1 files changed, 50 insertions, 50 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 7365968db6..07c868f45e 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.79 2021/10/23 08:34:36 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.80 2021/10/23 13:36:03 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -216,9 +216,9 @@ dtls1_do_write(SSL *s, int type)
        size_t overhead;
        /* AHA!  Figure out the MTU, and stick to the right size */
-        if (D1I(s)->mtu < dtls1_min_mtu() &&
+        if (s->d1->mtu < dtls1_min_mtu() &&
            !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
-                D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
+                s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
                    BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
                /*
@@ -226,27 +226,27 @@ dtls1_do_write(SSL *s, int type)
                 * doesn't know the MTU (ie., the initial write), so just
                 * make sure we have a reasonable number
                 */
-                if (D1I(s)->mtu < dtls1_min_mtu()) {
+                if (s->d1->mtu < dtls1_min_mtu()) {
-                        D1I(s)->mtu = 0;
+                        s->d1->mtu = 0;
-                        D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu);
+                        s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
-                            D1I(s)->mtu, NULL);
+                            s->d1->mtu, NULL);
                }
        }
-        OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu());
+        OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
        /* should have something reasonable now */
        if (s->internal->init_off == 0  && type == SSL3_RT_HANDSHAKE)
                OPENSSL_assert(s->internal->init_num ==
-                    (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
+                    (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
        if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead))
                return -1;
        frag_off = 0;
        while (s->internal->init_num) {
-                curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) -
+                curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
                    DTLS1_RT_HEADER_LENGTH - overhead;
                if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
@@ -254,7 +254,7 @@ dtls1_do_write(SSL *s, int type)
                        ret = BIO_flush(SSL_get_wbio(s));
                        if (ret <= 0)
                                return ret;
-                        curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH -
+                        curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
                            overhead;
                }
@@ -279,8 +279,8 @@ dtls1_do_write(SSL *s, int type)
                        dtls1_fix_message_header(s, frag_off,
                            len - DTLS1_HM_HEADER_LENGTH);
-                        if (!dtls1_write_message_header(&D1I(s)->w_msg_hdr,
+                        if (!dtls1_write_message_header(&s->d1->w_msg_hdr,
-                            D1I(s)->w_msg_hdr.frag_off, D1I(s)->w_msg_hdr.frag_len,
+                            s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len,
                            (unsigned char *)&s->internal->init_buf->data[s->internal->init_off]))
                                return -1;
@@ -299,7 +299,7 @@ dtls1_do_write(SSL *s, int type)
                         */
                        if (BIO_ctrl(SSL_get_wbio(s),
                            BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
-                                D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
+                                s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
                                    BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
                        else
                                return (-1);
@@ -313,14 +313,14 @@ dtls1_do_write(SSL *s, int type)
                        OPENSSL_assert(len == (unsigned int)ret);
                        if (type == SSL3_RT_HANDSHAKE &&
-                            !D1I(s)->retransmitting) {
+                            !s->d1->retransmitting) {
                                /*
                                 * Should not be done for 'Hello Request's,
                                 * but in that case we'll ignore the result
                                 * anyway
                                 */
                                unsigned char *p = (unsigned char *)&s->internal->init_buf->data[s->internal->init_off];
-                                const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
+                                const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
                                int xlen;
                                if (frag_off == 0) {
@@ -392,7 +392,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
                return 1;
        }
-        msg_hdr = &D1I(s)->r_msg_hdr;
+        msg_hdr = &s->d1->r_msg_hdr;
        memset(msg_hdr, 0, sizeof(struct hm_header_st));
 again:
@@ -420,8 +420,8 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
        memset(msg_hdr, 0, sizeof(struct hm_header_st));
        /* Don't change sequence numbers while listening */
-        if (!D1I(s)->listen)
+        if (!s->d1->listen)
-                D1I(s)->handshake_read_seq++;
+                s->d1->handshake_read_seq++;
        s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
        return 1;
@@ -451,7 +451,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
                return SSL_AD_ILLEGAL_PARAMETER;
        }
-        if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */
+        if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
        {
                /*
                 * msg_len is limited to 2^24, but is effectively checked
@@ -464,11 +464,11 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
                }
                S3I(s)->hs.tls12.message_size = msg_len;
-                D1I(s)->r_msg_hdr.msg_len = msg_len;
+                s->d1->r_msg_hdr.msg_len = msg_len;
                S3I(s)->hs.tls12.message_type = msg_hdr->type;
-                D1I(s)->r_msg_hdr.type = msg_hdr->type;
+                s->d1->r_msg_hdr.type = msg_hdr->type;
-                D1I(s)->r_msg_hdr.seq = msg_hdr->seq;
+                s->d1->r_msg_hdr.seq = msg_hdr->seq;
-        } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) {
+        } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
                /*
                 * They must be playing with us! BTW, failure to enforce
                 * upper limit would open possibility for buffer overrun.
@@ -494,7 +494,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
        int al;
        *ok = 0;
-        item = pqueue_peek(D1I(s)->buffered_messages);
+        item = pqueue_peek(s->d1->buffered_messages);
        if (item == NULL)
                return 0;
@@ -504,9 +504,9 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
        if (frag->reassembly != NULL)
                return 0;
-        if (D1I(s)->handshake_read_seq == frag->msg_header.seq) {
+        if (s->d1->handshake_read_seq == frag->msg_header.seq) {
                unsigned long frag_len = frag->msg_header.frag_len;
-                pqueue_pop(D1I(s)->buffered_messages);
+                pqueue_pop(s->d1->buffered_messages);
                al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
@@ -571,7 +571,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
        memset(seq64be, 0, sizeof(seq64be));
        seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
        seq64be[7] = (unsigned char)msg_hdr->seq;
-        item = pqueue_find(D1I(s)->buffered_messages, seq64be);
+        item = pqueue_find(s->d1->buffered_messages, seq64be);
        if (item == NULL) {
                frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
@@ -636,7 +636,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
                        goto err;
                }
-                pqueue_insert(D1I(s)->buffered_messages, item);
+                pqueue_insert(s->d1->buffered_messages, item);
        }
        return DTLS1_HM_FRAGMENT_RETRY;
@@ -665,7 +665,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
        memset(seq64be, 0, sizeof(seq64be));
        seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
        seq64be[7] = (unsigned char) msg_hdr->seq;
-        item = pqueue_find(D1I(s)->buffered_messages, seq64be);
+        item = pqueue_find(s->d1->buffered_messages, seq64be);
        /*
         * If we already have an entry and this one is a fragment,
@@ -680,9 +680,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
         * a FINISHED before the SERVER_HELLO, which then must be a stale
         * retransmit.
         */
-        if (msg_hdr->seq <= D1I(s)->handshake_read_seq ||
+        if (msg_hdr->seq <= s->d1->handshake_read_seq ||
-            msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL ||
+            msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
-            (D1I(s)->handshake_read_seq == 0 &&
+            (s->d1->handshake_read_seq == 0 &&
            msg_hdr->type == SSL3_MT_FINISHED)) {
                unsigned char devnull [256];
@@ -723,7 +723,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
                if (item == NULL)
                        goto err;
-                pqueue_insert(D1I(s)->buffered_messages, item);
+                pqueue_insert(s->d1->buffered_messages, item);
        }
        return DTLS1_HM_FRAGMENT_RETRY;
@@ -777,8 +777,8 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
         * While listening, we accept seq 1 (ClientHello with cookie)
         * although we're still expecting seq 0 (ClientHello)
         */
-        if (msg_hdr.seq != D1I(s)->handshake_read_seq &&
+        if (msg_hdr.seq != s->d1->handshake_read_seq &&
-            !(D1I(s)->listen && msg_hdr.seq == 1))
+            !(s->d1->listen && msg_hdr.seq == 1))
                return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
        len = msg_hdr.msg_len;
@@ -788,7 +788,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
        if (frag_len && frag_len < len)
                return dtls1_reassemble_fragment(s, &msg_hdr, ok);
-        if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 &&
+        if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
            wire[0] == SSL3_MT_HELLO_REQUEST) {
                /*
                 * The server may always send 'Hello Request' messages --
@@ -956,15 +956,15 @@ dtls1_buffer_message(SSL *s, int is_ccs)
        memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num);
-        OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len +
+        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
            (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) ==
            (unsigned int)s->internal->init_num);
-        frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len;
+        frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
-        frag->msg_header.seq = D1I(s)->w_msg_hdr.seq;
+        frag->msg_header.seq = s->d1->w_msg_hdr.seq;
-        frag->msg_header.type = D1I(s)->w_msg_hdr.type;
+        frag->msg_header.type = s->d1->w_msg_hdr.type;
        frag->msg_header.frag_off = 0;
-        frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len;
+        frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
        frag->msg_header.is_ccs = is_ccs;
        /* save current state*/
@@ -1039,7 +1039,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
        saved_state.session = s->session;
        saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl);
-        D1I(s)->retransmitting = 1;
+        s->d1->retransmitting = 1;
        /* restore state in which the message was originally sent */
        s->session = frag->msg_header.saved_retransmit_state.session;
@@ -1056,7 +1056,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
            saved_state.epoch))
                return 0;
-        D1I(s)->retransmitting = 0;
+        s->d1->retransmitting = 0;
        (void)BIO_flush(SSL_get_wbio(s));
        return ret;
@@ -1085,12 +1085,12 @@ dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len,
    unsigned long frag_off, unsigned long frag_len)
 {
        /* Don't change sequence numbers while listening */
-        if (frag_off == 0 && !D1I(s)->listen) {
+        if (frag_off == 0 && !s->d1->listen) {
-                D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
+                s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
-                D1I(s)->next_handshake_write_seq++;
+                s->d1->next_handshake_write_seq++;
        }
-        dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq,
+        dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
            frag_off, frag_len);
 }
@@ -1099,7 +1099,7 @@ void
 dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
    unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
 {
-        struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
+        struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
        msg_hdr->type = mt;
        msg_hdr->msg_len = len;
@@ -1111,7 +1111,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
 static void
 dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
 {
-        struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
+        struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
        msg_hdr->frag_off = frag_off;
        msg_hdr->frag_len = frag_len;

diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index 7365968db6..07c868f45e 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_both.c,v 1.79 2021/10/23 08:34:36 jsing Exp $ */	1	/* $OpenBSD: d1_both.c,v 1.80 2021/10/23 13:36:03 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -216,9 +216,9 @@ dtls1_do_write(SSL *s, int type)
216	size_t overhead;	216	size_t overhead;
217		217
218	/* AHA! Figure out the MTU, and stick to the right size */	218	/* AHA! Figure out the MTU, and stick to the right size */
219	if (D1I(s)->mtu < dtls1_min_mtu() &&	219	if (s->d1->mtu < dtls1_min_mtu() &&
220	!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {	220	!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
221	D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),	221	s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
222	BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);	222	BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
223		223
224	/*	224	/*
@@ -226,27 +226,27 @@ dtls1_do_write(SSL *s, int type)
226	* doesn't know the MTU (ie., the initial write), so just	226	* doesn't know the MTU (ie., the initial write), so just
227	* make sure we have a reasonable number	227	* make sure we have a reasonable number
228	*/	228	*/
229	if (D1I(s)->mtu < dtls1_min_mtu()) {	229	if (s->d1->mtu < dtls1_min_mtu()) {
230	D1I(s)->mtu = 0;	230	s->d1->mtu = 0;
231	D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu);	231	s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
232	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,	232	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
233	D1I(s)->mtu, NULL);	233	s->d1->mtu, NULL);
234	}	234	}
235	}	235	}
236		236
237	OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu());	237	OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
238	/* should have something reasonable now */	238	/* should have something reasonable now */
239		239
240	if (s->internal->init_off == 0 && type == SSL3_RT_HANDSHAKE)	240	if (s->internal->init_off == 0 && type == SSL3_RT_HANDSHAKE)
241	OPENSSL_assert(s->internal->init_num ==	241	OPENSSL_assert(s->internal->init_num ==
242	(int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);	242	(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
243		243
244	if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead))	244	if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead))
245	return -1;	245	return -1;
246		246
247	frag_off = 0;	247	frag_off = 0;
248	while (s->internal->init_num) {	248	while (s->internal->init_num) {
249	curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) -	249	curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
250	DTLS1_RT_HEADER_LENGTH - overhead;	250	DTLS1_RT_HEADER_LENGTH - overhead;
251		251
252	if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {	252	if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
@@ -254,7 +254,7 @@ dtls1_do_write(SSL *s, int type)
254	ret = BIO_flush(SSL_get_wbio(s));	254	ret = BIO_flush(SSL_get_wbio(s));
255	if (ret <= 0)	255	if (ret <= 0)
256	return ret;	256	return ret;
257	curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH -	257	curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
258	overhead;	258	overhead;
259	}	259	}
260		260
@@ -279,8 +279,8 @@ dtls1_do_write(SSL *s, int type)
279	dtls1_fix_message_header(s, frag_off,	279	dtls1_fix_message_header(s, frag_off,
280	len - DTLS1_HM_HEADER_LENGTH);	280	len - DTLS1_HM_HEADER_LENGTH);
281		281
282	if (!dtls1_write_message_header(&D1I(s)->w_msg_hdr,	282	if (!dtls1_write_message_header(&s->d1->w_msg_hdr,
283	D1I(s)->w_msg_hdr.frag_off, D1I(s)->w_msg_hdr.frag_len,	283	s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len,
284	(unsigned char *)&s->internal->init_buf->data[s->internal->init_off]))	284	(unsigned char *)&s->internal->init_buf->data[s->internal->init_off]))
285	return -1;	285	return -1;
286		286
@@ -299,7 +299,7 @@ dtls1_do_write(SSL *s, int type)
299	*/	299	*/
300	if (BIO_ctrl(SSL_get_wbio(s),	300	if (BIO_ctrl(SSL_get_wbio(s),
301	BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)	301	BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
302	D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),	302	s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
303	BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);	303	BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
304	else	304	else
305	return (-1);	305	return (-1);
@@ -313,14 +313,14 @@ dtls1_do_write(SSL *s, int type)
313	OPENSSL_assert(len == (unsigned int)ret);	313	OPENSSL_assert(len == (unsigned int)ret);
314		314
315	if (type == SSL3_RT_HANDSHAKE &&	315	if (type == SSL3_RT_HANDSHAKE &&
316	!D1I(s)->retransmitting) {	316	!s->d1->retransmitting) {
317	/*	317	/*
318	* Should not be done for 'Hello Request's,	318	* Should not be done for 'Hello Request's,
319	* but in that case we'll ignore the result	319	* but in that case we'll ignore the result
320	* anyway	320	* anyway
321	*/	321	*/
322	unsigned char p = (unsigned char )&s->internal->init_buf->data[s->internal->init_off];	322	unsigned char p = (unsigned char )&s->internal->init_buf->data[s->internal->init_off];
323	const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;	323	const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
324	int xlen;	324	int xlen;
325		325
326	if (frag_off == 0) {	326	if (frag_off == 0) {
@@ -392,7 +392,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
392	return 1;	392	return 1;
393	}	393	}
394		394
395	msg_hdr = &D1I(s)->r_msg_hdr;	395	msg_hdr = &s->d1->r_msg_hdr;
396	memset(msg_hdr, 0, sizeof(struct hm_header_st));	396	memset(msg_hdr, 0, sizeof(struct hm_header_st));
397		397
398	again:	398	again:
@@ -420,8 +420,8 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
420	memset(msg_hdr, 0, sizeof(struct hm_header_st));	420	memset(msg_hdr, 0, sizeof(struct hm_header_st));
421		421
422	/* Don't change sequence numbers while listening */	422	/* Don't change sequence numbers while listening */
423	if (!D1I(s)->listen)	423	if (!s->d1->listen)
424	D1I(s)->handshake_read_seq++;	424	s->d1->handshake_read_seq++;
425		425
426	s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;	426	s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
427	return 1;	427	return 1;
@@ -451,7 +451,7 @@ dtls1_preprocess_fragment(SSL s, struct hm_header_st msg_hdr, int max)
451	return SSL_AD_ILLEGAL_PARAMETER;	451	return SSL_AD_ILLEGAL_PARAMETER;
452	}	452	}
453		453
454	if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */	454	if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
455	{	455	{
456	/*	456	/*
457	* msg_len is limited to 2^24, but is effectively checked	457	* msg_len is limited to 2^24, but is effectively checked
@@ -464,11 +464,11 @@ dtls1_preprocess_fragment(SSL s, struct hm_header_st msg_hdr, int max)
464	}	464	}
465		465
466	S3I(s)->hs.tls12.message_size = msg_len;	466	S3I(s)->hs.tls12.message_size = msg_len;
467	D1I(s)->r_msg_hdr.msg_len = msg_len;	467	s->d1->r_msg_hdr.msg_len = msg_len;
468	S3I(s)->hs.tls12.message_type = msg_hdr->type;	468	S3I(s)->hs.tls12.message_type = msg_hdr->type;
469	D1I(s)->r_msg_hdr.type = msg_hdr->type;	469	s->d1->r_msg_hdr.type = msg_hdr->type;
470	D1I(s)->r_msg_hdr.seq = msg_hdr->seq;	470	s->d1->r_msg_hdr.seq = msg_hdr->seq;
471	} else if (msg_len != D1I(s)->r_msg_hdr.msg_len) {	471	} else if (msg_len != s->d1->r_msg_hdr.msg_len) {
472	/*	472	/*
473	* They must be playing with us! BTW, failure to enforce	473	* They must be playing with us! BTW, failure to enforce
474	* upper limit would open possibility for buffer overrun.	474	* upper limit would open possibility for buffer overrun.
@@ -494,7 +494,7 @@ dtls1_retrieve_buffered_fragment(SSL s, long max, int ok)
494	int al;	494	int al;
495		495
496	*ok = 0;	496	*ok = 0;
497	item = pqueue_peek(D1I(s)->buffered_messages);	497	item = pqueue_peek(s->d1->buffered_messages);
498	if (item == NULL)	498	if (item == NULL)
499	return 0;	499	return 0;
500		500
@@ -504,9 +504,9 @@ dtls1_retrieve_buffered_fragment(SSL s, long max, int ok)
504	if (frag->reassembly != NULL)	504	if (frag->reassembly != NULL)
505	return 0;	505	return 0;
506		506
507	if (D1I(s)->handshake_read_seq == frag->msg_header.seq) {	507	if (s->d1->handshake_read_seq == frag->msg_header.seq) {
508	unsigned long frag_len = frag->msg_header.frag_len;	508	unsigned long frag_len = frag->msg_header.frag_len;
509	pqueue_pop(D1I(s)->buffered_messages);	509	pqueue_pop(s->d1->buffered_messages);
510		510
511	al = dtls1_preprocess_fragment(s, &frag->msg_header, max);	511	al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
512		512
@@ -571,7 +571,7 @@ dtls1_reassemble_fragment(SSL s, struct hm_header_st msg_hdr, int *ok)
571	memset(seq64be, 0, sizeof(seq64be));	571	memset(seq64be, 0, sizeof(seq64be));
572	seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);	572	seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
573	seq64be[7] = (unsigned char)msg_hdr->seq;	573	seq64be[7] = (unsigned char)msg_hdr->seq;
574	item = pqueue_find(D1I(s)->buffered_messages, seq64be);	574	item = pqueue_find(s->d1->buffered_messages, seq64be);
575		575
576	if (item == NULL) {	576	if (item == NULL) {
577	frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);	577	frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
@@ -636,7 +636,7 @@ dtls1_reassemble_fragment(SSL s, struct hm_header_st msg_hdr, int *ok)
636	goto err;	636	goto err;
637	}	637	}
638		638
639	pqueue_insert(D1I(s)->buffered_messages, item);	639	pqueue_insert(s->d1->buffered_messages, item);
640	}	640	}
641		641
642	return DTLS1_HM_FRAGMENT_RETRY;	642	return DTLS1_HM_FRAGMENT_RETRY;
@@ -665,7 +665,7 @@ dtls1_process_out_of_seq_message(SSL s, struct hm_header_st msg_hdr, int *ok)
665	memset(seq64be, 0, sizeof(seq64be));	665	memset(seq64be, 0, sizeof(seq64be));
666	seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);	666	seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
667	seq64be[7] = (unsigned char) msg_hdr->seq;	667	seq64be[7] = (unsigned char) msg_hdr->seq;
668	item = pqueue_find(D1I(s)->buffered_messages, seq64be);	668	item = pqueue_find(s->d1->buffered_messages, seq64be);
669		669
670	/*	670	/*
671	* If we already have an entry and this one is a fragment,	671	* If we already have an entry and this one is a fragment,
@@ -680,9 +680,9 @@ dtls1_process_out_of_seq_message(SSL s, struct hm_header_st msg_hdr, int *ok)
680	* a FINISHED before the SERVER_HELLO, which then must be a stale	680	* a FINISHED before the SERVER_HELLO, which then must be a stale
681	* retransmit.	681	* retransmit.
682	*/	682	*/
683	if (msg_hdr->seq <= D1I(s)->handshake_read_seq \|\|	683	if (msg_hdr->seq <= s->d1->handshake_read_seq \|\|
684	msg_hdr->seq > D1I(s)->handshake_read_seq + 10 \|\| item != NULL \|\|	684	msg_hdr->seq > s->d1->handshake_read_seq + 10 \|\| item != NULL \|\|
685	(D1I(s)->handshake_read_seq == 0 &&	685	(s->d1->handshake_read_seq == 0 &&
686	msg_hdr->type == SSL3_MT_FINISHED)) {	686	msg_hdr->type == SSL3_MT_FINISHED)) {
687	unsigned char devnull [256];	687	unsigned char devnull [256];
688		688
@@ -723,7 +723,7 @@ dtls1_process_out_of_seq_message(SSL s, struct hm_header_st msg_hdr, int *ok)
723	if (item == NULL)	723	if (item == NULL)
724	goto err;	724	goto err;
725		725
726	pqueue_insert(D1I(s)->buffered_messages, item);	726	pqueue_insert(s->d1->buffered_messages, item);
727	}	727	}
728		728
729	return DTLS1_HM_FRAGMENT_RETRY;	729	return DTLS1_HM_FRAGMENT_RETRY;
@@ -777,8 +777,8 @@ dtls1_get_message_fragment(SSL s, int st1, int stn, long max, int ok)
777	* While listening, we accept seq 1 (ClientHello with cookie)	777	* While listening, we accept seq 1 (ClientHello with cookie)
778	* although we're still expecting seq 0 (ClientHello)	778	* although we're still expecting seq 0 (ClientHello)
779	*/	779	*/
780	if (msg_hdr.seq != D1I(s)->handshake_read_seq &&	780	if (msg_hdr.seq != s->d1->handshake_read_seq &&
781	!(D1I(s)->listen && msg_hdr.seq == 1))	781	!(s->d1->listen && msg_hdr.seq == 1))
782	return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);	782	return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
783		783
784	len = msg_hdr.msg_len;	784	len = msg_hdr.msg_len;
@@ -788,7 +788,7 @@ dtls1_get_message_fragment(SSL s, int st1, int stn, long max, int ok)
788	if (frag_len && frag_len < len)	788	if (frag_len && frag_len < len)
789	return dtls1_reassemble_fragment(s, &msg_hdr, ok);	789	return dtls1_reassemble_fragment(s, &msg_hdr, ok);
790		790
791	if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 &&	791	if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
792	wire[0] == SSL3_MT_HELLO_REQUEST) {	792	wire[0] == SSL3_MT_HELLO_REQUEST) {
793	/*	793	/*
794	* The server may always send 'Hello Request' messages --	794	* The server may always send 'Hello Request' messages --
@@ -956,15 +956,15 @@ dtls1_buffer_message(SSL *s, int is_ccs)
956		956
957	memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num);	957	memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num);
958		958
959	OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len +	959	OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
960	(is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) ==	960	(is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) ==
961	(unsigned int)s->internal->init_num);	961	(unsigned int)s->internal->init_num);
962		962
963	frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len;	963	frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
964	frag->msg_header.seq = D1I(s)->w_msg_hdr.seq;	964	frag->msg_header.seq = s->d1->w_msg_hdr.seq;
965	frag->msg_header.type = D1I(s)->w_msg_hdr.type;	965	frag->msg_header.type = s->d1->w_msg_hdr.type;
966	frag->msg_header.frag_off = 0;	966	frag->msg_header.frag_off = 0;
967	frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len;	967	frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
968	frag->msg_header.is_ccs = is_ccs;	968	frag->msg_header.is_ccs = is_ccs;
969		969
970	/* save current state*/	970	/* save current state*/
@@ -1039,7 +1039,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1039	saved_state.session = s->session;	1039	saved_state.session = s->session;
1040	saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl);	1040	saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl);
1041		1041
1042	D1I(s)->retransmitting = 1;	1042	s->d1->retransmitting = 1;
1043		1043
1044	/* restore state in which the message was originally sent */	1044	/* restore state in which the message was originally sent */
1045	s->session = frag->msg_header.saved_retransmit_state.session;	1045	s->session = frag->msg_header.saved_retransmit_state.session;
@@ -1056,7 +1056,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1056	saved_state.epoch))	1056	saved_state.epoch))
1057	return 0;	1057	return 0;
1058		1058
1059	D1I(s)->retransmitting = 0;	1059	s->d1->retransmitting = 0;
1060		1060
1061	(void)BIO_flush(SSL_get_wbio(s));	1061	(void)BIO_flush(SSL_get_wbio(s));
1062	return ret;	1062	return ret;
@@ -1085,12 +1085,12 @@ dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len,
1085	unsigned long frag_off, unsigned long frag_len)	1085	unsigned long frag_off, unsigned long frag_len)
1086	{	1086	{
1087	/* Don't change sequence numbers while listening */	1087	/* Don't change sequence numbers while listening */
1088	if (frag_off == 0 && !D1I(s)->listen) {	1088	if (frag_off == 0 && !s->d1->listen) {
1089	D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;	1089	s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1090	D1I(s)->next_handshake_write_seq++;	1090	s->d1->next_handshake_write_seq++;
1091	}	1091	}
1092		1092
1093	dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq,	1093	dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1094	frag_off, frag_len);	1094	frag_off, frag_len);
1095	}	1095	}
1096		1096
@@ -1099,7 +1099,7 @@ void
1099	dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,	1099	dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
1100	unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)	1100	unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
1101	{	1101	{
1102	struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;	1102	struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1103		1103
1104	msg_hdr->type = mt;	1104	msg_hdr->type = mt;
1105	msg_hdr->msg_len = len;	1105	msg_hdr->msg_len = len;
@@ -1111,7 +1111,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
1111	static void	1111	static void
1112	dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)	1112	dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
1113	{	1113	{
1114	struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;	1114	struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1115		1115
1116	msg_hdr->frag_off = frag_off;	1116	msg_hdr->frag_off = frag_off;
1117	msg_hdr->frag_len = frag_len;	1117	msg_hdr->frag_len = frag_len;