Move most of DTLS1_STATE to internal.

ok jsing@
author: beck <> 2017-01-22 07:16:39 +0000
committer: beck <> 2017-01-22 07:16:39 +0000
commit: 2204d5a39055900d89c6f7fbdcc3bb37ec8070db (patch)
tree: c03f505a3f0822dbc7a4d9523cfde19318c0d121 /src/lib/libssl/s3_srvr.c
parent: 334c9196a27db4244daba48e4ba2118985c535ed (diff)
download: openbsd-2204d5a39055900d89c6f7fbdcc3bb37ec8070db.tar.gz
openbsd-2204d5a39055900d89c6f7fbdcc3bb37ec8070db.tar.bz2
openbsd-2204d5a39055900d89c6f7fbdcc3bb37ec8070db.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 72d90a85c4..7912206785 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.139 2017/01/22 06:36:49 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.140 2017/01/22 07:16:39 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -854,7 +854,7 @@ ssl3_get_client_hello(SSL *s)
                 * HelloVerify message has not been sent--make sure that it
                 * does not cause an overflow.
                 */
-                if (cookie_len > sizeof(s->d1->rcvd_cookie)) {
+                if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) {
                        /* too much data */
                        al = SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
@@ -868,19 +868,19 @@ ssl3_get_client_hello(SSL *s)
                /* verify the cookie if appropriate option is set. */
                if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
                    cookie_len > 0) {
-                        memcpy(s->d1->rcvd_cookie, p, cookie_len);
+                        memcpy(D1I(s)->rcvd_cookie, p, cookie_len);
                        if (s->ctx->app_verify_cookie_cb != NULL) {
                                if (s->ctx->app_verify_cookie_cb(s,
-                                    s->d1->rcvd_cookie, cookie_len) == 0) {
+                                    D1I(s)->rcvd_cookie, cookie_len) == 0) {
                                        al = SSL_AD_HANDSHAKE_FAILURE;
                                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
                                            SSL_R_COOKIE_MISMATCH);
                                        goto f_err;
                                }
                                /* else cookie verification succeeded */
-                        } else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
+                        } else if (timingsafe_memcmp(D1I(s)->rcvd_cookie, D1I(s)->cookie,
-                            s->d1->cookie_len) != 0) {
+                            D1I(s)->cookie_len) != 0) {
                                /* default verification */
                                al = SSL_AD_HANDSHAKE_FAILURE;
                                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
author	beck <>	2017-01-22 07:16:39 +0000
committer	beck <>	2017-01-22 07:16:39 +0000
commit	2204d5a39055900d89c6f7fbdcc3bb37ec8070db (patch)
tree	c03f505a3f0822dbc7a4d9523cfde19318c0d121 /src/lib/libssl/s3_srvr.c
parent	334c9196a27db4244daba48e4ba2118985c535ed (diff)
download	openbsd-2204d5a39055900d89c6f7fbdcc3bb37ec8070db.tar.gz openbsd-2204d5a39055900d89c6f7fbdcc3bb37ec8070db.tar.bz2 openbsd-2204d5a39055900d89c6f7fbdcc3bb37ec8070db.zip

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 72d90a85c4..7912206785 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.139 2017/01/22 06:36:49 jsing Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.140 2017/01/22 07:16:39 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -854,7 +854,7 @@ ssl3_get_client_hello(SSL *s)
854	* HelloVerify message has not been sent--make sure that it	854	* HelloVerify message has not been sent--make sure that it
855	* does not cause an overflow.	855	* does not cause an overflow.
856	*/	856	*/
857	if (cookie_len > sizeof(s->d1->rcvd_cookie)) {	857	if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) {
858	/* too much data */	858	/* too much data */
859	al = SSL_AD_DECODE_ERROR;	859	al = SSL_AD_DECODE_ERROR;
860	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,	860	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
@@ -868,19 +868,19 @@ ssl3_get_client_hello(SSL *s)
868	/* verify the cookie if appropriate option is set. */	868	/* verify the cookie if appropriate option is set. */
869	if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&	869	if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
870	cookie_len > 0) {	870	cookie_len > 0) {
871	memcpy(s->d1->rcvd_cookie, p, cookie_len);	871	memcpy(D1I(s)->rcvd_cookie, p, cookie_len);
872		872
873	if (s->ctx->app_verify_cookie_cb != NULL) {	873	if (s->ctx->app_verify_cookie_cb != NULL) {
874	if (s->ctx->app_verify_cookie_cb(s,	874	if (s->ctx->app_verify_cookie_cb(s,
875	s->d1->rcvd_cookie, cookie_len) == 0) {	875	D1I(s)->rcvd_cookie, cookie_len) == 0) {
876	al = SSL_AD_HANDSHAKE_FAILURE;	876	al = SSL_AD_HANDSHAKE_FAILURE;
877	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,	877	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
878	SSL_R_COOKIE_MISMATCH);	878	SSL_R_COOKIE_MISMATCH);
879	goto f_err;	879	goto f_err;
880	}	880	}
881	/* else cookie verification succeeded */	881	/* else cookie verification succeeded */
882	} else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie,	882	} else if (timingsafe_memcmp(D1I(s)->rcvd_cookie, D1I(s)->cookie,
883	s->d1->cookie_len) != 0) {	883	D1I(s)->cookie_len) != 0) {
884	/* default verification */	884	/* default verification */
885	al = SSL_AD_HANDSHAKE_FAILURE;	885	al = SSL_AD_HANDSHAKE_FAILURE;
886	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,	886	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,