From e60f5a8fe5ed7844d5dc6f1c9dbcf86fce1ae298 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Wed, 14 Oct 2020 16:57:33 +0000 Subject: Replace SSL_IS_DTLS with SSL_is_dtls(). Garbage collect the now unused SSL_IS_DTLS macro. ok tb@ --- src/lib/libssl/s3_lib.c | 10 ++++----- src/lib/libssl/ssl_both.c | 10 ++++----- src/lib/libssl/ssl_clnt.c | 50 ++++++++++++++++++++--------------------- src/lib/libssl/ssl_lib.c | 6 ++--- src/lib/libssl/ssl_locl.h | 6 +---- src/lib/libssl/ssl_packet.c | 4 ++-- src/lib/libssl/ssl_pkt.c | 12 +++++----- src/lib/libssl/ssl_srvr.c | 52 +++++++++++++++++++++---------------------- src/lib/libssl/ssl_tlsext.c | 22 +++++++++--------- src/lib/libssl/ssl_versions.c | 8 +++---- src/lib/libssl/t1_enc.c | 8 +++---- 11 files changed, 92 insertions(+), 96 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 3bd7d65522..0d10fdfe63 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.200 2020/10/11 12:45:51 guenther Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.201 2020/10/14 16:57:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1447,7 +1447,7 @@ ssl3_pending(const SSL *s) int ssl3_handshake_msg_hdr_len(SSL *s) { - return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : + return (SSL_is_dtls(s) ? DTLS1_HM_HEADER_LENGTH : SSL3_HM_HEADER_LENGTH); } @@ -1460,7 +1460,7 @@ ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body, uint8_t msg_type) goto err; if (!CBB_add_u8(handshake, msg_type)) goto err; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { unsigned char *data; if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH - @@ -1497,7 +1497,7 @@ ssl3_handshake_msg_finish(SSL *s, CBB *handshake) s->internal->init_num = (int)outlen; s->internal->init_off = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { unsigned long len; uint8_t msg_type; CBS cbs; @@ -1529,7 +1529,7 @@ ssl3_handshake_write(SSL *s) int ssl3_record_write(SSL *s, int type) { - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return dtls1_do_write(s, type); return ssl3_do_write(s, type); diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c index 5da450b5ce..081b374396 100644 --- a/src/lib/libssl/ssl_both.c +++ b/src/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.20 2020/09/24 18:12:00 jsing Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.21 2020/10/14 16:57:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -331,7 +331,7 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b) s->internal->init_num = (int)outlen; s->internal->init_off = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, @@ -447,7 +447,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) CBS cbs; uint8_t u8; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return (dtls1_get_message(s, st1, stn, mt, max, ok)); if (S3I(s)->tmp.reuse_message) { @@ -702,7 +702,7 @@ ssl3_setup_read_buffer(SSL *s) unsigned char *p; size_t len, align, headerlen; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) headerlen = DTLS1_RT_HEADER_LENGTH; else headerlen = SSL3_RT_HEADER_LENGTH; @@ -732,7 +732,7 @@ ssl3_setup_write_buffer(SSL *s) unsigned char *p; size_t len, align, headerlen; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) headerlen = DTLS1_RT_HEADER_LENGTH + 1; else headerlen = SSL3_RT_HEADER_LENGTH; diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 88b82c4400..4a6e8b06a8 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.75 2020/10/11 02:22:27 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.76 2020/10/14 16:57:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -212,7 +212,7 @@ ssl3_connect(SSL *s) if (cb != NULL) cb(s, SSL_CB_HANDSHAKE_START, 1); - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) { SSLerror(s, ERR_R_INTERNAL_ERROR); ret = -1; @@ -253,7 +253,7 @@ ssl3_connect(SSL *s) s->ctx->internal->stats.sess_connect++; s->internal->init_num = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* mark client_random uninitialized */ memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); @@ -266,7 +266,7 @@ ssl3_connect(SSL *s) case SSL3_ST_CW_CLNT_HELLO_B: s->internal->shutdown = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* every DTLS ClientHello resets Finished MAC */ tls1_transcript_reset(s); @@ -277,7 +277,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; - if (SSL_IS_DTLS(s) && D1I(s)->send_cookie) { + if (SSL_is_dtls(s) && D1I(s)->send_cookie) { S3I(s)->hs.state = SSL3_ST_CW_FLUSH; S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A; } else @@ -299,7 +299,7 @@ ssl3_connect(SSL *s) if (s->internal->hit) { S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; - if (!SSL_IS_DTLS(s)) { + if (!SSL_is_dtls(s)) { if (s->internal->tlsext_ticket_expected) { /* receive renewed session ticket */ S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; @@ -308,7 +308,7 @@ ssl3_connect(SSL *s) /* No client certificate verification. */ tls1_transcript_free(s); } - } else if (SSL_IS_DTLS(s)) { + } else if (SSL_is_dtls(s)) { S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; } else { S3I(s)->hs.state = SSL3_ST_CR_CERT_A; @@ -392,7 +392,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_server_done(s); if (ret <= 0) goto end; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_stop_timer(s); if (S3I(s)->tmp.cert_req) S3I(s)->hs.state = SSL3_ST_CW_CERT_A; @@ -406,7 +406,7 @@ ssl3_connect(SSL *s) case SSL3_ST_CW_CERT_B: case SSL3_ST_CW_CERT_C: case SSL3_ST_CW_CERT_D: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_client_certificate(s); if (ret <= 0) @@ -417,7 +417,7 @@ ssl3_connect(SSL *s) case SSL3_ST_CW_KEY_EXCH_A: case SSL3_ST_CW_KEY_EXCH_B: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_client_key_exchange(s); if (ret <= 0) @@ -444,7 +444,7 @@ ssl3_connect(SSL *s) S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; S3I(s)->change_cipher_spec = 0; } - if (!SSL_IS_DTLS(s)) { + if (!SSL_is_dtls(s)) { if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; S3I(s)->change_cipher_spec = 0; @@ -456,7 +456,7 @@ ssl3_connect(SSL *s) case SSL3_ST_CW_CERT_VRFY_A: case SSL3_ST_CW_CERT_VRFY_B: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_client_verify(s); if (ret <= 0) @@ -468,7 +468,7 @@ ssl3_connect(SSL *s) case SSL3_ST_CW_CHANGE_A: case SSL3_ST_CW_CHANGE_B: - if (SSL_IS_DTLS(s) && !s->internal->hit) + if (SSL_is_dtls(s) && !s->internal->hit) dtls1_start_timer(s); ret = ssl3_send_change_cipher_spec(s, SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); @@ -490,21 +490,21 @@ ssl3_connect(SSL *s) goto end; } - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); break; case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_B: - if (SSL_IS_DTLS(s) && !s->internal->hit) + if (SSL_is_dtls(s) && !s->internal->hit) dtls1_start_timer(s); ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE); if (ret <= 0) goto end; - if (!SSL_IS_DTLS(s)) + if (!SSL_is_dtls(s)) s->s3->flags |= SSL3_FLAGS_CCS_OK; S3I(s)->hs.state = SSL3_ST_CW_FLUSH; @@ -543,7 +543,7 @@ ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) D1I(s)->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; @@ -551,7 +551,7 @@ ssl3_connect(SSL *s) SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_stop_timer(s); if (s->internal->hit) @@ -564,7 +564,7 @@ ssl3_connect(SSL *s) case SSL3_ST_CW_FLUSH: s->internal->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; @@ -588,7 +588,7 @@ ssl3_connect(SSL *s) goto end; } - if (!SSL_IS_DTLS(s)) + if (!SSL_is_dtls(s)) ssl3_release_init_buffer(s); ssl_free_wbio_buffer(s); @@ -609,7 +609,7 @@ ssl3_connect(SSL *s) if (cb != NULL) cb(s, SSL_CB_HANDSHAKE_DONE, 1); - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* done with handshaking */ D1I(s)->handshake_read_seq = 0; D1I(s)->next_handshake_write_seq = 0; @@ -683,7 +683,7 @@ ssl3_send_client_hello(SSL *s) * HelloVerifyRequest, we must retain the original client * random value. */ - if (!SSL_IS_DTLS(s) || D1I(s)->send_cookie == 0) + if (!SSL_is_dtls(s) || D1I(s)->send_cookie == 0) arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); if (!ssl3_handshake_msg_start(s, &cbb, &client_hello, @@ -744,7 +744,7 @@ ssl3_send_client_hello(SSL *s) } /* DTLS Cookie. */ - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; @@ -875,7 +875,7 @@ ssl3_get_server_hello(SSL *s) CBS_init(&cbs, s->internal->init_msg, n); - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { if (D1I(s)->send_cookie == 0) { S3I(s)->tmp.reuse_message = 1; @@ -926,7 +926,7 @@ ssl3_get_server_hello(SSL *s) if (!ssl_downgrade_max_version(s, &max_version)) goto err; - if (!SSL_IS_DTLS(s) && max_version >= TLS1_2_VERSION && + if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION && s->version < max_version) { /* * RFC 8446 section 4.1.3. We must not downgrade if the server diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 399af7c769..d92ccd8029 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.236 2020/10/14 16:49:57 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.237 2020/10/14 16:57:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1151,7 +1151,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) if (larg < (long)dtls1_min_mtu()) return (0); #endif - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { D1I(s)->mtu = larg; return (larg); } @@ -1166,7 +1166,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return (S3I(s)->send_connection_binding); else return (0); default: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return dtls1_ctrl(s, cmd, larg, parg); return ssl3_ctrl(s, cmd, larg, parg); } diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 12838bf294..9c8310b83c 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.305 2020/10/14 16:44:15 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.306 2020/10/14 16:57:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -313,10 +313,6 @@ __BEGIN_HIDDEN_DECLS */ #define SSL_C_PKEYLENGTH(c) 1024 -/* Check if an SSL structure is using DTLS. */ -#define SSL_IS_DTLS(s) \ - (s->method->internal->dtls) - /* See if we use signature algorithms extension. */ #define SSL_USE_SIGALGS(s) \ (s->method->internal->enc_flags & SSL_ENC_FLAG_SIGALGS) diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c index d8fb409d81..fc1c3c07de 100644 --- a/src/lib/libssl/ssl_packet.c +++ b/src/lib/libssl/ssl_packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_packet.c,v 1.8 2018/11/08 22:28:52 jsing Exp $ */ +/* $OpenBSD: ssl_packet.c,v 1.9 2020/10/14 16:57:33 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -238,7 +238,7 @@ ssl_server_legacy_first_packet(SSL *s) const char *data; CBS header; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return 1; CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH); diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 02a476ea82..4cc1914ecd 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.32 2020/10/03 17:35:16 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.33 2020/10/14 16:57:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -194,7 +194,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) /* For DTLS/UDP reads should not span multiple packets * because the read operation returns the whole packet * at once (as long as it fits into the buffer). */ - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if (left > 0 && n > left) n = left; } @@ -254,7 +254,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) if (i <= 0) { rb->left = left; if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && - !SSL_IS_DTLS(s)) { + !SSL_is_dtls(s)) { if (len + left == 0) ssl3_release_read_buffer(s); } @@ -267,7 +267,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) * the underlying transport protocol is message oriented as * opposed to byte oriented as in the TLS case. */ - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if (n > left) n = left; /* makes the while condition false */ } @@ -655,7 +655,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) wb->left = 0; wb->offset += i; if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && - !SSL_IS_DTLS(s)) + !SSL_is_dtls(s)) ssl3_release_write_buffer(s); s->internal->rwstate = SSL_NOTHING; return (S3I(s)->wpend_ret); @@ -664,7 +664,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) * For DTLS, just drop it. That's kind of the * whole point in using a datagram service. */ - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) wb->left = 0; return (i); } diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 3b848f4b40..ac3669550c 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.87 2020/10/11 02:22:27 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.88 2020/10/14 16:57:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -186,7 +186,7 @@ ssl3_accept(SSL *s) else if (s->ctx->internal->info_callback != NULL) cb = s->ctx->internal->info_callback; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) listen = D1I(s)->listen; /* init things to blank */ @@ -194,7 +194,7 @@ ssl3_accept(SSL *s) if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) D1I(s)->listen = listen; for (;;) { @@ -213,7 +213,7 @@ ssl3_accept(SSL *s) if (cb != NULL) cb(s, SSL_CB_HANDSHAKE_START, 1); - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) { SSLerror(s, ERR_R_INTERNAL_ERROR); ret = -1; @@ -257,7 +257,7 @@ ssl3_accept(SSL *s) S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->internal->stats.sess_accept++; - } else if (!SSL_IS_DTLS(s) && !S3I(s)->send_connection_binding) { + } else if (!SSL_is_dtls(s) && !S3I(s)->send_connection_binding) { /* * Server attempting to renegotiate with * client that doesn't support secure @@ -281,14 +281,14 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_HELLO_REQ_A: case SSL3_ST_SW_HELLO_REQ_B: s->internal->shutdown = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { dtls1_clear_record_buffer(s); dtls1_start_timer(s); } ret = ssl3_send_hello_request(s); if (ret <= 0) goto end; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A; else S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C; @@ -309,7 +309,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SR_CLNT_HELLO_B: case SSL3_ST_SR_CLNT_HELLO_C: s->internal->shutdown = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { ret = ssl3_get_client_hello(s); if (ret <= 0) goto end; @@ -373,7 +373,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_B: - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { s->internal->renegotiate = 2; dtls1_start_timer(s); } @@ -396,7 +396,7 @@ ssl3_accept(SSL *s) /* Check if it is anon DH or anon ECDH. */ if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) { - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_server_certificate(s); if (ret <= 0) @@ -425,7 +425,7 @@ ssl3_accept(SSL *s) * public key for key exchange. */ if (alg_k & (SSL_kDHE|SSL_kECDHE)) { - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_server_key_exchange(s); if (ret <= 0) @@ -467,11 +467,11 @@ ssl3_accept(SSL *s) S3I(s)->tmp.cert_request = 0; S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; - if (!SSL_IS_DTLS(s)) + if (!SSL_is_dtls(s)) tls1_transcript_free(s); } else { S3I(s)->tmp.cert_request = 1; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_certificate_request(s); if (ret <= 0) @@ -483,7 +483,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_SRVR_DONE_A: case SSL3_ST_SW_SRVR_DONE_B: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_server_done(s); if (ret <= 0) @@ -506,7 +506,7 @@ ssl3_accept(SSL *s) */ s->internal->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* If the write error was fatal, stop trying. */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; @@ -537,7 +537,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; } @@ -587,7 +587,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) D1I(s)->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; @@ -602,7 +602,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) D1I(s)->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; @@ -610,7 +610,7 @@ ssl3_accept(SSL *s) SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_stop_timer(s); if (s->internal->hit) S3I(s)->hs.state = SSL_ST_OK; @@ -660,7 +660,7 @@ ssl3_accept(SSL *s) goto end; } - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); break; @@ -691,7 +691,7 @@ ssl3_accept(SSL *s) goto end; } - if (!SSL_IS_DTLS(s)) + if (!SSL_is_dtls(s)) ssl3_release_init_buffer(s); /* remove buffering on output */ @@ -716,7 +716,7 @@ ssl3_accept(SSL *s) ret = 1; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* Done handshaking, next message is client hello. */ D1I(s)->handshake_read_seq = 0; /* Next message is server hello. */ @@ -837,7 +837,7 @@ ssl3_get_client_hello(SSL *s) SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; } - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if (!CBS_get_u8_length_prefixed(&cbs, &cookie)) goto truncated; } @@ -879,7 +879,7 @@ ssl3_get_client_hello(SSL *s) * one, just return since we do not want to allocate any memory yet. * So check cookie length... */ - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { if (CBS_len(&cookie) == 0) return (1); @@ -928,7 +928,7 @@ ssl3_get_client_hello(SSL *s) } } - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { /* * The ClientHello may contain a cookie even if the HelloVerify * message has not been sent - make sure that it does not cause @@ -1045,7 +1045,7 @@ ssl3_get_client_hello(SSL *s) */ arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); - if (!SSL_IS_DTLS(s) && max_version >= TLS1_2_VERSION && + if (!SSL_is_dtls(s) && max_version >= TLS1_2_VERSION && s->version < max_version) { /* * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 1767104963..e12820ba62 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.84 2020/10/11 01:16:31 guenther Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.85 2020/10/14 16:57:33 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -854,7 +854,7 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type) { - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return 0; if (msg_type != SSL_TLSEXT_MSG_CH) return 0; @@ -1204,7 +1204,7 @@ tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type) { - return SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) != NULL; + return SSL_is_dtls(s) && SSL_get_srtp_profiles(s) != NULL; } int @@ -1327,7 +1327,7 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_srtp_server_needs(SSL *s, uint16_t msg_type) { - return SSL_IS_DTLS(s) && SSL_get_selected_srtp_profile(s) != NULL; + return SSL_is_dtls(s) && SSL_get_selected_srtp_profile(s) != NULL; } int @@ -1414,7 +1414,7 @@ tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type) /* XXX once this gets initialized when we get tls13_client.c */ if (S3I(s)->hs_tls13.max_version == 0) return 0; - return (!SSL_IS_DTLS(s) && S3I(s)->hs_tls13.max_version >= + return (!SSL_is_dtls(s) && S3I(s)->hs_tls13.max_version >= TLS1_3_VERSION); } @@ -1490,7 +1490,7 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type) { - if (SSL_IS_DTLS(s) || s->version < TLS1_3_VERSION) + if (SSL_is_dtls(s) || s->version < TLS1_3_VERSION) return 0; return tlsext_extension_seen(s, TLSEXT_TYPE_key_share); @@ -1555,7 +1555,7 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_versions_client_needs(SSL *s, uint16_t msg_type) { - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return 0; return (S3I(s)->hs_tls13.max_version >= TLS1_3_VERSION); } @@ -1638,7 +1638,7 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_versions_server_needs(SSL *s, uint16_t msg_type) { - return (!SSL_IS_DTLS(s) && s->version >= TLS1_3_VERSION); + return (!SSL_is_dtls(s) && s->version >= TLS1_3_VERSION); } int @@ -1680,7 +1680,7 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type) { - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return 0; if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION) return 0; @@ -1740,7 +1740,7 @@ int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type) { - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return 0; if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION) return 0; @@ -2148,7 +2148,7 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) CBS_len(&extension_data), s->internal->tlsext_debug_arg); - if (!SSL_IS_DTLS(s) && version >= TLS1_3_VERSION && is_server && + if (!SSL_is_dtls(s) && version >= TLS1_3_VERSION && is_server && msg_type == SSL_TLSEXT_MSG_CH) { if (!tlsext_clienthello_hash_extension(s, type, &extension_data)) diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c index b21fa7198c..99f538b937 100644 --- a/src/lib/libssl/ssl_versions.c +++ b/src/lib/libssl/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.6 2020/05/31 18:03:32 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.7 2020/10/14 16:57:33 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -137,7 +137,7 @@ ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) uint16_t min_version, max_version; /* DTLS cannot currently be disabled... */ - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { min_version = max_version = DTLS1_VERSION; goto done; } @@ -167,7 +167,7 @@ ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver) *max_ver = 0; - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { if (peer_ver >= DTLS1_VERSION) { *max_ver = DTLS1_VERSION; return 1; @@ -214,7 +214,7 @@ ssl_downgrade_max_version(SSL *s, uint16_t *max_ver) * context. */ - if (SSL_IS_DTLS(s)) { + if (SSL_is_dtls(s)) { *max_ver = DTLS1_VERSION; return 1; } diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index debbf286f6..c5ff2c2435 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.125 2020/10/07 08:43:34 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.126 2020/10/14 16:57:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -342,7 +342,7 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, SSL_AEAD_CTX *aead_ctx; /* XXX - Need to avoid clearing write state for DTLS. */ - if (SSL_IS_DTLS(s)) + if (SSL_is_dtls(s)) return 0; if (is_read) { @@ -447,7 +447,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, * contexts that are used for DTLS - these are instead freed * by DTLS when its frees a ChangeCipherSpec fragment. */ - if (!SSL_IS_DTLS(s)) + if (!SSL_is_dtls(s)) ssl_clear_cipher_write_state(s); if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) @@ -524,7 +524,7 @@ tls1_change_cipher_state(SSL *s, int which) * Reset sequence number to zero - for DTLS this is handled in * dtls1_reset_seq_numbers(). */ - if (!SSL_IS_DTLS(s)) { + if (!SSL_is_dtls(s)) { seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence; memset(seq, 0, SSL3_SEQUENCE_SIZE); } -- cgit v1.2.3-55-g6feb