summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_srvr.c150
1 files changed, 75 insertions, 75 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 5717d5edda..31860eb049 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.146 2017/01/23 05:13:02 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.147 2017/01/23 06:45:30 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -199,7 +199,7 @@ ssl3_accept(SSL *s)
199 199
200 switch (s->state) { 200 switch (s->state) {
201 case SSL_ST_RENEGOTIATE: 201 case SSL_ST_RENEGOTIATE:
202 s->renegotiate = 1; 202 s->internal->renegotiate = 1;
203 /* s->state=SSL_ST_ACCEPT; */ 203 /* s->state=SSL_ST_ACCEPT; */
204 204
205 case SSL_ST_BEFORE: 205 case SSL_ST_BEFORE:
@@ -216,7 +216,7 @@ ssl3_accept(SSL *s)
216 ret = -1; 216 ret = -1;
217 goto end; 217 goto end;
218 } 218 }
219 s->type = SSL_ST_ACCEPT; 219 s->internal->type = SSL_ST_ACCEPT;
220 220
221 if (!ssl3_setup_init_buffer(s)) { 221 if (!ssl3_setup_init_buffer(s)) {
222 ret = -1; 222 ret = -1;
@@ -227,7 +227,7 @@ ssl3_accept(SSL *s)
227 goto end; 227 goto end;
228 } 228 }
229 229
230 s->init_num = 0; 230 s->internal->init_num = 0;
231 231
232 if (s->state != SSL_ST_RENEGOTIATE) { 232 if (s->state != SSL_ST_RENEGOTIATE) {
233 /* 233 /*
@@ -272,13 +272,13 @@ ssl3_accept(SSL *s)
272 case SSL3_ST_SW_HELLO_REQ_A: 272 case SSL3_ST_SW_HELLO_REQ_A:
273 case SSL3_ST_SW_HELLO_REQ_B: 273 case SSL3_ST_SW_HELLO_REQ_B:
274 274
275 s->shutdown = 0; 275 s->internal->shutdown = 0;
276 ret = ssl3_send_hello_request(s); 276 ret = ssl3_send_hello_request(s);
277 if (ret <= 0) 277 if (ret <= 0)
278 goto end; 278 goto end;
279 S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C; 279 S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
280 s->state = SSL3_ST_SW_FLUSH; 280 s->state = SSL3_ST_SW_FLUSH;
281 s->init_num = 0; 281 s->internal->init_num = 0;
282 282
283 if (!tls1_init_finished_mac(s)) { 283 if (!tls1_init_finished_mac(s)) {
284 ret = -1; 284 ret = -1;
@@ -294,16 +294,16 @@ ssl3_accept(SSL *s)
294 case SSL3_ST_SR_CLNT_HELLO_B: 294 case SSL3_ST_SR_CLNT_HELLO_B:
295 case SSL3_ST_SR_CLNT_HELLO_C: 295 case SSL3_ST_SR_CLNT_HELLO_C:
296 296
297 s->shutdown = 0; 297 s->internal->shutdown = 0;
298 if (s->rwstate != SSL_X509_LOOKUP) { 298 if (s->internal->rwstate != SSL_X509_LOOKUP) {
299 ret = ssl3_get_client_hello(s); 299 ret = ssl3_get_client_hello(s);
300 if (ret <= 0) 300 if (ret <= 0)
301 goto end; 301 goto end;
302 } 302 }
303 303
304 s->renegotiate = 2; 304 s->internal->renegotiate = 2;
305 s->state = SSL3_ST_SW_SRVR_HELLO_A; 305 s->state = SSL3_ST_SW_SRVR_HELLO_A;
306 s->init_num = 0; 306 s->internal->init_num = 0;
307 break; 307 break;
308 308
309 case SSL3_ST_SW_SRVR_HELLO_A: 309 case SSL3_ST_SW_SRVR_HELLO_A:
@@ -311,15 +311,15 @@ ssl3_accept(SSL *s)
311 ret = ssl3_send_server_hello(s); 311 ret = ssl3_send_server_hello(s);
312 if (ret <= 0) 312 if (ret <= 0)
313 goto end; 313 goto end;
314 if (s->hit) { 314 if (s->internal->hit) {
315 if (s->tlsext_ticket_expected) 315 if (s->internal->tlsext_ticket_expected)
316 s->state = SSL3_ST_SW_SESSION_TICKET_A; 316 s->state = SSL3_ST_SW_SESSION_TICKET_A;
317 else 317 else
318 s->state = SSL3_ST_SW_CHANGE_A; 318 s->state = SSL3_ST_SW_CHANGE_A;
319 } 319 }
320 else 320 else
321 s->state = SSL3_ST_SW_CERT_A; 321 s->state = SSL3_ST_SW_CERT_A;
322 s->init_num = 0; 322 s->internal->init_num = 0;
323 break; 323 break;
324 324
325 case SSL3_ST_SW_CERT_A: 325 case SSL3_ST_SW_CERT_A:
@@ -330,7 +330,7 @@ ssl3_accept(SSL *s)
330 ret = ssl3_send_server_certificate(s); 330 ret = ssl3_send_server_certificate(s);
331 if (ret <= 0) 331 if (ret <= 0)
332 goto end; 332 goto end;
333 if (s->tlsext_status_expected) 333 if (s->internal->tlsext_status_expected)
334 s->state = SSL3_ST_SW_CERT_STATUS_A; 334 s->state = SSL3_ST_SW_CERT_STATUS_A;
335 else 335 else
336 s->state = SSL3_ST_SW_KEY_EXCH_A; 336 s->state = SSL3_ST_SW_KEY_EXCH_A;
@@ -338,7 +338,7 @@ ssl3_accept(SSL *s)
338 skip = 1; 338 skip = 1;
339 s->state = SSL3_ST_SW_KEY_EXCH_A; 339 s->state = SSL3_ST_SW_KEY_EXCH_A;
340 } 340 }
341 s->init_num = 0; 341 s->internal->init_num = 0;
342 break; 342 break;
343 343
344 case SSL3_ST_SW_KEY_EXCH_A: 344 case SSL3_ST_SW_KEY_EXCH_A:
@@ -361,7 +361,7 @@ ssl3_accept(SSL *s)
361 skip = 1; 361 skip = 1;
362 362
363 s->state = SSL3_ST_SW_CERT_REQ_A; 363 s->state = SSL3_ST_SW_CERT_REQ_A;
364 s->init_num = 0; 364 s->internal->init_num = 0;
365 break; 365 break;
366 366
367 case SSL3_ST_SW_CERT_REQ_A: 367 case SSL3_ST_SW_CERT_REQ_A:
@@ -405,7 +405,7 @@ ssl3_accept(SSL *s)
405 if (ret <= 0) 405 if (ret <= 0)
406 goto end; 406 goto end;
407 s->state = SSL3_ST_SW_SRVR_DONE_A; 407 s->state = SSL3_ST_SW_SRVR_DONE_A;
408 s->init_num = 0; 408 s->internal->init_num = 0;
409 } 409 }
410 break; 410 break;
411 411
@@ -416,7 +416,7 @@ ssl3_accept(SSL *s)
416 goto end; 416 goto end;
417 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; 417 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
418 s->state = SSL3_ST_SW_FLUSH; 418 s->state = SSL3_ST_SW_FLUSH;
419 s->init_num = 0; 419 s->internal->init_num = 0;
420 break; 420 break;
421 421
422 case SSL3_ST_SW_FLUSH: 422 case SSL3_ST_SW_FLUSH:
@@ -432,12 +432,12 @@ ssl3_accept(SSL *s)
432 * unconditionally. 432 * unconditionally.
433 */ 433 */
434 434
435 s->rwstate = SSL_WRITING; 435 s->internal->rwstate = SSL_WRITING;
436 if (BIO_flush(s->wbio) <= 0) { 436 if (BIO_flush(s->wbio) <= 0) {
437 ret = -1; 437 ret = -1;
438 goto end; 438 goto end;
439 } 439 }
440 s->rwstate = SSL_NOTHING; 440 s->internal->rwstate = SSL_NOTHING;
441 441
442 s->state = S3I(s)->tmp.next_state; 442 s->state = S3I(s)->tmp.next_state;
443 break; 443 break;
@@ -449,7 +449,7 @@ ssl3_accept(SSL *s)
449 if (ret <= 0) 449 if (ret <= 0)
450 goto end; 450 goto end;
451 } 451 }
452 s->init_num = 0; 452 s->internal->init_num = 0;
453 s->state = SSL3_ST_SR_KEY_EXCH_A; 453 s->state = SSL3_ST_SR_KEY_EXCH_A;
454 break; 454 break;
455 455
@@ -473,10 +473,10 @@ ssl3_accept(SSL *s)
473 s->state = SSL3_ST_SR_NEXT_PROTO_A; 473 s->state = SSL3_ST_SR_NEXT_PROTO_A;
474 else 474 else
475 s->state = SSL3_ST_SR_FINISHED_A; 475 s->state = SSL3_ST_SR_FINISHED_A;
476 s->init_num = 0; 476 s->internal->init_num = 0;
477 } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { 477 } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
478 s->state = SSL3_ST_SR_CERT_VRFY_A; 478 s->state = SSL3_ST_SR_CERT_VRFY_A;
479 s->init_num = 0; 479 s->internal->init_num = 0;
480 if (!s->session->peer) 480 if (!s->session->peer)
481 break; 481 break;
482 /* 482 /*
@@ -499,7 +499,7 @@ ssl3_accept(SSL *s)
499 int dgst_num; 499 int dgst_num;
500 500
501 s->state = SSL3_ST_SR_CERT_VRFY_A; 501 s->state = SSL3_ST_SR_CERT_VRFY_A;
502 s->init_num = 0; 502 s->internal->init_num = 0;
503 503
504 /* 504 /*
505 * We need to get hashes here so if there is 505 * We need to get hashes here so if there is
@@ -547,7 +547,7 @@ ssl3_accept(SSL *s)
547 s->state = SSL3_ST_SR_NEXT_PROTO_A; 547 s->state = SSL3_ST_SR_NEXT_PROTO_A;
548 else 548 else
549 s->state = SSL3_ST_SR_FINISHED_A; 549 s->state = SSL3_ST_SR_FINISHED_A;
550 s->init_num = 0; 550 s->internal->init_num = 0;
551 break; 551 break;
552 552
553 case SSL3_ST_SR_NEXT_PROTO_A: 553 case SSL3_ST_SR_NEXT_PROTO_A:
@@ -555,7 +555,7 @@ ssl3_accept(SSL *s)
555 ret = ssl3_get_next_proto(s); 555 ret = ssl3_get_next_proto(s);
556 if (ret <= 0) 556 if (ret <= 0)
557 goto end; 557 goto end;
558 s->init_num = 0; 558 s->internal->init_num = 0;
559 s->state = SSL3_ST_SR_FINISHED_A; 559 s->state = SSL3_ST_SR_FINISHED_A;
560 break; 560 break;
561 561
@@ -566,13 +566,13 @@ ssl3_accept(SSL *s)
566 SSL3_ST_SR_FINISHED_B); 566 SSL3_ST_SR_FINISHED_B);
567 if (ret <= 0) 567 if (ret <= 0)
568 goto end; 568 goto end;
569 if (s->hit) 569 if (s->internal->hit)
570 s->state = SSL_ST_OK; 570 s->state = SSL_ST_OK;
571 else if (s->tlsext_ticket_expected) 571 else if (s->internal->tlsext_ticket_expected)
572 s->state = SSL3_ST_SW_SESSION_TICKET_A; 572 s->state = SSL3_ST_SW_SESSION_TICKET_A;
573 else 573 else
574 s->state = SSL3_ST_SW_CHANGE_A; 574 s->state = SSL3_ST_SW_CHANGE_A;
575 s->init_num = 0; 575 s->internal->init_num = 0;
576 break; 576 break;
577 577
578 case SSL3_ST_SW_SESSION_TICKET_A: 578 case SSL3_ST_SW_SESSION_TICKET_A:
@@ -581,7 +581,7 @@ ssl3_accept(SSL *s)
581 if (ret <= 0) 581 if (ret <= 0)
582 goto end; 582 goto end;
583 s->state = SSL3_ST_SW_CHANGE_A; 583 s->state = SSL3_ST_SW_CHANGE_A;
584 s->init_num = 0; 584 s->internal->init_num = 0;
585 break; 585 break;
586 586
587 case SSL3_ST_SW_CERT_STATUS_A: 587 case SSL3_ST_SW_CERT_STATUS_A:
@@ -590,7 +590,7 @@ ssl3_accept(SSL *s)
590 if (ret <= 0) 590 if (ret <= 0)
591 goto end; 591 goto end;
592 s->state = SSL3_ST_SW_KEY_EXCH_A; 592 s->state = SSL3_ST_SW_KEY_EXCH_A;
593 s->init_num = 0; 593 s->internal->init_num = 0;
594 break; 594 break;
595 595
596 596
@@ -609,7 +609,7 @@ ssl3_accept(SSL *s)
609 if (ret <= 0) 609 if (ret <= 0)
610 goto end; 610 goto end;
611 s->state = SSL3_ST_SW_FINISHED_A; 611 s->state = SSL3_ST_SW_FINISHED_A;
612 s->init_num = 0; 612 s->internal->init_num = 0;
613 613
614 if (!s->method->ssl3_enc->change_cipher_state( 614 if (!s->method->ssl3_enc->change_cipher_state(
615 s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { 615 s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
@@ -628,7 +628,7 @@ ssl3_accept(SSL *s)
628 if (ret <= 0) 628 if (ret <= 0)
629 goto end; 629 goto end;
630 s->state = SSL3_ST_SW_FLUSH; 630 s->state = SSL3_ST_SW_FLUSH;
631 if (s->hit) { 631 if (s->internal->hit) {
632 if (S3I(s)->next_proto_neg_seen) { 632 if (S3I(s)->next_proto_neg_seen) {
633 s->s3->flags |= SSL3_FLAGS_CCS_OK; 633 s->s3->flags |= SSL3_FLAGS_CCS_OK;
634 S3I(s)->tmp.next_state = 634 S3I(s)->tmp.next_state =
@@ -638,25 +638,25 @@ ssl3_accept(SSL *s)
638 SSL3_ST_SR_FINISHED_A; 638 SSL3_ST_SR_FINISHED_A;
639 } else 639 } else
640 S3I(s)->tmp.next_state = SSL_ST_OK; 640 S3I(s)->tmp.next_state = SSL_ST_OK;
641 s->init_num = 0; 641 s->internal->init_num = 0;
642 break; 642 break;
643 643
644 case SSL_ST_OK: 644 case SSL_ST_OK:
645 /* clean a few things up */ 645 /* clean a few things up */
646 tls1_cleanup_key_block(s); 646 tls1_cleanup_key_block(s);
647 647
648 BUF_MEM_free(s->init_buf); 648 BUF_MEM_free(s->internal->init_buf);
649 s->init_buf = NULL; 649 s->internal->init_buf = NULL;
650 650
651 /* remove buffering on output */ 651 /* remove buffering on output */
652 ssl_free_wbio_buffer(s); 652 ssl_free_wbio_buffer(s);
653 653
654 s->init_num = 0; 654 s->internal->init_num = 0;
655 655
656 /* skipped if we just sent a HelloRequest */ 656 /* skipped if we just sent a HelloRequest */
657 if (s->renegotiate == 2) { 657 if (s->internal->renegotiate == 2) {
658 s->renegotiate = 0; 658 s->internal->renegotiate = 0;
659 s->new_session = 0; 659 s->internal->new_session = 0;
660 660
661 ssl_update_cache(s, SSL_SESS_CACHE_SERVER); 661 ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
662 662
@@ -681,7 +681,7 @@ ssl3_accept(SSL *s)
681 } 681 }
682 682
683 if (!S3I(s)->tmp.reuse_message && !skip) { 683 if (!S3I(s)->tmp.reuse_message && !skip) {
684 if (s->debug) { 684 if (s->internal->debug) {
685 if ((ret = BIO_flush(s->wbio)) <= 0) 685 if ((ret = BIO_flush(s->wbio)) <= 0)
686 goto end; 686 goto end;
687 } 687 }
@@ -741,15 +741,15 @@ ssl3_get_client_hello(SSL *s)
741 if (s->state == SSL3_ST_SR_CLNT_HELLO_A) { 741 if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {
742 s->state = SSL3_ST_SR_CLNT_HELLO_B; 742 s->state = SSL3_ST_SR_CLNT_HELLO_B;
743 } 743 }
744 s->first_packet = 1; 744 s->internal->first_packet = 1;
745 n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, 745 n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
746 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, 746 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
747 SSL3_RT_MAX_PLAIN_LENGTH, &ok); 747 SSL3_RT_MAX_PLAIN_LENGTH, &ok);
748 748
749 if (!ok) 749 if (!ok)
750 return ((int)n); 750 return ((int)n);
751 s->first_packet = 0; 751 s->internal->first_packet = 0;
752 d = p = (unsigned char *)s->init_msg; 752 d = p = (unsigned char *)s->internal->init_msg;
753 753
754 if (2 > n) 754 if (2 > n)
755 goto truncated; 755 goto truncated;
@@ -765,7 +765,7 @@ ssl3_get_client_hello(SSL *s)
765 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 765 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
766 SSL_R_WRONG_VERSION_NUMBER); 766 SSL_R_WRONG_VERSION_NUMBER);
767 if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && 767 if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
768 !s->enc_write_ctx && !s->write_hash) { 768 !s->internal->enc_write_ctx && !s->internal->write_hash) {
769 /* 769 /*
770 * Similar to ssl3_get_record, send alert using remote 770 * Similar to ssl3_get_record, send alert using remote
771 * version number 771 * version number
@@ -808,7 +808,7 @@ ssl3_get_client_hello(SSL *s)
808 if (p - d + j > n) 808 if (p - d + j > n)
809 goto truncated; 809 goto truncated;
810 810
811 s->hit = 0; 811 s->internal->hit = 0;
812 /* 812 /*
813 * Versions before 0.9.7 always allow clients to resume sessions in 813 * Versions before 0.9.7 always allow clients to resume sessions in
814 * renegotiation. 0.9.7 and later allow this by default, but optionally 814 * renegotiation. 0.9.7 and later allow this by default, but optionally
@@ -819,19 +819,19 @@ ssl3_get_client_hello(SSL *s)
819 * library versions). 819 * library versions).
820 * 820 *
821 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() 821 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated()
822 * to request renegotiation but not a new session (s->new_session 822 * to request renegotiation but not a new session (s->internal->new_session
823 * remains unset): for servers, this essentially just means that the 823 * remains unset): for servers, this essentially just means that the
824 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be 824 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
825 * ignored. 825 * ignored.
826 */ 826 */
827 if ((s->new_session && (s->options & 827 if ((s->internal->new_session && (s->options &
828 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { 828 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
829 if (!ssl_get_new_session(s, 1)) 829 if (!ssl_get_new_session(s, 1))
830 goto err; 830 goto err;
831 } else { 831 } else {
832 i = ssl_get_prev_session(s, p, j, d + n); 832 i = ssl_get_prev_session(s, p, j, d + n);
833 if (i == 1) { /* previous session */ 833 if (i == 1) { /* previous session */
834 s->hit = 1; 834 s->internal->hit = 1;
835 } else if (i == -1) 835 } else if (i == -1)
836 goto err; 836 goto err;
837 else { 837 else {
@@ -913,7 +913,7 @@ ssl3_get_client_hello(SSL *s)
913 p += i; 913 p += i;
914 914
915 /* If it is a hit, check that the cipher is in the list */ 915 /* If it is a hit, check that the cipher is in the list */
916 if ((s->hit) && (i > 0)) { 916 if ((s->internal->hit) && (i > 0)) {
917 j = 0; 917 j = 0;
918 id = s->session->cipher->id; 918 id = s->session->cipher->id;
919 919
@@ -976,14 +976,14 @@ ssl3_get_client_hello(SSL *s)
976 */ 976 */
977 arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); 977 arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
978 978
979 if (!s->hit && s->internal->tls_session_secret_cb) { 979 if (!s->internal->hit && s->internal->tls_session_secret_cb) {
980 SSL_CIPHER *pref_cipher = NULL; 980 SSL_CIPHER *pref_cipher = NULL;
981 981
982 s->session->master_key_length = sizeof(s->session->master_key); 982 s->session->master_key_length = sizeof(s->session->master_key);
983 if (s->internal->tls_session_secret_cb(s, s->session->master_key, 983 if (s->internal->tls_session_secret_cb(s, s->session->master_key,
984 &s->session->master_key_length, ciphers, &pref_cipher, 984 &s->session->master_key_length, ciphers, &pref_cipher,
985 s->internal->tls_session_secret_cb_arg)) { 985 s->internal->tls_session_secret_cb_arg)) {
986 s->hit = 1; 986 s->internal->hit = 1;
987 s->session->ciphers = ciphers; 987 s->session->ciphers = ciphers;
988 s->session->verify_result = X509_V_OK; 988 s->session->verify_result = X509_V_OK;
989 989
@@ -1005,11 +1005,11 @@ ssl3_get_client_hello(SSL *s)
1005 if (s->cipher_list) 1005 if (s->cipher_list)
1006 sk_SSL_CIPHER_free(s->cipher_list); 1006 sk_SSL_CIPHER_free(s->cipher_list);
1007 1007
1008 if (s->cipher_list_by_id) 1008 if (s->internal->cipher_list_by_id)
1009 sk_SSL_CIPHER_free(s->cipher_list_by_id); 1009 sk_SSL_CIPHER_free(s->internal->cipher_list_by_id);
1010 1010
1011 s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); 1011 s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
1012 s->cipher_list_by_id = 1012 s->internal->cipher_list_by_id =
1013 sk_SSL_CIPHER_dup(s->session->ciphers); 1013 sk_SSL_CIPHER_dup(s->session->ciphers);
1014 } 1014 }
1015 } 1015 }
@@ -1019,7 +1019,7 @@ ssl3_get_client_hello(SSL *s)
1019 * pick a cipher 1019 * pick a cipher
1020 */ 1020 */
1021 1021
1022 if (!s->hit) { 1022 if (!s->internal->hit) {
1023 if (s->session->ciphers != NULL) 1023 if (s->session->ciphers != NULL)
1024 sk_SSL_CIPHER_free(s->session->ciphers); 1024 sk_SSL_CIPHER_free(s->session->ciphers);
1025 s->session->ciphers = ciphers; 1025 s->session->ciphers = ciphers;
@@ -1061,7 +1061,7 @@ ssl3_get_client_hello(SSL *s)
1061 * compression - basically ignored right now 1061 * compression - basically ignored right now
1062 * ssl version is set - sslv3 1062 * ssl version is set - sslv3
1063 * s->session - The ssl session has been setup. 1063 * s->session - The ssl session has been setup.
1064 * s->hit - session reuse flag 1064 * s->internal->hit - session reuse flag
1065 * s->tmp.new_cipher - the new cipher to use. 1065 * s->tmp.new_cipher - the new cipher to use.
1066 */ 1066 */
1067 1067
@@ -1097,7 +1097,7 @@ ssl3_send_server_hello(SSL *s)
1097 1097
1098 memset(&cbb, 0, sizeof(cbb)); 1098 memset(&cbb, 0, sizeof(cbb));
1099 1099
1100 bufend = (unsigned char *)s->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; 1100 bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
1101 1101
1102 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { 1102 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
1103 d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); 1103 d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
@@ -1125,12 +1125,12 @@ ssl3_send_server_hello(SSL *s)
1125 * - However, if we want the new session to be single-use, 1125 * - However, if we want the new session to be single-use,
1126 * we send back a 0-length session ID. 1126 * we send back a 0-length session ID.
1127 * 1127 *
1128 * s->hit is non-zero in either case of session reuse, 1128 * s->internal->hit is non-zero in either case of session reuse,
1129 * so the following won't overwrite an ID that we're supposed 1129 * so the following won't overwrite an ID that we're supposed
1130 * to send back. 1130 * to send back.
1131 */ 1131 */
1132 if (!(s->ctx->internal->session_cache_mode & SSL_SESS_CACHE_SERVER) 1132 if (!(s->ctx->internal->session_cache_mode & SSL_SESS_CACHE_SERVER)
1133 && !s->hit) 1133 && !s->internal->hit)
1134 s->session->session_id_length = 0; 1134 s->session->session_id_length = 0;
1135 1135
1136 sl = s->session->session_id_length; 1136 sl = s->session->session_id_length;
@@ -1491,7 +1491,7 @@ ssl3_send_server_key_exchange(SSL *s)
1491 type = S3I(s)->tmp.new_cipher->algorithm_mkey; 1491 type = S3I(s)->tmp.new_cipher->algorithm_mkey;
1492 cert = s->cert; 1492 cert = s->cert;
1493 1493
1494 buf = s->init_buf; 1494 buf = s->internal->init_buf;
1495 1495
1496 if (!CBB_init(&cbb, 0)) 1496 if (!CBB_init(&cbb, 0))
1497 goto err; 1497 goto err;
@@ -1647,7 +1647,7 @@ ssl3_send_certificate_request(SSL *s)
1647 BUF_MEM *buf; 1647 BUF_MEM *buf;
1648 1648
1649 if (s->state == SSL3_ST_SW_CERT_REQ_A) { 1649 if (s->state == SSL3_ST_SW_CERT_REQ_A) {
1650 buf = s->init_buf; 1650 buf = s->internal->init_buf;
1651 1651
1652 d = p = ssl3_handshake_msg_start(s, 1652 d = p = ssl3_handshake_msg_start(s,
1653 SSL3_MT_CERTIFICATE_REQUEST); 1653 SSL3_MT_CERTIFICATE_REQUEST);
@@ -1986,7 +1986,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1986 * p is pointing to somewhere in the buffer 1986 * p is pointing to somewhere in the buffer
1987 * currently, so set it to the start. 1987 * currently, so set it to the start.
1988 */ 1988 */
1989 p = (unsigned char *)s->init_buf->data; 1989 p = (unsigned char *)s->internal->init_buf->data;
1990 } 1990 }
1991 1991
1992 /* Compute the shared pre-master secret */ 1992 /* Compute the shared pre-master secret */
@@ -2169,7 +2169,7 @@ ssl3_get_client_key_exchange(SSL *s)
2169 if (!ok) 2169 if (!ok)
2170 return ((int)n); 2170 return ((int)n);
2171 2171
2172 p = (unsigned char *)s->init_msg; 2172 p = (unsigned char *)s->internal->init_msg;
2173 2173
2174 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; 2174 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
2175 2175
@@ -2261,7 +2261,7 @@ ssl3_get_cert_verify(SSL *s)
2261 } 2261 }
2262 2262
2263 /* we now have a signature that we need to verify */ 2263 /* we now have a signature that we need to verify */
2264 p = (unsigned char *)s->init_msg; 2264 p = (unsigned char *)s->internal->init_msg;
2265 /* 2265 /*
2266 * Check for broken implementations of GOST ciphersuites. 2266 * Check for broken implementations of GOST ciphersuites.
2267 * 2267 *
@@ -2477,7 +2477,7 @@ ssl3_get_client_certificate(SSL *s)
2477 STACK_OF(X509) *sk = NULL; 2477 STACK_OF(X509) *sk = NULL;
2478 2478
2479 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, 2479 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
2480 -1, s->max_cert_list, &ok); 2480 -1, s->internal->max_cert_list, &ok);
2481 2481
2482 if (!ok) 2482 if (!ok)
2483 return ((int)n); 2483 return ((int)n);
@@ -2515,7 +2515,7 @@ ssl3_get_client_certificate(SSL *s)
2515 if (n < 0) 2515 if (n < 0)
2516 goto truncated; 2516 goto truncated;
2517 2517
2518 CBS_init(&cbs, s->init_msg, n); 2518 CBS_init(&cbs, s->internal->init_msg, n);
2519 2519
2520 if ((sk = sk_X509_new_null()) == NULL) { 2520 if ((sk = sk_X509_new_null()) == NULL) {
2521 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2521 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
@@ -2727,7 +2727,7 @@ ssl3_send_newsession_ticket(SSL *s)
2727 * session_length + max_enc_block_size (max encrypted session 2727 * session_length + max_enc_block_size (max encrypted session
2728 * length) + max_md_size (HMAC). 2728 * length) + max_md_size (HMAC).
2729 */ 2729 */
2730 if (!BUF_MEM_grow(s->init_buf, ssl3_handshake_msg_hdr_len(s) + 2730 if (!BUF_MEM_grow(s->internal->init_buf, ssl3_handshake_msg_hdr_len(s) +
2731 22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + 2731 22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
2732 EVP_MAX_MD_SIZE + slen)) 2732 EVP_MAX_MD_SIZE + slen))
2733 goto err; 2733 goto err;
@@ -2763,7 +2763,7 @@ ssl3_send_newsession_ticket(SSL *s)
2763 * (for simplicity), and guess that tickets for new 2763 * (for simplicity), and guess that tickets for new
2764 * sessions will live as long as their sessions. 2764 * sessions will live as long as their sessions.
2765 */ 2765 */
2766 l2n(s->hit ? 0 : s->session->timeout, p); 2766 l2n(s->internal->hit ? 0 : s->session->timeout, p);
2767 2767
2768 /* Skip ticket length for now */ 2768 /* Skip ticket length for now */
2769 p += 2; 2769 p += 2;
@@ -2825,17 +2825,17 @@ ssl3_send_cert_status(SSL *s)
2825 * 1 (ocsp response type) + 3 (ocsp response length) 2825 * 1 (ocsp response type) + 3 (ocsp response length)
2826 * + (ocsp response) 2826 * + (ocsp response)
2827 */ 2827 */
2828 if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 + 2828 if (!BUF_MEM_grow(s->internal->init_buf, SSL3_HM_HEADER_LENGTH + 4 +
2829 s->tlsext_ocsp_resplen)) 2829 s->internal->tlsext_ocsp_resplen))
2830 return (-1); 2830 return (-1);
2831 2831
2832 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS); 2832 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS);
2833 2833
2834 *(p++) = s->tlsext_status_type; 2834 *(p++) = s->tlsext_status_type;
2835 l2n3(s->tlsext_ocsp_resplen, p); 2835 l2n3(s->internal->tlsext_ocsp_resplen, p);
2836 memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); 2836 memcpy(p, s->internal->tlsext_ocsp_resp, s->internal->tlsext_ocsp_resplen);
2837 2837
2838 ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4); 2838 ssl3_handshake_msg_finish(s, s->internal->tlsext_ocsp_resplen + 4);
2839 2839
2840 s->state = SSL3_ST_SW_CERT_STATUS_B; 2840 s->state = SSL3_ST_SW_CERT_STATUS_B;
2841 } 2841 }
@@ -2887,7 +2887,7 @@ ssl3_get_next_proto(SSL *s)
2887 return (0); 2887 return (0);
2888 /* The body must be > 1 bytes long */ 2888 /* The body must be > 1 bytes long */
2889 2889
2890 CBS_init(&cbs, s->init_msg, s->init_num); 2890 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
2891 2891
2892 /* 2892 /*
2893 * The payload looks like: 2893 * The payload looks like:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-20 03:46:12 +0000