summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_both.c36
-rw-r--r--src/lib/libssl/d1_clnt.c40
-rw-r--r--src/lib/libssl/d1_enc.c6
-rw-r--r--src/lib/libssl/d1_pkt.c92
-rw-r--r--src/lib/libssl/d1_srvr.c40
-rw-r--r--src/lib/libssl/s23_srvr.c8
-rw-r--r--src/lib/libssl/s3_both.c64
-rw-r--r--src/lib/libssl/s3_clnt.c112
-rw-r--r--src/lib/libssl/s3_lib.c110
-rw-r--r--src/lib/libssl/s3_pkt.c148
-rw-r--r--src/lib/libssl/s3_srvr.c152
-rw-r--r--src/lib/libssl/ssl3.h117
-rw-r--r--src/lib/libssl/ssl_cert.c4
-rw-r--r--src/lib/libssl/ssl_lib.c32
-rw-r--r--src/lib/libssl/ssl_locl.h120
-rw-r--r--src/lib/libssl/t1_enc.c152
-rw-r--r--src/lib/libssl/t1_lib.c78
-rw-r--r--src/lib/libssl/t1_reneg.c60
18 files changed, 690 insertions, 681 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index d83df1c9a0..2ee4a7ffcf 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.41 2017/01/22 07:16:38 beck Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.42 2017/01/22 09:02:07 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -403,12 +403,12 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
403 unsigned long msg_len; 403 unsigned long msg_len;
404 404
405 /* 405 /*
406 * s3->tmp is used to store messages that are unexpected, caused 406 * s3->internal->tmp is used to store messages that are unexpected, caused
407 * by the absence of an optional handshake message 407 * by the absence of an optional handshake message
408 */ 408 */
409 if (s->s3->tmp.reuse_message) { 409 if (S3I(s)->tmp.reuse_message) {
410 s->s3->tmp.reuse_message = 0; 410 S3I(s)->tmp.reuse_message = 0;
411 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { 411 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
412 al = SSL_AD_UNEXPECTED_MESSAGE; 412 al = SSL_AD_UNEXPECTED_MESSAGE;
413 SSLerr(SSL_F_DTLS1_GET_MESSAGE, 413 SSLerr(SSL_F_DTLS1_GET_MESSAGE,
414 SSL_R_UNEXPECTED_MESSAGE); 414 SSL_R_UNEXPECTED_MESSAGE);
@@ -416,7 +416,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
416 } 416 }
417 *ok = 1; 417 *ok = 1;
418 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 418 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
419 s->init_num = (int)s->s3->tmp.message_size; 419 s->init_num = (int)S3I(s)->tmp.message_size;
420 return s->init_num; 420 return s->init_num;
421 } 421 }
422 422
@@ -499,9 +499,9 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
499 return SSL_AD_INTERNAL_ERROR; 499 return SSL_AD_INTERNAL_ERROR;
500 } 500 }
501 501
502 s->s3->tmp.message_size = msg_len; 502 S3I(s)->tmp.message_size = msg_len;
503 D1I(s)->r_msg_hdr.msg_len = msg_len; 503 D1I(s)->r_msg_hdr.msg_len = msg_len;
504 s->s3->tmp.message_type = msg_hdr->type; 504 S3I(s)->tmp.message_type = msg_hdr->type;
505 D1I(s)->r_msg_hdr.type = msg_hdr->type; 505 D1I(s)->r_msg_hdr.type = msg_hdr->type;
506 D1I(s)->r_msg_hdr.seq = msg_hdr->seq; 506 D1I(s)->r_msg_hdr.seq = msg_hdr->seq;
507 } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { 507 } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) {
@@ -905,8 +905,8 @@ f_err:
905/* 905/*
906 * for these 2 messages, we need to 906 * for these 2 messages, we need to
907 * ssl->enc_read_ctx re-init 907 * ssl->enc_read_ctx re-init
908 * ssl->s3->read_sequence zero 908 * ssl->s3->internal->read_sequence zero
909 * ssl->s3->read_mac_secret re-init 909 * ssl->s3->internal->read_mac_secret re-init
910 * ssl->session->read_sym_enc assign 910 * ssl->session->read_sym_enc assign
911 * ssl->session->read_hash assign 911 * ssl->session->read_hash assign
912 */ 912 */
@@ -1132,10 +1132,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1132 1132
1133 if (frag->msg_header.saved_retransmit_state.epoch == 1133 if (frag->msg_header.saved_retransmit_state.epoch ==
1134 saved_state.epoch - 1) { 1134 saved_state.epoch - 1) {
1135 memcpy(save_write_sequence, s->s3->write_sequence, 1135 memcpy(save_write_sequence, S3I(s)->write_sequence,
1136 sizeof(s->s3->write_sequence)); 1136 sizeof(S3I(s)->write_sequence));
1137 memcpy(s->s3->write_sequence, D1I(s)->last_write_sequence, 1137 memcpy(S3I(s)->write_sequence, D1I(s)->last_write_sequence,
1138 sizeof(s->s3->write_sequence)); 1138 sizeof(S3I(s)->write_sequence));
1139 } 1139 }
1140 1140
1141 ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 1141 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
@@ -1149,10 +1149,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1149 1149
1150 if (frag->msg_header.saved_retransmit_state.epoch == 1150 if (frag->msg_header.saved_retransmit_state.epoch ==
1151 saved_state.epoch - 1) { 1151 saved_state.epoch - 1) {
1152 memcpy(D1I(s)->last_write_sequence, s->s3->write_sequence, 1152 memcpy(D1I(s)->last_write_sequence, S3I(s)->write_sequence,
1153 sizeof(s->s3->write_sequence)); 1153 sizeof(S3I(s)->write_sequence));
1154 memcpy(s->s3->write_sequence, save_write_sequence, 1154 memcpy(S3I(s)->write_sequence, save_write_sequence,
1155 sizeof(s->s3->write_sequence)); 1155 sizeof(S3I(s)->write_sequence));
1156 } 1156 }
1157 1157
1158 D1I(s)->retransmitting = 0; 1158 D1I(s)->retransmitting = 0;
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index d4b8031150..af3196ff17 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.61 2017/01/22 07:16:38 beck Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.62 2017/01/22 09:02:07 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -270,7 +270,7 @@ dtls1_connect(SSL *s)
270 270
271 if (D1I(s)->send_cookie) { 271 if (D1I(s)->send_cookie) {
272 s->state = SSL3_ST_CW_FLUSH; 272 s->state = SSL3_ST_CW_FLUSH;
273 s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A; 273 S3I(s)->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
274 } else 274 } else
275 s->state = SSL3_ST_CR_SRVR_HELLO_A; 275 s->state = SSL3_ST_CR_SRVR_HELLO_A;
276 276
@@ -326,7 +326,7 @@ dtls1_connect(SSL *s)
326 break; 326 break;
327 } 327 }
328 /* Check if it is anon DH. */ 328 /* Check if it is anon DH. */
329 if (!(s->s3->tmp.new_cipher->algorithm_auth & 329 if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
330 SSL_aNULL)) { 330 SSL_aNULL)) {
331 ret = ssl3_get_server_certificate(s); 331 ret = ssl3_get_server_certificate(s);
332 if (ret <= 0) 332 if (ret <= 0)
@@ -373,12 +373,12 @@ dtls1_connect(SSL *s)
373 if (ret <= 0) 373 if (ret <= 0)
374 goto end; 374 goto end;
375 dtls1_stop_timer(s); 375 dtls1_stop_timer(s);
376 if (s->s3->tmp.cert_req) 376 if (S3I(s)->tmp.cert_req)
377 s->s3->tmp.next_state = SSL3_ST_CW_CERT_A; 377 S3I(s)->tmp.next_state = SSL3_ST_CW_CERT_A;
378 else 378 else
379 s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; 379 S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
380 s->init_num = 0; 380 s->init_num = 0;
381 s->state = s->s3->tmp.next_state; 381 s->state = S3I(s)->tmp.next_state;
382 break; 382 break;
383 383
384 case SSL3_ST_CW_CERT_A: 384 case SSL3_ST_CW_CERT_A:
@@ -404,11 +404,11 @@ dtls1_connect(SSL *s)
404 * sent back */ 404 * sent back */
405 /* For TLS, cert_req is set to 2, so a cert chain 405 /* For TLS, cert_req is set to 2, so a cert chain
406 * of nothing is sent, but no verify packet is sent */ 406 * of nothing is sent, but no verify packet is sent */
407 if (s->s3->tmp.cert_req == 1) { 407 if (S3I(s)->tmp.cert_req == 1) {
408 s->state = SSL3_ST_CW_CERT_VRFY_A; 408 s->state = SSL3_ST_CW_CERT_VRFY_A;
409 } else { 409 } else {
410 s->state = SSL3_ST_CW_CHANGE_A; 410 s->state = SSL3_ST_CW_CHANGE_A;
411 s->s3->change_cipher_spec = 0; 411 S3I(s)->change_cipher_spec = 0;
412 } 412 }
413 413
414 s->init_num = 0; 414 s->init_num = 0;
@@ -422,7 +422,7 @@ dtls1_connect(SSL *s)
422 goto end; 422 goto end;
423 s->state = SSL3_ST_CW_CHANGE_A; 423 s->state = SSL3_ST_CW_CHANGE_A;
424 s->init_num = 0; 424 s->init_num = 0;
425 s->s3->change_cipher_spec = 0; 425 S3I(s)->change_cipher_spec = 0;
426 break; 426 break;
427 427
428 case SSL3_ST_CW_CHANGE_A: 428 case SSL3_ST_CW_CHANGE_A:
@@ -437,7 +437,7 @@ dtls1_connect(SSL *s)
437 s->state = SSL3_ST_CW_FINISHED_A; 437 s->state = SSL3_ST_CW_FINISHED_A;
438 s->init_num = 0; 438 s->init_num = 0;
439 439
440 s->session->cipher = s->s3->tmp.new_cipher; 440 s->session->cipher = S3I(s)->tmp.new_cipher;
441 if (!s->method->ssl3_enc->setup_key_block(s)) { 441 if (!s->method->ssl3_enc->setup_key_block(s)) {
442 ret = -1; 442 ret = -1;
443 goto end; 443 goto end;
@@ -468,20 +468,20 @@ dtls1_connect(SSL *s)
468 /* clear flags */ 468 /* clear flags */
469 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 469 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
470 if (s->hit) { 470 if (s->hit) {
471 s->s3->tmp.next_state = SSL_ST_OK; 471 S3I(s)->tmp.next_state = SSL_ST_OK;
472 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { 472 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
473 s->state = SSL_ST_OK; 473 s->state = SSL_ST_OK;
474 s->s3->flags |= SSL3_FLAGS_POP_BUFFER; 474 s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
475 s->s3->delay_buf_pop_ret = 0; 475 S3I(s)->delay_buf_pop_ret = 0;
476 } 476 }
477 } else { 477 } else {
478 478
479 /* Allow NewSessionTicket if ticket expected */ 479 /* Allow NewSessionTicket if ticket expected */
480 if (s->tlsext_ticket_expected) 480 if (s->tlsext_ticket_expected)
481 s->s3->tmp.next_state = 481 S3I(s)->tmp.next_state =
482 SSL3_ST_CR_SESSION_TICKET_A; 482 SSL3_ST_CR_SESSION_TICKET_A;
483 else 483 else
484 s->s3->tmp.next_state = 484 S3I(s)->tmp.next_state =
485 SSL3_ST_CR_FINISHED_A; 485 SSL3_ST_CR_FINISHED_A;
486 } 486 }
487 s->init_num = 0; 487 s->init_num = 0;
@@ -529,14 +529,14 @@ dtls1_connect(SSL *s)
529 /* If the write error was fatal, stop trying */ 529 /* If the write error was fatal, stop trying */
530 if (!BIO_should_retry(s->wbio)) { 530 if (!BIO_should_retry(s->wbio)) {
531 s->rwstate = SSL_NOTHING; 531 s->rwstate = SSL_NOTHING;
532 s->state = s->s3->tmp.next_state; 532 s->state = S3I(s)->tmp.next_state;
533 } 533 }
534 534
535 ret = -1; 535 ret = -1;
536 goto end; 536 goto end;
537 } 537 }
538 s->rwstate = SSL_NOTHING; 538 s->rwstate = SSL_NOTHING;
539 s->state = s->s3->tmp.next_state; 539 s->state = S3I(s)->tmp.next_state;
540 break; 540 break;
541 541
542 case SSL_ST_OK: 542 case SSL_ST_OK:
@@ -579,7 +579,7 @@ dtls1_connect(SSL *s)
579 } 579 }
580 580
581 /* did we do anything */ 581 /* did we do anything */
582 if (!s->s3->tmp.reuse_message && !skip) { 582 if (!S3I(s)->tmp.reuse_message && !skip) {
583 if (s->debug) { 583 if (s->debug) {
584 if ((ret = BIO_flush(s->wbio)) <= 0) 584 if ((ret = BIO_flush(s->wbio)) <= 0)
585 goto end; 585 goto end;
@@ -618,9 +618,9 @@ dtls1_get_hello_verify(SSL *s)
618 if (!ok) 618 if (!ok)
619 return ((int)n); 619 return ((int)n);
620 620
621 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { 621 if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
622 D1I(s)->send_cookie = 0; 622 D1I(s)->send_cookie = 0;
623 s->s3->tmp.reuse_message = 1; 623 S3I(s)->tmp.reuse_message = 1;
624 return (1); 624 return (1);
625 } 625 }
626 626
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index 8445ceb10f..4b13e094fe 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_enc.c,v 1.11 2016/03/06 14:52:15 beck Exp $ */ 1/* $OpenBSD: d1_enc.c,v 1.12 2017/01/22 09:02:07 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -145,7 +145,7 @@ dtls1_enc(SSL *s, int send)
145 return -1; 145 return -1;
146 } 146 }
147 ds = s->enc_write_ctx; 147 ds = s->enc_write_ctx;
148 rec = &(s->s3->wrec); 148 rec = &(S3I(s)->wrec);
149 if (s->enc_write_ctx == NULL) 149 if (s->enc_write_ctx == NULL)
150 enc = NULL; 150 enc = NULL;
151 else { 151 else {
@@ -167,7 +167,7 @@ dtls1_enc(SSL *s, int send)
167 OPENSSL_assert(mac_size >= 0); 167 OPENSSL_assert(mac_size >= 0);
168 } 168 }
169 ds = s->enc_read_ctx; 169 ds = s->enc_read_ctx;
170 rec = &(s->s3->rrec); 170 rec = &(S3I(s)->rrec);
171 if (s->enc_read_ctx == NULL) 171 if (s->enc_read_ctx == NULL)
172 enc = NULL; 172 enc = NULL;
173 else 173 else
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index c44f8f0f58..315960b587 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.50 2017/01/22 07:16:39 beck Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.51 2017/01/22 09:02:07 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -205,10 +205,10 @@ dtls1_copy_record(SSL *s, pitem *item)
205 s->packet = rdata->packet; 205 s->packet = rdata->packet;
206 s->packet_length = rdata->packet_length; 206 s->packet_length = rdata->packet_length;
207 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 207 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
208 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); 208 memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
209 209
210 /* Set proper sequence number for mac calculation */ 210 /* Set proper sequence number for mac calculation */
211 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); 211 memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);
212 212
213 return (1); 213 return (1);
214} 214}
@@ -232,7 +232,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
232 rdata->packet = s->packet; 232 rdata->packet = s->packet;
233 rdata->packet_length = s->packet_length; 233 rdata->packet_length = s->packet_length;
234 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); 234 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
235 memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD)); 235 memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));
236 236
237 item->data = rdata; 237 item->data = rdata;
238 238
@@ -240,7 +240,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
240 s->packet = NULL; 240 s->packet = NULL;
241 s->packet_length = 0; 241 s->packet_length = 0;
242 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); 242 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
243 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); 243 memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));
244 244
245 if (!ssl3_setup_buffers(s)) 245 if (!ssl3_setup_buffers(s))
246 goto err; 246 goto err;
@@ -310,7 +310,7 @@ dtls1_process_buffered_records(SSL *s)
310 if (! dtls1_process_record(s)) 310 if (! dtls1_process_record(s))
311 return (0); 311 return (0);
312 if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds), 312 if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),
313 s->s3->rrec.seq_num) < 0) 313 S3I(s)->rrec.seq_num) < 0)
314 return (-1); 314 return (-1);
315 } 315 }
316 } 316 }
@@ -333,7 +333,7 @@ dtls1_process_record(SSL *s)
333 unsigned int mac_size, orig_len; 333 unsigned int mac_size, orig_len;
334 unsigned char md[EVP_MAX_MD_SIZE]; 334 unsigned char md[EVP_MAX_MD_SIZE];
335 335
336 rr = &(s->s3->rrec); 336 rr = &(S3I(s)->rrec);
337 sess = s->session; 337 sess = s->session;
338 338
339 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, 339 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
@@ -439,10 +439,10 @@ dtls1_process_record(SSL *s)
439 439
440 rr->off = 0; 440 rr->off = 0;
441 /* So at this point the following is true 441 /* So at this point the following is true
442 * ssl->s3->rrec.type is the type of record 442 * ssl->s3->internal->rrec.type is the type of record
443 * ssl->s3->rrec.length == number of bytes in record 443 * ssl->s3->internal->rrec.length == number of bytes in record
444 * ssl->s3->rrec.off == offset to first valid byte 444 * ssl->s3->internal->rrec.off == offset to first valid byte
445 * ssl->s3->rrec.data == where to take bytes from, increment 445 * ssl->s3->internal->rrec.data == where to take bytes from, increment
446 * after use :-). 446 * after use :-).
447 */ 447 */
448 448
@@ -461,9 +461,9 @@ err:
461 * It will return <= 0 if more data is needed, normally due to an error 461 * It will return <= 0 if more data is needed, normally due to an error
462 * or non-blocking IO. 462 * or non-blocking IO.
463 * When it finishes, one packet has been decoded and can be found in 463 * When it finishes, one packet has been decoded and can be found in
464 * ssl->s3->rrec.type - is the type of record 464 * ssl->s3->internal->rrec.type - is the type of record
465 * ssl->s3->rrec.data, - data 465 * ssl->s3->internal->rrec.data, - data
466 * ssl->s3->rrec.length, - number of bytes 466 * ssl->s3->internal->rrec.length, - number of bytes
467 */ 467 */
468/* used only by dtls1_read_bytes */ 468/* used only by dtls1_read_bytes */
469int 469int
@@ -475,7 +475,7 @@ dtls1_get_record(SSL *s)
475 DTLS1_BITMAP *bitmap; 475 DTLS1_BITMAP *bitmap;
476 unsigned int is_next_epoch; 476 unsigned int is_next_epoch;
477 477
478 rr = &(s->s3->rrec); 478 rr = &(S3I(s)->rrec);
479 479
480 /* The epoch may have changed. If so, process all the 480 /* The epoch may have changed. If so, process all the
481 * pending records. This is a non-blocking operation. */ 481 * pending records. This is a non-blocking operation. */
@@ -525,8 +525,8 @@ again:
525 !CBS_get_bytes(&header, &seq_no, 6)) 525 !CBS_get_bytes(&header, &seq_no, 6))
526 goto again; 526 goto again;
527 527
528 if (!CBS_write_bytes(&seq_no, &(s->s3->read_sequence[2]), 528 if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]),
529 sizeof(s->s3->read_sequence) - 2, NULL)) 529 sizeof(S3I(s)->read_sequence) - 2, NULL))
530 goto again; 530 goto again;
531 if (!CBS_get_u16(&header, &len)) 531 if (!CBS_get_u16(&header, &len))
532 goto again; 532 goto again;
@@ -682,11 +682,11 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
682start: 682start:
683 s->rwstate = SSL_NOTHING; 683 s->rwstate = SSL_NOTHING;
684 684
685 /* s->s3->rrec.type - is the type of record 685 /* S3I(s)->rrec.type - is the type of record
686 * s->s3->rrec.data, - data 686 * S3I(s)->rrec.data, - data
687 * s->s3->rrec.off, - offset into 'data' for next read 687 * S3I(s)->rrec.off, - offset into 'data' for next read
688 * s->s3->rrec.length, - number of bytes. */ 688 * S3I(s)->rrec.length, - number of bytes. */
689 rr = &(s->s3->rrec); 689 rr = &(S3I(s)->rrec);
690 690
691 /* We are not handshaking and have no data yet, 691 /* We are not handshaking and have no data yet,
692 * so process data buffered during the last handshake 692 * so process data buffered during the last handshake
@@ -728,7 +728,7 @@ start:
728 728
729 /* we now have a packet which can be read and processed */ 729 /* we now have a packet which can be read and processed */
730 730
731 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, 731 if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec,
732 * reset by ssl3_get_finished */ 732 * reset by ssl3_get_finished */
733 && (rr->type != SSL3_RT_HANDSHAKE)) { 733 && (rr->type != SSL3_RT_HANDSHAKE)) {
734 /* We now have application data between CCS and Finished. 734 /* We now have application data between CCS and Finished.
@@ -814,7 +814,7 @@ start:
814 */ 814 */
815 if (rr->type == SSL3_RT_APPLICATION_DATA) { 815 if (rr->type == SSL3_RT_APPLICATION_DATA) {
816 BIO *bio; 816 BIO *bio;
817 s->s3->in_read_app_data = 2; 817 S3I(s)->in_read_app_data = 2;
818 bio = SSL_get_rbio(s); 818 bio = SSL_get_rbio(s);
819 s->rwstate = SSL_READING; 819 s->rwstate = SSL_READING;
820 BIO_clear_retry_flags(bio); 820 BIO_clear_retry_flags(bio);
@@ -881,7 +881,7 @@ start:
881 881
882 if (SSL_is_init_finished(s) && 882 if (SSL_is_init_finished(s) &&
883 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 883 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
884 !s->s3->renegotiate) { 884 !S3I(s)->renegotiate) {
885 D1I(s)->handshake_read_seq++; 885 D1I(s)->handshake_read_seq++;
886 s->new_session = 1; 886 s->new_session = 1;
887 ssl3_renegotiate(s); 887 ssl3_renegotiate(s);
@@ -938,7 +938,7 @@ start:
938 938
939 if (alert_level == 1) /* warning */ 939 if (alert_level == 1) /* warning */
940 { 940 {
941 s->s3->warn_alert = alert_descr; 941 S3I(s)->warn_alert = alert_descr;
942 if (alert_descr == SSL_AD_CLOSE_NOTIFY) { 942 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
943 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 943 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
944 return (0); 944 return (0);
@@ -946,7 +946,7 @@ start:
946 } else if (alert_level == 2) /* fatal */ 946 } else if (alert_level == 2) /* fatal */
947 { 947 {
948 s->rwstate = SSL_NOTHING; 948 s->rwstate = SSL_NOTHING;
949 s->s3->fatal_alert = alert_descr; 949 S3I(s)->fatal_alert = alert_descr;
950 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); 950 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
951 ERR_asprintf_error_data("SSL alert number %d", 951 ERR_asprintf_error_data("SSL alert number %d",
952 alert_descr); 952 alert_descr);
@@ -1000,7 +1000,7 @@ start:
1000 1000
1001 D1I(s)->change_cipher_spec_ok = 0; 1001 D1I(s)->change_cipher_spec_ok = 0;
1002 1002
1003 s->s3->change_cipher_spec = 1; 1003 S3I(s)->change_cipher_spec = 1;
1004 if (!ssl3_do_change_cipher_spec(s)) 1004 if (!ssl3_do_change_cipher_spec(s))
1005 goto err; 1005 goto err;
1006 1006
@@ -1094,15 +1094,15 @@ start:
1094 * at this point (session renegotiation not yet started), 1094 * at this point (session renegotiation not yet started),
1095 * we will indulge it. 1095 * we will indulge it.
1096 */ 1096 */
1097 if (s->s3->in_read_app_data && 1097 if (S3I(s)->in_read_app_data &&
1098 (s->s3->total_renegotiations != 0) && 1098 (S3I(s)->total_renegotiations != 0) &&
1099 (((s->state & SSL_ST_CONNECT) && 1099 (((s->state & SSL_ST_CONNECT) &&
1100 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && 1100 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1101 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( 1101 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
1102 (s->state & SSL_ST_ACCEPT) && 1102 (s->state & SSL_ST_ACCEPT) &&
1103 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1103 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1104 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { 1104 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1105 s->s3->in_read_app_data = 2; 1105 S3I(s)->in_read_app_data = 2;
1106 return (-1); 1106 return (-1);
1107 } else { 1107 } else {
1108 al = SSL_AD_UNEXPECTED_MESSAGE; 1108 al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -1219,7 +1219,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1219 if (len == 0) 1219 if (len == 0)
1220 return 0; 1220 return 0;
1221 1221
1222 wr = &(s->s3->wrec); 1222 wr = &(S3I(s)->wrec);
1223 wb = &(s->s3->wbuf); 1223 wb = &(s->s3->wbuf);
1224 sess = s->session; 1224 sess = s->session;
1225 1225
@@ -1313,7 +1313,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1313 s2n(D1I(s)->handshake_epoch, pseq); 1313 s2n(D1I(s)->handshake_epoch, pseq);
1314*/ 1314*/
1315 1315
1316 memcpy(pseq, &(s->s3->write_sequence[2]), 6); 1316 memcpy(pseq, &(S3I(s)->write_sequence[2]), 6);
1317 pseq += 6; 1317 pseq += 6;
1318 s2n(wr->length, pseq); 1318 s2n(wr->length, pseq);
1319 1319
@@ -1323,17 +1323,17 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1323 wr->type=type; /* not needed but helps for debugging */ 1323 wr->type=type; /* not needed but helps for debugging */
1324 wr->length += DTLS1_RT_HEADER_LENGTH; 1324 wr->length += DTLS1_RT_HEADER_LENGTH;
1325 1325
1326 tls1_record_sequence_increment(s->s3->write_sequence); 1326 tls1_record_sequence_increment(S3I(s)->write_sequence);
1327 1327
1328 /* now let's set up wb */ 1328 /* now let's set up wb */
1329 wb->left = prefix_len + wr->length; 1329 wb->left = prefix_len + wr->length;
1330 wb->offset = 0; 1330 wb->offset = 0;
1331 1331
1332 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ 1332 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
1333 s->s3->wpend_tot = len; 1333 S3I(s)->wpend_tot = len;
1334 s->s3->wpend_buf = buf; 1334 S3I(s)->wpend_buf = buf;
1335 s->s3->wpend_type = type; 1335 S3I(s)->wpend_type = type;
1336 s->s3->wpend_ret = len; 1336 S3I(s)->wpend_ret = len;
1337 1337
1338 /* we now just need to write the buffer */ 1338 /* we now just need to write the buffer */
1339 return ssl3_write_pending(s, type, buf, len); 1339 return ssl3_write_pending(s, type, buf, len);
@@ -1348,11 +1348,11 @@ dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1348{ 1348{
1349 int cmp; 1349 int cmp;
1350 unsigned int shift; 1350 unsigned int shift;
1351 const unsigned char *seq = s->s3->read_sequence; 1351 const unsigned char *seq = S3I(s)->read_sequence;
1352 1352
1353 cmp = satsub64be(seq, bitmap->max_seq_num); 1353 cmp = satsub64be(seq, bitmap->max_seq_num);
1354 if (cmp > 0) { 1354 if (cmp > 0) {
1355 memcpy (s->s3->rrec.seq_num, seq, 8); 1355 memcpy (S3I(s)->rrec.seq_num, seq, 8);
1356 return 1; /* this record in new */ 1356 return 1; /* this record in new */
1357 } 1357 }
1358 shift = -cmp; 1358 shift = -cmp;
@@ -1361,7 +1361,7 @@ dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1361 else if (bitmap->map & (1UL << shift)) 1361 else if (bitmap->map & (1UL << shift))
1362 return 0; /* record previously received */ 1362 return 0; /* record previously received */
1363 1363
1364 memcpy(s->s3->rrec.seq_num, seq, 8); 1364 memcpy(S3I(s)->rrec.seq_num, seq, 8);
1365 return 1; 1365 return 1;
1366} 1366}
1367 1367
@@ -1371,7 +1371,7 @@ dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1371{ 1371{
1372 int cmp; 1372 int cmp;
1373 unsigned int shift; 1373 unsigned int shift;
1374 const unsigned char *seq = s->s3->read_sequence; 1374 const unsigned char *seq = S3I(s)->read_sequence;
1375 1375
1376 cmp = satsub64be(seq, bitmap->max_seq_num); 1376 cmp = satsub64be(seq, bitmap->max_seq_num);
1377 if (cmp > 0) { 1377 if (cmp > 0) {
@@ -1464,16 +1464,16 @@ void
1464dtls1_reset_seq_numbers(SSL *s, int rw) 1464dtls1_reset_seq_numbers(SSL *s, int rw)
1465{ 1465{
1466 unsigned char *seq; 1466 unsigned char *seq;
1467 unsigned int seq_bytes = sizeof(s->s3->read_sequence); 1467 unsigned int seq_bytes = sizeof(S3I(s)->read_sequence);
1468 1468
1469 if (rw & SSL3_CC_READ) { 1469 if (rw & SSL3_CC_READ) {
1470 seq = s->s3->read_sequence; 1470 seq = S3I(s)->read_sequence;
1471 D1I(s)->r_epoch++; 1471 D1I(s)->r_epoch++;
1472 memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP)); 1472 memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));
1473 memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); 1473 memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1474 } else { 1474 } else {
1475 seq = s->s3->write_sequence; 1475 seq = S3I(s)->write_sequence;
1476 memcpy(D1I(s)->last_write_sequence, seq, sizeof(s->s3->write_sequence)); 1476 memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write_sequence));
1477 D1I(s)->w_epoch++; 1477 D1I(s)->w_epoch++;
1478 } 1478 }
1479 1479
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 6990e39f60..8722c1690d 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.71 2017/01/22 07:16:39 beck Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.72 2017/01/22 09:02:07 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -278,7 +278,7 @@ dtls1_accept(SSL *s)
278 ret = ssl3_send_hello_request(s); 278 ret = ssl3_send_hello_request(s);
279 if (ret <= 0) 279 if (ret <= 0)
280 goto end; 280 goto end;
281 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; 281 S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
282 s->state = SSL3_ST_SW_FLUSH; 282 s->state = SSL3_ST_SW_FLUSH;
283 s->init_num = 0; 283 s->init_num = 0;
284 284
@@ -311,7 +311,7 @@ dtls1_accept(SSL *s)
311 311
312 /* Reflect ClientHello sequence to remain stateless while listening */ 312 /* Reflect ClientHello sequence to remain stateless while listening */
313 if (listen) { 313 if (listen) {
314 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); 314 memcpy(S3I(s)->write_sequence, S3I(s)->read_sequence, sizeof(S3I(s)->write_sequence));
315 } 315 }
316 316
317 /* If we're just listening, stop here */ 317 /* If we're just listening, stop here */
@@ -336,7 +336,7 @@ dtls1_accept(SSL *s)
336 if (ret <= 0) 336 if (ret <= 0)
337 goto end; 337 goto end;
338 s->state = SSL3_ST_SW_FLUSH; 338 s->state = SSL3_ST_SW_FLUSH;
339 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; 339 S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
340 340
341 /* HelloVerifyRequest resets Finished MAC */ 341 /* HelloVerifyRequest resets Finished MAC */
342 if (!tls1_init_finished_mac(s)) { 342 if (!tls1_init_finished_mac(s)) {
@@ -367,7 +367,7 @@ dtls1_accept(SSL *s)
367 case SSL3_ST_SW_CERT_A: 367 case SSL3_ST_SW_CERT_A:
368 case SSL3_ST_SW_CERT_B: 368 case SSL3_ST_SW_CERT_B:
369 /* Check if it is anon DH. */ 369 /* Check if it is anon DH. */
370 if (!(s->s3->tmp.new_cipher->algorithm_auth & 370 if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
371 SSL_aNULL)) { 371 SSL_aNULL)) {
372 dtls1_start_timer(s); 372 dtls1_start_timer(s);
373 ret = ssl3_send_server_certificate(s); 373 ret = ssl3_send_server_certificate(s);
@@ -386,7 +386,7 @@ dtls1_accept(SSL *s)
386 386
387 case SSL3_ST_SW_KEY_EXCH_A: 387 case SSL3_ST_SW_KEY_EXCH_A:
388 case SSL3_ST_SW_KEY_EXCH_B: 388 case SSL3_ST_SW_KEY_EXCH_B:
389 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 389 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
390 390
391 /* Only send if using a DH key exchange. */ 391 /* Only send if using a DH key exchange. */
392 if (alg_k & (SSL_kDHE|SSL_kECDHE)) { 392 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
@@ -423,15 +423,15 @@ dtls1_accept(SSL *s)
423 if (!(s->verify_mode & SSL_VERIFY_PEER) || 423 if (!(s->verify_mode & SSL_VERIFY_PEER) ||
424 ((s->session->peer != NULL) && 424 ((s->session->peer != NULL) &&
425 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || 425 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
426 ((s->s3->tmp.new_cipher->algorithm_auth & 426 ((S3I(s)->tmp.new_cipher->algorithm_auth &
427 SSL_aNULL) && !(s->verify_mode & 427 SSL_aNULL) && !(s->verify_mode &
428 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { 428 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
429 /* no cert request */ 429 /* no cert request */
430 skip = 1; 430 skip = 1;
431 s->s3->tmp.cert_request = 0; 431 S3I(s)->tmp.cert_request = 0;
432 s->state = SSL3_ST_SW_SRVR_DONE_A; 432 s->state = SSL3_ST_SW_SRVR_DONE_A;
433 } else { 433 } else {
434 s->s3->tmp.cert_request = 1; 434 S3I(s)->tmp.cert_request = 1;
435 dtls1_start_timer(s); 435 dtls1_start_timer(s);
436 ret = ssl3_send_certificate_request(s); 436 ret = ssl3_send_certificate_request(s);
437 if (ret <= 0) 437 if (ret <= 0)
@@ -447,7 +447,7 @@ dtls1_accept(SSL *s)
447 ret = ssl3_send_server_done(s); 447 ret = ssl3_send_server_done(s);
448 if (ret <= 0) 448 if (ret <= 0)
449 goto end; 449 goto end;
450 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; 450 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
451 s->state = SSL3_ST_SW_FLUSH; 451 s->state = SSL3_ST_SW_FLUSH;
452 s->init_num = 0; 452 s->init_num = 0;
453 break; 453 break;
@@ -458,19 +458,19 @@ dtls1_accept(SSL *s)
458 /* If the write error was fatal, stop trying */ 458 /* If the write error was fatal, stop trying */
459 if (!BIO_should_retry(s->wbio)) { 459 if (!BIO_should_retry(s->wbio)) {
460 s->rwstate = SSL_NOTHING; 460 s->rwstate = SSL_NOTHING;
461 s->state = s->s3->tmp.next_state; 461 s->state = S3I(s)->tmp.next_state;
462 } 462 }
463 463
464 ret = -1; 464 ret = -1;
465 goto end; 465 goto end;
466 } 466 }
467 s->rwstate = SSL_NOTHING; 467 s->rwstate = SSL_NOTHING;
468 s->state = s->s3->tmp.next_state; 468 s->state = S3I(s)->tmp.next_state;
469 break; 469 break;
470 470
471 case SSL3_ST_SR_CERT_A: 471 case SSL3_ST_SR_CERT_A:
472 case SSL3_ST_SR_CERT_B: 472 case SSL3_ST_SR_CERT_B:
473 if (s->s3->tmp.cert_request) { 473 if (S3I(s)->tmp.cert_request) {
474 ret = ssl3_get_client_certificate(s); 474 ret = ssl3_get_client_certificate(s);
475 if (ret <= 0) 475 if (ret <= 0)
476 goto end; 476 goto end;
@@ -506,7 +506,7 @@ dtls1_accept(SSL *s)
506 * For sigalgs freeze the handshake buffer 506 * For sigalgs freeze the handshake buffer
507 * at this point and digest cached records. 507 * at this point and digest cached records.
508 */ 508 */
509 if (!s->s3->handshake_buffer) { 509 if (!S3I(s)->handshake_buffer) {
510 SSLerr(SSL_F_SSL3_ACCEPT, 510 SSLerr(SSL_F_SSL3_ACCEPT,
511 ERR_R_INTERNAL_ERROR); 511 ERR_R_INTERNAL_ERROR);
512 ret = -1; 512 ret = -1;
@@ -524,10 +524,10 @@ dtls1_accept(SSL *s)
524 /* We need to get hashes here so if there is 524 /* We need to get hashes here so if there is
525 * a client cert, it can be verified */ 525 * a client cert, it can be verified */
526 s->method->ssl3_enc->cert_verify_mac(s, 526 s->method->ssl3_enc->cert_verify_mac(s,
527 NID_md5, &(s->s3->tmp.cert_verify_md[0])); 527 NID_md5, &(S3I(s)->tmp.cert_verify_md[0]));
528 s->method->ssl3_enc->cert_verify_mac(s, 528 s->method->ssl3_enc->cert_verify_mac(s,
529 NID_sha1, 529 NID_sha1,
530 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); 530 &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
531 } 531 }
532 break; 532 break;
533 533
@@ -582,7 +582,7 @@ dtls1_accept(SSL *s)
582 case SSL3_ST_SW_CHANGE_A: 582 case SSL3_ST_SW_CHANGE_A:
583 case SSL3_ST_SW_CHANGE_B: 583 case SSL3_ST_SW_CHANGE_B:
584 584
585 s->session->cipher = s->s3->tmp.new_cipher; 585 s->session->cipher = S3I(s)->tmp.new_cipher;
586 if (!s->method->ssl3_enc->setup_key_block(s)) { 586 if (!s->method->ssl3_enc->setup_key_block(s)) {
587 ret = -1; 587 ret = -1;
588 goto end; 588 goto end;
@@ -617,10 +617,10 @@ dtls1_accept(SSL *s)
617 goto end; 617 goto end;
618 s->state = SSL3_ST_SW_FLUSH; 618 s->state = SSL3_ST_SW_FLUSH;
619 if (s->hit) { 619 if (s->hit) {
620 s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; 620 S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A;
621 621
622 } else { 622 } else {
623 s->s3->tmp.next_state = SSL_ST_OK; 623 S3I(s)->tmp.next_state = SSL_ST_OK;
624 } 624 }
625 s->init_num = 0; 625 s->init_num = 0;
626 break; 626 break;
@@ -666,7 +666,7 @@ dtls1_accept(SSL *s)
666 /* break; */ 666 /* break; */
667 } 667 }
668 668
669 if (!s->s3->tmp.reuse_message && !skip) { 669 if (!S3I(s)->tmp.reuse_message && !skip) {
670 if (s->debug) { 670 if (s->debug) {
671 if ((ret = BIO_flush(s->wbio)) <= 0) 671 if ((ret = BIO_flush(s->wbio)) <= 0)
672 goto end; 672 goto end;
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 35bc271f00..a80d196290 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_srvr.c,v 1.49 2017/01/03 16:57:15 jsing Exp $ */ 1/* $OpenBSD: s23_srvr.c,v 1.50 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -407,9 +407,9 @@ ssl23_get_client_hello(SSL *s)
407 l2n3((long)i, d_len); 407 l2n3((long)i, d_len);
408 408
409 /* get the data reused from the init_buf */ 409 /* get the data reused from the init_buf */
410 s->s3->tmp.reuse_message = 1; 410 S3I(s)->tmp.reuse_message = 1;
411 s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO; 411 S3I(s)->tmp.message_type = SSL3_MT_CLIENT_HELLO;
412 s->s3->tmp.message_size = i; 412 S3I(s)->tmp.message_size = i;
413 } 413 }
414 414
415 /* imaginary new state (for program structure): */ 415 /* imaginary new state (for program structure): */
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 51429d907a..7381286326 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.50 2016/12/30 15:12:45 jsing Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.51 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -174,23 +174,23 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
174 OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); 174 OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
175 175
176 if (s->method->ssl3_enc->final_finish_mac(s, sender, slen, 176 if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,
177 s->s3->tmp.finish_md) != md_len) 177 S3I(s)->tmp.finish_md) != md_len)
178 return (0); 178 return (0);
179 s->s3->tmp.finish_md_len = md_len; 179 S3I(s)->tmp.finish_md_len = md_len;
180 180
181 /* Copy finished so we can use it for renegotiation checks. */ 181 /* Copy finished so we can use it for renegotiation checks. */
182 if (s->type == SSL_ST_CONNECT) { 182 if (s->type == SSL_ST_CONNECT) {
183 memcpy(s->s3->previous_client_finished, 183 memcpy(S3I(s)->previous_client_finished,
184 s->s3->tmp.finish_md, md_len); 184 S3I(s)->tmp.finish_md, md_len);
185 s->s3->previous_client_finished_len = md_len; 185 S3I(s)->previous_client_finished_len = md_len;
186 } else { 186 } else {
187 memcpy(s->s3->previous_server_finished, 187 memcpy(S3I(s)->previous_server_finished,
188 s->s3->tmp.finish_md, md_len); 188 S3I(s)->tmp.finish_md, md_len);
189 s->s3->previous_server_finished_len = md_len; 189 S3I(s)->previous_server_finished_len = md_len;
190 } 190 }
191 191
192 p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED); 192 p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED);
193 memcpy(p, s->s3->tmp.finish_md, md_len); 193 memcpy(p, S3I(s)->tmp.finish_md, md_len);
194 ssl3_handshake_msg_finish(s, md_len); 194 ssl3_handshake_msg_finish(s, md_len);
195 195
196 s->state = b; 196 s->state = b;
@@ -213,7 +213,7 @@ ssl3_take_mac(SSL *s)
213 * If no new cipher setup return immediately: other functions will 213 * If no new cipher setup return immediately: other functions will
214 * set the appropriate error. 214 * set the appropriate error.
215 */ 215 */
216 if (s->s3->tmp.new_cipher == NULL) 216 if (S3I(s)->tmp.new_cipher == NULL)
217 return; 217 return;
218 218
219 if (s->state & SSL_ST_CONNECT) { 219 if (s->state & SSL_ST_CONNECT) {
@@ -224,9 +224,9 @@ ssl3_take_mac(SSL *s)
224 slen = s->method->ssl3_enc->client_finished_label_len; 224 slen = s->method->ssl3_enc->client_finished_label_len;
225 } 225 }
226 226
227 s->s3->tmp.peer_finish_md_len = 227 S3I(s)->tmp.peer_finish_md_len =
228 s->method->ssl3_enc->final_finish_mac(s, sender, slen, 228 s->method->ssl3_enc->final_finish_mac(s, sender, slen,
229 s->s3->tmp.peer_finish_md); 229 S3I(s)->tmp.peer_finish_md);
230} 230}
231 231
232int 232int
@@ -242,12 +242,12 @@ ssl3_get_finished(SSL *s, int a, int b)
242 return ((int)n); 242 return ((int)n);
243 243
244 /* If this occurs, we have missed a message */ 244 /* If this occurs, we have missed a message */
245 if (!s->s3->change_cipher_spec) { 245 if (!S3I(s)->change_cipher_spec) {
246 al = SSL_AD_UNEXPECTED_MESSAGE; 246 al = SSL_AD_UNEXPECTED_MESSAGE;
247 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS); 247 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
248 goto f_err; 248 goto f_err;
249 } 249 }
250 s->s3->change_cipher_spec = 0; 250 S3I(s)->change_cipher_spec = 0;
251 251
252 md_len = s->method->ssl3_enc->finish_mac_length; 252 md_len = s->method->ssl3_enc->finish_mac_length;
253 253
@@ -259,14 +259,14 @@ ssl3_get_finished(SSL *s, int a, int b)
259 259
260 CBS_init(&cbs, s->init_msg, n); 260 CBS_init(&cbs, s->init_msg, n);
261 261
262 if (s->s3->tmp.peer_finish_md_len != md_len || 262 if (S3I(s)->tmp.peer_finish_md_len != md_len ||
263 CBS_len(&cbs) != md_len) { 263 CBS_len(&cbs) != md_len) {
264 al = SSL_AD_DECODE_ERROR; 264 al = SSL_AD_DECODE_ERROR;
265 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); 265 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
266 goto f_err; 266 goto f_err;
267 } 267 }
268 268
269 if (!CBS_mem_equal(&cbs, s->s3->tmp.peer_finish_md, CBS_len(&cbs))) { 269 if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) {
270 al = SSL_AD_DECRYPT_ERROR; 270 al = SSL_AD_DECRYPT_ERROR;
271 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); 271 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
272 goto f_err; 272 goto f_err;
@@ -275,13 +275,13 @@ ssl3_get_finished(SSL *s, int a, int b)
275 /* Copy finished so we can use it for renegotiation checks. */ 275 /* Copy finished so we can use it for renegotiation checks. */
276 OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); 276 OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
277 if (s->type == SSL_ST_ACCEPT) { 277 if (s->type == SSL_ST_ACCEPT) {
278 memcpy(s->s3->previous_client_finished, 278 memcpy(S3I(s)->previous_client_finished,
279 s->s3->tmp.peer_finish_md, md_len); 279 S3I(s)->tmp.peer_finish_md, md_len);
280 s->s3->previous_client_finished_len = md_len; 280 S3I(s)->previous_client_finished_len = md_len;
281 } else { 281 } else {
282 memcpy(s->s3->previous_server_finished, 282 memcpy(S3I(s)->previous_server_finished,
283 s->s3->tmp.peer_finish_md, md_len); 283 S3I(s)->tmp.peer_finish_md, md_len);
284 s->s3->previous_server_finished_len = md_len; 284 S3I(s)->previous_server_finished_len = md_len;
285 } 285 }
286 286
287 return (1); 287 return (1);
@@ -292,8 +292,8 @@ f_err:
292 292
293/* for these 2 messages, we need to 293/* for these 2 messages, we need to
294 * ssl->enc_read_ctx re-init 294 * ssl->enc_read_ctx re-init
295 * ssl->s3->read_sequence zero 295 * ssl->s3->internal->read_sequence zero
296 * ssl->s3->read_mac_secret re-init 296 * ssl->s3->internal->read_mac_secret re-init
297 * ssl->session->read_sym_enc assign 297 * ssl->session->read_sym_enc assign
298 * ssl->session->read_hash assign 298 * ssl->session->read_hash assign
299 */ 299 */
@@ -416,9 +416,9 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
416 CBS cbs; 416 CBS cbs;
417 uint8_t u8; 417 uint8_t u8;
418 418
419 if (s->s3->tmp.reuse_message) { 419 if (S3I(s)->tmp.reuse_message) {
420 s->s3->tmp.reuse_message = 0; 420 S3I(s)->tmp.reuse_message = 0;
421 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { 421 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
422 al = SSL_AD_UNEXPECTED_MESSAGE; 422 al = SSL_AD_UNEXPECTED_MESSAGE;
423 SSLerr(SSL_F_SSL3_GET_MESSAGE, 423 SSLerr(SSL_F_SSL3_GET_MESSAGE,
424 SSL_R_UNEXPECTED_MESSAGE); 424 SSL_R_UNEXPECTED_MESSAGE);
@@ -426,7 +426,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
426 } 426 }
427 *ok = 1; 427 *ok = 1;
428 s->init_msg = s->init_buf->data + 4; 428 s->init_msg = s->init_buf->data + 4;
429 s->init_num = (int)s->s3->tmp.message_size; 429 s->init_num = (int)S3I(s)->tmp.message_size;
430 return s->init_num; 430 return s->init_num;
431 } 431 }
432 432
@@ -484,7 +484,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
484 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); 484 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
485 goto err; 485 goto err;
486 } 486 }
487 s->s3->tmp.message_type = u8; 487 S3I(s)->tmp.message_type = u8;
488 488
489 if (l > (unsigned long)max) { 489 if (l > (unsigned long)max) {
490 al = SSL_AD_ILLEGAL_PARAMETER; 490 al = SSL_AD_ILLEGAL_PARAMETER;
@@ -496,7 +496,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
496 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); 496 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
497 goto err; 497 goto err;
498 } 498 }
499 s->s3->tmp.message_size = l; 499 S3I(s)->tmp.message_size = l;
500 s->state = stn; 500 s->state = stn;
501 501
502 s->init_msg = s->init_buf->data + 4; 502 s->init_msg = s->init_buf->data + 4;
@@ -505,7 +505,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
505 505
506 /* next state (stn) */ 506 /* next state (stn) */
507 p = s->init_msg; 507 p = s->init_msg;
508 n = s->s3->tmp.message_size - s->init_num; 508 n = S3I(s)->tmp.message_size - s->init_num;
509 while (n > 0) { 509 while (n > 0) {
510 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, 510 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
511 &p[s->init_num], n, 0); 511 &p[s->init_num], n, 0);
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index d75ceb9d2d..0d3f09728e 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.161 2017/01/22 07:16:39 beck Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.162 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -293,7 +293,7 @@ ssl3_connect(SSL *s)
293 break; 293 break;
294 } 294 }
295 /* Check if it is anon DH/ECDH. */ 295 /* Check if it is anon DH/ECDH. */
296 if (!(s->s3->tmp.new_cipher->algorithm_auth & 296 if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
297 SSL_aNULL)) { 297 SSL_aNULL)) {
298 ret = ssl3_get_server_certificate(s); 298 ret = ssl3_get_server_certificate(s);
299 if (ret <= 0) 299 if (ret <= 0)
@@ -341,7 +341,7 @@ ssl3_connect(SSL *s)
341 ret = ssl3_get_server_done(s); 341 ret = ssl3_get_server_done(s);
342 if (ret <= 0) 342 if (ret <= 0)
343 goto end; 343 goto end;
344 if (s->s3->tmp.cert_req) 344 if (S3I(s)->tmp.cert_req)
345 s->state = SSL3_ST_CW_CERT_A; 345 s->state = SSL3_ST_CW_CERT_A;
346 else 346 else
347 s->state = SSL3_ST_CW_KEY_EXCH_A; 347 s->state = SSL3_ST_CW_KEY_EXCH_A;
@@ -381,15 +381,15 @@ ssl3_connect(SSL *s)
381 * message when client's ECDH public key is sent 381 * message when client's ECDH public key is sent
382 * inside the client certificate. 382 * inside the client certificate.
383 */ 383 */
384 if (s->s3->tmp.cert_req == 1) { 384 if (S3I(s)->tmp.cert_req == 1) {
385 s->state = SSL3_ST_CW_CERT_VRFY_A; 385 s->state = SSL3_ST_CW_CERT_VRFY_A;
386 } else { 386 } else {
387 s->state = SSL3_ST_CW_CHANGE_A; 387 s->state = SSL3_ST_CW_CHANGE_A;
388 s->s3->change_cipher_spec = 0; 388 S3I(s)->change_cipher_spec = 0;
389 } 389 }
390 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { 390 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
391 s->state = SSL3_ST_CW_CHANGE_A; 391 s->state = SSL3_ST_CW_CHANGE_A;
392 s->s3->change_cipher_spec = 0; 392 S3I(s)->change_cipher_spec = 0;
393 } 393 }
394 394
395 s->init_num = 0; 395 s->init_num = 0;
@@ -402,7 +402,7 @@ ssl3_connect(SSL *s)
402 goto end; 402 goto end;
403 s->state = SSL3_ST_CW_CHANGE_A; 403 s->state = SSL3_ST_CW_CHANGE_A;
404 s->init_num = 0; 404 s->init_num = 0;
405 s->s3->change_cipher_spec = 0; 405 S3I(s)->change_cipher_spec = 0;
406 break; 406 break;
407 407
408 case SSL3_ST_CW_CHANGE_A: 408 case SSL3_ST_CW_CHANGE_A:
@@ -412,13 +412,13 @@ ssl3_connect(SSL *s)
412 if (ret <= 0) 412 if (ret <= 0)
413 goto end; 413 goto end;
414 414
415 if (s->s3->next_proto_neg_seen) 415 if (S3I(s)->next_proto_neg_seen)
416 s->state = SSL3_ST_CW_NEXT_PROTO_A; 416 s->state = SSL3_ST_CW_NEXT_PROTO_A;
417 else 417 else
418 s->state = SSL3_ST_CW_FINISHED_A; 418 s->state = SSL3_ST_CW_FINISHED_A;
419 s->init_num = 0; 419 s->init_num = 0;
420 420
421 s->session->cipher = s->s3->tmp.new_cipher; 421 s->session->cipher = S3I(s)->tmp.new_cipher;
422 if (!s->method->ssl3_enc->setup_key_block(s)) { 422 if (!s->method->ssl3_enc->setup_key_block(s)) {
423 ret = -1; 423 ret = -1;
424 goto end; 424 goto end;
@@ -454,21 +454,21 @@ ssl3_connect(SSL *s)
454 /* clear flags */ 454 /* clear flags */
455 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; 455 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
456 if (s->hit) { 456 if (s->hit) {
457 s->s3->tmp.next_state = SSL_ST_OK; 457 S3I(s)->tmp.next_state = SSL_ST_OK;
458 if (s->s3->flags & 458 if (s->s3->flags &
459 SSL3_FLAGS_DELAY_CLIENT_FINISHED) { 459 SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
460 s->state = SSL_ST_OK; 460 s->state = SSL_ST_OK;
461 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 461 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
462 s->s3->delay_buf_pop_ret = 0; 462 S3I(s)->delay_buf_pop_ret = 0;
463 } 463 }
464 } else { 464 } else {
465 /* Allow NewSessionTicket if ticket expected */ 465 /* Allow NewSessionTicket if ticket expected */
466 if (s->tlsext_ticket_expected) 466 if (s->tlsext_ticket_expected)
467 s->s3->tmp.next_state = 467 S3I(s)->tmp.next_state =
468 SSL3_ST_CR_SESSION_TICKET_A; 468 SSL3_ST_CR_SESSION_TICKET_A;
469 else 469 else
470 470
471 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; 471 S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A;
472 } 472 }
473 s->init_num = 0; 473 s->init_num = 0;
474 break; 474 break;
@@ -513,7 +513,7 @@ ssl3_connect(SSL *s)
513 goto end; 513 goto end;
514 } 514 }
515 s->rwstate = SSL_NOTHING; 515 s->rwstate = SSL_NOTHING;
516 s->state = s->s3->tmp.next_state; 516 s->state = S3I(s)->tmp.next_state;
517 break; 517 break;
518 518
519 case SSL_ST_OK: 519 case SSL_ST_OK:
@@ -561,7 +561,7 @@ ssl3_connect(SSL *s)
561 } 561 }
562 562
563 /* did we do anything */ 563 /* did we do anything */
564 if (!s->s3->tmp.reuse_message && !skip) { 564 if (!S3I(s)->tmp.reuse_message && !skip) {
565 if (s->debug) { 565 if (s->debug) {
566 if ((ret = BIO_flush(s->wbio)) <= 0) 566 if ((ret = BIO_flush(s->wbio)) <= 0)
567 goto end; 567 goto end;
@@ -742,9 +742,9 @@ ssl3_get_server_hello(SSL *s)
742 CBS_init(&cbs, s->init_msg, n); 742 CBS_init(&cbs, s->init_msg, n);
743 743
744 if (SSL_IS_DTLS(s)) { 744 if (SSL_IS_DTLS(s)) {
745 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { 745 if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
746 if (D1I(s)->send_cookie == 0) { 746 if (D1I(s)->send_cookie == 0) {
747 s->s3->tmp.reuse_message = 1; 747 S3I(s)->tmp.reuse_message = 1;
748 return (1); 748 return (1);
749 } else { 749 } else {
750 /* Already sent a cookie. */ 750 /* Already sent a cookie. */
@@ -756,7 +756,7 @@ ssl3_get_server_hello(SSL *s)
756 } 756 }
757 } 757 }
758 758
759 if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) { 759 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
760 al = SSL_AD_UNEXPECTED_MESSAGE; 760 al = SSL_AD_UNEXPECTED_MESSAGE;
761 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 761 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
762 SSL_R_BAD_MESSAGE_TYPE); 762 SSL_R_BAD_MESSAGE_TYPE);
@@ -887,13 +887,13 @@ ssl3_get_server_hello(SSL *s)
887 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 887 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
888 goto f_err; 888 goto f_err;
889 } 889 }
890 s->s3->tmp.new_cipher = cipher; 890 S3I(s)->tmp.new_cipher = cipher;
891 891
892 /* 892 /*
893 * Don't digest cached records if no sigalgs: we may need them for 893 * Don't digest cached records if no sigalgs: we may need them for
894 * client authentication. 894 * client authentication.
895 */ 895 */
896 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 896 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
897 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && 897 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) &&
898 !tls1_digest_cached_records(s)) { 898 !tls1_digest_cached_records(s)) {
899 al = SSL_AD_INTERNAL_ERROR; 899 al = SSL_AD_INTERNAL_ERROR;
@@ -956,12 +956,12 @@ ssl3_get_server_certificate(SSL *s)
956 if (!ok) 956 if (!ok)
957 return ((int)n); 957 return ((int)n);
958 958
959 if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { 959 if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
960 s->s3->tmp.reuse_message = 1; 960 S3I(s)->tmp.reuse_message = 1;
961 return (1); 961 return (1);
962 } 962 }
963 963
964 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { 964 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
965 al = SSL_AD_UNEXPECTED_MESSAGE; 965 al = SSL_AD_UNEXPECTED_MESSAGE;
966 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 966 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
967 SSL_R_BAD_MESSAGE_TYPE); 967 SSL_R_BAD_MESSAGE_TYPE);
@@ -1113,7 +1113,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1113 long alg_a; 1113 long alg_a;
1114 int al; 1114 int al;
1115 1115
1116 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1116 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
1117 sc = s->session->sess_cert; 1117 sc = s->session->sess_cert;
1118 1118
1119 if (*nn < 0) 1119 if (*nn < 0)
@@ -1280,7 +1280,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1280 int nid; 1280 int nid;
1281 int al; 1281 int al;
1282 1282
1283 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1283 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
1284 sc = s->session->sess_cert; 1284 sc = s->session->sess_cert;
1285 1285
1286 if (*nn < 0) 1286 if (*nn < 0)
@@ -1366,8 +1366,8 @@ ssl3_get_server_key_exchange(SSL *s)
1366 const EVP_MD *md = NULL; 1366 const EVP_MD *md = NULL;
1367 RSA *rsa = NULL; 1367 RSA *rsa = NULL;
1368 1368
1369 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1369 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
1370 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1370 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
1371 1371
1372 /* 1372 /*
1373 * Use same message size as in ssl3_get_certificate_request() 1373 * Use same message size as in ssl3_get_certificate_request()
@@ -1380,7 +1380,7 @@ ssl3_get_server_key_exchange(SSL *s)
1380 1380
1381 EVP_MD_CTX_init(&md_ctx); 1381 EVP_MD_CTX_init(&md_ctx);
1382 1382
1383 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { 1383 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1384 /* 1384 /*
1385 * Do not skip server key exchange if this cipher suite uses 1385 * Do not skip server key exchange if this cipher suite uses
1386 * ephemeral keys. 1386 * ephemeral keys.
@@ -1392,7 +1392,7 @@ ssl3_get_server_key_exchange(SSL *s)
1392 goto f_err; 1392 goto f_err;
1393 } 1393 }
1394 1394
1395 s->s3->tmp.reuse_message = 1; 1395 S3I(s)->tmp.reuse_message = 1;
1396 EVP_MD_CTX_cleanup(&md_ctx); 1396 EVP_MD_CTX_cleanup(&md_ctx);
1397 return (1); 1397 return (1);
1398 } 1398 }
@@ -1585,22 +1585,22 @@ ssl3_get_certificate_request(SSL *s)
1585 if (!ok) 1585 if (!ok)
1586 return ((int)n); 1586 return ((int)n);
1587 1587
1588 s->s3->tmp.cert_req = 0; 1588 S3I(s)->tmp.cert_req = 0;
1589 1589
1590 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) { 1590 if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_DONE) {
1591 s->s3->tmp.reuse_message = 1; 1591 S3I(s)->tmp.reuse_message = 1;
1592 /* 1592 /*
1593 * If we get here we don't need any cached handshake records 1593 * If we get here we don't need any cached handshake records
1594 * as we wont be doing client auth. 1594 * as we wont be doing client auth.
1595 */ 1595 */
1596 if (s->s3->handshake_buffer) { 1596 if (S3I(s)->handshake_buffer) {
1597 if (!tls1_digest_cached_records(s)) 1597 if (!tls1_digest_cached_records(s))
1598 goto err; 1598 goto err;
1599 } 1599 }
1600 return (1); 1600 return (1);
1601 } 1601 }
1602 1602
1603 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { 1603 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1604 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1604 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1605 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1605 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1606 SSL_R_WRONG_MESSAGE_TYPE); 1606 SSL_R_WRONG_MESSAGE_TYPE);
@@ -1608,7 +1608,7 @@ ssl3_get_certificate_request(SSL *s)
1608 } 1608 }
1609 1609
1610 /* TLS does not like anon-DH with client cert */ 1610 /* TLS does not like anon-DH with client cert */
1611 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { 1611 if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
1612 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1612 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1613 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1613 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1614 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1614 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
@@ -1632,8 +1632,8 @@ ssl3_get_certificate_request(SSL *s)
1632 if (ctype_num > SSL3_CT_NUMBER) 1632 if (ctype_num > SSL3_CT_NUMBER)
1633 ctype_num = SSL3_CT_NUMBER; 1633 ctype_num = SSL3_CT_NUMBER;
1634 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) || 1634 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) ||
1635 !CBS_write_bytes(&ctypes, (uint8_t *)s->s3->tmp.ctype, 1635 !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype,
1636 sizeof(s->s3->tmp.ctype), NULL)) { 1636 sizeof(S3I(s)->tmp.ctype), NULL)) {
1637 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1637 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1638 SSL_R_DATA_LENGTH_TOO_LONG); 1638 SSL_R_DATA_LENGTH_TOO_LONG);
1639 goto err; 1639 goto err;
@@ -1722,11 +1722,11 @@ ssl3_get_certificate_request(SSL *s)
1722 } 1722 }
1723 1723
1724 /* we should setup a certificate to return.... */ 1724 /* we should setup a certificate to return.... */
1725 s->s3->tmp.cert_req = 1; 1725 S3I(s)->tmp.cert_req = 1;
1726 s->s3->tmp.ctype_num = ctype_num; 1726 S3I(s)->tmp.ctype_num = ctype_num;
1727 if (s->s3->tmp.ca_names != NULL) 1727 if (S3I(s)->tmp.ca_names != NULL)
1728 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 1728 sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1729 s->s3->tmp.ca_names = ca_sk; 1729 S3I(s)->tmp.ca_names = ca_sk;
1730 ca_sk = NULL; 1730 ca_sk = NULL;
1731 1731
1732 ret = 1; 1732 ret = 1;
@@ -1761,11 +1761,11 @@ ssl3_get_new_session_ticket(SSL *s)
1761 if (!ok) 1761 if (!ok)
1762 return ((int)n); 1762 return ((int)n);
1763 1763
1764 if (s->s3->tmp.message_type == SSL3_MT_FINISHED) { 1764 if (S3I(s)->tmp.message_type == SSL3_MT_FINISHED) {
1765 s->s3->tmp.reuse_message = 1; 1765 S3I(s)->tmp.reuse_message = 1;
1766 return (1); 1766 return (1);
1767 } 1767 }
1768 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { 1768 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
1769 al = SSL_AD_UNEXPECTED_MESSAGE; 1769 al = SSL_AD_UNEXPECTED_MESSAGE;
1770 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, 1770 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
1771 SSL_R_BAD_MESSAGE_TYPE); 1771 SSL_R_BAD_MESSAGE_TYPE);
@@ -2255,7 +2255,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2255 /* 2255 /*
2256 * If we have client certificate, use its secret as peer key. 2256 * If we have client certificate, use its secret as peer key.
2257 */ 2257 */
2258 if (s->s3->tmp.cert_req && s->cert->key->privatekey) { 2258 if (S3I(s)->tmp.cert_req && s->cert->key->privatekey) {
2259 if (EVP_PKEY_derive_set_peer(pkey_ctx, 2259 if (EVP_PKEY_derive_set_peer(pkey_ctx,
2260 s->cert->key->privatekey) <=0) { 2260 s->cert->key->privatekey) <=0) {
2261 /* 2261 /*
@@ -2339,7 +2339,7 @@ ssl3_send_client_key_exchange(SSL *s)
2339 memset(&cbb, 0, sizeof(cbb)); 2339 memset(&cbb, 0, sizeof(cbb));
2340 2340
2341 if (s->state == SSL3_ST_CW_KEY_EXCH_A) { 2341 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
2342 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2342 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
2343 2343
2344 if ((sess_cert = s->session->sess_cert) == NULL) { 2344 if ((sess_cert = s->session->sess_cert) == NULL) {
2345 ssl3_send_alert(s, SSL3_AL_FATAL, 2345 ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2427,7 +2427,7 @@ ssl3_send_client_verify(SSL *s)
2427 long hdatalen = 0; 2427 long hdatalen = 0;
2428 void *hdata; 2428 void *hdata;
2429 const EVP_MD *md = s->cert->key->digest; 2429 const EVP_MD *md = s->cert->key->digest;
2430 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, 2430 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer,
2431 &hdata); 2431 &hdata);
2432 if (hdatalen <= 0 || 2432 if (hdatalen <= 0 ||
2433 !tls12_get_sigandhash(p, pkey, md)) { 2433 !tls12_get_sigandhash(p, pkey, md)) {
@@ -2491,7 +2491,7 @@ ssl3_send_client_verify(SSL *s)
2491 int nid; 2491 int nid;
2492 size_t sigsize; 2492 size_t sigsize;
2493 2493
2494 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); 2494 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2495 if (hdatalen <= 0) { 2495 if (hdatalen <= 0) {
2496 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2496 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2497 ERR_R_INTERNAL_ERROR); 2497 ERR_R_INTERNAL_ERROR);
@@ -2590,7 +2590,7 @@ ssl3_send_client_certificate(SSL *s)
2590 X509_free(x509); 2590 X509_free(x509);
2591 EVP_PKEY_free(pkey); 2591 EVP_PKEY_free(pkey);
2592 if (i == 0) 2592 if (i == 0)
2593 s->s3->tmp.cert_req = 2; 2593 S3I(s)->tmp.cert_req = 2;
2594 2594
2595 /* Ok, we have a cert */ 2595 /* Ok, we have a cert */
2596 s->state = SSL3_ST_CW_CERT_C; 2596 s->state = SSL3_ST_CW_CERT_C;
@@ -2601,7 +2601,7 @@ ssl3_send_client_certificate(SSL *s)
2601 SSL3_MT_CERTIFICATE)) 2601 SSL3_MT_CERTIFICATE))
2602 goto err; 2602 goto err;
2603 if (!ssl3_output_cert_chain(s, &client_cert, 2603 if (!ssl3_output_cert_chain(s, &client_cert,
2604 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509)) 2604 (S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key->x509))
2605 goto err; 2605 goto err;
2606 if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) 2606 if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
2607 goto err; 2607 goto err;
@@ -2629,8 +2629,8 @@ ssl3_check_cert_and_algorithm(SSL *s)
2629 SESS_CERT *sc; 2629 SESS_CERT *sc;
2630 DH *dh; 2630 DH *dh;
2631 2631
2632 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2632 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
2633 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2633 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
2634 2634
2635 /* We don't have a certificate. */ 2635 /* We don't have a certificate. */
2636 if (alg_a & SSL_aNULL) 2636 if (alg_a & SSL_aNULL)
@@ -2740,9 +2740,9 @@ ssl3_check_finished(SSL *s)
2740 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); 2740 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
2741 if (!ok) 2741 if (!ok)
2742 return ((int)n); 2742 return ((int)n);
2743 s->s3->tmp.reuse_message = 1; 2743 S3I(s)->tmp.reuse_message = 1;
2744 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) || 2744 if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) ||
2745 (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) 2745 (S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
2746 return (2); 2746 return (2);
2747 2747
2748 return (1); 2748 return (1);
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index ef7a368d8f..990ce2153d 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.119 2017/01/22 06:36:49 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.120 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1681,8 +1681,8 @@ ssl3_pending(const SSL *s)
1681 if (s->rstate == SSL_ST_READ_BODY) 1681 if (s->rstate == SSL_ST_READ_BODY)
1682 return 0; 1682 return 0;
1683 1683
1684 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? 1684 return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ?
1685 s->s3->rrec.length : 0; 1685 S3I(s)->rrec.length : 0;
1686} 1686}
1687 1687
1688int 1688int
@@ -1811,7 +1811,7 @@ ssl3_new(SSL *s)
1811{ 1811{
1812 if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL) 1812 if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL)
1813 return (0); 1813 return (0);
1814 if ((s->s3->internal = calloc(1, sizeof(*s->s3->internal))) == NULL) { 1814 if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) {
1815 free(s->s3); 1815 free(s->s3);
1816 return (0); 1816 return (0);
1817 } 1817 }
@@ -1831,21 +1831,21 @@ ssl3_free(SSL *s)
1831 ssl3_release_read_buffer(s); 1831 ssl3_release_read_buffer(s);
1832 ssl3_release_write_buffer(s); 1832 ssl3_release_write_buffer(s);
1833 1833
1834 DH_free(s->s3->tmp.dh); 1834 DH_free(S3I(s)->tmp.dh);
1835 EC_KEY_free(s->s3->tmp.ecdh); 1835 EC_KEY_free(S3I(s)->tmp.ecdh);
1836 1836
1837 if (s->s3->tmp.x25519 != NULL) 1837 if (S3I(s)->tmp.x25519 != NULL)
1838 explicit_bzero(s->s3->tmp.x25519, X25519_KEY_LENGTH); 1838 explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
1839 free(s->s3->tmp.x25519); 1839 free(S3I(s)->tmp.x25519);
1840 1840
1841 if (s->s3->tmp.ca_names != NULL) 1841 if (S3I(s)->tmp.ca_names != NULL)
1842 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 1842 sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1843 BIO_free(s->s3->handshake_buffer); 1843 BIO_free(S3I(s)->handshake_buffer);
1844 tls1_free_digest_list(s); 1844 tls1_free_digest_list(s);
1845 free(s->s3->alpn_selected); 1845 free(S3I(s)->alpn_selected);
1846 1846
1847 explicit_bzero(s->s3->internal, sizeof(*s->s3->internal)); 1847 explicit_bzero(S3I(s), sizeof(*S3I(s)));
1848 free(s->s3->internal); 1848 free(S3I(s));
1849 1849
1850 explicit_bzero(s->s3, sizeof(*s->s3)); 1850 explicit_bzero(s->s3, sizeof(*s->s3));
1851 free(s->s3); 1851 free(s->s3);
@@ -1861,36 +1861,36 @@ ssl3_clear(SSL *s)
1861 size_t rlen, wlen; 1861 size_t rlen, wlen;
1862 1862
1863 tls1_cleanup_key_block(s); 1863 tls1_cleanup_key_block(s);
1864 if (s->s3->tmp.ca_names != NULL) 1864 if (S3I(s)->tmp.ca_names != NULL)
1865 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 1865 sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
1866 1866
1867 DH_free(s->s3->tmp.dh); 1867 DH_free(S3I(s)->tmp.dh);
1868 s->s3->tmp.dh = NULL; 1868 S3I(s)->tmp.dh = NULL;
1869 EC_KEY_free(s->s3->tmp.ecdh); 1869 EC_KEY_free(S3I(s)->tmp.ecdh);
1870 s->s3->tmp.ecdh = NULL; 1870 S3I(s)->tmp.ecdh = NULL;
1871 1871
1872 if (s->s3->tmp.x25519 != NULL) 1872 if (S3I(s)->tmp.x25519 != NULL)
1873 explicit_bzero(s->s3->tmp.x25519, X25519_KEY_LENGTH); 1873 explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
1874 free(s->s3->tmp.x25519); 1874 free(S3I(s)->tmp.x25519);
1875 s->s3->tmp.x25519 = NULL; 1875 S3I(s)->tmp.x25519 = NULL;
1876 1876
1877 rp = s->s3->rbuf.buf; 1877 rp = s->s3->rbuf.buf;
1878 wp = s->s3->wbuf.buf; 1878 wp = s->s3->wbuf.buf;
1879 rlen = s->s3->rbuf.len; 1879 rlen = s->s3->rbuf.len;
1880 wlen = s->s3->wbuf.len; 1880 wlen = s->s3->wbuf.len;
1881 1881
1882 BIO_free(s->s3->handshake_buffer); 1882 BIO_free(S3I(s)->handshake_buffer);
1883 s->s3->handshake_buffer = NULL; 1883 S3I(s)->handshake_buffer = NULL;
1884 1884
1885 tls1_free_digest_list(s); 1885 tls1_free_digest_list(s);
1886 1886
1887 free(s->s3->alpn_selected); 1887 free(S3I(s)->alpn_selected);
1888 s->s3->alpn_selected = NULL; 1888 S3I(s)->alpn_selected = NULL;
1889 1889
1890 memset(s->s3->internal, 0, sizeof(*s->s3->internal)); 1890 memset(S3I(s), 0, sizeof(*S3I(s)));
1891 internal = s->s3->internal; 1891 internal = S3I(s);
1892 memset(s->s3, 0, sizeof(*s->s3)); 1892 memset(s->s3, 0, sizeof(*s->s3));
1893 s->s3->internal = internal; 1893 S3I(s) = internal;
1894 1894
1895 s->s3->rbuf.buf = rp; 1895 s->s3->rbuf.buf = rp;
1896 s->s3->wbuf.buf = wp; 1896 s->s3->wbuf.buf = wp;
@@ -1899,6 +1899,12 @@ ssl3_clear(SSL *s)
1899 1899
1900 ssl_free_wbio_buffer(s); 1900 ssl_free_wbio_buffer(s);
1901 1901
1902 /* Not needed... */
1903 S3I(s)->renegotiate = 0;
1904 S3I(s)->total_renegotiations = 0;
1905 S3I(s)->num_renegotiations = 0;
1906 S3I(s)->in_read_app_data = 0;
1907
1902 s->packet_length = 0; 1908 s->packet_length = 0;
1903 s->version = TLS1_VERSION; 1909 s->version = TLS1_VERSION;
1904 1910
@@ -1989,14 +1995,14 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1989 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 1995 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
1990 break; 1996 break;
1991 case SSL_CTRL_GET_NUM_RENEGOTIATIONS: 1997 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
1992 ret = s->s3->num_renegotiations; 1998 ret = S3I(s)->num_renegotiations;
1993 break; 1999 break;
1994 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: 2000 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
1995 ret = s->s3->num_renegotiations; 2001 ret = S3I(s)->num_renegotiations;
1996 s->s3->num_renegotiations = 0; 2002 S3I(s)->num_renegotiations = 0;
1997 break; 2003 break;
1998 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 2004 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
1999 ret = s->s3->total_renegotiations; 2005 ret = S3I(s)->total_renegotiations;
2000 break; 2006 break;
2001 case SSL_CTRL_GET_FLAGS: 2007 case SSL_CTRL_GET_FLAGS:
2002 ret = (int)(s->s3->flags); 2008 ret = (int)(s->s3->flags);
@@ -2463,7 +2469,7 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2463 int ret = 0; 2469 int ret = 0;
2464 unsigned long alg_k; 2470 unsigned long alg_k;
2465 2471
2466 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2472 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
2467 2473
2468#ifndef OPENSSL_NO_GOST 2474#ifndef OPENSSL_NO_GOST
2469 if ((alg_k & SSL_kGOST)) { 2475 if ((alg_k & SSL_kGOST)) {
@@ -2552,7 +2558,7 @@ ssl3_write(SSL *s, const void *buf, int len)
2552 } 2558 }
2553#endif 2559#endif
2554 errno = 0; 2560 errno = 0;
2555 if (s->s3->renegotiate) 2561 if (S3I(s)->renegotiate)
2556 ssl3_renegotiate_check(s); 2562 ssl3_renegotiate_check(s);
2557 2563
2558 /* 2564 /*
@@ -2564,13 +2570,13 @@ ssl3_write(SSL *s, const void *buf, int len)
2564 /* The second test is because the buffer may have been removed */ 2570 /* The second test is because the buffer may have been removed */
2565 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 2571 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
2566 /* First time through, we write into the buffer */ 2572 /* First time through, we write into the buffer */
2567 if (s->s3->delay_buf_pop_ret == 0) { 2573 if (S3I(s)->delay_buf_pop_ret == 0) {
2568 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2574 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
2569 buf, len); 2575 buf, len);
2570 if (ret <= 0) 2576 if (ret <= 0)
2571 return (ret); 2577 return (ret);
2572 2578
2573 s->s3->delay_buf_pop_ret = ret; 2579 S3I(s)->delay_buf_pop_ret = ret;
2574 } 2580 }
2575 2581
2576 s->rwstate = SSL_WRITING; 2582 s->rwstate = SSL_WRITING;
@@ -2583,8 +2589,8 @@ ssl3_write(SSL *s, const void *buf, int len)
2583 ssl_free_wbio_buffer(s); 2589 ssl_free_wbio_buffer(s);
2584 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 2590 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
2585 2591
2586 ret = s->s3->delay_buf_pop_ret; 2592 ret = S3I(s)->delay_buf_pop_ret;
2587 s->s3->delay_buf_pop_ret = 0; 2593 S3I(s)->delay_buf_pop_ret = 0;
2588 } else { 2594 } else {
2589 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2595 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
2590 buf, len); 2596 buf, len);
@@ -2601,12 +2607,12 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2601 int ret; 2607 int ret;
2602 2608
2603 errno = 0; 2609 errno = 0;
2604 if (s->s3->renegotiate) 2610 if (S3I(s)->renegotiate)
2605 ssl3_renegotiate_check(s); 2611 ssl3_renegotiate_check(s);
2606 s->s3->in_read_app_data = 1; 2612 S3I(s)->in_read_app_data = 1;
2607 ret = s->method->ssl_read_bytes(s, 2613 ret = s->method->ssl_read_bytes(s,
2608 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2614 SSL3_RT_APPLICATION_DATA, buf, len, peek);
2609 if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 2615 if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) {
2610 /* 2616 /*
2611 * ssl3_read_bytes decided to call s->handshake_func, which 2617 * ssl3_read_bytes decided to call s->handshake_func, which
2612 * called ssl3_read_bytes to read handshake data. 2618 * called ssl3_read_bytes to read handshake data.
@@ -2619,7 +2625,7 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2619 SSL3_RT_APPLICATION_DATA, buf, len, peek); 2625 SSL3_RT_APPLICATION_DATA, buf, len, peek);
2620 s->in_handshake--; 2626 s->in_handshake--;
2621 } else 2627 } else
2622 s->s3->in_read_app_data = 0; 2628 S3I(s)->in_read_app_data = 0;
2623 2629
2624 return (ret); 2630 return (ret);
2625} 2631}
@@ -2645,7 +2651,7 @@ ssl3_renegotiate(SSL *s)
2645 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 2651 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2646 return (0); 2652 return (0);
2647 2653
2648 s->s3->renegotiate = 1; 2654 S3I(s)->renegotiate = 1;
2649 return (1); 2655 return (1);
2650} 2656}
2651 2657
@@ -2654,7 +2660,7 @@ ssl3_renegotiate_check(SSL *s)
2654{ 2660{
2655 int ret = 0; 2661 int ret = 0;
2656 2662
2657 if (s->s3->renegotiate) { 2663 if (S3I(s)->renegotiate) {
2658 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 2664 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
2659 !SSL_in_init(s)) { 2665 !SSL_in_init(s)) {
2660 /* 2666 /*
@@ -2664,9 +2670,9 @@ ssl3_renegotiate_check(SSL *s)
2664 */ 2670 */
2665 /* SSL_ST_ACCEPT */ 2671 /* SSL_ST_ACCEPT */
2666 s->state = SSL_ST_RENEGOTIATE; 2672 s->state = SSL_ST_RENEGOTIATE;
2667 s->s3->renegotiate = 0; 2673 S3I(s)->renegotiate = 0;
2668 s->s3->num_renegotiations++; 2674 S3I(s)->num_renegotiations++;
2669 s->s3->total_renegotiations++; 2675 S3I(s)->total_renegotiations++;
2670 ret = 1; 2676 ret = 1;
2671 } 2677 }
2672 } 2678 }
@@ -2679,7 +2685,7 @@ ssl3_renegotiate_check(SSL *s)
2679long 2685long
2680ssl_get_algorithm2(SSL *s) 2686ssl_get_algorithm2(SSL *s)
2681{ 2687{
2682 long alg2 = s->s3->tmp.new_cipher->algorithm2; 2688 long alg2 = S3I(s)->tmp.new_cipher->algorithm2;
2683 2689
2684 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && 2690 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
2685 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 2691 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 20e66a707c..857d35b5a8 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_pkt.c,v 1.60 2016/11/17 15:06:22 jsing Exp $ */ 1/* $OpenBSD: s3_pkt.c,v 1.61 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -270,9 +270,9 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
270 * It will return <= 0 if more data is needed, normally due to an error 270 * It will return <= 0 if more data is needed, normally due to an error
271 * or non-blocking IO. 271 * or non-blocking IO.
272 * When it finishes, one packet has been decoded and can be found in 272 * When it finishes, one packet has been decoded and can be found in
273 * ssl->s3->rrec.type - is the type of record 273 * ssl->s3->internal->rrec.type - is the type of record
274 * ssl->s3->rrec.data, - data 274 * ssl->s3->internal->rrec.data, - data
275 * ssl->s3->rrec.length, - number of bytes 275 * ssl->s3->internal->rrec.length, - number of bytes
276 */ 276 */
277/* used only by ssl3_read_bytes */ 277/* used only by ssl3_read_bytes */
278static int 278static int
@@ -285,7 +285,7 @@ ssl3_get_record(SSL *s)
285 unsigned char md[EVP_MAX_MD_SIZE]; 285 unsigned char md[EVP_MAX_MD_SIZE];
286 unsigned mac_size, orig_len; 286 unsigned mac_size, orig_len;
287 287
288 rr = &(s->s3->rrec); 288 rr = &(S3I(s)->rrec);
289 sess = s->session; 289 sess = s->session;
290 290
291again: 291again:
@@ -472,10 +472,10 @@ again:
472 /* 472 /*
473 * So at this point the following is true 473 * So at this point the following is true
474 * 474 *
475 * ssl->s3->rrec.type is the type of record 475 * ssl->s3->internal->rrec.type is the type of record
476 * ssl->s3->rrec.length == number of bytes in record 476 * ssl->s3->internal->rrec.length == number of bytes in record
477 * ssl->s3->rrec.off == offset to first valid byte 477 * ssl->s3->internal->rrec.off == offset to first valid byte
478 * ssl->s3->rrec.data == where to take bytes from, increment 478 * ssl->s3->internal->rrec.data == where to take bytes from, increment
479 * after use :-). 479 * after use :-).
480 */ 480 */
481 481
@@ -510,8 +510,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
510 } 510 }
511 511
512 s->rwstate = SSL_NOTHING; 512 s->rwstate = SSL_NOTHING;
513 tot = s->s3->wnum; 513 tot = S3I(s)->wnum;
514 s->s3->wnum = 0; 514 S3I(s)->wnum = 0;
515 515
516 if (SSL_in_init(s) && !s->in_handshake) { 516 if (SSL_in_init(s) && !s->in_handshake) {
517 i = s->handshake_func(s); 517 i = s->handshake_func(s);
@@ -535,7 +535,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
535 535
536 i = do_ssl3_write(s, type, &(buf[tot]), nw, 0); 536 i = do_ssl3_write(s, type, &(buf[tot]), nw, 0);
537 if (i <= 0) { 537 if (i <= 0) {
538 s->s3->wnum = tot; 538 S3I(s)->wnum = tot;
539 return i; 539 return i;
540 } 540 }
541 541
@@ -546,7 +546,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
546 * empty fragment in ciphersuites with known-IV 546 * empty fragment in ciphersuites with known-IV
547 * weakness. 547 * weakness.
548 */ 548 */
549 s->s3->empty_fragment_done = 0; 549 S3I(s)->empty_fragment_done = 0;
550 550
551 return tot + i; 551 return tot + i;
552 } 552 }
@@ -593,7 +593,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
593 if (len == 0 && !create_empty_fragment) 593 if (len == 0 && !create_empty_fragment)
594 return 0; 594 return 0;
595 595
596 wr = &(s->s3->wrec); 596 wr = &(S3I(s)->wrec);
597 sess = s->session; 597 sess = s->session;
598 598
599 if ((sess == NULL) || (s->enc_write_ctx == NULL) || 599 if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
@@ -610,12 +610,12 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
610 * 'create_empty_fragment' is true only when this function calls 610 * 'create_empty_fragment' is true only when this function calls
611 * itself. 611 * itself.
612 */ 612 */
613 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { 613 if (!clear && !create_empty_fragment && !S3I(s)->empty_fragment_done) {
614 /* 614 /*
615 * Countermeasure against known-IV weakness in CBC ciphersuites 615 * Countermeasure against known-IV weakness in CBC ciphersuites
616 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 616 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
617 */ 617 */
618 if (s->s3->need_empty_fragments && 618 if (S3I(s)->need_empty_fragments &&
619 type == SSL3_RT_APPLICATION_DATA) { 619 type == SSL3_RT_APPLICATION_DATA) {
620 /* recursive function call with 'create_empty_fragment' set; 620 /* recursive function call with 'create_empty_fragment' set;
621 * this prepares and buffers the data for an empty fragment 621 * this prepares and buffers the data for an empty fragment
@@ -634,7 +634,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
634 } 634 }
635 } 635 }
636 636
637 s->s3->empty_fragment_done = 1; 637 S3I(s)->empty_fragment_done = 1;
638 } 638 }
639 639
640 if (create_empty_fragment) { 640 if (create_empty_fragment) {
@@ -750,10 +750,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
750 750
751 /* memorize arguments so that ssl3_write_pending can detect 751 /* memorize arguments so that ssl3_write_pending can detect
752 * bad write retries later */ 752 * bad write retries later */
753 s->s3->wpend_tot = len; 753 S3I(s)->wpend_tot = len;
754 s->s3->wpend_buf = buf; 754 S3I(s)->wpend_buf = buf;
755 s->s3->wpend_type = type; 755 S3I(s)->wpend_type = type;
756 s->s3->wpend_ret = len; 756 S3I(s)->wpend_ret = len;
757 757
758 /* we now just need to write the buffer */ 758 /* we now just need to write the buffer */
759 return ssl3_write_pending(s, type, buf, len); 759 return ssl3_write_pending(s, type, buf, len);
@@ -769,9 +769,9 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
769 SSL3_BUFFER *wb = &(s->s3->wbuf); 769 SSL3_BUFFER *wb = &(s->s3->wbuf);
770 770
771 /* XXXX */ 771 /* XXXX */
772 if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) && 772 if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
773 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || 773 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
774 (s->s3->wpend_type != type)) { 774 (S3I(s)->wpend_type != type)) {
775 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); 775 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
776 return (-1); 776 return (-1);
777 } 777 }
@@ -794,7 +794,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
794 !SSL_IS_DTLS(s)) 794 !SSL_IS_DTLS(s))
795 ssl3_release_write_buffer(s); 795 ssl3_release_write_buffer(s);
796 s->rwstate = SSL_NOTHING; 796 s->rwstate = SSL_NOTHING;
797 return (s->s3->wpend_ret); 797 return (S3I(s)->wpend_ret);
798 } else if (i <= 0) { 798 } else if (i <= 0) {
799 /* 799 /*
800 * For DTLS, just drop it. That's kind of the 800 * For DTLS, just drop it. That's kind of the
@@ -862,28 +862,28 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
862 } 862 }
863 863
864 if ((type == SSL3_RT_HANDSHAKE) && 864 if ((type == SSL3_RT_HANDSHAKE) &&
865 (s->s3->handshake_fragment_len > 0)) { 865 (S3I(s)->handshake_fragment_len > 0)) {
866 /* (partially) satisfy request from storage */ 866 /* (partially) satisfy request from storage */
867 unsigned char *src = s->s3->handshake_fragment; 867 unsigned char *src = S3I(s)->handshake_fragment;
868 unsigned char *dst = buf; 868 unsigned char *dst = buf;
869 unsigned int k; 869 unsigned int k;
870 870
871 /* peek == 0 */ 871 /* peek == 0 */
872 n = 0; 872 n = 0;
873 while ((len > 0) && (s->s3->handshake_fragment_len > 0)) { 873 while ((len > 0) && (S3I(s)->handshake_fragment_len > 0)) {
874 *dst++ = *src++; 874 *dst++ = *src++;
875 len--; 875 len--;
876 s->s3->handshake_fragment_len--; 876 S3I(s)->handshake_fragment_len--;
877 n++; 877 n++;
878 } 878 }
879 /* move any remaining fragment bytes: */ 879 /* move any remaining fragment bytes: */
880 for (k = 0; k < s->s3->handshake_fragment_len; k++) 880 for (k = 0; k < S3I(s)->handshake_fragment_len; k++)
881 s->s3->handshake_fragment[k] = *src++; 881 S3I(s)->handshake_fragment[k] = *src++;
882 return n; 882 return n;
883 } 883 }
884 884
885 /* 885 /*
886 * Now s->s3->handshake_fragment_len == 0 if 886 * Now S3I(s)->handshake_fragment_len == 0 if
887 * type == SSL3_RT_HANDSHAKE. 887 * type == SSL3_RT_HANDSHAKE.
888 */ 888 */
889 if (!s->in_handshake && SSL_in_init(s)) { 889 if (!s->in_handshake && SSL_in_init(s)) {
@@ -921,12 +921,12 @@ start:
921 s->rwstate = SSL_NOTHING; 921 s->rwstate = SSL_NOTHING;
922 922
923 /* 923 /*
924 * s->s3->rrec.type - is the type of record 924 * S3I(s)->rrec.type - is the type of record
925 * s->s3->rrec.data, - data 925 * S3I(s)->rrec.data, - data
926 * s->s3->rrec.off, - offset into 'data' for next read 926 * S3I(s)->rrec.off, - offset into 'data' for next read
927 * s->s3->rrec.length, - number of bytes. 927 * S3I(s)->rrec.length, - number of bytes.
928 */ 928 */
929 rr = &(s->s3->rrec); 929 rr = &(S3I(s)->rrec);
930 930
931 /* get new packet if necessary */ 931 /* get new packet if necessary */
932 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { 932 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
@@ -937,7 +937,7 @@ start:
937 937
938 /* we now have a packet which can be read and processed */ 938 /* we now have a packet which can be read and processed */
939 939
940 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, 940 if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec,
941 * reset by ssl3_get_finished */ 941 * reset by ssl3_get_finished */
942 && (rr->type != SSL3_RT_HANDSHAKE)) { 942 && (rr->type != SSL3_RT_HANDSHAKE)) {
943 al = SSL_AD_UNEXPECTED_MESSAGE; 943 al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -1006,13 +1006,13 @@ start:
1006 unsigned int *dest_len = NULL; 1006 unsigned int *dest_len = NULL;
1007 1007
1008 if (rr->type == SSL3_RT_HANDSHAKE) { 1008 if (rr->type == SSL3_RT_HANDSHAKE) {
1009 dest_maxlen = sizeof s->s3->handshake_fragment; 1009 dest_maxlen = sizeof S3I(s)->handshake_fragment;
1010 dest = s->s3->handshake_fragment; 1010 dest = S3I(s)->handshake_fragment;
1011 dest_len = &s->s3->handshake_fragment_len; 1011 dest_len = &S3I(s)->handshake_fragment_len;
1012 } else if (rr->type == SSL3_RT_ALERT) { 1012 } else if (rr->type == SSL3_RT_ALERT) {
1013 dest_maxlen = sizeof s->s3->alert_fragment; 1013 dest_maxlen = sizeof S3I(s)->alert_fragment;
1014 dest = s->s3->alert_fragment; 1014 dest = S3I(s)->alert_fragment;
1015 dest_len = &s->s3->alert_fragment_len; 1015 dest_len = &S3I(s)->alert_fragment_len;
1016 } 1016 }
1017 if (dest_maxlen > 0) { 1017 if (dest_maxlen > 0) {
1018 /* available space in 'dest' */ 1018 /* available space in 'dest' */
@@ -1031,19 +1031,19 @@ start:
1031 } 1031 }
1032 } 1032 }
1033 1033
1034 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; 1034 /* S3I(s)->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
1035 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. 1035 * S3I(s)->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
1036 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ 1036 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
1037 1037
1038 /* If we are a client, check for an incoming 'Hello Request': */ 1038 /* If we are a client, check for an incoming 'Hello Request': */
1039 if ((!s->server) && (s->s3->handshake_fragment_len >= 4) && 1039 if ((!s->server) && (S3I(s)->handshake_fragment_len >= 4) &&
1040 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && 1040 (S3I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1041 (s->session != NULL) && (s->session->cipher != NULL)) { 1041 (s->session != NULL) && (s->session->cipher != NULL)) {
1042 s->s3->handshake_fragment_len = 0; 1042 S3I(s)->handshake_fragment_len = 0;
1043 1043
1044 if ((s->s3->handshake_fragment[1] != 0) || 1044 if ((S3I(s)->handshake_fragment[1] != 0) ||
1045 (s->s3->handshake_fragment[2] != 0) || 1045 (S3I(s)->handshake_fragment[2] != 0) ||
1046 (s->s3->handshake_fragment[3] != 0)) { 1046 (S3I(s)->handshake_fragment[3] != 0)) {
1047 al = SSL_AD_DECODE_ERROR; 1047 al = SSL_AD_DECODE_ERROR;
1048 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); 1048 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
1049 goto f_err; 1049 goto f_err;
@@ -1051,12 +1051,12 @@ start:
1051 1051
1052 if (s->msg_callback) 1052 if (s->msg_callback)
1053 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 1053 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
1054 s->s3->handshake_fragment, 4, s, 1054 S3I(s)->handshake_fragment, 4, s,
1055 s->msg_callback_arg); 1055 s->msg_callback_arg);
1056 1056
1057 if (SSL_is_init_finished(s) && 1057 if (SSL_is_init_finished(s) &&
1058 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 1058 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1059 !s->s3->renegotiate) { 1059 !S3I(s)->renegotiate) {
1060 ssl3_renegotiate(s); 1060 ssl3_renegotiate(s);
1061 if (ssl3_renegotiate_check(s)) { 1061 if (ssl3_renegotiate_check(s)) {
1062 i = s->handshake_func(s); 1062 i = s->handshake_func(s);
@@ -1094,24 +1094,24 @@ start:
1094 */ 1094 */
1095 if (s->server && 1095 if (s->server &&
1096 SSL_is_init_finished(s) && 1096 SSL_is_init_finished(s) &&
1097 !s->s3->send_connection_binding && 1097 !S3I(s)->send_connection_binding &&
1098 (s->s3->handshake_fragment_len >= 4) && 1098 (S3I(s)->handshake_fragment_len >= 4) &&
1099 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && 1099 (S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
1100 (s->session != NULL) && (s->session->cipher != NULL)) { 1100 (s->session != NULL) && (s->session->cipher != NULL)) {
1101 /*s->s3->handshake_fragment_len = 0;*/ 1101 /*S3I(s)->handshake_fragment_len = 0;*/
1102 rr->length = 0; 1102 rr->length = 0;
1103 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); 1103 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
1104 goto start; 1104 goto start;
1105 } 1105 }
1106 if (s->s3->alert_fragment_len >= 2) { 1106 if (S3I(s)->alert_fragment_len >= 2) {
1107 int alert_level = s->s3->alert_fragment[0]; 1107 int alert_level = S3I(s)->alert_fragment[0];
1108 int alert_descr = s->s3->alert_fragment[1]; 1108 int alert_descr = S3I(s)->alert_fragment[1];
1109 1109
1110 s->s3->alert_fragment_len = 0; 1110 S3I(s)->alert_fragment_len = 0;
1111 1111
1112 if (s->msg_callback) 1112 if (s->msg_callback)
1113 s->msg_callback(0, s->version, SSL3_RT_ALERT, 1113 s->msg_callback(0, s->version, SSL3_RT_ALERT,
1114 s->s3->alert_fragment, 2, s, s->msg_callback_arg); 1114 S3I(s)->alert_fragment, 2, s, s->msg_callback_arg);
1115 1115
1116 if (s->info_callback != NULL) 1116 if (s->info_callback != NULL)
1117 cb = s->info_callback; 1117 cb = s->info_callback;
@@ -1124,7 +1124,7 @@ start:
1124 } 1124 }
1125 1125
1126 if (alert_level == SSL3_AL_WARNING) { 1126 if (alert_level == SSL3_AL_WARNING) {
1127 s->s3->warn_alert = alert_descr; 1127 S3I(s)->warn_alert = alert_descr;
1128 if (alert_descr == SSL_AD_CLOSE_NOTIFY) { 1128 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
1129 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 1129 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1130 return (0); 1130 return (0);
@@ -1146,7 +1146,7 @@ start:
1146 } 1146 }
1147 } else if (alert_level == SSL3_AL_FATAL) { 1147 } else if (alert_level == SSL3_AL_FATAL) {
1148 s->rwstate = SSL_NOTHING; 1148 s->rwstate = SSL_NOTHING;
1149 s->s3->fatal_alert = alert_descr; 1149 S3I(s)->fatal_alert = alert_descr;
1150 SSLerr(SSL_F_SSL3_READ_BYTES, 1150 SSLerr(SSL_F_SSL3_READ_BYTES,
1151 SSL_AD_REASON_OFFSET + alert_descr); 1151 SSL_AD_REASON_OFFSET + alert_descr);
1152 ERR_asprintf_error_data("SSL alert number %d", 1152 ERR_asprintf_error_data("SSL alert number %d",
@@ -1182,7 +1182,7 @@ start:
1182 } 1182 }
1183 1183
1184 /* Check we have a cipher to change to */ 1184 /* Check we have a cipher to change to */
1185 if (s->s3->tmp.new_cipher == NULL) { 1185 if (S3I(s)->tmp.new_cipher == NULL) {
1186 al = SSL_AD_UNEXPECTED_MESSAGE; 1186 al = SSL_AD_UNEXPECTED_MESSAGE;
1187 SSLerr(SSL_F_SSL3_READ_BYTES, 1187 SSLerr(SSL_F_SSL3_READ_BYTES,
1188 SSL_R_CCS_RECEIVED_EARLY); 1188 SSL_R_CCS_RECEIVED_EARLY);
@@ -1206,7 +1206,7 @@ start:
1206 s->msg_callback_arg); 1206 s->msg_callback_arg);
1207 } 1207 }
1208 1208
1209 s->s3->change_cipher_spec = 1; 1209 S3I(s)->change_cipher_spec = 1;
1210 if (!ssl3_do_change_cipher_spec(s)) 1210 if (!ssl3_do_change_cipher_spec(s))
1211 goto err; 1211 goto err;
1212 else 1212 else
@@ -1214,7 +1214,7 @@ start:
1214 } 1214 }
1215 1215
1216 /* Unexpected handshake message (Client Hello, or protocol violation) */ 1216 /* Unexpected handshake message (Client Hello, or protocol violation) */
1217 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { 1217 if ((S3I(s)->handshake_fragment_len >= 4) && !s->in_handshake) {
1218 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1218 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1219 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { 1219 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1220 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1220 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
@@ -1278,15 +1278,15 @@ start:
1278 * at this point (session renegotiation not yet started), 1278 * at this point (session renegotiation not yet started),
1279 * we will indulge it. 1279 * we will indulge it.
1280 */ 1280 */
1281 if (s->s3->in_read_app_data && 1281 if (S3I(s)->in_read_app_data &&
1282 (s->s3->total_renegotiations != 0) && 1282 (S3I(s)->total_renegotiations != 0) &&
1283 (((s->state & SSL_ST_CONNECT) && 1283 (((s->state & SSL_ST_CONNECT) &&
1284 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && 1284 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1285 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || 1285 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
1286 ((s->state & SSL_ST_ACCEPT) && 1286 ((s->state & SSL_ST_ACCEPT) &&
1287 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1287 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1288 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { 1288 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1289 s->s3->in_read_app_data = 2; 1289 S3I(s)->in_read_app_data = 2;
1290 return (-1); 1290 return (-1);
1291 } else { 1291 } else {
1292 al = SSL_AD_UNEXPECTED_MESSAGE; 1292 al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -1314,7 +1314,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1314 else 1314 else
1315 i = SSL3_CHANGE_CIPHER_CLIENT_READ; 1315 i = SSL3_CHANGE_CIPHER_CLIENT_READ;
1316 1316
1317 if (s->s3->tmp.key_block == NULL) { 1317 if (S3I(s)->tmp.key_block == NULL) {
1318 if (s->session == NULL || s->session->master_key_length == 0) { 1318 if (s->session == NULL || s->session->master_key_length == 0) {
1319 /* might happen if dtls1_read_bytes() calls this */ 1319 /* might happen if dtls1_read_bytes() calls this */
1320 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, 1320 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,
@@ -1322,7 +1322,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1322 return (0); 1322 return (0);
1323 } 1323 }
1324 1324
1325 s->session->cipher = s->s3->tmp.new_cipher; 1325 s->session->cipher = S3I(s)->tmp.new_cipher;
1326 if (!s->method->ssl3_enc->setup_key_block(s)) 1326 if (!s->method->ssl3_enc->setup_key_block(s))
1327 return (0); 1327 return (0);
1328 } 1328 }
@@ -1342,12 +1342,12 @@ ssl3_do_change_cipher_spec(SSL *s)
1342 } 1342 }
1343 1343
1344 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, 1344 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
1345 s->s3->tmp.peer_finish_md); 1345 S3I(s)->tmp.peer_finish_md);
1346 if (i == 0) { 1346 if (i == 0) {
1347 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); 1347 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
1348 return 0; 1348 return 0;
1349 } 1349 }
1350 s->s3->tmp.peer_finish_md_len = i; 1350 S3I(s)->tmp.peer_finish_md_len = i;
1351 1351
1352 return (1); 1352 return (1);
1353} 1353}
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 7912206785..099537f7ea 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.140 2017/01/22 07:16:39 beck Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.141 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -247,7 +247,7 @@ ssl3_accept(SSL *s)
247 247
248 s->state = SSL3_ST_SR_CLNT_HELLO_A; 248 s->state = SSL3_ST_SR_CLNT_HELLO_A;
249 s->ctx->stats.sess_accept++; 249 s->ctx->stats.sess_accept++;
250 } else if (!s->s3->send_connection_binding) { 250 } else if (!S3I(s)->send_connection_binding) {
251 /* 251 /*
252 * Server attempting to renegotiate with 252 * Server attempting to renegotiate with
253 * client that doesn't support secure 253 * client that doesn't support secure
@@ -276,7 +276,7 @@ ssl3_accept(SSL *s)
276 ret = ssl3_send_hello_request(s); 276 ret = ssl3_send_hello_request(s);
277 if (ret <= 0) 277 if (ret <= 0)
278 goto end; 278 goto end;
279 s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C; 279 S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
280 s->state = SSL3_ST_SW_FLUSH; 280 s->state = SSL3_ST_SW_FLUSH;
281 s->init_num = 0; 281 s->init_num = 0;
282 282
@@ -325,7 +325,7 @@ ssl3_accept(SSL *s)
325 case SSL3_ST_SW_CERT_A: 325 case SSL3_ST_SW_CERT_A:
326 case SSL3_ST_SW_CERT_B: 326 case SSL3_ST_SW_CERT_B:
327 /* Check if it is anon DH or anon ECDH. */ 327 /* Check if it is anon DH or anon ECDH. */
328 if (!(s->s3->tmp.new_cipher->algorithm_auth & 328 if (!(S3I(s)->tmp.new_cipher->algorithm_auth &
329 SSL_aNULL)) { 329 SSL_aNULL)) {
330 ret = ssl3_send_server_certificate(s); 330 ret = ssl3_send_server_certificate(s);
331 if (ret <= 0) 331 if (ret <= 0)
@@ -343,7 +343,7 @@ ssl3_accept(SSL *s)
343 343
344 case SSL3_ST_SW_KEY_EXCH_A: 344 case SSL3_ST_SW_KEY_EXCH_A:
345 case SSL3_ST_SW_KEY_EXCH_B: 345 case SSL3_ST_SW_KEY_EXCH_B:
346 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 346 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
347 347
348 /* 348 /*
349 * Only send if using a DH key exchange. 349 * Only send if using a DH key exchange.
@@ -386,21 +386,21 @@ ssl3_accept(SSL *s)
386 if (!(s->verify_mode & SSL_VERIFY_PEER) || 386 if (!(s->verify_mode & SSL_VERIFY_PEER) ||
387 ((s->session->peer != NULL) && 387 ((s->session->peer != NULL) &&
388 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || 388 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
389 ((s->s3->tmp.new_cipher->algorithm_auth & 389 ((S3I(s)->tmp.new_cipher->algorithm_auth &
390 SSL_aNULL) && !(s->verify_mode & 390 SSL_aNULL) && !(s->verify_mode &
391 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { 391 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
392 /* No cert request */ 392 /* No cert request */
393 skip = 1; 393 skip = 1;
394 s->s3->tmp.cert_request = 0; 394 S3I(s)->tmp.cert_request = 0;
395 s->state = SSL3_ST_SW_SRVR_DONE_A; 395 s->state = SSL3_ST_SW_SRVR_DONE_A;
396 if (s->s3->handshake_buffer) { 396 if (S3I(s)->handshake_buffer) {
397 if (!tls1_digest_cached_records(s)) { 397 if (!tls1_digest_cached_records(s)) {
398 ret = -1; 398 ret = -1;
399 goto end; 399 goto end;
400 } 400 }
401 } 401 }
402 } else { 402 } else {
403 s->s3->tmp.cert_request = 1; 403 S3I(s)->tmp.cert_request = 1;
404 ret = ssl3_send_certificate_request(s); 404 ret = ssl3_send_certificate_request(s);
405 if (ret <= 0) 405 if (ret <= 0)
406 goto end; 406 goto end;
@@ -414,7 +414,7 @@ ssl3_accept(SSL *s)
414 ret = ssl3_send_server_done(s); 414 ret = ssl3_send_server_done(s);
415 if (ret <= 0) 415 if (ret <= 0)
416 goto end; 416 goto end;
417 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; 417 S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A;
418 s->state = SSL3_ST_SW_FLUSH; 418 s->state = SSL3_ST_SW_FLUSH;
419 s->init_num = 0; 419 s->init_num = 0;
420 break; 420 break;
@@ -439,12 +439,12 @@ ssl3_accept(SSL *s)
439 } 439 }
440 s->rwstate = SSL_NOTHING; 440 s->rwstate = SSL_NOTHING;
441 441
442 s->state = s->s3->tmp.next_state; 442 s->state = S3I(s)->tmp.next_state;
443 break; 443 break;
444 444
445 case SSL3_ST_SR_CERT_A: 445 case SSL3_ST_SR_CERT_A:
446 case SSL3_ST_SR_CERT_B: 446 case SSL3_ST_SR_CERT_B:
447 if (s->s3->tmp.cert_request) { 447 if (S3I(s)->tmp.cert_request) {
448 ret = ssl3_get_client_certificate(s); 448 ret = ssl3_get_client_certificate(s);
449 if (ret <= 0) 449 if (ret <= 0)
450 goto end; 450 goto end;
@@ -458,7 +458,7 @@ ssl3_accept(SSL *s)
458 ret = ssl3_get_client_key_exchange(s); 458 ret = ssl3_get_client_key_exchange(s);
459 if (ret <= 0) 459 if (ret <= 0)
460 goto end; 460 goto end;
461 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 461 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
462 if (ret == 2) { 462 if (ret == 2) {
463 /* 463 /*
464 * For the ECDH ciphersuites when 464 * For the ECDH ciphersuites when
@@ -469,7 +469,7 @@ ssl3_accept(SSL *s)
469 * the client uses its key from the certificate 469 * the client uses its key from the certificate
470 * for key exchange. 470 * for key exchange.
471 */ 471 */
472 if (s->s3->next_proto_neg_seen) 472 if (S3I(s)->next_proto_neg_seen)
473 s->state = SSL3_ST_SR_NEXT_PROTO_A; 473 s->state = SSL3_ST_SR_NEXT_PROTO_A;
474 else 474 else
475 s->state = SSL3_ST_SR_FINISHED_A; 475 s->state = SSL3_ST_SR_FINISHED_A;
@@ -483,7 +483,7 @@ ssl3_accept(SSL *s)
483 * For sigalgs freeze the handshake buffer 483 * For sigalgs freeze the handshake buffer
484 * at this point and digest cached records. 484 * at this point and digest cached records.
485 */ 485 */
486 if (!s->s3->handshake_buffer) { 486 if (!S3I(s)->handshake_buffer) {
487 SSLerr(SSL_F_SSL3_ACCEPT, 487 SSLerr(SSL_F_SSL3_ACCEPT,
488 ERR_R_INTERNAL_ERROR); 488 ERR_R_INTERNAL_ERROR);
489 ret = -1; 489 ret = -1;
@@ -508,7 +508,7 @@ ssl3_accept(SSL *s)
508 * CertificateVerify should be generalized. 508 * CertificateVerify should be generalized.
509 * But it is next step 509 * But it is next step
510 */ 510 */
511 if (s->s3->handshake_buffer) { 511 if (S3I(s)->handshake_buffer) {
512 if (!tls1_digest_cached_records(s)) { 512 if (!tls1_digest_cached_records(s)) {
513 ret = -1; 513 ret = -1;
514 goto end; 514 goto end;
@@ -516,15 +516,15 @@ ssl3_accept(SSL *s)
516 } 516 }
517 for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; 517 for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;
518 dgst_num++) 518 dgst_num++)
519 if (s->s3->handshake_dgst[dgst_num]) { 519 if (S3I(s)->handshake_dgst[dgst_num]) {
520 int dgst_size; 520 int dgst_size;
521 521
522 s->method->ssl3_enc->cert_verify_mac(s, 522 s->method->ssl3_enc->cert_verify_mac(s,
523 EVP_MD_CTX_type( 523 EVP_MD_CTX_type(
524 s->s3->handshake_dgst[dgst_num]), 524 S3I(s)->handshake_dgst[dgst_num]),
525 &(s->s3->tmp.cert_verify_md[offset])); 525 &(S3I(s)->tmp.cert_verify_md[offset]));
526 dgst_size = EVP_MD_CTX_size( 526 dgst_size = EVP_MD_CTX_size(
527 s->s3->handshake_dgst[dgst_num]); 527 S3I(s)->handshake_dgst[dgst_num]);
528 if (dgst_size < 0) { 528 if (dgst_size < 0) {
529 ret = -1; 529 ret = -1;
530 goto end; 530 goto end;
@@ -543,7 +543,7 @@ ssl3_accept(SSL *s)
543 if (ret <= 0) 543 if (ret <= 0)
544 goto end; 544 goto end;
545 545
546 if (s->s3->next_proto_neg_seen) 546 if (S3I(s)->next_proto_neg_seen)
547 s->state = SSL3_ST_SR_NEXT_PROTO_A; 547 s->state = SSL3_ST_SR_NEXT_PROTO_A;
548 else 548 else
549 s->state = SSL3_ST_SR_FINISHED_A; 549 s->state = SSL3_ST_SR_FINISHED_A;
@@ -597,7 +597,7 @@ ssl3_accept(SSL *s)
597 case SSL3_ST_SW_CHANGE_A: 597 case SSL3_ST_SW_CHANGE_A:
598 case SSL3_ST_SW_CHANGE_B: 598 case SSL3_ST_SW_CHANGE_B:
599 599
600 s->session->cipher = s->s3->tmp.new_cipher; 600 s->session->cipher = S3I(s)->tmp.new_cipher;
601 if (!s->method->ssl3_enc->setup_key_block(s)) { 601 if (!s->method->ssl3_enc->setup_key_block(s)) {
602 ret = -1; 602 ret = -1;
603 goto end; 603 goto end;
@@ -629,15 +629,15 @@ ssl3_accept(SSL *s)
629 goto end; 629 goto end;
630 s->state = SSL3_ST_SW_FLUSH; 630 s->state = SSL3_ST_SW_FLUSH;
631 if (s->hit) { 631 if (s->hit) {
632 if (s->s3->next_proto_neg_seen) { 632 if (S3I(s)->next_proto_neg_seen) {
633 s->s3->flags |= SSL3_FLAGS_CCS_OK; 633 s->s3->flags |= SSL3_FLAGS_CCS_OK;
634 s->s3->tmp.next_state = 634 S3I(s)->tmp.next_state =
635 SSL3_ST_SR_NEXT_PROTO_A; 635 SSL3_ST_SR_NEXT_PROTO_A;
636 } else 636 } else
637 s->s3->tmp.next_state = 637 S3I(s)->tmp.next_state =
638 SSL3_ST_SR_FINISHED_A; 638 SSL3_ST_SR_FINISHED_A;
639 } else 639 } else
640 s->s3->tmp.next_state = SSL_ST_OK; 640 S3I(s)->tmp.next_state = SSL_ST_OK;
641 s->init_num = 0; 641 s->init_num = 0;
642 break; 642 break;
643 643
@@ -680,7 +680,7 @@ ssl3_accept(SSL *s)
680 /* break; */ 680 /* break; */
681 } 681 }
682 682
683 if (!s->s3->tmp.reuse_message && !skip) { 683 if (!S3I(s)->tmp.reuse_message && !skip) {
684 if (s->debug) { 684 if (s->debug) {
685 if ((ret = BIO_flush(s->wbio)) <= 0) 685 if ((ret = BIO_flush(s->wbio)) <= 0)
686 goto end; 686 goto end;
@@ -1039,12 +1039,12 @@ ssl3_get_client_hello(SSL *s)
1039 SSL_R_NO_SHARED_CIPHER); 1039 SSL_R_NO_SHARED_CIPHER);
1040 goto f_err; 1040 goto f_err;
1041 } 1041 }
1042 s->s3->tmp.new_cipher = c; 1042 S3I(s)->tmp.new_cipher = c;
1043 } else { 1043 } else {
1044 s->s3->tmp.new_cipher = s->session->cipher; 1044 S3I(s)->tmp.new_cipher = s->session->cipher;
1045 } 1045 }
1046 1046
1047 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1047 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
1048 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || 1048 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
1049 !(s->verify_mode & SSL_VERIFY_PEER)) { 1049 !(s->verify_mode & SSL_VERIFY_PEER)) {
1050 if (!tls1_digest_cached_records(s)) { 1050 if (!tls1_digest_cached_records(s)) {
@@ -1147,7 +1147,7 @@ ssl3_send_server_hello(SSL *s)
1147 1147
1148 /* Cipher suite. */ 1148 /* Cipher suite. */
1149 if (!CBB_add_u16(&cbb, 1149 if (!CBB_add_u16(&cbb,
1150 ssl3_cipher_get_value(s->s3->tmp.new_cipher))) 1150 ssl3_cipher_get_value(S3I(s)->tmp.new_cipher)))
1151 goto err; 1151 goto err;
1152 1152
1153 /* Compression method. */ 1153 /* Compression method. */
@@ -1210,7 +1210,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1210 1210
1211 if (dhp == NULL && s->cert->dh_tmp_cb != NULL) 1211 if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
1212 dhp = s->cert->dh_tmp_cb(s, 0, 1212 dhp = s->cert->dh_tmp_cb(s, 0,
1213 SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); 1213 SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher));
1214 1214
1215 if (dhp == NULL) { 1215 if (dhp == NULL) {
1216 al = SSL_AD_HANDSHAKE_FAILURE; 1216 al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1219,7 +1219,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1219 goto f_err; 1219 goto f_err;
1220 } 1220 }
1221 1221
1222 if (s->s3->tmp.dh != NULL) { 1222 if (S3I(s)->tmp.dh != NULL) {
1223 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1223 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1224 ERR_R_INTERNAL_ERROR); 1224 ERR_R_INTERNAL_ERROR);
1225 goto err; 1225 goto err;
@@ -1231,7 +1231,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1231 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); 1231 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
1232 goto err; 1232 goto err;
1233 } 1233 }
1234 s->s3->tmp.dh = dh; 1234 S3I(s)->tmp.dh = dh;
1235 if (!DH_generate_key(dh)) { 1235 if (!DH_generate_key(dh)) {
1236 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); 1236 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
1237 goto err; 1237 goto err;
@@ -1288,7 +1288,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1288 ecdhp = EC_KEY_new_by_curve_name(nid); 1288 ecdhp = EC_KEY_new_by_curve_name(nid);
1289 } else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) { 1289 } else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) {
1290 ecdhp = s->cert->ecdh_tmp_cb(s, 0, 1290 ecdhp = s->cert->ecdh_tmp_cb(s, 0,
1291 SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); 1291 SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher));
1292 } 1292 }
1293 if (ecdhp == NULL) { 1293 if (ecdhp == NULL) {
1294 al = SSL_AD_HANDSHAKE_FAILURE; 1294 al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1297,7 +1297,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1297 goto f_err; 1297 goto f_err;
1298 } 1298 }
1299 1299
1300 if (s->s3->tmp.ecdh != NULL) { 1300 if (S3I(s)->tmp.ecdh != NULL) {
1301 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1301 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1302 ERR_R_INTERNAL_ERROR); 1302 ERR_R_INTERNAL_ERROR);
1303 goto err; 1303 goto err;
@@ -1311,7 +1311,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1311 ERR_R_ECDH_LIB); 1311 ERR_R_ECDH_LIB);
1312 goto err; 1312 goto err;
1313 } 1313 }
1314 s->s3->tmp.ecdh = ecdh; 1314 S3I(s)->tmp.ecdh = ecdh;
1315 1315
1316 if ((EC_KEY_get0_public_key(ecdh) == NULL) || 1316 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1317 (EC_KEY_get0_private_key(ecdh) == NULL) || 1317 (EC_KEY_get0_private_key(ecdh) == NULL) ||
@@ -1413,16 +1413,16 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
1413 int ret = -1; 1413 int ret = -1;
1414 1414
1415 /* Generate an X25519 key pair. */ 1415 /* Generate an X25519 key pair. */
1416 if (s->s3->tmp.x25519 != NULL) { 1416 if (S3I(s)->tmp.x25519 != NULL) {
1417 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1417 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1418 ERR_R_INTERNAL_ERROR); 1418 ERR_R_INTERNAL_ERROR);
1419 goto err; 1419 goto err;
1420 } 1420 }
1421 if ((s->s3->tmp.x25519 = malloc(X25519_KEY_LENGTH)) == NULL) 1421 if ((S3I(s)->tmp.x25519 = malloc(X25519_KEY_LENGTH)) == NULL)
1422 goto err; 1422 goto err;
1423 if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) 1423 if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
1424 goto err; 1424 goto err;
1425 X25519_keypair(public_key, s->s3->tmp.x25519); 1425 X25519_keypair(public_key, S3I(s)->tmp.x25519);
1426 1426
1427 /* Serialize public key. */ 1427 /* Serialize public key. */
1428 if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { 1428 if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) {
@@ -1488,7 +1488,7 @@ ssl3_send_server_key_exchange(SSL *s)
1488 1488
1489 EVP_MD_CTX_init(&md_ctx); 1489 EVP_MD_CTX_init(&md_ctx);
1490 if (s->state == SSL3_ST_SW_KEY_EXCH_A) { 1490 if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
1491 type = s->s3->tmp.new_cipher->algorithm_mkey; 1491 type = S3I(s)->tmp.new_cipher->algorithm_mkey;
1492 cert = s->cert; 1492 cert = s->cert;
1493 1493
1494 buf = s->init_buf; 1494 buf = s->init_buf;
@@ -1512,9 +1512,9 @@ ssl3_send_server_key_exchange(SSL *s)
1512 if (!CBB_finish(&cbb, &params, &params_len)) 1512 if (!CBB_finish(&cbb, &params, &params_len))
1513 goto err; 1513 goto err;
1514 1514
1515 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) { 1515 if (!(S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL)) {
1516 if ((pkey = ssl_get_sign_pkey( 1516 if ((pkey = ssl_get_sign_pkey(
1517 s, s->s3->tmp.new_cipher, &md)) == NULL) { 1517 s, S3I(s)->tmp.new_cipher, &md)) == NULL) {
1518 al = SSL_AD_DECODE_ERROR; 1518 al = SSL_AD_DECODE_ERROR;
1519 goto f_err; 1519 goto f_err;
1520 } 1520 }
@@ -1837,13 +1837,13 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
1837 if (CBS_len(&cbs) != 0) 1837 if (CBS_len(&cbs) != 0)
1838 goto truncated; 1838 goto truncated;
1839 1839
1840 if (s->s3->tmp.dh == NULL) { 1840 if (S3I(s)->tmp.dh == NULL) {
1841 al = SSL_AD_HANDSHAKE_FAILURE; 1841 al = SSL_AD_HANDSHAKE_FAILURE;
1842 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1842 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1843 SSL_R_MISSING_TMP_DH_KEY); 1843 SSL_R_MISSING_TMP_DH_KEY);
1844 goto f_err; 1844 goto f_err;
1845 } 1845 }
1846 dh = s->s3->tmp.dh; 1846 dh = S3I(s)->tmp.dh;
1847 1847
1848 if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) { 1848 if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) {
1849 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1849 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -1864,8 +1864,8 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
1864 1864
1865 explicit_bzero(p, key_size); 1865 explicit_bzero(p, key_size);
1866 1866
1867 DH_free(s->s3->tmp.dh); 1867 DH_free(S3I(s)->tmp.dh);
1868 s->s3->tmp.dh = NULL; 1868 S3I(s)->tmp.dh = NULL;
1869 1869
1870 BN_clear_free(bn); 1870 BN_clear_free(bn);
1871 1871
@@ -1906,7 +1906,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1906 * Use the ephemeral values we saved when 1906 * Use the ephemeral values we saved when
1907 * generating the ServerKeyExchange message. 1907 * generating the ServerKeyExchange message.
1908 */ 1908 */
1909 tkey = s->s3->tmp.ecdh; 1909 tkey = S3I(s)->tmp.ecdh;
1910 1910
1911 group = EC_KEY_get0_group(tkey); 1911 group = EC_KEY_get0_group(tkey);
1912 priv_key = EC_KEY_get0_private_key(tkey); 1912 priv_key = EC_KEY_get0_private_key(tkey);
@@ -2008,8 +2008,8 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
2008 EC_POINT_free(clnt_ecpoint); 2008 EC_POINT_free(clnt_ecpoint);
2009 EC_KEY_free(srvr_ecdh); 2009 EC_KEY_free(srvr_ecdh);
2010 BN_CTX_free(bn_ctx); 2010 BN_CTX_free(bn_ctx);
2011 EC_KEY_free(s->s3->tmp.ecdh); 2011 EC_KEY_free(S3I(s)->tmp.ecdh);
2012 s->s3->tmp.ecdh = NULL; 2012 S3I(s)->tmp.ecdh = NULL;
2013 2013
2014 /* Compute the master secret */ 2014 /* Compute the master secret */
2015 s->session->master_key_length = 2015 s->session->master_key_length =
@@ -2047,12 +2047,12 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, unsigned char *p, long n)
2047 2047
2048 if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL) 2048 if ((shared_key = malloc(X25519_KEY_LENGTH)) == NULL)
2049 goto err; 2049 goto err;
2050 if (!X25519(shared_key, s->s3->tmp.x25519, CBS_data(&ecpoint))) 2050 if (!X25519(shared_key, S3I(s)->tmp.x25519, CBS_data(&ecpoint)))
2051 goto err; 2051 goto err;
2052 2052
2053 explicit_bzero(s->s3->tmp.x25519, X25519_KEY_LENGTH); 2053 explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
2054 free(s->s3->tmp.x25519); 2054 free(S3I(s)->tmp.x25519);
2055 s->s3->tmp.x25519 = NULL; 2055 S3I(s)->tmp.x25519 = NULL;
2056 2056
2057 s->session->master_key_length = 2057 s->session->master_key_length =
2058 s->method->ssl3_enc->generate_master_secret( 2058 s->method->ssl3_enc->generate_master_secret(
@@ -2071,7 +2071,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, unsigned char *p, long n)
2071static int 2071static int
2072ssl3_get_client_kex_ecdhe(SSL *s, unsigned char *p, long n) 2072ssl3_get_client_kex_ecdhe(SSL *s, unsigned char *p, long n)
2073{ 2073{
2074 if (s->s3->tmp.x25519 != NULL) 2074 if (S3I(s)->tmp.x25519 != NULL)
2075 return ssl3_get_client_kex_ecdhe_ecx(s, p, n); 2075 return ssl3_get_client_kex_ecdhe_ecx(s, p, n);
2076 2076
2077 return ssl3_get_client_kex_ecdhe_ecp(s, p, n); 2077 return ssl3_get_client_kex_ecdhe_ecp(s, p, n);
@@ -2092,7 +2092,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
2092 int ret = 0; 2092 int ret = 0;
2093 2093
2094 /* Get our certificate private key*/ 2094 /* Get our certificate private key*/
2095 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2095 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
2096 if (alg_a & SSL_aGOST01) 2096 if (alg_a & SSL_aGOST01)
2097 pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; 2097 pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
2098 2098
@@ -2171,7 +2171,7 @@ ssl3_get_client_key_exchange(SSL *s)
2171 2171
2172 p = (unsigned char *)s->init_msg; 2172 p = (unsigned char *)s->init_msg;
2173 2173
2174 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2174 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
2175 2175
2176 if (alg_k & SSL_kRSA) { 2176 if (alg_k & SSL_kRSA) {
2177 if (ssl3_get_client_kex_rsa(s, p, n) != 1) 2177 if (ssl3_get_client_kex_rsa(s, p, n) != 1)
@@ -2227,8 +2227,8 @@ ssl3_get_cert_verify(SSL *s)
2227 pkey = NULL; 2227 pkey = NULL;
2228 } 2228 }
2229 2229
2230 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { 2230 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
2231 s->s3->tmp.reuse_message = 1; 2231 S3I(s)->tmp.reuse_message = 1;
2232 if (peer != NULL) { 2232 if (peer != NULL) {
2233 al = SSL_AD_UNEXPECTED_MESSAGE; 2233 al = SSL_AD_UNEXPECTED_MESSAGE;
2234 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2234 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
@@ -2253,7 +2253,7 @@ ssl3_get_cert_verify(SSL *s)
2253 goto f_err; 2253 goto f_err;
2254 } 2254 }
2255 2255
2256 if (s->s3->change_cipher_spec) { 2256 if (S3I(s)->change_cipher_spec) {
2257 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2257 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2258 SSL_R_CCS_RECEIVED_EARLY); 2258 SSL_R_CCS_RECEIVED_EARLY);
2259 al = SSL_AD_UNEXPECTED_MESSAGE; 2259 al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -2318,7 +2318,7 @@ ssl3_get_cert_verify(SSL *s)
2318 if (SSL_USE_SIGALGS(s)) { 2318 if (SSL_USE_SIGALGS(s)) {
2319 long hdatalen = 0; 2319 long hdatalen = 0;
2320 void *hdata; 2320 void *hdata;
2321 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); 2321 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2322 if (hdatalen <= 0) { 2322 if (hdatalen <= 0) {
2323 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2323 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2324 ERR_R_INTERNAL_ERROR); 2324 ERR_R_INTERNAL_ERROR);
@@ -2341,7 +2341,7 @@ ssl3_get_cert_verify(SSL *s)
2341 } 2341 }
2342 } else 2342 } else
2343 if (pkey->type == EVP_PKEY_RSA) { 2343 if (pkey->type == EVP_PKEY_RSA) {
2344 i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, 2344 i = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md,
2345 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i, 2345 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
2346 pkey->pkey.rsa); 2346 pkey->pkey.rsa);
2347 if (i < 0) { 2347 if (i < 0) {
@@ -2359,7 +2359,7 @@ ssl3_get_cert_verify(SSL *s)
2359 } else 2359 } else
2360 if (pkey->type == EVP_PKEY_DSA) { 2360 if (pkey->type == EVP_PKEY_DSA) {
2361 j = DSA_verify(pkey->save_type, 2361 j = DSA_verify(pkey->save_type,
2362 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), 2362 &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2363 SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa); 2363 SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
2364 if (j <= 0) { 2364 if (j <= 0) {
2365 /* bad signature */ 2365 /* bad signature */
@@ -2371,7 +2371,7 @@ ssl3_get_cert_verify(SSL *s)
2371 } else 2371 } else
2372 if (pkey->type == EVP_PKEY_EC) { 2372 if (pkey->type == EVP_PKEY_EC) {
2373 j = ECDSA_verify(pkey->save_type, 2373 j = ECDSA_verify(pkey->save_type,
2374 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), 2374 &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2375 SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec); 2375 SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
2376 if (j <= 0) { 2376 if (j <= 0) {
2377 /* bad signature */ 2377 /* bad signature */
@@ -2391,7 +2391,7 @@ ssl3_get_cert_verify(SSL *s)
2391 int nid; 2391 int nid;
2392 EVP_PKEY_CTX *pctx; 2392 EVP_PKEY_CTX *pctx;
2393 2393
2394 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); 2394 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2395 if (hdatalen <= 0) { 2395 if (hdatalen <= 0) {
2396 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2396 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2397 ERR_R_INTERNAL_ERROR); 2397 ERR_R_INTERNAL_ERROR);
@@ -2456,9 +2456,9 @@ f_err:
2456 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2456 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2457 } 2457 }
2458end: 2458end:
2459 if (s->s3->handshake_buffer) { 2459 if (S3I(s)->handshake_buffer) {
2460 BIO_free(s->s3->handshake_buffer); 2460 BIO_free(S3I(s)->handshake_buffer);
2461 s->s3->handshake_buffer = NULL; 2461 S3I(s)->handshake_buffer = NULL;
2462 s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE; 2462 s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
2463 } 2463 }
2464 EVP_MD_CTX_cleanup(&mctx); 2464 EVP_MD_CTX_cleanup(&mctx);
@@ -2482,7 +2482,7 @@ ssl3_get_client_certificate(SSL *s)
2482 if (!ok) 2482 if (!ok)
2483 return ((int)n); 2483 return ((int)n);
2484 2484
2485 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { 2485 if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
2486 if ((s->verify_mode & SSL_VERIFY_PEER) && 2486 if ((s->verify_mode & SSL_VERIFY_PEER) &&
2487 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { 2487 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2488 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2488 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
@@ -2494,18 +2494,18 @@ ssl3_get_client_certificate(SSL *s)
2494 * If tls asked for a client cert, 2494 * If tls asked for a client cert,
2495 * the client must return a 0 list. 2495 * the client must return a 0 list.
2496 */ 2496 */
2497 if (s->s3->tmp.cert_request) { 2497 if (S3I(s)->tmp.cert_request) {
2498 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2498 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2499 SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 2499 SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
2500 ); 2500 );
2501 al = SSL_AD_UNEXPECTED_MESSAGE; 2501 al = SSL_AD_UNEXPECTED_MESSAGE;
2502 goto f_err; 2502 goto f_err;
2503 } 2503 }
2504 s->s3->tmp.reuse_message = 1; 2504 S3I(s)->tmp.reuse_message = 1;
2505 return (1); 2505 return (1);
2506 } 2506 }
2507 2507
2508 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { 2508 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
2509 al = SSL_AD_UNEXPECTED_MESSAGE; 2509 al = SSL_AD_UNEXPECTED_MESSAGE;
2510 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2510 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2511 SSL_R_WRONG_MESSAGE_TYPE); 2511 SSL_R_WRONG_MESSAGE_TYPE);
@@ -2571,7 +2571,7 @@ ssl3_get_client_certificate(SSL *s)
2571 goto f_err; 2571 goto f_err;
2572 } 2572 }
2573 /* No client certificate so digest cached records */ 2573 /* No client certificate so digest cached records */
2574 if (s->s3->handshake_buffer && !tls1_digest_cached_records(s)) { 2574 if (S3I(s)->handshake_buffer && !tls1_digest_cached_records(s)) {
2575 al = SSL_AD_INTERNAL_ERROR; 2575 al = SSL_AD_INTERNAL_ERROR;
2576 goto f_err; 2576 goto f_err;
2577 } 2577 }
@@ -2860,7 +2860,7 @@ ssl3_get_next_proto(SSL *s)
2860 * Clients cannot send a NextProtocol message if we didn't see the 2860 * Clients cannot send a NextProtocol message if we didn't see the
2861 * extension in their ClientHello 2861 * extension in their ClientHello
2862 */ 2862 */
2863 if (!s->s3->next_proto_neg_seen) { 2863 if (!S3I(s)->next_proto_neg_seen) {
2864 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, 2864 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
2865 SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); 2865 SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
2866 return (-1); 2866 return (-1);
@@ -2874,10 +2874,10 @@ ssl3_get_next_proto(SSL *s)
2874 2874
2875 /* 2875 /*
2876 * s->state doesn't reflect whether ChangeCipherSpec has been received 2876 * s->state doesn't reflect whether ChangeCipherSpec has been received
2877 * in this handshake, but s->s3->change_cipher_spec does (will be reset 2877 * in this handshake, but S3I(s)->change_cipher_spec does (will be reset
2878 * by ssl3_get_finished). 2878 * by ssl3_get_finished).
2879 */ 2879 */
2880 if (!s->s3->change_cipher_spec) { 2880 if (!S3I(s)->change_cipher_spec) {
2881 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, 2881 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
2882 SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); 2882 SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
2883 return (-1); 2883 return (-1);
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 6344176105..91cbaf29e3 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl3.h,v 1.44 2017/01/22 03:50:45 jsing Exp $ */ 1/* $OpenBSD: ssl3.h,v 1.45 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -363,135 +363,22 @@ struct ssl3_state_internal_st;
363 363
364typedef struct ssl3_state_st { 364typedef struct ssl3_state_st {
365 long flags; 365 long flags;
366 int delay_buf_pop_ret;
367
368 unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
369 int read_mac_secret_size;
370 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
371 unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
372 int write_mac_secret_size;
373 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
374 366
375 unsigned char server_random[SSL3_RANDOM_SIZE]; 367 unsigned char server_random[SSL3_RANDOM_SIZE];
376 unsigned char client_random[SSL3_RANDOM_SIZE]; 368 unsigned char client_random[SSL3_RANDOM_SIZE];
377 369
378 /* flags for countermeasure against known-IV weakness */
379 int need_empty_fragments;
380 int empty_fragment_done;
381
382 SSL3_BUFFER rbuf; /* read IO goes into here */ 370 SSL3_BUFFER rbuf; /* read IO goes into here */
383 SSL3_BUFFER wbuf; /* write IO goes into here */ 371 SSL3_BUFFER wbuf; /* write IO goes into here */
384 372
385 SSL3_RECORD rrec; /* each decoded record goes in here */
386 SSL3_RECORD wrec; /* goes out from here */
387
388 /* storage for Alert/Handshake protocol data received but not
389 * yet processed by ssl3_read_bytes: */
390 unsigned char alert_fragment[2];
391 unsigned int alert_fragment_len;
392 unsigned char handshake_fragment[4];
393 unsigned int handshake_fragment_len;
394
395 /* partial write - check the numbers match */
396 unsigned int wnum; /* number of bytes sent so far */
397 int wpend_tot; /* number bytes written */
398 int wpend_type;
399 int wpend_ret; /* number of bytes submitted */
400 const unsigned char *wpend_buf;
401
402 /* used during startup, digest all incoming/outgoing packets */
403 BIO *handshake_buffer;
404 /* When set of handshake digests is determined, buffer is hashed
405 * and freed and MD_CTX-es for all required digests are stored in
406 * this array */
407 EVP_MD_CTX **handshake_dgst;
408 /* this is set whenerver we see a change_cipher_spec message
409 * come in when we are not looking for one */
410 int change_cipher_spec;
411
412 int warn_alert;
413 int fatal_alert;
414 /* we allow one fatal and one warning alert to be outstanding, 373 /* we allow one fatal and one warning alert to be outstanding,
415 * send close alert via the warning alert */ 374 * send close alert via the warning alert */
416 int alert_dispatch; 375 int alert_dispatch;
417 unsigned char send_alert[2]; 376 unsigned char send_alert[2];
418 377
419 /* This flag is set when we should renegotiate ASAP, basically when 378 struct {
420 * there is no more data in the read or write buffers */
421 int renegotiate;
422 int total_renegotiations;
423 int num_renegotiations;
424
425 int in_read_app_data;
426
427 struct {
428 /* actually only needs to be 16+20 */
429 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
430
431 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
432 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
433 int finish_md_len;
434 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
435 int peer_finish_md_len;
436
437 unsigned long message_size;
438 int message_type;
439
440 /* used to hold the new cipher we are going to use */
441 const SSL_CIPHER *new_cipher;
442 DH *dh;
443
444 EC_KEY *ecdh; /* holds short lived ECDH key */
445
446 uint8_t *x25519;
447
448 /* used when SSL_ST_FLUSH_DATA is entered */
449 int next_state;
450
451 int reuse_message;
452
453 /* used for certificate requests */
454 int cert_req;
455 int ctype_num;
456 char ctype[SSL3_CT_NUMBER];
457 STACK_OF(X509_NAME) *ca_names;
458
459 int key_block_length;
460 unsigned char *key_block;
461
462 const EVP_CIPHER *new_sym_enc;
463 const EVP_AEAD *new_aead;
464 const EVP_MD *new_hash;
465 int new_mac_pkey_type;
466 int new_mac_secret_size; 379 int new_mac_secret_size;
467 int cert_request;
468 } tmp; 380 } tmp;
469 381
470 /* Connection binding to prevent renegotiation attacks */
471 unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
472 unsigned char previous_client_finished_len;
473 unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
474 unsigned char previous_server_finished_len;
475 int send_connection_binding; /* TODOEKR */
476
477 /* Set if we saw the Next Protocol Negotiation extension from our peer.
478 */
479 int next_proto_neg_seen;
480
481 /*
482 * ALPN information
483 * (we are in the process of transitioning from NPN to ALPN).
484 */
485
486 /*
487 * In a server these point to the selected ALPN protocol after the
488 * ClientHello has been processed. In a client these contain the
489 * protocol that the server selected once the ServerHello has been
490 * processed.
491 */
492 unsigned char *alpn_selected;
493 unsigned int alpn_selected_len;
494
495 struct ssl3_state_internal_st *internal; 382 struct ssl3_state_internal_st *internal;
496} SSL3_STATE; 383} SSL3_STATE;
497 384
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 294745c9f9..d520a6d249 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.53 2016/12/21 16:44:31 jsing Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.54 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -507,7 +507,7 @@ SSL_get_client_CA_list(const SSL *s)
507 /* We are in the client. */ 507 /* We are in the client. */
508 if (((s->version >> 8) == SSL3_VERSION_MAJOR) && 508 if (((s->version >> 8) == SSL3_VERSION_MAJOR) &&
509 (s->s3 != NULL)) 509 (s->s3 != NULL))
510 return (s->s3->tmp.ca_names); 510 return (S3I(s)->tmp.ca_names);
511 else 511 else
512 return (NULL); 512 return (NULL);
513 } else { 513 } else {
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 50c764ae86..96aea4c5dd 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.128 2017/01/22 07:16:39 beck Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.129 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -702,10 +702,10 @@ SSL_get_finished(const SSL *s, void *buf, size_t count)
702 size_t ret = 0; 702 size_t ret = 0;
703 703
704 if (s->s3 != NULL) { 704 if (s->s3 != NULL) {
705 ret = s->s3->tmp.finish_md_len; 705 ret = S3I(s)->tmp.finish_md_len;
706 if (count > ret) 706 if (count > ret)
707 count = ret; 707 count = ret;
708 memcpy(buf, s->s3->tmp.finish_md, count); 708 memcpy(buf, S3I(s)->tmp.finish_md, count);
709 } 709 }
710 return (ret); 710 return (ret);
711} 711}
@@ -717,10 +717,10 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
717 size_t ret = 0; 717 size_t ret = 0;
718 718
719 if (s->s3 != NULL) { 719 if (s->s3 != NULL) {
720 ret = s->s3->tmp.peer_finish_md_len; 720 ret = S3I(s)->tmp.peer_finish_md_len;
721 if (count > ret) 721 if (count > ret)
722 count = ret; 722 count = ret;
723 memcpy(buf, s->s3->tmp.peer_finish_md, count); 723 memcpy(buf, S3I(s)->tmp.peer_finish_md, count);
724 } 724 }
725 return (ret); 725 return (ret);
726} 726}
@@ -1089,7 +1089,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1089 return (1); 1089 return (1);
1090 case SSL_CTRL_GET_RI_SUPPORT: 1090 case SSL_CTRL_GET_RI_SUPPORT:
1091 if (s->s3) 1091 if (s->s3)
1092 return (s->s3->send_connection_binding); 1092 return (S3I(s)->send_connection_binding);
1093 else return (0); 1093 else return (0);
1094 default: 1094 default:
1095 return (s->method->ssl_ctrl(s, cmd, larg, parg)); 1095 return (s->method->ssl_ctrl(s, cmd, larg, parg));
@@ -1425,7 +1425,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1425 uint16_t cipher_value, max_version; 1425 uint16_t cipher_value, max_version;
1426 1426
1427 if (s->s3) 1427 if (s->s3)
1428 s->s3->send_connection_binding = 0; 1428 S3I(s)->send_connection_binding = 0;
1429 1429
1430 /* 1430 /*
1431 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. 1431 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
@@ -1464,7 +1464,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1464 1464
1465 goto err; 1465 goto err;
1466 } 1466 }
1467 s->s3->send_connection_binding = 1; 1467 S3I(s)->send_connection_binding = 1;
1468 continue; 1468 continue;
1469 } 1469 }
1470 1470
@@ -1725,8 +1725,8 @@ SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
1725 *len = 0; 1725 *len = 0;
1726 1726
1727 if (ssl->s3 != NULL) { 1727 if (ssl->s3 != NULL) {
1728 *data = ssl->s3->alpn_selected; 1728 *data = ssl->s3->internal->alpn_selected;
1729 *len = ssl->s3->alpn_selected_len; 1729 *len = ssl->s3->internal->alpn_selected_len;
1730 } 1730 }
1731} 1731}
1732 1732
@@ -2119,7 +2119,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2119int 2119int
2120ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2120ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2121{ 2121{
2122 const SSL_CIPHER *cs = s->s3->tmp.new_cipher; 2122 const SSL_CIPHER *cs = S3I(s)->tmp.new_cipher;
2123 unsigned long alg_a; 2123 unsigned long alg_a;
2124 2124
2125 alg_a = cs->algorithm_auth; 2125 alg_a = cs->algorithm_auth;
@@ -2148,9 +2148,9 @@ ssl_get_server_send_pkey(const SSL *s)
2148 int i; 2148 int i;
2149 2149
2150 c = s->cert; 2150 c = s->cert;
2151 ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 2151 ssl_set_cert_masks(c, S3I(s)->tmp.new_cipher);
2152 2152
2153 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2153 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
2154 2154
2155 if (alg_a & SSL_aECDSA) { 2155 if (alg_a & SSL_aECDSA) {
2156 i = SSL_PKEY_ECC; 2156 i = SSL_PKEY_ECC;
@@ -2221,9 +2221,9 @@ ssl_get_auto_dh(SSL *s)
2221 2221
2222 if (s->cert->dh_tmp_auto == 2) { 2222 if (s->cert->dh_tmp_auto == 2) {
2223 keylen = 1024; 2223 keylen = 1024;
2224 } else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { 2224 } else if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
2225 keylen = 1024; 2225 keylen = 1024;
2226 if (s->s3->tmp.new_cipher->strength_bits == 256) 2226 if (S3I(s)->tmp.new_cipher->strength_bits == 256)
2227 keylen = 3072; 2227 keylen = 3072;
2228 } else { 2228 } else {
2229 if ((cpk = ssl_get_server_send_pkey(s)) == NULL) 2229 if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
@@ -2396,7 +2396,7 @@ SSL_get_error(const SSL *s, int i)
2396 2396
2397 if (i == 0) { 2397 if (i == 0) {
2398 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && 2398 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2399 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 2399 (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY))
2400 return (SSL_ERROR_ZERO_RETURN); 2400 return (SSL_ERROR_ZERO_RETURN);
2401 } 2401 }
2402 return (SSL_ERROR_SYSCALL); 2402 return (SSL_ERROR_SYSCALL);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 5681167242..a187c8d77a 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.150 2017/01/22 07:16:39 beck Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.151 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -445,8 +445,125 @@ typedef struct ssl_internal_st {
445} SSL_INTERNAL; 445} SSL_INTERNAL;
446 446
447typedef struct ssl3_state_internal_st { 447typedef struct ssl3_state_internal_st {
448 int delay_buf_pop_ret;
448 449
450 unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
451 int read_mac_secret_size;
452 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
453 unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
454 int write_mac_secret_size;
455 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
456
457 /* flags for countermeasure against known-IV weakness */
458 int need_empty_fragments;
459 int empty_fragment_done;
460
461 SSL3_RECORD rrec; /* each decoded record goes in here */
462 SSL3_RECORD wrec; /* goes out from here */
463
464 /* storage for Alert/Handshake protocol data received but not
465 * yet processed by ssl3_read_bytes: */
466 unsigned char alert_fragment[2];
467 unsigned int alert_fragment_len;
468 unsigned char handshake_fragment[4];
469 unsigned int handshake_fragment_len;
470
471 /* partial write - check the numbers match */
472 unsigned int wnum; /* number of bytes sent so far */
473 int wpend_tot; /* number bytes written */
474 int wpend_type;
475 int wpend_ret; /* number of bytes submitted */
476 const unsigned char *wpend_buf;
477
478 /* used during startup, digest all incoming/outgoing packets */
479 BIO *handshake_buffer;
480 /* When set of handshake digests is determined, buffer is hashed
481 * and freed and MD_CTX-es for all required digests are stored in
482 * this array */
483 EVP_MD_CTX **handshake_dgst;
484 /* this is set whenerver we see a change_cipher_spec message
485 * come in when we are not looking for one */
486 int change_cipher_spec;
487
488 int warn_alert;
489 int fatal_alert;
490
491 /* This flag is set when we should renegotiate ASAP, basically when
492 * there is no more data in the read or write buffers */
493 int renegotiate;
494 int total_renegotiations;
495 int num_renegotiations;
496
497 int in_read_app_data;
498
499 struct {
500 /* actually only needs to be 16+20 */
501 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
502
503 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
504 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
505 int finish_md_len;
506 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
507 int peer_finish_md_len;
508
509 unsigned long message_size;
510 int message_type;
511
512 /* used to hold the new cipher we are going to use */
513 const SSL_CIPHER *new_cipher;
514 DH *dh;
515
516 EC_KEY *ecdh; /* holds short lived ECDH key */
517
518 uint8_t *x25519;
519
520 /* used when SSL_ST_FLUSH_DATA is entered */
521 int next_state;
522
523 int reuse_message;
524
525 /* used for certificate requests */
526 int cert_req;
527 int ctype_num;
528 char ctype[SSL3_CT_NUMBER];
529 STACK_OF(X509_NAME) *ca_names;
530
531 int key_block_length;
532 unsigned char *key_block;
533
534 const EVP_CIPHER *new_sym_enc;
535 const EVP_AEAD *new_aead;
536 const EVP_MD *new_hash;
537 int new_mac_pkey_type;
538 int cert_request;
539 } tmp;
540
541 /* Connection binding to prevent renegotiation attacks */
542 unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
543 unsigned char previous_client_finished_len;
544 unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
545 unsigned char previous_server_finished_len;
546 int send_connection_binding; /* TODOEKR */
547
548 /* Set if we saw the Next Protocol Negotiation extension from our peer.
549 */
550 int next_proto_neg_seen;
551
552 /*
553 * ALPN information
554 * (we are in the process of transitioning from NPN to ALPN).
555 */
556
557 /*
558 * In a server these point to the selected ALPN protocol after the
559 * ClientHello has been processed. In a client these contain the
560 * protocol that the server selected once the ServerHello has been
561 * processed.
562 */
563 unsigned char *alpn_selected;
564 unsigned int alpn_selected_len;
449} SSL3_STATE_INTERNAL; 565} SSL3_STATE_INTERNAL;
566#define S3I(s) (s->s3->internal)
450 567
451typedef struct dtls1_state_internal_st { 568typedef struct dtls1_state_internal_st {
452 unsigned int send_cookie; 569 unsigned int send_cookie;
@@ -564,7 +681,6 @@ typedef struct sess_cert_st {
564 int references; /* actually always 1 at the moment */ 681 int references; /* actually always 1 at the moment */
565} SESS_CERT; 682} SESS_CERT;
566 683
567
568/*#define SSL_DEBUG */ 684/*#define SSL_DEBUG */
569/*#define RSA_DEBUG */ 685/*#define RSA_DEBUG */
570 686
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 67ad1ae924..a8998b4dec 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.88 2017/01/22 07:16:39 beck Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.89 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -146,26 +146,26 @@
146void 146void
147tls1_cleanup_key_block(SSL *s) 147tls1_cleanup_key_block(SSL *s)
148{ 148{
149 if (s->s3->tmp.key_block != NULL) { 149 if (S3I(s)->tmp.key_block != NULL) {
150 explicit_bzero(s->s3->tmp.key_block, 150 explicit_bzero(S3I(s)->tmp.key_block,
151 s->s3->tmp.key_block_length); 151 S3I(s)->tmp.key_block_length);
152 free(s->s3->tmp.key_block); 152 free(S3I(s)->tmp.key_block);
153 s->s3->tmp.key_block = NULL; 153 S3I(s)->tmp.key_block = NULL;
154 } 154 }
155 s->s3->tmp.key_block_length = 0; 155 S3I(s)->tmp.key_block_length = 0;
156} 156}
157 157
158int 158int
159tls1_init_finished_mac(SSL *s) 159tls1_init_finished_mac(SSL *s)
160{ 160{
161 BIO_free(s->s3->handshake_buffer); 161 BIO_free(S3I(s)->handshake_buffer);
162 tls1_free_digest_list(s); 162 tls1_free_digest_list(s);
163 163
164 s->s3->handshake_buffer = BIO_new(BIO_s_mem()); 164 S3I(s)->handshake_buffer = BIO_new(BIO_s_mem());
165 if (s->s3->handshake_buffer == NULL) 165 if (S3I(s)->handshake_buffer == NULL)
166 return (0); 166 return (0);
167 167
168 (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); 168 (void)BIO_set_close(S3I(s)->handshake_buffer, BIO_CLOSE);
169 169
170 return (1); 170 return (1);
171} 171}
@@ -177,15 +177,15 @@ tls1_free_digest_list(SSL *s)
177 177
178 if (s == NULL) 178 if (s == NULL)
179 return; 179 return;
180 if (s->s3->handshake_dgst == NULL) 180 if (S3I(s)->handshake_dgst == NULL)
181 return; 181 return;
182 182
183 for (i = 0; i < SSL_MAX_DIGEST; i++) { 183 for (i = 0; i < SSL_MAX_DIGEST; i++) {
184 if (s->s3->handshake_dgst[i]) 184 if (S3I(s)->handshake_dgst[i])
185 EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]); 185 EVP_MD_CTX_destroy(S3I(s)->handshake_dgst[i]);
186 } 186 }
187 free(s->s3->handshake_dgst); 187 free(S3I(s)->handshake_dgst);
188 s->s3->handshake_dgst = NULL; 188 S3I(s)->handshake_dgst = NULL;
189} 189}
190 190
191int 191int
@@ -193,16 +193,16 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
193{ 193{
194 int i; 194 int i;
195 195
196 if (s->s3->handshake_buffer && 196 if (S3I(s)->handshake_buffer &&
197 !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { 197 !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
198 BIO_write(s->s3->handshake_buffer, (void *)buf, len); 198 BIO_write(S3I(s)->handshake_buffer, (void *)buf, len);
199 return 1; 199 return 1;
200 } 200 }
201 201
202 for (i = 0; i < SSL_MAX_DIGEST; i++) { 202 for (i = 0; i < SSL_MAX_DIGEST; i++) {
203 if (s->s3->handshake_dgst[i] == NULL) 203 if (S3I(s)->handshake_dgst[i] == NULL)
204 continue; 204 continue;
205 if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len)) { 205 if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {
206 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); 206 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);
207 return 0; 207 return 0;
208 } 208 }
@@ -221,12 +221,12 @@ tls1_digest_cached_records(SSL *s)
221 221
222 tls1_free_digest_list(s); 222 tls1_free_digest_list(s);
223 223
224 s->s3->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *)); 224 S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
225 if (s->s3->handshake_dgst == NULL) { 225 if (S3I(s)->handshake_dgst == NULL) {
226 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); 226 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
227 goto err; 227 goto err;
228 } 228 }
229 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); 229 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
230 if (hdatalen <= 0) { 230 if (hdatalen <= 0) {
231 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, 231 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
232 SSL_R_BAD_HANDSHAKE_LENGTH); 232 SSL_R_BAD_HANDSHAKE_LENGTH);
@@ -238,17 +238,17 @@ tls1_digest_cached_records(SSL *s)
238 if ((mask & ssl_get_algorithm2(s)) == 0 || md == NULL) 238 if ((mask & ssl_get_algorithm2(s)) == 0 || md == NULL)
239 continue; 239 continue;
240 240
241 s->s3->handshake_dgst[i] = EVP_MD_CTX_create(); 241 S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
242 if (s->s3->handshake_dgst[i] == NULL) { 242 if (S3I(s)->handshake_dgst[i] == NULL) {
243 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, 243 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
244 ERR_R_MALLOC_FAILURE); 244 ERR_R_MALLOC_FAILURE);
245 goto err; 245 goto err;
246 } 246 }
247 if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL)) { 247 if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
248 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); 248 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);
249 goto err; 249 goto err;
250 } 250 }
251 if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, 251 if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,
252 hdatalen)) { 252 hdatalen)) {
253 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); 253 SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);
254 goto err; 254 goto err;
@@ -256,8 +256,8 @@ tls1_digest_cached_records(SSL *s)
256 } 256 }
257 257
258 if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) { 258 if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {
259 BIO_free(s->s3->handshake_buffer); 259 BIO_free(S3I(s)->handshake_buffer);
260 s->s3->handshake_buffer = NULL; 260 S3I(s)->handshake_buffer = NULL;
261 } 261 }
262 262
263 return 1; 263 return 1;
@@ -457,7 +457,7 @@ static int
457tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, 457tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
458 unsigned key_len, const unsigned char *iv, unsigned iv_len) 458 unsigned key_len, const unsigned char *iv, unsigned iv_len)
459{ 459{
460 const EVP_AEAD *aead = s->s3->tmp.new_aead; 460 const EVP_AEAD *aead = S3I(s)->tmp.new_aead;
461 SSL_AEAD_CTX *aead_ctx; 461 SSL_AEAD_CTX *aead_ctx;
462 462
463 if (is_read) { 463 if (is_read) {
@@ -482,10 +482,10 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
482 aead_ctx->fixed_nonce_len = iv_len; 482 aead_ctx->fixed_nonce_len = iv_len;
483 aead_ctx->variable_nonce_len = 8; /* always the case, currently. */ 483 aead_ctx->variable_nonce_len = 8; /* always the case, currently. */
484 aead_ctx->variable_nonce_in_record = 484 aead_ctx->variable_nonce_in_record =
485 (s->s3->tmp.new_cipher->algorithm2 & 485 (S3I(s)->tmp.new_cipher->algorithm2 &
486 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0; 486 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;
487 aead_ctx->xor_fixed_nonce = 487 aead_ctx->xor_fixed_nonce =
488 s->s3->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305; 488 S3I(s)->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;
489 aead_ctx->tag_len = EVP_AEAD_max_overhead(aead); 489 aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);
490 490
491 if (aead_ctx->xor_fixed_nonce) { 491 if (aead_ctx->xor_fixed_nonce) {
@@ -526,12 +526,12 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
526 const EVP_MD *mac; 526 const EVP_MD *mac;
527 int mac_type; 527 int mac_type;
528 528
529 cipher = s->s3->tmp.new_sym_enc; 529 cipher = S3I(s)->tmp.new_sym_enc;
530 mac = s->s3->tmp.new_hash; 530 mac = S3I(s)->tmp.new_hash;
531 mac_type = s->s3->tmp.new_mac_pkey_type; 531 mac_type = S3I(s)->tmp.new_mac_pkey_type;
532 532
533 if (is_read) { 533 if (is_read) {
534 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) 534 if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
535 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; 535 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
536 else 536 else
537 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; 537 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
@@ -548,7 +548,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
548 goto err; 548 goto err;
549 s->read_hash = mac_ctx; 549 s->read_hash = mac_ctx;
550 } else { 550 } else {
551 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) 551 if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
552 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; 552 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
553 else 553 else
554 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; 554 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
@@ -595,15 +595,15 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
595 mac_secret_size, (unsigned char *)mac_secret); 595 mac_secret_size, (unsigned char *)mac_secret);
596 } 596 }
597 597
598 if (s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) { 598 if (S3I(s)->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
599 int nid; 599 int nid;
600 if (s->s3->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) 600 if (S3I(s)->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
601 nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; 601 nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
602 else 602 else
603 nid = NID_id_tc26_gost_28147_param_Z; 603 nid = NID_id_tc26_gost_28147_param_Z;
604 604
605 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0); 605 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
606 if (s->s3->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC) 606 if (S3I(s)->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)
607 EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0); 607 EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
608 } 608 }
609 609
@@ -628,8 +628,8 @@ tls1_change_cipher_state(SSL *s, int which)
628 char is_read, use_client_keys; 628 char is_read, use_client_keys;
629 629
630 630
631 cipher = s->s3->tmp.new_sym_enc; 631 cipher = S3I(s)->tmp.new_sym_enc;
632 aead = s->s3->tmp.new_aead; 632 aead = S3I(s)->tmp.new_aead;
633 633
634 /* 634 /*
635 * is_read is true if we have just read a ChangeCipherSpec message, 635 * is_read is true if we have just read a ChangeCipherSpec message,
@@ -652,13 +652,13 @@ tls1_change_cipher_state(SSL *s, int which)
652 * dtls1_reset_seq_numbers(). 652 * dtls1_reset_seq_numbers().
653 */ 653 */
654 if (!SSL_IS_DTLS(s)) { 654 if (!SSL_IS_DTLS(s)) {
655 seq = is_read ? s->s3->read_sequence : s->s3->write_sequence; 655 seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence;
656 memset(seq, 0, SSL3_SEQUENCE_SIZE); 656 memset(seq, 0, SSL3_SEQUENCE_SIZE);
657 } 657 }
658 658
659 if (aead != NULL) { 659 if (aead != NULL) {
660 key_len = EVP_AEAD_key_length(aead); 660 key_len = EVP_AEAD_key_length(aead);
661 iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->s3->tmp.new_cipher); 661 iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->tmp.new_cipher);
662 } else { 662 } else {
663 key_len = EVP_CIPHER_key_length(cipher); 663 key_len = EVP_CIPHER_key_length(cipher);
664 iv_len = EVP_CIPHER_iv_length(cipher); 664 iv_len = EVP_CIPHER_iv_length(cipher);
@@ -670,7 +670,7 @@ tls1_change_cipher_state(SSL *s, int which)
670 670
671 mac_secret_size = s->s3->tmp.new_mac_secret_size; 671 mac_secret_size = s->s3->tmp.new_mac_secret_size;
672 672
673 key_block = s->s3->tmp.key_block; 673 key_block = S3I(s)->tmp.key_block;
674 client_write_mac_secret = key_block; 674 client_write_mac_secret = key_block;
675 key_block += mac_secret_size; 675 key_block += mac_secret_size;
676 server_write_mac_secret = key_block; 676 server_write_mac_secret = key_block;
@@ -694,17 +694,17 @@ tls1_change_cipher_state(SSL *s, int which)
694 iv = server_write_iv; 694 iv = server_write_iv;
695 } 695 }
696 696
697 if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) { 697 if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {
698 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); 698 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
699 goto err2; 699 goto err2;
700 } 700 }
701 701
702 if (is_read) { 702 if (is_read) {
703 memcpy(s->s3->read_mac_secret, mac_secret, mac_secret_size); 703 memcpy(S3I(s)->read_mac_secret, mac_secret, mac_secret_size);
704 s->s3->read_mac_secret_size = mac_secret_size; 704 S3I(s)->read_mac_secret_size = mac_secret_size;
705 } else { 705 } else {
706 memcpy(s->s3->write_mac_secret, mac_secret, mac_secret_size); 706 memcpy(S3I(s)->write_mac_secret, mac_secret, mac_secret_size);
707 s->s3->write_mac_secret_size = mac_secret_size; 707 S3I(s)->write_mac_secret_size = mac_secret_size;
708 } 708 }
709 709
710 if (aead != NULL) { 710 if (aead != NULL) {
@@ -730,7 +730,7 @@ tls1_setup_key_block(SSL *s)
730 const EVP_MD *mac = NULL; 730 const EVP_MD *mac = NULL;
731 int ret = 0; 731 int ret = 0;
732 732
733 if (s->s3->tmp.key_block_length != 0) 733 if (S3I(s)->tmp.key_block_length != 0)
734 return (1); 734 return (1);
735 735
736 if (s->session->cipher && 736 if (s->session->cipher &&
@@ -757,10 +757,10 @@ tls1_setup_key_block(SSL *s)
757 iv_len = EVP_GCM_TLS_FIXED_IV_LEN; 757 iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
758 } 758 }
759 759
760 s->s3->tmp.new_aead = aead; 760 S3I(s)->tmp.new_aead = aead;
761 s->s3->tmp.new_sym_enc = cipher; 761 S3I(s)->tmp.new_sym_enc = cipher;
762 s->s3->tmp.new_hash = mac; 762 S3I(s)->tmp.new_hash = mac;
763 s->s3->tmp.new_mac_pkey_type = mac_type; 763 S3I(s)->tmp.new_mac_pkey_type = mac_type;
764 s->s3->tmp.new_mac_secret_size = mac_secret_size; 764 s->s3->tmp.new_mac_secret_size = mac_secret_size;
765 765
766 tls1_cleanup_key_block(s); 766 tls1_cleanup_key_block(s);
@@ -772,8 +772,8 @@ tls1_setup_key_block(SSL *s)
772 } 772 }
773 key_block_len = (mac_secret_size + key_len + iv_len) * 2; 773 key_block_len = (mac_secret_size + key_len + iv_len) * 2;
774 774
775 s->s3->tmp.key_block_length = key_block_len; 775 S3I(s)->tmp.key_block_length = key_block_len;
776 s->s3->tmp.key_block = key_block; 776 S3I(s)->tmp.key_block = key_block;
777 777
778 if ((tmp_block = malloc(key_block_len)) == NULL) { 778 if ((tmp_block = malloc(key_block_len)) == NULL) {
779 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); 779 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
@@ -789,15 +789,15 @@ tls1_setup_key_block(SSL *s)
789 * Enable vulnerability countermeasure for CBC ciphers with 789 * Enable vulnerability countermeasure for CBC ciphers with
790 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) 790 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
791 */ 791 */
792 s->s3->need_empty_fragments = 1; 792 S3I(s)->need_empty_fragments = 1;
793 793
794 if (s->session->cipher != NULL) { 794 if (s->session->cipher != NULL) {
795 if (s->session->cipher->algorithm_enc == SSL_eNULL) 795 if (s->session->cipher->algorithm_enc == SSL_eNULL)
796 s->s3->need_empty_fragments = 0; 796 S3I(s)->need_empty_fragments = 0;
797 797
798#ifndef OPENSSL_NO_RC4 798#ifndef OPENSSL_NO_RC4
799 if (s->session->cipher->algorithm_enc == SSL_RC4) 799 if (s->session->cipher->algorithm_enc == SSL_RC4)
800 s->s3->need_empty_fragments = 0; 800 S3I(s)->need_empty_fragments = 0;
801#endif 801#endif
802 } 802 }
803 } 803 }
@@ -834,12 +834,12 @@ tls1_enc(SSL *s, int send)
834 834
835 if (send) { 835 if (send) {
836 aead = s->aead_write_ctx; 836 aead = s->aead_write_ctx;
837 rec = &s->s3->wrec; 837 rec = &S3I(s)->wrec;
838 seq = s->s3->write_sequence; 838 seq = S3I(s)->write_sequence;
839 } else { 839 } else {
840 aead = s->aead_read_ctx; 840 aead = s->aead_read_ctx;
841 rec = &s->s3->rrec; 841 rec = &S3I(s)->rrec;
842 seq = s->s3->read_sequence; 842 seq = S3I(s)->read_sequence;
843 } 843 }
844 844
845 if (aead) { 845 if (aead) {
@@ -1102,14 +1102,14 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
1102 unsigned int ret; 1102 unsigned int ret;
1103 int i; 1103 int i;
1104 1104
1105 if (s->s3->handshake_buffer) 1105 if (S3I(s)->handshake_buffer)
1106 if (!tls1_digest_cached_records(s)) 1106 if (!tls1_digest_cached_records(s))
1107 return 0; 1107 return 0;
1108 1108
1109 for (i = 0; i < SSL_MAX_DIGEST; i++) { 1109 for (i = 0; i < SSL_MAX_DIGEST; i++) {
1110 if (s->s3->handshake_dgst[i] && 1110 if (S3I(s)->handshake_dgst[i] &&
1111 EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) { 1111 EVP_MD_CTX_type(S3I(s)->handshake_dgst[i]) == md_nid) {
1112 d = s->s3->handshake_dgst[i]; 1112 d = S3I(s)->handshake_dgst[i];
1113 break; 1113 break;
1114 } 1114 }
1115 } 1115 }
@@ -1141,7 +1141,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
1141 1141
1142 q = buf; 1142 q = buf;
1143 1143
1144 if (s->s3->handshake_buffer) 1144 if (S3I(s)->handshake_buffer)
1145 if (!tls1_digest_cached_records(s)) 1145 if (!tls1_digest_cached_records(s))
1146 return 0; 1146 return 0;
1147 1147
@@ -1150,7 +1150,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
1150 for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) { 1150 for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
1151 if (ssl_get_algorithm2(s) & mask) { 1151 if (ssl_get_algorithm2(s) & mask) {
1152 int hashsize = EVP_MD_size(md); 1152 int hashsize = EVP_MD_size(md);
1153 EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; 1153 EVP_MD_CTX *hdgst = S3I(s)->handshake_dgst[idx];
1154 if (!hdgst || hashsize < 0 || 1154 if (!hdgst || hashsize < 0 ||
1155 hashsize > (int)(sizeof buf - (size_t)(q - buf))) { 1155 hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
1156 /* internal error: 'buf' is too small for this cipersuite! */ 1156 /* internal error: 'buf' is too small for this cipersuite! */
@@ -1193,12 +1193,12 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
1193 int t; 1193 int t;
1194 1194
1195 if (send) { 1195 if (send) {
1196 rec = &(ssl->s3->wrec); 1196 rec = &(ssl->s3->internal->wrec);
1197 seq = &(ssl->s3->write_sequence[0]); 1197 seq = &(ssl->s3->internal->write_sequence[0]);
1198 hash = ssl->write_hash; 1198 hash = ssl->write_hash;
1199 } else { 1199 } else {
1200 rec = &(ssl->s3->rrec); 1200 rec = &(ssl->s3->internal->rrec);
1201 seq = &(ssl->s3->read_sequence[0]); 1201 seq = &(ssl->s3->internal->read_sequence[0]);
1202 hash = ssl->read_hash; 1202 hash = ssl->read_hash;
1203 } 1203 }
1204 1204
@@ -1241,8 +1241,8 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
1241 if (!ssl3_cbc_digest_record(mac_ctx, 1241 if (!ssl3_cbc_digest_record(mac_ctx,
1242 md, &md_size, header, rec->input, 1242 md, &md_size, header, rec->input,
1243 rec->length + md_size, orig_len, 1243 rec->length + md_size, orig_len,
1244 ssl->s3->read_mac_secret, 1244 ssl->s3->internal->read_mac_secret,
1245 ssl->s3->read_mac_secret_size)) 1245 ssl->s3->internal->read_mac_secret_size))
1246 return -1; 1246 return -1;
1247 } else { 1247 } else {
1248 EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); 1248 EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 55624a2d24..d1d20b6bda 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.98 2017/01/22 06:36:49 jsing Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.99 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -863,7 +863,7 @@ skip_ext:
863 } 863 }
864 864
865 if (s->ctx->internal->next_proto_select_cb && 865 if (s->ctx->internal->next_proto_select_cb &&
866 !s->s3->tmp.finish_md_len) { 866 !S3I(s)->tmp.finish_md_len) {
867 /* The client advertises an emtpy extension to indicate its 867 /* The client advertises an emtpy extension to indicate its
868 * support for Next Protocol Negotiation */ 868 * support for Next Protocol Negotiation */
869 if ((size_t)(limit - ret) < 4) 869 if ((size_t)(limit - ret) < 4)
@@ -873,7 +873,7 @@ skip_ext:
873 } 873 }
874 874
875 if (s->internal->alpn_client_proto_list != NULL && 875 if (s->internal->alpn_client_proto_list != NULL &&
876 s->s3->tmp.finish_md_len == 0) { 876 S3I(s)->tmp.finish_md_len == 0) {
877 if ((size_t)(limit - ret) < 877 if ((size_t)(limit - ret) <
878 6 + s->internal->alpn_client_proto_list_len) 878 6 + s->internal->alpn_client_proto_list_len)
879 return (NULL); 879 return (NULL);
@@ -955,8 +955,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
955 unsigned char *ret = p; 955 unsigned char *ret = p;
956 int next_proto_neg_seen; 956 int next_proto_neg_seen;
957 957
958 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 958 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
959 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 959 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
960 using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && 960 using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) &&
961 SSI(s)->tlsext_ecpointformatlist != NULL; 961 SSI(s)->tlsext_ecpointformatlist != NULL;
962 962
@@ -973,7 +973,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
973 s2n(0, ret); 973 s2n(0, ret);
974 } 974 }
975 975
976 if (s->s3->send_connection_binding) { 976 if (S3I(s)->send_connection_binding) {
977 int el; 977 int el;
978 978
979 if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { 979 if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
@@ -1068,8 +1068,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1068 } 1068 }
1069#endif 1069#endif
1070 1070
1071 if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 || 1071 if (((S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x80 ||
1072 (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) && 1072 (S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x81) &&
1073 (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) { 1073 (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
1074 static const unsigned char cryptopro_ext[36] = { 1074 static const unsigned char cryptopro_ext[36] = {
1075 0xfd, 0xe8, /*65000*/ 1075 0xfd, 0xe8, /*65000*/
@@ -1085,8 +1085,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1085 ret += sizeof(cryptopro_ext); 1085 ret += sizeof(cryptopro_ext);
1086 } 1086 }
1087 1087
1088 next_proto_neg_seen = s->s3->next_proto_neg_seen; 1088 next_proto_neg_seen = S3I(s)->next_proto_neg_seen;
1089 s->s3->next_proto_neg_seen = 0; 1089 S3I(s)->next_proto_neg_seen = 0;
1090 if (next_proto_neg_seen && s->ctx->internal->next_protos_advertised_cb) { 1090 if (next_proto_neg_seen && s->ctx->internal->next_protos_advertised_cb) {
1091 const unsigned char *npa; 1091 const unsigned char *npa;
1092 unsigned int npalen; 1092 unsigned int npalen;
@@ -1101,13 +1101,13 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1101 s2n(npalen, ret); 1101 s2n(npalen, ret);
1102 memcpy(ret, npa, npalen); 1102 memcpy(ret, npa, npalen);
1103 ret += npalen; 1103 ret += npalen;
1104 s->s3->next_proto_neg_seen = 1; 1104 S3I(s)->next_proto_neg_seen = 1;
1105 } 1105 }
1106 } 1106 }
1107 1107
1108 if (s->s3->alpn_selected != NULL) { 1108 if (S3I(s)->alpn_selected != NULL) {
1109 const unsigned char *selected = s->s3->alpn_selected; 1109 const unsigned char *selected = S3I(s)->alpn_selected;
1110 unsigned int len = s->s3->alpn_selected_len; 1110 unsigned int len = S3I(s)->alpn_selected_len;
1111 1111
1112 if ((long)(limit - ret - 4 - 2 - 1 - len) < 0) 1112 if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
1113 return (NULL); 1113 return (NULL);
@@ -1175,13 +1175,13 @@ tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
1175 CBS_data(&alpn), CBS_len(&alpn), 1175 CBS_data(&alpn), CBS_len(&alpn),
1176 s->ctx->internal->alpn_select_cb_arg); 1176 s->ctx->internal->alpn_select_cb_arg);
1177 if (r == SSL_TLSEXT_ERR_OK) { 1177 if (r == SSL_TLSEXT_ERR_OK) {
1178 free(s->s3->alpn_selected); 1178 free(S3I(s)->alpn_selected);
1179 if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { 1179 if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) {
1180 *al = SSL_AD_INTERNAL_ERROR; 1180 *al = SSL_AD_INTERNAL_ERROR;
1181 return (-1); 1181 return (-1);
1182 } 1182 }
1183 memcpy(s->s3->alpn_selected, selected, selected_len); 1183 memcpy(S3I(s)->alpn_selected, selected, selected_len);
1184 s->s3->alpn_selected_len = selected_len; 1184 S3I(s)->alpn_selected_len = selected_len;
1185 } 1185 }
1186 1186
1187 return (1); 1187 return (1);
@@ -1205,9 +1205,9 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1205 1205
1206 s->servername_done = 0; 1206 s->servername_done = 0;
1207 s->tlsext_status_type = -1; 1207 s->tlsext_status_type = -1;
1208 s->s3->next_proto_neg_seen = 0; 1208 S3I(s)->next_proto_neg_seen = 0;
1209 free(s->s3->alpn_selected); 1209 free(S3I(s)->alpn_selected);
1210 s->s3->alpn_selected = NULL; 1210 S3I(s)->alpn_selected = NULL;
1211 s->srtp_profile = NULL; 1211 s->srtp_profile = NULL;
1212 1212
1213 if (data == end) 1213 if (data == end)
@@ -1529,8 +1529,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1529 } 1529 }
1530 } 1530 }
1531 else if (type == TLSEXT_TYPE_next_proto_neg && 1531 else if (type == TLSEXT_TYPE_next_proto_neg &&
1532 s->s3->tmp.finish_md_len == 0 && 1532 S3I(s)->tmp.finish_md_len == 0 &&
1533 s->s3->alpn_selected == NULL) { 1533 S3I(s)->alpn_selected == NULL) {
1534 /* We shouldn't accept this extension on a 1534 /* We shouldn't accept this extension on a
1535 * renegotiation. 1535 * renegotiation.
1536 * 1536 *
@@ -1542,21 +1542,21 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1542 * anything like that, but this might change). 1542 * anything like that, but this might change).
1543 1543
1544 * A valid sign that there's been a previous handshake 1544 * A valid sign that there's been a previous handshake
1545 * in this connection is if s->s3->tmp.finish_md_len > 1545 * in this connection is if S3I(s)->tmp.finish_md_len >
1546 * 0. (We are talking about a check that will happen 1546 * 0. (We are talking about a check that will happen
1547 * in the Hello protocol round, well before a new 1547 * in the Hello protocol round, well before a new
1548 * Finished message could have been computed.) */ 1548 * Finished message could have been computed.) */
1549 s->s3->next_proto_neg_seen = 1; 1549 S3I(s)->next_proto_neg_seen = 1;
1550 } 1550 }
1551 else if (type == 1551 else if (type ==
1552 TLSEXT_TYPE_application_layer_protocol_negotiation && 1552 TLSEXT_TYPE_application_layer_protocol_negotiation &&
1553 s->ctx->internal->alpn_select_cb != NULL && 1553 s->ctx->internal->alpn_select_cb != NULL &&
1554 s->s3->tmp.finish_md_len == 0) { 1554 S3I(s)->tmp.finish_md_len == 0) {
1555 if (tls1_alpn_handle_client_hello(s, data, 1555 if (tls1_alpn_handle_client_hello(s, data,
1556 size, al) != 1) 1556 size, al) != 1)
1557 return (0); 1557 return (0);
1558 /* ALPN takes precedence over NPN. */ 1558 /* ALPN takes precedence over NPN. */
1559 s->s3->next_proto_neg_seen = 0; 1559 S3I(s)->next_proto_neg_seen = 0;
1560 } 1560 }
1561 1561
1562 /* session ticket processed earlier */ 1562 /* session ticket processed earlier */
@@ -1624,9 +1624,9 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1624 int tlsext_servername = 0; 1624 int tlsext_servername = 0;
1625 int renegotiate_seen = 0; 1625 int renegotiate_seen = 0;
1626 1626
1627 s->s3->next_proto_neg_seen = 0; 1627 S3I(s)->next_proto_neg_seen = 0;
1628 free(s->s3->alpn_selected); 1628 free(S3I(s)->alpn_selected);
1629 s->s3->alpn_selected = NULL; 1629 S3I(s)->alpn_selected = NULL;
1630 1630
1631 if (data == end) 1631 if (data == end)
1632 goto ri_check; 1632 goto ri_check;
@@ -1714,7 +1714,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1714 s->tlsext_status_expected = 1; 1714 s->tlsext_status_expected = 1;
1715 } 1715 }
1716 else if (type == TLSEXT_TYPE_next_proto_neg && 1716 else if (type == TLSEXT_TYPE_next_proto_neg &&
1717 s->s3->tmp.finish_md_len == 0) { 1717 S3I(s)->tmp.finish_md_len == 0) {
1718 unsigned char *selected; 1718 unsigned char *selected;
1719 unsigned char selected_len; 1719 unsigned char selected_len;
1720 1720
@@ -1742,7 +1742,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1742 } 1742 }
1743 memcpy(s->internal->next_proto_negotiated, selected, selected_len); 1743 memcpy(s->internal->next_proto_negotiated, selected, selected_len);
1744 s->internal->next_proto_negotiated_len = selected_len; 1744 s->internal->next_proto_negotiated_len = selected_len;
1745 s->s3->next_proto_neg_seen = 1; 1745 S3I(s)->next_proto_neg_seen = 1;
1746 } 1746 }
1747 else if (type == 1747 else if (type ==
1748 TLSEXT_TYPE_application_layer_protocol_negotiation) { 1748 TLSEXT_TYPE_application_layer_protocol_negotiation) {
@@ -1773,14 +1773,14 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1773 *al = TLS1_AD_DECODE_ERROR; 1773 *al = TLS1_AD_DECODE_ERROR;
1774 return (0); 1774 return (0);
1775 } 1775 }
1776 free(s->s3->alpn_selected); 1776 free(S3I(s)->alpn_selected);
1777 s->s3->alpn_selected = malloc(len); 1777 S3I(s)->alpn_selected = malloc(len);
1778 if (s->s3->alpn_selected == NULL) { 1778 if (S3I(s)->alpn_selected == NULL) {
1779 *al = TLS1_AD_INTERNAL_ERROR; 1779 *al = TLS1_AD_INTERNAL_ERROR;
1780 return (0); 1780 return (0);
1781 } 1781 }
1782 memcpy(s->s3->alpn_selected, data + 3, len); 1782 memcpy(S3I(s)->alpn_selected, data + 3, len);
1783 s->s3->alpn_selected_len = len; 1783 S3I(s)->alpn_selected_len = len;
1784 1784
1785 } else if (type == TLSEXT_TYPE_renegotiate) { 1785 } else if (type == TLSEXT_TYPE_renegotiate) {
1786 if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) 1786 if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
@@ -1948,8 +1948,8 @@ ssl_check_serverhello_tlsext(SSL *s)
1948 * suite, then if server returns an EC point formats lists extension 1948 * suite, then if server returns an EC point formats lists extension
1949 * it must contain uncompressed. 1949 * it must contain uncompressed.
1950 */ 1950 */
1951 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1951 unsigned long alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
1952 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1952 unsigned long alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
1953 if ((s->tlsext_ecpointformatlist != NULL) && 1953 if ((s->tlsext_ecpointformatlist != NULL) &&
1954 (s->tlsext_ecpointformatlist_length > 0) && 1954 (s->tlsext_ecpointformatlist_length > 0) &&
1955 (SSI(s)->tlsext_ecpointformatlist != NULL) && 1955 (SSI(s)->tlsext_ecpointformatlist != NULL) &&
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index 294a632b8f..52f17b7d2b 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_reneg.c,v 1.11 2015/06/20 16:42:48 doug Exp $ */ 1/* $OpenBSD: t1_reneg.c,v 1.12 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -122,22 +122,22 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
122 int maxlen) 122 int maxlen)
123{ 123{
124 if (p) { 124 if (p) {
125 if ((s->s3->previous_client_finished_len + 1) > maxlen) { 125 if ((S3I(s)->previous_client_finished_len + 1) > maxlen) {
126 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, 126 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,
127 SSL_R_RENEGOTIATE_EXT_TOO_LONG); 127 SSL_R_RENEGOTIATE_EXT_TOO_LONG);
128 return 0; 128 return 0;
129 } 129 }
130 130
131 /* Length byte */ 131 /* Length byte */
132 *p = s->s3->previous_client_finished_len; 132 *p = S3I(s)->previous_client_finished_len;
133 p++; 133 p++;
134 134
135 memcpy(p, s->s3->previous_client_finished, 135 memcpy(p, S3I(s)->previous_client_finished,
136 s->s3->previous_client_finished_len); 136 S3I(s)->previous_client_finished_len);
137 137
138 } 138 }
139 139
140 *len = s->s3->previous_client_finished_len + 1; 140 *len = S3I(s)->previous_client_finished_len + 1;
141 141
142 return 1; 142 return 1;
143} 143}
@@ -168,22 +168,22 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
168 } 168 }
169 169
170 /* Check that the extension matches */ 170 /* Check that the extension matches */
171 if (CBS_len(&reneg) != s->s3->previous_client_finished_len) { 171 if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) {
172 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, 172 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
173 SSL_R_RENEGOTIATION_MISMATCH); 173 SSL_R_RENEGOTIATION_MISMATCH);
174 *al = SSL_AD_HANDSHAKE_FAILURE; 174 *al = SSL_AD_HANDSHAKE_FAILURE;
175 return 0; 175 return 0;
176 } 176 }
177 177
178 if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished, 178 if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,
179 s->s3->previous_client_finished_len)) { 179 S3I(s)->previous_client_finished_len)) {
180 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, 180 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
181 SSL_R_RENEGOTIATION_MISMATCH); 181 SSL_R_RENEGOTIATION_MISMATCH);
182 *al = SSL_AD_HANDSHAKE_FAILURE; 182 *al = SSL_AD_HANDSHAKE_FAILURE;
183 return 0; 183 return 0;
184 } 184 }
185 185
186 s->s3->send_connection_binding = 1; 186 S3I(s)->send_connection_binding = 1;
187 187
188 return 1; 188 return 1;
189} 189}
@@ -194,29 +194,29 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
194 int maxlen) 194 int maxlen)
195{ 195{
196 if (p) { 196 if (p) {
197 if ((s->s3->previous_client_finished_len + 197 if ((S3I(s)->previous_client_finished_len +
198 s->s3->previous_server_finished_len + 1) > maxlen) { 198 S3I(s)->previous_server_finished_len + 1) > maxlen) {
199 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, 199 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,
200 SSL_R_RENEGOTIATE_EXT_TOO_LONG); 200 SSL_R_RENEGOTIATE_EXT_TOO_LONG);
201 return 0; 201 return 0;
202 } 202 }
203 203
204 /* Length byte */ 204 /* Length byte */
205 *p = s->s3->previous_client_finished_len + 205 *p = S3I(s)->previous_client_finished_len +
206 s->s3->previous_server_finished_len; 206 S3I(s)->previous_server_finished_len;
207 p++; 207 p++;
208 208
209 memcpy(p, s->s3->previous_client_finished, 209 memcpy(p, S3I(s)->previous_client_finished,
210 s->s3->previous_client_finished_len); 210 S3I(s)->previous_client_finished_len);
211 p += s->s3->previous_client_finished_len; 211 p += S3I(s)->previous_client_finished_len;
212 212
213 memcpy(p, s->s3->previous_server_finished, 213 memcpy(p, S3I(s)->previous_server_finished,
214 s->s3->previous_server_finished_len); 214 S3I(s)->previous_server_finished_len);
215 215
216 } 216 }
217 217
218 *len = s->s3->previous_client_finished_len + 218 *len = S3I(s)->previous_client_finished_len +
219 s->s3->previous_server_finished_len + 1; 219 S3I(s)->previous_server_finished_len + 1;
220 220
221 return 1; 221 return 1;
222} 222}
@@ -227,12 +227,12 @@ int
227ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al) 227ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al)
228{ 228{
229 CBS cbs, reneg, previous_client, previous_server; 229 CBS cbs, reneg, previous_client, previous_server;
230 int expected_len = s->s3->previous_client_finished_len + 230 int expected_len = S3I(s)->previous_client_finished_len +
231 s->s3->previous_server_finished_len; 231 S3I(s)->previous_server_finished_len;
232 232
233 /* Check for logic errors */ 233 /* Check for logic errors */
234 OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); 234 OPENSSL_assert(!expected_len || S3I(s)->previous_client_finished_len);
235 OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); 235 OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len);
236 236
237 if (len < 0) { 237 if (len < 0) {
238 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, 238 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
@@ -255,9 +255,9 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
255 /* Check that the extension matches */ 255 /* Check that the extension matches */
256 if (CBS_len(&reneg) != expected_len || 256 if (CBS_len(&reneg) != expected_len ||
257 !CBS_get_bytes(&reneg, &previous_client, 257 !CBS_get_bytes(&reneg, &previous_client,
258 s->s3->previous_client_finished_len) || 258 S3I(s)->previous_client_finished_len) ||
259 !CBS_get_bytes(&reneg, &previous_server, 259 !CBS_get_bytes(&reneg, &previous_server,
260 s->s3->previous_server_finished_len) || 260 S3I(s)->previous_server_finished_len) ||
261 CBS_len(&reneg) != 0) { 261 CBS_len(&reneg) != 0) {
262 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, 262 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
263 SSL_R_RENEGOTIATION_MISMATCH); 263 SSL_R_RENEGOTIATION_MISMATCH);
@@ -265,14 +265,14 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
265 return 0; 265 return 0;
266 } 266 }
267 267
268 if (!CBS_mem_equal(&previous_client, s->s3->previous_client_finished, 268 if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished,
269 CBS_len(&previous_client))) { 269 CBS_len(&previous_client))) {
270 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, 270 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
271 SSL_R_RENEGOTIATION_MISMATCH); 271 SSL_R_RENEGOTIATION_MISMATCH);
272 *al = SSL_AD_HANDSHAKE_FAILURE; 272 *al = SSL_AD_HANDSHAKE_FAILURE;
273 return 0; 273 return 0;
274 } 274 }
275 if (!CBS_mem_equal(&previous_server, s->s3->previous_server_finished, 275 if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished,
276 CBS_len(&previous_server))) { 276 CBS_len(&previous_server))) {
277 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, 277 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
278 SSL_R_RENEGOTIATION_MISMATCH); 278 SSL_R_RENEGOTIATION_MISMATCH);
@@ -280,7 +280,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
280 return 0; 280 return 0;
281 } 281 }
282 282
283 s->s3->send_connection_binding = 1; 283 S3I(s)->send_connection_binding = 1;
284 284
285 return 1; 285 return 1;
286} 286}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-23 15:02:45 +0000