summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/d1_srvr.c78
1 files changed, 39 insertions, 39 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 80af8eb930..78816cda46 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.75 2017/01/23 04:55:26 beck Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.76 2017/01/23 06:45:30 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -213,7 +213,7 @@ dtls1_accept(SSL *s)
213 213
214 switch (s->state) { 214 switch (s->state) {
215 case SSL_ST_RENEGOTIATE: 215 case SSL_ST_RENEGOTIATE:
216 s->renegotiate = 1; 216 s->internal->renegotiate = 1;
217 /* s->state=SSL_ST_ACCEPT; */ 217 /* s->state=SSL_ST_ACCEPT; */
218 218
219 case SSL_ST_BEFORE: 219 case SSL_ST_BEFORE:
@@ -230,7 +230,7 @@ dtls1_accept(SSL *s)
230 ret = -1; 230 ret = -1;
231 goto end; 231 goto end;
232 } 232 }
233 s->type = SSL_ST_ACCEPT; 233 s->internal->type = SSL_ST_ACCEPT;
234 234
235 if (!ssl3_setup_init_buffer(s)) { 235 if (!ssl3_setup_init_buffer(s)) {
236 ret = -1; 236 ret = -1;
@@ -241,7 +241,7 @@ dtls1_accept(SSL *s)
241 goto end; 241 goto end;
242 } 242 }
243 243
244 s->init_num = 0; 244 s->internal->init_num = 0;
245 245
246 if (s->state != SSL_ST_RENEGOTIATE) { 246 if (s->state != SSL_ST_RENEGOTIATE) {
247 /* Ok, we now need to push on a buffering BIO so that 247 /* Ok, we now need to push on a buffering BIO so that
@@ -272,7 +272,7 @@ dtls1_accept(SSL *s)
272 case SSL3_ST_SW_HELLO_REQ_A: 272 case SSL3_ST_SW_HELLO_REQ_A:
273 case SSL3_ST_SW_HELLO_REQ_B: 273 case SSL3_ST_SW_HELLO_REQ_B:
274 274
275 s->shutdown = 0; 275 s->internal->shutdown = 0;
276 dtls1_clear_record_buffer(s); 276 dtls1_clear_record_buffer(s);
277 dtls1_start_timer(s); 277 dtls1_start_timer(s);
278 ret = ssl3_send_hello_request(s); 278 ret = ssl3_send_hello_request(s);
@@ -280,7 +280,7 @@ dtls1_accept(SSL *s)
280 goto end; 280 goto end;
281 S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; 281 S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
282 s->state = SSL3_ST_SW_FLUSH; 282 s->state = SSL3_ST_SW_FLUSH;
283 s->init_num = 0; 283 s->internal->init_num = 0;
284 284
285 if (!tls1_init_finished_mac(s)) { 285 if (!tls1_init_finished_mac(s)) {
286 ret = -1; 286 ret = -1;
@@ -296,7 +296,7 @@ dtls1_accept(SSL *s)
296 case SSL3_ST_SR_CLNT_HELLO_B: 296 case SSL3_ST_SR_CLNT_HELLO_B:
297 case SSL3_ST_SR_CLNT_HELLO_C: 297 case SSL3_ST_SR_CLNT_HELLO_C:
298 298
299 s->shutdown = 0; 299 s->internal->shutdown = 0;
300 ret = ssl3_get_client_hello(s); 300 ret = ssl3_get_client_hello(s);
301 if (ret <= 0) 301 if (ret <= 0)
302 goto end; 302 goto end;
@@ -307,7 +307,7 @@ dtls1_accept(SSL *s)
307 else 307 else
308 s->state = SSL3_ST_SW_SRVR_HELLO_A; 308 s->state = SSL3_ST_SW_SRVR_HELLO_A;
309 309
310 s->init_num = 0; 310 s->internal->init_num = 0;
311 311
312 /* Reflect ClientHello sequence to remain stateless while listening */ 312 /* Reflect ClientHello sequence to remain stateless while listening */
313 if (listen) { 313 if (listen) {
@@ -348,20 +348,20 @@ dtls1_accept(SSL *s)
348 348
349 case SSL3_ST_SW_SRVR_HELLO_A: 349 case SSL3_ST_SW_SRVR_HELLO_A:
350 case SSL3_ST_SW_SRVR_HELLO_B: 350 case SSL3_ST_SW_SRVR_HELLO_B:
351 s->renegotiate = 2; 351 s->internal->renegotiate = 2;
352 dtls1_start_timer(s); 352 dtls1_start_timer(s);
353 ret = ssl3_send_server_hello(s); 353 ret = ssl3_send_server_hello(s);
354 if (ret <= 0) 354 if (ret <= 0)
355 goto end; 355 goto end;
356 356
357 if (s->hit) { 357 if (s->internal->hit) {
358 if (s->tlsext_ticket_expected) 358 if (s->internal->tlsext_ticket_expected)
359 s->state = SSL3_ST_SW_SESSION_TICKET_A; 359 s->state = SSL3_ST_SW_SESSION_TICKET_A;
360 else 360 else
361 s->state = SSL3_ST_SW_CHANGE_A; 361 s->state = SSL3_ST_SW_CHANGE_A;
362 } else 362 } else
363 s->state = SSL3_ST_SW_CERT_A; 363 s->state = SSL3_ST_SW_CERT_A;
364 s->init_num = 0; 364 s->internal->init_num = 0;
365 break; 365 break;
366 366
367 case SSL3_ST_SW_CERT_A: 367 case SSL3_ST_SW_CERT_A:
@@ -373,7 +373,7 @@ dtls1_accept(SSL *s)
373 ret = ssl3_send_server_certificate(s); 373 ret = ssl3_send_server_certificate(s);
374 if (ret <= 0) 374 if (ret <= 0)
375 goto end; 375 goto end;
376 if (s->tlsext_status_expected) 376 if (s->internal->tlsext_status_expected)
377 s->state = SSL3_ST_SW_CERT_STATUS_A; 377 s->state = SSL3_ST_SW_CERT_STATUS_A;
378 else 378 else
379 s->state = SSL3_ST_SW_KEY_EXCH_A; 379 s->state = SSL3_ST_SW_KEY_EXCH_A;
@@ -381,7 +381,7 @@ dtls1_accept(SSL *s)
381 skip = 1; 381 skip = 1;
382 s->state = SSL3_ST_SW_KEY_EXCH_A; 382 s->state = SSL3_ST_SW_KEY_EXCH_A;
383 } 383 }
384 s->init_num = 0; 384 s->internal->init_num = 0;
385 break; 385 break;
386 386
387 case SSL3_ST_SW_KEY_EXCH_A: 387 case SSL3_ST_SW_KEY_EXCH_A:
@@ -398,7 +398,7 @@ dtls1_accept(SSL *s)
398 skip = 1; 398 skip = 1;
399 399
400 s->state = SSL3_ST_SW_CERT_REQ_A; 400 s->state = SSL3_ST_SW_CERT_REQ_A;
401 s->init_num = 0; 401 s->internal->init_num = 0;
402 break; 402 break;
403 403
404 case SSL3_ST_SW_CERT_REQ_A: 404 case SSL3_ST_SW_CERT_REQ_A:
@@ -437,7 +437,7 @@ dtls1_accept(SSL *s)
437 if (ret <= 0) 437 if (ret <= 0)
438 goto end; 438 goto end;
439 s->state = SSL3_ST_SW_SRVR_DONE_A; 439 s->state = SSL3_ST_SW_SRVR_DONE_A;
440 s->init_num = 0; 440 s->internal->init_num = 0;
441 } 441 }
442 break; 442 break;
443 443
@@ -449,22 +449,22 @@ dtls1_accept(SSL *s)
449 goto end; 449 goto end;
450 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; 450 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
451 s->state = SSL3_ST_SW_FLUSH; 451 s->state = SSL3_ST_SW_FLUSH;
452 s->init_num = 0; 452 s->internal->init_num = 0;
453 break; 453 break;
454 454
455 case SSL3_ST_SW_FLUSH: 455 case SSL3_ST_SW_FLUSH:
456 s->rwstate = SSL_WRITING; 456 s->internal->rwstate = SSL_WRITING;
457 if (BIO_flush(s->wbio) <= 0) { 457 if (BIO_flush(s->wbio) <= 0) {
458 /* If the write error was fatal, stop trying */ 458 /* If the write error was fatal, stop trying */
459 if (!BIO_should_retry(s->wbio)) { 459 if (!BIO_should_retry(s->wbio)) {
460 s->rwstate = SSL_NOTHING; 460 s->internal->rwstate = SSL_NOTHING;
461 s->state = S3I(s)->tmp.next_state; 461 s->state = S3I(s)->tmp.next_state;
462 } 462 }
463 463
464 ret = -1; 464 ret = -1;
465 goto end; 465 goto end;
466 } 466 }
467 s->rwstate = SSL_NOTHING; 467 s->internal->rwstate = SSL_NOTHING;
468 s->state = S3I(s)->tmp.next_state; 468 s->state = S3I(s)->tmp.next_state;
469 break; 469 break;
470 470
@@ -475,7 +475,7 @@ dtls1_accept(SSL *s)
475 if (ret <= 0) 475 if (ret <= 0)
476 goto end; 476 goto end;
477 } 477 }
478 s->init_num = 0; 478 s->internal->init_num = 0;
479 s->state = SSL3_ST_SR_KEY_EXCH_A; 479 s->state = SSL3_ST_SR_KEY_EXCH_A;
480 break; 480 break;
481 481
@@ -486,7 +486,7 @@ dtls1_accept(SSL *s)
486 goto end; 486 goto end;
487 487
488 s->state = SSL3_ST_SR_CERT_VRFY_A; 488 s->state = SSL3_ST_SR_CERT_VRFY_A;
489 s->init_num = 0; 489 s->internal->init_num = 0;
490 490
491 if (ret == 2) { 491 if (ret == 2) {
492 /* For the ECDH ciphersuites when 492 /* For the ECDH ciphersuites when
@@ -495,10 +495,10 @@ dtls1_accept(SSL *s)
495 * message is not sent. 495 * message is not sent.
496 */ 496 */
497 s->state = SSL3_ST_SR_FINISHED_A; 497 s->state = SSL3_ST_SR_FINISHED_A;
498 s->init_num = 0; 498 s->internal->init_num = 0;
499 } else if (SSL_USE_SIGALGS(s)) { 499 } else if (SSL_USE_SIGALGS(s)) {
500 s->state = SSL3_ST_SR_CERT_VRFY_A; 500 s->state = SSL3_ST_SR_CERT_VRFY_A;
501 s->init_num = 0; 501 s->internal->init_num = 0;
502 if (!s->session->peer) 502 if (!s->session->peer)
503 break; 503 break;
504 504
@@ -519,7 +519,7 @@ dtls1_accept(SSL *s)
519 } 519 }
520 } else { 520 } else {
521 s->state = SSL3_ST_SR_CERT_VRFY_A; 521 s->state = SSL3_ST_SR_CERT_VRFY_A;
522 s->init_num = 0; 522 s->internal->init_num = 0;
523 523
524 /* We need to get hashes here so if there is 524 /* We need to get hashes here so if there is
525 * a client cert, it can be verified */ 525 * a client cert, it can be verified */
@@ -540,7 +540,7 @@ dtls1_accept(SSL *s)
540 if (ret <= 0) 540 if (ret <= 0)
541 goto end; 541 goto end;
542 s->state = SSL3_ST_SR_FINISHED_A; 542 s->state = SSL3_ST_SR_FINISHED_A;
543 s->init_num = 0; 543 s->internal->init_num = 0;
544 break; 544 break;
545 545
546 case SSL3_ST_SR_FINISHED_A: 546 case SSL3_ST_SR_FINISHED_A:
@@ -551,13 +551,13 @@ dtls1_accept(SSL *s)
551 if (ret <= 0) 551 if (ret <= 0)
552 goto end; 552 goto end;
553 dtls1_stop_timer(s); 553 dtls1_stop_timer(s);
554 if (s->hit) 554 if (s->internal->hit)
555 s->state = SSL_ST_OK; 555 s->state = SSL_ST_OK;
556 else if (s->tlsext_ticket_expected) 556 else if (s->internal->tlsext_ticket_expected)
557 s->state = SSL3_ST_SW_SESSION_TICKET_A; 557 s->state = SSL3_ST_SW_SESSION_TICKET_A;
558 else 558 else
559 s->state = SSL3_ST_SW_CHANGE_A; 559 s->state = SSL3_ST_SW_CHANGE_A;
560 s->init_num = 0; 560 s->internal->init_num = 0;
561 break; 561 break;
562 562
563 case SSL3_ST_SW_SESSION_TICKET_A: 563 case SSL3_ST_SW_SESSION_TICKET_A:
@@ -566,7 +566,7 @@ dtls1_accept(SSL *s)
566 if (ret <= 0) 566 if (ret <= 0)
567 goto end; 567 goto end;
568 s->state = SSL3_ST_SW_CHANGE_A; 568 s->state = SSL3_ST_SW_CHANGE_A;
569 s->init_num = 0; 569 s->internal->init_num = 0;
570 break; 570 break;
571 571
572 case SSL3_ST_SW_CERT_STATUS_A: 572 case SSL3_ST_SW_CERT_STATUS_A:
@@ -575,7 +575,7 @@ dtls1_accept(SSL *s)
575 if (ret <= 0) 575 if (ret <= 0)
576 goto end; 576 goto end;
577 s->state = SSL3_ST_SW_KEY_EXCH_A; 577 s->state = SSL3_ST_SW_KEY_EXCH_A;
578 s->init_num = 0; 578 s->internal->init_num = 0;
579 break; 579 break;
580 580
581 581
@@ -596,7 +596,7 @@ dtls1_accept(SSL *s)
596 596
597 597
598 s->state = SSL3_ST_SW_FINISHED_A; 598 s->state = SSL3_ST_SW_FINISHED_A;
599 s->init_num = 0; 599 s->internal->init_num = 0;
600 600
601 if (!s->method->ssl3_enc->change_cipher_state(s, 601 if (!s->method->ssl3_enc->change_cipher_state(s,
602 SSL3_CHANGE_CIPHER_SERVER_WRITE)) { 602 SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
@@ -616,13 +616,13 @@ dtls1_accept(SSL *s)
616 if (ret <= 0) 616 if (ret <= 0)
617 goto end; 617 goto end;
618 s->state = SSL3_ST_SW_FLUSH; 618 s->state = SSL3_ST_SW_FLUSH;
619 if (s->hit) { 619 if (s->internal->hit) {
620 S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A; 620 S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A;
621 621
622 } else { 622 } else {
623 S3I(s)->tmp.next_state = SSL_ST_OK; 623 S3I(s)->tmp.next_state = SSL_ST_OK;
624 } 624 }
625 s->init_num = 0; 625 s->internal->init_num = 0;
626 break; 626 break;
627 627
628 case SSL_ST_OK: 628 case SSL_ST_OK:
@@ -632,12 +632,12 @@ dtls1_accept(SSL *s)
632 /* remove buffering on output */ 632 /* remove buffering on output */
633 ssl_free_wbio_buffer(s); 633 ssl_free_wbio_buffer(s);
634 634
635 s->init_num = 0; 635 s->internal->init_num = 0;
636 636
637 if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */ 637 if (s->internal->renegotiate == 2) /* skipped if we just sent a HelloRequest */
638 { 638 {
639 s->renegotiate = 0; 639 s->internal->renegotiate = 0;
640 s->new_session = 0; 640 s->internal->new_session = 0;
641 641
642 ssl_update_cache(s, SSL_SESS_CACHE_SERVER); 642 ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
643 643
@@ -667,7 +667,7 @@ dtls1_accept(SSL *s)
667 } 667 }
668 668
669 if (!S3I(s)->tmp.reuse_message && !skip) { 669 if (!S3I(s)->tmp.reuse_message && !skip) {
670 if (s->debug) { 670 if (s->internal->debug) {
671 if ((ret = BIO_flush(s->wbio)) <= 0) 671 if ((ret = BIO_flush(s->wbio)) <= 0)
672 goto end; 672 goto end;
673 } 673 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-20 09:25:35 +0000