Move state from ssl->internal to the handshake structure.

while we are at it, convert SSLerror to use a function internally, so that we may later allocate the handshake structure and check for it ok jsing@
author: beck <> 2017-05-07 04:22:24 +0000
committer: beck <> 2017-05-07 04:22:24 +0000
commit: 3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5 (patch)
tree: 9f980ffff8490ca0af628971a6d8ceb4a23d3b99 /src/lib/libssl/ssl_pkt.c
parent: 2145114fc4f04a6a75134ef92bc551a976292150 (diff)
download: openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.gz
openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.bz2
openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.zip
1 files changed, 12 insertions, 12 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 953f3c118f..163b0292af 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.11 2017/05/06 22:24:58 beck Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.12 2017/05/07 04:22:24 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -728,7 +728,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        /* Some servers hang if iniatial client hello is larger than 256
         * bytes and record version number > TLS 1.0
         */
-        if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
+        if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
            TLS1_get_version(s) > TLS1_VERSION)
                *(p++) = 0x1;
        else
@@ -1266,9 +1266,9 @@ start:
        /* Unexpected handshake message (Client Hello, or protocol violation) */
        if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) {
-                if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) &&
+                if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
                    !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
-                        s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+                        S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
                        s->internal->renegotiate = 1;
                        s->internal->new_session = 1;
                }
@@ -1326,12 +1326,12 @@ start:
                 */
                if (S3I(s)->in_read_app_data &&
                    (S3I(s)->total_renegotiations != 0) &&
-                    (((s->internal->state & SSL_ST_CONNECT) &&
+                    (((S3I(s)->hs.state & SSL_ST_CONNECT) &&
-                    (s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+                    (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
-                    (s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
+                    (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
-                    ((s->internal->state & SSL_ST_ACCEPT) &&
+                    ((S3I(s)->hs.state & SSL_ST_ACCEPT) &&
-                    (s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) &&
+                    (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
-                    (s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
+                    (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
                        S3I(s)->in_read_app_data = 2;
                        return (-1);
                } else {
@@ -1355,7 +1355,7 @@ ssl3_do_change_cipher_spec(SSL *s)
        const char *sender;
        int slen;
-        if (s->internal->state & SSL_ST_ACCEPT)
+        if (S3I(s)->hs.state & SSL_ST_ACCEPT)
                i = SSL3_CHANGE_CIPHER_SERVER_READ;
        else
                i = SSL3_CHANGE_CIPHER_CLIENT_READ;
@@ -1378,7 +1378,7 @@ ssl3_do_change_cipher_spec(SSL *s)
        /* we have to record the message digest at
         * this point so we can get it before we read
         * the finished message */
-        if (s->internal->state & SSL_ST_CONNECT) {
+        if (S3I(s)->hs.state & SSL_ST_CONNECT) {
                sender = TLS_MD_SERVER_FINISH_CONST;
                slen = TLS_MD_SERVER_FINISH_CONST_SIZE;
        } else {
author	beck <>	2017-05-07 04:22:24 +0000
committer	beck <>	2017-05-07 04:22:24 +0000
commit	3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5 (patch)
tree	9f980ffff8490ca0af628971a6d8ceb4a23d3b99 /src/lib/libssl/ssl_pkt.c
parent	2145114fc4f04a6a75134ef92bc551a976292150 (diff)
download	openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.gz openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.tar.bz2 openbsd-3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5.zip

diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 953f3c118f..163b0292af 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_pkt.c,v 1.11 2017/05/06 22:24:58 beck Exp $ */	1	/* $OpenBSD: ssl_pkt.c,v 1.12 2017/05/07 04:22:24 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -728,7 +728,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf,
728	/* Some servers hang if iniatial client hello is larger than 256	728	/* Some servers hang if iniatial client hello is larger than 256
729	* bytes and record version number > TLS 1.0	729	* bytes and record version number > TLS 1.0
730	*/	730	*/
731	if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&	731	if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
732	TLS1_get_version(s) > TLS1_VERSION)	732	TLS1_get_version(s) > TLS1_VERSION)
733	*(p++) = 0x1;	733	*(p++) = 0x1;
734	else	734	else
@@ -1266,9 +1266,9 @@ start:
1266		1266
1267	/* Unexpected handshake message (Client Hello, or protocol violation) */	1267	/* Unexpected handshake message (Client Hello, or protocol violation) */
1268	if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) {	1268	if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) {
1269	if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) &&	1269	if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
1270	!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {	1270	!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1271	s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;	1271	S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1272	s->internal->renegotiate = 1;	1272	s->internal->renegotiate = 1;
1273	s->internal->new_session = 1;	1273	s->internal->new_session = 1;
1274	}	1274	}
@@ -1326,12 +1326,12 @@ start:
1326	*/	1326	*/
1327	if (S3I(s)->in_read_app_data &&	1327	if (S3I(s)->in_read_app_data &&
1328	(S3I(s)->total_renegotiations != 0) &&	1328	(S3I(s)->total_renegotiations != 0) &&
1329	(((s->internal->state & SSL_ST_CONNECT) &&	1329	(((S3I(s)->hs.state & SSL_ST_CONNECT) &&
1330	(s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) &&	1330	(S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1331	(s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) \|\|	1331	(S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) \|\|
1332	((s->internal->state & SSL_ST_ACCEPT) &&	1332	((S3I(s)->hs.state & SSL_ST_ACCEPT) &&
1333	(s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) &&	1333	(S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
1334	(s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {	1334	(S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1335	S3I(s)->in_read_app_data = 2;	1335	S3I(s)->in_read_app_data = 2;
1336	return (-1);	1336	return (-1);
1337	} else {	1337	} else {
@@ -1355,7 +1355,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1355	const char *sender;	1355	const char *sender;
1356	int slen;	1356	int slen;
1357		1357
1358	if (s->internal->state & SSL_ST_ACCEPT)	1358	if (S3I(s)->hs.state & SSL_ST_ACCEPT)
1359	i = SSL3_CHANGE_CIPHER_SERVER_READ;	1359	i = SSL3_CHANGE_CIPHER_SERVER_READ;
1360	else	1360	else
1361	i = SSL3_CHANGE_CIPHER_CLIENT_READ;	1361	i = SSL3_CHANGE_CIPHER_CLIENT_READ;
@@ -1378,7 +1378,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1378	/* we have to record the message digest at	1378	/* we have to record the message digest at
1379	* this point so we can get it before we read	1379	* this point so we can get it before we read
1380	* the finished message */	1380	* the finished message */
1381	if (s->internal->state & SSL_ST_CONNECT) {	1381	if (S3I(s)->hs.state & SSL_ST_CONNECT) {
1382	sender = TLS_MD_SERVER_FINISH_CONST;	1382	sender = TLS_MD_SERVER_FINISH_CONST;
1383	slen = TLS_MD_SERVER_FINISH_CONST_SIZE;	1383	slen = TLS_MD_SERVER_FINISH_CONST_SIZE;
1384	} else {	1384	} else {