1 files changed, 46 insertions, 46 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index c44f8f0f58..315960b587 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.50 2017/01/22 07:16:39 beck Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.51 2017/01/22 09:02:07 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -205,10 +205,10 @@ dtls1_copy_record(SSL *s, pitem *item)
        s->packet = rdata->packet;
        s->packet_length = rdata->packet_length;
        memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
-        memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+        memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
        /* Set proper sequence number for mac calculation */
-        memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
+        memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);
        return (1);
 }
@@ -232,7 +232,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        rdata->packet = s->packet;
        rdata->packet_length = s->packet_length;
        memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
-        memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
+        memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));
        item->data = rdata;
@@ -240,7 +240,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        s->packet = NULL;
        s->packet_length = 0;
        memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
-        memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
+        memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));
        if (!ssl3_setup_buffers(s))
                goto err;
@@ -310,7 +310,7 @@ dtls1_process_buffered_records(SSL *s)
                        if (! dtls1_process_record(s))
                                return (0);
                        if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),
-                            s->s3->rrec.seq_num) < 0)
+                            S3I(s)->rrec.seq_num) < 0)
                                return (-1);
                }
        }
@@ -333,7 +333,7 @@ dtls1_process_record(SSL *s)
        unsigned int mac_size, orig_len;
        unsigned char md[EVP_MAX_MD_SIZE];
-        rr = &(s->s3->rrec);
+        rr = &(S3I(s)->rrec);
        sess = s->session;
        /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
@@ -439,10 +439,10 @@ dtls1_process_record(SSL *s)
        rr->off = 0;
        /* So at this point the following is true
-         * ssl->s3->rrec.type   is the type of record
+         * ssl->s3->internal->rrec.type         is the type of record
-         * ssl->s3->rrec.length == number of bytes in record
+         * ssl->s3->internal->rrec.length       == number of bytes in record
-         * ssl->s3->rrec.off    == offset to first valid byte
+         * ssl->s3->internal->rrec.off  == offset to first valid byte
-         * ssl->s3->rrec.data   == where to take bytes from, increment
+         * ssl->s3->internal->rrec.data == where to take bytes from, increment
         *                         after use :-).
         */
@@ -461,9 +461,9 @@ err:
 * It will return <= 0 if more data is needed, normally due to an error
 * or non-blocking IO.
 * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type    - is the type of record
+ * ssl->s3->internal->rrec.type    - is the type of record
- * ssl->s3->rrec.data,   - data
+ * ssl->s3->internal->rrec.data,         - data
- * ssl->s3->rrec.length, - number of bytes
+ * ssl->s3->internal->rrec.length, - number of bytes
 */
 /* used only by dtls1_read_bytes */
 int
@@ -475,7 +475,7 @@ dtls1_get_record(SSL *s)
        DTLS1_BITMAP *bitmap;
        unsigned int is_next_epoch;
-        rr = &(s->s3->rrec);
+        rr = &(S3I(s)->rrec);
        /* The epoch may have changed.  If so, process all the
         * pending records.  This is a non-blocking operation. */
@@ -525,8 +525,8 @@ again:
                    !CBS_get_bytes(&header, &seq_no, 6))
                        goto again;
-                if (!CBS_write_bytes(&seq_no, &(s->s3->read_sequence[2]),
+                if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]),
-                    sizeof(s->s3->read_sequence) - 2, NULL))
+                    sizeof(S3I(s)->read_sequence) - 2, NULL))
                        goto again;
                if (!CBS_get_u16(&header, &len))
                        goto again;
@@ -682,11 +682,11 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 start:
        s->rwstate = SSL_NOTHING;
-        /* s->s3->rrec.type         - is the type of record
+        /* S3I(s)->rrec.type        - is the type of record
-         * s->s3->rrec.data,    - data
+         * S3I(s)->rrec.data,    - data
-         * s->s3->rrec.off,     - offset into 'data' for next read
+         * S3I(s)->rrec.off,     - offset into 'data' for next read
-         * s->s3->rrec.length,  - number of bytes. */
+         * S3I(s)->rrec.length,  - number of bytes. */
-        rr = &(s->s3->rrec);
+        rr = &(S3I(s)->rrec);
        /* We are not handshaking and have no data yet,
         * so process data buffered during the last handshake
@@ -728,7 +728,7 @@ start:
        /* we now have a packet which can be read and processed */
-        if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+        if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec,
                                       * reset by ssl3_get_finished */
            && (rr->type != SSL3_RT_HANDSHAKE)) {
                /* We now have application data between CCS and Finished.
@@ -814,7 +814,7 @@ start:
                         */
                        if (rr->type == SSL3_RT_APPLICATION_DATA) {
                                BIO *bio;
-                                s->s3->in_read_app_data = 2;
+                                S3I(s)->in_read_app_data = 2;
                                bio = SSL_get_rbio(s);
                                s->rwstate = SSL_READING;
                                BIO_clear_retry_flags(bio);
@@ -881,7 +881,7 @@ start:
                if (SSL_is_init_finished(s) &&
                    !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
-                    !s->s3->renegotiate) {
+                    !S3I(s)->renegotiate) {
                        D1I(s)->handshake_read_seq++;
                        s->new_session = 1;
                        ssl3_renegotiate(s);
@@ -938,7 +938,7 @@ start:
                if (alert_level == 1) /* warning */
                {
-                        s->s3->warn_alert = alert_descr;
+                        S3I(s)->warn_alert = alert_descr;
                        if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
                                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
                                return (0);
@@ -946,7 +946,7 @@ start:
                } else if (alert_level == 2) /* fatal */
                {
                        s->rwstate = SSL_NOTHING;
-                        s->s3->fatal_alert = alert_descr;
+                        S3I(s)->fatal_alert = alert_descr;
                        SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
                        ERR_asprintf_error_data("SSL alert number %d",
                            alert_descr);
@@ -1000,7 +1000,7 @@ start:
                D1I(s)->change_cipher_spec_ok = 0;
-                s->s3->change_cipher_spec = 1;
+                S3I(s)->change_cipher_spec = 1;
                if (!ssl3_do_change_cipher_spec(s))
                        goto err;
@@ -1094,15 +1094,15 @@ start:
                 * at this point (session renegotiation not yet started),
                 * we will indulge it.
                 */
-                if (s->s3->in_read_app_data &&
+                if (S3I(s)->in_read_app_data &&
-                    (s->s3->total_renegotiations != 0) &&
+                    (S3I(s)->total_renegotiations != 0) &&
                    (((s->state & SSL_ST_CONNECT) &&
                    (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
                    (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
                    (s->state & SSL_ST_ACCEPT) &&
                    (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
                    (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
-                        s->s3->in_read_app_data = 2;
+                        S3I(s)->in_read_app_data = 2;
                        return (-1);
                } else {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -1219,7 +1219,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
        if (len == 0)
                return 0;
-        wr = &(s->s3->wrec);
+        wr = &(S3I(s)->wrec);
        wb = &(s->s3->wbuf);
        sess = s->session;
@@ -1313,7 +1313,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
        s2n(D1I(s)->handshake_epoch, pseq);
 */
-        memcpy(pseq, &(s->s3->write_sequence[2]), 6);
+        memcpy(pseq, &(S3I(s)->write_sequence[2]), 6);
        pseq += 6;
        s2n(wr->length, pseq);
@@ -1323,17 +1323,17 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
        wr->type=type; /* not needed but helps for debugging */
        wr->length += DTLS1_RT_HEADER_LENGTH;
-        tls1_record_sequence_increment(s->s3->write_sequence);
+        tls1_record_sequence_increment(S3I(s)->write_sequence);
        /* now let's set up wb */
        wb->left = prefix_len + wr->length;
        wb->offset = 0;
        /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
-        s->s3->wpend_tot = len;
+        S3I(s)->wpend_tot = len;
-        s->s3->wpend_buf = buf;
+        S3I(s)->wpend_buf = buf;
-        s->s3->wpend_type = type;
+        S3I(s)->wpend_type = type;
-        s->s3->wpend_ret = len;
+        S3I(s)->wpend_ret = len;
        /* we now just need to write the buffer */
        return ssl3_write_pending(s, type, buf, len);
@@ -1348,11 +1348,11 @@ dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
 {
        int cmp;
        unsigned int shift;
-        const unsigned char *seq = s->s3->read_sequence;
+        const unsigned char *seq = S3I(s)->read_sequence;
        cmp = satsub64be(seq, bitmap->max_seq_num);
        if (cmp > 0) {
-                memcpy (s->s3->rrec.seq_num, seq, 8);
+                memcpy (S3I(s)->rrec.seq_num, seq, 8);
                return 1; /* this record in new */
        }
        shift = -cmp;
@@ -1361,7 +1361,7 @@ dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
        else if (bitmap->map & (1UL << shift))
                return 0; /* record previously received */
-        memcpy(s->s3->rrec.seq_num, seq, 8);
+        memcpy(S3I(s)->rrec.seq_num, seq, 8);
        return 1;
 }
@@ -1371,7 +1371,7 @@ dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
 {
        int cmp;
        unsigned int shift;
-        const unsigned char *seq = s->s3->read_sequence;
+        const unsigned char *seq = S3I(s)->read_sequence;
        cmp = satsub64be(seq, bitmap->max_seq_num);
        if (cmp > 0) {
@@ -1464,16 +1464,16 @@ void
 dtls1_reset_seq_numbers(SSL *s, int rw)
 {
        unsigned char *seq;
-        unsigned int seq_bytes = sizeof(s->s3->read_sequence);
+        unsigned int seq_bytes = sizeof(S3I(s)->read_sequence);
        if (rw & SSL3_CC_READ) {
-                seq = s->s3->read_sequence;
+                seq = S3I(s)->read_sequence;
                D1I(s)->r_epoch++;
                memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));
                memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
        } else {
-                seq = s->s3->write_sequence;
+                seq = S3I(s)->write_sequence;
-                memcpy(D1I(s)->last_write_sequence, seq, sizeof(s->s3->write_sequence));
+                memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write_sequence));
                D1I(s)->w_epoch++;
        }

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index c44f8f0f58..315960b587 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_pkt.c,v 1.50 2017/01/22 07:16:39 beck Exp $ */	1	/* $OpenBSD: d1_pkt.c,v 1.51 2017/01/22 09:02:07 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -205,10 +205,10 @@ dtls1_copy_record(SSL s, pitem item)
205	s->packet = rdata->packet;	205	s->packet = rdata->packet;
206	s->packet_length = rdata->packet_length;	206	s->packet_length = rdata->packet_length;
207	memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));	207	memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
208	memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));	208	memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
209		209
210	/* Set proper sequence number for mac calculation */	210	/* Set proper sequence number for mac calculation */
211	memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);	211	memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);
212		212
213	return (1);	213	return (1);
214	}	214	}
@@ -232,7 +232,7 @@ dtls1_buffer_record(SSL s, record_pqueue queue, unsigned char *priority)
232	rdata->packet = s->packet;	232	rdata->packet = s->packet;
233	rdata->packet_length = s->packet_length;	233	rdata->packet_length = s->packet_length;
234	memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));	234	memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
235	memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));	235	memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));
236		236
237	item->data = rdata;	237	item->data = rdata;
238		238
@@ -240,7 +240,7 @@ dtls1_buffer_record(SSL s, record_pqueue queue, unsigned char *priority)
240	s->packet = NULL;	240	s->packet = NULL;
241	s->packet_length = 0;	241	s->packet_length = 0;
242	memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));	242	memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
243	memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));	243	memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));
244		244
245	if (!ssl3_setup_buffers(s))	245	if (!ssl3_setup_buffers(s))
246	goto err;	246	goto err;
@@ -310,7 +310,7 @@ dtls1_process_buffered_records(SSL *s)
310	if (! dtls1_process_record(s))	310	if (! dtls1_process_record(s))
311	return (0);	311	return (0);
312	if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),	312	if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),
313	s->s3->rrec.seq_num) < 0)	313	S3I(s)->rrec.seq_num) < 0)
314	return (-1);	314	return (-1);
315	}	315	}
316	}	316	}
@@ -333,7 +333,7 @@ dtls1_process_record(SSL *s)
333	unsigned int mac_size, orig_len;	333	unsigned int mac_size, orig_len;
334	unsigned char md[EVP_MAX_MD_SIZE];	334	unsigned char md[EVP_MAX_MD_SIZE];
335		335
336	rr = &(s->s3->rrec);	336	rr = &(S3I(s)->rrec);
337	sess = s->session;	337	sess = s->session;
338		338
339	/* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,	339	/* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
@@ -439,10 +439,10 @@ dtls1_process_record(SSL *s)
439		439
440	rr->off = 0;	440	rr->off = 0;
441	/* So at this point the following is true	441	/* So at this point the following is true
442	* ssl->s3->rrec.type is the type of record	442	* ssl->s3->internal->rrec.type is the type of record
443	* ssl->s3->rrec.length == number of bytes in record	443	* ssl->s3->internal->rrec.length == number of bytes in record
444	* ssl->s3->rrec.off == offset to first valid byte	444	* ssl->s3->internal->rrec.off == offset to first valid byte
445	* ssl->s3->rrec.data == where to take bytes from, increment	445	* ssl->s3->internal->rrec.data == where to take bytes from, increment
446	* after use :-).	446	* after use :-).
447	*/	447	*/
448		448
@@ -461,9 +461,9 @@ err:
461	* It will return <= 0 if more data is needed, normally due to an error	461	* It will return <= 0 if more data is needed, normally due to an error
462	* or non-blocking IO.	462	* or non-blocking IO.
463	* When it finishes, one packet has been decoded and can be found in	463	* When it finishes, one packet has been decoded and can be found in
464	* ssl->s3->rrec.type - is the type of record	464	* ssl->s3->internal->rrec.type - is the type of record
465	* ssl->s3->rrec.data, - data	465	* ssl->s3->internal->rrec.data, - data
466	* ssl->s3->rrec.length, - number of bytes	466	* ssl->s3->internal->rrec.length, - number of bytes
467	*/	467	*/
468	/* used only by dtls1_read_bytes */	468	/* used only by dtls1_read_bytes */
469	int	469	int
@@ -475,7 +475,7 @@ dtls1_get_record(SSL *s)
475	DTLS1_BITMAP *bitmap;	475	DTLS1_BITMAP *bitmap;
476	unsigned int is_next_epoch;	476	unsigned int is_next_epoch;
477		477
478	rr = &(s->s3->rrec);	478	rr = &(S3I(s)->rrec);
479		479
480	/* The epoch may have changed. If so, process all the	480	/* The epoch may have changed. If so, process all the
481	* pending records. This is a non-blocking operation. */	481	* pending records. This is a non-blocking operation. */
@@ -525,8 +525,8 @@ again:
525	!CBS_get_bytes(&header, &seq_no, 6))	525	!CBS_get_bytes(&header, &seq_no, 6))
526	goto again;	526	goto again;
527		527
528	if (!CBS_write_bytes(&seq_no, &(s->s3->read_sequence[2]),	528	if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]),
529	sizeof(s->s3->read_sequence) - 2, NULL))	529	sizeof(S3I(s)->read_sequence) - 2, NULL))
530	goto again;	530	goto again;
531	if (!CBS_get_u16(&header, &len))	531	if (!CBS_get_u16(&header, &len))
532	goto again;	532	goto again;
@@ -682,11 +682,11 @@ dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
682	start:	682	start:
683	s->rwstate = SSL_NOTHING;	683	s->rwstate = SSL_NOTHING;
684		684
685	/* s->s3->rrec.type - is the type of record	685	/* S3I(s)->rrec.type - is the type of record
686	* s->s3->rrec.data, - data	686	* S3I(s)->rrec.data, - data
687	* s->s3->rrec.off, - offset into 'data' for next read	687	* S3I(s)->rrec.off, - offset into 'data' for next read
688	* s->s3->rrec.length, - number of bytes. */	688	* S3I(s)->rrec.length, - number of bytes. */
689	rr = &(s->s3->rrec);	689	rr = &(S3I(s)->rrec);
690		690
691	/* We are not handshaking and have no data yet,	691	/* We are not handshaking and have no data yet,
692	* so process data buffered during the last handshake	692	* so process data buffered during the last handshake
@@ -728,7 +728,7 @@ start:
728		728
729	/* we now have a packet which can be read and processed */	729	/* we now have a packet which can be read and processed */
730		730
731	if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,	731	if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec,
732	* reset by ssl3_get_finished */	732	* reset by ssl3_get_finished */
733	&& (rr->type != SSL3_RT_HANDSHAKE)) {	733	&& (rr->type != SSL3_RT_HANDSHAKE)) {
734	/* We now have application data between CCS and Finished.	734	/* We now have application data between CCS and Finished.
@@ -814,7 +814,7 @@ start:
814	*/	814	*/
815	if (rr->type == SSL3_RT_APPLICATION_DATA) {	815	if (rr->type == SSL3_RT_APPLICATION_DATA) {
816	BIO *bio;	816	BIO *bio;
817	s->s3->in_read_app_data = 2;	817	S3I(s)->in_read_app_data = 2;
818	bio = SSL_get_rbio(s);	818	bio = SSL_get_rbio(s);
819	s->rwstate = SSL_READING;	819	s->rwstate = SSL_READING;
820	BIO_clear_retry_flags(bio);	820	BIO_clear_retry_flags(bio);
@@ -881,7 +881,7 @@ start:
881		881
882	if (SSL_is_init_finished(s) &&	882	if (SSL_is_init_finished(s) &&
883	!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&	883	!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
884	!s->s3->renegotiate) {	884	!S3I(s)->renegotiate) {
885	D1I(s)->handshake_read_seq++;	885	D1I(s)->handshake_read_seq++;
886	s->new_session = 1;	886	s->new_session = 1;
887	ssl3_renegotiate(s);	887	ssl3_renegotiate(s);
@@ -938,7 +938,7 @@ start:
938		938
939	if (alert_level == 1) /* warning */	939	if (alert_level == 1) /* warning */
940	{	940	{
941	s->s3->warn_alert = alert_descr;	941	S3I(s)->warn_alert = alert_descr;
942	if (alert_descr == SSL_AD_CLOSE_NOTIFY) {	942	if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
943	s->shutdown \|= SSL_RECEIVED_SHUTDOWN;	943	s->shutdown \|= SSL_RECEIVED_SHUTDOWN;
944	return (0);	944	return (0);
@@ -946,7 +946,7 @@ start:
946	} else if (alert_level == 2) /* fatal */	946	} else if (alert_level == 2) /* fatal */
947	{	947	{
948	s->rwstate = SSL_NOTHING;	948	s->rwstate = SSL_NOTHING;
949	s->s3->fatal_alert = alert_descr;	949	S3I(s)->fatal_alert = alert_descr;
950	SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);	950	SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
951	ERR_asprintf_error_data("SSL alert number %d",	951	ERR_asprintf_error_data("SSL alert number %d",
952	alert_descr);	952	alert_descr);
@@ -1000,7 +1000,7 @@ start:
1000		1000
1001	D1I(s)->change_cipher_spec_ok = 0;	1001	D1I(s)->change_cipher_spec_ok = 0;
1002		1002
1003	s->s3->change_cipher_spec = 1;	1003	S3I(s)->change_cipher_spec = 1;
1004	if (!ssl3_do_change_cipher_spec(s))	1004	if (!ssl3_do_change_cipher_spec(s))
1005	goto err;	1005	goto err;
1006		1006
@@ -1094,15 +1094,15 @@ start:
1094	* at this point (session renegotiation not yet started),	1094	* at this point (session renegotiation not yet started),
1095	* we will indulge it.	1095	* we will indulge it.
1096	*/	1096	*/
1097	if (s->s3->in_read_app_data &&	1097	if (S3I(s)->in_read_app_data &&
1098	(s->s3->total_renegotiations != 0) &&	1098	(S3I(s)->total_renegotiations != 0) &&
1099	(((s->state & SSL_ST_CONNECT) &&	1099	(((s->state & SSL_ST_CONNECT) &&
1100	(s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&	1100	(s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1101	(s->state <= SSL3_ST_CR_SRVR_HELLO_A)) \|\| (	1101	(s->state <= SSL3_ST_CR_SRVR_HELLO_A)) \|\| (
1102	(s->state & SSL_ST_ACCEPT) &&	1102	(s->state & SSL_ST_ACCEPT) &&
1103	(s->state <= SSL3_ST_SW_HELLO_REQ_A) &&	1103	(s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1104	(s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {	1104	(s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1105	s->s3->in_read_app_data = 2;	1105	S3I(s)->in_read_app_data = 2;
1106	return (-1);	1106	return (-1);
1107	} else {	1107	} else {
1108	al = SSL_AD_UNEXPECTED_MESSAGE;	1108	al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -1219,7 +1219,7 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
1219	if (len == 0)	1219	if (len == 0)
1220	return 0;	1220	return 0;
1221		1221
1222	wr = &(s->s3->wrec);	1222	wr = &(S3I(s)->wrec);
1223	wb = &(s->s3->wbuf);	1223	wb = &(s->s3->wbuf);
1224	sess = s->session;	1224	sess = s->session;
1225		1225
@@ -1313,7 +1313,7 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
1313	s2n(D1I(s)->handshake_epoch, pseq);	1313	s2n(D1I(s)->handshake_epoch, pseq);
1314	*/	1314	*/
1315		1315
1316	memcpy(pseq, &(s->s3->write_sequence[2]), 6);	1316	memcpy(pseq, &(S3I(s)->write_sequence[2]), 6);
1317	pseq += 6;	1317	pseq += 6;
1318	s2n(wr->length, pseq);	1318	s2n(wr->length, pseq);
1319		1319
@@ -1323,17 +1323,17 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)
1323	wr->type=type; /* not needed but helps for debugging */	1323	wr->type=type; /* not needed but helps for debugging */
1324	wr->length += DTLS1_RT_HEADER_LENGTH;	1324	wr->length += DTLS1_RT_HEADER_LENGTH;
1325		1325
1326	tls1_record_sequence_increment(s->s3->write_sequence);	1326	tls1_record_sequence_increment(S3I(s)->write_sequence);
1327		1327
1328	/* now let's set up wb */	1328	/* now let's set up wb */
1329	wb->left = prefix_len + wr->length;	1329	wb->left = prefix_len + wr->length;
1330	wb->offset = 0;	1330	wb->offset = 0;
1331		1331
1332	/* memorize arguments so that ssl3_write_pending can detect bad write retries later */	1332	/* memorize arguments so that ssl3_write_pending can detect bad write retries later */
1333	s->s3->wpend_tot = len;	1333	S3I(s)->wpend_tot = len;
1334	s->s3->wpend_buf = buf;	1334	S3I(s)->wpend_buf = buf;
1335	s->s3->wpend_type = type;	1335	S3I(s)->wpend_type = type;
1336	s->s3->wpend_ret = len;	1336	S3I(s)->wpend_ret = len;
1337		1337
1338	/* we now just need to write the buffer */	1338	/* we now just need to write the buffer */
1339	return ssl3_write_pending(s, type, buf, len);	1339	return ssl3_write_pending(s, type, buf, len);
@@ -1348,11 +1348,11 @@ dtls1_record_replay_check(SSL s, DTLS1_BITMAP bitmap)
1348	{	1348	{
1349	int cmp;	1349	int cmp;
1350	unsigned int shift;	1350	unsigned int shift;
1351	const unsigned char *seq = s->s3->read_sequence;	1351	const unsigned char *seq = S3I(s)->read_sequence;
1352		1352
1353	cmp = satsub64be(seq, bitmap->max_seq_num);	1353	cmp = satsub64be(seq, bitmap->max_seq_num);
1354	if (cmp > 0) {	1354	if (cmp > 0) {
1355	memcpy (s->s3->rrec.seq_num, seq, 8);	1355	memcpy (S3I(s)->rrec.seq_num, seq, 8);
1356	return 1; /* this record in new */	1356	return 1; /* this record in new */
1357	}	1357	}
1358	shift = -cmp;	1358	shift = -cmp;
@@ -1361,7 +1361,7 @@ dtls1_record_replay_check(SSL s, DTLS1_BITMAP bitmap)
1361	else if (bitmap->map & (1UL << shift))	1361	else if (bitmap->map & (1UL << shift))
1362	return 0; /* record previously received */	1362	return 0; /* record previously received */
1363		1363
1364	memcpy(s->s3->rrec.seq_num, seq, 8);	1364	memcpy(S3I(s)->rrec.seq_num, seq, 8);
1365	return 1;	1365	return 1;
1366	}	1366	}
1367		1367
@@ -1371,7 +1371,7 @@ dtls1_record_bitmap_update(SSL s, DTLS1_BITMAP bitmap)
1371	{	1371	{
1372	int cmp;	1372	int cmp;
1373	unsigned int shift;	1373	unsigned int shift;
1374	const unsigned char *seq = s->s3->read_sequence;	1374	const unsigned char *seq = S3I(s)->read_sequence;
1375		1375
1376	cmp = satsub64be(seq, bitmap->max_seq_num);	1376	cmp = satsub64be(seq, bitmap->max_seq_num);
1377	if (cmp > 0) {	1377	if (cmp > 0) {
@@ -1464,16 +1464,16 @@ void
1464	dtls1_reset_seq_numbers(SSL *s, int rw)	1464	dtls1_reset_seq_numbers(SSL *s, int rw)
1465	{	1465	{
1466	unsigned char *seq;	1466	unsigned char *seq;
1467	unsigned int seq_bytes = sizeof(s->s3->read_sequence);	1467	unsigned int seq_bytes = sizeof(S3I(s)->read_sequence);
1468		1468
1469	if (rw & SSL3_CC_READ) {	1469	if (rw & SSL3_CC_READ) {
1470	seq = s->s3->read_sequence;	1470	seq = S3I(s)->read_sequence;
1471	D1I(s)->r_epoch++;	1471	D1I(s)->r_epoch++;
1472	memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));	1472	memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));
1473	memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));	1473	memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1474	} else {	1474	} else {
1475	seq = s->s3->write_sequence;	1475	seq = S3I(s)->write_sequence;
1476	memcpy(D1I(s)->last_write_sequence, seq, sizeof(s->s3->write_sequence));	1476	memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write_sequence));
1477	D1I(s)->w_epoch++;	1477	D1I(s)->w_epoch++;
1478	}	1478	}
1479		1479