Make more of libssl's record layer state internal.

In January 2017, we changed large amounts of libssl's data structures to be non-visible/internal, however intentionally left things that the software ecosystem was needing to use. The four or so applications that reached into libssl for record layer related state now implement alternative code. As such, make these data structures internal. ok tb@
author: jsing <> 2018-10-24 18:04:50 +0000
committer: jsing <> 2018-10-24 18:04:50 +0000
commit: d7e0aa4b59fc46f038370bf8dc64821eb4a7d804 (patch)
tree: ce8dad95e6021ab405b0ec175b26682e47bea424 /src/lib/libssl/ssl_pkt.c
parent: c988048231bcb1d2abd6613e83760d63c461a080 (diff)
download: openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.tar.gz
openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.tar.bz2
openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.zip
1 files changed, 24 insertions, 24 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 4e3ac7722a..6e3764d360 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.13 2018/09/08 14:39:41 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.14 2018/10/24 18:04:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -141,7 +141,7 @@ ssl_force_want_read(SSL *s)
 /*
 * If extend == 0, obtain new n-byte packet; if extend == 1, increase
 * packet by another n bytes.
- * The packet will be in the sub-array of s->s3->rbuf.buf specified
+ * The packet will be in the sub-array of S3I(s)->rbuf.buf specified
 * by s->internal->packet and s->internal->packet_length.
 * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf
 * [plus s->internal->packet_length bytes if extend == 1].)
@@ -157,7 +157,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
        if (n <= 0)
                return n;
-        rb = &(s->s3->rbuf);
+        rb = &(S3I(s)->rbuf);
        if (rb->buf == NULL)
                if (!ssl3_setup_read_buffer(s))
                        return -1;
@@ -239,7 +239,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
        }
        while (left < n) {
-                /* Now we have len+left bytes at the front of s->s3->rbuf.buf
+                /* Now we have len+left bytes at the front of S3I(s)->rbuf.buf
                 * and need to read in more until we have len+n (up to
                 * len+max if possible) */
@@ -288,7 +288,7 @@ ssl3_packet_read(SSL *s, int plen)
 {
        int n;
-        n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0);
+        n = ssl3_read_n(s, plen, S3I(s)->rbuf.len, 0);
        if (n <= 0)
                return n;
        if (s->internal->packet_length < plen)
@@ -387,7 +387,7 @@ ssl3_get_record(SSL *s)
                        goto err;
                }
-                if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
+                if (rr->length > S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH) {
                        al = SSL_AD_RECORD_OVERFLOW;
                        SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
                        goto f_err;
@@ -629,7 +629,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        int eivlen;
        size_t align;
        SSL3_RECORD *wr;
-        SSL3_BUFFER *wb = &(s->s3->wbuf);
+        SSL3_BUFFER *wb = &(S3I(s)->wbuf);
        SSL_SESSION *sess;
        if (wb->buf == NULL)
@@ -642,7 +642,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                return (ssl3_write_pending(s, type, buf, len));
        /* If we have an alert to send, lets send it */
-        if (s->s3->alert_dispatch) {
+        if (S3I(s)->alert_dispatch) {
                i = s->method->ssl_dispatch_alert(s);
                if (i <= 0)
                        return (i);
@@ -818,12 +818,12 @@ err:
        return -1;
 }
-/* if s->s3->wbuf.left != 0, we need to call this */
+/* if S3I(s)->wbuf.left != 0, we need to call this */
 int
 ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
 {
        int i;
-        SSL3_BUFFER *wb = &(s->s3->wbuf);
+        SSL3_BUFFER *wb = &(S3I(s)->wbuf);
        /* XXXX */
        if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
@@ -901,7 +901,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
        unsigned int n;
        SSL3_RECORD *rr;
-        if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
+        if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
                if (!ssl3_setup_read_buffer(s))
                        return (-1);
@@ -1031,7 +1031,7 @@ start:
                                s->internal->rstate = SSL_ST_READ_HEADER;
                                rr->off = 0;
                                if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&
-                                    s->s3->rbuf.left == 0)
+                                    S3I(s)->rbuf.left == 0)
                                        ssl3_release_read_buffer(s);
                        }
                }
@@ -1115,7 +1115,7 @@ start:
                                }
                                if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
-                                        if (s->s3->rbuf.left == 0) {
+                                        if (S3I(s)->rbuf.left == 0) {
                                                /* no read-ahead left? */
                        /* In the case where we try to read application data,
                         * but we trigger an SSL handshake, we return -1 with
@@ -1276,7 +1276,7 @@ start:
                }
                if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
-                        if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
+                        if (S3I(s)->rbuf.left == 0) { /* no read-ahead left? */
                                /* In the case where we try to read application data,
                                 * but we trigger an SSL handshake, we return -1 with
                                 * the retry option set.  Otherwise renegotiation may
@@ -1403,10 +1403,10 @@ ssl3_send_alert(SSL *s, int level, int desc)
        if ((level == 2) && (s->session != NULL))
                SSL_CTX_remove_session(s->ctx, s->session);
-        s->s3->alert_dispatch = 1;
+        S3I(s)->alert_dispatch = 1;
-        s->s3->send_alert[0] = level;
+        S3I(s)->send_alert[0] = level;
-        s->s3->send_alert[1] = desc;
+        S3I(s)->send_alert[1] = desc;
-        if (s->s3->wbuf.left == 0) /* data still being written out? */
+        if (S3I(s)->wbuf.left == 0) /* data still being written out? */
                return s->method->ssl_dispatch_alert(s);
        /* else data is still being written out, we will get written
@@ -1420,20 +1420,20 @@ ssl3_dispatch_alert(SSL *s)
        int i, j;
        void (*cb)(const SSL *ssl, int type, int val) = NULL;
-        s->s3->alert_dispatch = 0;
+        S3I(s)->alert_dispatch = 0;
-        i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
+        i = do_ssl3_write(s, SSL3_RT_ALERT, &S3I(s)->send_alert[0], 2, 0);
        if (i <= 0) {
-                s->s3->alert_dispatch = 1;
+                S3I(s)->alert_dispatch = 1;
        } else {
                /* Alert sent to BIO.  If it is important, flush it now.
                 * If the message does not get sent due to non-blocking IO,
                 * we will not worry too much. */
-                if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+                if (S3I(s)->send_alert[0] == SSL3_AL_FATAL)
                        (void)BIO_flush(s->wbio);
                if (s->internal->msg_callback)
                        s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,
-                            s->s3->send_alert, 2, s, s->internal->msg_callback_arg);
+                            S3I(s)->send_alert, 2, s, s->internal->msg_callback_arg);
                if (s->internal->info_callback != NULL)
                        cb = s->internal->info_callback;
@@ -1441,7 +1441,7 @@ ssl3_dispatch_alert(SSL *s)
                        cb = s->ctx->internal->info_callback;
                if (cb != NULL) {
-                        j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
+                        j = (S3I(s)->send_alert[0]<<8)|S3I(s)->send_alert[1];
                        cb(s, SSL_CB_WRITE_ALERT, j);
                }
        }
author	jsing <>	2018-10-24 18:04:50 +0000
committer	jsing <>	2018-10-24 18:04:50 +0000
commit	d7e0aa4b59fc46f038370bf8dc64821eb4a7d804 (patch)
tree	ce8dad95e6021ab405b0ec175b26682e47bea424 /src/lib/libssl/ssl_pkt.c
parent	c988048231bcb1d2abd6613e83760d63c461a080 (diff)
download	openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.tar.gz openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.tar.bz2 openbsd-d7e0aa4b59fc46f038370bf8dc64821eb4a7d804.zip

diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 4e3ac7722a..6e3764d360 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_pkt.c,v 1.13 2018/09/08 14:39:41 jsing Exp $ */	1	/* $OpenBSD: ssl_pkt.c,v 1.14 2018/10/24 18:04:50 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -141,7 +141,7 @@ ssl_force_want_read(SSL *s)
141	/*	141	/*
142	* If extend == 0, obtain new n-byte packet; if extend == 1, increase	142	* If extend == 0, obtain new n-byte packet; if extend == 1, increase
143	* packet by another n bytes.	143	* packet by another n bytes.
144	* The packet will be in the sub-array of s->s3->rbuf.buf specified	144	* The packet will be in the sub-array of S3I(s)->rbuf.buf specified
145	* by s->internal->packet and s->internal->packet_length.	145	* by s->internal->packet and s->internal->packet_length.
146	* (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf	146	* (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf
147	* [plus s->internal->packet_length bytes if extend == 1].)	147	* [plus s->internal->packet_length bytes if extend == 1].)
@@ -157,7 +157,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
157	if (n <= 0)	157	if (n <= 0)
158	return n;	158	return n;
159		159
160	rb = &(s->s3->rbuf);	160	rb = &(S3I(s)->rbuf);
161	if (rb->buf == NULL)	161	if (rb->buf == NULL)
162	if (!ssl3_setup_read_buffer(s))	162	if (!ssl3_setup_read_buffer(s))
163	return -1;	163	return -1;
@@ -239,7 +239,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
239	}	239	}
240		240
241	while (left < n) {	241	while (left < n) {
242	/* Now we have len+left bytes at the front of s->s3->rbuf.buf	242	/* Now we have len+left bytes at the front of S3I(s)->rbuf.buf
243	* and need to read in more until we have len+n (up to	243	* and need to read in more until we have len+n (up to
244	* len+max if possible) */	244	* len+max if possible) */
245		245
@@ -288,7 +288,7 @@ ssl3_packet_read(SSL *s, int plen)
288	{	288	{
289	int n;	289	int n;
290		290
291	n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0);	291	n = ssl3_read_n(s, plen, S3I(s)->rbuf.len, 0);
292	if (n <= 0)	292	if (n <= 0)
293	return n;	293	return n;
294	if (s->internal->packet_length < plen)	294	if (s->internal->packet_length < plen)
@@ -387,7 +387,7 @@ ssl3_get_record(SSL *s)
387	goto err;	387	goto err;
388	}	388	}
389		389
390	if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {	390	if (rr->length > S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH) {
391	al = SSL_AD_RECORD_OVERFLOW;	391	al = SSL_AD_RECORD_OVERFLOW;
392	SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);	392	SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
393	goto f_err;	393	goto f_err;
@@ -629,7 +629,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf,
629	int eivlen;	629	int eivlen;
630	size_t align;	630	size_t align;
631	SSL3_RECORD *wr;	631	SSL3_RECORD *wr;
632	SSL3_BUFFER *wb = &(s->s3->wbuf);	632	SSL3_BUFFER *wb = &(S3I(s)->wbuf);
633	SSL_SESSION *sess;	633	SSL_SESSION *sess;
634		634
635	if (wb->buf == NULL)	635	if (wb->buf == NULL)
@@ -642,7 +642,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf,
642	return (ssl3_write_pending(s, type, buf, len));	642	return (ssl3_write_pending(s, type, buf, len));
643		643
644	/* If we have an alert to send, lets send it */	644	/* If we have an alert to send, lets send it */
645	if (s->s3->alert_dispatch) {	645	if (S3I(s)->alert_dispatch) {
646	i = s->method->ssl_dispatch_alert(s);	646	i = s->method->ssl_dispatch_alert(s);
647	if (i <= 0)	647	if (i <= 0)
648	return (i);	648	return (i);
@@ -818,12 +818,12 @@ err:
818	return -1;	818	return -1;
819	}	819	}
820		820
821	/* if s->s3->wbuf.left != 0, we need to call this */	821	/* if S3I(s)->wbuf.left != 0, we need to call this */
822	int	822	int
823	ssl3_write_pending(SSL s, int type, const unsigned char buf, unsigned int len)	823	ssl3_write_pending(SSL s, int type, const unsigned char buf, unsigned int len)
824	{	824	{
825	int i;	825	int i;
826	SSL3_BUFFER *wb = &(s->s3->wbuf);	826	SSL3_BUFFER *wb = &(S3I(s)->wbuf);
827		827
828	/* XXXX */	828	/* XXXX */
829	if ((S3I(s)->wpend_tot > (int)len) \|\| ((S3I(s)->wpend_buf != buf) &&	829	if ((S3I(s)->wpend_tot > (int)len) \|\| ((S3I(s)->wpend_buf != buf) &&
@@ -901,7 +901,7 @@ ssl3_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
901	unsigned int n;	901	unsigned int n;
902	SSL3_RECORD *rr;	902	SSL3_RECORD *rr;
903		903
904	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */	904	if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
905	if (!ssl3_setup_read_buffer(s))	905	if (!ssl3_setup_read_buffer(s))
906	return (-1);	906	return (-1);
907		907
@@ -1031,7 +1031,7 @@ start:
1031	s->internal->rstate = SSL_ST_READ_HEADER;	1031	s->internal->rstate = SSL_ST_READ_HEADER;
1032	rr->off = 0;	1032	rr->off = 0;
1033	if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&	1033	if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&
1034	s->s3->rbuf.left == 0)	1034	S3I(s)->rbuf.left == 0)
1035	ssl3_release_read_buffer(s);	1035	ssl3_release_read_buffer(s);
1036	}	1036	}
1037	}	1037	}
@@ -1115,7 +1115,7 @@ start:
1115	}	1115	}
1116		1116
1117	if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {	1117	if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
1118	if (s->s3->rbuf.left == 0) {	1118	if (S3I(s)->rbuf.left == 0) {
1119	/* no read-ahead left? */	1119	/* no read-ahead left? */
1120	/* In the case where we try to read application data,	1120	/* In the case where we try to read application data,
1121	* but we trigger an SSL handshake, we return -1 with	1121	* but we trigger an SSL handshake, we return -1 with
@@ -1276,7 +1276,7 @@ start:
1276	}	1276	}
1277		1277
1278	if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {	1278	if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
1279	if (s->s3->rbuf.left == 0) { /* no read-ahead left? */	1279	if (S3I(s)->rbuf.left == 0) { /* no read-ahead left? */
1280	/* In the case where we try to read application data,	1280	/* In the case where we try to read application data,
1281	* but we trigger an SSL handshake, we return -1 with	1281	* but we trigger an SSL handshake, we return -1 with
1282	* the retry option set. Otherwise renegotiation may	1282	* the retry option set. Otherwise renegotiation may
@@ -1403,10 +1403,10 @@ ssl3_send_alert(SSL *s, int level, int desc)
1403	if ((level == 2) && (s->session != NULL))	1403	if ((level == 2) && (s->session != NULL))
1404	SSL_CTX_remove_session(s->ctx, s->session);	1404	SSL_CTX_remove_session(s->ctx, s->session);
1405		1405
1406	s->s3->alert_dispatch = 1;	1406	S3I(s)->alert_dispatch = 1;
1407	s->s3->send_alert[0] = level;	1407	S3I(s)->send_alert[0] = level;
1408	s->s3->send_alert[1] = desc;	1408	S3I(s)->send_alert[1] = desc;
1409	if (s->s3->wbuf.left == 0) /* data still being written out? */	1409	if (S3I(s)->wbuf.left == 0) /* data still being written out? */
1410	return s->method->ssl_dispatch_alert(s);	1410	return s->method->ssl_dispatch_alert(s);
1411		1411
1412	/* else data is still being written out, we will get written	1412	/* else data is still being written out, we will get written
@@ -1420,20 +1420,20 @@ ssl3_dispatch_alert(SSL *s)
1420	int i, j;	1420	int i, j;
1421	void (cb)(const SSL ssl, int type, int val) = NULL;	1421	void (cb)(const SSL ssl, int type, int val) = NULL;
1422		1422
1423	s->s3->alert_dispatch = 0;	1423	S3I(s)->alert_dispatch = 0;
1424	i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);	1424	i = do_ssl3_write(s, SSL3_RT_ALERT, &S3I(s)->send_alert[0], 2, 0);
1425	if (i <= 0) {	1425	if (i <= 0) {
1426	s->s3->alert_dispatch = 1;	1426	S3I(s)->alert_dispatch = 1;
1427	} else {	1427	} else {
1428	/* Alert sent to BIO. If it is important, flush it now.	1428	/* Alert sent to BIO. If it is important, flush it now.
1429	* If the message does not get sent due to non-blocking IO,	1429	* If the message does not get sent due to non-blocking IO,
1430	* we will not worry too much. */	1430	* we will not worry too much. */
1431	if (s->s3->send_alert[0] == SSL3_AL_FATAL)	1431	if (S3I(s)->send_alert[0] == SSL3_AL_FATAL)
1432	(void)BIO_flush(s->wbio);	1432	(void)BIO_flush(s->wbio);
1433		1433
1434	if (s->internal->msg_callback)	1434	if (s->internal->msg_callback)
1435	s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,	1435	s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,
1436	s->s3->send_alert, 2, s, s->internal->msg_callback_arg);	1436	S3I(s)->send_alert, 2, s, s->internal->msg_callback_arg);
1437		1437
1438	if (s->internal->info_callback != NULL)	1438	if (s->internal->info_callback != NULL)
1439	cb = s->internal->info_callback;	1439	cb = s->internal->info_callback;
@@ -1441,7 +1441,7 @@ ssl3_dispatch_alert(SSL *s)
1441	cb = s->ctx->internal->info_callback;	1441	cb = s->ctx->internal->info_callback;
1442		1442
1443	if (cb != NULL) {	1443	if (cb != NULL) {
1444	j = (s->s3->send_alert[0]<<8)\|s->s3->send_alert[1];	1444	j = (S3I(s)->send_alert[0]<<8)\|S3I(s)->send_alert[1];
1445	cb(s, SSL_CB_WRITE_ALERT, j);	1445	cb(s, SSL_CB_WRITE_ALERT, j);
1446	}	1446	}
1447	}	1447	}