Move most of the SSL3_STATE fields to internal - the ones that remain are

known to be used by ports. ok beck@
author: jsing <> 2017-01-22 09:02:07 +0000
committer: jsing <> 2017-01-22 09:02:07 +0000
commit: bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1 (patch)
tree: 74edac7239262d369a6f63b69bea3291a4184000 /src/lib/libssl/t1_reneg.c
parent: d549b46158cee11991715ad9f53e1adaa39d2280 (diff)
download: openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.gz
openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.bz2
openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.zip
1 files changed, 30 insertions, 30 deletions
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index 294a632b8f..52f17b7d2b 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_reneg.c,v 1.11 2015/06/20 16:42:48 doug Exp $ */
+/* $OpenBSD: t1_reneg.c,v 1.12 2017/01/22 09:02:07 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -122,22 +122,22 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
    int maxlen)
 {
        if (p) {
-                if ((s->s3->previous_client_finished_len + 1) > maxlen) {
+                if ((S3I(s)->previous_client_finished_len + 1) > maxlen) {
                        SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,
                            SSL_R_RENEGOTIATE_EXT_TOO_LONG);
                        return 0;
                }
                /* Length byte */
-                *p = s->s3->previous_client_finished_len;
+                *p = S3I(s)->previous_client_finished_len;
                p++;
-                memcpy(p, s->s3->previous_client_finished,
+                memcpy(p, S3I(s)->previous_client_finished,
-                    s->s3->previous_client_finished_len);
+                    S3I(s)->previous_client_finished_len);
        }
-        *len = s->s3->previous_client_finished_len + 1;
+        *len = S3I(s)->previous_client_finished_len + 1;
        return 1;
 }
@@ -168,22 +168,22 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
        }
        /* Check that the extension matches */
-        if (CBS_len(&reneg) != s->s3->previous_client_finished_len) {
+        if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) {
                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
                return 0;
        }
-        if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished,
+        if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,
-            s->s3->previous_client_finished_len)) {
+            S3I(s)->previous_client_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
                return 0;
        }
-        s->s3->send_connection_binding = 1;
+        S3I(s)->send_connection_binding = 1;
        return 1;
 }
@@ -194,29 +194,29 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
    int maxlen)
 {
        if (p) {
-                if ((s->s3->previous_client_finished_len +
+                if ((S3I(s)->previous_client_finished_len +
-                    s->s3->previous_server_finished_len + 1) > maxlen) {
+                    S3I(s)->previous_server_finished_len + 1) > maxlen) {
                        SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,
                            SSL_R_RENEGOTIATE_EXT_TOO_LONG);
                        return 0;
                }
                /* Length byte */
-                *p = s->s3->previous_client_finished_len +
+                *p = S3I(s)->previous_client_finished_len +
-                    s->s3->previous_server_finished_len;
+                    S3I(s)->previous_server_finished_len;
                p++;
-                memcpy(p, s->s3->previous_client_finished,
+                memcpy(p, S3I(s)->previous_client_finished,
-                    s->s3->previous_client_finished_len);
+                    S3I(s)->previous_client_finished_len);
-                p += s->s3->previous_client_finished_len;
+                p += S3I(s)->previous_client_finished_len;
-                memcpy(p, s->s3->previous_server_finished,
+                memcpy(p, S3I(s)->previous_server_finished,
-                    s->s3->previous_server_finished_len);
+                    S3I(s)->previous_server_finished_len);
        }
-        *len = s->s3->previous_client_finished_len +
+        *len = S3I(s)->previous_client_finished_len +
-            s->s3->previous_server_finished_len + 1;
+            S3I(s)->previous_server_finished_len + 1;
        return 1;
 }
@@ -227,12 +227,12 @@ int
 ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al)
 {
        CBS cbs, reneg, previous_client, previous_server;
-        int expected_len = s->s3->previous_client_finished_len +
+        int expected_len = S3I(s)->previous_client_finished_len +
-            s->s3->previous_server_finished_len;
+            S3I(s)->previous_server_finished_len;
        /* Check for logic errors */
-        OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
+        OPENSSL_assert(!expected_len || S3I(s)->previous_client_finished_len);
-        OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
+        OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len);
        if (len < 0) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
@@ -255,9 +255,9 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
        /* Check that the extension matches */
        if (CBS_len(&reneg) != expected_len ||
            !CBS_get_bytes(&reneg, &previous_client,
-            s->s3->previous_client_finished_len) ||
+            S3I(s)->previous_client_finished_len) ||
            !CBS_get_bytes(&reneg, &previous_server,
-            s->s3->previous_server_finished_len) ||
+            S3I(s)->previous_server_finished_len) ||
            CBS_len(&reneg) != 0) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
@@ -265,14 +265,14 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
                return 0;
        }
-        if (!CBS_mem_equal(&previous_client, s->s3->previous_client_finished,
+        if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished,
            CBS_len(&previous_client))) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
                return 0;
        }
-        if (!CBS_mem_equal(&previous_server, s->s3->previous_server_finished,
+        if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished,
            CBS_len(&previous_server))) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
@@ -280,7 +280,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
                return 0;
        }
-        s->s3->send_connection_binding = 1;
+        S3I(s)->send_connection_binding = 1;
        return 1;
 }
author	jsing <>	2017-01-22 09:02:07 +0000
committer	jsing <>	2017-01-22 09:02:07 +0000
commit	bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1 (patch)
tree	74edac7239262d369a6f63b69bea3291a4184000 /src/lib/libssl/t1_reneg.c
parent	d549b46158cee11991715ad9f53e1adaa39d2280 (diff)
download	openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.gz openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.bz2 openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.zip

diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 294a632b8f..52f17b7d2b 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_reneg.c,v 1.11 2015/06/20 16:42:48 doug Exp $ */	1	/* $OpenBSD: t1_reneg.c,v 1.12 2017/01/22 09:02:07 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -122,22 +122,22 @@ ssl_add_clienthello_renegotiate_ext(SSL s, unsigned char p, int *len,
122	int maxlen)	122	int maxlen)
123	{	123	{
124	if (p) {	124	if (p) {
125	if ((s->s3->previous_client_finished_len + 1) > maxlen) {	125	if ((S3I(s)->previous_client_finished_len + 1) > maxlen) {
126	SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,	126	SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,
127	SSL_R_RENEGOTIATE_EXT_TOO_LONG);	127	SSL_R_RENEGOTIATE_EXT_TOO_LONG);
128	return 0;	128	return 0;
129	}	129	}
130		130
131	/* Length byte */	131	/* Length byte */
132	*p = s->s3->previous_client_finished_len;	132	*p = S3I(s)->previous_client_finished_len;
133	p++;	133	p++;
134		134
135	memcpy(p, s->s3->previous_client_finished,	135	memcpy(p, S3I(s)->previous_client_finished,
136	s->s3->previous_client_finished_len);	136	S3I(s)->previous_client_finished_len);
137		137
138	}	138	}
139		139
140	*len = s->s3->previous_client_finished_len + 1;	140	*len = S3I(s)->previous_client_finished_len + 1;
141		141
142	return 1;	142	return 1;
143	}	143	}
@@ -168,22 +168,22 @@ ssl_parse_clienthello_renegotiate_ext(SSL s, const unsigned char d, int len,
168	}	168	}
169		169
170	/* Check that the extension matches */	170	/* Check that the extension matches */
171	if (CBS_len(&reneg) != s->s3->previous_client_finished_len) {	171	if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) {
172	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,	172	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
173	SSL_R_RENEGOTIATION_MISMATCH);	173	SSL_R_RENEGOTIATION_MISMATCH);
174	*al = SSL_AD_HANDSHAKE_FAILURE;	174	*al = SSL_AD_HANDSHAKE_FAILURE;
175	return 0;	175	return 0;
176	}	176	}
177		177
178	if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished,	178	if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,
179	s->s3->previous_client_finished_len)) {	179	S3I(s)->previous_client_finished_len)) {
180	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,	180	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
181	SSL_R_RENEGOTIATION_MISMATCH);	181	SSL_R_RENEGOTIATION_MISMATCH);
182	*al = SSL_AD_HANDSHAKE_FAILURE;	182	*al = SSL_AD_HANDSHAKE_FAILURE;
183	return 0;	183	return 0;
184	}	184	}
185		185
186	s->s3->send_connection_binding = 1;	186	S3I(s)->send_connection_binding = 1;
187		187
188	return 1;	188	return 1;
189	}	189	}
@@ -194,29 +194,29 @@ ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p, int *len,
194	int maxlen)	194	int maxlen)
195	{	195	{
196	if (p) {	196	if (p) {
197	if ((s->s3->previous_client_finished_len +	197	if ((S3I(s)->previous_client_finished_len +
198	s->s3->previous_server_finished_len + 1) > maxlen) {	198	S3I(s)->previous_server_finished_len + 1) > maxlen) {
199	SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,	199	SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,
200	SSL_R_RENEGOTIATE_EXT_TOO_LONG);	200	SSL_R_RENEGOTIATE_EXT_TOO_LONG);
201	return 0;	201	return 0;
202	}	202	}
203		203
204	/* Length byte */	204	/* Length byte */
205	*p = s->s3->previous_client_finished_len +	205	*p = S3I(s)->previous_client_finished_len +
206	s->s3->previous_server_finished_len;	206	S3I(s)->previous_server_finished_len;
207	p++;	207	p++;
208		208
209	memcpy(p, s->s3->previous_client_finished,	209	memcpy(p, S3I(s)->previous_client_finished,
210	s->s3->previous_client_finished_len);	210	S3I(s)->previous_client_finished_len);
211	p += s->s3->previous_client_finished_len;	211	p += S3I(s)->previous_client_finished_len;
212		212
213	memcpy(p, s->s3->previous_server_finished,	213	memcpy(p, S3I(s)->previous_server_finished,
214	s->s3->previous_server_finished_len);	214	S3I(s)->previous_server_finished_len);
215		215
216	}	216	}
217		217
218	*len = s->s3->previous_client_finished_len +	218	*len = S3I(s)->previous_client_finished_len +
219	s->s3->previous_server_finished_len + 1;	219	S3I(s)->previous_server_finished_len + 1;
220		220
221	return 1;	221	return 1;
222	}	222	}
@@ -227,12 +227,12 @@ int
227	ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d, int len, int *al)	227	ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d, int len, int *al)
228	{	228	{
229	CBS cbs, reneg, previous_client, previous_server;	229	CBS cbs, reneg, previous_client, previous_server;
230	int expected_len = s->s3->previous_client_finished_len +	230	int expected_len = S3I(s)->previous_client_finished_len +
231	s->s3->previous_server_finished_len;	231	S3I(s)->previous_server_finished_len;
232		232
233	/* Check for logic errors */	233	/* Check for logic errors */
234	OPENSSL_assert(!expected_len \|\| s->s3->previous_client_finished_len);	234	OPENSSL_assert(!expected_len \|\| S3I(s)->previous_client_finished_len);
235	OPENSSL_assert(!expected_len \|\| s->s3->previous_server_finished_len);	235	OPENSSL_assert(!expected_len \|\| S3I(s)->previous_server_finished_len);
236		236
237	if (len < 0) {	237	if (len < 0) {
238	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	238	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
@@ -255,9 +255,9 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d, int len, i
255	/* Check that the extension matches */	255	/* Check that the extension matches */
256	if (CBS_len(&reneg) != expected_len \|\|	256	if (CBS_len(&reneg) != expected_len \|\|
257	!CBS_get_bytes(&reneg, &previous_client,	257	!CBS_get_bytes(&reneg, &previous_client,
258	s->s3->previous_client_finished_len) \|\|	258	S3I(s)->previous_client_finished_len) \|\|
259	!CBS_get_bytes(&reneg, &previous_server,	259	!CBS_get_bytes(&reneg, &previous_server,
260	s->s3->previous_server_finished_len) \|\|	260	S3I(s)->previous_server_finished_len) \|\|
261	CBS_len(&reneg) != 0) {	261	CBS_len(&reneg) != 0) {
262	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	262	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
263	SSL_R_RENEGOTIATION_MISMATCH);	263	SSL_R_RENEGOTIATION_MISMATCH);
@@ -265,14 +265,14 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d, int len, i
265	return 0;	265	return 0;
266	}	266	}
267		267
268	if (!CBS_mem_equal(&previous_client, s->s3->previous_client_finished,	268	if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished,
269	CBS_len(&previous_client))) {	269	CBS_len(&previous_client))) {
270	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	270	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
271	SSL_R_RENEGOTIATION_MISMATCH);	271	SSL_R_RENEGOTIATION_MISMATCH);
272	*al = SSL_AD_HANDSHAKE_FAILURE;	272	*al = SSL_AD_HANDSHAKE_FAILURE;
273	return 0;	273	return 0;
274	}	274	}
275	if (!CBS_mem_equal(&previous_server, s->s3->previous_server_finished,	275	if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished,
276	CBS_len(&previous_server))) {	276	CBS_len(&previous_server))) {
277	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	277	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
278	SSL_R_RENEGOTIATION_MISMATCH);	278	SSL_R_RENEGOTIATION_MISMATCH);
@@ -280,7 +280,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d, int len, i
280	return 0;	280	return 0;
281	}	281	}
282		282
283	s->s3->send_connection_binding = 1;	283	S3I(s)->send_connection_binding = 1;
284		284
285	return 1;	285	return 1;
286	}	286	}