size = 0; |
| 603 | } else { | 603 | } else { |
| 604 | mac_size = EVP_MD_CTX_size(s->write_hash); | 604 | mac_size = EVP_MD_CTX_size(s->internal->write_hash); |
| 605 | if (mac_size < 0) | 605 | if (mac_size < 0) |
| 606 | goto err; | 606 | goto err; |
| 607 | } | 607 | } |
| @@ -666,7 +666,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 666 | /* Some servers hang if iniatial client hello is larger than 256 | 666 | /* Some servers hang if iniatial client hello is larger than 256 |
| 667 | * bytes and record version number > TLS 1.0 | 667 | * bytes and record version number > TLS 1.0 |
| 668 | */ | 668 | */ |
| 669 | if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->renegotiate && | 669 | if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && |
| 670 | TLS1_get_version(s) > TLS1_VERSION) | 670 | TLS1_get_version(s) > TLS1_VERSION) |
| 671 | *(p++) = 0x1; | 671 | *(p++) = 0x1; |
| 672 | else | 672 | else |
| @@ -677,10 +677,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 677 | p += 2; | 677 | p += 2; |
| 678 | 678 | ||
| 679 | /* Explicit IV length. */ | 679 | /* Explicit IV length. */ |
| 680 | if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { | 680 | if (s->internal->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { |
| 681 | int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); | 681 | int mode = EVP_CIPHER_CTX_mode(s->internal->enc_write_ctx); |
| 682 | if (mode == EVP_CIPH_CBC_MODE) { | 682 | if (mode == EVP_CIPH_CBC_MODE) { |
| 683 | eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); | 683 | eivlen = EVP_CIPHER_CTX_iv_length(s->internal->enc_write_ctx); |
| 684 | if (eivlen <= 1) | 684 | if (eivlen <= 1) |
| 685 | eivlen = 0; | 685 | eivlen = 0; |
| 686 | } | 686 | } |
| @@ -689,9 +689,9 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 689 | eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN; | 689 | eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN; |
| 690 | else | 690 | else |
| 691 | eivlen = 0; | 691 | eivlen = 0; |
| 692 | } else if (s->aead_write_ctx != NULL && | 692 | } else if (s->internal->aead_write_ctx != NULL && |
| 693 | s->aead_write_ctx->variable_nonce_in_record) { | 693 | s->internal->aead_write_ctx->variable_nonce_in_record) { |
| 694 | eivlen = s->aead_write_ctx->variable_nonce_len; | 694 | eivlen = s->internal->aead_write_ctx->variable_nonce_len; |
| 695 | } else | 695 | } else |
| 696 | eivlen = 0; | 696 | eivlen = 0; |
| 697 | 697 | ||
| @@ -779,7 +779,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 779 | for (;;) { | 779 | for (;;) { |
| 780 | errno = 0; | 780 | errno = 0; |
| 781 | if (s->wbio != NULL) { | 781 | if (s->wbio != NULL) { |
| 782 | s->rwstate = SSL_WRITING; | 782 | s->internal->rwstate = SSL_WRITING; |
| 783 | i = BIO_write(s->wbio, | 783 | i = BIO_write(s->wbio, |
| 784 | (char *)&(wb->buf[wb->offset]), | 784 | (char *)&(wb->buf[wb->offset]), |
| 785 | (unsigned int)wb->left); | 785 | (unsigned int)wb->left); |
| @@ -793,7 +793,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) | |||
| 793 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && | 793 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && |
| 794 | !SSL_IS_DTLS(s)) | 794 | !SSL_IS_DTLS(s)) |
| 795 | ssl3_release_write_buffer(s); | 795 | ssl3_release_write_buffer(s); |
| 796 | s->rwstate = SSL_NOTHING; | 796 | s->internal->rwstate = SSL_NOTHING; |
| 797 | return (S3I(s)->wpend_ret); | 797 | return (S3I(s)->wpend_ret); |
| 798 | } else if (i <= 0) { | 798 | } else if (i <= 0) { |
| 799 | /* | 799 | /* |
| @@ -914,11 +914,11 @@ start: | |||
| 914 | } | 914 | } |
| 915 | BIO_clear_retry_flags(bio); | 915 | BIO_clear_retry_flags(bio); |
| 916 | BIO_set_retry_read(bio); | 916 | BIO_set_retry_read(bio); |
| 917 | s->rwstate = SSL_READING; | 917 | s->internal->rwstate = SSL_READING; |
| 918 | return -1; | 918 | return -1; |
| 919 | } | 919 | } |
| 920 | 920 | ||
| 921 | s->rwstate = SSL_NOTHING; | 921 | s->internal->rwstate = SSL_NOTHING; |
| 922 | 922 | ||
| 923 | /* | 923 | /* |
| 924 | * S3I(s)->rrec.type - is the type of record | 924 | * S3I(s)->rrec.type - is the type of record |
| @@ -948,9 +948,9 @@ start: | |||
| 948 | 948 | ||
| 949 | /* If the other end has shut down, throw anything we read away | 949 | /* If the other end has shut down, throw anything we read away |
| 950 | * (even in 'peek' mode) */ | 950 | * (even in 'peek' mode) */ |
| 951 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { | 951 | if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 952 | rr->length = 0; | 952 | rr->length = 0; |
| 953 | s->rwstate = SSL_NOTHING; | 953 | s->internal->rwstate = SSL_NOTHING; |
| 954 | return (0); | 954 | return (0); |
| 955 | } | 955 | } |
| 956 | 956 | ||
| @@ -960,7 +960,7 @@ start: | |||
| 960 | /* make sure that we are not getting application data when we | 960 | /* make sure that we are not getting application data when we |
| 961 | * are doing a handshake for the first time */ | 961 | * are doing a handshake for the first time */ |
| 962 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | 962 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && |
| 963 | (s->enc_read_ctx == NULL)) { | 963 | (s->internal->enc_read_ctx == NULL)) { |
| 964 | al = SSL_AD_UNEXPECTED_MESSAGE; | 964 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 965 | SSLerr(SSL_F_SSL3_READ_BYTES, | 965 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 966 | SSL_R_APP_DATA_IN_HANDSHAKE); | 966 | SSL_R_APP_DATA_IN_HANDSHAKE); |
| @@ -1075,7 +1075,7 @@ start: | |||
| 1075 | * but we trigger an SSL handshake, we return -1 with | 1075 | * but we trigger an SSL handshake, we return -1 with |
| 1076 | * the retry option set. Otherwise renegotiation may | 1076 | * the retry option set. Otherwise renegotiation may |
| 1077 | * cause nasty problems in the blocking world */ | 1077 | * cause nasty problems in the blocking world */ |
| 1078 | s->rwstate = SSL_READING; | 1078 | s->internal->rwstate = SSL_READING; |
| 1079 | bio = SSL_get_rbio(s); | 1079 | bio = SSL_get_rbio(s); |
| 1080 | BIO_clear_retry_flags(bio); | 1080 | BIO_clear_retry_flags(bio); |
| 1081 | BIO_set_retry_read(bio); | 1081 | BIO_set_retry_read(bio); |
| @@ -1126,7 +1126,7 @@ start: | |||
| 1126 | if (alert_level == SSL3_AL_WARNING) { | 1126 | if (alert_level == SSL3_AL_WARNING) { |
| 1127 | S3I(s)->warn_alert = alert_descr; | 1127 | S3I(s)->warn_alert = alert_descr; |
| 1128 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) { | 1128 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) { |
| 1129 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | 1129 | s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; |
| 1130 | return (0); | 1130 | return (0); |
| 1131 | } | 1131 | } |
| 1132 | /* This is a warning but we receive it if we requested | 1132 | /* This is a warning but we receive it if we requested |
| @@ -1145,13 +1145,13 @@ start: | |||
| 1145 | goto f_err; | 1145 | goto f_err; |
| 1146 | } | 1146 | } |
| 1147 | } else if (alert_level == SSL3_AL_FATAL) { | 1147 | } else if (alert_level == SSL3_AL_FATAL) { |
| 1148 | s->rwstate = SSL_NOTHING; | 1148 | s->internal->rwstate = SSL_NOTHING; |
| 1149 | S3I(s)->fatal_alert = alert_descr; | 1149 | S3I(s)->fatal_alert = alert_descr; |
| 1150 | SSLerr(SSL_F_SSL3_READ_BYTES, | 1150 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1151 | SSL_AD_REASON_OFFSET + alert_descr); | 1151 | SSL_AD_REASON_OFFSET + alert_descr); |
| 1152 | ERR_asprintf_error_data("SSL alert number %d", | 1152 | ERR_asprintf_error_data("SSL alert number %d", |
| 1153 | alert_descr); | 1153 | alert_descr); |
| 1154 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | 1154 | s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; |
| 1155 | SSL_CTX_remove_session(s->ctx, s->session); | 1155 | SSL_CTX_remove_session(s->ctx, s->session); |
| 1156 | return (0); | 1156 | return (0); |
| 1157 | } else { | 1157 | } else { |
| @@ -1163,9 +1163,9 @@ start: | |||
| 1163 | goto start; | 1163 | goto start; |
| 1164 | } | 1164 | } |
| 1165 | 1165 | ||
| 1166 | if (s->shutdown & SSL_SENT_SHUTDOWN) { | 1166 | if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { |
| 1167 | /* but we have not received a shutdown */ | 1167 | /* but we have not received a shutdown */ |
| 1168 | s->rwstate = SSL_NOTHING; | 1168 | s->internal->rwstate = SSL_NOTHING; |
| 1169 | rr->length = 0; | 1169 | rr->length = 0; |
| 1170 | return (0); | 1170 | return (0); |
| 1171 | } | 1171 | } |
| @@ -1218,8 +1218,8 @@ start: | |||
| 1218 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | 1218 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && |
| 1219 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { | 1219 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { |
| 1220 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; | 1220 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; |
| 1221 | s->renegotiate = 1; | 1221 | s->internal->renegotiate = 1; |
| 1222 | s->new_session = 1; | 1222 | s->internal->new_session = 1; |
| 1223 | } | 1223 | } |
| 1224 | i = s->internal->handshake_func(s); | 1224 | i = s->internal->handshake_func(s); |
| 1225 | if (i < 0) | 1225 | if (i < 0) |
| @@ -1237,7 +1237,7 @@ start: | |||
| 1237 | * but we trigger an SSL handshake, we return -1 with | 1237 | * but we trigger an SSL handshake, we return -1 with |
| 1238 | * the retry option set. Otherwise renegotiation may | 1238 | * the retry option set. Otherwise renegotiation may |
| 1239 | * cause nasty problems in the blocking world */ | 1239 | * cause nasty problems in the blocking world */ |
| 1240 | s->rwstate = SSL_READING; | 1240 | s->internal->rwstate = SSL_READING; |
| 1241 | bio = SSL_get_rbio(s); | 1241 | bio = SSL_get_rbio(s); |
| 1242 | BIO_clear_retry_flags(bio); | 1242 | BIO_clear_retry_flags(bio); |
| 1243 | BIO_set_retry_read(bio); | 1243 | BIO_set_retry_read(bio); |