diff options
| author | jsing <> | 2020-10-14 16:57:33 +0000 |
|---|---|---|
| committer | jsing <> | 2020-10-14 16:57:33 +0000 |
| commit | e60f5a8fe5ed7844d5dc6f1c9dbcf86fce1ae298 (patch) | |
| tree | 78cf866b36bb0fdd2fbaafb054ed0c36fcef0747 /src/lib/libssl/ssl_srvr.c | |
| parent | a94866305ad306011ef3cb3dade3f2c6c1c5dec0 (diff) | |
| download | openbsd-e60f5a8fe5ed7844d5dc6f1c9dbcf86fce1ae298.tar.gz openbsd-e60f5a8fe5ed7844d5dc6f1c9dbcf86fce1ae298.tar.bz2 openbsd-e60f5a8fe5ed7844d5dc6f1c9dbcf86fce1ae298.zip | |
Replace SSL_IS_DTLS with SSL_is_dtls().
Garbage collect the now unused SSL_IS_DTLS macro.
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 3b848f4b40..ac3669550c 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.87 2020/10/11 02:22:27 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.88 2020/10/14 16:57:33 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -186,7 +186,7 @@ ssl3_accept(SSL *s) | |||
| 186 | else if (s->ctx->internal->info_callback != NULL) | 186 | else if (s->ctx->internal->info_callback != NULL) |
| 187 | cb = s->ctx->internal->info_callback; | 187 | cb = s->ctx->internal->info_callback; |
| 188 | 188 | ||
| 189 | if (SSL_IS_DTLS(s)) | 189 | if (SSL_is_dtls(s)) |
| 190 | listen = D1I(s)->listen; | 190 | listen = D1I(s)->listen; |
| 191 | 191 | ||
| 192 | /* init things to blank */ | 192 | /* init things to blank */ |
| @@ -194,7 +194,7 @@ ssl3_accept(SSL *s) | |||
| 194 | if (!SSL_in_init(s) || SSL_in_before(s)) | 194 | if (!SSL_in_init(s) || SSL_in_before(s)) |
| 195 | SSL_clear(s); | 195 | SSL_clear(s); |
| 196 | 196 | ||
| 197 | if (SSL_IS_DTLS(s)) | 197 | if (SSL_is_dtls(s)) |
| 198 | D1I(s)->listen = listen; | 198 | D1I(s)->listen = listen; |
| 199 | 199 | ||
| 200 | for (;;) { | 200 | for (;;) { |
| @@ -213,7 +213,7 @@ ssl3_accept(SSL *s) | |||
| 213 | if (cb != NULL) | 213 | if (cb != NULL) |
| 214 | cb(s, SSL_CB_HANDSHAKE_START, 1); | 214 | cb(s, SSL_CB_HANDSHAKE_START, 1); |
| 215 | 215 | ||
| 216 | if (SSL_IS_DTLS(s)) { | 216 | if (SSL_is_dtls(s)) { |
| 217 | if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) { | 217 | if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) { |
| 218 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 218 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 219 | ret = -1; | 219 | ret = -1; |
| @@ -257,7 +257,7 @@ ssl3_accept(SSL *s) | |||
| 257 | 257 | ||
| 258 | S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; | 258 | S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; |
| 259 | s->ctx->internal->stats.sess_accept++; | 259 | s->ctx->internal->stats.sess_accept++; |
| 260 | } else if (!SSL_IS_DTLS(s) && !S3I(s)->send_connection_binding) { | 260 | } else if (!SSL_is_dtls(s) && !S3I(s)->send_connection_binding) { |
| 261 | /* | 261 | /* |
| 262 | * Server attempting to renegotiate with | 262 | * Server attempting to renegotiate with |
| 263 | * client that doesn't support secure | 263 | * client that doesn't support secure |
| @@ -281,14 +281,14 @@ ssl3_accept(SSL *s) | |||
| 281 | case SSL3_ST_SW_HELLO_REQ_A: | 281 | case SSL3_ST_SW_HELLO_REQ_A: |
| 282 | case SSL3_ST_SW_HELLO_REQ_B: | 282 | case SSL3_ST_SW_HELLO_REQ_B: |
| 283 | s->internal->shutdown = 0; | 283 | s->internal->shutdown = 0; |
| 284 | if (SSL_IS_DTLS(s)) { | 284 | if (SSL_is_dtls(s)) { |
| 285 | dtls1_clear_record_buffer(s); | 285 | dtls1_clear_record_buffer(s); |
| 286 | dtls1_start_timer(s); | 286 | dtls1_start_timer(s); |
| 287 | } | 287 | } |
| 288 | ret = ssl3_send_hello_request(s); | 288 | ret = ssl3_send_hello_request(s); |
| 289 | if (ret <= 0) | 289 | if (ret <= 0) |
| 290 | goto end; | 290 | goto end; |
| 291 | if (SSL_IS_DTLS(s)) | 291 | if (SSL_is_dtls(s)) |
| 292 | S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A; | 292 | S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A; |
| 293 | else | 293 | else |
| 294 | S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C; | 294 | S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C; |
| @@ -309,7 +309,7 @@ ssl3_accept(SSL *s) | |||
| 309 | case SSL3_ST_SR_CLNT_HELLO_B: | 309 | case SSL3_ST_SR_CLNT_HELLO_B: |
| 310 | case SSL3_ST_SR_CLNT_HELLO_C: | 310 | case SSL3_ST_SR_CLNT_HELLO_C: |
| 311 | s->internal->shutdown = 0; | 311 | s->internal->shutdown = 0; |
| 312 | if (SSL_IS_DTLS(s)) { | 312 | if (SSL_is_dtls(s)) { |
| 313 | ret = ssl3_get_client_hello(s); | 313 | ret = ssl3_get_client_hello(s); |
| 314 | if (ret <= 0) | 314 | if (ret <= 0) |
| 315 | goto end; | 315 | goto end; |
| @@ -373,7 +373,7 @@ ssl3_accept(SSL *s) | |||
| 373 | 373 | ||
| 374 | case SSL3_ST_SW_SRVR_HELLO_A: | 374 | case SSL3_ST_SW_SRVR_HELLO_A: |
| 375 | case SSL3_ST_SW_SRVR_HELLO_B: | 375 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 376 | if (SSL_IS_DTLS(s)) { | 376 | if (SSL_is_dtls(s)) { |
| 377 | s->internal->renegotiate = 2; | 377 | s->internal->renegotiate = 2; |
| 378 | dtls1_start_timer(s); | 378 | dtls1_start_timer(s); |
| 379 | } | 379 | } |
| @@ -396,7 +396,7 @@ ssl3_accept(SSL *s) | |||
| 396 | /* Check if it is anon DH or anon ECDH. */ | 396 | /* Check if it is anon DH or anon ECDH. */ |
| 397 | if (!(S3I(s)->hs.new_cipher->algorithm_auth & | 397 | if (!(S3I(s)->hs.new_cipher->algorithm_auth & |
| 398 | SSL_aNULL)) { | 398 | SSL_aNULL)) { |
| 399 | if (SSL_IS_DTLS(s)) | 399 | if (SSL_is_dtls(s)) |
| 400 | dtls1_start_timer(s); | 400 | dtls1_start_timer(s); |
| 401 | ret = ssl3_send_server_certificate(s); | 401 | ret = ssl3_send_server_certificate(s); |
| 402 | if (ret <= 0) | 402 | if (ret <= 0) |
| @@ -425,7 +425,7 @@ ssl3_accept(SSL *s) | |||
| 425 | * public key for key exchange. | 425 | * public key for key exchange. |
| 426 | */ | 426 | */ |
| 427 | if (alg_k & (SSL_kDHE|SSL_kECDHE)) { | 427 | if (alg_k & (SSL_kDHE|SSL_kECDHE)) { |
| 428 | if (SSL_IS_DTLS(s)) | 428 | if (SSL_is_dtls(s)) |
| 429 | dtls1_start_timer(s); | 429 | dtls1_start_timer(s); |
| 430 | ret = ssl3_send_server_key_exchange(s); | 430 | ret = ssl3_send_server_key_exchange(s); |
| 431 | if (ret <= 0) | 431 | if (ret <= 0) |
| @@ -467,11 +467,11 @@ ssl3_accept(SSL *s) | |||
| 467 | S3I(s)->tmp.cert_request = 0; | 467 | S3I(s)->tmp.cert_request = 0; |
| 468 | S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; | 468 | S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; |
| 469 | 469 | ||
| 470 | if (!SSL_IS_DTLS(s)) | 470 | if (!SSL_is_dtls(s)) |
| 471 | tls1_transcript_free(s); | 471 | tls1_transcript_free(s); |
| 472 | } else { | 472 | } else { |
| 473 | S3I(s)->tmp.cert_request = 1; | 473 | S3I(s)->tmp.cert_request = 1; |
| 474 | if (SSL_IS_DTLS(s)) | 474 | if (SSL_is_dtls(s)) |
| 475 | dtls1_start_timer(s); | 475 | dtls1_start_timer(s); |
| 476 | ret = ssl3_send_certificate_request(s); | 476 | ret = ssl3_send_certificate_request(s); |
| 477 | if (ret <= 0) | 477 | if (ret <= 0) |
| @@ -483,7 +483,7 @@ ssl3_accept(SSL *s) | |||
| 483 | 483 | ||
| 484 | case SSL3_ST_SW_SRVR_DONE_A: | 484 | case SSL3_ST_SW_SRVR_DONE_A: |
| 485 | case SSL3_ST_SW_SRVR_DONE_B: | 485 | case SSL3_ST_SW_SRVR_DONE_B: |
| 486 | if (SSL_IS_DTLS(s)) | 486 | if (SSL_is_dtls(s)) |
| 487 | dtls1_start_timer(s); | 487 | dtls1_start_timer(s); |
| 488 | ret = ssl3_send_server_done(s); | 488 | ret = ssl3_send_server_done(s); |
| 489 | if (ret <= 0) | 489 | if (ret <= 0) |
| @@ -506,7 +506,7 @@ ssl3_accept(SSL *s) | |||
| 506 | */ | 506 | */ |
| 507 | s->internal->rwstate = SSL_WRITING; | 507 | s->internal->rwstate = SSL_WRITING; |
| 508 | if (BIO_flush(s->wbio) <= 0) { | 508 | if (BIO_flush(s->wbio) <= 0) { |
| 509 | if (SSL_IS_DTLS(s)) { | 509 | if (SSL_is_dtls(s)) { |
| 510 | /* If the write error was fatal, stop trying. */ | 510 | /* If the write error was fatal, stop trying. */ |
| 511 | if (!BIO_should_retry(s->wbio)) { | 511 | if (!BIO_should_retry(s->wbio)) { |
| 512 | s->internal->rwstate = SSL_NOTHING; | 512 | s->internal->rwstate = SSL_NOTHING; |
| @@ -537,7 +537,7 @@ ssl3_accept(SSL *s) | |||
| 537 | if (ret <= 0) | 537 | if (ret <= 0) |
| 538 | goto end; | 538 | goto end; |
| 539 | 539 | ||
| 540 | if (SSL_IS_DTLS(s)) { | 540 | if (SSL_is_dtls(s)) { |
| 541 | S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; | 541 | S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; |
| 542 | s->internal->init_num = 0; | 542 | s->internal->init_num = 0; |
| 543 | } | 543 | } |
| @@ -587,7 +587,7 @@ ssl3_accept(SSL *s) | |||
| 587 | 587 | ||
| 588 | case SSL3_ST_SR_CERT_VRFY_A: | 588 | case SSL3_ST_SR_CERT_VRFY_A: |
| 589 | case SSL3_ST_SR_CERT_VRFY_B: | 589 | case SSL3_ST_SR_CERT_VRFY_B: |
| 590 | if (SSL_IS_DTLS(s)) | 590 | if (SSL_is_dtls(s)) |
| 591 | D1I(s)->change_cipher_spec_ok = 1; | 591 | D1I(s)->change_cipher_spec_ok = 1; |
| 592 | else | 592 | else |
| 593 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | 593 | s->s3->flags |= SSL3_FLAGS_CCS_OK; |
| @@ -602,7 +602,7 @@ ssl3_accept(SSL *s) | |||
| 602 | 602 | ||
| 603 | case SSL3_ST_SR_FINISHED_A: | 603 | case SSL3_ST_SR_FINISHED_A: |
| 604 | case SSL3_ST_SR_FINISHED_B: | 604 | case SSL3_ST_SR_FINISHED_B: |
| 605 | if (SSL_IS_DTLS(s)) | 605 | if (SSL_is_dtls(s)) |
| 606 | D1I(s)->change_cipher_spec_ok = 1; | 606 | D1I(s)->change_cipher_spec_ok = 1; |
| 607 | else | 607 | else |
| 608 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | 608 | s->s3->flags |= SSL3_FLAGS_CCS_OK; |
| @@ -610,7 +610,7 @@ ssl3_accept(SSL *s) | |||
| 610 | SSL3_ST_SR_FINISHED_B); | 610 | SSL3_ST_SR_FINISHED_B); |
| 611 | if (ret <= 0) | 611 | if (ret <= 0) |
| 612 | goto end; | 612 | goto end; |
| 613 | if (SSL_IS_DTLS(s)) | 613 | if (SSL_is_dtls(s)) |
| 614 | dtls1_stop_timer(s); | 614 | dtls1_stop_timer(s); |
| 615 | if (s->internal->hit) | 615 | if (s->internal->hit) |
| 616 | S3I(s)->hs.state = SSL_ST_OK; | 616 | S3I(s)->hs.state = SSL_ST_OK; |
| @@ -660,7 +660,7 @@ ssl3_accept(SSL *s) | |||
| 660 | goto end; | 660 | goto end; |
| 661 | } | 661 | } |
| 662 | 662 | ||
| 663 | if (SSL_IS_DTLS(s)) | 663 | if (SSL_is_dtls(s)) |
| 664 | dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); | 664 | dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); |
| 665 | break; | 665 | break; |
| 666 | 666 | ||
| @@ -691,7 +691,7 @@ ssl3_accept(SSL *s) | |||
| 691 | goto end; | 691 | goto end; |
| 692 | } | 692 | } |
| 693 | 693 | ||
| 694 | if (!SSL_IS_DTLS(s)) | 694 | if (!SSL_is_dtls(s)) |
| 695 | ssl3_release_init_buffer(s); | 695 | ssl3_release_init_buffer(s); |
| 696 | 696 | ||
| 697 | /* remove buffering on output */ | 697 | /* remove buffering on output */ |
| @@ -716,7 +716,7 @@ ssl3_accept(SSL *s) | |||
| 716 | 716 | ||
| 717 | ret = 1; | 717 | ret = 1; |
| 718 | 718 | ||
| 719 | if (SSL_IS_DTLS(s)) { | 719 | if (SSL_is_dtls(s)) { |
| 720 | /* Done handshaking, next message is client hello. */ | 720 | /* Done handshaking, next message is client hello. */ |
| 721 | D1I(s)->handshake_read_seq = 0; | 721 | D1I(s)->handshake_read_seq = 0; |
| 722 | /* Next message is server hello. */ | 722 | /* Next message is server hello. */ |
| @@ -837,7 +837,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 837 | SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); | 837 | SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); |
| 838 | goto f_err; | 838 | goto f_err; |
| 839 | } | 839 | } |
| 840 | if (SSL_IS_DTLS(s)) { | 840 | if (SSL_is_dtls(s)) { |
| 841 | if (!CBS_get_u8_length_prefixed(&cbs, &cookie)) | 841 | if (!CBS_get_u8_length_prefixed(&cbs, &cookie)) |
| 842 | goto truncated; | 842 | goto truncated; |
| 843 | } | 843 | } |
| @@ -879,7 +879,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 879 | * one, just return since we do not want to allocate any memory yet. | 879 | * one, just return since we do not want to allocate any memory yet. |
| 880 | * So check cookie length... | 880 | * So check cookie length... |
| 881 | */ | 881 | */ |
| 882 | if (SSL_IS_DTLS(s)) { | 882 | if (SSL_is_dtls(s)) { |
| 883 | if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { | 883 | if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { |
| 884 | if (CBS_len(&cookie) == 0) | 884 | if (CBS_len(&cookie) == 0) |
| 885 | return (1); | 885 | return (1); |
| @@ -928,7 +928,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 928 | } | 928 | } |
| 929 | } | 929 | } |
| 930 | 930 | ||
| 931 | if (SSL_IS_DTLS(s)) { | 931 | if (SSL_is_dtls(s)) { |
| 932 | /* | 932 | /* |
| 933 | * The ClientHello may contain a cookie even if the HelloVerify | 933 | * The ClientHello may contain a cookie even if the HelloVerify |
| 934 | * message has not been sent - make sure that it does not cause | 934 | * message has not been sent - make sure that it does not cause |
| @@ -1045,7 +1045,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 1045 | */ | 1045 | */ |
| 1046 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | 1046 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); |
| 1047 | 1047 | ||
| 1048 | if (!SSL_IS_DTLS(s) && max_version >= TLS1_2_VERSION && | 1048 | if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION && |
| 1049 | s->version < max_version) { | 1049 | s->version < max_version) { |
| 1050 | /* | 1050 | /* |
| 1051 | * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 | 1051 | * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 |