diff options
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 1bbe551b3c..1aa0324b15 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.120 2021/10/23 08:34:36 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.121 2021/10/23 13:36:03 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -183,7 +183,7 @@ ssl3_accept(SSL *s) | |||
| 183 | errno = 0; | 183 | errno = 0; |
| 184 | 184 | ||
| 185 | if (SSL_is_dtls(s)) | 185 | if (SSL_is_dtls(s)) |
| 186 | listen = D1I(s)->listen; | 186 | listen = s->d1->listen; |
| 187 | 187 | ||
| 188 | /* init things to blank */ | 188 | /* init things to blank */ |
| 189 | s->internal->in_handshake++; | 189 | s->internal->in_handshake++; |
| @@ -191,7 +191,7 @@ ssl3_accept(SSL *s) | |||
| 191 | SSL_clear(s); | 191 | SSL_clear(s); |
| 192 | 192 | ||
| 193 | if (SSL_is_dtls(s)) | 193 | if (SSL_is_dtls(s)) |
| 194 | D1I(s)->listen = listen; | 194 | s->d1->listen = listen; |
| 195 | 195 | ||
| 196 | for (;;) { | 196 | for (;;) { |
| 197 | state = S3I(s)->hs.state; | 197 | state = S3I(s)->hs.state; |
| @@ -332,14 +332,14 @@ ssl3_accept(SSL *s) | |||
| 332 | /* If we're just listening, stop here */ | 332 | /* If we're just listening, stop here */ |
| 333 | if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { | 333 | if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { |
| 334 | ret = 2; | 334 | ret = 2; |
| 335 | D1I(s)->listen = 0; | 335 | s->d1->listen = 0; |
| 336 | /* | 336 | /* |
| 337 | * Set expected sequence numbers to | 337 | * Set expected sequence numbers to |
| 338 | * continue the handshake. | 338 | * continue the handshake. |
| 339 | */ | 339 | */ |
| 340 | D1I(s)->handshake_read_seq = 2; | 340 | s->d1->handshake_read_seq = 2; |
| 341 | D1I(s)->handshake_write_seq = 1; | 341 | s->d1->handshake_write_seq = 1; |
| 342 | D1I(s)->next_handshake_write_seq = 1; | 342 | s->d1->next_handshake_write_seq = 1; |
| 343 | goto end; | 343 | goto end; |
| 344 | } | 344 | } |
| 345 | } else { | 345 | } else { |
| @@ -584,7 +584,7 @@ ssl3_accept(SSL *s) | |||
| 584 | case SSL3_ST_SR_CERT_VRFY_A: | 584 | case SSL3_ST_SR_CERT_VRFY_A: |
| 585 | case SSL3_ST_SR_CERT_VRFY_B: | 585 | case SSL3_ST_SR_CERT_VRFY_B: |
| 586 | if (SSL_is_dtls(s)) | 586 | if (SSL_is_dtls(s)) |
| 587 | D1I(s)->change_cipher_spec_ok = 1; | 587 | s->d1->change_cipher_spec_ok = 1; |
| 588 | else | 588 | else |
| 589 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | 589 | s->s3->flags |= SSL3_FLAGS_CCS_OK; |
| 590 | 590 | ||
| @@ -599,7 +599,7 @@ ssl3_accept(SSL *s) | |||
| 599 | case SSL3_ST_SR_FINISHED_A: | 599 | case SSL3_ST_SR_FINISHED_A: |
| 600 | case SSL3_ST_SR_FINISHED_B: | 600 | case SSL3_ST_SR_FINISHED_B: |
| 601 | if (SSL_is_dtls(s)) | 601 | if (SSL_is_dtls(s)) |
| 602 | D1I(s)->change_cipher_spec_ok = 1; | 602 | s->d1->change_cipher_spec_ok = 1; |
| 603 | else | 603 | else |
| 604 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | 604 | s->s3->flags |= SSL3_FLAGS_CCS_OK; |
| 605 | ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, | 605 | ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, |
| @@ -706,10 +706,10 @@ ssl3_accept(SSL *s) | |||
| 706 | 706 | ||
| 707 | if (SSL_is_dtls(s)) { | 707 | if (SSL_is_dtls(s)) { |
| 708 | /* Done handshaking, next message is client hello. */ | 708 | /* Done handshaking, next message is client hello. */ |
| 709 | D1I(s)->handshake_read_seq = 0; | 709 | s->d1->handshake_read_seq = 0; |
| 710 | /* Next message is server hello. */ | 710 | /* Next message is server hello. */ |
| 711 | D1I(s)->handshake_write_seq = 0; | 711 | s->d1->handshake_write_seq = 0; |
| 712 | D1I(s)->next_handshake_write_seq = 0; | 712 | s->d1->next_handshake_write_seq = 0; |
| 713 | } | 713 | } |
| 714 | goto end; | 714 | goto end; |
| 715 | /* break; */ | 715 | /* break; */ |
| @@ -924,7 +924,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 924 | * message has not been sent - make sure that it does not cause | 924 | * message has not been sent - make sure that it does not cause |
| 925 | * an overflow. | 925 | * an overflow. |
| 926 | */ | 926 | */ |
| 927 | if (CBS_len(&cookie) > sizeof(D1I(s)->rcvd_cookie)) { | 927 | if (CBS_len(&cookie) > sizeof(s->d1->rcvd_cookie)) { |
| 928 | al = SSL_AD_DECODE_ERROR; | 928 | al = SSL_AD_DECODE_ERROR; |
| 929 | SSLerror(s, SSL_R_COOKIE_MISMATCH); | 929 | SSLerror(s, SSL_R_COOKIE_MISMATCH); |
| 930 | goto fatal_err; | 930 | goto fatal_err; |
| @@ -936,21 +936,21 @@ ssl3_get_client_hello(SSL *s) | |||
| 936 | size_t cookie_len; | 936 | size_t cookie_len; |
| 937 | 937 | ||
| 938 | /* XXX - rcvd_cookie seems to only be used here... */ | 938 | /* XXX - rcvd_cookie seems to only be used here... */ |
| 939 | if (!CBS_write_bytes(&cookie, D1I(s)->rcvd_cookie, | 939 | if (!CBS_write_bytes(&cookie, s->d1->rcvd_cookie, |
| 940 | sizeof(D1I(s)->rcvd_cookie), &cookie_len)) | 940 | sizeof(s->d1->rcvd_cookie), &cookie_len)) |
| 941 | goto err; | 941 | goto err; |
| 942 | 942 | ||
| 943 | if (s->ctx->internal->app_verify_cookie_cb != NULL) { | 943 | if (s->ctx->internal->app_verify_cookie_cb != NULL) { |
| 944 | if (s->ctx->internal->app_verify_cookie_cb(s, | 944 | if (s->ctx->internal->app_verify_cookie_cb(s, |
| 945 | D1I(s)->rcvd_cookie, cookie_len) == 0) { | 945 | s->d1->rcvd_cookie, cookie_len) == 0) { |
| 946 | al = SSL_AD_HANDSHAKE_FAILURE; | 946 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 947 | SSLerror(s, SSL_R_COOKIE_MISMATCH); | 947 | SSLerror(s, SSL_R_COOKIE_MISMATCH); |
| 948 | goto fatal_err; | 948 | goto fatal_err; |
| 949 | } | 949 | } |
| 950 | /* else cookie verification succeeded */ | 950 | /* else cookie verification succeeded */ |
| 951 | /* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */ | 951 | /* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */ |
| 952 | } else if (timingsafe_memcmp(D1I(s)->rcvd_cookie, | 952 | } else if (timingsafe_memcmp(s->d1->rcvd_cookie, |
| 953 | D1I(s)->cookie, D1I(s)->cookie_len) != 0) { | 953 | s->d1->cookie, s->d1->cookie_len) != 0) { |
| 954 | /* default verification */ | 954 | /* default verification */ |
| 955 | al = SSL_AD_HANDSHAKE_FAILURE; | 955 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 956 | SSLerror(s, SSL_R_COOKIE_MISMATCH); | 956 | SSLerror(s, SSL_R_COOKIE_MISMATCH); |
| @@ -1166,8 +1166,8 @@ ssl3_send_dtls_hello_verify_request(SSL *s) | |||
| 1166 | 1166 | ||
| 1167 | if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { | 1167 | if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { |
| 1168 | if (s->ctx->internal->app_gen_cookie_cb == NULL || | 1168 | if (s->ctx->internal->app_gen_cookie_cb == NULL || |
| 1169 | s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie, | 1169 | s->ctx->internal->app_gen_cookie_cb(s, s->d1->cookie, |
| 1170 | &(D1I(s)->cookie_len)) == 0) { | 1170 | &(s->d1->cookie_len)) == 0) { |
| 1171 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 1171 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 1172 | return 0; | 1172 | return 0; |
| 1173 | } | 1173 | } |
| @@ -1184,7 +1184,7 @@ ssl3_send_dtls_hello_verify_request(SSL *s) | |||
| 1184 | goto err; | 1184 | goto err; |
| 1185 | if (!CBB_add_u8_length_prefixed(&verify, &cookie)) | 1185 | if (!CBB_add_u8_length_prefixed(&verify, &cookie)) |
| 1186 | goto err; | 1186 | goto err; |
| 1187 | if (!CBB_add_bytes(&cookie, D1I(s)->cookie, D1I(s)->cookie_len)) | 1187 | if (!CBB_add_bytes(&cookie, s->d1->cookie, s->d1->cookie_len)) |
| 1188 | goto err; | 1188 | goto err; |
| 1189 | if (!ssl3_handshake_msg_finish(s, &cbb)) | 1189 | if (!ssl3_handshake_msg_finish(s, &cbb)) |
| 1190 | goto err; | 1190 | goto err; |