summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_pkt.c
diff options
context:
space:
mode:
authorjsing <>2022-10-02 16:36:42 +0000
committerjsing <>2022-10-02 16:36:42 +0000
commitefde998d3821e41e124a4bfcdf103e506055fc52 (patch)
tree739f174130582d68ff159ff94cdb3fb2185e31ef /src/lib/libssl/ssl_pkt.c
parentce780ee20f92c920e451f9c3bdd6bb5fe83f4c5b (diff)
downloadopenbsd-efde998d3821e41e124a4bfcdf103e506055fc52.tar.gz
openbsd-efde998d3821e41e124a4bfcdf103e506055fc52.tar.bz2
openbsd-efde998d3821e41e124a4bfcdf103e506055fc52.zip
Get rid of SSL_CTX_INTERNAL and SSL_INTERNAL.
These are no longer necessary due to SSL_CTX and SSL now being fully opaque. Merge SSL_CTX_INTERNAL back into SSL_CTX and SSL_INTERNAL back into SSL. Prompted by tb@
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
-rw-r--r--src/lib/libssl/ssl_pkt.c152
1 files changed, 76 insertions, 76 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index d9f5a0d057..8462d03967 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.60 2022/09/11 13:51:25 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.61 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -136,16 +136,16 @@ ssl_force_want_read(SSL *s)
136 BIO_clear_retry_flags(bio); 136 BIO_clear_retry_flags(bio);
137 BIO_set_retry_read(bio); 137 BIO_set_retry_read(bio);
138 138
139 s->internal->rwstate = SSL_READING; 139 s->rwstate = SSL_READING;
140} 140}
141 141
142/* 142/*
143 * If extend == 0, obtain new n-byte packet; if extend == 1, increase 143 * If extend == 0, obtain new n-byte packet; if extend == 1, increase
144 * packet by another n bytes. 144 * packet by another n bytes.
145 * The packet will be in the sub-array of s->s3->rbuf.buf specified 145 * The packet will be in the sub-array of s->s3->rbuf.buf specified
146 * by s->internal->packet and s->internal->packet_length. 146 * by s->packet and s->packet_length.
147 * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf 147 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
148 * [plus s->internal->packet_length bytes if extend == 1].) 148 * [plus s->packet_length bytes if extend == 1].)
149 */ 149 */
150static int 150static int
151ssl3_read_n(SSL *s, int n, int max, int extend) 151ssl3_read_n(SSL *s, int n, int max, int extend)
@@ -187,8 +187,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
187 rb->offset = align; 187 rb->offset = align;
188 } 188 }
189 } 189 }
190 s->internal->packet = rb->buf + rb->offset; 190 s->packet = rb->buf + rb->offset;
191 s->internal->packet_length = 0; 191 s->packet_length = 0;
192 /* ... now we can act as if 'extend' was set */ 192 /* ... now we can act as if 'extend' was set */
193 } 193 }
194 194
@@ -202,7 +202,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
202 202
203 /* if there is enough in the buffer from a previous read, take some */ 203 /* if there is enough in the buffer from a previous read, take some */
204 if (left >= n) { 204 if (left >= n) {
205 s->internal->packet_length += n; 205 s->packet_length += n;
206 rb->left = left - n; 206 rb->left = left - n;
207 rb->offset += n; 207 rb->offset += n;
208 return (n); 208 return (n);
@@ -210,15 +210,15 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
210 210
211 /* else we need to read more data */ 211 /* else we need to read more data */
212 212
213 len = s->internal->packet_length; 213 len = s->packet_length;
214 pkt = rb->buf + align; 214 pkt = rb->buf + align;
215 /* Move any available bytes to front of buffer: 215 /* Move any available bytes to front of buffer:
216 * 'len' bytes already pointed to by 'packet', 216 * 'len' bytes already pointed to by 'packet',
217 * 'left' extra ones at the end */ 217 * 'left' extra ones at the end */
218 if (s->internal->packet != pkt) { 218 if (s->packet != pkt) {
219 /* len > 0 */ 219 /* len > 0 */
220 memmove(pkt, s->internal->packet, len + left); 220 memmove(pkt, s->packet, len + left);
221 s->internal->packet = pkt; 221 s->packet = pkt;
222 rb->offset = len + align; 222 rb->offset = len + align;
223 } 223 }
224 224
@@ -228,7 +228,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
228 return -1; 228 return -1;
229 } 229 }
230 230
231 if (s->internal->read_ahead || SSL_is_dtls(s)) { 231 if (s->read_ahead || SSL_is_dtls(s)) {
232 if (max < n) 232 if (max < n)
233 max = n; 233 max = n;
234 if (max > (int)(rb->len - rb->offset)) 234 if (max > (int)(rb->len - rb->offset))
@@ -245,7 +245,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
245 245
246 errno = 0; 246 errno = 0;
247 if (s->rbio != NULL) { 247 if (s->rbio != NULL) {
248 s->internal->rwstate = SSL_READING; 248 s->rwstate = SSL_READING;
249 i = BIO_read(s->rbio, pkt + len + left, max - left); 249 i = BIO_read(s->rbio, pkt + len + left, max - left);
250 } else { 250 } else {
251 SSLerror(s, SSL_R_READ_BIO_NOT_SET); 251 SSLerror(s, SSL_R_READ_BIO_NOT_SET);
@@ -254,7 +254,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
254 254
255 if (i <= 0) { 255 if (i <= 0) {
256 rb->left = left; 256 rb->left = left;
257 if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && 257 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
258 !SSL_is_dtls(s)) { 258 !SSL_is_dtls(s)) {
259 if (len + left == 0) 259 if (len + left == 0)
260 ssl3_release_read_buffer(s); 260 ssl3_release_read_buffer(s);
@@ -277,8 +277,8 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
277 /* done reading, now the book-keeping */ 277 /* done reading, now the book-keeping */
278 rb->offset += n; 278 rb->offset += n;
279 rb->left = left - n; 279 rb->left = left - n;
280 s->internal->packet_length += n; 280 s->packet_length += n;
281 s->internal->rwstate = SSL_NOTHING; 281 s->rwstate = SSL_NOTHING;
282 282
283 return (n); 283 return (n);
284} 284}
@@ -291,8 +291,8 @@ ssl3_packet_read(SSL *s, int plen)
291 n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0); 291 n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0);
292 if (n <= 0) 292 if (n <= 0)
293 return n; 293 return n;
294 if (s->internal->packet_length < plen) 294 if (s->packet_length < plen)
295 return s->internal->packet_length; 295 return s->packet_length;
296 296
297 return plen; 297 return plen;
298} 298}
@@ -302,15 +302,15 @@ ssl3_packet_extend(SSL *s, int plen)
302{ 302{
303 int rlen, n; 303 int rlen, n;
304 304
305 if (s->internal->packet_length >= plen) 305 if (s->packet_length >= plen)
306 return plen; 306 return plen;
307 rlen = plen - s->internal->packet_length; 307 rlen = plen - s->packet_length;
308 308
309 n = ssl3_read_n(s, rlen, rlen, 1); 309 n = ssl3_read_n(s, rlen, rlen, 1);
310 if (n <= 0) 310 if (n <= 0)
311 return n; 311 return n;
312 if (s->internal->packet_length < plen) 312 if (s->packet_length < plen)
313 return s->internal->packet_length; 313 return s->packet_length;
314 314
315 return plen; 315 return plen;
316} 316}
@@ -319,9 +319,9 @@ ssl3_packet_extend(SSL *s, int plen)
319 * It will return <= 0 if more data is needed, normally due to an error 319 * It will return <= 0 if more data is needed, normally due to an error
320 * or non-blocking IO. 320 * or non-blocking IO.
321 * When it finishes, one packet has been decoded and can be found in 321 * When it finishes, one packet has been decoded and can be found in
322 * ssl->s3->internal->rrec.type - is the type of record 322 * ssl->s3->rrec.type - is the type of record
323 * ssl->s3->internal->rrec.data, - data 323 * ssl->s3->rrec.data, - data
324 * ssl->s3->internal->rrec.length, - number of bytes 324 * ssl->s3->rrec.length, - number of bytes
325 */ 325 */
326/* used only by ssl3_read_bytes */ 326/* used only by ssl3_read_bytes */
327static int 327static int
@@ -337,8 +337,8 @@ ssl3_get_record(SSL *s)
337 337
338 again: 338 again:
339 /* check if we have the header */ 339 /* check if we have the header */
340 if ((s->internal->rstate != SSL_ST_READ_BODY) || 340 if ((s->rstate != SSL_ST_READ_BODY) ||
341 (s->internal->packet_length < SSL3_RT_HEADER_LENGTH)) { 341 (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
342 CBS header; 342 CBS header;
343 uint16_t len, ssl_version; 343 uint16_t len, ssl_version;
344 uint8_t type; 344 uint8_t type;
@@ -347,16 +347,16 @@ ssl3_get_record(SSL *s)
347 if (n <= 0) 347 if (n <= 0)
348 return (n); 348 return (n);
349 349
350 s->internal->mac_packet = 1; 350 s->mac_packet = 1;
351 s->internal->rstate = SSL_ST_READ_BODY; 351 s->rstate = SSL_ST_READ_BODY;
352 352
353 if (s->server && s->internal->first_packet) { 353 if (s->server && s->first_packet) {
354 if ((ret = ssl_server_legacy_first_packet(s)) != 1) 354 if ((ret = ssl_server_legacy_first_packet(s)) != 1)
355 return (ret); 355 return (ret);
356 ret = -1; 356 ret = -1;
357 } 357 }
358 358
359 CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH); 359 CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH);
360 360
361 /* Pull apart the header into the SSL3_RECORD_INTERNAL */ 361 /* Pull apart the header into the SSL3_RECORD_INTERNAL */
362 if (!CBS_get_u8(&header, &type) || 362 if (!CBS_get_u8(&header, &type) ||
@@ -370,9 +370,9 @@ ssl3_get_record(SSL *s)
370 rr->length = len; 370 rr->length = len;
371 371
372 /* Lets check version */ 372 /* Lets check version */
373 if (!s->internal->first_packet && ssl_version != s->version) { 373 if (!s->first_packet && ssl_version != s->version) {
374 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && 374 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
375 !tls12_record_layer_write_protected(s->internal->rl)) { 375 !tls12_record_layer_write_protected(s->rl)) {
376 /* Send back error using their minor version number :-) */ 376 /* Send back error using their minor version number :-) */
377 s->version = ssl_version; 377 s->version = ssl_version;
378 } 378 }
@@ -399,17 +399,17 @@ ssl3_get_record(SSL *s)
399 if (n != SSL3_RT_HEADER_LENGTH + rr->length) 399 if (n != SSL3_RT_HEADER_LENGTH + rr->length)
400 return (n); 400 return (n);
401 401
402 s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ 402 s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
403 403
404 /* 404 /*
405 * A full record has now been read from the wire, which now needs 405 * A full record has now been read from the wire, which now needs
406 * to be processed. 406 * to be processed.
407 */ 407 */
408 tls12_record_layer_set_version(s->internal->rl, s->version); 408 tls12_record_layer_set_version(s->rl, s->version);
409 409
410 if (!tls12_record_layer_open_record(s->internal->rl, s->internal->packet, 410 if (!tls12_record_layer_open_record(s->rl, s->packet,
411 s->internal->packet_length, &out, &out_len)) { 411 s->packet_length, &out, &out_len)) {
412 tls12_record_layer_alert(s->internal->rl, &alert_desc); 412 tls12_record_layer_alert(s->rl, &alert_desc);
413 413
414 if (alert_desc == 0) 414 if (alert_desc == 0)
415 goto err; 415 goto err;
@@ -428,7 +428,7 @@ ssl3_get_record(SSL *s)
428 rr->off = 0; 428 rr->off = 0;
429 429
430 /* we have pulled in a full packet so zero things */ 430 /* we have pulled in a full packet so zero things */
431 s->internal->packet_length = 0; 431 s->packet_length = 0;
432 432
433 if (rr->length == 0) { 433 if (rr->length == 0) {
434 /* 434 /*
@@ -446,18 +446,18 @@ ssl3_get_record(SSL *s)
446 * insert a single empty record, so we allow ourselves to read 446 * insert a single empty record, so we allow ourselves to read
447 * once past a single empty record without forcing want_read. 447 * once past a single empty record without forcing want_read.
448 */ 448 */
449 if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) { 449 if (s->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
450 SSLerror(s, SSL_R_PEER_BEHAVING_BADLY); 450 SSLerror(s, SSL_R_PEER_BEHAVING_BADLY);
451 return -1; 451 return -1;
452 } 452 }
453 if (s->internal->empty_record_count > 1) { 453 if (s->empty_record_count > 1) {
454 ssl_force_want_read(s); 454 ssl_force_want_read(s);
455 return -1; 455 return -1;
456 } 456 }
457 goto again; 457 goto again;
458 } 458 }
459 459
460 s->internal->empty_record_count = 0; 460 s->empty_record_count = 0;
461 461
462 return (1); 462 return (1);
463 463
@@ -482,12 +482,12 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
482 return -1; 482 return -1;
483 } 483 }
484 484
485 s->internal->rwstate = SSL_NOTHING; 485 s->rwstate = SSL_NOTHING;
486 tot = s->s3->wnum; 486 tot = s->s3->wnum;
487 s->s3->wnum = 0; 487 s->s3->wnum = 0;
488 488
489 if (SSL_in_init(s) && !s->internal->in_handshake) { 489 if (SSL_in_init(s) && !s->in_handshake) {
490 i = s->internal->handshake_func(s); 490 i = s->handshake_func(s);
491 if (i < 0) 491 if (i < 0)
492 return (i); 492 return (i);
493 if (i == 0) { 493 if (i == 0) {
@@ -512,7 +512,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
512 } 512 }
513 513
514 if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA && 514 if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
515 (s->internal->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { 515 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
516 /* 516 /*
517 * Next chunk of data should get another prepended 517 * Next chunk of data should get another prepended
518 * empty fragment in ciphersuites with known-IV 518 * empty fragment in ciphersuites with known-IV
@@ -573,7 +573,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
573 */ 573 */
574 version = s->version; 574 version = s->version;
575 if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B && 575 if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B &&
576 !s->internal->renegotiate && 576 !s->renegotiate &&
577 s->s3->hs.our_max_tls_version > TLS1_VERSION) 577 s->s3->hs.our_max_tls_version > TLS1_VERSION)
578 version = TLS1_VERSION; 578 version = TLS1_VERSION;
579 579
@@ -582,7 +582,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
582 * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this 582 * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this
583 * is unnecessary for AEAD. 583 * is unnecessary for AEAD.
584 */ 584 */
585 if (sess != NULL && tls12_record_layer_write_protected(s->internal->rl)) { 585 if (sess != NULL && tls12_record_layer_write_protected(s->rl)) {
586 if (s->s3->need_empty_fragments && 586 if (s->s3->need_empty_fragments &&
587 !s->s3->empty_fragment_done && 587 !s->s3->empty_fragment_done &&
588 type == SSL3_RT_APPLICATION_DATA) 588 type == SSL3_RT_APPLICATION_DATA)
@@ -603,16 +603,16 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
603 if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align)) 603 if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align))
604 goto err; 604 goto err;
605 605
606 tls12_record_layer_set_version(s->internal->rl, version); 606 tls12_record_layer_set_version(s->rl, version);
607 607
608 if (need_empty_fragment) { 608 if (need_empty_fragment) {
609 if (!tls12_record_layer_seal_record(s->internal->rl, type, 609 if (!tls12_record_layer_seal_record(s->rl, type,
610 buf, 0, &cbb)) 610 buf, 0, &cbb))
611 goto err; 611 goto err;
612 s->s3->empty_fragment_done = 1; 612 s->s3->empty_fragment_done = 1;
613 } 613 }
614 614
615 if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb)) 615 if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb))
616 goto err; 616 goto err;
617 617
618 if (!CBB_finish(&cbb, NULL, &out_len)) 618 if (!CBB_finish(&cbb, NULL, &out_len))
@@ -647,7 +647,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
647 647
648 /* XXXX */ 648 /* XXXX */
649 if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) && 649 if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) &&
650 !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || 650 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
651 (s->s3->wpend_type != type)) { 651 (s->s3->wpend_type != type)) {
652 SSLerror(s, SSL_R_BAD_WRITE_RETRY); 652 SSLerror(s, SSL_R_BAD_WRITE_RETRY);
653 return (-1); 653 return (-1);
@@ -656,7 +656,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
656 for (;;) { 656 for (;;) {
657 errno = 0; 657 errno = 0;
658 if (s->wbio != NULL) { 658 if (s->wbio != NULL) {
659 s->internal->rwstate = SSL_WRITING; 659 s->rwstate = SSL_WRITING;
660 i = BIO_write(s->wbio, (char *)&(wb->buf[wb->offset]), 660 i = BIO_write(s->wbio, (char *)&(wb->buf[wb->offset]),
661 (unsigned int)wb->left); 661 (unsigned int)wb->left);
662 } else { 662 } else {
@@ -666,10 +666,10 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
666 if (i == wb->left) { 666 if (i == wb->left) {
667 wb->left = 0; 667 wb->left = 0;
668 wb->offset += i; 668 wb->offset += i;
669 if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && 669 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
670 !SSL_is_dtls(s)) 670 !SSL_is_dtls(s))
671 ssl3_release_write_buffer(s); 671 ssl3_release_write_buffer(s);
672 s->internal->rwstate = SSL_NOTHING; 672 s->rwstate = SSL_NOTHING;
673 return (s->s3->wpend_ret); 673 return (s->s3->wpend_ret);
674 } else if (i <= 0) { 674 } else if (i <= 0) {
675 /* 675 /*
@@ -731,7 +731,7 @@ ssl3_read_alert(SSL *s)
731 if (alert_level == SSL3_AL_WARNING) { 731 if (alert_level == SSL3_AL_WARNING) {
732 s->s3->warn_alert = alert_descr; 732 s->s3->warn_alert = alert_descr;
733 if (alert_descr == SSL_AD_CLOSE_NOTIFY) { 733 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
734 s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; 734 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
735 return 0; 735 return 0;
736 } 736 }
737 /* We requested renegotiation and the peer rejected it. */ 737 /* We requested renegotiation and the peer rejected it. */
@@ -742,11 +742,11 @@ ssl3_read_alert(SSL *s)
742 return -1; 742 return -1;
743 } 743 }
744 } else if (alert_level == SSL3_AL_FATAL) { 744 } else if (alert_level == SSL3_AL_FATAL) {
745 s->internal->rwstate = SSL_NOTHING; 745 s->rwstate = SSL_NOTHING;
746 s->s3->fatal_alert = alert_descr; 746 s->s3->fatal_alert = alert_descr;
747 SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); 747 SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
748 ERR_asprintf_error_data("SSL alert number %d", alert_descr); 748 ERR_asprintf_error_data("SSL alert number %d", alert_descr);
749 s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; 749 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
750 SSL_CTX_remove_session(s->ctx, s->session); 750 SSL_CTX_remove_session(s->ctx, s->session);
751 return 0; 751 return 0;
752 } else { 752 } else {
@@ -847,7 +847,7 @@ ssl3_read_handshake_unexpected(SSL *s)
847 if (s->s3->handshake_fragment_len < sizeof(s->s3->handshake_fragment)) 847 if (s->s3->handshake_fragment_len < sizeof(s->s3->handshake_fragment))
848 return 1; 848 return 1;
849 849
850 if (s->internal->in_handshake) { 850 if (s->in_handshake) {
851 SSLerror(s, ERR_R_INTERNAL_ERROR); 851 SSLerror(s, ERR_R_INTERNAL_ERROR);
852 return -1; 852 return -1;
853 } 853 }
@@ -937,7 +937,7 @@ ssl3_read_handshake_unexpected(SSL *s)
937 return -1; 937 return -1;
938 } 938 }
939 939
940 if ((s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) { 940 if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0) {
941 ssl3_send_alert(s, SSL3_AL_FATAL, 941 ssl3_send_alert(s, SSL3_AL_FATAL,
942 SSL_AD_NO_RENEGOTIATION); 942 SSL_AD_NO_RENEGOTIATION);
943 return -1; 943 return -1;
@@ -957,8 +957,8 @@ ssl3_read_handshake_unexpected(SSL *s)
957 } 957 }
958 958
959 s->s3->hs.state = SSL_ST_ACCEPT; 959 s->s3->hs.state = SSL_ST_ACCEPT;
960 s->internal->renegotiate = 1; 960 s->renegotiate = 1;
961 s->internal->new_session = 1; 961 s->new_session = 1;
962 962
963 } else { 963 } else {
964 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 964 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
@@ -966,14 +966,14 @@ ssl3_read_handshake_unexpected(SSL *s)
966 return -1; 966 return -1;
967 } 967 }
968 968
969 if ((ret = s->internal->handshake_func(s)) < 0) 969 if ((ret = s->handshake_func(s)) < 0)
970 return ret; 970 return ret;
971 if (ret == 0) { 971 if (ret == 0) {
972 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); 972 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
973 return -1; 973 return -1;
974 } 974 }
975 975
976 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { 976 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
977 if (s->s3->rbuf.left == 0) { 977 if (s->s3->rbuf.left == 0) {
978 ssl_force_want_read(s); 978 ssl_force_want_read(s);
979 return -1; 979 return -1;
@@ -1062,8 +1062,8 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1062 return n; 1062 return n;
1063 } 1063 }
1064 1064
1065 if (SSL_in_init(s) && !s->internal->in_handshake) { 1065 if (SSL_in_init(s) && !s->in_handshake) {
1066 if ((ret = s->internal->handshake_func(s)) < 0) 1066 if ((ret = s->handshake_func(s)) < 0)
1067 return ret; 1067 return ret;
1068 if (ret == 0) { 1068 if (ret == 0) {
1069 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); 1069 SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
@@ -1085,11 +1085,11 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1085 return -1; 1085 return -1;
1086 } 1086 }
1087 1087
1088 s->internal->rwstate = SSL_NOTHING; 1088 s->rwstate = SSL_NOTHING;
1089 1089
1090 rr = &s->s3->rrec; 1090 rr = &s->s3->rrec;
1091 1091
1092 if (rr->length == 0 || s->internal->rstate == SSL_ST_READ_BODY) { 1092 if (rr->length == 0 || s->rstate == SSL_ST_READ_BODY) {
1093 if ((ret = ssl3_get_record(s)) <= 0) 1093 if ((ret = ssl3_get_record(s)) <= 0)
1094 return ret; 1094 return ret;
1095 } 1095 }
@@ -1106,8 +1106,8 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1106 * If the other end has shut down, throw anything we read away (even in 1106 * If the other end has shut down, throw anything we read away (even in
1107 * 'peek' mode). 1107 * 'peek' mode).
1108 */ 1108 */
1109 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { 1109 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1110 s->internal->rwstate = SSL_NOTHING; 1110 s->rwstate = SSL_NOTHING;
1111 rr->length = 0; 1111 rr->length = 0;
1112 return 0; 1112 return 0;
1113 } 1113 }
@@ -1119,7 +1119,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1119 * are doing a handshake for the first time. 1119 * are doing a handshake for the first time.
1120 */ 1120 */
1121 if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA && 1121 if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
1122 !tls12_record_layer_read_protected(s->internal->rl)) { 1122 !tls12_record_layer_read_protected(s->rl)) {
1123 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); 1123 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
1124 ssl3_send_alert(s, SSL3_AL_FATAL, 1124 ssl3_send_alert(s, SSL3_AL_FATAL,
1125 SSL_AD_UNEXPECTED_MESSAGE); 1125 SSL_AD_UNEXPECTED_MESSAGE);
@@ -1140,9 +1140,9 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1140 rr->length -= n; 1140 rr->length -= n;
1141 rr->off += n; 1141 rr->off += n;
1142 if (rr->length == 0) { 1142 if (rr->length == 0) {
1143 s->internal->rstate = SSL_ST_READ_HEADER; 1143 s->rstate = SSL_ST_READ_HEADER;
1144 rr->off = 0; 1144 rr->off = 0;
1145 if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && 1145 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
1146 s->s3->rbuf.left == 0) 1146 s->s3->rbuf.left == 0)
1147 ssl3_release_read_buffer(s); 1147 ssl3_release_read_buffer(s);
1148 } 1148 }
@@ -1162,8 +1162,8 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
1162 goto start; 1162 goto start;
1163 } 1163 }
1164 1164
1165 if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { 1165 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1166 s->internal->rwstate = SSL_NOTHING; 1166 s->rwstate = SSL_NOTHING;
1167 rr->length = 0; 1167 rr->length = 0;
1168 return 0; 1168 return 0;
1169 } 1169 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-26 09:43:03 +0000