summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_pkt.c36
-rw-r--r--src/lib/libssl/s3_lib.c28
-rw-r--r--src/lib/libssl/ssl3.h14
-rw-r--r--src/lib/libssl/ssl_both.c24
-rw-r--r--src/lib/libssl/ssl_locl.h12
-rw-r--r--src/lib/libssl/ssl_packet.c6
-rw-r--r--src/lib/libssl/ssl_pkt.c48
-rw-r--r--src/lib/libssl/t1_enc.c6
8 files changed, 86 insertions, 88 deletions
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index b3104d21e7..825c1838a1 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.64 2018/08/24 19:35:05 jsing Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.65 2018/10/24 18:04:50 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -200,11 +200,11 @@ dtls1_copy_record(SSL *s, pitem *item)
200 200
201 rdata = (DTLS1_RECORD_DATA *)item->data; 201 rdata = (DTLS1_RECORD_DATA *)item->data;
202 202
203 free(s->s3->rbuf.buf); 203 free(S3I(s)->rbuf.buf);
204 204
205 s->internal->packet = rdata->packet; 205 s->internal->packet = rdata->packet;
206 s->internal->packet_length = rdata->packet_length; 206 s->internal->packet_length = rdata->packet_length;
207 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 207 memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
208 memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); 208 memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
209 209
210 /* Set proper sequence number for mac calculation */ 210 /* Set proper sequence number for mac calculation */
@@ -231,7 +231,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
231 231
232 rdata->packet = s->internal->packet; 232 rdata->packet = s->internal->packet;
233 rdata->packet_length = s->internal->packet_length; 233 rdata->packet_length = s->internal->packet_length;
234 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); 234 memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER));
235 memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD)); 235 memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));
236 236
237 item->data = rdata; 237 item->data = rdata;
@@ -239,7 +239,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
239 239
240 s->internal->packet = NULL; 240 s->internal->packet = NULL;
241 s->internal->packet_length = 0; 241 s->internal->packet_length = 0;
242 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); 242 memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER));
243 memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD)); 243 memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));
244 244
245 if (!ssl3_setup_buffers(s)) 245 if (!ssl3_setup_buffers(s))
@@ -643,7 +643,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
643 SSL3_RECORD *rr; 643 SSL3_RECORD *rr;
644 void (*cb)(const SSL *ssl, int type2, int val) = NULL; 644 void (*cb)(const SSL *ssl, int type2, int val) = NULL;
645 645
646 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 646 if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
647 if (!ssl3_setup_buffers(s)) 647 if (!ssl3_setup_buffers(s))
648 return (-1); 648 return (-1);
649 649
@@ -880,7 +880,7 @@ start:
880 } 880 }
881 881
882 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { 882 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
883 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 883 if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */
884 { 884 {
885 BIO *bio; 885 BIO *bio;
886 /* In the case where we try to read application data, 886 /* In the case where we try to read application data,
@@ -1035,7 +1035,7 @@ start:
1035 } 1035 }
1036 1036
1037 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { 1037 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
1038 if (s->s3->rbuf.left == 0) /* no read-ahead left? */ 1038 if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */
1039 { 1039 {
1040 BIO *bio; 1040 BIO *bio;
1041 /* In the case where we try to read application data, 1041 /* In the case where we try to read application data,
@@ -1188,13 +1188,13 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1188 1188
1189 /* first check if there is a SSL3_BUFFER still being written 1189 /* first check if there is a SSL3_BUFFER still being written
1190 * out. This will happen with non blocking IO */ 1190 * out. This will happen with non blocking IO */
1191 if (s->s3->wbuf.left != 0) { 1191 if (S3I(s)->wbuf.left != 0) {
1192 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ 1192 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1193 return (ssl3_write_pending(s, type, buf, len)); 1193 return (ssl3_write_pending(s, type, buf, len));
1194 } 1194 }
1195 1195
1196 /* If we have an alert to send, lets send it */ 1196 /* If we have an alert to send, lets send it */
1197 if (s->s3->alert_dispatch) { 1197 if (S3I(s)->alert_dispatch) {
1198 i = s->method->ssl_dispatch_alert(s); 1198 i = s->method->ssl_dispatch_alert(s);
1199 if (i <= 0) 1199 if (i <= 0)
1200 return (i); 1200 return (i);
@@ -1205,7 +1205,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1205 return 0; 1205 return 0;
1206 1206
1207 wr = &(S3I(s)->wrec); 1207 wr = &(S3I(s)->wrec);
1208 wb = &(s->s3->wbuf); 1208 wb = &(S3I(s)->wbuf);
1209 sess = s->session; 1209 sess = s->session;
1210 1210
1211 if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) || 1211 if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) ||
@@ -1382,23 +1382,23 @@ dtls1_dispatch_alert(SSL *s)
1382 unsigned char buf[DTLS1_AL_HEADER_LENGTH]; 1382 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1383 unsigned char *ptr = &buf[0]; 1383 unsigned char *ptr = &buf[0];
1384 1384
1385 s->s3->alert_dispatch = 0; 1385 S3I(s)->alert_dispatch = 0;
1386 1386
1387 memset(buf, 0x00, sizeof(buf)); 1387 memset(buf, 0x00, sizeof(buf));
1388 *ptr++ = s->s3->send_alert[0]; 1388 *ptr++ = S3I(s)->send_alert[0];
1389 *ptr++ = s->s3->send_alert[1]; 1389 *ptr++ = S3I(s)->send_alert[1];
1390 1390
1391 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf)); 1391 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
1392 if (i <= 0) { 1392 if (i <= 0) {
1393 s->s3->alert_dispatch = 1; 1393 S3I(s)->alert_dispatch = 1;
1394 /* fprintf( stderr, "not done with alert\n" ); */ 1394 /* fprintf( stderr, "not done with alert\n" ); */
1395 } else { 1395 } else {
1396 if (s->s3->send_alert[0] == SSL3_AL_FATAL) 1396 if (S3I(s)->send_alert[0] == SSL3_AL_FATAL)
1397 (void)BIO_flush(s->wbio); 1397 (void)BIO_flush(s->wbio);
1398 1398
1399 if (s->internal->msg_callback) 1399 if (s->internal->msg_callback)
1400 s->internal->msg_callback(1, s->version, SSL3_RT_ALERT, 1400 s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,
1401 s->s3->send_alert, 2, s, s->internal->msg_callback_arg); 1401 S3I(s)->send_alert, 2, s, s->internal->msg_callback_arg);
1402 1402
1403 if (s->internal->info_callback != NULL) 1403 if (s->internal->info_callback != NULL)
1404 cb = s->internal->info_callback; 1404 cb = s->internal->info_callback;
@@ -1406,7 +1406,7 @@ dtls1_dispatch_alert(SSL *s)
1406 cb = s->ctx->internal->info_callback; 1406 cb = s->ctx->internal->info_callback;
1407 1407
1408 if (cb != NULL) { 1408 if (cb != NULL) {
1409 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1409 j = (S3I(s)->send_alert[0]<<8)|S3I(s)->send_alert[1];
1410 cb(s, SSL_CB_WRITE_ALERT, j); 1410 cb(s, SSL_CB_WRITE_ALERT, j);
1411 } 1411 }
1412 } 1412 }
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 02e6c66a47..6fcbbfc2c5 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.170 2018/09/06 16:40:45 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.171 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1543,10 +1543,10 @@ ssl3_clear(SSL *s)
1543 freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); 1543 freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
1544 S3I(s)->tmp.x25519 = NULL; 1544 S3I(s)->tmp.x25519 = NULL;
1545 1545
1546 rp = s->s3->rbuf.buf; 1546 rp = S3I(s)->rbuf.buf;
1547 wp = s->s3->wbuf.buf; 1547 wp = S3I(s)->wbuf.buf;
1548 rlen = s->s3->rbuf.len; 1548 rlen = S3I(s)->rbuf.len;
1549 wlen = s->s3->wbuf.len; 1549 wlen = S3I(s)->wbuf.len;
1550 1550
1551 BIO_free(S3I(s)->handshake_buffer); 1551 BIO_free(S3I(s)->handshake_buffer);
1552 S3I(s)->handshake_buffer = NULL; 1552 S3I(s)->handshake_buffer = NULL;
@@ -1561,10 +1561,10 @@ ssl3_clear(SSL *s)
1561 memset(s->s3, 0, sizeof(*s->s3)); 1561 memset(s->s3, 0, sizeof(*s->s3));
1562 S3I(s) = internal; 1562 S3I(s) = internal;
1563 1563
1564 s->s3->rbuf.buf = rp; 1564 S3I(s)->rbuf.buf = rp;
1565 s->s3->wbuf.buf = wp; 1565 S3I(s)->wbuf.buf = wp;
1566 s->s3->rbuf.len = rlen; 1566 S3I(s)->rbuf.len = rlen;
1567 s->s3->wbuf.len = wlen; 1567 S3I(s)->wbuf.len = wlen;
1568 1568
1569 ssl_free_wbio_buffer(s); 1569 ssl_free_wbio_buffer(s);
1570 1570
@@ -2406,11 +2406,11 @@ ssl3_shutdown(SSL *s)
2406 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 2406 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
2407 /* 2407 /*
2408 * Our shutdown alert has been sent now, and if it still needs 2408 * Our shutdown alert has been sent now, and if it still needs
2409 * to be written, s->s3->alert_dispatch will be true 2409 * to be written, S3I(s)->alert_dispatch will be true
2410 */ 2410 */
2411 if (s->s3->alert_dispatch) 2411 if (S3I(s)->alert_dispatch)
2412 return(-1); /* return WANT_WRITE */ 2412 return(-1); /* return WANT_WRITE */
2413 } else if (s->s3->alert_dispatch) { 2413 } else if (S3I(s)->alert_dispatch) {
2414 /* resend it if not sent */ 2414 /* resend it if not sent */
2415 ret = s->method->ssl_dispatch_alert(s); 2415 ret = s->method->ssl_dispatch_alert(s);
2416 if (ret == -1) { 2416 if (ret == -1) {
@@ -2431,7 +2431,7 @@ ssl3_shutdown(SSL *s)
2431 } 2431 }
2432 2432
2433 if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 2433 if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2434 !s->s3->alert_dispatch) 2434 !S3I(s)->alert_dispatch)
2435 return (1); 2435 return (1);
2436 else 2436 else
2437 return (0); 2437 return (0);
@@ -2509,7 +2509,7 @@ ssl3_renegotiate_check(SSL *s)
2509 int ret = 0; 2509 int ret = 0;
2510 2510
2511 if (S3I(s)->renegotiate) { 2511 if (S3I(s)->renegotiate) {
2512 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 2512 if ((S3I(s)->rbuf.left == 0) && (S3I(s)->wbuf.left == 0) &&
2513 !SSL_in_init(s)) { 2513 !SSL_in_init(s)) {
2514 /* 2514 /*
2515 * If we are the server, and we have sent 2515 * If we are the server, and we have sent
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index f8833fa1bb..726fb9db0b 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl3.h,v 1.47 2018/04/07 16:55:13 jsing Exp $ */ 1/* $OpenBSD: ssl3.h,v 1.48 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -363,18 +363,6 @@ typedef struct ssl3_state_st {
363 unsigned char server_random[SSL3_RANDOM_SIZE]; 363 unsigned char server_random[SSL3_RANDOM_SIZE];
364 unsigned char client_random[SSL3_RANDOM_SIZE]; 364 unsigned char client_random[SSL3_RANDOM_SIZE];
365 365
366 SSL3_BUFFER rbuf; /* read IO goes into here */
367 SSL3_BUFFER wbuf; /* write IO goes into here */
368
369 /* we allow one fatal and one warning alert to be outstanding,
370 * send close alert via the warning alert */
371 int alert_dispatch;
372 unsigned char send_alert[2];
373
374 struct {
375 int new_mac_secret_size;
376 } tmp;
377
378 struct ssl3_state_internal_st *internal; 366 struct ssl3_state_internal_st *internal;
379} SSL3_STATE; 367} SSL3_STATE;
380 368
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 788505e602..81fd1f80c5 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.12 2018/08/24 17:30:32 jsing Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.13 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -700,16 +700,16 @@ ssl3_setup_read_buffer(SSL *s)
700 700
701 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); 701 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
702 702
703 if (s->s3->rbuf.buf == NULL) { 703 if (S3I(s)->rbuf.buf == NULL) {
704 len = SSL3_RT_MAX_PLAIN_LENGTH + 704 len = SSL3_RT_MAX_PLAIN_LENGTH +
705 SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; 705 SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
706 if ((p = malloc(len)) == NULL) 706 if ((p = malloc(len)) == NULL)
707 goto err; 707 goto err;
708 s->s3->rbuf.buf = p; 708 S3I(s)->rbuf.buf = p;
709 s->s3->rbuf.len = len; 709 S3I(s)->rbuf.len = len;
710 } 710 }
711 711
712 s->internal->packet = &(s->s3->rbuf.buf[0]); 712 s->internal->packet = &(S3I(s)->rbuf.buf[0]);
713 return 1; 713 return 1;
714 714
715err: 715err:
@@ -730,7 +730,7 @@ ssl3_setup_write_buffer(SSL *s)
730 730
731 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); 731 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
732 732
733 if (s->s3->wbuf.buf == NULL) { 733 if (S3I(s)->wbuf.buf == NULL) {
734 len = s->max_send_fragment + 734 len = s->max_send_fragment +
735 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; 735 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
736 if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 736 if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
@@ -739,8 +739,8 @@ ssl3_setup_write_buffer(SSL *s)
739 739
740 if ((p = malloc(len)) == NULL) 740 if ((p = malloc(len)) == NULL)
741 goto err; 741 goto err;
742 s->s3->wbuf.buf = p; 742 S3I(s)->wbuf.buf = p;
743 s->s3->wbuf.len = len; 743 S3I(s)->wbuf.len = len;
744 } 744 }
745 745
746 return 1; 746 return 1;
@@ -763,15 +763,15 @@ ssl3_setup_buffers(SSL *s)
763int 763int
764ssl3_release_write_buffer(SSL *s) 764ssl3_release_write_buffer(SSL *s)
765{ 765{
766 free(s->s3->wbuf.buf); 766 free(S3I(s)->wbuf.buf);
767 s->s3->wbuf.buf = NULL; 767 S3I(s)->wbuf.buf = NULL;
768 return 1; 768 return 1;
769} 769}
770 770
771int 771int
772ssl3_release_read_buffer(SSL *s) 772ssl3_release_read_buffer(SSL *s)
773{ 773{
774 free(s->s3->rbuf.buf); 774 free(S3I(s)->rbuf.buf);
775 s->s3->rbuf.buf = NULL; 775 S3I(s)->rbuf.buf = NULL;
776 return 1; 776 return 1;
777} 777}
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index d022d21568..9a018547ab 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.215 2018/09/08 14:29:52 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.216 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -748,6 +748,14 @@ typedef struct ssl3_state_internal_st {
748 int write_mac_secret_size; 748 int write_mac_secret_size;
749 unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; 749 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
750 750
751 SSL3_BUFFER rbuf; /* read IO goes into here */
752 SSL3_BUFFER wbuf; /* write IO goes into here */
753
754 /* we allow one fatal and one warning alert to be outstanding,
755 * send close alert via the warning alert */
756 int alert_dispatch;
757 unsigned char send_alert[2];
758
751 /* flags for countermeasure against known-IV weakness */ 759 /* flags for countermeasure against known-IV weakness */
752 int need_empty_fragments; 760 int need_empty_fragments;
753 int empty_fragment_done; 761 int empty_fragment_done;
@@ -793,6 +801,8 @@ typedef struct ssl3_state_internal_st {
793 SSL_HANDSHAKE hs; 801 SSL_HANDSHAKE hs;
794 802
795 struct { 803 struct {
804 int new_mac_secret_size;
805
796 /* actually only needs to be 16+20 */ 806 /* actually only needs to be 16+20 */
797 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; 807 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
798 808
diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c
index 5556ffb9f1..ca5afb7d93 100644
--- a/src/lib/libssl/ssl_packet.c
+++ b/src/lib/libssl/ssl_packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_packet.c,v 1.6 2017/05/06 16:18:36 jsing Exp $ */ 1/* $OpenBSD: ssl_packet.c,v 1.7 2018/10/24 18:04:50 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -210,10 +210,10 @@ ssl_convert_sslv2_client_hello(SSL *s)
210 if (!CBB_finish(&cbb, &data, &data_len)) 210 if (!CBB_finish(&cbb, &data, &data_len))
211 goto err; 211 goto err;
212 212
213 if (data_len > s->s3->rbuf.len) 213 if (data_len > S3I(s)->rbuf.len)
214 goto err; 214 goto err;
215 215
216 s->internal->packet = s->s3->rbuf.buf; 216 s->internal->packet = S3I(s)->rbuf.buf;
217 s->internal->packet_length = data_len; 217 s->internal->packet_length = data_len;
218 memcpy(s->internal->packet, data, data_len); 218 memcpy(s->internal->packet, data, data_len);
219 ret = 1; 219 ret = 1;
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 4e3ac7722a..6e3764d360 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.13 2018/09/08 14:39:41 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.14 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -141,7 +141,7 @@ ssl_force_want_read(SSL *s)
141/* 141/*
142 * If extend == 0, obtain new n-byte packet; if extend == 1, increase 142 * If extend == 0, obtain new n-byte packet; if extend == 1, increase
143 * packet by another n bytes. 143 * packet by another n bytes.
144 * The packet will be in the sub-array of s->s3->rbuf.buf specified 144 * The packet will be in the sub-array of S3I(s)->rbuf.buf specified
145 * by s->internal->packet and s->internal->packet_length. 145 * by s->internal->packet and s->internal->packet_length.
146 * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf 146 * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf
147 * [plus s->internal->packet_length bytes if extend == 1].) 147 * [plus s->internal->packet_length bytes if extend == 1].)
@@ -157,7 +157,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
157 if (n <= 0) 157 if (n <= 0)
158 return n; 158 return n;
159 159
160 rb = &(s->s3->rbuf); 160 rb = &(S3I(s)->rbuf);
161 if (rb->buf == NULL) 161 if (rb->buf == NULL)
162 if (!ssl3_setup_read_buffer(s)) 162 if (!ssl3_setup_read_buffer(s))
163 return -1; 163 return -1;
@@ -239,7 +239,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
239 } 239 }
240 240
241 while (left < n) { 241 while (left < n) {
242 /* Now we have len+left bytes at the front of s->s3->rbuf.buf 242 /* Now we have len+left bytes at the front of S3I(s)->rbuf.buf
243 * and need to read in more until we have len+n (up to 243 * and need to read in more until we have len+n (up to
244 * len+max if possible) */ 244 * len+max if possible) */
245 245
@@ -288,7 +288,7 @@ ssl3_packet_read(SSL *s, int plen)
288{ 288{
289 int n; 289 int n;
290 290
291 n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0); 291 n = ssl3_read_n(s, plen, S3I(s)->rbuf.len, 0);
292 if (n <= 0) 292 if (n <= 0)
293 return n; 293 return n;
294 if (s->internal->packet_length < plen) 294 if (s->internal->packet_length < plen)
@@ -387,7 +387,7 @@ ssl3_get_record(SSL *s)
387 goto err; 387 goto err;
388 } 388 }
389 389
390 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { 390 if (rr->length > S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH) {
391 al = SSL_AD_RECORD_OVERFLOW; 391 al = SSL_AD_RECORD_OVERFLOW;
392 SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG); 392 SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
393 goto f_err; 393 goto f_err;
@@ -629,7 +629,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
629 int eivlen; 629 int eivlen;
630 size_t align; 630 size_t align;
631 SSL3_RECORD *wr; 631 SSL3_RECORD *wr;
632 SSL3_BUFFER *wb = &(s->s3->wbuf); 632 SSL3_BUFFER *wb = &(S3I(s)->wbuf);
633 SSL_SESSION *sess; 633 SSL_SESSION *sess;
634 634
635 if (wb->buf == NULL) 635 if (wb->buf == NULL)
@@ -642,7 +642,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
642 return (ssl3_write_pending(s, type, buf, len)); 642 return (ssl3_write_pending(s, type, buf, len));
643 643
644 /* If we have an alert to send, lets send it */ 644 /* If we have an alert to send, lets send it */
645 if (s->s3->alert_dispatch) { 645 if (S3I(s)->alert_dispatch) {
646 i = s->method->ssl_dispatch_alert(s); 646 i = s->method->ssl_dispatch_alert(s);
647 if (i <= 0) 647 if (i <= 0)
648 return (i); 648 return (i);
@@ -818,12 +818,12 @@ err:
818 return -1; 818 return -1;
819} 819}
820 820
821/* if s->s3->wbuf.left != 0, we need to call this */ 821/* if S3I(s)->wbuf.left != 0, we need to call this */
822int 822int
823ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) 823ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
824{ 824{
825 int i; 825 int i;
826 SSL3_BUFFER *wb = &(s->s3->wbuf); 826 SSL3_BUFFER *wb = &(S3I(s)->wbuf);
827 827
828 /* XXXX */ 828 /* XXXX */
829 if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) && 829 if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
@@ -901,7 +901,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
901 unsigned int n; 901 unsigned int n;
902 SSL3_RECORD *rr; 902 SSL3_RECORD *rr;
903 903
904 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 904 if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
905 if (!ssl3_setup_read_buffer(s)) 905 if (!ssl3_setup_read_buffer(s))
906 return (-1); 906 return (-1);
907 907
@@ -1031,7 +1031,7 @@ start:
1031 s->internal->rstate = SSL_ST_READ_HEADER; 1031 s->internal->rstate = SSL_ST_READ_HEADER;
1032 rr->off = 0; 1032 rr->off = 0;
1033 if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && 1033 if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&
1034 s->s3->rbuf.left == 0) 1034 S3I(s)->rbuf.left == 0)
1035 ssl3_release_read_buffer(s); 1035 ssl3_release_read_buffer(s);
1036 } 1036 }
1037 } 1037 }
@@ -1115,7 +1115,7 @@ start:
1115 } 1115 }
1116 1116
1117 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { 1117 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
1118 if (s->s3->rbuf.left == 0) { 1118 if (S3I(s)->rbuf.left == 0) {
1119 /* no read-ahead left? */ 1119 /* no read-ahead left? */
1120 /* In the case where we try to read application data, 1120 /* In the case where we try to read application data,
1121 * but we trigger an SSL handshake, we return -1 with 1121 * but we trigger an SSL handshake, we return -1 with
@@ -1276,7 +1276,7 @@ start:
1276 } 1276 }
1277 1277
1278 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { 1278 if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
1279 if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ 1279 if (S3I(s)->rbuf.left == 0) { /* no read-ahead left? */
1280 /* In the case where we try to read application data, 1280 /* In the case where we try to read application data,
1281 * but we trigger an SSL handshake, we return -1 with 1281 * but we trigger an SSL handshake, we return -1 with
1282 * the retry option set. Otherwise renegotiation may 1282 * the retry option set. Otherwise renegotiation may
@@ -1403,10 +1403,10 @@ ssl3_send_alert(SSL *s, int level, int desc)
1403 if ((level == 2) && (s->session != NULL)) 1403 if ((level == 2) && (s->session != NULL))
1404 SSL_CTX_remove_session(s->ctx, s->session); 1404 SSL_CTX_remove_session(s->ctx, s->session);
1405 1405
1406 s->s3->alert_dispatch = 1; 1406 S3I(s)->alert_dispatch = 1;
1407 s->s3->send_alert[0] = level; 1407 S3I(s)->send_alert[0] = level;
1408 s->s3->send_alert[1] = desc; 1408 S3I(s)->send_alert[1] = desc;
1409 if (s->s3->wbuf.left == 0) /* data still being written out? */ 1409 if (S3I(s)->wbuf.left == 0) /* data still being written out? */
1410 return s->method->ssl_dispatch_alert(s); 1410 return s->method->ssl_dispatch_alert(s);
1411 1411
1412 /* else data is still being written out, we will get written 1412 /* else data is still being written out, we will get written
@@ -1420,20 +1420,20 @@ ssl3_dispatch_alert(SSL *s)
1420 int i, j; 1420 int i, j;
1421 void (*cb)(const SSL *ssl, int type, int val) = NULL; 1421 void (*cb)(const SSL *ssl, int type, int val) = NULL;
1422 1422
1423 s->s3->alert_dispatch = 0; 1423 S3I(s)->alert_dispatch = 0;
1424 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); 1424 i = do_ssl3_write(s, SSL3_RT_ALERT, &S3I(s)->send_alert[0], 2, 0);
1425 if (i <= 0) { 1425 if (i <= 0) {
1426 s->s3->alert_dispatch = 1; 1426 S3I(s)->alert_dispatch = 1;
1427 } else { 1427 } else {
1428 /* Alert sent to BIO. If it is important, flush it now. 1428 /* Alert sent to BIO. If it is important, flush it now.
1429 * If the message does not get sent due to non-blocking IO, 1429 * If the message does not get sent due to non-blocking IO,
1430 * we will not worry too much. */ 1430 * we will not worry too much. */
1431 if (s->s3->send_alert[0] == SSL3_AL_FATAL) 1431 if (S3I(s)->send_alert[0] == SSL3_AL_FATAL)
1432 (void)BIO_flush(s->wbio); 1432 (void)BIO_flush(s->wbio);
1433 1433
1434 if (s->internal->msg_callback) 1434 if (s->internal->msg_callback)
1435 s->internal->msg_callback(1, s->version, SSL3_RT_ALERT, 1435 s->internal->msg_callback(1, s->version, SSL3_RT_ALERT,
1436 s->s3->send_alert, 2, s, s->internal->msg_callback_arg); 1436 S3I(s)->send_alert, 2, s, s->internal->msg_callback_arg);
1437 1437
1438 if (s->internal->info_callback != NULL) 1438 if (s->internal->info_callback != NULL)
1439 cb = s->internal->info_callback; 1439 cb = s->internal->info_callback;
@@ -1441,7 +1441,7 @@ ssl3_dispatch_alert(SSL *s)
1441 cb = s->ctx->internal->info_callback; 1441 cb = s->ctx->internal->info_callback;
1442 1442
1443 if (cb != NULL) { 1443 if (cb != NULL) {
1444 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1444 j = (S3I(s)->send_alert[0]<<8)|S3I(s)->send_alert[1];
1445 cb(s, SSL_CB_WRITE_ALERT, j); 1445 cb(s, SSL_CB_WRITE_ALERT, j);
1446 } 1446 }
1447 } 1447 }
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index b8ebf52417..2a38d8de6a 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.114 2018/09/08 14:39:41 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.115 2018/10/24 18:04:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -579,7 +579,7 @@ tls1_change_cipher_state(SSL *s, int which)
579 iv_len = EVP_CIPHER_iv_length(cipher); 579 iv_len = EVP_CIPHER_iv_length(cipher);
580 } 580 }
581 581
582 mac_secret_size = s->s3->tmp.new_mac_secret_size; 582 mac_secret_size = S3I(s)->tmp.new_mac_secret_size;
583 583
584 key_block = S3I(s)->hs.key_block; 584 key_block = S3I(s)->hs.key_block;
585 client_write_mac_secret = key_block; 585 client_write_mac_secret = key_block;
@@ -666,7 +666,7 @@ tls1_setup_key_block(SSL *s)
666 S3I(s)->tmp.new_sym_enc = cipher; 666 S3I(s)->tmp.new_sym_enc = cipher;
667 S3I(s)->tmp.new_hash = mac; 667 S3I(s)->tmp.new_hash = mac;
668 S3I(s)->tmp.new_mac_pkey_type = mac_type; 668 S3I(s)->tmp.new_mac_pkey_type = mac_type;
669 s->s3->tmp.new_mac_secret_size = mac_secret_size; 669 S3I(s)->tmp.new_mac_secret_size = mac_secret_size;
670 670
671 tls1_cleanup_key_block(s); 671 tls1_cleanup_key_block(s);
672 672
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 18:48:05 +0000