summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorbeck <>2017-01-22 07:16:39 +0000
committerbeck <>2017-01-22 07:16:39 +0000
commit2204d5a39055900d89c6f7fbdcc3bb37ec8070db (patch)
treec03f505a3f0822dbc7a4d9523cfde19318c0d121 /src
parent334c9196a27db4244daba48e4ba2118985c535ed (diff)
downloadopenbsd-2204d5a39055900d89c6f7fbdcc3bb37ec8070db.tar.gz
openbsd-2204d5a39055900d89c6f7fbdcc3bb37ec8070db.tar.bz2
openbsd-2204d5a39055900d89c6f7fbdcc3bb37ec8070db.zip
Move most of DTLS1_STATE to internal.
ok jsing@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_both.c116
-rw-r--r--src/lib/libssl/d1_clnt.c26
-rw-r--r--src/lib/libssl/d1_lib.c84
-rw-r--r--src/lib/libssl/d1_pkt.c120
-rw-r--r--src/lib/libssl/d1_srvr.c34
-rw-r--r--src/lib/libssl/dtls1.h64
-rw-r--r--src/lib/libssl/s3_clnt.c14
-rw-r--r--src/lib/libssl/s3_srvr.c12
-rw-r--r--src/lib/libssl/ssl_lib.c4
-rw-r--r--src/lib/libssl/ssl_locl.h63
-rw-r--r--src/lib/libssl/t1_enc.c8
11 files changed, 272 insertions, 273 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 7f9d5af4ce..d83df1c9a0 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.40 2016/12/06 13:38:11 jsing Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.41 2017/01/22 07:16:38 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -232,9 +232,9 @@ dtls1_do_write(SSL *s, int type)
232 unsigned int len, frag_off, mac_size, blocksize; 232 unsigned int len, frag_off, mac_size, blocksize;
233 233
234 /* AHA! Figure out the MTU, and stick to the right size */ 234 /* AHA! Figure out the MTU, and stick to the right size */
235 if (s->d1->mtu < dtls1_min_mtu() && 235 if (D1I(s)->mtu < dtls1_min_mtu() &&
236 !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { 236 !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
237 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), 237 D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
238 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); 238 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
239 239
240 /* 240 /*
@@ -242,20 +242,20 @@ dtls1_do_write(SSL *s, int type)
242 * doesn't know the MTU (ie., the initial write), so just 242 * doesn't know the MTU (ie., the initial write), so just
243 * make sure we have a reasonable number 243 * make sure we have a reasonable number
244 */ 244 */
245 if (s->d1->mtu < dtls1_min_mtu()) { 245 if (D1I(s)->mtu < dtls1_min_mtu()) {
246 s->d1->mtu = 0; 246 D1I(s)->mtu = 0;
247 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); 247 D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu);
248 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, 248 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
249 s->d1->mtu, NULL); 249 D1I(s)->mtu, NULL);
250 } 250 }
251 } 251 }
252 252
253 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); 253 OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu());
254 /* should have something reasonable now */ 254 /* should have something reasonable now */
255 255
256 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) 256 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
257 OPENSSL_assert(s->init_num == 257 OPENSSL_assert(s->init_num ==
258 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); 258 (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
259 259
260 if (s->write_hash) 260 if (s->write_hash)
261 mac_size = EVP_MD_CTX_size(s->write_hash); 261 mac_size = EVP_MD_CTX_size(s->write_hash);
@@ -270,7 +270,7 @@ dtls1_do_write(SSL *s, int type)
270 270
271 frag_off = 0; 271 frag_off = 0;
272 while (s->init_num) { 272 while (s->init_num) {
273 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 273 curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) -
274 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; 274 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
275 275
276 if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) { 276 if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
@@ -278,7 +278,7 @@ dtls1_do_write(SSL *s, int type)
278 ret = BIO_flush(SSL_get_wbio(s)); 278 ret = BIO_flush(SSL_get_wbio(s));
279 if (ret <= 0) 279 if (ret <= 0)
280 return ret; 280 return ret;
281 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - 281 curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH -
282 mac_size - blocksize; 282 mac_size - blocksize;
283 } 283 }
284 284
@@ -322,7 +322,7 @@ dtls1_do_write(SSL *s, int type)
322 */ 322 */
323 if (BIO_ctrl(SSL_get_wbio(s), 323 if (BIO_ctrl(SSL_get_wbio(s),
324 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) 324 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
325 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), 325 D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
326 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); 326 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
327 else 327 else
328 return (-1); 328 return (-1);
@@ -336,14 +336,14 @@ dtls1_do_write(SSL *s, int type)
336 OPENSSL_assert(len == (unsigned int)ret); 336 OPENSSL_assert(len == (unsigned int)ret);
337 337
338 if (type == SSL3_RT_HANDSHAKE && 338 if (type == SSL3_RT_HANDSHAKE &&
339 !s->d1->retransmitting) { 339 !D1I(s)->retransmitting) {
340 /* 340 /*
341 * Should not be done for 'Hello Request's, 341 * Should not be done for 'Hello Request's,
342 * but in that case we'll ignore the result 342 * but in that case we'll ignore the result
343 * anyway 343 * anyway
344 */ 344 */
345 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; 345 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
346 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 346 const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
347 int xlen; 347 int xlen;
348 348
349 if (frag_off == 0) { 349 if (frag_off == 0) {
@@ -420,7 +420,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
420 return s->init_num; 420 return s->init_num;
421 } 421 }
422 422
423 msg_hdr = &s->d1->r_msg_hdr; 423 msg_hdr = &D1I(s)->r_msg_hdr;
424 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 424 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
425 425
426again: 426again:
@@ -452,8 +452,8 @@ again:
452 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 452 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
453 453
454 /* Don't change sequence numbers while listening */ 454 /* Don't change sequence numbers while listening */
455 if (!s->d1->listen) 455 if (!D1I(s)->listen)
456 s->d1->handshake_read_seq++; 456 D1I(s)->handshake_read_seq++;
457 457
458 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 458 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
459 return s->init_num; 459 return s->init_num;
@@ -487,7 +487,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
487 return SSL_AD_ILLEGAL_PARAMETER; 487 return SSL_AD_ILLEGAL_PARAMETER;
488 } 488 }
489 489
490 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ 490 if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */
491 { 491 {
492 /* 492 /*
493 * msg_len is limited to 2^24, but is effectively checked 493 * msg_len is limited to 2^24, but is effectively checked
@@ -500,11 +500,11 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
500 } 500 }
501 501
502 s->s3->tmp.message_size = msg_len; 502 s->s3->tmp.message_size = msg_len;
503 s->d1->r_msg_hdr.msg_len = msg_len; 503 D1I(s)->r_msg_hdr.msg_len = msg_len;
504 s->s3->tmp.message_type = msg_hdr->type; 504 s->s3->tmp.message_type = msg_hdr->type;
505 s->d1->r_msg_hdr.type = msg_hdr->type; 505 D1I(s)->r_msg_hdr.type = msg_hdr->type;
506 s->d1->r_msg_hdr.seq = msg_hdr->seq; 506 D1I(s)->r_msg_hdr.seq = msg_hdr->seq;
507 } else if (msg_len != s->d1->r_msg_hdr.msg_len) { 507 } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) {
508 /* 508 /*
509 * They must be playing with us! BTW, failure to enforce 509 * They must be playing with us! BTW, failure to enforce
510 * upper limit would open possibility for buffer overrun. 510 * upper limit would open possibility for buffer overrun.
@@ -531,7 +531,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
531 int al; 531 int al;
532 532
533 *ok = 0; 533 *ok = 0;
534 item = pqueue_peek(s->d1->buffered_messages); 534 item = pqueue_peek(D1I(s)->buffered_messages);
535 if (item == NULL) 535 if (item == NULL)
536 return 0; 536 return 0;
537 537
@@ -541,9 +541,9 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
541 if (frag->reassembly != NULL) 541 if (frag->reassembly != NULL)
542 return 0; 542 return 0;
543 543
544 if (s->d1->handshake_read_seq == frag->msg_header.seq) { 544 if (D1I(s)->handshake_read_seq == frag->msg_header.seq) {
545 unsigned long frag_len = frag->msg_header.frag_len; 545 unsigned long frag_len = frag->msg_header.frag_len;
546 pqueue_pop(s->d1->buffered_messages); 546 pqueue_pop(D1I(s)->buffered_messages);
547 547
548 al = dtls1_preprocess_fragment(s, &frag->msg_header, max); 548 al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
549 549
@@ -608,7 +608,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
608 memset(seq64be, 0, sizeof(seq64be)); 608 memset(seq64be, 0, sizeof(seq64be));
609 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); 609 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
610 seq64be[7] = (unsigned char)msg_hdr->seq; 610 seq64be[7] = (unsigned char)msg_hdr->seq;
611 item = pqueue_find(s->d1->buffered_messages, seq64be); 611 item = pqueue_find(D1I(s)->buffered_messages, seq64be);
612 612
613 if (item == NULL) { 613 if (item == NULL) {
614 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); 614 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
@@ -673,7 +673,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
673 goto err; 673 goto err;
674 } 674 }
675 675
676 pqueue_insert(s->d1->buffered_messages, item); 676 pqueue_insert(D1I(s)->buffered_messages, item);
677 } 677 }
678 678
679 return DTLS1_HM_FRAGMENT_RETRY; 679 return DTLS1_HM_FRAGMENT_RETRY;
@@ -702,7 +702,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
702 memset(seq64be, 0, sizeof(seq64be)); 702 memset(seq64be, 0, sizeof(seq64be));
703 seq64be[6] = (unsigned char) (msg_hdr->seq >> 8); 703 seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
704 seq64be[7] = (unsigned char) msg_hdr->seq; 704 seq64be[7] = (unsigned char) msg_hdr->seq;
705 item = pqueue_find(s->d1->buffered_messages, seq64be); 705 item = pqueue_find(D1I(s)->buffered_messages, seq64be);
706 706
707 /* 707 /*
708 * If we already have an entry and this one is a fragment, 708 * If we already have an entry and this one is a fragment,
@@ -717,9 +717,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
717 * a FINISHED before the SERVER_HELLO, which then must be a stale 717 * a FINISHED before the SERVER_HELLO, which then must be a stale
718 * retransmit. 718 * retransmit.
719 */ 719 */
720 if (msg_hdr->seq <= s->d1->handshake_read_seq || 720 if (msg_hdr->seq <= D1I(s)->handshake_read_seq ||
721 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || 721 msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL ||
722 (s->d1->handshake_read_seq == 0 && 722 (D1I(s)->handshake_read_seq == 0 &&
723 msg_hdr->type == SSL3_MT_FINISHED)) { 723 msg_hdr->type == SSL3_MT_FINISHED)) {
724 unsigned char devnull [256]; 724 unsigned char devnull [256];
725 725
@@ -760,7 +760,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
760 if (item == NULL) 760 if (item == NULL)
761 goto err; 761 goto err;
762 762
763 pqueue_insert(s->d1->buffered_messages, item); 763 pqueue_insert(D1I(s)->buffered_messages, item);
764 } 764 }
765 765
766 return DTLS1_HM_FRAGMENT_RETRY; 766 return DTLS1_HM_FRAGMENT_RETRY;
@@ -814,8 +814,8 @@ again:
814 * While listening, we accept seq 1 (ClientHello with cookie) 814 * While listening, we accept seq 1 (ClientHello with cookie)
815 * although we're still expecting seq 0 (ClientHello) 815 * although we're still expecting seq 0 (ClientHello)
816 */ 816 */
817 if (msg_hdr.seq != s->d1->handshake_read_seq && 817 if (msg_hdr.seq != D1I(s)->handshake_read_seq &&
818 !(s->d1->listen && msg_hdr.seq == 1)) 818 !(D1I(s)->listen && msg_hdr.seq == 1))
819 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); 819 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
820 820
821 len = msg_hdr.msg_len; 821 len = msg_hdr.msg_len;
@@ -825,7 +825,7 @@ again:
825 if (frag_len && frag_len < len) 825 if (frag_len && frag_len < len)
826 return dtls1_reassemble_fragment(s, &msg_hdr, ok); 826 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
827 827
828 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && 828 if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 &&
829 wire[0] == SSL3_MT_HELLO_REQUEST) { 829 wire[0] == SSL3_MT_HELLO_REQUEST) {
830 /* 830 /*
831 * The server may always send 'Hello Request' messages -- 831 * The server may always send 'Hello Request' messages --
@@ -918,13 +918,13 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
918 if (s->state == a) { 918 if (s->state == a) {
919 p = (unsigned char *)s->init_buf->data; 919 p = (unsigned char *)s->init_buf->data;
920 *p++=SSL3_MT_CCS; 920 *p++=SSL3_MT_CCS;
921 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 921 D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
922 s->init_num = DTLS1_CCS_HEADER_LENGTH; 922 s->init_num = DTLS1_CCS_HEADER_LENGTH;
923 923
924 s->init_off = 0; 924 s->init_off = 0;
925 925
926 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, 926 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
927 s->d1->handshake_write_seq, 0, 0); 927 D1I(s)->handshake_write_seq, 0, 0);
928 928
929 /* buffer the message to handle re-xmits */ 929 /* buffer the message to handle re-xmits */
930 dtls1_buffer_message(s, 1); 930 dtls1_buffer_message(s, 1);
@@ -1031,26 +1031,26 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1031 memcpy(frag->fragment, s->init_buf->data, s->init_num); 1031 memcpy(frag->fragment, s->init_buf->data, s->init_num);
1032 1032
1033 if (is_ccs) { 1033 if (is_ccs) {
1034 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1034 OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len +
1035 ((s->version == DTLS1_VERSION) ? 1035 ((s->version == DTLS1_VERSION) ?
1036 DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num); 1036 DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
1037 } else { 1037 } else {
1038 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1038 OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len +
1039 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); 1039 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1040 } 1040 }
1041 1041
1042 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; 1042 frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len;
1043 frag->msg_header.seq = s->d1->w_msg_hdr.seq; 1043 frag->msg_header.seq = D1I(s)->w_msg_hdr.seq;
1044 frag->msg_header.type = s->d1->w_msg_hdr.type; 1044 frag->msg_header.type = D1I(s)->w_msg_hdr.type;
1045 frag->msg_header.frag_off = 0; 1045 frag->msg_header.frag_off = 0;
1046 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; 1046 frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len;
1047 frag->msg_header.is_ccs = is_ccs; 1047 frag->msg_header.is_ccs = is_ccs;
1048 1048
1049 /* save current state*/ 1049 /* save current state*/
1050 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; 1050 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
1051 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; 1051 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
1052 frag->msg_header.saved_retransmit_state.session = s->session; 1052 frag->msg_header.saved_retransmit_state.session = s->session;
1053 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; 1053 frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch;
1054 1054
1055 memset(seq64be, 0, sizeof(seq64be)); 1055 memset(seq64be, 0, sizeof(seq64be));
1056 seq64be[6] = (unsigned char)(dtls1_get_queue_priority( 1056 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
@@ -1120,21 +1120,21 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1120 saved_state.enc_write_ctx = s->enc_write_ctx; 1120 saved_state.enc_write_ctx = s->enc_write_ctx;
1121 saved_state.write_hash = s->write_hash; 1121 saved_state.write_hash = s->write_hash;
1122 saved_state.session = s->session; 1122 saved_state.session = s->session;
1123 saved_state.epoch = s->d1->w_epoch; 1123 saved_state.epoch = D1I(s)->w_epoch;
1124 1124
1125 s->d1->retransmitting = 1; 1125 D1I(s)->retransmitting = 1;
1126 1126
1127 /* restore state in which the message was originally sent */ 1127 /* restore state in which the message was originally sent */
1128 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; 1128 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1129 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; 1129 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1130 s->session = frag->msg_header.saved_retransmit_state.session; 1130 s->session = frag->msg_header.saved_retransmit_state.session;
1131 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; 1131 D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1132 1132
1133 if (frag->msg_header.saved_retransmit_state.epoch == 1133 if (frag->msg_header.saved_retransmit_state.epoch ==
1134 saved_state.epoch - 1) { 1134 saved_state.epoch - 1) {
1135 memcpy(save_write_sequence, s->s3->write_sequence, 1135 memcpy(save_write_sequence, s->s3->write_sequence,
1136 sizeof(s->s3->write_sequence)); 1136 sizeof(s->s3->write_sequence));
1137 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, 1137 memcpy(s->s3->write_sequence, D1I(s)->last_write_sequence,
1138 sizeof(s->s3->write_sequence)); 1138 sizeof(s->s3->write_sequence));
1139 } 1139 }
1140 1140
@@ -1145,17 +1145,17 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1145 s->enc_write_ctx = saved_state.enc_write_ctx; 1145 s->enc_write_ctx = saved_state.enc_write_ctx;
1146 s->write_hash = saved_state.write_hash; 1146 s->write_hash = saved_state.write_hash;
1147 s->session = saved_state.session; 1147 s->session = saved_state.session;
1148 s->d1->w_epoch = saved_state.epoch; 1148 D1I(s)->w_epoch = saved_state.epoch;
1149 1149
1150 if (frag->msg_header.saved_retransmit_state.epoch == 1150 if (frag->msg_header.saved_retransmit_state.epoch ==
1151 saved_state.epoch - 1) { 1151 saved_state.epoch - 1) {
1152 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, 1152 memcpy(D1I(s)->last_write_sequence, s->s3->write_sequence,
1153 sizeof(s->s3->write_sequence)); 1153 sizeof(s->s3->write_sequence));
1154 memcpy(s->s3->write_sequence, save_write_sequence, 1154 memcpy(s->s3->write_sequence, save_write_sequence,
1155 sizeof(s->s3->write_sequence)); 1155 sizeof(s->s3->write_sequence));
1156 } 1156 }
1157 1157
1158 s->d1->retransmitting = 0; 1158 D1I(s)->retransmitting = 0;
1159 1159
1160 (void)BIO_flush(SSL_get_wbio(s)); 1160 (void)BIO_flush(SSL_get_wbio(s));
1161 return ret; 1161 return ret;
@@ -1179,12 +1179,12 @@ dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1179 unsigned long len, unsigned long frag_off, unsigned long frag_len) 1179 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1180{ 1180{
1181 /* Don't change sequence numbers while listening */ 1181 /* Don't change sequence numbers while listening */
1182 if (frag_off == 0 && !s->d1->listen) { 1182 if (frag_off == 0 && !D1I(s)->listen) {
1183 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 1183 D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
1184 s->d1->next_handshake_write_seq++; 1184 D1I(s)->next_handshake_write_seq++;
1185 } 1185 }
1186 1186
1187 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, 1187 dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq,
1188 frag_off, frag_len); 1188 frag_off, frag_len);
1189 1189
1190 return p += DTLS1_HM_HEADER_LENGTH; 1190 return p += DTLS1_HM_HEADER_LENGTH;
@@ -1195,7 +1195,7 @@ static void
1195dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, 1195dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
1196 unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) 1196 unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
1197{ 1197{
1198 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1198 struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
1199 1199
1200 msg_hdr->type = mt; 1200 msg_hdr->type = mt;
1201 msg_hdr->msg_len = len; 1201 msg_hdr->msg_len = len;
@@ -1207,7 +1207,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
1207static void 1207static void
1208dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) 1208dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
1209{ 1209{
1210 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1210 struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
1211 1211
1212 msg_hdr->frag_off = frag_off; 1212 msg_hdr->frag_off = frag_off;
1213 msg_hdr->frag_len = frag_len; 1213 msg_hdr->frag_len = frag_len;
@@ -1216,7 +1216,7 @@ dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
1216static unsigned char * 1216static unsigned char *
1217dtls1_write_message_header(SSL *s, unsigned char *p) 1217dtls1_write_message_header(SSL *s, unsigned char *p)
1218{ 1218{
1219 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 1219 struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
1220 1220
1221 *p++ = msg_hdr->type; 1221 *p++ = msg_hdr->type;
1222 l2n3(msg_hdr->msg_len, p); 1222 l2n3(msg_hdr->msg_len, p);
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 633eabf8b4..d4b8031150 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.60 2017/01/21 06:50:02 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.61 2017/01/22 07:16:38 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -247,7 +247,7 @@ dtls1_connect(SSL *s)
247 /* mark client_random uninitialized */ 247 /* mark client_random uninitialized */
248 memset(s->s3->client_random, 0, 248 memset(s->s3->client_random, 0,
249 sizeof(s->s3->client_random)); 249 sizeof(s->s3->client_random));
250 s->d1->send_cookie = 0; 250 D1I(s)->send_cookie = 0;
251 s->hit = 0; 251 s->hit = 0;
252 break; 252 break;
253 253
@@ -268,7 +268,7 @@ dtls1_connect(SSL *s)
268 if (ret <= 0) 268 if (ret <= 0)
269 goto end; 269 goto end;
270 270
271 if (s->d1->send_cookie) { 271 if (D1I(s)->send_cookie) {
272 s->state = SSL3_ST_CW_FLUSH; 272 s->state = SSL3_ST_CW_FLUSH;
273 s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A; 273 s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
274 } else 274 } else
@@ -304,7 +304,7 @@ dtls1_connect(SSL *s)
304 if (ret <= 0) 304 if (ret <= 0)
305 goto end; 305 goto end;
306 dtls1_stop_timer(s); 306 dtls1_stop_timer(s);
307 if ( s->d1->send_cookie) /* start again, with a cookie */ 307 if ( D1I(s)->send_cookie) /* start again, with a cookie */
308 s->state = SSL3_ST_CW_CLNT_HELLO_A; 308 s->state = SSL3_ST_CW_CLNT_HELLO_A;
309 else 309 else
310 s->state = SSL3_ST_CR_CERT_A; 310 s->state = SSL3_ST_CR_CERT_A;
@@ -507,7 +507,7 @@ dtls1_connect(SSL *s)
507 507
508 case SSL3_ST_CR_FINISHED_A: 508 case SSL3_ST_CR_FINISHED_A:
509 case SSL3_ST_CR_FINISHED_B: 509 case SSL3_ST_CR_FINISHED_B:
510 s->d1->change_cipher_spec_ok = 1; 510 D1I(s)->change_cipher_spec_ok = 1;
511 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, 511 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
512 SSL3_ST_CR_FINISHED_B); 512 SSL3_ST_CR_FINISHED_B);
513 if (ret <= 0) 513 if (ret <= 0)
@@ -566,8 +566,8 @@ dtls1_connect(SSL *s)
566 cb(s, SSL_CB_HANDSHAKE_DONE, 1); 566 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
567 567
568 /* done with handshaking */ 568 /* done with handshaking */
569 s->d1->handshake_read_seq = 0; 569 D1I(s)->handshake_read_seq = 0;
570 s->d1->next_handshake_write_seq = 0; 570 D1I(s)->next_handshake_write_seq = 0;
571 goto end; 571 goto end;
572 /* break; */ 572 /* break; */
573 573
@@ -619,7 +619,7 @@ dtls1_get_hello_verify(SSL *s)
619 return ((int)n); 619 return ((int)n);
620 620
621 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { 621 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
622 s->d1->send_cookie = 0; 622 D1I(s)->send_cookie = 0;
623 s->s3->tmp.reuse_message = 1; 623 s->s3->tmp.reuse_message = 1;
624 return (1); 624 return (1);
625 } 625 }
@@ -642,14 +642,14 @@ dtls1_get_hello_verify(SSL *s)
642 if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) 642 if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie))
643 goto truncated; 643 goto truncated;
644 644
645 if (!CBS_write_bytes(&cookie, s->d1->cookie, 645 if (!CBS_write_bytes(&cookie, D1I(s)->cookie,
646 sizeof(s->d1->cookie), &cookie_len)) { 646 sizeof(D1I(s)->cookie), &cookie_len)) {
647 s->d1->cookie_len = 0; 647 D1I(s)->cookie_len = 0;
648 al = SSL_AD_ILLEGAL_PARAMETER; 648 al = SSL_AD_ILLEGAL_PARAMETER;
649 goto f_err; 649 goto f_err;
650 } 650 }
651 s->d1->cookie_len = cookie_len; 651 D1I(s)->cookie_len = cookie_len;
652 s->d1->send_cookie = 1; 652 D1I(s)->send_cookie = 1;
653 653
654 return 1; 654 return 1;
655 655
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 3bc1b42583..697cb434f7 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_lib.c,v 1.35 2017/01/22 03:50:45 jsing Exp $ */ 1/* $OpenBSD: d1_lib.c,v 1.36 2017/01/22 07:16:38 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -117,24 +117,24 @@ dtls1_new(SSL *s)
117 117
118 /* d1->handshake_epoch=0; */ 118 /* d1->handshake_epoch=0; */
119 119
120 d1->unprocessed_rcds.q = pqueue_new(); 120 d1->internal->unprocessed_rcds.q = pqueue_new();
121 d1->processed_rcds.q = pqueue_new(); 121 d1->internal->processed_rcds.q = pqueue_new();
122 d1->buffered_messages = pqueue_new(); 122 d1->internal->buffered_messages = pqueue_new();
123 d1->sent_messages = pqueue_new(); 123 d1->sent_messages = pqueue_new();
124 d1->buffered_app_data.q = pqueue_new(); 124 d1->internal->buffered_app_data.q = pqueue_new();
125 125
126 if (s->server) { 126 if (s->server) {
127 d1->cookie_len = sizeof(s->d1->cookie); 127 d1->internal->cookie_len = sizeof(D1I(s)->cookie);
128 } 128 }
129 129
130 if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q || 130 if (!d1->internal->unprocessed_rcds.q || !d1->internal->processed_rcds.q ||
131 !d1->buffered_messages || !d1->sent_messages || 131 !d1->internal->buffered_messages || !d1->sent_messages ||
132 !d1->buffered_app_data.q) { 132 !d1->internal->buffered_app_data.q) {
133 pqueue_free(d1->unprocessed_rcds.q); 133 pqueue_free(d1->internal->unprocessed_rcds.q);
134 pqueue_free(d1->processed_rcds.q); 134 pqueue_free(d1->internal->processed_rcds.q);
135 pqueue_free(d1->buffered_messages); 135 pqueue_free(d1->internal->buffered_messages);
136 pqueue_free(d1->sent_messages); 136 pqueue_free(d1->sent_messages);
137 pqueue_free(d1->buffered_app_data.q); 137 pqueue_free(d1->internal->buffered_app_data.q);
138 free(d1); 138 free(d1);
139 ssl3_free(s); 139 ssl3_free(s);
140 return (0); 140 return (0);
@@ -152,21 +152,21 @@ dtls1_clear_queues(SSL *s)
152 hm_fragment *frag = NULL; 152 hm_fragment *frag = NULL;
153 DTLS1_RECORD_DATA *rdata; 153 DTLS1_RECORD_DATA *rdata;
154 154
155 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { 155 while ((item = pqueue_pop(D1I(s)->unprocessed_rcds.q)) != NULL) {
156 rdata = (DTLS1_RECORD_DATA *) item->data; 156 rdata = (DTLS1_RECORD_DATA *) item->data;
157 free(rdata->rbuf.buf); 157 free(rdata->rbuf.buf);
158 free(item->data); 158 free(item->data);
159 pitem_free(item); 159 pitem_free(item);
160 } 160 }
161 161
162 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { 162 while ((item = pqueue_pop(D1I(s)->processed_rcds.q)) != NULL) {
163 rdata = (DTLS1_RECORD_DATA *) item->data; 163 rdata = (DTLS1_RECORD_DATA *) item->data;
164 free(rdata->rbuf.buf); 164 free(rdata->rbuf.buf);
165 free(item->data); 165 free(item->data);
166 pitem_free(item); 166 pitem_free(item);
167 } 167 }
168 168
169 while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) { 169 while ((item = pqueue_pop(D1I(s)->buffered_messages)) != NULL) {
170 frag = (hm_fragment *)item->data; 170 frag = (hm_fragment *)item->data;
171 free(frag->fragment); 171 free(frag->fragment);
172 free(frag); 172 free(frag);
@@ -180,7 +180,7 @@ dtls1_clear_queues(SSL *s)
180 pitem_free(item); 180 pitem_free(item);
181 } 181 }
182 182
183 while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) { 183 while ((item = pqueue_pop(D1I(s)->buffered_app_data.q)) != NULL) {
184 rdata = (DTLS1_RECORD_DATA *) item->data; 184 rdata = (DTLS1_RECORD_DATA *) item->data;
185 free(rdata->rbuf.buf); 185 free(rdata->rbuf.buf);
186 free(item->data); 186 free(item->data);
@@ -198,11 +198,11 @@ dtls1_free(SSL *s)
198 198
199 dtls1_clear_queues(s); 199 dtls1_clear_queues(s);
200 200
201 pqueue_free(s->d1->unprocessed_rcds.q); 201 pqueue_free(D1I(s)->unprocessed_rcds.q);
202 pqueue_free(s->d1->processed_rcds.q); 202 pqueue_free(D1I(s)->processed_rcds.q);
203 pqueue_free(s->d1->buffered_messages); 203 pqueue_free(D1I(s)->buffered_messages);
204 pqueue_free(s->d1->sent_messages); 204 pqueue_free(s->d1->sent_messages);
205 pqueue_free(s->d1->buffered_app_data.q); 205 pqueue_free(D1I(s)->buffered_app_data.q);
206 206
207 explicit_bzero(s->d1->internal, sizeof(*s->d1->internal)); 207 explicit_bzero(s->d1->internal, sizeof(*s->d1->internal));
208 free(s->d1->internal); 208 free(s->d1->internal);
@@ -225,12 +225,12 @@ dtls1_clear(SSL *s)
225 unsigned int mtu; 225 unsigned int mtu;
226 226
227 if (s->d1) { 227 if (s->d1) {
228 unprocessed_rcds = s->d1->unprocessed_rcds.q; 228 unprocessed_rcds = D1I(s)->unprocessed_rcds.q;
229 processed_rcds = s->d1->processed_rcds.q; 229 processed_rcds = D1I(s)->processed_rcds.q;
230 buffered_messages = s->d1->buffered_messages; 230 buffered_messages = D1I(s)->buffered_messages;
231 sent_messages = s->d1->sent_messages; 231 sent_messages = s->d1->sent_messages;
232 buffered_app_data = s->d1->buffered_app_data.q; 232 buffered_app_data = D1I(s)->buffered_app_data.q;
233 mtu = s->d1->mtu; 233 mtu = D1I(s)->mtu;
234 234
235 dtls1_clear_queues(s); 235 dtls1_clear_queues(s);
236 236
@@ -240,18 +240,18 @@ dtls1_clear(SSL *s)
240 s->d1->internal = internal; 240 s->d1->internal = internal;
241 241
242 if (s->server) { 242 if (s->server) {
243 s->d1->cookie_len = sizeof(s->d1->cookie); 243 D1I(s)->cookie_len = sizeof(D1I(s)->cookie);
244 } 244 }
245 245
246 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { 246 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
247 s->d1->mtu = mtu; 247 D1I(s)->mtu = mtu;
248 } 248 }
249 249
250 s->d1->unprocessed_rcds.q = unprocessed_rcds; 250 D1I(s)->unprocessed_rcds.q = unprocessed_rcds;
251 s->d1->processed_rcds.q = processed_rcds; 251 D1I(s)->processed_rcds.q = processed_rcds;
252 s->d1->buffered_messages = buffered_messages; 252 D1I(s)->buffered_messages = buffered_messages;
253 s->d1->sent_messages = sent_messages; 253 s->d1->sent_messages = sent_messages;
254 s->d1->buffered_app_data.q = buffered_app_data; 254 D1I(s)->buffered_app_data.q = buffered_app_data;
255 } 255 }
256 256
257 ssl3_clear(s); 257 ssl3_clear(s);
@@ -319,7 +319,7 @@ dtls1_start_timer(SSL *s)
319 /* Add duration to current time */ 319 /* Add duration to current time */
320 s->d1->next_timeout.tv_sec += s->d1->timeout_duration; 320 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
321 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, 321 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
322 &(s->d1->next_timeout)); 322 &s->d1->next_timeout);
323} 323}
324 324
325struct timeval* 325struct timeval*
@@ -396,7 +396,7 @@ void
396dtls1_stop_timer(SSL *s) 396dtls1_stop_timer(SSL *s)
397{ 397{
398 /* Reset everything */ 398 /* Reset everything */
399 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); 399 memset(&(D1I(s)->timeout), 0, sizeof(struct dtls1_timeout_st));
400 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); 400 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
401 s->d1->timeout_duration = 1; 401 s->d1->timeout_duration = 1;
402 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, 402 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
@@ -408,16 +408,16 @@ dtls1_stop_timer(SSL *s)
408int 408int
409dtls1_check_timeout_num(SSL *s) 409dtls1_check_timeout_num(SSL *s)
410{ 410{
411 s->d1->timeout.num_alerts++; 411 D1I(s)->timeout.num_alerts++;
412 412
413 /* Reduce MTU after 2 unsuccessful retransmissions */ 413 /* Reduce MTU after 2 unsuccessful retransmissions */
414 if (s->d1->timeout.num_alerts > 2) { 414 if (D1I(s)->timeout.num_alerts > 2) {
415 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), 415 D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
416 BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); 416 BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
417 417
418 } 418 }
419 419
420 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { 420 if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
421 /* fail the connection, enough alerts have been sent */ 421 /* fail the connection, enough alerts have been sent */
422 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED); 422 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
423 return -1; 423 return -1;
@@ -439,9 +439,9 @@ dtls1_handle_timeout(SSL *s)
439 if (dtls1_check_timeout_num(s) < 0) 439 if (dtls1_check_timeout_num(s) < 0)
440 return -1; 440 return -1;
441 441
442 s->d1->timeout.read_timeouts++; 442 D1I(s)->timeout.read_timeouts++;
443 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { 443 if (D1I(s)->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
444 s->d1->timeout.read_timeouts = 1; 444 D1I(s)->timeout.read_timeouts = 1;
445 } 445 }
446 446
447 dtls1_start_timer(s); 447 dtls1_start_timer(s);
@@ -457,7 +457,7 @@ dtls1_listen(SSL *s, struct sockaddr *client)
457 SSL_clear(s); 457 SSL_clear(s);
458 458
459 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); 459 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
460 s->d1->listen = 1; 460 D1I(s)->listen = 1;
461 461
462 ret = SSL_accept(s); 462 ret = SSL_accept(s);
463 if (ret <= 0) 463 if (ret <= 0)
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 9ea7d5277a..c44f8f0f58 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.49 2016/11/04 18:00:12 guenther Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.50 2017/01/22 07:16:39 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -285,31 +285,31 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
285 * yet */ 285 * yet */
286#define dtls1_get_unprocessed_record(s) \ 286#define dtls1_get_unprocessed_record(s) \
287 dtls1_retrieve_buffered_record((s), \ 287 dtls1_retrieve_buffered_record((s), \
288 &((s)->d1->unprocessed_rcds)) 288 &((D1I(s))->unprocessed_rcds))
289 289
290/* retrieve a buffered record that belongs to the current epoch, ie, processed */ 290/* retrieve a buffered record that belongs to the current epoch, ie, processed */
291#define dtls1_get_processed_record(s) \ 291#define dtls1_get_processed_record(s) \
292 dtls1_retrieve_buffered_record((s), \ 292 dtls1_retrieve_buffered_record((s), \
293 &((s)->d1->processed_rcds)) 293 &((D1I(s))->processed_rcds))
294 294
295static int 295static int
296dtls1_process_buffered_records(SSL *s) 296dtls1_process_buffered_records(SSL *s)
297{ 297{
298 pitem *item; 298 pitem *item;
299 299
300 item = pqueue_peek(s->d1->unprocessed_rcds.q); 300 item = pqueue_peek(D1I(s)->unprocessed_rcds.q);
301 if (item) { 301 if (item) {
302 /* Check if epoch is current. */ 302 /* Check if epoch is current. */
303 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) 303 if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)
304 return (1); 304 return (1);
305 /* Nothing to do. */ 305 /* Nothing to do. */
306 306
307 /* Process all the records. */ 307 /* Process all the records. */
308 while (pqueue_peek(s->d1->unprocessed_rcds.q)) { 308 while (pqueue_peek(D1I(s)->unprocessed_rcds.q)) {
309 dtls1_get_unprocessed_record(s); 309 dtls1_get_unprocessed_record(s);
310 if (! dtls1_process_record(s)) 310 if (! dtls1_process_record(s))
311 return (0); 311 return (0);
312 if (dtls1_buffer_record(s, &(s->d1->processed_rcds), 312 if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),
313 s->s3->rrec.seq_num) < 0) 313 s->s3->rrec.seq_num) < 0)
314 return (-1); 314 return (-1);
315 } 315 }
@@ -317,8 +317,8 @@ dtls1_process_buffered_records(SSL *s)
317 317
318 /* sync epoch numbers once all the unprocessed records 318 /* sync epoch numbers once all the unprocessed records
319 * have been processed */ 319 * have been processed */
320 s->d1->processed_rcds.epoch = s->d1->r_epoch; 320 D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;
321 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; 321 D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
322 322
323 return (1); 323 return (1);
324} 324}
@@ -581,7 +581,7 @@ again:
581 * since they arrive from different connections and 581 * since they arrive from different connections and
582 * would be dropped unnecessarily. 582 * would be dropped unnecessarily.
583 */ 583 */
584 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && 584 if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE &&
585 p != NULL && *p == SSL3_MT_CLIENT_HELLO) && 585 p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
586 !dtls1_record_replay_check(s, bitmap)) 586 !dtls1_record_replay_check(s, bitmap))
587 goto again; 587 goto again;
@@ -596,8 +596,8 @@ again:
596 * anything while listening. 596 * anything while listening.
597 */ 597 */
598 if (is_next_epoch) { 598 if (is_next_epoch) {
599 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { 599 if ((SSL_in_init(s) || s->in_handshake) && !D1I(s)->listen) {
600 if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), 600 if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds),
601 rr->seq_num) < 0) 601 rr->seq_num) < 0)
602 return (-1); 602 return (-1);
603 /* Mark receipt of record. */ 603 /* Mark receipt of record. */
@@ -665,7 +665,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
665 if ((ret = have_handshake_fragment(s, type, buf, len, peek))) 665 if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
666 return ret; 666 return ret;
667 667
668 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ 668 /* Now D1I(s)->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
669 669
670 if (!s->in_handshake && SSL_in_init(s)) 670 if (!s->in_handshake && SSL_in_init(s))
671 { 671 {
@@ -694,7 +694,7 @@ start:
694 */ 694 */
695 if (s->state == SSL_ST_OK && rr->length == 0) { 695 if (s->state == SSL_ST_OK && rr->length == 0) {
696 pitem *item; 696 pitem *item;
697 item = pqueue_pop(s->d1->buffered_app_data.q); 697 item = pqueue_pop(D1I(s)->buffered_app_data.q);
698 if (item) { 698 if (item) {
699 699
700 dtls1_copy_record(s, item); 700 dtls1_copy_record(s, item);
@@ -721,7 +721,7 @@ start:
721 } 721 }
722 } 722 }
723 723
724 if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) { 724 if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) {
725 rr->length = 0; 725 rr->length = 0;
726 goto start; 726 goto start;
727 } 727 }
@@ -736,7 +736,7 @@ start:
736 * buffer the application data for later processing rather 736 * buffer the application data for later processing rather
737 * than dropping the connection. 737 * than dropping the connection.
738 */ 738 */
739 if (dtls1_buffer_record(s, &(s->d1->buffered_app_data), 739 if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data),
740 rr->seq_num) < 0) { 740 rr->seq_num) < 0) {
741 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); 741 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
742 return (-1); 742 return (-1);
@@ -799,13 +799,13 @@ start:
799 unsigned int *dest_len = NULL; 799 unsigned int *dest_len = NULL;
800 800
801 if (rr->type == SSL3_RT_HANDSHAKE) { 801 if (rr->type == SSL3_RT_HANDSHAKE) {
802 dest_maxlen = sizeof s->d1->handshake_fragment; 802 dest_maxlen = sizeof D1I(s)->handshake_fragment;
803 dest = s->d1->handshake_fragment; 803 dest = D1I(s)->handshake_fragment;
804 dest_len = &s->d1->handshake_fragment_len; 804 dest_len = &D1I(s)->handshake_fragment_len;
805 } else if (rr->type == SSL3_RT_ALERT) { 805 } else if (rr->type == SSL3_RT_ALERT) {
806 dest_maxlen = sizeof(s->d1->alert_fragment); 806 dest_maxlen = sizeof(D1I(s)->alert_fragment);
807 dest = s->d1->alert_fragment; 807 dest = D1I(s)->alert_fragment;
808 dest_len = &s->d1->alert_fragment_len; 808 dest_len = &D1I(s)->alert_fragment_len;
809 } 809 }
810 /* else it's a CCS message, or application data or wrong */ 810 /* else it's a CCS message, or application data or wrong */
811 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) { 811 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
@@ -854,20 +854,20 @@ start:
854 } 854 }
855 } 855 }
856 856
857 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; 857 /* D1I(s)->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
858 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. 858 * D1I(s)->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
859 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ 859 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
860 860
861 /* If we are a client, check for an incoming 'Hello Request': */ 861 /* If we are a client, check for an incoming 'Hello Request': */
862 if ((!s->server) && 862 if ((!s->server) &&
863 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && 863 (D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
864 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && 864 (D1I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
865 (s->session != NULL) && (s->session->cipher != NULL)) { 865 (s->session != NULL) && (s->session->cipher != NULL)) {
866 s->d1->handshake_fragment_len = 0; 866 D1I(s)->handshake_fragment_len = 0;
867 867
868 if ((s->d1->handshake_fragment[1] != 0) || 868 if ((D1I(s)->handshake_fragment[1] != 0) ||
869 (s->d1->handshake_fragment[2] != 0) || 869 (D1I(s)->handshake_fragment[2] != 0) ||
870 (s->d1->handshake_fragment[3] != 0)) { 870 (D1I(s)->handshake_fragment[3] != 0)) {
871 al = SSL_AD_DECODE_ERROR; 871 al = SSL_AD_DECODE_ERROR;
872 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); 872 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
873 goto err; 873 goto err;
@@ -877,12 +877,12 @@ start:
877 877
878 if (s->msg_callback) 878 if (s->msg_callback)
879 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 879 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
880 s->d1->handshake_fragment, 4, s, s->msg_callback_arg); 880 D1I(s)->handshake_fragment, 4, s, s->msg_callback_arg);
881 881
882 if (SSL_is_init_finished(s) && 882 if (SSL_is_init_finished(s) &&
883 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 883 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
884 !s->s3->renegotiate) { 884 !s->s3->renegotiate) {
885 s->d1->handshake_read_seq++; 885 D1I(s)->handshake_read_seq++;
886 s->new_session = 1; 886 s->new_session = 1;
887 ssl3_renegotiate(s); 887 ssl3_renegotiate(s);
888 if (ssl3_renegotiate_check(s)) { 888 if (ssl3_renegotiate_check(s)) {
@@ -916,15 +916,15 @@ start:
916 goto start; 916 goto start;
917 } 917 }
918 918
919 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { 919 if (D1I(s)->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
920 int alert_level = s->d1->alert_fragment[0]; 920 int alert_level = D1I(s)->alert_fragment[0];
921 int alert_descr = s->d1->alert_fragment[1]; 921 int alert_descr = D1I(s)->alert_fragment[1];
922 922
923 s->d1->alert_fragment_len = 0; 923 D1I(s)->alert_fragment_len = 0;
924 924
925 if (s->msg_callback) 925 if (s->msg_callback)
926 s->msg_callback(0, s->version, SSL3_RT_ALERT, 926 s->msg_callback(0, s->version, SSL3_RT_ALERT,
927 s->d1->alert_fragment, 2, s, s->msg_callback_arg); 927 D1I(s)->alert_fragment, 2, s, s->msg_callback_arg);
928 928
929 if (s->info_callback != NULL) 929 if (s->info_callback != NULL)
930 cb = s->info_callback; 930 cb = s->info_callback;
@@ -994,11 +994,11 @@ start:
994 /* We can't process a CCS now, because previous handshake 994 /* We can't process a CCS now, because previous handshake
995 * messages are still missing, so just drop it. 995 * messages are still missing, so just drop it.
996 */ 996 */
997 if (!s->d1->change_cipher_spec_ok) { 997 if (!D1I(s)->change_cipher_spec_ok) {
998 goto start; 998 goto start;
999 } 999 }
1000 1000
1001 s->d1->change_cipher_spec_ok = 0; 1001 D1I(s)->change_cipher_spec_ok = 0;
1002 1002
1003 s->s3->change_cipher_spec = 1; 1003 s->s3->change_cipher_spec = 1;
1004 if (!ssl3_do_change_cipher_spec(s)) 1004 if (!ssl3_do_change_cipher_spec(s))
@@ -1011,14 +1011,14 @@ start:
1011 } 1011 }
1012 1012
1013 /* Unexpected handshake message (Client Hello, or protocol violation) */ 1013 /* Unexpected handshake message (Client Hello, or protocol violation) */
1014 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && 1014 if ((D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1015 !s->in_handshake) { 1015 !s->in_handshake) {
1016 struct hm_header_st msg_hdr; 1016 struct hm_header_st msg_hdr;
1017 1017
1018 /* this may just be a stale retransmit */ 1018 /* this may just be a stale retransmit */
1019 if (!dtls1_get_message_header(rr->data, &msg_hdr)) 1019 if (!dtls1_get_message_header(rr->data, &msg_hdr))
1020 return -1; 1020 return -1;
1021 if (rr->epoch != s->d1->r_epoch) { 1021 if (rr->epoch != D1I(s)->r_epoch) {
1022 rr->length = 0; 1022 rr->length = 0;
1023 goto start; 1023 goto start;
1024 } 1024 }
@@ -1151,24 +1151,24 @@ have_handshake_fragment(SSL *s, int type, unsigned char *buf,
1151 int len, int peek) 1151 int len, int peek)
1152{ 1152{
1153 1153
1154 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0)) 1154 if ((type == SSL3_RT_HANDSHAKE) && (D1I(s)->handshake_fragment_len > 0))
1155 /* (partially) satisfy request from storage */ 1155 /* (partially) satisfy request from storage */
1156 { 1156 {
1157 unsigned char *src = s->d1->handshake_fragment; 1157 unsigned char *src = D1I(s)->handshake_fragment;
1158 unsigned char *dst = buf; 1158 unsigned char *dst = buf;
1159 unsigned int k, n; 1159 unsigned int k, n;
1160 1160
1161 /* peek == 0 */ 1161 /* peek == 0 */
1162 n = 0; 1162 n = 0;
1163 while ((len > 0) && (s->d1->handshake_fragment_len > 0)) { 1163 while ((len > 0) && (D1I(s)->handshake_fragment_len > 0)) {
1164 *dst++ = *src++; 1164 *dst++ = *src++;
1165 len--; 1165 len--;
1166 s->d1->handshake_fragment_len--; 1166 D1I(s)->handshake_fragment_len--;
1167 n++; 1167 n++;
1168 } 1168 }
1169 /* move any remaining fragment bytes: */ 1169 /* move any remaining fragment bytes: */
1170 for (k = 0; k < s->d1->handshake_fragment_len; k++) 1170 for (k = 0; k < D1I(s)->handshake_fragment_len; k++)
1171 s->d1->handshake_fragment[k] = *src++; 1171 D1I(s)->handshake_fragment[k] = *src++;
1172 return n; 1172 return n;
1173 } 1173 }
1174 1174
@@ -1306,11 +1306,11 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1306 1306
1307 /* there's only one epoch between handshake and app data */ 1307 /* there's only one epoch between handshake and app data */
1308 1308
1309 s2n(s->d1->w_epoch, pseq); 1309 s2n(D1I(s)->w_epoch, pseq);
1310 1310
1311 /* XDTLS: ?? */ 1311 /* XDTLS: ?? */
1312/* else 1312/* else
1313 s2n(s->d1->handshake_epoch, pseq); 1313 s2n(D1I(s)->handshake_epoch, pseq);
1314*/ 1314*/
1315 1315
1316 memcpy(pseq, &(s->s3->write_sequence[2]), 6); 1316 memcpy(pseq, &(s->s3->write_sequence[2]), 6);
@@ -1405,8 +1405,8 @@ dtls1_dispatch_alert(SSL *s)
1405 1405
1406#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1406#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1407 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { 1407 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
1408 s2n(s->d1->handshake_read_seq, ptr); 1408 s2n(D1I(s)->handshake_read_seq, ptr);
1409 l2n3(s->d1->r_msg_hdr.frag_off, ptr); 1409 l2n3(D1I(s)->r_msg_hdr.frag_off, ptr);
1410 } 1410 }
1411#endif 1411#endif
1412 1412
@@ -1447,14 +1447,14 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
1447 *is_next_epoch = 0; 1447 *is_next_epoch = 0;
1448 1448
1449 /* In current epoch, accept HM, CCS, DATA, & ALERT */ 1449 /* In current epoch, accept HM, CCS, DATA, & ALERT */
1450 if (rr->epoch == s->d1->r_epoch) 1450 if (rr->epoch == D1I(s)->r_epoch)
1451 return &s->d1->bitmap; 1451 return &D1I(s)->bitmap;
1452 1452
1453 /* Only HM and ALERT messages can be from the next epoch */ 1453 /* Only HM and ALERT messages can be from the next epoch */
1454 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && 1454 else if (rr->epoch == (unsigned long)(D1I(s)->r_epoch + 1) &&
1455 (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { 1455 (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
1456 *is_next_epoch = 1; 1456 *is_next_epoch = 1;
1457 return &s->d1->next_bitmap; 1457 return &D1I(s)->next_bitmap;
1458 } 1458 }
1459 1459
1460 return NULL; 1460 return NULL;
@@ -1468,13 +1468,13 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
1468 1468
1469 if (rw & SSL3_CC_READ) { 1469 if (rw & SSL3_CC_READ) {
1470 seq = s->s3->read_sequence; 1470 seq = s->s3->read_sequence;
1471 s->d1->r_epoch++; 1471 D1I(s)->r_epoch++;
1472 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); 1472 memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));
1473 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); 1473 memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1474 } else { 1474 } else {
1475 seq = s->s3->write_sequence; 1475 seq = s->s3->write_sequence;
1476 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); 1476 memcpy(D1I(s)->last_write_sequence, seq, sizeof(s->s3->write_sequence));
1477 s->d1->w_epoch++; 1477 D1I(s)->w_epoch++;
1478 } 1478 }
1479 1479
1480 memset(seq, 0x00, seq_bytes); 1480 memset(seq, 0x00, seq_bytes);
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 4322a219f5..6990e39f60 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.70 2017/01/21 06:50:02 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.71 2017/01/22 07:16:39 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -193,14 +193,14 @@ dtls1_accept(SSL *s)
193 else if (s->ctx->info_callback != NULL) 193 else if (s->ctx->info_callback != NULL)
194 cb = s->ctx->info_callback; 194 cb = s->ctx->info_callback;
195 195
196 listen = s->d1->listen; 196 listen = D1I(s)->listen;
197 197
198 /* init things to blank */ 198 /* init things to blank */
199 s->in_handshake++; 199 s->in_handshake++;
200 if (!SSL_in_init(s) || SSL_in_before(s)) 200 if (!SSL_in_init(s) || SSL_in_before(s))
201 SSL_clear(s); 201 SSL_clear(s);
202 202
203 s->d1->listen = listen; 203 D1I(s)->listen = listen;
204 204
205 if (s->cert == NULL) { 205 if (s->cert == NULL) {
206 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET); 206 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
@@ -317,13 +317,13 @@ dtls1_accept(SSL *s)
317 /* If we're just listening, stop here */ 317 /* If we're just listening, stop here */
318 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { 318 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
319 ret = 2; 319 ret = 2;
320 s->d1->listen = 0; 320 D1I(s)->listen = 0;
321 /* Set expected sequence numbers 321 /* Set expected sequence numbers
322 * to continue the handshake. 322 * to continue the handshake.
323 */ 323 */
324 s->d1->handshake_read_seq = 2; 324 D1I(s)->handshake_read_seq = 2;
325 s->d1->handshake_write_seq = 1; 325 D1I(s)->handshake_write_seq = 1;
326 s->d1->next_handshake_write_seq = 1; 326 D1I(s)->next_handshake_write_seq = 1;
327 goto end; 327 goto end;
328 } 328 }
329 329
@@ -534,7 +534,7 @@ dtls1_accept(SSL *s)
534 case SSL3_ST_SR_CERT_VRFY_A: 534 case SSL3_ST_SR_CERT_VRFY_A:
535 case SSL3_ST_SR_CERT_VRFY_B: 535 case SSL3_ST_SR_CERT_VRFY_B:
536 536
537 s->d1->change_cipher_spec_ok = 1; 537 D1I(s)->change_cipher_spec_ok = 1;
538 /* we should decide if we expected this one */ 538 /* we should decide if we expected this one */
539 ret = ssl3_get_cert_verify(s); 539 ret = ssl3_get_cert_verify(s);
540 if (ret <= 0) 540 if (ret <= 0)
@@ -545,7 +545,7 @@ dtls1_accept(SSL *s)
545 545
546 case SSL3_ST_SR_FINISHED_A: 546 case SSL3_ST_SR_FINISHED_A:
547 case SSL3_ST_SR_FINISHED_B: 547 case SSL3_ST_SR_FINISHED_B:
548 s->d1->change_cipher_spec_ok = 1; 548 D1I(s)->change_cipher_spec_ok = 1;
549 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, 549 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
550 SSL3_ST_SR_FINISHED_B); 550 SSL3_ST_SR_FINISHED_B);
551 if (ret <= 0) 551 if (ret <= 0)
@@ -652,10 +652,10 @@ dtls1_accept(SSL *s)
652 ret = 1; 652 ret = 1;
653 653
654 /* done handshaking, next message is client hello */ 654 /* done handshaking, next message is client hello */
655 s->d1->handshake_read_seq = 0; 655 D1I(s)->handshake_read_seq = 0;
656 /* next message is server hello */ 656 /* next message is server hello */
657 s->d1->handshake_write_seq = 0; 657 D1I(s)->handshake_write_seq = 0;
658 s->d1->next_handshake_write_seq = 0; 658 D1I(s)->next_handshake_write_seq = 0;
659 goto end; 659 goto end;
660 /* break; */ 660 /* break; */
661 661
@@ -705,16 +705,16 @@ dtls1_send_hello_verify_request(SSL *s)
705 *(p++) = s->version & 0xFF; 705 *(p++) = s->version & 0xFF;
706 706
707 if (s->ctx->app_gen_cookie_cb == NULL || 707 if (s->ctx->app_gen_cookie_cb == NULL ||
708 s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 708 s->ctx->app_gen_cookie_cb(s, D1I(s)->cookie,
709 &(s->d1->cookie_len)) == 0) { 709 &(D1I(s)->cookie_len)) == 0) {
710 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, 710 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
711 ERR_R_INTERNAL_ERROR); 711 ERR_R_INTERNAL_ERROR);
712 return 0; 712 return 0;
713 } 713 }
714 714
715 *(p++) = (unsigned char) s->d1->cookie_len; 715 *(p++) = (unsigned char) D1I(s)->cookie_len;
716 memcpy(p, s->d1->cookie, s->d1->cookie_len); 716 memcpy(p, D1I(s)->cookie, D1I(s)->cookie_len);
717 p += s->d1->cookie_len; 717 p += D1I(s)->cookie_len;
718 718
719 ssl3_handshake_msg_finish(s, p - d); 719 ssl3_handshake_msg_finish(s, p - d);
720 720
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
index 812b90592d..c7b2d3af76 100644
--- a/src/lib/libssl/dtls1.h
+++ b/src/lib/libssl/dtls1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: dtls1.h,v 1.20 2017/01/22 03:50:45 jsing Exp $ */ 1/* $OpenBSD: dtls1.h,v 1.21 2017/01/22 07:16:39 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -153,77 +153,15 @@ typedef struct hm_fragment_st {
153struct dtls1_state_internal_st; 153struct dtls1_state_internal_st;
154 154
155typedef struct dtls1_state_st { 155typedef struct dtls1_state_st {
156 unsigned int send_cookie;
157 unsigned char cookie[DTLS1_COOKIE_LENGTH];
158 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
159 unsigned int cookie_len;
160
161 /*
162 * The current data and handshake epoch. This is initially
163 * undefined, and starts at zero once the initial handshake is
164 * completed
165 */
166 unsigned short r_epoch;
167 unsigned short w_epoch;
168
169 /* records being received in the current epoch */
170 DTLS1_BITMAP bitmap;
171
172 /* renegotiation starts a new set of sequence numbers */
173 DTLS1_BITMAP next_bitmap;
174
175 /* handshake message numbers */
176 unsigned short handshake_write_seq;
177 unsigned short next_handshake_write_seq;
178
179 unsigned short handshake_read_seq;
180
181 /* save last sequence number for retransmissions */
182 unsigned char last_write_sequence[8];
183
184 /* Received handshake records (processed and unprocessed) */
185 record_pqueue unprocessed_rcds;
186 record_pqueue processed_rcds;
187
188 /* Buffered handshake messages */
189 struct _pqueue *buffered_messages;
190
191 /* Buffered (sent) handshake records */ 156 /* Buffered (sent) handshake records */
192 struct _pqueue *sent_messages; 157 struct _pqueue *sent_messages;
193 158
194 /* Buffered application records.
195 * Only for records between CCS and Finished
196 * to prevent either protocol violation or
197 * unnecessary message loss.
198 */
199 record_pqueue buffered_app_data;
200
201 /* Is set when listening for new connections with dtls1_listen() */
202 unsigned int listen;
203
204 unsigned int mtu; /* max DTLS packet size */
205
206 struct hm_header_st w_msg_hdr;
207 struct hm_header_st r_msg_hdr;
208
209 struct dtls1_timeout_st timeout;
210
211 /* Indicates when the last handshake msg or heartbeat sent will timeout */ 159 /* Indicates when the last handshake msg or heartbeat sent will timeout */
212 struct timeval next_timeout; 160 struct timeval next_timeout;
213 161
214 /* Timeout duration */ 162 /* Timeout duration */
215 unsigned short timeout_duration; 163 unsigned short timeout_duration;
216 164
217 /* storage for Alert/Handshake protocol data received but not
218 * yet processed by ssl3_read_bytes: */
219 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
220 unsigned int alert_fragment_len;
221 unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
222 unsigned int handshake_fragment_len;
223
224 unsigned int retransmitting;
225 unsigned int change_cipher_spec_ok;
226
227 struct dtls1_state_internal_st *internal; 165 struct dtls1_state_internal_st *internal;
228} DTLS1_STATE; 166} DTLS1_STATE;
229 167
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 74f44dd930..d75ceb9d2d 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.160 2017/01/22 06:36:49 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.161 2017/01/22 07:16:39 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -611,7 +611,7 @@ ssl3_client_hello(SSL *s)
611 * HelloVerifyRequest, we must retain the original client 611 * HelloVerifyRequest, we must retain the original client
612 * random value. 612 * random value.
613 */ 613 */
614 if (!SSL_IS_DTLS(s) || s->d1->send_cookie == 0) 614 if (!SSL_IS_DTLS(s) || D1I(s)->send_cookie == 0)
615 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); 615 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
616 616
617 d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO); 617 d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
@@ -671,14 +671,14 @@ ssl3_client_hello(SSL *s)
671 671
672 /* DTLS Cookie. */ 672 /* DTLS Cookie. */
673 if (SSL_IS_DTLS(s)) { 673 if (SSL_IS_DTLS(s)) {
674 if (s->d1->cookie_len > sizeof(s->d1->cookie)) { 674 if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) {
675 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, 675 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
676 ERR_R_INTERNAL_ERROR); 676 ERR_R_INTERNAL_ERROR);
677 goto err; 677 goto err;
678 } 678 }
679 *(p++) = s->d1->cookie_len; 679 *(p++) = D1I(s)->cookie_len;
680 memcpy(p, s->d1->cookie, s->d1->cookie_len); 680 memcpy(p, D1I(s)->cookie, D1I(s)->cookie_len);
681 p += s->d1->cookie_len; 681 p += D1I(s)->cookie_len;
682 } 682 }
683 683
684 /* Ciphers supported */ 684 /* Ciphers supported */
@@ -743,7 +743,7 @@ ssl3_get_server_hello(SSL *s)
743 743
744 if (SSL_IS_DTLS(s)) { 744 if (SSL_IS_DTLS(s)) {
745 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { 745 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
746 if (s->d1->send_cookie == 0) { 746 if (D1I(s)->send_cookie == 0) {
747 s->s3->tmp.reuse_message = 1; 747 s->s3->tmp.reuse_message = 1;
748 return (1); 748 return (1);
749 } else { 749 } else {
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 72d90a85c4..7912206785 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.139 2017/01/22 06:36:49 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.140 2017/01/22 07:16:39 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -854,7 +854,7 @@ ssl3_get_client_hello(SSL *s)
854 * HelloVerify message has not been sent--make sure that it 854 * HelloVerify message has not been sent--make sure that it
855 * does not cause an overflow. 855 * does not cause an overflow.
856 */ 856 */
857 if (cookie_len > sizeof(s->d1->rcvd_cookie)) { 857 if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) {
858 /* too much data */ 858 /* too much data */
859 al = SSL_AD_DECODE_ERROR; 859 al = SSL_AD_DECODE_ERROR;
860 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 860 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
@@ -868,19 +868,19 @@ ssl3_get_client_hello(SSL *s)
868 /* verify the cookie if appropriate option is set. */ 868 /* verify the cookie if appropriate option is set. */
869 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && 869 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
870 cookie_len > 0) { 870 cookie_len > 0) {
871 memcpy(s->d1->rcvd_cookie, p, cookie_len); 871 memcpy(D1I(s)->rcvd_cookie, p, cookie_len);
872 872
873 if (s->ctx->app_verify_cookie_cb != NULL) { 873 if (s->ctx->app_verify_cookie_cb != NULL) {
874 if (s->ctx->app_verify_cookie_cb(s, 874 if (s->ctx->app_verify_cookie_cb(s,
875 s->d1->rcvd_cookie, cookie_len) == 0) { 875 D1I(s)->rcvd_cookie, cookie_len) == 0) {
876 al = SSL_AD_HANDSHAKE_FAILURE; 876 al = SSL_AD_HANDSHAKE_FAILURE;
877 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 877 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
878 SSL_R_COOKIE_MISMATCH); 878 SSL_R_COOKIE_MISMATCH);
879 goto f_err; 879 goto f_err;
880 } 880 }
881 /* else cookie verification succeeded */ 881 /* else cookie verification succeeded */
882 } else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie, 882 } else if (timingsafe_memcmp(D1I(s)->rcvd_cookie, D1I(s)->cookie,
883 s->d1->cookie_len) != 0) { 883 D1I(s)->cookie_len) != 0) {
884 /* default verification */ 884 /* default verification */
885 al = SSL_AD_HANDSHAKE_FAILURE; 885 al = SSL_AD_HANDSHAKE_FAILURE;
886 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 886 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 7031c91e1c..50c764ae86 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.127 2017/01/22 06:36:49 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.128 2017/01/22 07:16:39 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1078,7 +1078,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1078 return (0); 1078 return (0);
1079#endif 1079#endif
1080 if (SSL_IS_DTLS(s)) { 1080 if (SSL_IS_DTLS(s)) {
1081 s->d1->mtu = larg; 1081 D1I(s)->mtu = larg;
1082 return (larg); 1082 return (larg);
1083 } 1083 }
1084 return (0); 1084 return (0);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 805d68906a..5681167242 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.149 2017/01/22 06:36:49 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.150 2017/01/22 07:16:39 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -449,8 +449,69 @@ typedef struct ssl3_state_internal_st {
449} SSL3_STATE_INTERNAL; 449} SSL3_STATE_INTERNAL;
450 450
451typedef struct dtls1_state_internal_st { 451typedef struct dtls1_state_internal_st {
452 unsigned int send_cookie;
453 unsigned char cookie[DTLS1_COOKIE_LENGTH];
454 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
455 unsigned int cookie_len;
452 456
457 /*
458 * The current data and handshake epoch. This is initially
459 * undefined, and starts at zero once the initial handshake is
460 * completed
461 */
462 unsigned short r_epoch;
463 unsigned short w_epoch;
464
465 /* records being received in the current epoch */
466 DTLS1_BITMAP bitmap;
467
468 /* renegotiation starts a new set of sequence numbers */
469 DTLS1_BITMAP next_bitmap;
470
471 /* handshake message numbers */
472 unsigned short handshake_write_seq;
473 unsigned short next_handshake_write_seq;
474
475 unsigned short handshake_read_seq;
476
477 /* save last sequence number for retransmissions */
478 unsigned char last_write_sequence[8];
479
480 /* Received handshake records (processed and unprocessed) */
481 record_pqueue unprocessed_rcds;
482 record_pqueue processed_rcds;
483
484 /* Buffered handshake messages */
485 struct _pqueue *buffered_messages;
486
487 /* Buffered application records.
488 * Only for records between CCS and Finished
489 * to prevent either protocol violation or
490 * unnecessary message loss.
491 */
492 record_pqueue buffered_app_data;
493
494 /* Is set when listening for new connections with dtls1_listen() */
495 unsigned int listen;
496
497 unsigned int mtu; /* max DTLS packet size */
498
499 struct hm_header_st w_msg_hdr;
500 struct hm_header_st r_msg_hdr;
501
502 struct dtls1_timeout_st timeout;
503
504 /* storage for Alert/Handshake protocol data received but not
505 * yet processed by ssl3_read_bytes: */
506 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
507 unsigned int alert_fragment_len;
508 unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
509 unsigned int handshake_fragment_len;
510
511 unsigned int retransmitting;
512 unsigned int change_cipher_spec_ok;
453} DTLS1_STATE_INTERNAL; 513} DTLS1_STATE_INTERNAL;
514#define D1I(s) (s->d1->internal)
454 515
455typedef struct cert_pkey_st { 516typedef struct cert_pkey_st {
456 X509 *x509; 517 X509 *x509;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 04219eb1b7..67ad1ae924 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.87 2016/11/06 17:21:04 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.88 2017/01/22 07:16:39 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -849,7 +849,7 @@ tls1_enc(SSL *s, int send)
849 849
850 if (SSL_IS_DTLS(s)) { 850 if (SSL_IS_DTLS(s)) {
851 dtls1_build_sequence_number(ad, seq, 851 dtls1_build_sequence_number(ad, seq,
852 send ? s->d1->w_epoch : s->d1->r_epoch); 852 send ? D1I(s)->w_epoch : D1I(s)->r_epoch);
853 } else { 853 } else {
854 memcpy(ad, seq, SSL3_SEQUENCE_SIZE); 854 memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
855 tls1_record_sequence_increment(seq); 855 tls1_record_sequence_increment(seq);
@@ -1040,7 +1040,7 @@ tls1_enc(SSL *s, int send)
1040 1040
1041 if (SSL_IS_DTLS(s)) { 1041 if (SSL_IS_DTLS(s)) {
1042 dtls1_build_sequence_number(buf, seq, 1042 dtls1_build_sequence_number(buf, seq,
1043 send ? s->d1->w_epoch : s->d1->r_epoch); 1043 send ? D1I(s)->w_epoch : D1I(s)->r_epoch);
1044 } else { 1044 } else {
1045 memcpy(buf, seq, SSL3_SEQUENCE_SIZE); 1045 memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
1046 tls1_record_sequence_increment(seq); 1046 tls1_record_sequence_increment(seq);
@@ -1217,7 +1217,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
1217 1217
1218 if (SSL_IS_DTLS(ssl)) 1218 if (SSL_IS_DTLS(ssl))
1219 dtls1_build_sequence_number(header, seq, 1219 dtls1_build_sequence_number(header, seq,
1220 send ? ssl->d1->w_epoch : ssl->d1->r_epoch); 1220 send ? D1I(ssl)->w_epoch : D1I(ssl)->r_epoch);
1221 else 1221 else
1222 memcpy(header, seq, SSL3_SEQUENCE_SIZE); 1222 memcpy(header, seq, SSL3_SEQUENCE_SIZE);
1223 1223
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 18:53:51 +0000