summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_pkt.c148
1 files changed, 74 insertions, 74 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 20e66a707c..857d35b5a8 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_pkt.c,v 1.60 2016/11/17 15:06:22 jsing Exp $ */ 1/* $OpenBSD: s3_pkt.c,v 1.61 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -270,9 +270,9 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
270 * It will return <= 0 if more data is needed, normally due to an error 270 * It will return <= 0 if more data is needed, normally due to an error
271 * or non-blocking IO. 271 * or non-blocking IO.
272 * When it finishes, one packet has been decoded and can be found in 272 * When it finishes, one packet has been decoded and can be found in
273 * ssl->s3->rrec.type - is the type of record 273 * ssl->s3->internal->rrec.type - is the type of record
274 * ssl->s3->rrec.data, - data 274 * ssl->s3->internal->rrec.data, - data
275 * ssl->s3->rrec.length, - number of bytes 275 * ssl->s3->internal->rrec.length, - number of bytes
276 */ 276 */
277/* used only by ssl3_read_bytes */ 277/* used only by ssl3_read_bytes */
278static int 278static int
@@ -285,7 +285,7 @@ ssl3_get_record(SSL *s)
285 unsigned char md[EVP_MAX_MD_SIZE]; 285 unsigned char md[EVP_MAX_MD_SIZE];
286 unsigned mac_size, orig_len; 286 unsigned mac_size, orig_len;
287 287
288 rr = &(s->s3->rrec); 288 rr = &(S3I(s)->rrec);
289 sess = s->session; 289 sess = s->session;
290 290
291again: 291again:
@@ -472,10 +472,10 @@ again:
472 /* 472 /*
473 * So at this point the following is true 473 * So at this point the following is true
474 * 474 *
475 * ssl->s3->rrec.type is the type of record 475 * ssl->s3->internal->rrec.type is the type of record
476 * ssl->s3->rrec.length == number of bytes in record 476 * ssl->s3->internal->rrec.length == number of bytes in record
477 * ssl->s3->rrec.off == offset to first valid byte 477 * ssl->s3->internal->rrec.off == offset to first valid byte
478 * ssl->s3->rrec.data == where to take bytes from, increment 478 * ssl->s3->internal->rrec.data == where to take bytes from, increment
479 * after use :-). 479 * after use :-).
480 */ 480 */
481 481
@@ -510,8 +510,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
510 } 510 }
511 511
512 s->rwstate = SSL_NOTHING; 512 s->rwstate = SSL_NOTHING;
513 tot = s->s3->wnum; 513 tot = S3I(s)->wnum;
514 s->s3->wnum = 0; 514 S3I(s)->wnum = 0;
515 515
516 if (SSL_in_init(s) && !s->in_handshake) { 516 if (SSL_in_init(s) && !s->in_handshake) {
517 i = s->handshake_func(s); 517 i = s->handshake_func(s);
@@ -535,7 +535,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
535 535
536 i = do_ssl3_write(s, type, &(buf[tot]), nw, 0); 536 i = do_ssl3_write(s, type, &(buf[tot]), nw, 0);
537 if (i <= 0) { 537 if (i <= 0) {
538 s->s3->wnum = tot; 538 S3I(s)->wnum = tot;
539 return i; 539 return i;
540 } 540 }
541 541
@@ -546,7 +546,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
546 * empty fragment in ciphersuites with known-IV 546 * empty fragment in ciphersuites with known-IV
547 * weakness. 547 * weakness.
548 */ 548 */
549 s->s3->empty_fragment_done = 0; 549 S3I(s)->empty_fragment_done = 0;
550 550
551 return tot + i; 551 return tot + i;
552 } 552 }
@@ -593,7 +593,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
593 if (len == 0 && !create_empty_fragment) 593 if (len == 0 && !create_empty_fragment)
594 return 0; 594 return 0;
595 595
596 wr = &(s->s3->wrec); 596 wr = &(S3I(s)->wrec);
597 sess = s->session; 597 sess = s->session;
598 598
599 if ((sess == NULL) || (s->enc_write_ctx == NULL) || 599 if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
@@ -610,12 +610,12 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
610 * 'create_empty_fragment' is true only when this function calls 610 * 'create_empty_fragment' is true only when this function calls
611 * itself. 611 * itself.
612 */ 612 */
613 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { 613 if (!clear && !create_empty_fragment && !S3I(s)->empty_fragment_done) {
614 /* 614 /*
615 * Countermeasure against known-IV weakness in CBC ciphersuites 615 * Countermeasure against known-IV weakness in CBC ciphersuites
616 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 616 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
617 */ 617 */
618 if (s->s3->need_empty_fragments && 618 if (S3I(s)->need_empty_fragments &&
619 type == SSL3_RT_APPLICATION_DATA) { 619 type == SSL3_RT_APPLICATION_DATA) {
620 /* recursive function call with 'create_empty_fragment' set; 620 /* recursive function call with 'create_empty_fragment' set;
621 * this prepares and buffers the data for an empty fragment 621 * this prepares and buffers the data for an empty fragment
@@ -634,7 +634,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
634 } 634 }
635 } 635 }
636 636
637 s->s3->empty_fragment_done = 1; 637 S3I(s)->empty_fragment_done = 1;
638 } 638 }
639 639
640 if (create_empty_fragment) { 640 if (create_empty_fragment) {
@@ -750,10 +750,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
750 750
751 /* memorize arguments so that ssl3_write_pending can detect 751 /* memorize arguments so that ssl3_write_pending can detect
752 * bad write retries later */ 752 * bad write retries later */
753 s->s3->wpend_tot = len; 753 S3I(s)->wpend_tot = len;
754 s->s3->wpend_buf = buf; 754 S3I(s)->wpend_buf = buf;
755 s->s3->wpend_type = type; 755 S3I(s)->wpend_type = type;
756 s->s3->wpend_ret = len; 756 S3I(s)->wpend_ret = len;
757 757
758 /* we now just need to write the buffer */ 758 /* we now just need to write the buffer */
759 return ssl3_write_pending(s, type, buf, len); 759 return ssl3_write_pending(s, type, buf, len);
@@ -769,9 +769,9 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
769 SSL3_BUFFER *wb = &(s->s3->wbuf); 769 SSL3_BUFFER *wb = &(s->s3->wbuf);
770 770
771 /* XXXX */ 771 /* XXXX */
772 if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) && 772 if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
773 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || 773 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
774 (s->s3->wpend_type != type)) { 774 (S3I(s)->wpend_type != type)) {
775 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); 775 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
776 return (-1); 776 return (-1);
777 } 777 }
@@ -794,7 +794,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
794 !SSL_IS_DTLS(s)) 794 !SSL_IS_DTLS(s))
795 ssl3_release_write_buffer(s); 795 ssl3_release_write_buffer(s);
796 s->rwstate = SSL_NOTHING; 796 s->rwstate = SSL_NOTHING;
797 return (s->s3->wpend_ret); 797 return (S3I(s)->wpend_ret);
798 } else if (i <= 0) { 798 } else if (i <= 0) {
799 /* 799 /*
800 * For DTLS, just drop it. That's kind of the 800 * For DTLS, just drop it. That's kind of the
@@ -862,28 +862,28 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
862 } 862 }
863 863
864 if ((type == SSL3_RT_HANDSHAKE) && 864 if ((type == SSL3_RT_HANDSHAKE) &&
865 (s->s3->handshake_fragment_len > 0)) { 865 (S3I(s)->handshake_fragment_len > 0)) {
866 /* (partially) satisfy request from storage */ 866 /* (partially) satisfy request from storage */
867 unsigned char *src = s->s3->handshake_fragment; 867 unsigned char *src = S3I(s)->handshake_fragment;
868 unsigned char *dst = buf; 868 unsigned char *dst = buf;
869 unsigned int k; 869 unsigned int k;
870 870
871 /* peek == 0 */ 871 /* peek == 0 */
872 n = 0; 872 n = 0;
873 while ((len > 0) && (s->s3->handshake_fragment_len > 0)) { 873 while ((len > 0) && (S3I(s)->handshake_fragment_len > 0)) {
874 *dst++ = *src++; 874 *dst++ = *src++;
875 len--; 875 len--;
876 s->s3->handshake_fragment_len--; 876 S3I(s)->handshake_fragment_len--;
877 n++; 877 n++;
878 } 878 }
879 /* move any remaining fragment bytes: */ 879 /* move any remaining fragment bytes: */
880 for (k = 0; k < s->s3->handshake_fragment_len; k++) 880 for (k = 0; k < S3I(s)->handshake_fragment_len; k++)
881 s->s3->handshake_fragment[k] = *src++; 881 S3I(s)->handshake_fragment[k] = *src++;
882 return n; 882 return n;
883 } 883 }
884 884
885 /* 885 /*
886 * Now s->s3->handshake_fragment_len == 0 if 886 * Now S3I(s)->handshake_fragment_len == 0 if
887 * type == SSL3_RT_HANDSHAKE. 887 * type == SSL3_RT_HANDSHAKE.
888 */ 888 */
889 if (!s->in_handshake && SSL_in_init(s)) { 889 if (!s->in_handshake && SSL_in_init(s)) {
@@ -921,12 +921,12 @@ start:
921 s->rwstate = SSL_NOTHING; 921 s->rwstate = SSL_NOTHING;
922 922
923 /* 923 /*
924 * s->s3->rrec.type - is the type of record 924 * S3I(s)->rrec.type - is the type of record
925 * s->s3->rrec.data, - data 925 * S3I(s)->rrec.data, - data
926 * s->s3->rrec.off, - offset into 'data' for next read 926 * S3I(s)->rrec.off, - offset into 'data' for next read
927 * s->s3->rrec.length, - number of bytes. 927 * S3I(s)->rrec.length, - number of bytes.
928 */ 928 */
929 rr = &(s->s3->rrec); 929 rr = &(S3I(s)->rrec);
930 930
931 /* get new packet if necessary */ 931 /* get new packet if necessary */
932 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { 932 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
@@ -937,7 +937,7 @@ start:
937 937
938 /* we now have a packet which can be read and processed */ 938 /* we now have a packet which can be read and processed */
939 939
940 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, 940 if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec,
941 * reset by ssl3_get_finished */ 941 * reset by ssl3_get_finished */
942 && (rr->type != SSL3_RT_HANDSHAKE)) { 942 && (rr->type != SSL3_RT_HANDSHAKE)) {
943 al = SSL_AD_UNEXPECTED_MESSAGE; 943 al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -1006,13 +1006,13 @@ start:
1006 unsigned int *dest_len = NULL; 1006 unsigned int *dest_len = NULL;
1007 1007
1008 if (rr->type == SSL3_RT_HANDSHAKE) { 1008 if (rr->type == SSL3_RT_HANDSHAKE) {
1009 dest_maxlen = sizeof s->s3->handshake_fragment; 1009 dest_maxlen = sizeof S3I(s)->handshake_fragment;
1010 dest = s->s3->handshake_fragment; 1010 dest = S3I(s)->handshake_fragment;
1011 dest_len = &s->s3->handshake_fragment_len; 1011 dest_len = &S3I(s)->handshake_fragment_len;
1012 } else if (rr->type == SSL3_RT_ALERT) { 1012 } else if (rr->type == SSL3_RT_ALERT) {
1013 dest_maxlen = sizeof s->s3->alert_fragment; 1013 dest_maxlen = sizeof S3I(s)->alert_fragment;
1014 dest = s->s3->alert_fragment; 1014 dest = S3I(s)->alert_fragment;
1015 dest_len = &s->s3->alert_fragment_len; 1015 dest_len = &S3I(s)->alert_fragment_len;
1016 } 1016 }
1017 if (dest_maxlen > 0) { 1017 if (dest_maxlen > 0) {
1018 /* available space in 'dest' */ 1018 /* available space in 'dest' */
@@ -1031,19 +1031,19 @@ start:
1031 } 1031 }
1032 } 1032 }
1033 1033
1034 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; 1034 /* S3I(s)->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
1035 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. 1035 * S3I(s)->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
1036 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ 1036 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
1037 1037
1038 /* If we are a client, check for an incoming 'Hello Request': */ 1038 /* If we are a client, check for an incoming 'Hello Request': */
1039 if ((!s->server) && (s->s3->handshake_fragment_len >= 4) && 1039 if ((!s->server) && (S3I(s)->handshake_fragment_len >= 4) &&
1040 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && 1040 (S3I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1041 (s->session != NULL) && (s->session->cipher != NULL)) { 1041 (s->session != NULL) && (s->session->cipher != NULL)) {
1042 s->s3->handshake_fragment_len = 0; 1042 S3I(s)->handshake_fragment_len = 0;
1043 1043
1044 if ((s->s3->handshake_fragment[1] != 0) || 1044 if ((S3I(s)->handshake_fragment[1] != 0) ||
1045 (s->s3->handshake_fragment[2] != 0) || 1045 (S3I(s)->handshake_fragment[2] != 0) ||
1046 (s->s3->handshake_fragment[3] != 0)) { 1046 (S3I(s)->handshake_fragment[3] != 0)) {
1047 al = SSL_AD_DECODE_ERROR; 1047 al = SSL_AD_DECODE_ERROR;
1048 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); 1048 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
1049 goto f_err; 1049 goto f_err;
@@ -1051,12 +1051,12 @@ start:
1051 1051
1052 if (s->msg_callback) 1052 if (s->msg_callback)
1053 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 1053 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
1054 s->s3->handshake_fragment, 4, s, 1054 S3I(s)->handshake_fragment, 4, s,
1055 s->msg_callback_arg); 1055 s->msg_callback_arg);
1056 1056
1057 if (SSL_is_init_finished(s) && 1057 if (SSL_is_init_finished(s) &&
1058 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 1058 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1059 !s->s3->renegotiate) { 1059 !S3I(s)->renegotiate) {
1060 ssl3_renegotiate(s); 1060 ssl3_renegotiate(s);
1061 if (ssl3_renegotiate_check(s)) { 1061 if (ssl3_renegotiate_check(s)) {
1062 i = s->handshake_func(s); 1062 i = s->handshake_func(s);
@@ -1094,24 +1094,24 @@ start:
1094 */ 1094 */
1095 if (s->server && 1095 if (s->server &&
1096 SSL_is_init_finished(s) && 1096 SSL_is_init_finished(s) &&
1097 !s->s3->send_connection_binding && 1097 !S3I(s)->send_connection_binding &&
1098 (s->s3->handshake_fragment_len >= 4) && 1098 (S3I(s)->handshake_fragment_len >= 4) &&
1099 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && 1099 (S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
1100 (s->session != NULL) && (s->session->cipher != NULL)) { 1100 (s->session != NULL) && (s->session->cipher != NULL)) {
1101 /*s->s3->handshake_fragment_len = 0;*/ 1101 /*S3I(s)->handshake_fragment_len = 0;*/
1102 rr->length = 0; 1102 rr->length = 0;
1103 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); 1103 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
1104 goto start; 1104 goto start;
1105 } 1105 }
1106 if (s->s3->alert_fragment_len >= 2) { 1106 if (S3I(s)->alert_fragment_len >= 2) {
1107 int alert_level = s->s3->alert_fragment[0]; 1107 int alert_level = S3I(s)->alert_fragment[0];
1108 int alert_descr = s->s3->alert_fragment[1]; 1108 int alert_descr = S3I(s)->alert_fragment[1];
1109 1109
1110 s->s3->alert_fragment_len = 0; 1110 S3I(s)->alert_fragment_len = 0;
1111 1111
1112 if (s->msg_callback) 1112 if (s->msg_callback)
1113 s->msg_callback(0, s->version, SSL3_RT_ALERT, 1113 s->msg_callback(0, s->version, SSL3_RT_ALERT,
1114 s->s3->alert_fragment, 2, s, s->msg_callback_arg); 1114 S3I(s)->alert_fragment, 2, s, s->msg_callback_arg);
1115 1115
1116 if (s->info_callback != NULL) 1116 if (s->info_callback != NULL)
1117 cb = s->info_callback; 1117 cb = s->info_callback;
@@ -1124,7 +1124,7 @@ start:
1124 } 1124 }
1125 1125
1126 if (alert_level == SSL3_AL_WARNING) { 1126 if (alert_level == SSL3_AL_WARNING) {
1127 s->s3->warn_alert = alert_descr; 1127 S3I(s)->warn_alert = alert_descr;
1128 if (alert_descr == SSL_AD_CLOSE_NOTIFY) { 1128 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
1129 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 1129 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1130 return (0); 1130 return (0);
@@ -1146,7 +1146,7 @@ start:
1146 } 1146 }
1147 } else if (alert_level == SSL3_AL_FATAL) { 1147 } else if (alert_level == SSL3_AL_FATAL) {
1148 s->rwstate = SSL_NOTHING; 1148 s->rwstate = SSL_NOTHING;
1149 s->s3->fatal_alert = alert_descr; 1149 S3I(s)->fatal_alert = alert_descr;
1150 SSLerr(SSL_F_SSL3_READ_BYTES, 1150 SSLerr(SSL_F_SSL3_READ_BYTES,
1151 SSL_AD_REASON_OFFSET + alert_descr); 1151 SSL_AD_REASON_OFFSET + alert_descr);
1152 ERR_asprintf_error_data("SSL alert number %d", 1152 ERR_asprintf_error_data("SSL alert number %d",
@@ -1182,7 +1182,7 @@ start:
1182 } 1182 }
1183 1183
1184 /* Check we have a cipher to change to */ 1184 /* Check we have a cipher to change to */
1185 if (s->s3->tmp.new_cipher == NULL) { 1185 if (S3I(s)->tmp.new_cipher == NULL) {
1186 al = SSL_AD_UNEXPECTED_MESSAGE; 1186 al = SSL_AD_UNEXPECTED_MESSAGE;
1187 SSLerr(SSL_F_SSL3_READ_BYTES, 1187 SSLerr(SSL_F_SSL3_READ_BYTES,
1188 SSL_R_CCS_RECEIVED_EARLY); 1188 SSL_R_CCS_RECEIVED_EARLY);
@@ -1206,7 +1206,7 @@ start:
1206 s->msg_callback_arg); 1206 s->msg_callback_arg);
1207 } 1207 }
1208 1208
1209 s->s3->change_cipher_spec = 1; 1209 S3I(s)->change_cipher_spec = 1;
1210 if (!ssl3_do_change_cipher_spec(s)) 1210 if (!ssl3_do_change_cipher_spec(s))
1211 goto err; 1211 goto err;
1212 else 1212 else
@@ -1214,7 +1214,7 @@ start:
1214 } 1214 }
1215 1215
1216 /* Unexpected handshake message (Client Hello, or protocol violation) */ 1216 /* Unexpected handshake message (Client Hello, or protocol violation) */
1217 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { 1217 if ((S3I(s)->handshake_fragment_len >= 4) && !s->in_handshake) {
1218 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1218 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1219 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { 1219 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1220 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1220 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
@@ -1278,15 +1278,15 @@ start:
1278 * at this point (session renegotiation not yet started), 1278 * at this point (session renegotiation not yet started),
1279 * we will indulge it. 1279 * we will indulge it.
1280 */ 1280 */
1281 if (s->s3->in_read_app_data && 1281 if (S3I(s)->in_read_app_data &&
1282 (s->s3->total_renegotiations != 0) && 1282 (S3I(s)->total_renegotiations != 0) &&
1283 (((s->state & SSL_ST_CONNECT) && 1283 (((s->state & SSL_ST_CONNECT) &&
1284 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && 1284 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1285 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || 1285 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
1286 ((s->state & SSL_ST_ACCEPT) && 1286 ((s->state & SSL_ST_ACCEPT) &&
1287 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1287 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1288 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { 1288 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1289 s->s3->in_read_app_data = 2; 1289 S3I(s)->in_read_app_data = 2;
1290 return (-1); 1290 return (-1);
1291 } else { 1291 } else {
1292 al = SSL_AD_UNEXPECTED_MESSAGE; 1292 al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -1314,7 +1314,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1314 else 1314 else
1315 i = SSL3_CHANGE_CIPHER_CLIENT_READ; 1315 i = SSL3_CHANGE_CIPHER_CLIENT_READ;
1316 1316
1317 if (s->s3->tmp.key_block == NULL) { 1317 if (S3I(s)->tmp.key_block == NULL) {
1318 if (s->session == NULL || s->session->master_key_length == 0) { 1318 if (s->session == NULL || s->session->master_key_length == 0) {
1319 /* might happen if dtls1_read_bytes() calls this */ 1319 /* might happen if dtls1_read_bytes() calls this */
1320 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, 1320 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,
@@ -1322,7 +1322,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1322 return (0); 1322 return (0);
1323 } 1323 }
1324 1324
1325 s->session->cipher = s->s3->tmp.new_cipher; 1325 s->session->cipher = S3I(s)->tmp.new_cipher;
1326 if (!s->method->ssl3_enc->setup_key_block(s)) 1326 if (!s->method->ssl3_enc->setup_key_block(s))
1327 return (0); 1327 return (0);
1328 } 1328 }
@@ -1342,12 +1342,12 @@ ssl3_do_change_cipher_spec(SSL *s)
1342 } 1342 }
1343 1343
1344 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, 1344 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
1345 s->s3->tmp.peer_finish_md); 1345 S3I(s)->tmp.peer_finish_md);
1346 if (i == 0) { 1346 if (i == 0) {
1347 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); 1347 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
1348 return 0; 1348 return 0;
1349 } 1349 }
1350 s->s3->tmp.peer_finish_md_len = i; 1350 S3I(s)->tmp.peer_finish_md_len = i;
1351 1351
1352 return (1); 1352 return (1);
1353} 1353}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 00:27:30 +0000