From 2204d5a39055900d89c6f7fbdcc3bb37ec8070db Mon Sep 17 00:00:00 2001 From: beck <> Date: Sun, 22 Jan 2017 07:16:39 +0000 Subject: Move most of DTLS1_STATE to internal. ok jsing@ --- src/lib/libssl/d1_both.c | 116 +++++++++++++++++++++++------------------------ 1 file changed, 58 insertions(+), 58 deletions(-) (limited to 'src/lib/libssl/d1_both.c') diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index 7f9d5af4ce..d83df1c9a0 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.40 2016/12/06 13:38:11 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.41 2017/01/22 07:16:38 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -232,9 +232,9 @@ dtls1_do_write(SSL *s, int type) unsigned int len, frag_off, mac_size, blocksize; /* AHA! Figure out the MTU, and stick to the right size */ - if (s->d1->mtu < dtls1_min_mtu() && + if (D1I(s)->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), + D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); /* @@ -242,20 +242,20 @@ dtls1_do_write(SSL *s, int type) * doesn't know the MTU (ie., the initial write), so just * make sure we have a reasonable number */ - if (s->d1->mtu < dtls1_min_mtu()) { - s->d1->mtu = 0; - s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); + if (D1I(s)->mtu < dtls1_min_mtu()) { + D1I(s)->mtu = 0; + D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu); BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - s->d1->mtu, NULL); + D1I(s)->mtu, NULL); } } - OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); + OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) OPENSSL_assert(s->init_num == - (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); if (s->write_hash) mac_size = EVP_MD_CTX_size(s->write_hash); @@ -270,7 +270,7 @@ dtls1_do_write(SSL *s, int type) frag_off = 0; while (s->init_num) { - curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - + curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) - DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) { @@ -278,7 +278,7 @@ dtls1_do_write(SSL *s, int type) ret = BIO_flush(SSL_get_wbio(s)); if (ret <= 0) return ret; - curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - + curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; } @@ -322,7 +322,7 @@ dtls1_do_write(SSL *s, int type) */ if (BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) - s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), + D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); else return (-1); @@ -336,14 +336,14 @@ dtls1_do_write(SSL *s, int type) OPENSSL_assert(len == (unsigned int)ret); if (type == SSL3_RT_HANDSHAKE && - !s->d1->retransmitting) { + !D1I(s)->retransmitting) { /* * Should not be done for 'Hello Request's, * but in that case we'll ignore the result * anyway */ unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; - const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; + const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; int xlen; if (frag_off == 0) { @@ -420,7 +420,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) return s->init_num; } - msg_hdr = &s->d1->r_msg_hdr; + msg_hdr = &D1I(s)->r_msg_hdr; memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); again: @@ -452,8 +452,8 @@ again: memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); /* Don't change sequence numbers while listening */ - if (!s->d1->listen) - s->d1->handshake_read_seq++; + if (!D1I(s)->listen) + D1I(s)->handshake_read_seq++; s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; return s->init_num; @@ -487,7 +487,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) return SSL_AD_ILLEGAL_PARAMETER; } - if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ + if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */ { /* * msg_len is limited to 2^24, but is effectively checked @@ -500,11 +500,11 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) } s->s3->tmp.message_size = msg_len; - s->d1->r_msg_hdr.msg_len = msg_len; + D1I(s)->r_msg_hdr.msg_len = msg_len; s->s3->tmp.message_type = msg_hdr->type; - s->d1->r_msg_hdr.type = msg_hdr->type; - s->d1->r_msg_hdr.seq = msg_hdr->seq; - } else if (msg_len != s->d1->r_msg_hdr.msg_len) { + D1I(s)->r_msg_hdr.type = msg_hdr->type; + D1I(s)->r_msg_hdr.seq = msg_hdr->seq; + } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { /* * They must be playing with us! BTW, failure to enforce * upper limit would open possibility for buffer overrun. @@ -531,7 +531,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) int al; *ok = 0; - item = pqueue_peek(s->d1->buffered_messages); + item = pqueue_peek(D1I(s)->buffered_messages); if (item == NULL) return 0; @@ -541,9 +541,9 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) if (frag->reassembly != NULL) return 0; - if (s->d1->handshake_read_seq == frag->msg_header.seq) { + if (D1I(s)->handshake_read_seq == frag->msg_header.seq) { unsigned long frag_len = frag->msg_header.frag_len; - pqueue_pop(s->d1->buffered_messages); + pqueue_pop(D1I(s)->buffered_messages); al = dtls1_preprocess_fragment(s, &frag->msg_header, max); @@ -608,7 +608,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); seq64be[7] = (unsigned char)msg_hdr->seq; - item = pqueue_find(s->d1->buffered_messages, seq64be); + item = pqueue_find(D1I(s)->buffered_messages, seq64be); if (item == NULL) { frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); @@ -673,7 +673,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) goto err; } - pqueue_insert(s->d1->buffered_messages, item); + pqueue_insert(D1I(s)->buffered_messages, item); } return DTLS1_HM_FRAGMENT_RETRY; @@ -702,7 +702,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char) (msg_hdr->seq >> 8); seq64be[7] = (unsigned char) msg_hdr->seq; - item = pqueue_find(s->d1->buffered_messages, seq64be); + item = pqueue_find(D1I(s)->buffered_messages, seq64be); /* * If we already have an entry and this one is a fragment, @@ -717,9 +717,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) * a FINISHED before the SERVER_HELLO, which then must be a stale * retransmit. */ - if (msg_hdr->seq <= s->d1->handshake_read_seq || - msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || - (s->d1->handshake_read_seq == 0 && + if (msg_hdr->seq <= D1I(s)->handshake_read_seq || + msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL || + (D1I(s)->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { unsigned char devnull [256]; @@ -760,7 +760,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) if (item == NULL) goto err; - pqueue_insert(s->d1->buffered_messages, item); + pqueue_insert(D1I(s)->buffered_messages, item); } return DTLS1_HM_FRAGMENT_RETRY; @@ -814,8 +814,8 @@ again: * While listening, we accept seq 1 (ClientHello with cookie) * although we're still expecting seq 0 (ClientHello) */ - if (msg_hdr.seq != s->d1->handshake_read_seq && - !(s->d1->listen && msg_hdr.seq == 1)) + if (msg_hdr.seq != D1I(s)->handshake_read_seq && + !(D1I(s)->listen && msg_hdr.seq == 1)) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); len = msg_hdr.msg_len; @@ -825,7 +825,7 @@ again: if (frag_len && frag_len < len) return dtls1_reassemble_fragment(s, &msg_hdr, ok); - if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && + if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 && wire[0] == SSL3_MT_HELLO_REQUEST) { /* * The server may always send 'Hello Request' messages -- @@ -918,13 +918,13 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b) if (s->state == a) { p = (unsigned char *)s->init_buf->data; *p++=SSL3_MT_CCS; - s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; + D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; s->init_num = DTLS1_CCS_HEADER_LENGTH; s->init_off = 0; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - s->d1->handshake_write_seq, 0, 0); + D1I(s)->handshake_write_seq, 0, 0); /* buffer the message to handle re-xmits */ dtls1_buffer_message(s, 1); @@ -1031,26 +1031,26 @@ dtls1_buffer_message(SSL *s, int is_ccs) memcpy(frag->fragment, s->init_buf->data, s->init_num); if (is_ccs) { - OPENSSL_assert(s->d1->w_msg_hdr.msg_len + + OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + ((s->version == DTLS1_VERSION) ? DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num); } else { - OPENSSL_assert(s->d1->w_msg_hdr.msg_len + + OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); } - frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; - frag->msg_header.seq = s->d1->w_msg_hdr.seq; - frag->msg_header.type = s->d1->w_msg_hdr.type; + frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len; + frag->msg_header.seq = D1I(s)->w_msg_hdr.seq; + frag->msg_header.type = D1I(s)->w_msg_hdr.type; frag->msg_header.frag_off = 0; - frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; + frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len; frag->msg_header.is_ccs = is_ccs; /* save current state*/ frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; frag->msg_header.saved_retransmit_state.session = s->session; - frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; + frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch; memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char)(dtls1_get_queue_priority( @@ -1120,21 +1120,21 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, saved_state.enc_write_ctx = s->enc_write_ctx; saved_state.write_hash = s->write_hash; saved_state.session = s->session; - saved_state.epoch = s->d1->w_epoch; + saved_state.epoch = D1I(s)->w_epoch; - s->d1->retransmitting = 1; + D1I(s)->retransmitting = 1; /* restore state in which the message was originally sent */ s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; s->session = frag->msg_header.saved_retransmit_state.session; - s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; + D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch; if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); - memcpy(s->s3->write_sequence, s->d1->last_write_sequence, + memcpy(s->s3->write_sequence, D1I(s)->last_write_sequence, sizeof(s->s3->write_sequence)); } @@ -1145,17 +1145,17 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, s->enc_write_ctx = saved_state.enc_write_ctx; s->write_hash = saved_state.write_hash; s->session = saved_state.session; - s->d1->w_epoch = saved_state.epoch; + D1I(s)->w_epoch = saved_state.epoch; if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { - memcpy(s->d1->last_write_sequence, s->s3->write_sequence, + memcpy(D1I(s)->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); } - s->d1->retransmitting = 0; + D1I(s)->retransmitting = 0; (void)BIO_flush(SSL_get_wbio(s)); return ret; @@ -1179,12 +1179,12 @@ dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len) { /* Don't change sequence numbers while listening */ - if (frag_off == 0 && !s->d1->listen) { - s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; - s->d1->next_handshake_write_seq++; + if (frag_off == 0 && !D1I(s)->listen) { + D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; + D1I(s)->next_handshake_write_seq++; } - dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, + dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq, frag_off, frag_len); return p += DTLS1_HM_HEADER_LENGTH; @@ -1195,7 +1195,7 @@ static void dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) { - struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; + struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; msg_hdr->type = mt; msg_hdr->msg_len = len; @@ -1207,7 +1207,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) { - struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; + struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; msg_hdr->frag_off = frag_off; msg_hdr->frag_len = frag_len; @@ -1216,7 +1216,7 @@ dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) static unsigned char * dtls1_write_message_header(SSL *s, unsigned char *p) { - struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; + struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; *p++ = msg_hdr->type; l2n3(msg_hdr->msg_len, p); -- cgit v1.2.3-55-g6feb