From 3b455600d14ddcf2be0dcd2d4765d1b7854cd1c5 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Sun, 7 May 2017 04:22:24 +0000
Subject: Move state from ssl->internal to the handshake structure. while we
are at it, convert SSLerror to use a function internally, so that we may
later allocate the handshake structure and check for it ok jsing@
---
src/lib/libssl/d1_both.c | 8 ++--
src/lib/libssl/d1_clnt.c | 72 ++++++++++++++--------------
src/lib/libssl/d1_pkt.c | 20 ++++----
src/lib/libssl/d1_srvr.c | 92 ++++++++++++++++++------------------
src/lib/libssl/s3_lib.c | 6 +--
src/lib/libssl/ssl.h | 14 +++---
src/lib/libssl/ssl_both.c | 16 +++----
src/lib/libssl/ssl_clnt.c | 106 ++++++++++++++++++++---------------------
src/lib/libssl/ssl_err.c | 11 ++++-
src/lib/libssl/ssl_lib.c | 16 +++----
src/lib/libssl/ssl_locl.h | 10 ++--
src/lib/libssl/ssl_pkt.c | 24 +++++-----
src/lib/libssl/ssl_srvr.c | 118 +++++++++++++++++++++++-----------------------
src/lib/libssl/ssl_stat.c | 6 +--
src/lib/libssl/t1_lib.c | 4 +-
15 files changed, 267 insertions(+), 256 deletions(-)
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 0b8999b782..6b86cfc03e 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.50 2017/03/04 16:32:00 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.51 2017/05/07 04:22:24 beck Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -850,7 +850,7 @@ again:
goto f_err;
/* XDTLS: ressurect this when restart is in place */
- s->internal->state = stn;
+ S3I(s)->hs.state = stn;
if (frag_len > 0) {
unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
@@ -908,7 +908,7 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
{
unsigned char *p;
- if (s->internal->state == a) {
+ if (S3I(s)->hs.state == a) {
p = (unsigned char *)s->internal->init_buf->data;
*p++=SSL3_MT_CCS;
D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
@@ -922,7 +922,7 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 1);
- s->internal->state = b;
+ S3I(s)->hs.state = b;
}
/* SSL3_ST_CW_CHANGE_B */
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 802aa5cde0..3eebf98417 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.75 2017/05/06 22:24:57 beck Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.76 2017/05/07 04:22:24 beck Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -198,12 +198,12 @@ dtls1_connect(SSL *s)
for (;;) {
- state = s->internal->state;
+ state = S3I(s)->hs.state;
- switch (s->internal->state) {
+ switch (S3I(s)->hs.state) {
case SSL_ST_RENEGOTIATE:
s->internal->renegotiate = 1;
- s->internal->state = SSL_ST_CONNECT;
+ S3I(s)->hs.state = SSL_ST_CONNECT;
s->ctx->internal->stats.sess_connect_renegotiate++;
/* break */
case SSL_ST_BEFORE:
@@ -239,7 +239,7 @@ dtls1_connect(SSL *s)
/* don't push the buffering BIO quite yet */
- s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->internal->stats.sess_connect++;
s->internal->init_num = 0;
/* mark client_random uninitialized */
@@ -267,10 +267,10 @@ dtls1_connect(SSL *s)
goto end;
if (D1I(s)->send_cookie) {
- s->internal->state = SSL3_ST_CW_FLUSH;
+ S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A;
} else
- s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;
+ S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
s->internal->init_num = 0;
@@ -288,9 +288,9 @@ dtls1_connect(SSL *s)
else {
if (s->internal->hit) {
- s->internal->state = SSL3_ST_CR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
} else
- s->internal->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
+ S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
}
s->internal->init_num = 0;
break;
@@ -303,9 +303,9 @@ dtls1_connect(SSL *s)
goto end;
dtls1_stop_timer(s);
if ( D1I(s)->send_cookie) /* start again, with a cookie */
- s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
else
- s->internal->state = SSL3_ST_CR_CERT_A;
+ S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
s->internal->init_num = 0;
break;
@@ -317,9 +317,9 @@ dtls1_connect(SSL *s)
if (ret == 2) {
s->internal->hit = 1;
if (s->internal->tlsext_ticket_expected)
- s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
+ S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
else
- s->internal->state = SSL3_ST_CR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
s->internal->init_num = 0;
break;
}
@@ -330,12 +330,12 @@ dtls1_connect(SSL *s)
if (ret <= 0)
goto end;
if (s->internal->tlsext_status_expected)
- s->internal->state = SSL3_ST_CR_CERT_STATUS_A;
+ S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A;
else
- s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
} else {
skip = 1;
- s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
}
s->internal->init_num = 0;
break;
@@ -345,7 +345,7 @@ dtls1_connect(SSL *s)
ret = ssl3_get_server_key_exchange(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CR_CERT_REQ_A;
+ S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A;
s->internal->init_num = 0;
/* at this point we check that we have the
@@ -361,7 +361,7 @@ dtls1_connect(SSL *s)
ret = ssl3_get_certificate_request(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CR_SRVR_DONE_A;
+ S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A;
s->internal->init_num = 0;
break;
@@ -376,7 +376,7 @@ dtls1_connect(SSL *s)
else
S3I(s)->hs.next_state = SSL3_ST_CW_KEY_EXCH_A;
s->internal->init_num = 0;
- s->internal->state = S3I(s)->hs.next_state;
+ S3I(s)->hs.state = S3I(s)->hs.next_state;
break;
case SSL3_ST_CW_CERT_A:
@@ -387,7 +387,7 @@ dtls1_connect(SSL *s)
ret = ssl3_send_client_certificate(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
s->internal->init_num = 0;
break;
@@ -403,9 +403,9 @@ dtls1_connect(SSL *s)
/* For TLS, cert_req is set to 2, so a cert chain
* of nothing is sent, but no verify packet is sent */
if (S3I(s)->tmp.cert_req == 1) {
- s->internal->state = SSL3_ST_CW_CERT_VRFY_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A;
} else {
- s->internal->state = SSL3_ST_CW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
S3I(s)->change_cipher_spec = 0;
}
@@ -418,7 +418,7 @@ dtls1_connect(SSL *s)
ret = ssl3_send_client_verify(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
s->internal->init_num = 0;
S3I(s)->change_cipher_spec = 0;
break;
@@ -432,7 +432,7 @@ dtls1_connect(SSL *s)
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CW_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
s->internal->init_num = 0;
s->session->cipher = S3I(s)->hs.new_cipher;
@@ -461,14 +461,14 @@ dtls1_connect(SSL *s)
TLS_MD_CLIENT_FINISH_CONST_SIZE);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CW_FLUSH;
+ S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
/* clear flags */
s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
if (s->internal->hit) {
S3I(s)->hs.next_state = SSL_ST_OK;
if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
- s->internal->state = SSL_ST_OK;
+ S3I(s)->hs.state = SSL_ST_OK;
s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
S3I(s)->delay_buf_pop_ret = 0;
}
@@ -490,7 +490,7 @@ dtls1_connect(SSL *s)
ret = ssl3_get_new_session_ticket(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
s->internal->init_num = 0;
break;
@@ -499,7 +499,7 @@ dtls1_connect(SSL *s)
ret = ssl3_get_cert_status(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
s->internal->init_num = 0;
break;
@@ -513,9 +513,9 @@ dtls1_connect(SSL *s)
dtls1_stop_timer(s);
if (s->internal->hit)
- s->internal->state = SSL3_ST_CW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
else
- s->internal->state = SSL_ST_OK;
+ S3I(s)->hs.state = SSL_ST_OK;
s->internal->init_num = 0;
@@ -527,14 +527,14 @@ dtls1_connect(SSL *s)
/* If the write error was fatal, stop trying */
if (!BIO_should_retry(s->wbio)) {
s->internal->rwstate = SSL_NOTHING;
- s->internal->state = S3I(s)->hs.next_state;
+ S3I(s)->hs.state = S3I(s)->hs.next_state;
}
ret = -1;
goto end;
}
s->internal->rwstate = SSL_NOTHING;
- s->internal->state = S3I(s)->hs.next_state;
+ S3I(s)->hs.state = S3I(s)->hs.next_state;
break;
case SSL_ST_OK:
@@ -583,11 +583,11 @@ dtls1_connect(SSL *s)
goto end;
}
- if ((cb != NULL) && (s->internal->state != state)) {
- new_state = s->internal->state;
- s->internal->state = state;
+ if ((cb != NULL) && (S3I(s)->hs.state != state)) {
+ new_state = S3I(s)->hs.state;
+ S3I(s)->hs.state = state;
cb(s, SSL_CB_CONNECT_LOOP, 1);
- s->internal->state = new_state;
+ S3I(s)->hs.state = new_state;
}
}
skip = 0;
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 5fdd176800..9f670fadfd 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.62 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.63 2017/05/07 04:22:24 beck Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -685,7 +685,7 @@ start:
* so process data buffered during the last handshake
* in advance, if any.
*/
- if (s->internal->state == SSL_ST_OK && rr->length == 0) {
+ if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0) {
pitem *item;
item = pqueue_pop(D1I(s)->buffered_app_data.q);
if (item) {
@@ -1028,9 +1028,9 @@ start:
goto start;
}
- if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) &&
+ if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
- s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+ S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
s->internal->renegotiate = 1;
s->internal->new_session = 1;
}
@@ -1089,12 +1089,12 @@ start:
*/
if (S3I(s)->in_read_app_data &&
(S3I(s)->total_renegotiations != 0) &&
- (((s->internal->state & SSL_ST_CONNECT) &&
- (s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
- (s->internal->state & SSL_ST_ACCEPT) &&
- (s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
+ (((S3I(s)->hs.state & SSL_ST_CONNECT) &&
+ (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+ (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
+ (S3I(s)->hs.state & SSL_ST_ACCEPT) &&
+ (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
+ (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
S3I(s)->in_read_app_data = 2;
return (-1);
} else {
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 1ef8bce56b..ae90ee2093 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.87 2017/05/06 22:24:57 beck Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.88 2017/05/07 04:22:24 beck Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -208,12 +208,12 @@ dtls1_accept(SSL *s)
}
for (;;) {
- state = s->internal->state;
+ state = S3I(s)->hs.state;
- switch (s->internal->state) {
+ switch (S3I(s)->hs.state) {
case SSL_ST_RENEGOTIATE:
s->internal->renegotiate = 1;
- /* s->internal->state=SSL_ST_ACCEPT; */
+ /* S3I(s)->hs.state=SSL_ST_ACCEPT; */
case SSL_ST_BEFORE:
case SSL_ST_ACCEPT:
@@ -242,7 +242,7 @@ dtls1_accept(SSL *s)
s->internal->init_num = 0;
- if (s->internal->state != SSL_ST_RENEGOTIATE) {
+ if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) {
/* Ok, we now need to push on a buffering BIO so that
* the output is sent in a way that TCP likes :-)
* ...but not with SCTP :-)
@@ -257,13 +257,13 @@ dtls1_accept(SSL *s)
goto end;
}
- s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;
+ S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->internal->stats.sess_accept++;
} else {
- /* s->internal->state == SSL_ST_RENEGOTIATE,
+ /* S3I(s)->hs.state == SSL_ST_RENEGOTIATE,
* we will just send a HelloRequest */
s->ctx->internal->stats.sess_accept_renegotiate++;
- s->internal->state = SSL3_ST_SW_HELLO_REQ_A;
+ S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A;
}
break;
@@ -278,7 +278,7 @@ dtls1_accept(SSL *s)
if (ret <= 0)
goto end;
S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
- s->internal->state = SSL3_ST_SW_FLUSH;
+ S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
s->internal->init_num = 0;
if (!tls1_init_finished_mac(s)) {
@@ -288,7 +288,7 @@ dtls1_accept(SSL *s)
break;
case SSL3_ST_SW_HELLO_REQ_C:
- s->internal->state = SSL_ST_OK;
+ S3I(s)->hs.state = SSL_ST_OK;
break;
case SSL3_ST_SR_CLNT_HELLO_A:
@@ -302,9 +302,9 @@ dtls1_accept(SSL *s)
dtls1_stop_timer(s);
if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
- s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
+ S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
else
- s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;
+ S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
s->internal->init_num = 0;
@@ -314,7 +314,7 @@ dtls1_accept(SSL *s)
}
/* If we're just listening, stop here */
- if (listen && s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {
+ if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
ret = 2;
D1I(s)->listen = 0;
/* Set expected sequence numbers
@@ -334,7 +334,7 @@ dtls1_accept(SSL *s)
ret = dtls1_send_hello_verify_request(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SW_FLUSH;
+ S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A;
/* HelloVerifyRequest resets Finished MAC */
@@ -355,11 +355,11 @@ dtls1_accept(SSL *s)
if (s->internal->hit) {
if (s->internal->tlsext_ticket_expected)
- s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
+ S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
else
- s->internal->state = SSL3_ST_SW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
} else
- s->internal->state = SSL3_ST_SW_CERT_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CERT_A;
s->internal->init_num = 0;
break;
@@ -373,12 +373,12 @@ dtls1_accept(SSL *s)
if (ret <= 0)
goto end;
if (s->internal->tlsext_status_expected)
- s->internal->state = SSL3_ST_SW_CERT_STATUS_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A;
else
- s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
} else {
skip = 1;
- s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
}
s->internal->init_num = 0;
break;
@@ -396,7 +396,7 @@ dtls1_accept(SSL *s)
} else
skip = 1;
- s->internal->state = SSL3_ST_SW_CERT_REQ_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A;
s->internal->init_num = 0;
break;
@@ -428,14 +428,14 @@ dtls1_accept(SSL *s)
/* no cert request */
skip = 1;
S3I(s)->tmp.cert_request = 0;
- s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
+ S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
} else {
S3I(s)->tmp.cert_request = 1;
dtls1_start_timer(s);
ret = ssl3_send_certificate_request(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
+ S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
s->internal->init_num = 0;
}
break;
@@ -447,7 +447,7 @@ dtls1_accept(SSL *s)
if (ret <= 0)
goto end;
S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;
- s->internal->state = SSL3_ST_SW_FLUSH;
+ S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
s->internal->init_num = 0;
break;
@@ -457,14 +457,14 @@ dtls1_accept(SSL *s)
/* If the write error was fatal, stop trying */
if (!BIO_should_retry(s->wbio)) {
s->internal->rwstate = SSL_NOTHING;
- s->internal->state = S3I(s)->hs.next_state;
+ S3I(s)->hs.state = S3I(s)->hs.next_state;
}
ret = -1;
goto end;
}
s->internal->rwstate = SSL_NOTHING;
- s->internal->state = S3I(s)->hs.next_state;
+ S3I(s)->hs.state = S3I(s)->hs.next_state;
break;
case SSL3_ST_SR_CERT_A:
@@ -475,7 +475,7 @@ dtls1_accept(SSL *s)
goto end;
}
s->internal->init_num = 0;
- s->internal->state = SSL3_ST_SR_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A;
break;
case SSL3_ST_SR_KEY_EXCH_A:
@@ -484,7 +484,7 @@ dtls1_accept(SSL *s)
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
+ S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
if (ret == 2) {
@@ -493,10 +493,10 @@ dtls1_accept(SSL *s)
* a certificate, the CertificateVerify
* message is not sent.
*/
- s->internal->state = SSL3_ST_SR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
s->internal->init_num = 0;
} else if (SSL_USE_SIGALGS(s)) {
- s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
+ S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
if (!s->session->peer)
break;
@@ -516,7 +516,7 @@ dtls1_accept(SSL *s)
goto end;
}
} else {
- s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
+ S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
/*
@@ -547,7 +547,7 @@ dtls1_accept(SSL *s)
ret = ssl3_get_cert_verify(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
s->internal->init_num = 0;
break;
@@ -560,11 +560,11 @@ dtls1_accept(SSL *s)
goto end;
dtls1_stop_timer(s);
if (s->internal->hit)
- s->internal->state = SSL_ST_OK;
+ S3I(s)->hs.state = SSL_ST_OK;
else if (s->internal->tlsext_ticket_expected)
- s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
+ S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
else
- s->internal->state = SSL3_ST_SW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
s->internal->init_num = 0;
break;
@@ -573,7 +573,7 @@ dtls1_accept(SSL *s)
ret = ssl3_send_newsession_ticket(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
s->internal->init_num = 0;
break;
@@ -582,7 +582,7 @@ dtls1_accept(SSL *s)
ret = ssl3_send_cert_status(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
s->internal->init_num = 0;
break;
@@ -603,7 +603,7 @@ dtls1_accept(SSL *s)
goto end;
- s->internal->state = SSL3_ST_SW_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;
s->internal->init_num = 0;
if (!tls1_change_cipher_state(s,
@@ -623,7 +623,7 @@ dtls1_accept(SSL *s)
TLS_MD_SERVER_FINISH_CONST_SIZE);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SW_FLUSH;
+ S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
if (s->internal->hit) {
S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;
@@ -680,11 +680,11 @@ dtls1_accept(SSL *s)
goto end;
}
- if ((cb != NULL) && (s->internal->state != state)) {
- new_state = s->internal->state;
- s->internal->state = state;
+ if ((cb != NULL) && (S3I(s)->hs.state != state)) {
+ new_state = S3I(s)->hs.state;
+ S3I(s)->hs.state = state;
cb(s, SSL_CB_ACCEPT_LOOP, 1);
- s->internal->state = new_state;
+ S3I(s)->hs.state = new_state;
}
}
skip = 0;
@@ -707,7 +707,7 @@ dtls1_send_hello_verify_request(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (s->internal->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
+ if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
if (s->ctx->internal->app_gen_cookie_cb == NULL ||
s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie,
&(D1I(s)->cookie_len)) == 0) {
@@ -727,10 +727,10 @@ dtls1_send_hello_verify_request(SSL *s)
if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
goto err;
- s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
+ S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
}
- /* s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
+ /* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
return (ssl3_handshake_write(s));
err:
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index f728eb7648..697ac6c7c5 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.142 2017/05/06 22:24:57 beck Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.143 2017/05/07 04:22:24 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2540,7 +2540,7 @@ ssl3_shutdown(SSL *s)
* Don't do anything much if we have not done the handshake or
* we don't want to send messages :-)
*/
- if ((s->internal->quiet_shutdown) || (s->internal->state == SSL_ST_BEFORE)) {
+ if ((s->internal->quiet_shutdown) || (S3I(s)->hs.state == SSL_ST_BEFORE)) {
s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
return (1);
}
@@ -2704,7 +2704,7 @@ ssl3_renegotiate_check(SSL *s)
* to SSL_ST_ACCEPT.
*/
/* SSL_ST_ACCEPT */
- s->internal->state = SSL_ST_RENEGOTIATE;
+ S3I(s)->hs.state = SSL_ST_RENEGOTIATE;
S3I(s)->renegotiate = 0;
S3I(s)->num_renegotiations++;
S3I(s)->total_renegotiations++;
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 05d0660c49..dda5192c10 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.128 2017/05/06 20:37:25 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.129 2017/05/07 04:22:24 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -932,12 +932,12 @@ extern "C" {
#define SSL_CB_HANDSHAKE_DONE 0x20
/* Is the SSL_connection established? */
-#define SSL_get_state(a) SSL_state(a)
-#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
-#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
-#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
-#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
-#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
+#define SSL_get_state(a) (SSL_state((a)))
+#define SSL_is_init_finished(a) (SSL_state((a)) == SSL_ST_OK)
+#define SSL_in_init(a) (SSL_state((a))&SSL_ST_INIT)
+#define SSL_in_before(a) (SSL_state((a))&SSL_ST_BEFORE)
+#define SSL_in_connect_init(a) (SSL_state((a))&SSL_ST_CONNECT)
+#define SSL_in_accept_init(a) (SSL_state((a))&SSL_ST_ACCEPT)
/* The following 2 states are kept in ssl->rstate when reads fail,
* you should not need these */
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 13c39e85b2..4a724560f2 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.8 2017/05/06 22:24:57 beck Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.9 2017/05/07 04:22:24 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -171,7 +171,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
memset(&cbb, 0, sizeof(cbb));
- if (s->internal->state == a) {
+ if (S3I(s)->hs.state == a) {
md_len = TLS1_FINISH_MAC_LENGTH;
OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
@@ -199,7 +199,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
goto err;
- s->internal->state = b;
+ S3I(s)->hs.state = b;
}
return (ssl3_handshake_write(s));
@@ -227,7 +227,7 @@ ssl3_take_mac(SSL *s)
if (S3I(s)->hs.new_cipher == NULL)
return;
- if (s->internal->state & SSL_ST_CONNECT) {
+ if (S3I(s)->hs.state & SSL_ST_CONNECT) {
sender = TLS_MD_SERVER_FINISH_CONST;
slen = TLS_MD_SERVER_FINISH_CONST_SIZE;
} else {
@@ -313,13 +313,13 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b)
{
unsigned char *p;
- if (s->internal->state == a) {
+ if (S3I(s)->hs.state == a) {
p = (unsigned char *)s->internal->init_buf->data;
*p = SSL3_MT_CCS;
s->internal->init_num = 1;
s->internal->init_off = 0;
- s->internal->state = b;
+ S3I(s)->hs.state = b;
}
/* SSL3_ST_CW_CHANGE_B */
@@ -442,7 +442,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
p = (unsigned char *)s->internal->init_buf->data;
/* s->internal->init_num < 4 */
- if (s->internal->state == st1) {
+ if (S3I(s)->hs.state == st1) {
int skip_message;
do {
@@ -504,7 +504,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
goto err;
}
S3I(s)->tmp.message_size = l;
- s->internal->state = stn;
+ S3I(s)->hs.state = stn;
s->internal->init_msg = s->internal->init_buf->data + 4;
s->internal->init_num = 0;
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index f6ca3e7f3c..a1745143f0 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.13 2017/05/06 22:24:57 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.14 2017/05/07 04:22:24 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -193,12 +193,12 @@ ssl3_connect(SSL *s)
SSL_clear(s);
for (;;) {
- state = s->internal->state;
+ state = S3I(s)->hs.state;
- switch (s->internal->state) {
+ switch (S3I(s)->hs.state) {
case SSL_ST_RENEGOTIATE:
s->internal->renegotiate = 1;
- s->internal->state = SSL_ST_CONNECT;
+ S3I(s)->hs.state = SSL_ST_CONNECT;
s->ctx->internal->stats.sess_connect_renegotiate++;
/* break */
case SSL_ST_BEFORE:
@@ -239,7 +239,7 @@ ssl3_connect(SSL *s)
goto end;
}
- s->internal->state = SSL3_ST_CW_CLNT_HELLO_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->internal->stats.sess_connect++;
s->internal->init_num = 0;
break;
@@ -251,7 +251,7 @@ ssl3_connect(SSL *s)
ret = ssl3_client_hello(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CR_SRVR_HELLO_A;
+ S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
s->internal->init_num = 0;
/* turn on buffering for the next lot of output */
@@ -267,13 +267,13 @@ ssl3_connect(SSL *s)
goto end;
if (s->internal->hit) {
- s->internal->state = SSL3_ST_CR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
if (s->internal->tlsext_ticket_expected) {
/* receive renewed session ticket */
- s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
+ S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
}
} else
- s->internal->state = SSL3_ST_CR_CERT_A;
+ S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
s->internal->init_num = 0;
break;
@@ -285,9 +285,9 @@ ssl3_connect(SSL *s)
if (ret == 2) {
s->internal->hit = 1;
if (s->internal->tlsext_ticket_expected)
- s->internal->state = SSL3_ST_CR_SESSION_TICKET_A;
+ S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
else
- s->internal->state = SSL3_ST_CR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
s->internal->init_num = 0;
break;
}
@@ -298,12 +298,12 @@ ssl3_connect(SSL *s)
if (ret <= 0)
goto end;
if (s->internal->tlsext_status_expected)
- s->internal->state = SSL3_ST_CR_CERT_STATUS_A;
+ S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A;
else
- s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
} else {
skip = 1;
- s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
}
s->internal->init_num = 0;
break;
@@ -313,7 +313,7 @@ ssl3_connect(SSL *s)
ret = ssl3_get_server_key_exchange(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CR_CERT_REQ_A;
+ S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A;
s->internal->init_num = 0;
/*
@@ -331,7 +331,7 @@ ssl3_connect(SSL *s)
ret = ssl3_get_certificate_request(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CR_SRVR_DONE_A;
+ S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A;
s->internal->init_num = 0;
break;
@@ -341,9 +341,9 @@ ssl3_connect(SSL *s)
if (ret <= 0)
goto end;
if (S3I(s)->tmp.cert_req)
- s->internal->state = SSL3_ST_CW_CERT_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CERT_A;
else
- s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
s->internal->init_num = 0;
break;
@@ -355,7 +355,7 @@ ssl3_connect(SSL *s)
ret = ssl3_send_client_certificate(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CW_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
s->internal->init_num = 0;
break;
@@ -381,13 +381,13 @@ ssl3_connect(SSL *s)
* inside the client certificate.
*/
if (S3I(s)->tmp.cert_req == 1) {
- s->internal->state = SSL3_ST_CW_CERT_VRFY_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A;
} else {
- s->internal->state = SSL3_ST_CW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
S3I(s)->change_cipher_spec = 0;
}
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
- s->internal->state = SSL3_ST_CW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
S3I(s)->change_cipher_spec = 0;
}
@@ -399,7 +399,7 @@ ssl3_connect(SSL *s)
ret = ssl3_send_client_verify(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
s->internal->init_num = 0;
S3I(s)->change_cipher_spec = 0;
break;
@@ -412,9 +412,9 @@ ssl3_connect(SSL *s)
goto end;
if (S3I(s)->next_proto_neg_seen)
- s->internal->state = SSL3_ST_CW_NEXT_PROTO_A;
+ S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_A;
else
- s->internal->state = SSL3_ST_CW_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
s->internal->init_num = 0;
s->session->cipher = S3I(s)->hs.new_cipher;
@@ -436,7 +436,7 @@ ssl3_connect(SSL *s)
ret = ssl3_send_next_proto(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CW_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
break;
case SSL3_ST_CW_FINISHED_A:
@@ -448,7 +448,7 @@ ssl3_connect(SSL *s)
if (ret <= 0)
goto end;
s->s3->flags |= SSL3_FLAGS_CCS_OK;
- s->internal->state = SSL3_ST_CW_FLUSH;
+ S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
/* clear flags */
s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
@@ -456,7 +456,7 @@ ssl3_connect(SSL *s)
S3I(s)->hs.next_state = SSL_ST_OK;
if (s->s3->flags &
SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
- s->internal->state = SSL_ST_OK;
+ S3I(s)->hs.state = SSL_ST_OK;
s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
S3I(s)->delay_buf_pop_ret = 0;
}
@@ -477,7 +477,7 @@ ssl3_connect(SSL *s)
ret = ssl3_get_new_session_ticket(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
s->internal->init_num = 0;
break;
@@ -486,7 +486,7 @@ ssl3_connect(SSL *s)
ret = ssl3_get_cert_status(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_CR_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
s->internal->init_num = 0;
break;
@@ -499,9 +499,9 @@ ssl3_connect(SSL *s)
goto end;
if (s->internal->hit)
- s->internal->state = SSL3_ST_CW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
else
- s->internal->state = SSL_ST_OK;
+ S3I(s)->hs.state = SSL_ST_OK;
s->internal->init_num = 0;
break;
@@ -512,7 +512,7 @@ ssl3_connect(SSL *s)
goto end;
}
s->internal->rwstate = SSL_NOTHING;
- s->internal->state = S3I(s)->hs.next_state;
+ S3I(s)->hs.state = S3I(s)->hs.next_state;
break;
case SSL_ST_OK:
@@ -563,11 +563,11 @@ ssl3_connect(SSL *s)
goto end;
}
- if ((cb != NULL) && (s->internal->state != state)) {
- new_state = s->internal->state;
- s->internal->state = state;
+ if ((cb != NULL) && (S3I(s)->hs.state != state)) {
+ new_state = S3I(s)->hs.state;
+ S3I(s)->hs.state = state;
cb(s, SSL_CB_CONNECT_LOOP, 1);
- s->internal->state = new_state;
+ S3I(s)->hs.state = new_state;
}
}
skip = 0;
@@ -591,7 +591,7 @@ ssl3_client_hello(SSL *s)
bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
- if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_A) {
+ if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {
SSL_SESSION *sess = s->session;
if (ssl_supported_version_range(s, NULL, &max_version) != 1) {
@@ -706,7 +706,7 @@ ssl3_client_hello(SSL *s)
ssl3_handshake_msg_finish(s, p - d);
- s->internal->state = SSL3_ST_CW_CLNT_HELLO_B;
+ S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B;
}
/* SSL3_ST_CW_CLNT_HELLO_B */
@@ -2273,7 +2273,7 @@ ssl3_send_client_key_exchange(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) {
+ if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
if ((sess_cert = SSI(s)->sess_cert) == NULL) {
@@ -2309,7 +2309,7 @@ ssl3_send_client_key_exchange(SSL *s)
if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
goto err;
- s->internal->state = SSL3_ST_CW_KEY_EXCH_B;
+ S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B;
}
/* SSL3_ST_CW_KEY_EXCH_B */
@@ -2335,7 +2335,7 @@ ssl3_send_client_verify(SSL *s)
EVP_MD_CTX_init(&mctx);
- if (s->internal->state == SSL3_ST_CW_CERT_VRFY_A) {
+ if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) {
p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
/*
@@ -2459,7 +2459,7 @@ ssl3_send_client_verify(SSL *s)
goto err;
}
- s->internal->state = SSL3_ST_CW_CERT_VRFY_B;
+ S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B;
ssl3_handshake_msg_finish(s, n);
}
@@ -2485,16 +2485,16 @@ ssl3_send_client_certificate(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (s->internal->state == SSL3_ST_CW_CERT_A) {
+ if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) {
if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
(s->cert->key->privatekey == NULL))
- s->internal->state = SSL3_ST_CW_CERT_B;
+ S3I(s)->hs.state = SSL3_ST_CW_CERT_B;
else
- s->internal->state = SSL3_ST_CW_CERT_C;
+ S3I(s)->hs.state = SSL3_ST_CW_CERT_C;
}
/* We need to get a client cert */
- if (s->internal->state == SSL3_ST_CW_CERT_B) {
+ if (S3I(s)->hs.state == SSL3_ST_CW_CERT_B) {
/*
* If we get an error, we need to
* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
@@ -2507,7 +2507,7 @@ ssl3_send_client_certificate(SSL *s)
}
s->internal->rwstate = SSL_NOTHING;
if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
- s->internal->state = SSL3_ST_CW_CERT_B;
+ S3I(s)->hs.state = SSL3_ST_CW_CERT_B;
if (!SSL_use_certificate(s, x509) ||
!SSL_use_PrivateKey(s, pkey))
i = 0;
@@ -2522,10 +2522,10 @@ ssl3_send_client_certificate(SSL *s)
S3I(s)->tmp.cert_req = 2;
/* Ok, we have a cert */
- s->internal->state = SSL3_ST_CW_CERT_C;
+ S3I(s)->hs.state = SSL3_ST_CW_CERT_C;
}
- if (s->internal->state == SSL3_ST_CW_CERT_C) {
+ if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) {
if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert,
SSL3_MT_CERTIFICATE))
goto err;
@@ -2535,7 +2535,7 @@ ssl3_send_client_certificate(SSL *s)
if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
goto err;
- s->internal->state = SSL3_ST_CW_CERT_D;
+ S3I(s)->hs.state = SSL3_ST_CW_CERT_D;
}
/* SSL3_ST_CW_CERT_D */
@@ -2625,7 +2625,7 @@ ssl3_send_next_proto(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) {
+ if (S3I(s)->hs.state == SSL3_ST_CW_NEXT_PROTO_A) {
pad_len = 32 - ((s->internal->next_proto_negotiated_len + 2) % 32);
if (!ssl3_handshake_msg_start_cbb(s, &cbb, &nextproto,
@@ -2644,7 +2644,7 @@ ssl3_send_next_proto(SSL *s)
if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
goto err;
- s->internal->state = SSL3_ST_CW_NEXT_PROTO_B;
+ S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_B;
}
return (ssl3_handshake_write(s));
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index f9e450125b..d61660c934 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.33 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.34 2017/05/07 04:22:24 beck Exp $ */
/* ====================================================================
* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
*
@@ -63,6 +63,8 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
+#include "ssl_locl.h"
+
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
@@ -667,3 +669,10 @@ SSL_state_func_code(int state) {
}
return 0xfff;
}
+
+void
+SSL_error_internal(const SSL *s, int r, char *f, int l)
+{
+ ERR_PUT_error(ERR_LIB_SSL,
+ (SSL_state_func_code(S3I(s)->hs.state)), r, f, l);
+}
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 76b2f8a8c4..c593e7b42b 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.160 2017/05/06 22:24:57 beck Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.161 2017/05/07 04:22:24 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -183,8 +183,6 @@ SSL_clear(SSL *s)
s->internal->type = 0;
- s->internal->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
-
s->version = s->method->internal->version;
s->client_version = s->version;
s->internal->rwstate = SSL_NOTHING;
@@ -212,6 +210,8 @@ SSL_clear(SSL *s)
} else
s->method->internal->ssl_clear(s);
+ S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
+
return (1);
}
@@ -2397,7 +2397,7 @@ SSL_set_accept_state(SSL *s)
{
s->server = 1;
s->internal->shutdown = 0;
- s->internal->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
+ S3I(s)->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
s->internal->handshake_func = s->method->internal->ssl_accept;
/* clear the current cipher */
ssl_clear_cipher_ctx(s);
@@ -2410,7 +2410,7 @@ SSL_set_connect_state(SSL *s)
{
s->server = 0;
s->internal->shutdown = 0;
- s->internal->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
+ S3I(s)->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
s->internal->handshake_func = s->method->internal->ssl_connect;
/* clear the current cipher */
ssl_clear_cipher_ctx(s);
@@ -2544,7 +2544,7 @@ SSL_dup(SSL *s)
ret->internal->quiet_shutdown = s->internal->quiet_shutdown;
ret->internal->shutdown = s->internal->shutdown;
/* SSL_dup does not really work at any state, though */
- ret->internal->state = s->internal->state;
+ S3I(ret)->hs.state = S3I(s)->hs.state;
ret->internal->rstate = s->internal->rstate;
/*
@@ -2804,13 +2804,13 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
int
SSL_state(const SSL *ssl)
{
- return (ssl->internal->state);
+ return (S3I(ssl)->hs.state);
}
void
SSL_set_state(SSL *ssl, int state)
{
- ssl->internal->state = state;
+ S3I(ssl)->hs.state = state;
}
void
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 410fc04688..8f1721ce5a 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.180 2017/05/06 22:24:58 beck Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.181 2017/05/07 04:22:24 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -432,6 +432,9 @@ typedef struct ssl_session_internal_st {
#define SSI(s) (s->session->internal)
typedef struct ssl_handshake_st {
+ /* state contains one of the SSL3_ST_* values. */
+ int state;
+
/* used when SSL_ST_FLUSH_DATA is entered */
int next_state;
@@ -776,7 +779,6 @@ typedef struct ssl_internal_st {
* 2 if we are a server and are inside a handshake
* (i.e. not just sending a HelloRequest) */
- int state; /* where we are */
int rstate; /* where we are when reading */
int mac_packet;
@@ -1379,9 +1381,9 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
unsigned mac_secret_length);
int SSL_state_func_code(int _state);
-#define SSLerror(s, r) ERR_PUT_error(ERR_LIB_SSL, \
- (SSL_state_func_code(s->internal->state)),(r),__FILE__,__LINE__)
+#define SSLerror(s, r) SSL_error_internal(s, r, __FILE__, __LINE__)
#define SSLerrorx(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),__FILE__,__LINE__)
+void SSL_error_internal(const SSL *s, int r, char *f, int l);
__END_HIDDEN_DECLS
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 953f3c118f..163b0292af 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.11 2017/05/06 22:24:58 beck Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.12 2017/05/07 04:22:24 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -728,7 +728,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* Some servers hang if iniatial client hello is larger than 256
* bytes and record version number > TLS 1.0
*/
- if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
+ if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
TLS1_get_version(s) > TLS1_VERSION)
*(p++) = 0x1;
else
@@ -1266,9 +1266,9 @@ start:
/* Unexpected handshake message (Client Hello, or protocol violation) */
if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) {
- if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) &&
+ if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
- s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+ S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
s->internal->renegotiate = 1;
s->internal->new_session = 1;
}
@@ -1326,12 +1326,12 @@ start:
*/
if (S3I(s)->in_read_app_data &&
(S3I(s)->total_renegotiations != 0) &&
- (((s->internal->state & SSL_ST_CONNECT) &&
- (s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
- ((s->internal->state & SSL_ST_ACCEPT) &&
- (s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
+ (((S3I(s)->hs.state & SSL_ST_CONNECT) &&
+ (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+ (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
+ ((S3I(s)->hs.state & SSL_ST_ACCEPT) &&
+ (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
+ (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
S3I(s)->in_read_app_data = 2;
return (-1);
} else {
@@ -1355,7 +1355,7 @@ ssl3_do_change_cipher_spec(SSL *s)
const char *sender;
int slen;
- if (s->internal->state & SSL_ST_ACCEPT)
+ if (S3I(s)->hs.state & SSL_ST_ACCEPT)
i = SSL3_CHANGE_CIPHER_SERVER_READ;
else
i = SSL3_CHANGE_CIPHER_CLIENT_READ;
@@ -1378,7 +1378,7 @@ ssl3_do_change_cipher_spec(SSL *s)
/* we have to record the message digest at
* this point so we can get it before we read
* the finished message */
- if (s->internal->state & SSL_ST_CONNECT) {
+ if (S3I(s)->hs.state & SSL_ST_CONNECT) {
sender = TLS_MD_SERVER_FINISH_CONST;
slen = TLS_MD_SERVER_FINISH_CONST_SIZE;
} else {
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 35a9ace527..730d4ed1ad 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.16 2017/05/06 22:24:58 beck Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.17 2017/05/07 04:22:24 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -195,12 +195,12 @@ ssl3_accept(SSL *s)
}
for (;;) {
- state = s->internal->state;
+ state = S3I(s)->hs.state;
- switch (s->internal->state) {
+ switch (S3I(s)->hs.state) {
case SSL_ST_RENEGOTIATE:
s->internal->renegotiate = 1;
- /* s->internal->state=SSL_ST_ACCEPT; */
+ /* S3I(s)->hs.state=SSL_ST_ACCEPT; */
case SSL_ST_BEFORE:
case SSL_ST_ACCEPT:
@@ -229,7 +229,7 @@ ssl3_accept(SSL *s)
s->internal->init_num = 0;
- if (s->internal->state != SSL_ST_RENEGOTIATE) {
+ if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) {
/*
* Ok, we now need to push on a buffering BIO
* so that the output is sent in a way that
@@ -245,7 +245,7 @@ ssl3_accept(SSL *s)
goto end;
}
- s->internal->state = SSL3_ST_SR_CLNT_HELLO_A;
+ S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->internal->stats.sess_accept++;
} else if (!S3I(s)->send_connection_binding) {
/*
@@ -260,11 +260,11 @@ ssl3_accept(SSL *s)
goto end;
} else {
/*
- * s->internal->state == SSL_ST_RENEGOTIATE,
+ * S3I(s)->hs.state == SSL_ST_RENEGOTIATE,
* we will just send a HelloRequest
*/
s->ctx->internal->stats.sess_accept_renegotiate++;
- s->internal->state = SSL3_ST_SW_HELLO_REQ_A;
+ S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A;
}
break;
@@ -276,7 +276,7 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C;
- s->internal->state = SSL3_ST_SW_FLUSH;
+ S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
s->internal->init_num = 0;
if (!tls1_init_finished_mac(s)) {
@@ -286,7 +286,7 @@ ssl3_accept(SSL *s)
break;
case SSL3_ST_SW_HELLO_REQ_C:
- s->internal->state = SSL_ST_OK;
+ S3I(s)->hs.state = SSL_ST_OK;
break;
case SSL3_ST_SR_CLNT_HELLO_A:
@@ -301,7 +301,7 @@ ssl3_accept(SSL *s)
}
s->internal->renegotiate = 2;
- s->internal->state = SSL3_ST_SW_SRVR_HELLO_A;
+ S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
s->internal->init_num = 0;
break;
@@ -312,12 +312,12 @@ ssl3_accept(SSL *s)
goto end;
if (s->internal->hit) {
if (s->internal->tlsext_ticket_expected)
- s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
+ S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
else
- s->internal->state = SSL3_ST_SW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
}
else
- s->internal->state = SSL3_ST_SW_CERT_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CERT_A;
s->internal->init_num = 0;
break;
@@ -330,12 +330,12 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
if (s->internal->tlsext_status_expected)
- s->internal->state = SSL3_ST_SW_CERT_STATUS_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A;
else
- s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
} else {
skip = 1;
- s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
}
s->internal->init_num = 0;
break;
@@ -359,7 +359,7 @@ ssl3_accept(SSL *s)
} else
skip = 1;
- s->internal->state = SSL3_ST_SW_CERT_REQ_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A;
s->internal->init_num = 0;
break;
@@ -391,7 +391,7 @@ ssl3_accept(SSL *s)
/* No cert request */
skip = 1;
S3I(s)->tmp.cert_request = 0;
- s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
+ S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
if (S3I(s)->handshake_buffer) {
if (!tls1_digest_cached_records(s)) {
ret = -1;
@@ -403,7 +403,7 @@ ssl3_accept(SSL *s)
ret = ssl3_send_certificate_request(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SW_SRVR_DONE_A;
+ S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
s->internal->init_num = 0;
}
break;
@@ -414,7 +414,7 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A;
- s->internal->state = SSL3_ST_SW_FLUSH;
+ S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
s->internal->init_num = 0;
break;
@@ -438,7 +438,7 @@ ssl3_accept(SSL *s)
}
s->internal->rwstate = SSL_NOTHING;
- s->internal->state = S3I(s)->hs.next_state;
+ S3I(s)->hs.state = S3I(s)->hs.next_state;
break;
case SSL3_ST_SR_CERT_A:
@@ -449,7 +449,7 @@ ssl3_accept(SSL *s)
goto end;
}
s->internal->init_num = 0;
- s->internal->state = SSL3_ST_SR_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A;
break;
case SSL3_ST_SR_KEY_EXCH_A:
@@ -469,12 +469,12 @@ ssl3_accept(SSL *s)
* for key exchange.
*/
if (S3I(s)->next_proto_neg_seen)
- s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
+ S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
else
- s->internal->state = SSL3_ST_SR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
s->internal->init_num = 0;
} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
- s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
+ S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
if (!s->session->peer)
break;
@@ -493,7 +493,7 @@ ssl3_accept(SSL *s)
goto end;
}
} else {
- s->internal->state = SSL3_ST_SR_CERT_VRFY_A;
+ S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
/*
@@ -526,9 +526,9 @@ ssl3_accept(SSL *s)
goto end;
if (S3I(s)->next_proto_neg_seen)
- s->internal->state = SSL3_ST_SR_NEXT_PROTO_A;
+ S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A;
else
- s->internal->state = SSL3_ST_SR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
s->internal->init_num = 0;
break;
@@ -538,7 +538,7 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
s->internal->init_num = 0;
- s->internal->state = SSL3_ST_SR_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
break;
case SSL3_ST_SR_FINISHED_A:
@@ -549,11 +549,11 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
if (s->internal->hit)
- s->internal->state = SSL_ST_OK;
+ S3I(s)->hs.state = SSL_ST_OK;
else if (s->internal->tlsext_ticket_expected)
- s->internal->state = SSL3_ST_SW_SESSION_TICKET_A;
+ S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
else
- s->internal->state = SSL3_ST_SW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
s->internal->init_num = 0;
break;
@@ -562,7 +562,7 @@ ssl3_accept(SSL *s)
ret = ssl3_send_newsession_ticket(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SW_CHANGE_A;
+ S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
s->internal->init_num = 0;
break;
@@ -571,7 +571,7 @@ ssl3_accept(SSL *s)
ret = ssl3_send_cert_status(s);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SW_KEY_EXCH_A;
+ S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
s->internal->init_num = 0;
break;
@@ -590,7 +590,7 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SW_FINISHED_A;
+ S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;
s->internal->init_num = 0;
if (!tls1_change_cipher_state(
@@ -609,7 +609,7 @@ ssl3_accept(SSL *s)
TLS_MD_SERVER_FINISH_CONST_SIZE);
if (ret <= 0)
goto end;
- s->internal->state = SSL3_ST_SW_FLUSH;
+ S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
if (s->internal->hit) {
if (S3I(s)->next_proto_neg_seen) {
s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -668,11 +668,11 @@ ssl3_accept(SSL *s)
}
- if ((cb != NULL) && (s->internal->state != state)) {
- new_state = s->internal->state;
- s->internal->state = state;
+ if ((cb != NULL) && (S3I(s)->hs.state != state)) {
+ new_state = S3I(s)->hs.state;
+ S3I(s)->hs.state = state;
cb(s, SSL_CB_ACCEPT_LOOP, 1);
- s->internal->state = new_state;
+ S3I(s)->hs.state = new_state;
}
}
skip = 0;
@@ -693,14 +693,14 @@ ssl3_send_hello_request(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) {
+ if (S3I(s)->hs.state == SSL3_ST_SW_HELLO_REQ_A) {
if (!ssl3_handshake_msg_start_cbb(s, &cbb, &hello,
SSL3_MT_HELLO_REQUEST))
goto err;
if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
goto err;
- s->internal->state = SSL3_ST_SW_HELLO_REQ_B;
+ S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_B;
}
/* SSL3_ST_SW_HELLO_REQ_B */
@@ -738,8 +738,8 @@ ssl3_get_client_hello(SSL *s)
* If we are SSLv3, we will respond with SSLv3, even if prompted with
* TLSv1.
*/
- if (s->internal->state == SSL3_ST_SR_CLNT_HELLO_A) {
- s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;
+ if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A) {
+ S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
}
s->internal->first_packet = 1;
@@ -1087,7 +1087,7 @@ ssl3_send_server_hello(SSL *s)
bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH;
- if (s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) {
+ if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
if (!CBB_init_fixed(&cbb, p, bufend - p))
@@ -1169,14 +1169,14 @@ ssl3_send_server_done(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) {
+ if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_DONE_A) {
if (!ssl3_handshake_msg_start_cbb(s, &cbb, &done,
SSL3_MT_SERVER_DONE))
goto err;
if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
goto err;
- s->internal->state = SSL3_ST_SW_SRVR_DONE_B;
+ S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_B;
}
/* SSL3_ST_SW_SRVR_DONE_B */
@@ -1457,7 +1457,7 @@ ssl3_send_server_key_exchange(SSL *s)
memset(&cbb, 0, sizeof(cbb));
EVP_MD_CTX_init(&md_ctx);
- if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) {
+ if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
type = S3I(s)->hs.new_cipher->algorithm_mkey;
buf = s->internal->init_buf;
@@ -1576,7 +1576,7 @@ ssl3_send_server_key_exchange(SSL *s)
ssl3_handshake_msg_finish(s, n);
}
- s->internal->state = SSL3_ST_SW_KEY_EXCH_B;
+ S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
EVP_MD_CTX_cleanup(&md_ctx);
@@ -1601,7 +1601,7 @@ ssl3_send_certificate_request(SSL *s)
X509_NAME *name;
BUF_MEM *buf;
- if (s->internal->state == SSL3_ST_SW_CERT_REQ_A) {
+ if (S3I(s)->hs.state == SSL3_ST_SW_CERT_REQ_A) {
buf = s->internal->init_buf;
d = p = ssl3_handshake_msg_start(s,
@@ -1652,7 +1652,7 @@ ssl3_send_certificate_request(SSL *s)
ssl3_handshake_msg_finish(s, n);
- s->internal->state = SSL3_ST_SW_CERT_REQ_B;
+ S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_B;
}
/* SSL3_ST_SW_CERT_REQ_B */
@@ -2539,7 +2539,7 @@ ssl3_send_server_certificate(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (s->internal->state == SSL3_ST_SW_CERT_A) {
+ if (S3I(s)->hs.state == SSL3_ST_SW_CERT_A) {
if ((x = ssl_get_server_send_cert(s)) == NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
return (0);
@@ -2553,7 +2553,7 @@ ssl3_send_server_certificate(SSL *s)
if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
goto err;
- s->internal->state = SSL3_ST_SW_CERT_B;
+ S3I(s)->hs.state = SSL3_ST_SW_CERT_B;
}
/* SSL3_ST_SW_CERT_B */
@@ -2581,7 +2581,7 @@ ssl3_send_newsession_ticket(SSL *s)
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char key_name[16];
- if (s->internal->state == SSL3_ST_SW_SESSION_TICKET_A) {
+ if (S3I(s)->hs.state == SSL3_ST_SW_SESSION_TICKET_A) {
/* get session encoding length */
slen_full = i2d_SSL_SESSION(s->session, NULL);
/*
@@ -2694,7 +2694,7 @@ ssl3_send_newsession_ticket(SSL *s)
ssl3_handshake_msg_finish(s, len);
- s->internal->state = SSL3_ST_SW_SESSION_TICKET_B;
+ S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B;
freezero(senc, slen_full);
}
@@ -2715,7 +2715,7 @@ ssl3_send_cert_status(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) {
+ if (S3I(s)->hs.state == SSL3_ST_SW_CERT_STATUS_A) {
if (!ssl3_handshake_msg_start_cbb(s, &cbb, &certstatus,
SSL3_MT_CERTIFICATE_STATUS))
goto err;
@@ -2729,7 +2729,7 @@ ssl3_send_cert_status(SSL *s)
if (!ssl3_handshake_msg_finish_cbb(s, &cbb))
goto err;
- s->internal->state = SSL3_ST_SW_CERT_STATUS_B;
+ S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_B;
}
/* SSL3_ST_SW_CERT_STATUS_B */
@@ -2769,7 +2769,7 @@ ssl3_get_next_proto(SSL *s)
return ((int)n);
/*
- * s->internal->state doesn't reflect whether ChangeCipherSpec has been received
+ * S3I(s)->hs.state doesn't reflect whether ChangeCipherSpec has been received
* in this handshake, but S3I(s)->change_cipher_spec does (will be reset
* by ssl3_get_finished).
*/
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
index 4f93781f72..6b26d4c915 100644
--- a/src/lib/libssl/ssl_stat.c
+++ b/src/lib/libssl/ssl_stat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_stat.c,v 1.13 2017/01/23 08:48:45 beck Exp $ */
+/* $OpenBSD: ssl_stat.c,v 1.14 2017/05/07 04:22:24 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -91,7 +91,7 @@ SSL_state_string_long(const SSL *s)
{
const char *str;
- switch (s->internal->state) {
+ switch (S3I(s)->hs.state) {
case SSL_ST_BEFORE:
str = "before SSL initialization";
break;
@@ -347,7 +347,7 @@ SSL_state_string(const SSL *s)
{
const char *str;
- switch (s->internal->state) {
+ switch (S3I(s)->hs.state) {
case SSL_ST_BEFORE:
str = "PINIT ";
break;
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 2cb47a215c..eb2314ac26 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.116 2017/05/06 22:24:58 beck Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.117 2017/05/07 04:22:24 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -967,7 +967,7 @@ skip_ext:
* includes the 5-byte record header in the buffer, while the
* code in s3_clnt.c does not.
*/
- if (s->internal->state == SSL23_ST_CW_CLNT_HELLO_A)
+ if (S3I(s)->hs.state == SSL23_ST_CW_CLNT_HELLO_A)
hlen -= 5;
if (hlen > 0xff && hlen < 0x200) {
hlen = 0x200 - hlen;
--
cgit v1.2.3-55-g6feb