1 files changed, 18 insertions, 18 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index aafadf16ef..7aea85a4c4 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.112 2021/09/04 14:31:54 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.113 2021/10/23 13:36:03 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -271,19 +271,19 @@ static int
 dtls1_process_buffered_record(SSL *s)
 {
        /* Check if epoch is current. */
-        if (D1I(s)->unprocessed_rcds.epoch !=
+        if (s->d1->unprocessed_rcds.epoch !=
            tls12_record_layer_read_epoch(s->internal->rl))
                return (0);
        /* Update epoch once all unprocessed records have been processed. */
-        if (pqueue_peek(D1I(s)->unprocessed_rcds.q) == NULL) {
+        if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) {
-                D1I(s)->unprocessed_rcds.epoch =
+                s->d1->unprocessed_rcds.epoch =
                    tls12_record_layer_read_epoch(s->internal->rl) + 1;
                return (0);
        }
        /* Process one of the records. */
-        if (!dtls1_retrieve_buffered_record(s, &D1I(s)->unprocessed_rcds))
+        if (!dtls1_retrieve_buffered_record(s, &s->d1->unprocessed_rcds))
                return (-1);
        if (!dtls1_process_record(s))
                return (-1);
@@ -449,7 +449,7 @@ dtls1_get_record(SSL *s)
         * since they arrive from different connections and
         * would be dropped unnecessarily.
         */
-        if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE &&
+        if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
            p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
            !dtls1_record_replay_check(s, bitmap, rr->seq_num))
                goto again;
@@ -464,8 +464,8 @@ dtls1_get_record(SSL *s)
         * anything while listening.
         */
        if (is_next_epoch) {
-                if ((SSL_in_init(s) || s->internal->in_handshake) && !D1I(s)->listen) {
+                if ((SSL_in_init(s) || s->internal->in_handshake) && !s->d1->listen) {
-                        if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds),
+                        if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
                            rr->seq_num) < 0)
                                return (-1);
                        /* Mark receipt of record. */
@@ -552,7 +552,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
         * in advance, if any.
         */
        if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0)
-                dtls1_retrieve_buffered_record(s, &(D1I(s)->buffered_app_data));
+                dtls1_retrieve_buffered_record(s, &(s->d1->buffered_app_data));
        /* Check for timeout */
        if (dtls1_handle_timeout(s) > 0)
@@ -571,7 +571,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                }
        }
-        if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) {
+        if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
                rr->length = 0;
                goto start;
        }
@@ -586,7 +586,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                 * buffer the application data for later processing rather
                 * than dropping the connection.
                 */
-                if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data),
+                if (dtls1_buffer_record(s, &(s->d1->buffered_app_data),
                    rr->seq_num) < 0) {
                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                        return (-1);
@@ -701,7 +701,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                if (SSL_is_init_finished(s) &&
                    !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
                    !S3I(s)->renegotiate) {
-                        D1I(s)->handshake_read_seq++;
+                        s->d1->handshake_read_seq++;
                        s->internal->new_session = 1;
                        ssl3_renegotiate(s);
                        if (ssl3_renegotiate_check(s)) {
@@ -793,12 +793,12 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
                /* We can't process a CCS now, because previous handshake
                 * messages are still missing, so just drop it.
                 */
-                if (!D1I(s)->change_cipher_spec_ok) {
+                if (!s->d1->change_cipher_spec_ok) {
                        rr->length = 0;
                        goto start;
                }
-                D1I(s)->change_cipher_spec_ok = 0;
+                s->d1->change_cipher_spec_ok = 0;
                S3I(s)->change_cipher_spec = 1;
                if (!ssl3_do_change_cipher_spec(s))
@@ -1069,13 +1069,13 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
        /* In current epoch, accept HM, CCS, DATA, & ALERT */
        if (rr->epoch == read_epoch)
-                return &D1I(s)->bitmap;
+                return &s->d1->bitmap;
        /* Only HM and ALERT messages can be from the next epoch */
        if (rr->epoch == read_epoch_next &&
            (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
                *is_next_epoch = 1;
-                return &D1I(s)->next_bitmap;
+                return &s->d1->next_bitmap;
        }
        return NULL;
@@ -1084,6 +1084,6 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
 void
 dtls1_reset_read_seq_numbers(SSL *s)
 {
-        memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));
+        memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
-        memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP));
+        memset(&(s->d1->next_bitmap), 0, sizeof(DTLS1_BITMAP));
 }

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index aafadf16ef..7aea85a4c4 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.112 2021/09/04 14:31:54 jsing Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.113 2021/10/23 13:36:03 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -271,19 +271,19 @@ static int
271	dtls1_process_buffered_record(SSL *s)	271	dtls1_process_buffered_record(SSL *s)
272	{	272	{
273	/* Check if epoch is current. */	273	/* Check if epoch is current. */
274	if (D1I(s)->unprocessed_rcds.epoch !=	274	if (s->d1->unprocessed_rcds.epoch !=
275	tls12_record_layer_read_epoch(s->internal->rl))	275	tls12_record_layer_read_epoch(s->internal->rl))
276	return (0);	276	return (0);
277		277
278	/* Update epoch once all unprocessed records have been processed. */	278	/* Update epoch once all unprocessed records have been processed. */
279	if (pqueue_peek(D1I(s)->unprocessed_rcds.q) == NULL) {	279	if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) {
280	D1I(s)->unprocessed_rcds.epoch =	280	s->d1->unprocessed_rcds.epoch =
281	tls12_record_layer_read_epoch(s->internal->rl) + 1;	281	tls12_record_layer_read_epoch(s->internal->rl) + 1;
282	return (0);	282	return (0);
283	}	283	}
284		284
285	/* Process one of the records. */	285	/* Process one of the records. */
286	if (!dtls1_retrieve_buffered_record(s, &D1I(s)->unprocessed_rcds))	286	if (!dtls1_retrieve_buffered_record(s, &s->d1->unprocessed_rcds))
287	return (-1);	287	return (-1);
288	if (!dtls1_process_record(s))	288	if (!dtls1_process_record(s))
289	return (-1);	289	return (-1);
@@ -449,7 +449,7 @@ dtls1_get_record(SSL *s)
449	* since they arrive from different connections and	449	* since they arrive from different connections and
450	* would be dropped unnecessarily.	450	* would be dropped unnecessarily.
451	*/	451	*/
452	if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE &&	452	if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
453	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&	453	p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
454	!dtls1_record_replay_check(s, bitmap, rr->seq_num))	454	!dtls1_record_replay_check(s, bitmap, rr->seq_num))
455	goto again;	455	goto again;
@@ -464,8 +464,8 @@ dtls1_get_record(SSL *s)
464	* anything while listening.	464	* anything while listening.
465	*/	465	*/
466	if (is_next_epoch) {	466	if (is_next_epoch) {
467	if ((SSL_in_init(s) \|\| s->internal->in_handshake) && !D1I(s)->listen) {	467	if ((SSL_in_init(s) \|\| s->internal->in_handshake) && !s->d1->listen) {
468	if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds),	468	if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
469	rr->seq_num) < 0)	469	rr->seq_num) < 0)
470	return (-1);	470	return (-1);
471	/* Mark receipt of record. */	471	/* Mark receipt of record. */
@@ -552,7 +552,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
552	* in advance, if any.	552	* in advance, if any.
553	*/	553	*/
554	if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0)	554	if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0)
555	dtls1_retrieve_buffered_record(s, &(D1I(s)->buffered_app_data));	555	dtls1_retrieve_buffered_record(s, &(s->d1->buffered_app_data));
556		556
557	/* Check for timeout */	557	/* Check for timeout */
558	if (dtls1_handle_timeout(s) > 0)	558	if (dtls1_handle_timeout(s) > 0)
@@ -571,7 +571,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
571	}	571	}
572	}	572	}
573		573
574	if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) {	574	if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
575	rr->length = 0;	575	rr->length = 0;
576	goto start;	576	goto start;
577	}	577	}
@@ -586,7 +586,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
586	* buffer the application data for later processing rather	586	* buffer the application data for later processing rather
587	* than dropping the connection.	587	* than dropping the connection.
588	*/	588	*/
589	if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data),	589	if (dtls1_buffer_record(s, &(s->d1->buffered_app_data),
590	rr->seq_num) < 0) {	590	rr->seq_num) < 0) {
591	SSLerror(s, ERR_R_INTERNAL_ERROR);	591	SSLerror(s, ERR_R_INTERNAL_ERROR);
592	return (-1);	592	return (-1);
@@ -701,7 +701,7 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
701	if (SSL_is_init_finished(s) &&	701	if (SSL_is_init_finished(s) &&
702	!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&	702	!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
703	!S3I(s)->renegotiate) {	703	!S3I(s)->renegotiate) {
704	D1I(s)->handshake_read_seq++;	704	s->d1->handshake_read_seq++;
705	s->internal->new_session = 1;	705	s->internal->new_session = 1;
706	ssl3_renegotiate(s);	706	ssl3_renegotiate(s);
707	if (ssl3_renegotiate_check(s)) {	707	if (ssl3_renegotiate_check(s)) {
@@ -793,12 +793,12 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
793	/* We can't process a CCS now, because previous handshake	793	/* We can't process a CCS now, because previous handshake
794	* messages are still missing, so just drop it.	794	* messages are still missing, so just drop it.
795	*/	795	*/
796	if (!D1I(s)->change_cipher_spec_ok) {	796	if (!s->d1->change_cipher_spec_ok) {
797	rr->length = 0;	797	rr->length = 0;
798	goto start;	798	goto start;
799	}	799	}
800		800
801	D1I(s)->change_cipher_spec_ok = 0;	801	s->d1->change_cipher_spec_ok = 0;
802		802
803	S3I(s)->change_cipher_spec = 1;	803	S3I(s)->change_cipher_spec = 1;
804	if (!ssl3_do_change_cipher_spec(s))	804	if (!ssl3_do_change_cipher_spec(s))
@@ -1069,13 +1069,13 @@ dtls1_get_bitmap(SSL s, SSL3_RECORD_INTERNAL rr, unsigned int *is_next_epoch)
1069		1069
1070	/* In current epoch, accept HM, CCS, DATA, & ALERT */	1070	/* In current epoch, accept HM, CCS, DATA, & ALERT */
1071	if (rr->epoch == read_epoch)	1071	if (rr->epoch == read_epoch)
1072	return &D1I(s)->bitmap;	1072	return &s->d1->bitmap;
1073		1073
1074	/* Only HM and ALERT messages can be from the next epoch */	1074	/* Only HM and ALERT messages can be from the next epoch */
1075	if (rr->epoch == read_epoch_next &&	1075	if (rr->epoch == read_epoch_next &&
1076	(rr->type == SSL3_RT_HANDSHAKE \|\| rr->type == SSL3_RT_ALERT)) {	1076	(rr->type == SSL3_RT_HANDSHAKE \|\| rr->type == SSL3_RT_ALERT)) {
1077	*is_next_epoch = 1;	1077	*is_next_epoch = 1;
1078	return &D1I(s)->next_bitmap;	1078	return &s->d1->next_bitmap;
1079	}	1079	}
1080		1080
1081	return NULL;	1081	return NULL;
@@ -1084,6 +1084,6 @@ dtls1_get_bitmap(SSL s, SSL3_RECORD_INTERNAL rr, unsigned int *is_next_epoch)
1084	void	1084	void
1085	dtls1_reset_read_seq_numbers(SSL *s)	1085	dtls1_reset_read_seq_numbers(SSL *s)
1086	{	1086	{
1087	memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));	1087	memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
1088	memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP));	1088	memset(&(s->d1->next_bitmap), 0, sizeof(DTLS1_BITMAP));
1089	}	1089	}