1 files changed, 2 insertions, 115 deletions
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 6344176105..91cbaf29e3 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.44 2017/01/22 03:50:45 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.45 2017/01/22 09:02:07 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -363,135 +363,22 @@ struct ssl3_state_internal_st;
 typedef struct ssl3_state_st {
        long flags;
-        int delay_buf_pop_ret;
-        unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
-        int read_mac_secret_size;
-        unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-        unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
-        int write_mac_secret_size;
-        unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
        unsigned char server_random[SSL3_RANDOM_SIZE];
        unsigned char client_random[SSL3_RANDOM_SIZE];
-        /* flags for countermeasure against known-IV weakness */
-        int need_empty_fragments;
-        int empty_fragment_done;
        SSL3_BUFFER rbuf;       /* read IO goes into here */
        SSL3_BUFFER wbuf;       /* write IO goes into here */
-        SSL3_RECORD rrec;       /* each decoded record goes in here */
-        SSL3_RECORD wrec;       /* goes out from here */
-        /* storage for Alert/Handshake protocol data received but not
-         * yet processed by ssl3_read_bytes: */
-        unsigned char alert_fragment[2];
-        unsigned int alert_fragment_len;
-        unsigned char handshake_fragment[4];
-        unsigned int handshake_fragment_len;
-        /* partial write - check the numbers match */
-        unsigned int wnum;      /* number of bytes sent so far */
-        int wpend_tot;          /* number bytes written */
-        int wpend_type;
-        int wpend_ret;          /* number of bytes submitted */
-        const unsigned char *wpend_buf;
-        /* used during startup, digest all incoming/outgoing packets */
-        BIO *handshake_buffer;
-        /* When set of handshake digests is determined, buffer is hashed
-         * and freed and MD_CTX-es for all required digests are stored in
-         * this array */
-        EVP_MD_CTX **handshake_dgst;
-        /* this is set whenerver we see a change_cipher_spec message
-         * come in when we are not looking for one */
-        int change_cipher_spec;
-        int warn_alert;
-        int fatal_alert;
        /* we allow one fatal and one warning alert to be outstanding,
         * send close alert via the warning alert */
        int alert_dispatch;
        unsigned char send_alert[2];
-        /* This flag is set when we should renegotiate ASAP, basically when
+        struct {
-         * there is no more data in the read or write buffers */
-        int renegotiate;
-        int total_renegotiations;
-        int num_renegotiations;
-        int in_read_app_data;
-        struct  {
-                /* actually only needs to be 16+20 */
-                unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
-                /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
-                unsigned char finish_md[EVP_MAX_MD_SIZE*2];
-                int finish_md_len;
-                unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
-                int peer_finish_md_len;
-                unsigned long message_size;
-                int message_type;
-                /* used to hold the new cipher we are going to use */
-                const SSL_CIPHER *new_cipher;
-                DH *dh;
-                EC_KEY *ecdh; /* holds short lived ECDH key */
-                uint8_t *x25519;
-                /* used when SSL_ST_FLUSH_DATA is entered */
-                int next_state;
-                int reuse_message;
-                /* used for certificate requests */
-                int cert_req;
-                int ctype_num;
-                char ctype[SSL3_CT_NUMBER];
-                STACK_OF(X509_NAME) *ca_names;
-                int key_block_length;
-                unsigned char *key_block;
-                const EVP_CIPHER *new_sym_enc;
-                const EVP_AEAD *new_aead;
-                const EVP_MD *new_hash;
-                int new_mac_pkey_type;
                int new_mac_secret_size;
-                int cert_request;
        } tmp;
-        /* Connection binding to prevent renegotiation attacks */
-        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_client_finished_len;
-        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_server_finished_len;
-        int send_connection_binding; /* TODOEKR */
-        /* Set if we saw the Next Protocol Negotiation extension from our peer.
-         */
-        int next_proto_neg_seen;
-        /*
-         * ALPN information
-         * (we are in the process of transitioning from NPN to ALPN).
-         */
-        /*
-         * In a server these point to the selected ALPN protocol after the
-         * ClientHello has been processed. In a client these contain the
-         * protocol that the server selected once the ServerHello has been
-         * processed.
-         */
-        unsigned char *alpn_selected;
-        unsigned int alpn_selected_len;
        struct ssl3_state_internal_st *internal;
 } SSL3_STATE;

diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 6344176105..91cbaf29e3 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl3.h,v 1.44 2017/01/22 03:50:45 jsing Exp $ */	1	/* $OpenBSD: ssl3.h,v 1.45 2017/01/22 09:02:07 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -363,135 +363,22 @@ struct ssl3_state_internal_st;
363		363
364	typedef struct ssl3_state_st {	364	typedef struct ssl3_state_st {
365	long flags;	365	long flags;
366	int delay_buf_pop_ret;
367
368	unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
369	int read_mac_secret_size;
370	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
371	unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
372	int write_mac_secret_size;
373	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
374		366
375	unsigned char server_random[SSL3_RANDOM_SIZE];	367	unsigned char server_random[SSL3_RANDOM_SIZE];
376	unsigned char client_random[SSL3_RANDOM_SIZE];	368	unsigned char client_random[SSL3_RANDOM_SIZE];
377		369
378	/* flags for countermeasure against known-IV weakness */
379	int need_empty_fragments;
380	int empty_fragment_done;
381
382	SSL3_BUFFER rbuf; /* read IO goes into here */	370	SSL3_BUFFER rbuf; /* read IO goes into here */
383	SSL3_BUFFER wbuf; /* write IO goes into here */	371	SSL3_BUFFER wbuf; /* write IO goes into here */
384		372
385	SSL3_RECORD rrec; /* each decoded record goes in here */
386	SSL3_RECORD wrec; /* goes out from here */
387
388	/* storage for Alert/Handshake protocol data received but not
389	* yet processed by ssl3_read_bytes: */
390	unsigned char alert_fragment[2];
391	unsigned int alert_fragment_len;
392	unsigned char handshake_fragment[4];
393	unsigned int handshake_fragment_len;
394
395	/* partial write - check the numbers match */
396	unsigned int wnum; /* number of bytes sent so far */
397	int wpend_tot; /* number bytes written */
398	int wpend_type;
399	int wpend_ret; /* number of bytes submitted */
400	const unsigned char *wpend_buf;
401
402	/* used during startup, digest all incoming/outgoing packets */
403	BIO *handshake_buffer;
404	/* When set of handshake digests is determined, buffer is hashed
405	* and freed and MD_CTX-es for all required digests are stored in
406	* this array */
407	EVP_MD_CTX **handshake_dgst;
408	/* this is set whenerver we see a change_cipher_spec message
409	* come in when we are not looking for one */
410	int change_cipher_spec;
411
412	int warn_alert;
413	int fatal_alert;
414	/* we allow one fatal and one warning alert to be outstanding,	373	/* we allow one fatal and one warning alert to be outstanding,
415	* send close alert via the warning alert */	374	* send close alert via the warning alert */
416	int alert_dispatch;	375	int alert_dispatch;
417	unsigned char send_alert[2];	376	unsigned char send_alert[2];
418		377
419	/* This flag is set when we should renegotiate ASAP, basically when	378	struct {
420	* there is no more data in the read or write buffers */
421	int renegotiate;
422	int total_renegotiations;
423	int num_renegotiations;
424
425	int in_read_app_data;
426
427	struct {
428	/* actually only needs to be 16+20 */
429	unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
430
431	/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
432	unsigned char finish_md[EVP_MAX_MD_SIZE*2];
433	int finish_md_len;
434	unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
435	int peer_finish_md_len;
436
437	unsigned long message_size;
438	int message_type;
439
440	/* used to hold the new cipher we are going to use */
441	const SSL_CIPHER *new_cipher;
442	DH *dh;
443
444	EC_KEY ecdh; / holds short lived ECDH key */
445
446	uint8_t *x25519;
447
448	/* used when SSL_ST_FLUSH_DATA is entered */
449	int next_state;
450
451	int reuse_message;
452
453	/* used for certificate requests */
454	int cert_req;
455	int ctype_num;
456	char ctype[SSL3_CT_NUMBER];
457	STACK_OF(X509_NAME) *ca_names;
458
459	int key_block_length;
460	unsigned char *key_block;
461
462	const EVP_CIPHER *new_sym_enc;
463	const EVP_AEAD *new_aead;
464	const EVP_MD *new_hash;
465	int new_mac_pkey_type;
466	int new_mac_secret_size;	379	int new_mac_secret_size;
467	int cert_request;
468	} tmp;	380	} tmp;
469		381
470	/* Connection binding to prevent renegotiation attacks */
471	unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
472	unsigned char previous_client_finished_len;
473	unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
474	unsigned char previous_server_finished_len;
475	int send_connection_binding; /* TODOEKR */
476
477	/* Set if we saw the Next Protocol Negotiation extension from our peer.
478	*/
479	int next_proto_neg_seen;
480
481	/*
482	* ALPN information
483	* (we are in the process of transitioning from NPN to ALPN).
484	*/
485
486	/*
487	* In a server these point to the selected ALPN protocol after the
488	* ClientHello has been processed. In a client these contain the
489	* protocol that the server selected once the ServerHello has been
490	* processed.
491	*/
492	unsigned char *alpn_selected;
493	unsigned int alpn_selected_len;
494
495	struct ssl3_state_internal_st *internal;	382	struct ssl3_state_internal_st *internal;
496	} SSL3_STATE;	383	} SSL3_STATE;
497		384