summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2022-02-05 14:54:11 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2022-02-05 14:54:11 +0000
commitd735481d961055ec0391f4f3d7bd54bc317bc5c7 (patch)
tree52311171899accb038fae3f98d6fafc0f1235779 /lib/libssl
parent1d66f92e8ab22d48aa6033e5ff3816ca3355b2e2 (diff)
Bye bye S3I.
S3I has served us well, however now that libssl is fully opaque it is time to say goodbye. Aside from removing the calloc/free/memset, the rest is mechanical sed. ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/d1_both.c16
-rw-r--r--lib/libssl/d1_pkt.c84
-rw-r--r--lib/libssl/s3_lib.c143
-rw-r--r--lib/libssl/ssl_both.c86
-rw-r--r--lib/libssl/ssl_cert.c4
-rw-r--r--lib/libssl/ssl_ciph.c6
-rw-r--r--lib/libssl/ssl_ciphers.c10
-rw-r--r--lib/libssl/ssl_clnt.c272
-rw-r--r--lib/libssl/ssl_err.c4
-rw-r--r--lib/libssl/ssl_lib.c46
-rw-r--r--lib/libssl/ssl_locl.h22
-rw-r--r--lib/libssl/ssl_packet.c6
-rw-r--r--lib/libssl/ssl_pkt.c204
-rw-r--r--lib/libssl/ssl_sigalgs.c14
-rw-r--r--lib/libssl/ssl_srvr.c272
-rw-r--r--lib/libssl/ssl_stat.c6
-rw-r--r--lib/libssl/ssl_tlsext.c200
-rw-r--r--lib/libssl/ssl_transcript.c44
-rw-r--r--lib/libssl/ssl_versions.c10
-rw-r--r--lib/libssl/t1_enc.c20
-rw-r--r--lib/libssl/tls12_lib.c18
-rw-r--r--lib/libssl/tls13_legacy.c34
-rw-r--r--lib/libssl/tls13_lib.c6
23 files changed, 755 insertions, 772 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index 07c868f45e6..fd7c07a4d5c 100644
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.80 2021/10/23 13:36:03 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.81 2022/02/05 14:54:10 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -380,15 +380,15 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
* s3->internal->tmp is used to store messages that are unexpected, caused
* by the absence of an optional handshake message
*/
- if (S3I(s)->hs.tls12.reuse_message) {
- S3I(s)->hs.tls12.reuse_message = 0;
- if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) {
+ if (s->s3->hs.tls12.reuse_message) {
+ s->s3->hs.tls12.reuse_message = 0;
+ if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
goto fatal_err;
}
s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
- s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
+ s->internal->init_num = (int)s->s3->hs.tls12.message_size;
return 1;
}
@@ -463,9 +463,9 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
return SSL_AD_INTERNAL_ERROR;
}
- S3I(s)->hs.tls12.message_size = msg_len;
+ s->s3->hs.tls12.message_size = msg_len;
s->d1->r_msg_hdr.msg_len = msg_len;
- S3I(s)->hs.tls12.message_type = msg_hdr->type;
+ s->s3->hs.tls12.message_type = msg_hdr->type;
s->d1->r_msg_hdr.type = msg_hdr->type;
s->d1->r_msg_hdr.seq = msg_hdr->seq;
} else if (msg_len != s->d1->r_msg_hdr.msg_len) {
@@ -818,7 +818,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
goto fatal_err;
/* XDTLS: ressurect this when restart is in place */
- S3I(s)->hs.state = stn;
+ s->s3->hs.state = stn;
if (frag_len > 0) {
unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index 12a711324ab..e884f2d592e 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.116 2021/11/09 18:40:21 bcook Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.117 2022/02/05 14:54:10 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -191,12 +191,12 @@ static int dtls1_process_record(SSL *s);
static int
dtls1_copy_record(SSL *s, DTLS1_RECORD_DATA_INTERNAL *rdata)
{
- ssl3_release_buffer(&S3I(s)->rbuf);
+ ssl3_release_buffer(&s->s3->rbuf);
s->internal->packet = rdata->packet;
s->internal->packet_length = rdata->packet_length;
- memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
- memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
+ memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
+ memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
return (1);
}
@@ -218,15 +218,15 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
rdata->packet = s->internal->packet;
rdata->packet_length = s->internal->packet_length;
- memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
- memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD_INTERNAL));
+ memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
+ memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL));
item->data = rdata;
s->internal->packet = NULL;
s->internal->packet_length = 0;
- memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
- memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
+ memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
+ memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
if (!ssl3_setup_buffers(s))
goto err;
@@ -293,7 +293,7 @@ dtls1_process_buffered_record(SSL *s)
static int
dtls1_process_record(SSL *s)
{
- SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec);
+ SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
uint8_t alert_desc;
uint8_t *out;
size_t out_len;
@@ -349,7 +349,7 @@ dtls1_process_record(SSL *s)
int
dtls1_get_record(SSL *s)
{
- SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec);
+ SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
unsigned char *p = NULL;
DTLS1_BITMAP *bitmap;
unsigned int is_next_epoch;
@@ -517,7 +517,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
unsigned int n;
SSL3_RECORD_INTERNAL *rr;
- if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
+ if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
if (!ssl3_setup_buffers(s))
return (-1);
@@ -554,17 +554,17 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
s->internal->rwstate = SSL_NOTHING;
- /* S3I(s)->rrec.type - is the type of record
- * S3I(s)->rrec.data, - data
- * S3I(s)->rrec.off, - offset into 'data' for next read
- * S3I(s)->rrec.length, - number of bytes. */
- rr = &(S3I(s)->rrec);
+ /* s->s3->rrec.type - is the type of record
+ * s->s3->rrec.data, - data
+ * s->s3->rrec.off, - offset into 'data' for next read
+ * s->s3->rrec.length, - number of bytes. */
+ rr = &(s->s3->rrec);
/* We are not handshaking and have no data yet,
* so process data buffered during the last handshake
* in advance, if any.
*/
- if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0)
+ if (s->s3->hs.state == SSL_ST_OK && rr->length == 0)
dtls1_retrieve_buffered_record(s, &(s->d1->buffered_app_data));
/* Check for timeout */
@@ -591,7 +591,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
/* we now have a packet which can be read and processed */
- if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec,
+ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */
&& (rr->type != SSL3_RT_HANDSHAKE)) {
/* We now have application data between CCS and Finished.
@@ -667,7 +667,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
* Application data while renegotiating is allowed.
* Try reading again.
*/
- S3I(s)->in_read_app_data = 2;
+ s->s3->in_read_app_data = 2;
ssl_force_want_read(s);
return -1;
} else {
@@ -708,7 +708,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !S3I(s)->renegotiate) {
+ !s->s3->renegotiate) {
s->d1->handshake_read_seq++;
s->internal->new_session = 1;
ssl3_renegotiate(s);
@@ -722,7 +722,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
- if (S3I(s)->rbuf.left == 0) {
+ if (s->s3->rbuf.left == 0) {
ssl_force_want_read(s);
return (-1);
}
@@ -746,14 +746,14 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
(alert_level << 8) | alert_descr);
if (alert_level == SSL3_AL_WARNING) {
- S3I(s)->warn_alert = alert_descr;
+ s->s3->warn_alert = alert_descr;
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
}
} else if (alert_level == SSL3_AL_FATAL) {
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->fatal_alert = alert_descr;
+ s->s3->fatal_alert = alert_descr;
SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
ERR_asprintf_error_data("SSL alert number %d",
alert_descr);
@@ -799,7 +799,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
s->d1->change_cipher_spec_ok = 0;
- S3I(s)->change_cipher_spec = 1;
+ s->s3->change_cipher_spec = 1;
if (!ssl3_do_change_cipher_spec(s))
goto err;
@@ -835,9 +835,9 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
goto start;
}
- if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
+ if (((s->s3->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
- S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+ s->s3->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
s->internal->renegotiate = 1;
s->internal->new_session = 1;
}
@@ -850,7 +850,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
- if (S3I(s)->rbuf.left == 0) {
+ if (s->s3->rbuf.left == 0) {
ssl_force_want_read(s);
return (-1);
}
@@ -881,15 +881,15 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
* at this point (session renegotiation not yet started),
* we will indulge it.
*/
- if (S3I(s)->in_read_app_data &&
- (S3I(s)->total_renegotiations != 0) &&
- (((S3I(s)->hs.state & SSL_ST_CONNECT) &&
- (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
- (S3I(s)->hs.state & SSL_ST_ACCEPT) &&
- (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
- S3I(s)->in_read_app_data = 2;
+ if (s->s3->in_read_app_data &&
+ (s->s3->total_renegotiations != 0) &&
+ (((s->s3->hs.state & SSL_ST_CONNECT) &&
+ (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+ (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
+ (s->s3->hs.state & SSL_ST_ACCEPT) &&
+ (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
+ (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
+ s->s3->in_read_app_data = 2;
return (-1);
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -947,7 +947,7 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
int
do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
- SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
+ SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
size_t out_len;
CBB cbb;
int ret;
@@ -964,7 +964,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
}
/* If we have an alert to send, let's send it */
- if (S3I(s)->alert_dispatch) {
+ if (s->s3->alert_dispatch) {
if ((ret = ssl3_dispatch_alert(s)) <= 0)
return (ret);
/* If it went, fall through and send more stuff. */
@@ -992,10 +992,10 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
* Memorize arguments so that ssl3_write_pending can detect
* bad write retries later.
*/
- S3I(s)->wpend_tot = len;
- S3I(s)->wpend_buf = buf;
- S3I(s)->wpend_type = type;
- S3I(s)->wpend_ret = len;
+ s->s3->wpend_tot = len;
+ s->s3->wpend_buf = buf;
+ s->s3->wpend_type = type;
+ s->s3->wpend_ret = len;
/* We now just need to write the buffer. */
return ssl3_write_pending(s, type, buf, len);
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index d5a53565f86..916ed4935cc 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.225 2022/01/26 11:05:41 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.226 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1444,8 +1444,8 @@ ssl3_pending(const SSL *s)
if (s->internal->rstate == SSL_ST_READ_BODY)
return 0;
- return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ?
- S3I(s)->rrec.length : 0;
+ return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
+ s->s3->rrec.length : 0;
}
int
@@ -1544,10 +1544,6 @@ ssl3_new(SSL *s)
{
if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL)
return (0);
- if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) {
- free(s->s3);
- return (0);
- }
s->method->ssl_clear(s);
@@ -1563,23 +1559,22 @@ ssl3_free(SSL *s)
tls1_cleanup_key_block(s);
ssl3_release_read_buffer(s);
ssl3_release_write_buffer(s);
- freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len);
+ freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
- tls_key_share_free(S3I(s)->hs.key_share);
+ tls_key_share_free(s->s3->hs.key_share);
- tls13_secrets_destroy(S3I(s)->hs.tls13.secrets);
- freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len);
- tls13_clienthello_hash_clear(&S3I(s)->hs.tls13);
+ tls13_secrets_destroy(s->s3->hs.tls13.secrets);
+ freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
+ tls13_clienthello_hash_clear(&s->s3->hs.tls13);
- sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
sk_X509_pop_free(s->internal->verified_chain, X509_free);
tls1_transcript_free(s);
tls1_transcript_hash_free(s);
- free(S3I(s)->alpn_selected);
+ free(s->s3->alpn_selected);
- freezero(S3I(s), sizeof(*S3I(s)));
freezero(s->s3, sizeof(*s->s3));
s->s3 = NULL;
@@ -1588,65 +1583,61 @@ ssl3_free(SSL *s)
void
ssl3_clear(SSL *s)
{
- struct ssl3_state_internal_st *internal;
unsigned char *rp, *wp;
size_t rlen, wlen;
tls1_cleanup_key_block(s);
- sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
sk_X509_pop_free(s->internal->verified_chain, X509_free);
s->internal->verified_chain = NULL;
- freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len);
- S3I(s)->hs.sigalgs = NULL;
- S3I(s)->hs.sigalgs_len = 0;
+ freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
+ s->s3->hs.sigalgs = NULL;
+ s->s3->hs.sigalgs_len = 0;
- tls_key_share_free(S3I(s)->hs.key_share);
- S3I(s)->hs.key_share = NULL;
+ tls_key_share_free(s->s3->hs.key_share);
+ s->s3->hs.key_share = NULL;
- tls13_secrets_destroy(S3I(s)->hs.tls13.secrets);
- S3I(s)->hs.tls13.secrets = NULL;
- freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len);
- S3I(s)->hs.tls13.cookie = NULL;
- S3I(s)->hs.tls13.cookie_len = 0;
- tls13_clienthello_hash_clear(&S3I(s)->hs.tls13);
+ tls13_secrets_destroy(s->s3->hs.tls13.secrets);
+ s->s3->hs.tls13.secrets = NULL;
+ freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
+ s->s3->hs.tls13.cookie = NULL;
+ s->s3->hs.tls13.cookie_len = 0;
+ tls13_clienthello_hash_clear(&s->s3->hs.tls13);
- S3I(s)->hs.extensions_seen = 0;
+ s->s3->hs.extensions_seen = 0;
- rp = S3I(s)->rbuf.buf;
- wp = S3I(s)->wbuf.buf;
- rlen = S3I(s)->rbuf.len;
- wlen = S3I(s)->wbuf.len;
+ rp = s->s3->rbuf.buf;
+ wp = s->s3->wbuf.buf;
+ rlen = s->s3->rbuf.len;
+ wlen = s->s3->wbuf.len;
tls1_transcript_free(s);
tls1_transcript_hash_free(s);
- free(S3I(s)->alpn_selected);
- S3I(s)->alpn_selected = NULL;
- S3I(s)->alpn_selected_len = 0;
+ free(s->s3->alpn_selected);
+ s->s3->alpn_selected = NULL;
+ s->s3->alpn_selected_len = 0;
- memset(S3I(s), 0, sizeof(*S3I(s)));
- internal = S3I(s);
memset(s->s3, 0, sizeof(*s->s3));
- S3I(s) = internal;
- S3I(s)->rbuf.buf = rp;
- S3I(s)->wbuf.buf = wp;
- S3I(s)->rbuf.len = rlen;
- S3I(s)->wbuf.len = wlen;
+ s->s3->rbuf.buf = rp;
+ s->s3->wbuf.buf = wp;
+ s->s3->rbuf.len = rlen;
+ s->s3->wbuf.len = wlen;
ssl_free_wbio_buffer(s);
/* Not needed... */
- S3I(s)->renegotiate = 0;
- S3I(s)->total_renegotiations = 0;
- S3I(s)->num_renegotiations = 0;
- S3I(s)->in_read_app_data = 0;
+ s->s3->renegotiate = 0;
+ s->s3->total_renegotiations = 0;
+ s->s3->num_renegotiations = 0;
+ s->s3->in_read_app_data = 0;
s->internal->packet_length = 0;
s->version = TLS1_VERSION;
- S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
+ s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
}
long
@@ -1657,12 +1648,12 @@ _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
*key = NULL;
- if (S3I(s)->hs.key_share == NULL)
+ if (s->s3->hs.key_share == NULL)
goto err;
if ((pkey = EVP_PKEY_new()) == NULL)
goto err;
- if (!tls_key_share_peer_pkey(S3I(s)->hs.key_share, pkey))
+ if (!tls_key_share_peer_pkey(s->s3->hs.key_share, pkey))
goto err;
*key = pkey;
@@ -1685,7 +1676,7 @@ _SSL_session_reused(SSL *s)
static int
_SSL_num_renegotiations(SSL *s)
{
- return S3I(s)->num_renegotiations;
+ return s->s3->num_renegotiations;
}
static int
@@ -1693,8 +1684,8 @@ _SSL_clear_num_renegotiations(SSL *s)
{
int renegs;
- renegs = S3I(s)->num_renegotiations;
- S3I(s)->num_renegotiations = 0;
+ renegs = s->s3->num_renegotiations;
+ s->s3->num_renegotiations = 0;
return renegs;
}
@@ -1702,7 +1693,7 @@ _SSL_clear_num_renegotiations(SSL *s)
static int
_SSL_total_renegotiations(SSL *s)
{
- return S3I(s)->total_renegotiations;
+ return s->s3->total_renegotiations;
}
static int
@@ -1920,7 +1911,7 @@ _SSL_get_signature_nid(SSL *s, int *nid)
{
const struct ssl_sigalg *sigalg;
- if ((sigalg = S3I(s)->hs.our_sigalg) == NULL)
+ if ((sigalg = s->s3->hs.our_sigalg) == NULL)
return 0;
*nid = EVP_MD_type(sigalg->md());
@@ -1933,7 +1924,7 @@ _SSL_get_peer_signature_nid(SSL *s, int *nid)
{
const struct ssl_sigalg *sigalg;
- if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL)
+ if ((sigalg = s->s3->hs.peer_sigalg) == NULL)
return 0;
*nid = EVP_MD_type(sigalg->md());
@@ -1946,7 +1937,7 @@ SSL_get_signature_type_nid(const SSL *s, int *nid)
{
const struct ssl_sigalg *sigalg;
- if ((sigalg = S3I(s)->hs.our_sigalg) == NULL)
+ if ((sigalg = s->s3->hs.our_sigalg) == NULL)
return 0;
*nid = sigalg->key_type;
@@ -1962,7 +1953,7 @@ SSL_get_peer_signature_type_nid(const SSL *s, int *nid)
{
const struct ssl_sigalg *sigalg;
- if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL)
+ if ((sigalg = s->s3->hs.peer_sigalg) == NULL)
return 0;
*nid = sigalg->key_type;
@@ -2564,7 +2555,7 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
{
unsigned long alg_k;
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
#ifndef OPENSSL_NO_GOST
if ((alg_k & SSL_kGOST) != 0) {
@@ -2608,7 +2599,7 @@ ssl3_shutdown(SSL *s)
* Don't do anything much if we have not done the handshake or
* we don't want to send messages :-)
*/
- if ((s->internal->quiet_shutdown) || (S3I(s)->hs.state == SSL_ST_BEFORE)) {
+ if ((s->internal->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) {
s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
return (1);
}
@@ -2618,11 +2609,11 @@ ssl3_shutdown(SSL *s)
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
/*
* Our shutdown alert has been sent now, and if it still needs
- * to be written, S3I(s)->alert_dispatch will be true
+ * to be written, s->s3->alert_dispatch will be true
*/
- if (S3I(s)->alert_dispatch)
+ if (s->s3->alert_dispatch)
return (-1); /* return WANT_WRITE */
- } else if (S3I(s)->alert_dispatch) {
+ } else if (s->s3->alert_dispatch) {
/* resend it if not sent */
ret = ssl3_dispatch_alert(s);
if (ret == -1) {
@@ -2643,7 +2634,7 @@ ssl3_shutdown(SSL *s)
}
if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
- !S3I(s)->alert_dispatch)
+ !s->s3->alert_dispatch)
return (1);
else
return (0);
@@ -2654,7 +2645,7 @@ ssl3_write(SSL *s, const void *buf, int len)
{
errno = 0;
- if (S3I(s)->renegotiate)
+ if (s->s3->renegotiate)
ssl3_renegotiate_check(s);
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
@@ -2667,13 +2658,13 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek)
int ret;
errno = 0;
- if (S3I(s)->renegotiate)
+ if (s->s3->renegotiate)
ssl3_renegotiate_check(s);
- S3I(s)->in_read_app_data = 1;
+ s->s3->in_read_app_data = 1;
ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
peek);
- if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) {
+ if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
/*
* ssl3_read_bytes decided to call s->internal->handshake_func,
* which called ssl3_read_bytes to read handshake data.
@@ -2686,7 +2677,7 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek)
buf, len, peek);
s->internal->in_handshake--;
} else
- S3I(s)->in_read_app_data = 0;
+ s->s3->in_read_app_data = 0;
return (ret);
}
@@ -2712,7 +2703,7 @@ ssl3_renegotiate(SSL *s)
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return (0);
- S3I(s)->renegotiate = 1;
+ s->s3->renegotiate = 1;
return (1);
}
@@ -2721,8 +2712,8 @@ ssl3_renegotiate_check(SSL *s)
{
int ret = 0;
- if (S3I(s)->renegotiate) {
- if ((S3I(s)->rbuf.left == 0) && (S3I(s)->wbuf.left == 0) &&
+ if (s->s3->renegotiate) {
+ if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
!SSL_in_init(s)) {
/*
* If we are the server, and we have sent
@@ -2730,10 +2721,10 @@ ssl3_renegotiate_check(SSL *s)
* to SSL_ST_ACCEPT.
*/
/* SSL_ST_ACCEPT */
- S3I(s)->hs.state = SSL_ST_RENEGOTIATE;
- S3I(s)->renegotiate = 0;
- S3I(s)->num_renegotiations++;
- S3I(s)->total_renegotiations++;
+ s->s3->hs.state = SSL_ST_RENEGOTIATE;
+ s->s3->renegotiate = 0;
+ s->s3->num_renegotiations++;
+ s->s3->total_renegotiations++;
ret = 1;
}
}
diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index ad16d2175b5..cfd32387d6b 100644
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.41 2022/02/03 16:33:12 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.42 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -168,33 +168,33 @@ ssl3_send_finished(SSL *s, int state_a, int state_b)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == state_a) {
+ if (s->s3->hs.state == state_a) {
if (!tls12_derive_finished(s))
goto err;
/* Copy finished so we can use it for renegotiation checks. */
if (!s->server) {
- memcpy(S3I(s)->previous_client_finished,
- S3I(s)->hs.finished, S3I(s)->hs.finished_len);
- S3I(s)->previous_client_finished_len =
- S3I(s)->hs.finished_len;
+ memcpy(s->s3->previous_client_finished,
+ s->s3->hs.finished, s->s3->hs.finished_len);
+ s->s3->previous_client_finished_len =
+ s->s3->hs.finished_len;
} else {
- memcpy(S3I(s)->previous_server_finished,
- S3I(s)->hs.finished, S3I(s)->hs.finished_len);
- S3I(s)->previous_server_finished_len =
- S3I(s)->hs.finished_len;
+ memcpy(s->s3->previous_server_finished,
+ s->s3->hs.finished, s->s3->hs.finished_len);
+ s->s3->previous_server_finished_len =
+ s->s3->hs.finished_len;
}
if (!ssl3_handshake_msg_start(s, &cbb, &finished,
SSL3_MT_FINISHED))
goto err;
- if (!CBB_add_bytes(&finished, S3I(s)->hs.finished,
- S3I(s)->hs.finished_len))
+ if (!CBB_add_bytes(&finished, s->s3->hs.finished,
+ s->s3->hs.finished_len))
goto err;
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = state_b;
+ s->s3->hs.state = state_b;
}
return (ssl3_handshake_write(s));
@@ -216,12 +216,12 @@ ssl3_get_finished(SSL *s, int a, int b)
return ret;
/* If this occurs, we have missed a message */
- if (!S3I(s)->change_cipher_spec) {
+ if (!s->s3->change_cipher_spec) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
goto fatal_err;
}
- S3I(s)->change_cipher_spec = 0;
+ s->s3->change_cipher_spec = 0;
md_len = TLS1_FINISH_MAC_LENGTH;
@@ -233,14 +233,14 @@ ssl3_get_finished(SSL *s, int a, int b)
CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
- if (S3I(s)->hs.peer_finished_len != md_len ||
+ if (s->s3->hs.peer_finished_len != md_len ||
CBS_len(&cbs) != md_len) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
goto fatal_err;
}
- if (!CBS_mem_equal(&cbs, S3I(s)->hs.peer_finished, CBS_len(&cbs))) {
+ if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
goto fatal_err;
@@ -249,13 +249,13 @@ ssl3_get_finished(SSL *s, int a, int b)
/* Copy finished so we can use it for renegotiation checks. */
OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
if (s->server) {
- memcpy(S3I(s)->previous_client_finished,
- S3I(s)->hs.peer_finished, md_len);
- S3I(s)->previous_client_finished_len = md_len;
+ memcpy(s->s3->previous_client_finished,
+ s->s3->hs.peer_finished, md_len);
+ s->s3->previous_client_finished_len = md_len;
} else {
- memcpy(S3I(s)->previous_server_finished,
- S3I(s)->hs.peer_finished, md_len);
- S3I(s)->previous_server_finished_len = md_len;
+ memcpy(s->s3->previous_server_finished,
+ s->s3->hs.peer_finished, md_len);
+ s->s3->previous_server_finished_len = md_len;
}
return (1);
@@ -272,7 +272,7 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == a) {
+ if (s->s3->hs.state == a) {
if (!CBB_init_fixed(&cbb, s->internal->init_buf->data,
s->internal->init_buf->length))
goto err;
@@ -295,7 +295,7 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b)
dtls1_buffer_message(s, 1);
}
- S3I(s)->hs.state = b;
+ s->s3->hs.state = b;
}
/* SSL3_ST_CW_CHANGE_B */
@@ -408,22 +408,22 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
if (SSL_is_dtls(s))
return dtls1_get_message(s, st1, stn, mt, max);
- if (S3I(s)->hs.tls12.reuse_message) {
- S3I(s)->hs.tls12.reuse_message = 0;
- if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) {
+ if (s->s3->hs.tls12.reuse_message) {
+ s->s3->hs.tls12.reuse_message = 0;
+ if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
goto fatal_err;
}
s->internal->init_msg = s->internal->init_buf->data +
SSL3_HM_HEADER_LENGTH;
- s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
+ s->internal->init_num = (int)s->s3->hs.tls12.message_size;
return 1;
}
p = (unsigned char *)s->internal->init_buf->data;
- if (S3I(s)->hs.state == st1) {
+ if (s->s3->hs.state == st1) {
int skip_message;
do {
@@ -469,7 +469,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
SSLerror(s, ERR_R_BUF_LIB);
goto err;
}
- S3I(s)->hs.tls12.message_type = u8;
+ s->s3->hs.tls12.message_type = u8;
if (l > (unsigned long)max) {
al = SSL_AD_ILLEGAL_PARAMETER;
@@ -481,8 +481,8 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
SSLerror(s, ERR_R_BUF_LIB);
goto err;
}
- S3I(s)->hs.tls12.message_size = l;
- S3I(s)->hs.state = stn;
+ s->s3->hs.tls12.message_size = l;
+ s->s3->hs.state = stn;
s->internal->init_msg = s->internal->init_buf->data +
SSL3_HM_HEADER_LENGTH;
@@ -491,7 +491,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
/* next state (stn) */
p = s->internal->init_msg;
- n = S3I(s)->hs.tls12.message_size - s->internal->init_num;
+ n = s->s3->hs.tls12.message_size - s->internal->init_num;
while (n > 0) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
&p[s->internal->init_num], n, 0);
@@ -644,16 +644,16 @@ ssl3_setup_read_buffer(SSL *s)
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
- if (S3I(s)->rbuf.buf == NULL) {
+ if (s->s3->rbuf.buf == NULL) {
len = SSL3_RT_MAX_PLAIN_LENGTH +
SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
if ((p = calloc(1, len)) == NULL)
goto err;
- S3I(s)->rbuf.buf = p;
- S3I(s)->rbuf.len = len;
+ s->s3->rbuf.buf = p;
+ s->s3->rbuf.len = len;
}
- s->internal->packet = S3I(s)->rbuf.buf;
+ s->internal->packet = s->s3->rbuf.buf;
return 1;
err:
@@ -674,7 +674,7 @@ ssl3_setup_write_buffer(SSL *s)
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
- if (S3I(s)->wbuf.buf == NULL) {
+ if (s->s3->wbuf.buf == NULL) {
len = s->max_send_fragment +
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
@@ -683,8 +683,8 @@ ssl3_setup_write_buffer(SSL *s)
if ((p = calloc(1, len)) == NULL)
goto err;
- S3I(s)->wbuf.buf = p;
- S3I(s)->wbuf.len = len;
+ s->s3->wbuf.buf = p;
+ s->s3->wbuf.len = len;
}
return 1;
@@ -715,11 +715,11 @@ ssl3_release_buffer(SSL3_BUFFER_INTERNAL *b)
void
ssl3_release_read_buffer(SSL *s)
{
- ssl3_release_buffer(&S3I(s)->rbuf);
+ ssl3_release_buffer(&s->s3->rbuf);
}
void
ssl3_release_write_buffer(SSL *s)
{
- ssl3_release_buffer(&S3I(s)->wbuf);
+ ssl3_release_buffer(&s->s3->wbuf);
}
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index 71daf3718bb..30e99ad184e 100644
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.94 2022/01/28 13:14:48 inoguchi Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.95 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -462,7 +462,7 @@ SSL_get_client_CA_list(const SSL *s)
if (!s->server) {
/* We are in the client. */
if ((s->version >> 8) == SSL3_VERSION_MAJOR)
- return (S3I(s)->hs.tls12.ca_names);
+ return (s->s3->hs.tls12.ca_names);
else
return (NULL);
} else {
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index 643d668d7c7..13dcd905255 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.125 2021/11/23 18:26:23 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.126 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -564,10 +564,10 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
*md = NULL;
- if (S3I(s)->hs.cipher == NULL)
+ if (s->s3->hs.cipher == NULL)
return 0;
- handshake_mac = S3I(s)->hs.cipher->algorithm2 &
+ handshake_mac = s->s3->hs.cipher->algorithm2 &
SSL_HANDSHAKE_MAC_MASK;
/* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */
diff --git a/lib/libssl/ssl_ciphers.c b/lib/libssl/ssl_ciphers.c
index 4e4a0d93a4a..7ac40126eda 100644
--- a/lib/libssl/ssl_ciphers.c
+++ b/lib/libssl/ssl_ciphers.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciphers.c,v 1.11 2021/03/11 17:14:46 jsing Exp $ */
+/* $OpenBSD: ssl_ciphers.c,v 1.12 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
* Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org>
@@ -96,7 +96,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
uint16_t cipher_value;
unsigned long cipher_id;
- S3I(s)->send_connection_binding = 0;
+ s->s3->send_connection_binding = 0;
if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -123,7 +123,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
goto err;
}
- S3I(s)->send_connection_binding = 1;
+ s->s3->send_connection_binding = 1;
continue;
}
@@ -134,8 +134,8 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
* Fail if the current version is an unexpected
* downgrade.
*/
- if (S3I(s)->hs.negotiated_tls_version <
- S3I(s)->hs.our_max_tls_version) {
+ if (s->s3->hs.negotiated_tls_version <
+ s->s3->hs.our_max_tls_version) {
SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
ssl3_send_alert(s, SSL3_AL_FATAL,
SSL_AD_INAPPROPRIATE_FALLBACK);
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 6d50ade3987..607b0388256 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.140 2022/02/03 16:33:12 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.141 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -190,12 +190,12 @@ ssl3_connect(SSL *s)
SSL_clear(s);
for (;;) {
- state = S3I(s)->hs.state;
+ state = s->s3->hs.state;
- switch (S3I(s)->hs.state) {
+ switch (s->s3->hs.state) {
case SSL_ST_RENEGOTIATE:
s->internal->renegotiate = 1;
- S3I(s)->hs.state = SSL_ST_CONNECT;
+ s->s3->hs.state = SSL_ST_CONNECT;
s->ctx->internal->stats.sess_connect_renegotiate++;
/* break */
case SSL_ST_BEFORE:
@@ -214,8 +214,8 @@ ssl3_connect(SSL *s)
}
if (!ssl_supported_tls_version_range(s,
- &S3I(s)->hs.our_min_tls_version,
- &S3I(s)->hs.our_max_tls_version)) {
+ &s->s3->hs.our_min_tls_version,
+ &s->s3->hs.our_max_tls_version)) {
SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
ret = -1;
goto end;
@@ -241,7 +241,7 @@ ssl3_connect(SSL *s)
goto end;
}
- S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
+ s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->internal->stats.sess_connect++;
s->internal->init_num = 0;
@@ -270,10 +270,10 @@ ssl3_connect(SSL *s)
goto end;
if (SSL_is_dtls(s) && s->d1->send_cookie) {
- S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
- S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A;
+ s->s3->hs.state = SSL3_ST_CW_FLUSH;
+ s->s3->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A;
} else
- S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
+ s->s3->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
s->internal->init_num = 0;
@@ -290,20 +290,20 @@ ssl3_connect(SSL *s)
goto end;
if (s->internal->hit) {
- S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
if (!SSL_is_dtls(s)) {
if (s->internal->tlsext_ticket_expected) {
/* receive renewed session ticket */
- S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
+ s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
}
/* No client certificate verification. */
tls1_transcript_free(s);
}
} else if (SSL_is_dtls(s)) {
- S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
+ s->s3->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
} else {
- S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
+ s->s3->hs.state = SSL3_ST_CR_CERT_A;
}
s->internal->init_num = 0;
break;
@@ -315,9 +315,9 @@ ssl3_connect(SSL *s)
goto end;
dtls1_stop_timer(s);
if (s->d1->send_cookie) /* start again, with a cookie */
- S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
+ s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
else
- S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
+ s->s3->hs.state = SSL3_ST_CR_CERT_A;
s->internal->init_num = 0;
break;
@@ -329,25 +329,25 @@ ssl3_connect(SSL *s)
if (ret == 2) {
s->internal->hit = 1;
if (s->internal->tlsext_ticket_expected)
- S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
+ s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
else
- S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
s->internal->init_num = 0;
break;
}
/* Check if it is anon DH/ECDH. */
- if (!(S3I(s)->hs.cipher->algorithm_auth &
+ if (!(s->s3->hs.cipher->algorithm_auth &
SSL_aNULL)) {
ret = ssl3_get_server_certificate(s);
if (ret <= 0)
goto end;
if (s->internal->tlsext_status_expected)
- S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A;
+ s->s3->hs.state = SSL3_ST_CR_CERT_STATUS_A;
else
- S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
} else {
skip = 1;
- S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
}
s->internal->init_num = 0;
break;
@@ -357,7 +357,7 @@ ssl3_connect(SSL *s)
ret = ssl3_get_server_key_exchange(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A;
+ s->s3->hs.state = SSL3_ST_CR_CERT_REQ_A;
s->internal->init_num = 0;
/*
@@ -375,7 +375,7 @@ ssl3_connect(SSL *s)
ret = ssl3_get_certificate_request(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A;
+ s->s3->hs.state = SSL3_ST_CR_SRVR_DONE_A;
s->internal->init_num = 0;
break;
@@ -386,10 +386,10 @@ ssl3_connect(SSL *s)
goto end;
if (SSL_is_dtls(s))
dtls1_stop_timer(s);
- if (S3I(s)->hs.tls12.cert_request)
- S3I(s)->hs.state = SSL3_ST_CW_CERT_A;
+ if (s->s3->hs.tls12.cert_request)
+ s->s3->hs.state = SSL3_ST_CW_CERT_A;
else
- S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A;
s->internal->init_num = 0;
break;
@@ -403,7 +403,7 @@ ssl3_connect(SSL *s)
ret = ssl3_send_client_certificate(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A;
s->internal->init_num = 0;
break;
@@ -430,16 +430,16 @@ ssl3_connect(SSL *s)
* message when client's ECDH public key is sent
* inside the client certificate.
*/
- if (S3I(s)->hs.tls12.cert_request == 1) {
- S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A;
+ if (s->s3->hs.tls12.cert_request == 1) {
+ s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_A;
} else {
- S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
- S3I(s)->change_cipher_spec = 0;
+ s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
+ s->s3->change_cipher_spec = 0;
}
if (!SSL_is_dtls(s)) {
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
- S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
- S3I(s)->change_cipher_spec = 0;
+ s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
+ s->s3->change_cipher_spec = 0;
}
}
@@ -453,9 +453,9 @@ ssl3_connect(SSL *s)
ret = ssl3_send_client_verify(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
+ s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
s->internal->init_num = 0;
- S3I(s)->change_cipher_spec = 0;
+ s->s3->change_cipher_spec = 0;
break;
case SSL3_ST_CW_CHANGE_A:
@@ -467,9 +467,9 @@ ssl3_connect(SSL *s)
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_CW_FINISHED_A;
s->internal->init_num = 0;
- s->session->cipher = S3I(s)->hs.cipher;
+ s->session->cipher = s->s3->hs.cipher;
if (!tls1_setup_key_block(s)) {
ret = -1;
@@ -491,18 +491,18 @@ ssl3_connect(SSL *s)
goto end;
if (!SSL_is_dtls(s))
s->s3->flags |= SSL3_FLAGS_CCS_OK;
- S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
+ s->s3->hs.state = SSL3_ST_CW_FLUSH;
/* clear flags */
if (s->internal->hit) {
- S3I(s)->hs.tls12.next_state = SSL_ST_OK;
+ s->s3->hs.tls12.next_state = SSL_ST_OK;
} else {
/* Allow NewSessionTicket if ticket expected */
if (s->internal->tlsext_ticket_expected)
- S3I(s)->hs.tls12.next_state =
+ s->s3->hs.tls12.next_state =
SSL3_ST_CR_SESSION_TICKET_A;
else
- S3I(s)->hs.tls12.next_state =
+ s->s3->hs.tls12.next_state =
SSL3_ST_CR_FINISHED_A;
}
s->internal->init_num = 0;
@@ -513,7 +513,7 @@ ssl3_connect(SSL *s)
ret = ssl3_get_new_session_ticket(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
s->internal->init_num = 0;
break;
@@ -522,7 +522,7 @@ ssl3_connect(SSL *s)
ret = ssl3_get_cert_status(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
s->internal->init_num = 0;
break;
@@ -540,9 +540,9 @@ ssl3_connect(SSL *s)
dtls1_stop_timer(s);
if (s->internal->hit)
- S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
+ s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
else
- S3I(s)->hs.state = SSL_ST_OK;
+ s->s3->hs.state = SSL_ST_OK;
s->internal->init_num = 0;
break;
@@ -553,21 +553,21 @@ ssl3_connect(SSL *s)
/* If the write error was fatal, stop trying */
if (!BIO_should_retry(s->wbio)) {
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
+ s->s3->hs.state = s->s3->hs.tls12.next_state;
}
}
ret = -1;
goto end;
}
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
+ s->s3->hs.state = s->s3->hs.tls12.next_state;
break;
case SSL_ST_OK:
/* clean a few things up */
tls1_cleanup_key_block(s);
- if (S3I(s)->handshake_transcript != NULL) {
+ if (s->s3->handshake_transcript != NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
ret = -1;
goto end;
@@ -610,17 +610,17 @@ ssl3_connect(SSL *s)
}
/* did we do anything */
- if (!S3I(s)->hs.tls12.reuse_message && !skip) {
+ if (!s->s3->hs.tls12.reuse_message && !skip) {
if (s->internal->debug) {
if ((ret = BIO_flush(s->wbio)) <= 0)
goto end;
}
- if (S3I(s)->hs.state != state) {
- new_state = S3I(s)->hs.state;
- S3I(s)->hs.state = state;
+ if (s->s3->hs.state != state) {
+ new_state = s->s3->hs.state;
+ s->s3->hs.state = state;
ssl_info_callback(s, SSL_CB_CONNECT_LOOP, 1);
- S3I(s)->hs.state = new_state;
+ s->s3->hs.state = new_state;
}
}
skip = 0;
@@ -643,7 +643,7 @@ ssl3_send_client_hello(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {
+ if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {
SSL_SESSION *sess = s->session;
if (!ssl_max_supported_version(s, &max_version)) {
@@ -734,7 +734,7 @@ ssl3_send_client_hello(SSL *s)
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B;
+ s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_B;
}
/* SSL3_ST_CW_CLNT_HELLO_B */
@@ -758,9 +758,9 @@ ssl3_get_dtls_hello_verify(SSL *s)
DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list)) <= 0)
return ret;
- if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
+ if (s->s3->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
s->d1->send_cookie = 0;
- S3I(s)->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
}
@@ -831,9 +831,9 @@ ssl3_get_server_hello(SSL *s)
CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
if (SSL_is_dtls(s)) {
- if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+ if (s->s3->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
if (s->d1->send_cookie == 0) {
- S3I(s)->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
} else {
/* Already sent a cookie. */
@@ -844,7 +844,7 @@ ssl3_get_server_hello(SSL *s)
}
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
@@ -859,11 +859,11 @@ ssl3_get_server_hello(SSL *s)
al = SSL_AD_PROTOCOL_VERSION;
goto fatal_err;
}
- S3I(s)->hs.peer_legacy_version = server_version;
+ s->s3->hs.peer_legacy_version = server_version;
s->version = server_version;
- S3I(s)->hs.negotiated_tls_version = ssl_tls_version(server_version);
- if (S3I(s)->hs.negotiated_tls_version == 0) {
+ s->s3->hs.negotiated_tls_version = ssl_tls_version(server_version);
+ if (s->s3->hs.negotiated_tls_version == 0) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -881,8 +881,8 @@ ssl3_get_server_hello(SSL *s)
sizeof(s->s3->server_random), NULL))
goto err;
- if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION &&
- S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) {
+ if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION &&
+ s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) {
/*
* RFC 8446 section 4.1.3. We must not downgrade if the server
* random value contains the TLS 1.2 or TLS 1.1 magical value.
@@ -890,7 +890,7 @@ ssl3_get_server_hello(SSL *s)
if (!CBS_skip(&server_random,
CBS_len(&server_random) - sizeof(tls13_downgrade_12)))
goto err;
- if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION &&
+ if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION &&
CBS_mem_equal(&server_random, tls13_downgrade_12,
sizeof(tls13_downgrade_12))) {
al = SSL_AD_ILLEGAL_PARAMETER;
@@ -981,7 +981,7 @@ ssl3_get_server_hello(SSL *s)
/* TLS v1.2 only ciphersuites require v1.2 or later. */
if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
- S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION) {
+ s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
goto fatal_err;
@@ -1006,7 +1006,7 @@ ssl3_get_server_hello(SSL *s)
SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
goto fatal_err;
}
- S3I(s)->hs.cipher = cipher;
+ s->s3->hs.cipher = cipher;
if (!tls1_transcript_hash_init(s))
goto err;
@@ -1015,7 +1015,7 @@ ssl3_get_server_hello(SSL *s)
* Don't digest cached records if no sigalgs: we may need them for
* client authentication.
*/
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
tls1_transcript_free(s);
@@ -1044,7 +1044,7 @@ ssl3_get_server_hello(SSL *s)
* which doesn't support RI so for the immediate future tolerate RI
* absence on initial connect only.
*/
- if (!S3I(s)->renegotiate_seen &&
+ if (!s->s3->renegotiate_seen &&
!(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
@@ -1085,12 +1085,12 @@ ssl3_get_server_certificate(SSL *s)
ret = -1;
- if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
- S3I(s)->hs.tls12.reuse_message = 1;
+ if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
@@ -1208,11 +1208,11 @@ ssl3_get_server_kex_dhe(SSL *s, CBS *cbs)
int decode_error, invalid_params, invalid_key;
int nid = NID_dhKeyAgreement;
- tls_key_share_free(S3I(s)->hs.key_share);
- if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
+ tls_key_share_free(s->s3->hs.key_share);
+ if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
goto err;
- if (!tls_key_share_peer_params(S3I(s)->hs.key_share, cbs,
+ if (!tls_key_share_peer_params(s->s3->hs.key_share, cbs,
&decode_error, &invalid_params)) {
if (decode_error) {
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
@@ -1220,7 +1220,7 @@ ssl3_get_server_kex_dhe(SSL *s, CBS *cbs)
}
goto err;
}
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs,
&decode_error, &invalid_key)) {
if (decode_error) {
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
@@ -1279,11 +1279,11 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs)
goto err;
}
- tls_key_share_free(S3I(s)->hs.key_share);
- if ((S3I(s)->hs.key_share = tls_key_share_new(curve_id)) == NULL)
+ tls_key_share_free(s->s3->hs.key_share);
+ if ((s->s3->hs.key_share = tls_key_share_new(curve_id)) == NULL)
goto err;
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share, &public,
&decode_error, NULL)) {
if (decode_error)
goto decode_err;
@@ -1309,8 +1309,8 @@ ssl3_get_server_key_exchange(SSL *s)
long alg_k, alg_a;
int al, ret;
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
- alg_a = S3I(s)->hs.cipher->algorithm_auth;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
+ alg_a = s->s3->hs.cipher->algorithm_auth;
/*
* Use same message size as in ssl3_get_certificate_request()
@@ -1328,7 +1328,7 @@ ssl3_get_server_key_exchange(SSL *s)
CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
/*
* Do not skip server key exchange if this cipher suite uses
* ephemeral keys.
@@ -1339,7 +1339,7 @@ ssl3_get_server_key_exchange(SSL *s)
goto fatal_err;
}
- S3I(s)->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.reuse_message = 1;
EVP_MD_CTX_free(md_ctx);
return (1);
}
@@ -1398,7 +1398,7 @@ ssl3_get_server_key_exchange(SSL *s)
al = SSL_AD_DECODE_ERROR;
goto fatal_err;
}
- S3I(s)->hs.peer_sigalg = sigalg;
+ s->s3->hs.peer_sigalg = sigalg;
if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(),
NULL, pkey))
@@ -1462,10 +1462,10 @@ ssl3_get_certificate_request(SSL *s)
ret = 0;
- S3I(s)->hs.tls12.cert_request = 0;
+ s->s3->hs.tls12.cert_request = 0;
- if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) {
- S3I(s)->hs.tls12.reuse_message = 1;
+ if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_DONE) {
+ s->s3->hs.tls12.reuse_message = 1;
/*
* If we get here we don't need any cached handshake records
* as we wont be doing client auth.
@@ -1474,14 +1474,14 @@ ssl3_get_certificate_request(SSL *s)
return (1);
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
goto err;
}
/* TLS does not like anon-DH with client cert */
- if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
+ if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
goto err;
@@ -1516,8 +1516,8 @@ ssl3_get_certificate_request(SSL *s)
SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
goto err;
}
- if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs,
- &S3I(s)->hs.sigalgs_len))
+ if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs,
+ &s->s3->hs.sigalgs_len))
goto err;
}
@@ -1569,9 +1569,9 @@ ssl3_get_certificate_request(SSL *s)
}
/* we should setup a certificate to return.... */
- S3I(s)->hs.tls12.cert_request = 1;
- sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
- S3I(s)->hs.tls12.ca_names = ca_sk;
+ s->s3->hs.tls12.cert_request = 1;
+ sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
+ s->s3->hs.tls12.ca_names = ca_sk;
ca_sk = NULL;
ret = 1;
@@ -1602,11 +1602,11 @@ ssl3_get_new_session_ticket(SSL *s)
SSL3_ST_CR_SESSION_TICKET_B, -1, 16384)) <= 0)
return ret;
- if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) {
- S3I(s)->hs.tls12.reuse_message = 1;
+ if (s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) {
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
@@ -1673,7 +1673,7 @@ ssl3_get_cert_status(SSL *s)
SSL3_ST_CR_CERT_STATUS_B, -1, 16384)) <= 0)
return ret;
- if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
+ if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
/*
* Tell the callback the server did not send us an OSCP
* response, and has decided to head directly to key exchange.
@@ -1696,12 +1696,12 @@ ssl3_get_cert_status(SSL *s)
goto fatal_err;
}
}
- S3I(s)->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE &&
- S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE &&
+ s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
@@ -1858,17 +1858,17 @@ ssl3_send_client_kex_dhe(SSL *s, CBB *cbb)
int ret = 0;
/* Ensure that we have an ephemeral key from the server for DHE. */
- if (S3I(s)->hs.key_share == NULL) {
+ if (s->s3->hs.key_share == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerror(s, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
goto err;
}
- if (!tls_key_share_generate(S3I(s)->hs.key_share))
+ if (!tls_key_share_generate(s->s3->hs.key_share))
goto err;
- if (!tls_key_share_public(S3I(s)->hs.key_share, cbb))
+ if (!tls_key_share_public(s->s3->hs.key_share, cbb))
goto err;
- if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len))
+ if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
goto err;
if (!tls12_derive_master_secret(s, key, key_len))
@@ -1891,23 +1891,23 @@ ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb)
int ret = 0;
/* Ensure that we have an ephemeral key for ECDHE. */
- if (S3I(s)->hs.key_share == NULL) {
+ if (s->s3->hs.key_share == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
- if (!tls_key_share_generate(S3I(s)->hs.key_share))
+ if (!tls_key_share_generate(s->s3->hs.key_share))
goto err;
if (!CBB_add_u8_length_prefixed(cbb, &public))
return 0;
- if (!tls_key_share_public(S3I(s)->hs.key_share, &public))
+ if (!tls_key_share_public(s->s3->hs.key_share, &public))
goto err;
if (!CBB_flush(cbb))
goto err;
- if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len))
+ if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
goto err;
if (!tls12_derive_master_secret(s, key, key_len))
@@ -1960,7 +1960,7 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
* If we have client certificate, use its secret as peer key.
* XXX - this presumably lacks PFS.
*/
- if (S3I(s)->hs.tls12.cert_request != 0 &&
+ if (s->s3->hs.tls12.cert_request != 0 &&
s->cert->key->privatekey != NULL) {
if (EVP_PKEY_derive_set_peer(pkey_ctx,
s->cert->key->privatekey) <=0) {
@@ -1981,7 +1981,7 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
}
/* XXX check handshake hash instead. */
- if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
+ if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
nid = NID_id_GostR3411_94;
else
nid = NID_id_tc26_gost3411_2012_256;
@@ -2042,8 +2042,8 @@ ssl3_send_client_key_exchange(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ if (s->s3->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
if (!ssl3_handshake_msg_start(s, &cbb, &kex,
SSL3_MT_CLIENT_KEY_EXCHANGE))
@@ -2071,7 +2071,7 @@ ssl3_send_client_key_exchange(SSL *s)
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B;
+ s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_B;
}
/* SSL3_ST_CW_KEY_EXCH_B */
@@ -2302,7 +2302,7 @@ ssl3_send_client_verify(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) {
+ if (s->s3->hs.state == SSL3_ST_CW_CERT_VRFY_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &cert_verify,
SSL3_MT_CERTIFICATE_VERIFY))
goto err;
@@ -2312,7 +2312,7 @@ ssl3_send_client_verify(SSL *s)
SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
goto err;
}
- S3I(s)->hs.our_sigalg = sigalg;
+ s->s3->hs.our_sigalg = sigalg;
/*
* For TLS v1.2 send signature algorithm and signature using
@@ -2344,7 +2344,7 @@ ssl3_send_client_verify(SSL *s)
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B;
+ s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_B;
}
return (ssl3_handshake_write(s));
@@ -2365,16 +2365,16 @@ ssl3_send_client_certificate(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) {
+ if (s->s3->hs.state == SSL3_ST_CW_CERT_A) {
if (s->cert->key->x509 == NULL ||
s->cert->key->privatekey == NULL)
- S3I(s)->hs.state = SSL3_ST_CW_CERT_B;
+ s->s3->hs.state = SSL3_ST_CW_CERT_B;
else
- S3I(s)->hs.state = SSL3_ST_CW_CERT_C;
+ s->s3->hs.state = SSL3_ST_CW_CERT_C;
}
/* We need to get a client cert */
- if (S3I(s)->hs.state == SSL3_ST_CW_CERT_B) {
+ if (s->s3->hs.state == SSL3_ST_CW_CERT_B) {
/*
* If we get an error, we need to
* ssl->internal->rwstate = SSL_X509_LOOKUP; return(-1);
@@ -2387,7 +2387,7 @@ ssl3_send_client_certificate(SSL *s)
}
s->internal->rwstate = SSL_NOTHING;
if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
- S3I(s)->hs.state = SSL3_ST_CW_CERT_B;
+ s->s3->hs.state = SSL3_ST_CW_CERT_B;
if (!SSL_use_certificate(s, x509) ||
!SSL_use_PrivateKey(s, pkey))
i = 0;
@@ -2399,27 +2399,27 @@ ssl3_send_client_certificate(SSL *s)
X509_free(x509);
EVP_PKEY_free(pkey);
if (i == 0) {
- S3I(s)->hs.tls12.cert_request = 2;
+ s->s3->hs.tls12.cert_request = 2;
/* There is no client certificate to verify. */
tls1_transcript_free(s);
}
/* Ok, we have a cert */
- S3I(s)->hs.state = SSL3_ST_CW_CERT_C;
+ s->s3->hs.state = SSL3_ST_CW_CERT_C;
}
- if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) {
+ if (s->s3->hs.state == SSL3_ST_CW_CERT_C) {
if (!ssl3_handshake_msg_start(s, &cbb, &client_cert,
SSL3_MT_CERTIFICATE))
goto err;
if (!ssl3_output_cert_chain(s, &client_cert,
- (S3I(s)->hs.tls12.cert_request == 2) ? NULL : s->cert->key))
+ (s->s3->hs.tls12.cert_request == 2) ? NULL : s->cert->key))
goto err;
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_CW_CERT_D;
+ s->s3->hs.state = SSL3_ST_CW_CERT_D;
}
/* SSL3_ST_CW_CERT_D */
@@ -2440,15 +2440,15 @@ ssl3_check_cert_and_algorithm(SSL *s)
int nid = NID_undef;
int i;
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
- alg_a = S3I(s)->hs.cipher->algorithm_auth;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
+ alg_a = s->s3->hs.cipher->algorithm_auth;
/* We don't have a certificate. */
if (alg_a & SSL_aNULL)
return (1);
- if (S3I(s)->hs.key_share != NULL)
- nid = tls_key_share_nid(S3I(s)->hs.key_share);
+ if (s->s3->hs.key_share != NULL)
+ nid = tls_key_share_nid(s->s3->hs.key_share);
/* This is the passed certificate. */
@@ -2505,9 +2505,9 @@ ssl3_check_finished(SSL *s)
SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)
return ret;
- S3I(s)->hs.tls12.reuse_message = 1;
- if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) ||
- (S3I(s)->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET))
+ s->s3->hs.tls12.reuse_message = 1;
+ if ((s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) ||
+ (s->s3->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET))
return (2);
return (1);
diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c
index 9ea7cd469ad..d4c9fbbf076 100644
--- a/lib/libssl/ssl_err.c
+++ b/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.39 2021/09/10 09:25:29 tb Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.40 2022/02/05 14:54:10 jsing Exp $ */
/* ====================================================================
* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
*
@@ -666,5 +666,5 @@ void
SSL_error_internal(const SSL *s, int r, char *f, int l)
{
ERR_PUT_error(ERR_LIB_SSL,
- (SSL_state_func_code(S3I(s)->hs.state)), r, f, l);
+ (SSL_state_func_code(s->s3->hs.state)), r, f, l);
}
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 91080e93608..ad7fe4d5752 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.287 2022/01/14 09:10:11 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.288 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -732,10 +732,10 @@ SSL_get_finished(const SSL *s, void *buf, size_t count)
{
size_t ret;
- ret = S3I(s)->hs.finished_len;
+ ret = s->s3->hs.finished_len;
if (count > ret)
count = ret;
- memcpy(buf, S3I(s)->hs.finished, count);
+ memcpy(buf, s->s3->hs.finished, count);
return (ret);
}
@@ -745,10 +745,10 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
{
size_t ret;
- ret = S3I(s)->hs.peer_finished_len;
+ ret = s->s3->hs.peer_finished_len;
if (count > ret)
count = ret;
- memcpy(buf, S3I(s)->hs.peer_finished, count);
+ memcpy(buf, s->s3->hs.peer_finished, count);
return (ret);
}
@@ -1294,7 +1294,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
return (1);
case SSL_CTRL_GET_RI_SUPPORT:
if (s->s3)
- return (S3I(s)->send_connection_binding);
+ return (s->s3->send_connection_binding);
else return (0);
default:
if (SSL_is_dtls(s))
@@ -1837,8 +1837,8 @@ void
SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned int *len)
{
- *data = ssl->s3->internal->alpn_selected;
- *len = ssl->s3->internal->alpn_selected_len;
+ *data = ssl->s3->alpn_selected;
+ *len = ssl->s3->alpn_selected_len;
}
void
@@ -2224,8 +2224,8 @@ ssl_using_ecc_cipher(SSL *s)
{
unsigned long alg_a, alg_k;
- alg_a = S3I(s)->hs.cipher->algorithm_auth;
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_a = s->s3->hs.cipher->algorithm_auth;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
return s->session->tlsext_ecpointformatlist != NULL &&
s->session->tlsext_ecpointformatlist_length > 0 &&
@@ -2235,7 +2235,7 @@ ssl_using_ecc_cipher(SSL *s)
int
ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x)
{
- const SSL_CIPHER *cs = S3I(s)->hs.cipher;
+ const SSL_CIPHER *cs = s->s3->hs.cipher;
unsigned long alg_a;
alg_a = cs->algorithm_auth;
@@ -2259,9 +2259,9 @@ ssl_get_server_send_pkey(const SSL *s)
int i;
c = s->cert;
- ssl_set_cert_masks(c, S3I(s)->hs.cipher);
+ ssl_set_cert_masks(c, s->s3->hs.cipher);
- alg_a = S3I(s)->hs.cipher->algorithm_auth;
+ alg_a = s->s3->hs.cipher->algorithm_auth;
if (alg_a & SSL_aECDSA) {
i = SSL_PKEY_ECC;
@@ -2319,9 +2319,9 @@ ssl_dhe_params_auto_key_bits(SSL *s)
if (s->cert->dhe_params_auto == 2) {
key_bits = 1024;
- } else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
+ } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
key_bits = 1024;
- if (S3I(s)->hs.cipher->strength_bits == 256)
+ if (s->s3->hs.cipher->strength_bits == 256)
key_bits = 3072;
} else {
if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
@@ -2352,7 +2352,7 @@ ssl_should_update_external_cache(SSL *s, int mode)
return 1;
/* If it's TLS 1.3, do it to match OpenSSL */
- if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION)
+ if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION)
return 1;
return 0;
@@ -2377,7 +2377,7 @@ ssl_should_update_internal_cache(SSL *s, int mode)
return 0;
/* If we are lesser than TLS 1.3, Cache it. */
- if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION)
+ if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
return 1;
/* Below this we consider TLS 1.3 or later */
@@ -2556,7 +2556,7 @@ SSL_get_error(const SSL *s, int i)
if (i == 0) {
if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&
- (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY))
+ (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
return (SSL_ERROR_ZERO_RETURN);
}
return (SSL_ERROR_SYSCALL);
@@ -2589,7 +2589,7 @@ SSL_set_accept_state(SSL *s)
{
s->server = 1;
s->internal->shutdown = 0;
- S3I(s)->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
+ s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
s->internal->handshake_func = s->method->ssl_accept;
ssl_clear_cipher_state(s);
}
@@ -2599,7 +2599,7 @@ SSL_set_connect_state(SSL *s)
{
s->server = 0;
s->internal->shutdown = 0;
- S3I(s)->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
+ s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
s->internal->handshake_func = s->method->ssl_connect;
ssl_clear_cipher_state(s);
}
@@ -2731,7 +2731,7 @@ SSL_dup(SSL *s)
ret->internal->quiet_shutdown = s->internal->quiet_shutdown;
ret->internal->shutdown = s->internal->shutdown;
/* SSL_dup does not really work at any state, though */
- S3I(ret)->hs.state = S3I(s)->hs.state;
+ ret->s3->hs.state = s->s3->hs.state;
ret->internal->rstate = s->internal->rstate;
/*
@@ -3018,13 +3018,13 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
int
SSL_state(const SSL *ssl)
{
- return (S3I(ssl)->hs.state);
+ return (ssl->s3->hs.state);
}
void
SSL_set_state(SSL *ssl, int state)
{
- S3I(ssl)->hs.state = state;
+ ssl->s3->hs.state = state;
}
void
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index ee64ec208ef..69e52dcc8cc 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.384 2022/02/03 16:33:12 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.385 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1132,7 +1132,12 @@ typedef struct ssl3_buffer_internal_st {
int left; /* how many bytes left */
} SSL3_BUFFER_INTERNAL;
-typedef struct ssl3_state_internal_st {
+typedef struct ssl3_state_st {
+ long flags;
+
+ unsigned char server_random[SSL3_RANDOM_SIZE];
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+
SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */
SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */
@@ -1204,21 +1209,8 @@ typedef struct ssl3_state_internal_st {
*/
unsigned char *alpn_selected;
size_t alpn_selected_len;
-} SSL3_STATE_INTERNAL;
-#define S3I(s) (s->s3->internal)
-
-typedef struct ssl3_state_st {
- long flags;
-
- unsigned char server_random[SSL3_RANDOM_SIZE];
- unsigned char client_random[SSL3_RANDOM_SIZE];
-
- struct ssl3_state_internal_st *internal;
} SSL3_STATE;
-/*#define SSL_DEBUG */
-/*#define RSA_DEBUG */
-
/*
* Flag values for enc_flags.
*/
diff --git a/lib/libssl/ssl_packet.c b/lib/libssl/ssl_packet.c
index af56dcef7f6..091685b2178 100644
--- a/lib/libssl/ssl_packet.c
+++ b/lib/libssl/ssl_packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_packet.c,v 1.12 2021/07/01 17:53:39 jsing Exp $ */
+/* $OpenBSD: ssl_packet.c,v 1.13 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
@@ -209,10 +209,10 @@ ssl_convert_sslv2_client_hello(SSL *s)
if (!CBB_finish(&cbb, &data, &data_len))
goto err;
- if (data_len > S3I(s)->rbuf.len)
+ if (data_len > s->s3->rbuf.len)
goto err;
- s->internal->packet = S3I(s)->rbuf.buf;
+ s->internal->packet = s->s3->rbuf.buf;
s->internal->packet_length = data_len;
memcpy(s->internal->packet, data, data_len);
ret = 1;
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c
index e3101eefbac..3374713644c 100644
--- a/lib/libssl/ssl_pkt.c
+++ b/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.52 2021/10/25 10:14:48 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.53 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -142,7 +142,7 @@ ssl_force_want_read(SSL *s)
/*
* If extend == 0, obtain new n-byte packet; if extend == 1, increase
* packet by another n bytes.
- * The packet will be in the sub-array of S3I(s)->rbuf.buf specified
+ * The packet will be in the sub-array of s->s3->rbuf.buf specified
* by s->internal->packet and s->internal->packet_length.
* (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf
* [plus s->internal->packet_length bytes if extend == 1].)
@@ -150,7 +150,7 @@ ssl_force_want_read(SSL *s)
static int
ssl3_read_n(SSL *s, int n, int max, int extend)
{
- SSL3_BUFFER_INTERNAL *rb = &(S3I(s)->rbuf);
+ SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf);
int i, len, left;
size_t align;
unsigned char *pkt;
@@ -239,7 +239,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
}
while (left < n) {
- /* Now we have len+left bytes at the front of S3I(s)->rbuf.buf
+ /* Now we have len+left bytes at the front of s->s3->rbuf.buf
* and need to read in more until we have len+n (up to
* len+max if possible) */
@@ -288,7 +288,7 @@ ssl3_packet_read(SSL *s, int plen)
{
int n;
- n = ssl3_read_n(s, plen, S3I(s)->rbuf.len, 0);
+ n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0);
if (n <= 0)
return n;
if (s->internal->packet_length < plen)
@@ -327,8 +327,8 @@ ssl3_packet_extend(SSL *s, int plen)
static int
ssl3_get_record(SSL *s)
{
- SSL3_BUFFER_INTERNAL *rb = &(S3I(s)->rbuf);
- SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec);
+ SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf);
+ SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
uint8_t alert_desc;
uint8_t *out;
size_t out_len;
@@ -483,8 +483,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
}
s->internal->rwstate = SSL_NOTHING;
- tot = S3I(s)->wnum;
- S3I(s)->wnum = 0;
+ tot = s->s3->wnum;
+ s->s3->wnum = 0;
if (SSL_in_init(s) && !s->internal->in_handshake) {
i = s->internal->handshake_func(s);
@@ -507,7 +507,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
i = do_ssl3_write(s, type, &(buf[tot]), nw);
if (i <= 0) {
- S3I(s)->wnum = tot;
+ s->s3->wnum = tot;
return i;
}
@@ -518,7 +518,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
* empty fragment in ciphersuites with known-IV
* weakness.
*/
- S3I(s)->empty_fragment_done = 0;
+ s->s3->empty_fragment_done = 0;
return tot + i;
}
@@ -531,7 +531,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
static int
do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
- SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
+ SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
SSL_SESSION *sess = s->session;
int need_empty_fragment = 0;
size_t align, out_len;
@@ -553,7 +553,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
return (ssl3_write_pending(s, type, buf, len));
/* If we have an alert to send, let's send it. */
- if (S3I(s)->alert_dispatch) {
+ if (s->s3->alert_dispatch) {
if ((ret = ssl3_dispatch_alert(s)) <= 0)
return (ret);
/* If it went, fall through and send more stuff. */
@@ -572,9 +572,9 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
* bytes and record version number > TLS 1.0.
*/
version = s->version;
- if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B &&
+ if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B &&
!s->internal->renegotiate &&
- S3I(s)->hs.our_max_tls_version > TLS1_VERSION)
+ s->s3->hs.our_max_tls_version > TLS1_VERSION)
version = TLS1_VERSION;
/*
@@ -583,8 +583,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
* is unnecessary for AEAD.
*/
if (sess != NULL && tls12_record_layer_write_protected(s->internal->rl)) {
- if (S3I(s)->need_empty_fragments &&
- !S3I(s)->empty_fragment_done &&
+ if (s->s3->need_empty_fragments &&
+ !s->s3->empty_fragment_done &&
type == SSL3_RT_APPLICATION_DATA)
need_empty_fragment = 1;
}
@@ -609,7 +609,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
if (!tls12_record_layer_seal_record(s->internal->rl, type,
buf, 0, &cbb))
goto err;
- S3I(s)->empty_fragment_done = 1;
+ s->s3->empty_fragment_done = 1;
}
if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb))
@@ -624,10 +624,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
* Memorize arguments so that ssl3_write_pending can detect
* bad write retries later.
*/
- S3I(s)->wpend_tot = len;
- S3I(s)->wpend_buf = buf;
- S3I(s)->wpend_type = type;
- S3I(s)->wpend_ret = len;
+ s->s3->wpend_tot = len;
+ s->s3->wpend_buf = buf;
+ s->s3->wpend_type = type;
+ s->s3->wpend_ret = len;
/* We now just need to write the buffer. */
return ssl3_write_pending(s, type, buf, len);
@@ -638,17 +638,17 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
return -1;
}
-/* if S3I(s)->wbuf.left != 0, we need to call this */
+/* if s->s3->wbuf.left != 0, we need to call this */
int
ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
int i;
- SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
+ SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
/* XXXX */
- if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
+ if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) &&
!(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
- (S3I(s)->wpend_type != type)) {
+ (s->s3->wpend_type != type)) {
SSLerror(s, SSL_R_BAD_WRITE_RETRY);
return (-1);
}
@@ -670,7 +670,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
!SSL_is_dtls(s))
ssl3_release_write_buffer(s);
s->internal->rwstate = SSL_NOTHING;
- return (S3I(s)->wpend_ret);
+ return (s->s3->wpend_ret);
} else if (i <= 0) {
/*
* For DTLS, just drop it. That's kind of the
@@ -720,7 +720,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
unsigned int n;
SSL3_RECORD_INTERNAL *rr;
- if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
+ if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
if (!ssl3_setup_read_buffer(s))
return (-1);
@@ -737,28 +737,28 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
if ((type == SSL3_RT_HANDSHAKE) &&
- (S3I(s)->handshake_fragment_len > 0)) {
+ (s->s3->handshake_fragment_len > 0)) {
/* (partially) satisfy request from storage */
- unsigned char *src = S3I(s)->handshake_fragment;
+ unsigned char *src = s->s3->handshake_fragment;
unsigned char *dst = buf;
unsigned int k;
/* peek == 0 */
n = 0;
- while ((len > 0) && (S3I(s)->handshake_fragment_len > 0)) {
+ while ((len > 0) && (s->s3->handshake_fragment_len > 0)) {
*dst++ = *src++;
len--;
- S3I(s)->handshake_fragment_len--;
+ s->s3->handshake_fragment_len--;
n++;
}
/* move any remaining fragment bytes: */
- for (k = 0; k < S3I(s)->handshake_fragment_len; k++)
- S3I(s)->handshake_fragment[k] = *src++;
+ for (k = 0; k < s->s3->handshake_fragment_len; k++)
+ s->s3->handshake_fragment[k] = *src++;
return n;
}
/*
- * Now S3I(s)->handshake_fragment_len == 0 if
+ * Now s->s3->handshake_fragment_len == 0 if
* type == SSL3_RT_HANDSHAKE.
*/
if (!s->internal->in_handshake && SSL_in_init(s)) {
@@ -789,12 +789,12 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
s->internal->rwstate = SSL_NOTHING;
/*
- * S3I(s)->rrec.type - is the type of record
- * S3I(s)->rrec.data, - data
- * S3I(s)->rrec.off, - offset into 'data' for next read
- * S3I(s)->rrec.length, - number of bytes.
+ * s->s3->rrec.type - is the type of record
+ * s->s3->rrec.data, - data
+ * s->s3->rrec.off, - offset into 'data' for next read
+ * s->s3->rrec.length, - number of bytes.
*/
- rr = &(S3I(s)->rrec);
+ rr = &(s->s3->rrec);
/* get new packet if necessary */
if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) {
@@ -805,7 +805,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
/* we now have a packet which can be read and processed */
- if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec,
+ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */
&& (rr->type != SSL3_RT_HANDSHAKE)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -850,7 +850,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
s->internal->rstate = SSL_ST_READ_HEADER;
rr->off = 0;
if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&
- S3I(s)->rbuf.left == 0)
+ s->s3->rbuf.left == 0)
ssl3_release_read_buffer(s);
}
}
@@ -872,13 +872,13 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
unsigned int *dest_len = NULL;
if (rr->type == SSL3_RT_HANDSHAKE) {
- dest_maxlen = sizeof S3I(s)->handshake_fragment;
- dest = S3I(s)->handshake_fragment;
- dest_len = &S3I(s)->handshake_fragment_len;
+ dest_maxlen = sizeof s->s3->handshake_fragment;
+ dest = s->s3->handshake_fragment;
+ dest_len = &s->s3->handshake_fragment_len;
} else if (rr->type == SSL3_RT_ALERT) {
- dest_maxlen = sizeof S3I(s)->alert_fragment;
- dest = S3I(s)->alert_fragment;
- dest_len = &S3I(s)->alert_fragment_len;
+ dest_maxlen = sizeof s->s3->alert_fragment;
+ dest = s->s3->alert_fragment;
+ dest_len = &s->s3->alert_fragment_len;
}
if (dest_maxlen > 0) {
/* available space in 'dest' */
@@ -897,30 +897,30 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
}
- /* S3I(s)->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
- * S3I(s)->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
+ /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
+ * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
* (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
/* If we are a client, check for an incoming 'Hello Request': */
- if ((!s->server) && (S3I(s)->handshake_fragment_len >= 4) &&
- (S3I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
+ if ((!s->server) && (s->s3->handshake_fragment_len >= 4) &&
+ (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
(s->session != NULL) && (s->session->cipher != NULL)) {
- S3I(s)->handshake_fragment_len = 0;
+ s->s3->handshake_fragment_len = 0;
- if ((S3I(s)->handshake_fragment[1] != 0) ||
- (S3I(s)->handshake_fragment[2] != 0) ||
- (S3I(s)->handshake_fragment[3] != 0)) {
+ if ((s->s3->handshake_fragment[1] != 0) ||
+ (s->s3->handshake_fragment[2] != 0) ||
+ (s->s3->handshake_fragment[3] != 0)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
goto fatal_err;
}
ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE,
- S3I(s)->handshake_fragment, 4);
+ s->s3->handshake_fragment, 4);
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !S3I(s)->renegotiate) {
+ !s->s3->renegotiate) {
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s)) {
i = s->internal->handshake_func(s);
@@ -932,7 +932,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
- if (S3I(s)->rbuf.left == 0) {
+ if (s->s3->rbuf.left == 0) {
ssl_force_want_read(s);
return (-1);
}
@@ -945,8 +945,8 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
/* Disallow client initiated renegotiation if configured. */
if (s->server && SSL_is_init_finished(s) &&
- S3I(s)->handshake_fragment_len >= 4 &&
- S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO &&
+ s->s3->handshake_fragment_len >= 4 &&
+ s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO &&
(s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) {
al = SSL_AD_NO_RENEGOTIATION;
goto fatal_err;
@@ -957,29 +957,29 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
*/
if (s->server &&
SSL_is_init_finished(s) &&
- !S3I(s)->send_connection_binding &&
- (S3I(s)->handshake_fragment_len >= 4) &&
- (S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
+ !s->s3->send_connection_binding &&
+ (s->s3->handshake_fragment_len >= 4) &&
+ (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
(s->session != NULL) && (s->session->cipher != NULL)) {
- /*S3I(s)->handshake_fragment_len = 0;*/
+ /*s->s3->handshake_fragment_len = 0;*/
rr->length = 0;
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
goto start;
}
- if (S3I(s)->alert_fragment_len >= 2) {
- int alert_level = S3I(s)->alert_fragment[0];
- int alert_descr = S3I(s)->alert_fragment[1];
+ if (s->s3->alert_fragment_len >= 2) {
+ int alert_level = s->s3->alert_fragment[0];
+ int alert_descr = s->s3->alert_fragment[1];
- S3I(s)->alert_fragment_len = 0;
+ s->s3->alert_fragment_len = 0;
ssl_msg_callback(s, 0, SSL3_RT_ALERT,
- S3I(s)->alert_fragment, 2);
+ s->s3->alert_fragment, 2);
ssl_info_callback(s, SSL_CB_READ_ALERT,
(alert_level << 8) | alert_descr);
if (alert_level == SSL3_AL_WARNING) {
- S3I(s)->warn_alert = alert_descr;
+ s->s3->warn_alert = alert_descr;
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
@@ -1000,7 +1000,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
} else if (alert_level == SSL3_AL_FATAL) {
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->fatal_alert = alert_descr;
+ s->s3->fatal_alert = alert_descr;
SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
ERR_asprintf_error_data("SSL alert number %d",
alert_descr);
@@ -1034,7 +1034,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
/* Check we have a cipher to change to */
- if (S3I(s)->hs.cipher == NULL) {
+ if (s->s3->hs.cipher == NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
goto fatal_err;
@@ -1052,7 +1052,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
ssl_msg_callback(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1);
- S3I(s)->change_cipher_spec = 1;
+ s->s3->change_cipher_spec = 1;
if (!ssl3_do_change_cipher_spec(s))
goto err;
else
@@ -1060,10 +1060,10 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
/* Unexpected handshake message (Client Hello, or protocol violation) */
- if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) {
- if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
+ if ((s->s3->handshake_fragment_len >= 4) && !s->internal->in_handshake) {
+ if (((s->s3->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
- S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+ s->s3->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
s->internal->renegotiate = 1;
s->internal->new_session = 1;
}
@@ -1076,7 +1076,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
- if (S3I(s)->rbuf.left == 0) {
+ if (s->s3->rbuf.left == 0) {
ssl_force_want_read(s);
return (-1);
}
@@ -1115,15 +1115,15 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
* at this point (session renegotiation not yet started),
* we will indulge it.
*/
- if (S3I(s)->in_read_app_data &&
- (S3I(s)->total_renegotiations != 0) &&
- (((S3I(s)->hs.state & SSL_ST_CONNECT) &&
- (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
- ((S3I(s)->hs.state & SSL_ST_ACCEPT) &&
- (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
- S3I(s)->in_read_app_data = 2;
+ if (s->s3->in_read_app_data &&
+ (s->s3->total_renegotiations != 0) &&
+ (((s->s3->hs.state & SSL_ST_CONNECT) &&
+ (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+ (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
+ ((s->s3->hs.state & SSL_ST_ACCEPT) &&
+ (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
+ (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
+ s->s3->in_read_app_data = 2;
return (-1);
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -1142,14 +1142,14 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
int
ssl3_do_change_cipher_spec(SSL *s)
{
- if (S3I(s)->hs.tls12.key_block == NULL) {
+ if (s->s3->hs.tls12.key_block == NULL) {
if (s->session == NULL || s->session->master_key_length == 0) {
/* might happen if dtls1_read_bytes() calls this */
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
return (0);
}
- s->session->cipher = S3I(s)->hs.cipher;
+ s->session->cipher = s->s3->hs.cipher;
if (!tls1_setup_key_block(s))
return (0);
}
@@ -1171,11 +1171,11 @@ static int
ssl3_write_alert(SSL *s)
{
if (SSL_is_dtls(s))
- return do_dtls1_write(s, SSL3_RT_ALERT, S3I(s)->send_alert,
- sizeof(S3I(s)->send_alert));
+ return do_dtls1_write(s, SSL3_RT_ALERT, s->s3->send_alert,
+ sizeof(s->s3->send_alert));
- return do_ssl3_write(s, SSL3_RT_ALERT, S3I(s)->send_alert,
- sizeof(S3I(s)->send_alert));
+ return do_ssl3_write(s, SSL3_RT_ALERT, s->s3->send_alert,
+ sizeof(s->s3->send_alert));
}
int
@@ -1185,15 +1185,15 @@ ssl3_send_alert(SSL *s, int level, int desc)
if (level == SSL3_AL_FATAL)
SSL_CTX_remove_session(s->ctx, s->session);
- S3I(s)->alert_dispatch = 1;
- S3I(s)->send_alert[0] = level;
- S3I(s)->send_alert[1] = desc;
+ s->s3->alert_dispatch = 1;
+ s->s3->send_alert[0] = level;
+ s->s3->send_alert[1] = desc;
/*
* If data is still being written out, the alert will be dispatched at
* some point in the future.
*/
- if (S3I(s)->wbuf.left != 0)
+ if (s->s3->wbuf.left != 0)
return -1;
return ssl3_dispatch_alert(s);
@@ -1204,9 +1204,9 @@ ssl3_dispatch_alert(SSL *s)
{
int ret;
- S3I(s)->alert_dispatch = 0;
+ s->s3->alert_dispatch = 0;
if ((ret = ssl3_write_alert(s)) <= 0) {
- S3I(s)->alert_dispatch = 1;
+ s->s3->alert_dispatch = 1;
return ret;
}
@@ -1215,13 +1215,13 @@ ssl3_dispatch_alert(SSL *s)
* If the message does not get sent due to non-blocking IO,
* we will not worry too much.
*/
- if (S3I(s)->send_alert[0] == SSL3_AL_FATAL)
+ if (s->s3->send_alert[0] == SSL3_AL_FATAL)
(void)BIO_flush(s->wbio);
- ssl_msg_callback(s, 1, SSL3_RT_ALERT, S3I(s)->send_alert, 2);
+ ssl_msg_callback(s, 1, SSL3_RT_ALERT, s->s3->send_alert, 2);
ssl_info_callback(s, SSL_CB_WRITE_ALERT,
- (S3I(s)->send_alert[0] << 8) | S3I(s)->send_alert[1]);
+ (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]);
return ret;
}
diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c
index fd96317fde7..daf735a8ffd 100644
--- a/lib/libssl/ssl_sigalgs.c
+++ b/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.40 2022/01/20 20:37:33 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.41 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -209,7 +209,7 @@ ssl_sigalg_from_value(SSL *s, uint16_t value)
size_t len;
int i;
- ssl_sigalgs_for_version(S3I(s)->hs.negotiated_tls_version,
+ ssl_sigalgs_for_version(s->s3->hs.negotiated_tls_version,
&values, &len);
for (i = 0; i < len; i++) {
@@ -248,7 +248,7 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
/* Default signature algorithms used for TLSv1.2 and earlier. */
switch (EVP_PKEY_id(pkey)) {
case EVP_PKEY_RSA:
- if (S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION)
+ if (s->s3->hs.negotiated_tls_version < TLS1_2_VERSION)
return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
case EVP_PKEY_EC:
@@ -277,7 +277,7 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey)
return 0;
}
- if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION)
+ if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
return 1;
/* RSA cannot be used without PSS in TLSv1.3. */
@@ -309,14 +309,14 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
* RFC 5246 allows a TLS 1.2 client to send no sigalgs extension,
* in which case the server must use the default.
*/
- if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION &&
- S3I(s)->hs.sigalgs == NULL)
+ if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&
+ s->s3->hs.sigalgs == NULL)
return ssl_sigalg_for_legacy(s, pkey);
/*
* If we get here, we have client or server sent sigalgs, use one.
*/
- CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len);
+ CBS_init(&cbs, s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
while (CBS_len(&cbs) > 0) {
const struct ssl_sigalg *sigalg;
uint16_t sigalg_value;
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 30545320b30..359395051a8 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.140 2022/01/11 19:03:15 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.141 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -194,12 +194,12 @@ ssl3_accept(SSL *s)
s->d1->listen = listen;
for (;;) {
- state = S3I(s)->hs.state;
+ state = s->s3->hs.state;
- switch (S3I(s)->hs.state) {
+ switch (s->s3->hs.state) {
case SSL_ST_RENEGOTIATE:
s->internal->renegotiate = 1;
- /* S3I(s)->hs.state=SSL_ST_ACCEPT; */
+ /* s->s3->hs.state=SSL_ST_ACCEPT; */
case SSL_ST_BEFORE:
case SSL_ST_ACCEPT:
@@ -216,8 +216,8 @@ ssl3_accept(SSL *s)
}
if (!ssl_supported_tls_version_range(s,
- &S3I(s)->hs.our_min_tls_version,
- &S3I(s)->hs.our_max_tls_version)) {
+ &s->s3->hs.our_min_tls_version,
+ &s->s3->hs.our_max_tls_version)) {
SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
ret = -1;
goto end;
@@ -234,7 +234,7 @@ ssl3_accept(SSL *s)
s->internal->init_num = 0;
- if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) {
+ if (s->s3->hs.state != SSL_ST_RENEGOTIATE) {
/*
* Ok, we now need to push on a buffering BIO
* so that the output is sent in a way that
@@ -250,9 +250,9 @@ ssl3_accept(SSL *s)
goto end;
}
- S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
+ s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->internal->stats.sess_accept++;
- } else if (!SSL_is_dtls(s) && !S3I(s)->send_connection_binding) {
+ } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) {
/*
* Server attempting to renegotiate with
* client that doesn't support secure
@@ -265,11 +265,11 @@ ssl3_accept(SSL *s)
goto end;
} else {
/*
- * S3I(s)->hs.state == SSL_ST_RENEGOTIATE,
+ * s->s3->hs.state == SSL_ST_RENEGOTIATE,
* we will just send a HelloRequest.
*/
s->ctx->internal->stats.sess_accept_renegotiate++;
- S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A;
+ s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A;
}
break;
@@ -284,10 +284,10 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
if (SSL_is_dtls(s))
- S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+ s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
else
- S3I(s)->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C;
- S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
+ s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C;
+ s->s3->hs.state = SSL3_ST_SW_FLUSH;
s->internal->init_num = 0;
if (SSL_is_dtls(s)) {
@@ -299,7 +299,7 @@ ssl3_accept(SSL *s)
break;
case SSL3_ST_SW_HELLO_REQ_C:
- S3I(s)->hs.state = SSL_ST_OK;
+ s->s3->hs.state = SSL_ST_OK;
break;
case SSL3_ST_SR_CLNT_HELLO_A:
@@ -314,9 +314,9 @@ ssl3_accept(SSL *s)
if (ret == 1 &&
(SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
- S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
+ s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
else
- S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
+ s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
s->internal->init_num = 0;
@@ -330,7 +330,7 @@ ssl3_accept(SSL *s)
}
/* If we're just listening, stop here */
- if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
+ if (listen && s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
ret = 2;
s->d1->listen = 0;
/*
@@ -350,7 +350,7 @@ ssl3_accept(SSL *s)
}
s->internal->renegotiate = 2;
- S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
+ s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
s->internal->init_num = 0;
}
break;
@@ -360,8 +360,8 @@ ssl3_accept(SSL *s)
ret = ssl3_send_dtls_hello_verify_request(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
- S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+ s->s3->hs.state = SSL3_ST_SW_FLUSH;
+ s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
/* HelloVerifyRequest resets Finished MAC. */
tls1_transcript_reset(s);
@@ -378,11 +378,11 @@ ssl3_accept(SSL *s)
goto end;
if (s->internal->hit) {
if (s->internal->tlsext_ticket_expected)
- S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
+ s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
else
- S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
+ s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
} else {
- S3I(s)->hs.state = SSL3_ST_SW_CERT_A;
+ s->s3->hs.state = SSL3_ST_SW_CERT_A;
}
s->internal->init_num = 0;
break;
@@ -390,7 +390,7 @@ ssl3_accept(SSL *s)
case SSL3_ST_SW_CERT_A:
case SSL3_ST_SW_CERT_B:
/* Check if it is anon DH or anon ECDH. */
- if (!(S3I(s)->hs.cipher->algorithm_auth &
+ if (!(s->s3->hs.cipher->algorithm_auth &
SSL_aNULL)) {
if (SSL_is_dtls(s))
dtls1_start_timer(s);
@@ -398,19 +398,19 @@ ssl3_accept(SSL *s)
if (ret <= 0)
goto end;
if (s->internal->tlsext_status_expected)
- S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A;
+ s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A;
else
- S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
} else {
skip = 1;
- S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
}
s->internal->init_num = 0;
break;
case SSL3_ST_SW_KEY_EXCH_A:
case SSL3_ST_SW_KEY_EXCH_B:
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
/*
* Only send if using a DH key exchange.
@@ -429,7 +429,7 @@ ssl3_accept(SSL *s)
} else
skip = 1;
- S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A;
+ s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A;
s->internal->init_num = 0;
break;
@@ -455,24 +455,24 @@ ssl3_accept(SSL *s)
if (!(s->verify_mode & SSL_VERIFY_PEER) ||
((s->session->peer_cert != NULL) &&
(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
- ((S3I(s)->hs.cipher->algorithm_auth &
+ ((s->s3->hs.cipher->algorithm_auth &
SSL_aNULL) && !(s->verify_mode &
SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
/* No cert request. */
skip = 1;
- S3I(s)->hs.tls12.cert_request = 0;
- S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
+ s->s3->hs.tls12.cert_request = 0;
+ s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A;
if (!SSL_is_dtls(s))
tls1_transcript_free(s);
} else {
- S3I(s)->hs.tls12.cert_request = 1;
+ s->s3->hs.tls12.cert_request = 1;
if (SSL_is_dtls(s))
dtls1_start_timer(s);
ret = ssl3_send_certificate_request(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
+ s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A;
s->internal->init_num = 0;
}
break;
@@ -484,8 +484,8 @@ ssl3_accept(SSL *s)
ret = ssl3_send_server_done(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CERT_A;
- S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
+ s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A;
+ s->s3->hs.state = SSL3_ST_SW_FLUSH;
s->internal->init_num = 0;
break;
@@ -506,25 +506,25 @@ ssl3_accept(SSL *s)
/* If the write error was fatal, stop trying. */
if (!BIO_should_retry(s->wbio)) {
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
+ s->s3->hs.state = s->s3->hs.tls12.next_state;
}
}
ret = -1;
goto end;
}
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
+ s->s3->hs.state = s->s3->hs.tls12.next_state;
break;
case SSL3_ST_SR_CERT_A:
case SSL3_ST_SR_CERT_B:
- if (S3I(s)->hs.tls12.cert_request) {
+ if (s->s3->hs.tls12.cert_request) {
ret = ssl3_get_client_certificate(s);
if (ret <= 0)
goto end;
}
s->internal->init_num = 0;
- S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A;
break;
case SSL3_ST_SR_KEY_EXCH_A:
@@ -534,21 +534,21 @@ ssl3_accept(SSL *s)
goto end;
if (SSL_is_dtls(s)) {
- S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
+ s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
}
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
/*
* A GOST client may use the key from its
* certificate for key exchange, in which case
* the CertificateVerify message is not sent.
*/
- S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
s->internal->init_num = 0;
} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
- S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
+ s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
if (!s->session->peer_cert)
break;
@@ -558,7 +558,7 @@ ssl3_accept(SSL *s)
*/
tls1_transcript_freeze(s);
} else {
- S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
+ s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
tls1_transcript_free(s);
@@ -568,8 +568,8 @@ ssl3_accept(SSL *s)
* a client cert, it can be verified.
*/
if (!tls1_transcript_hash_value(s,
- S3I(s)->hs.tls12.cert_verify,
- sizeof(S3I(s)->hs.tls12.cert_verify),
+ s->s3->hs.tls12.cert_verify,
+ sizeof(s->s3->hs.tls12.cert_verify),
NULL)) {
ret = -1;
goto end;
@@ -588,7 +588,7 @@ ssl3_accept(SSL *s)
ret = ssl3_get_cert_verify(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
s->internal->init_num = 0;
break;
@@ -605,11 +605,11 @@ ssl3_accept(SSL *s)
if (SSL_is_dtls(s))
dtls1_stop_timer(s);
if (s->internal->hit)
- S3I(s)->hs.state = SSL_ST_OK;
+ s->s3->hs.state = SSL_ST_OK;
else if (s->internal->tlsext_ticket_expected)
- S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
+ s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
else
- S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
+ s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
s->internal->init_num = 0;
break;
@@ -618,7 +618,7 @@ ssl3_accept(SSL *s)
ret = ssl3_send_newsession_ticket(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
+ s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
s->internal->init_num = 0;
break;
@@ -627,7 +627,7 @@ ssl3_accept(SSL *s)
ret = ssl3_send_cert_status(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
s->internal->init_num = 0;
break;
@@ -637,9 +637,9 @@ ssl3_accept(SSL *s)
SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_SW_FINISHED_A;
s->internal->init_num = 0;
- s->session->cipher = S3I(s)->hs.cipher;
+ s->session->cipher = s->s3->hs.cipher;
if (!tls1_setup_key_block(s)) {
ret = -1;
@@ -657,12 +657,12 @@ ssl3_accept(SSL *s)
SSL3_ST_SW_FINISHED_B);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
+ s->s3->hs.state = SSL3_ST_SW_FLUSH;
if (s->internal->hit) {
- S3I(s)->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A;
+ s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A;
tls1_transcript_free(s);
} else
- S3I(s)->hs.tls12.next_state = SSL_ST_OK;
+ s->s3->hs.tls12.next_state = SSL_ST_OK;
s->internal->init_num = 0;
break;
@@ -670,7 +670,7 @@ ssl3_accept(SSL *s)
/* clean a few things up */
tls1_cleanup_key_block(s);
- if (S3I(s)->handshake_transcript != NULL) {
+ if (s->s3->handshake_transcript != NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
ret = -1;
goto end;
@@ -717,18 +717,18 @@ ssl3_accept(SSL *s)
/* break; */
}
- if (!S3I(s)->hs.tls12.reuse_message && !skip) {
+ if (!s->s3->hs.tls12.reuse_message && !skip) {
if (s->internal->debug) {
if ((ret = BIO_flush(s->wbio)) <= 0)
goto end;
}
- if (S3I(s)->hs.state != state) {
- new_state = S3I(s)->hs.state;
- S3I(s)->hs.state = state;
+ if (s->s3->hs.state != state) {
+ new_state = s->s3->hs.state;
+ s->s3->hs.state = state;
ssl_info_callback(s, SSL_CB_ACCEPT_LOOP, 1);
- S3I(s)->hs.state = new_state;
+ s->s3->hs.state = new_state;
}
}
skip = 0;
@@ -748,14 +748,14 @@ ssl3_send_hello_request(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_HELLO_REQ_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_HELLO_REQ_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &hello,
SSL3_MT_HELLO_REQUEST))
goto err;
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_B;
+ s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_B;
}
/* SSL3_ST_SW_HELLO_REQ_B */
@@ -790,8 +790,8 @@ ssl3_get_client_hello(SSL *s)
* If we are SSLv3, we will respond with SSLv3, even if prompted with
* TLSv1.
*/
- if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A)
- S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
+ if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A)
+ s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
s->internal->first_packet = 1;
if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
@@ -845,11 +845,11 @@ ssl3_get_client_hello(SSL *s)
al = SSL_AD_PROTOCOL_VERSION;
goto fatal_err;
}
- S3I(s)->hs.peer_legacy_version = client_version;
+ s->s3->hs.peer_legacy_version = client_version;
s->version = shared_version;
- S3I(s)->hs.negotiated_tls_version = ssl_tls_version(shared_version);
- if (S3I(s)->hs.negotiated_tls_version == 0) {
+ s->s3->hs.negotiated_tls_version = ssl_tls_version(shared_version);
+ if (s->s3->hs.negotiated_tls_version == 0) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1015,7 +1015,7 @@ ssl3_get_client_hello(SSL *s)
if (CBS_len(&cbs) != 0)
goto decode_err;
- if (!S3I(s)->renegotiate_seen && s->internal->renegotiate) {
+ if (!s->s3->renegotiate_seen && s->internal->renegotiate) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
goto fatal_err;
@@ -1034,8 +1034,8 @@ ssl3_get_client_hello(SSL *s)
*/
arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
- if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION &&
- S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) {
+ if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION &&
+ s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) {
/*
* RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3
* we must set the last 8 bytes of the server random to magical
@@ -1044,7 +1044,7 @@ ssl3_get_client_hello(SSL *s)
*/
size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12);
uint8_t *magic = &s->s3->server_random[index];
- if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION) {
+ if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION) {
/* Indicate we chose to downgrade to 1.2. */
memcpy(magic, tls13_downgrade_12,
sizeof(tls13_downgrade_12));
@@ -1107,15 +1107,15 @@ ssl3_get_client_hello(SSL *s)
SSLerror(s, SSL_R_NO_SHARED_CIPHER);
goto fatal_err;
}
- S3I(s)->hs.cipher = c;
+ s->s3->hs.cipher = c;
} else {
- S3I(s)->hs.cipher = s->session->cipher;
+ s->s3->hs.cipher = s->session->cipher;
}
if (!tls1_transcript_hash_init(s))
goto err;
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
!(s->verify_mode & SSL_VERIFY_PEER))
tls1_transcript_free(s);
@@ -1160,7 +1160,7 @@ ssl3_send_dtls_hello_verify_request(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
+ if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
if (s->ctx->internal->app_gen_cookie_cb == NULL ||
s->ctx->internal->app_gen_cookie_cb(s, s->d1->cookie,
&(s->d1->cookie_len)) == 0) {
@@ -1185,10 +1185,10 @@ ssl3_send_dtls_hello_verify_request(SSL *s)
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
+ s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
}
- /* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
+ /* s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
return (ssl3_handshake_write(s));
err:
@@ -1205,7 +1205,7 @@ ssl3_send_server_hello(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &server_hello,
SSL3_MT_SERVER_HELLO))
goto err;
@@ -1250,7 +1250,7 @@ ssl3_send_server_hello(SSL *s)
/* Cipher suite. */
if (!CBB_add_u16(&server_hello,
- ssl3_cipher_get_value(S3I(s)->hs.cipher)))
+ ssl3_cipher_get_value(s->s3->hs.cipher)))
goto err;
/* Compression method (null). */
@@ -1283,14 +1283,14 @@ ssl3_send_server_done(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_DONE_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_SRVR_DONE_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &done,
SSL3_MT_SERVER_DONE))
goto err;
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_B;
+ s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_B;
}
/* SSL3_ST_SW_SRVR_DONE_B */
@@ -1307,8 +1307,8 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
{
int nid = NID_dhKeyAgreement;
- tls_key_share_free(S3I(s)->hs.key_share);
- if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
+ tls_key_share_free(s->s3->hs.key_share);
+ if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
goto err;
if (s->cert->dhe_params_auto != 0) {
@@ -1320,14 +1320,14 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
SSL_AD_INTERNAL_ERROR);
goto err;
}
- tls_key_share_set_key_bits(S3I(s)->hs.key_share,
+ tls_key_share_set_key_bits(s->s3->hs.key_share,
key_bits);
} else {
DH *dh_params = s->cert->dhe_params;
if (dh_params == NULL && s->cert->dhe_params_cb != NULL)
dh_params = s->cert->dhe_params_cb(s, 0,
- SSL_C_PKEYLENGTH(S3I(s)->hs.cipher));
+ SSL_C_PKEYLENGTH(s->s3->hs.cipher));
if (dh_params == NULL) {
SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
@@ -1336,16 +1336,16 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
goto err;
}
- if (!tls_key_share_set_dh_params(S3I(s)->hs.key_share, dh_params))
+ if (!tls_key_share_set_dh_params(s->s3->hs.key_share, dh_params))
goto err;
}
- if (!tls_key_share_generate(S3I(s)->hs.key_share))
+ if (!tls_key_share_generate(s->s3->hs.key_share))
goto err;
- if (!tls_key_share_params(S3I(s)->hs.key_share, cbb))
+ if (!tls_key_share_params(s->s3->hs.key_share, cbb))
goto err;
- if (!tls_key_share_public(S3I(s)->hs.key_share, cbb))
+ if (!tls_key_share_public(s->s3->hs.key_share, cbb))
goto err;
return 1;
@@ -1366,11 +1366,11 @@ ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb)
goto err;
}
- tls_key_share_free(S3I(s)->hs.key_share);
- if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
+ tls_key_share_free(s->s3->hs.key_share);
+ if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
goto err;
- if (!tls_key_share_generate(S3I(s)->hs.key_share))
+ if (!tls_key_share_generate(s->s3->hs.key_share))
goto err;
/*
@@ -1378,11 +1378,11 @@ ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb)
*/
if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE))
goto err;
- if (!CBB_add_u16(cbb, tls_key_share_group(S3I(s)->hs.key_share)))
+ if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share)))
goto err;
if (!CBB_add_u8_length_prefixed(cbb, &public))
goto err;
- if (!tls_key_share_public(S3I(s)->hs.key_share, &public))
+ if (!tls_key_share_public(s->s3->hs.key_share, &public))
goto err;
if (!CBB_flush(cbb))
goto err;
@@ -1415,7 +1415,7 @@ ssl3_send_server_key_exchange(SSL *s)
if ((md_ctx = EVP_MD_CTX_new()) == NULL)
goto err;
- if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &server_kex,
SSL3_MT_SERVER_KEY_EXCHANGE))
@@ -1424,7 +1424,7 @@ ssl3_send_server_key_exchange(SSL *s)
if (!CBB_init(&cbb_params, 0))
goto err;
- type = S3I(s)->hs.cipher->algorithm_mkey;
+ type = s->s3->hs.cipher->algorithm_mkey;
if (type & SSL_kDHE) {
if (!ssl3_send_server_kex_dhe(s, &cbb_params))
goto err;
@@ -1444,13 +1444,13 @@ ssl3_send_server_key_exchange(SSL *s)
goto err;
/* Add signature unless anonymous. */
- if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) {
- if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.cipher,
+ if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) {
+ if ((pkey = ssl_get_sign_pkey(s, s->s3->hs.cipher,
&md, &sigalg)) == NULL) {
al = SSL_AD_DECODE_ERROR;
goto fatal_err;
}
- S3I(s)->hs.our_sigalg = sigalg;
+ s->s3->hs.our_sigalg = sigalg;
/* Send signature algorithm. */
if (SSL_USE_SIGALGS(s)) {
@@ -1511,7 +1511,7 @@ ssl3_send_server_key_exchange(SSL *s)
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
+ s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_B;
}
EVP_MD_CTX_free(md_ctx);
@@ -1546,7 +1546,7 @@ ssl3_send_certificate_request(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_CERT_REQ_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_CERT_REQ_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &cert_request,
SSL3_MT_CERTIFICATE_REQUEST))
goto err;
@@ -1561,7 +1561,7 @@ ssl3_send_certificate_request(SSL *s)
&sigalgs))
goto err;
if (!ssl_sigalgs_build(
- S3I(s)->hs.negotiated_tls_version, &sigalgs))
+ s->s3->hs.negotiated_tls_version, &sigalgs))
goto err;
}
@@ -1587,7 +1587,7 @@ ssl3_send_certificate_request(SSL *s)
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_B;
+ s->s3->hs.state = SSL3_ST_SW_CERT_REQ_B;
}
/* SSL3_ST_SW_CERT_REQ_B */
@@ -1614,8 +1614,8 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
arc4random_buf(fakekey, sizeof(fakekey));
- fakekey[0] = S3I(s)->hs.peer_legacy_version >> 8;
- fakekey[1] = S3I(s)->hs.peer_legacy_version & 0xff;
+ fakekey[0] = s->s3->hs.peer_legacy_version >> 8;
+ fakekey[1] = s->s3->hs.peer_legacy_version & 0xff;
pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey;
if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
@@ -1648,8 +1648,8 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
/* SSLerror(s, SSL_R_BAD_RSA_DECRYPT); */
}
- if ((al == -1) && !((pms[0] == (S3I(s)->hs.peer_legacy_version >> 8)) &&
- (pms[1] == (S3I(s)->hs.peer_legacy_version & 0xff)))) {
+ if ((al == -1) && !((pms[0] == (s->s3->hs.peer_legacy_version >> 8)) &&
+ (pms[1] == (s->s3->hs.peer_legacy_version & 0xff)))) {
/*
* The premaster secret must contain the same version number
* as the ClientHello to detect version rollback attacks
@@ -1704,13 +1704,13 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
int decode_error, invalid_key;
int ret = 0;
- if (S3I(s)->hs.key_share == NULL) {
+ if (s->s3->hs.key_share == NULL) {
SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
goto err;
}
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs,
&decode_error, &invalid_key)) {
if (decode_error) {
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
@@ -1724,7 +1724,7 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
goto err;
}
- if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len))
+ if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
goto err;
if (!tls12_derive_master_secret(s, key, key_len))
@@ -1747,7 +1747,7 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs)
CBS public;
int ret = 0;
- if (S3I(s)->hs.key_share == NULL) {
+ if (s->s3->hs.key_share == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
goto err;
@@ -1758,7 +1758,7 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs)
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
goto err;
}
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share, &public,
&decode_error, NULL)) {
if (decode_error) {
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
@@ -1767,7 +1767,7 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs)
goto err;
}
- if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len))
+ if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
goto err;
if (!tls12_derive_master_secret(s, key, key_len))
@@ -1792,7 +1792,7 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs)
CBS gostblob;
/* Get our certificate private key*/
- if ((S3I(s)->hs.cipher->algorithm_auth & SSL_aGOST01) != 0)
+ if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0)
pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
@@ -1865,7 +1865,7 @@ ssl3_get_client_key_exchange(SSL *s)
CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
if (alg_k & SSL_kRSA) {
if (!ssl3_get_client_kex_rsa(s, &cbs))
@@ -1932,8 +1932,8 @@ ssl3_get_cert_verify(SSL *s)
pkey = X509_get0_pubkey(peer_cert);
type = X509_certificate_type(peer_cert, pkey);
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
- S3I(s)->hs.tls12.reuse_message = 1;
+ if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
+ s->s3->hs.tls12.reuse_message = 1;
if (peer_cert != NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
@@ -1955,7 +1955,7 @@ ssl3_get_cert_verify(SSL *s)
goto fatal_err;
}
- if (S3I(s)->change_cipher_spec) {
+ if (s->s3->change_cipher_spec) {
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
al = SSL_AD_UNEXPECTED_MESSAGE;
goto fatal_err;
@@ -1984,7 +1984,7 @@ ssl3_get_cert_verify(SSL *s)
al = SSL_AD_DECODE_ERROR;
goto fatal_err;
}
- S3I(s)->hs.peer_sigalg = sigalg;
+ s->s3->hs.peer_sigalg = sigalg;
if (SSL_USE_SIGALGS(s)) {
EVP_PKEY_CTX *pctx;
@@ -2033,7 +2033,7 @@ ssl3_get_cert_verify(SSL *s)
SSLerror(s, ERR_R_EVP_LIB);
goto fatal_err;
}
- verify = RSA_verify(NID_md5_sha1, S3I(s)->hs.tls12.cert_verify,
+ verify = RSA_verify(NID_md5_sha1, s->s3->hs.tls12.cert_verify,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature),
CBS_len(&signature), rsa);
if (verify < 0) {
@@ -2055,7 +2055,7 @@ ssl3_get_cert_verify(SSL *s)
goto fatal_err;
}
verify = ECDSA_verify(0,
- &(S3I(s)->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]),
+ &(s->s3->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]),
SHA_DIGEST_LENGTH, CBS_data(&signature),
CBS_len(&signature), eckey);
if (verify <= 0) {
@@ -2148,7 +2148,7 @@ ssl3_get_client_certificate(SSL *s)
ret = -1;
- if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+ if (s->s3->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
if ((s->verify_mode & SSL_VERIFY_PEER) &&
(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
@@ -2159,17 +2159,17 @@ ssl3_get_client_certificate(SSL *s)
* If tls asked for a client cert,
* the client must return a 0 list.
*/
- if (S3I(s)->hs.tls12.cert_request) {
+ if (s->s3->hs.tls12.cert_request) {
SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
);
al = SSL_AD_UNEXPECTED_MESSAGE;
goto fatal_err;
}
- S3I(s)->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
goto fatal_err;
@@ -2278,7 +2278,7 @@ ssl3_send_server_certificate(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_CERT_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_CERT_A) {
if ((cpk = ssl_get_server_send_pkey(s)) == NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
return (0);
@@ -2292,7 +2292,7 @@ ssl3_send_server_certificate(SSL *s)
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_CERT_B;
+ s->s3->hs.state = SSL3_ST_SW_CERT_B;
}
/* SSL3_ST_SW_CERT_B */
@@ -2332,7 +2332,7 @@ ssl3_send_newsession_ticket(SSL *s)
if ((hctx = HMAC_CTX_new()) == NULL)
goto err;
- if (S3I(s)->hs.state == SSL3_ST_SW_SESSION_TICKET_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_SESSION_TICKET_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &session_ticket,
SSL3_MT_NEWSESSION_TICKET))
goto err;
@@ -2417,7 +2417,7 @@ ssl3_send_newsession_ticket(SSL *s)
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B;
+ s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_B;
}
EVP_CIPHER_CTX_free(ctx);
@@ -2445,7 +2445,7 @@ ssl3_send_cert_status(SSL *s)
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_CERT_STATUS_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_CERT_STATUS_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &certstatus,
SSL3_MT_CERTIFICATE_STATUS))
goto err;
@@ -2459,7 +2459,7 @@ ssl3_send_cert_status(SSL *s)
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_B;
+ s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_B;
}
/* SSL3_ST_SW_CERT_STATUS_B */
diff --git a/lib/libssl/ssl_stat.c b/lib/libssl/ssl_stat.c
index b51538c1b2a..5d35528acdd 100644
--- a/lib/libssl/ssl_stat.c
+++ b/lib/libssl/ssl_stat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_stat.c,v 1.17 2021/06/13 15:51:10 jsing Exp $ */
+/* $OpenBSD: ssl_stat.c,v 1.18 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -91,7 +91,7 @@ SSL_state_string_long(const SSL *s)
{
const char *str;
- switch (S3I(s)->hs.state) {
+ switch (s->s3->hs.state) {
case SSL_ST_BEFORE:
str = "before SSL initialization";
break;
@@ -347,7 +347,7 @@ SSL_state_string(const SSL *s)
{
const char *str;
- switch (S3I(s)->hs.state) {
+ switch (s->s3->hs.state) {
case SSL_ST_BEFORE:
str = "PINIT ";
break;
diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index 8070296d9f6..f93f44ceba7 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.109 2022/01/24 13:49:50 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.110 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -41,7 +41,7 @@ tlsext_alpn_client_needs(SSL *s, uint16_t msg_type)
{
/* ALPN protos have been specified and this is the initial handshake */
return s->internal->alpn_client_proto_list != NULL &&
- S3I(s)->hs.finished_len == 0;
+ s->s3->hs.finished_len == 0;
}
int
@@ -101,14 +101,14 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)
s->ctx->internal->alpn_select_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) {
- free(S3I(s)->alpn_selected);
- if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) {
- S3I(s)->alpn_selected_len = 0;
+ free(s->s3->alpn_selected);
+ if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) {
+ s->s3->alpn_selected_len = 0;
*alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
- memcpy(S3I(s)->alpn_selected, selected, selected_len);
- S3I(s)->alpn_selected_len = selected_len;
+ memcpy(s->s3->alpn_selected, selected, selected_len);
+ s->s3->alpn_selected_len = selected_len;
return 1;
}
@@ -130,7 +130,7 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)
int
tlsext_alpn_server_needs(SSL *s, uint16_t msg_type)
{
- return S3I(s)->alpn_selected != NULL;
+ return s->s3->alpn_selected != NULL;
}
int
@@ -144,8 +144,8 @@ tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
if (!CBB_add_u8_length_prefixed(&list, &selected))
return 0;
- if (!CBB_add_bytes(&selected, S3I(s)->alpn_selected,
- S3I(s)->alpn_selected_len))
+ if (!CBB_add_bytes(&selected, s->s3->alpn_selected,
+ s->s3->alpn_selected_len))
return 0;
if (!CBB_flush(cbb))
@@ -177,8 +177,8 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
if (CBS_len(&proto) == 0)
goto err;
- if (!CBS_stow(&proto, &(S3I(s)->alpn_selected),
- &(S3I(s)->alpn_selected_len)))
+ if (!CBS_stow(&proto, &(s->s3->alpn_selected),
+ &(s->s3->alpn_selected_len)))
goto err;
return 1;
@@ -195,7 +195,7 @@ int
tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type)
{
return ssl_has_ecc_ciphers(s) ||
- (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION);
+ (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
}
int
@@ -247,7 +247,7 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
uint16_t *groups;
int i;
- if (S3I(s)->hs.tls13.hrr) {
+ if (s->s3->hs.tls13.hrr) {
if (s->session->tlsext_supportedgroups == NULL) {
*alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
@@ -450,8 +450,8 @@ tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
if (!CBB_add_u8_length_prefixed(cbb, &reneg))
return 0;
- if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished,
- S3I(s)->previous_client_finished_len))
+ if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len))
return 0;
if (!CBB_flush(cbb))
return 0;
@@ -469,15 +469,15 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
if (CBS_len(cbs) != 0)
goto err;
- if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,
- S3I(s)->previous_client_finished_len)) {
+ if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len)) {
SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
*alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
- S3I(s)->renegotiate_seen = 1;
- S3I(s)->send_connection_binding = 1;
+ s->s3->renegotiate_seen = 1;
+ s->s3->send_connection_binding = 1;
return 1;
@@ -490,8 +490,8 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_ri_server_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION &&
- S3I(s)->send_connection_binding);
+ return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&
+ s->s3->send_connection_binding);
}
int
@@ -501,11 +501,11 @@ tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
if (!CBB_add_u8_length_prefixed(cbb, &reneg))
return 0;
- if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished,
- S3I(s)->previous_client_finished_len))
+ if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len))
return 0;
- if (!CBB_add_bytes(&reneg, S3I(s)->previous_server_finished,
- S3I(s)->previous_server_finished_len))
+ if (!CBB_add_bytes(&reneg, s->s3->previous_server_finished,
+ s->s3->previous_server_finished_len))
return 0;
if (!CBB_flush(cbb))
return 0;
@@ -522,10 +522,10 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
* Ensure that the previous client and server values are both not
* present, or that they are both present.
*/
- if ((S3I(s)->previous_client_finished_len == 0 &&
- S3I(s)->previous_server_finished_len != 0) ||
- (S3I(s)->previous_client_finished_len != 0 &&
- S3I(s)->previous_server_finished_len == 0)) {
+ if ((s->s3->previous_client_finished_len == 0 &&
+ s->s3->previous_server_finished_len != 0) ||
+ (s->s3->previous_client_finished_len != 0 &&
+ s->s3->previous_server_finished_len == 0)) {
*alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
@@ -533,31 +533,31 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
if (!CBS_get_u8_length_prefixed(cbs, &reneg))
goto err;
if (!CBS_get_bytes(&reneg, &prev_client,
- S3I(s)->previous_client_finished_len))
+ s->s3->previous_client_finished_len))
goto err;
if (!CBS_get_bytes(&reneg, &prev_server,
- S3I(s)->previous_server_finished_len))
+ s->s3->previous_server_finished_len))
goto err;
if (CBS_len(&reneg) != 0)
goto err;
if (CBS_len(cbs) != 0)
goto err;
- if (!CBS_mem_equal(&prev_client, S3I(s)->previous_client_finished,
- S3I(s)->previous_client_finished_len)) {
+ if (!CBS_mem_equal(&prev_client, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len)) {
SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
*alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
- if (!CBS_mem_equal(&prev_server, S3I(s)->previous_server_finished,
- S3I(s)->previous_server_finished_len)) {
+ if (!CBS_mem_equal(&prev_server, s->s3->previous_server_finished,
+ s->s3->previous_server_finished_len)) {
SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
*alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
- S3I(s)->renegotiate_seen = 1;
- S3I(s)->send_connection_binding = 1;
+ s->s3->renegotiate_seen = 1;
+ s->s3->send_connection_binding = 1;
return 1;
@@ -573,17 +573,17 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION);
+ return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION);
}
int
tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
- uint16_t tls_version = S3I(s)->hs.negotiated_tls_version;
+ uint16_t tls_version = s->s3->hs.negotiated_tls_version;
CBB sigalgs;
if (msg_type == SSL_TLSEXT_MSG_CH)
- tls_version = S3I(s)->hs.our_min_tls_version;
+ tls_version = s->s3->hs.our_min_tls_version;
if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
return 0;
@@ -604,7 +604,7 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
return 0;
if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64)
return 0;
- if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len))
+ if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len))
return 0;
return 1;
@@ -613,7 +613,7 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION);
+ return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);
}
int
@@ -623,7 +623,7 @@ tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
return 0;
- if (!ssl_sigalgs_build(S3I(s)->hs.negotiated_tls_version, &sigalgs))
+ if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version, &sigalgs))
return 0;
if (!CBB_flush(cbb))
return 0;
@@ -643,7 +643,7 @@ tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
return 0;
if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64)
return 0;
- if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len))
+ if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len))
return 0;
return 1;
@@ -804,7 +804,7 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
goto err;
}
- if (s->internal->hit || S3I(s)->hs.tls13.hrr) {
+ if (s->internal->hit || s->s3->hs.tls13.hrr) {
if (s->session->tlsext_hostname == NULL) {
*alert = SSL_AD_UNRECOGNIZED_NAME;
goto err;
@@ -1027,7 +1027,7 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type)
{
- if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION &&
+ if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&
s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
s->ctx->internal->tlsext_status_cb != NULL) {
s->internal->tlsext_status_expected = 0;
@@ -1044,7 +1044,7 @@ tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB ocsp_response;
- if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) {
+ if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) {
if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp))
return 0;
if (!CBB_add_u24_length_prefixed(cbb, &ocsp_response))
@@ -1451,7 +1451,7 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION);
+ return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
}
int
@@ -1463,11 +1463,11 @@ tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
return 0;
if (!CBB_add_u16(&client_shares,
- tls_key_share_group(S3I(s)->hs.key_share)))
+ tls_key_share_group(s->s3->hs.key_share)))
return 0;
if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange))
return 0;
- if (!tls_key_share_public(S3I(s)->hs.key_share, &key_exchange))
+ if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange))
return 0;
if (!CBB_flush(cbb))
@@ -1503,9 +1503,9 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
* Ignore this client share if we're using earlier than TLSv1.3
* or we've already selected a key share.
*/
- if (S3I(s)->hs.our_max_tls_version < TLS1_3_VERSION)
+ if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION)
continue;
- if (S3I(s)->hs.key_share != NULL)
+ if (s->s3->hs.key_share != NULL)
continue;
/* XXX - consider implementing server preference. */
@@ -1513,11 +1513,11 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
continue;
/* Decode and store the selected key share. */
- if ((S3I(s)->hs.key_share = tls_key_share_new(group)) == NULL) {
+ if ((s->s3->hs.key_share = tls_key_share_new(group)) == NULL) {
*alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share,
&key_exchange, &decode_error, NULL)) {
if (!decode_error)
*alert = SSL_AD_INTERNAL_ERROR;
@@ -1531,7 +1531,7 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION &&
+ return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&
tlsext_extension_seen(s, TLSEXT_TYPE_key_share));
}
@@ -1541,20 +1541,20 @@ tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
CBB key_exchange;
/* In the case of a HRR, we only send the server selected group. */
- if (S3I(s)->hs.tls13.hrr) {
- if (S3I(s)->hs.tls13.server_group == 0)
+ if (s->s3->hs.tls13.hrr) {
+ if (s->s3->hs.tls13.server_group == 0)
return 0;
- return CBB_add_u16(cbb, S3I(s)->hs.tls13.server_group);
+ return CBB_add_u16(cbb, s->s3->hs.tls13.server_group);
}
- if (S3I(s)->hs.key_share == NULL)
+ if (s->s3->hs.key_share == NULL)
return 0;
- if (!CBB_add_u16(cbb, tls_key_share_group(S3I(s)->hs.key_share)))
+ if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share)))
return 0;
if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
return 0;
- if (!tls_key_share_public(S3I(s)->hs.key_share, &key_exchange))
+ if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange))
return 0;
if (!CBB_flush(cbb))
@@ -1579,22 +1579,22 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
if (msg_type != SSL_TLSEXT_MSG_HRR)
return 0;
- S3I(s)->hs.tls13.server_group = group;
+ s->s3->hs.tls13.server_group = group;
return 1;
}
if (!CBS_get_u16_length_prefixed(cbs, &key_exchange))
return 0;
- if (S3I(s)->hs.key_share == NULL) {
+ if (s->s3->hs.key_share == NULL) {
*alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
- if (tls_key_share_group(S3I(s)->hs.key_share) != group) {
+ if (tls_key_share_group(s->s3->hs.key_share) != group) {
*alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share,
&key_exchange, &decode_error, NULL)) {
if (!decode_error)
*alert = SSL_AD_INTERNAL_ERROR;
@@ -1610,7 +1610,7 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_versions_client_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION);
+ return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
}
int
@@ -1620,8 +1620,8 @@ tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
uint16_t version;
CBB versions;
- max = S3I(s)->hs.our_max_tls_version;
- min = S3I(s)->hs.our_min_tls_version;
+ max = s->s3->hs.our_max_tls_version;
+ min = s->s3->hs.our_min_tls_version;
if (!CBB_add_u8_length_prefixed(cbb, &versions))
return 0;
@@ -1646,8 +1646,8 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
uint16_t max, min;
uint16_t matched_version = 0;
- max = S3I(s)->hs.our_max_tls_version;
- min = S3I(s)->hs.our_min_tls_version;
+ max = s->s3->hs.our_max_tls_version;
+ min = s->s3->hs.our_min_tls_version;
if (!CBS_get_u8_length_prefixed(cbs, &versions))
goto err;
@@ -1680,7 +1680,7 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_versions_server_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION);
+ return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);
}
int
@@ -1706,7 +1706,7 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
}
/* XXX test between min and max once initialization code goes in */
- S3I(s)->hs.tls13.server_version = selected_version;
+ s->s3->hs.tls13.server_version = selected_version;
return 1;
}
@@ -1719,8 +1719,8 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
int
tlsext_cookie_client_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION &&
- S3I(s)->hs.tls13.cookie_len > 0 && S3I(s)->hs.tls13.cookie != NULL);
+ return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION &&
+ s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);
}
int
@@ -1731,8 +1731,8 @@ tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
if (!CBB_add_u16_length_prefixed(cbb, &cookie))
return 0;
- if (!CBB_add_bytes(&cookie, S3I(s)->hs.tls13.cookie,
- S3I(s)->hs.tls13.cookie_len))
+ if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie,
+ s->s3->hs.tls13.cookie_len))
return 0;
if (!CBB_flush(cbb))
@@ -1749,7 +1749,7 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
if (!CBS_get_u16_length_prefixed(cbs, &cookie))
goto err;
- if (CBS_len(&cookie) != S3I(s)->hs.tls13.cookie_len)
+ if (CBS_len(&cookie) != s->s3->hs.tls13.cookie_len)
goto err;
/*
@@ -1757,8 +1757,8 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
* sent - client *MUST* send the same cookie with new CR after
* a cookie is sent by the server with an HRR.
*/
- if (!CBS_mem_equal(&cookie, S3I(s)->hs.tls13.cookie,
- S3I(s)->hs.tls13.cookie_len)) {
+ if (!CBS_mem_equal(&cookie, s->s3->hs.tls13.cookie,
+ s->s3->hs.tls13.cookie_len)) {
/* XXX special cookie mismatch alert? */
*alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
@@ -1778,8 +1778,8 @@ tlsext_cookie_server_needs(SSL *s, uint16_t msg_type)
* Server needs to set cookie value in tls13 handshake
* in order to send one, should only be sent with HRR.
*/
- return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION &&
- S3I(s)->hs.tls13.cookie_len > 0 && S3I(s)->hs.tls13.cookie != NULL);
+ return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION &&
+ s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);
}
int
@@ -1792,8 +1792,8 @@ tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
if (!CBB_add_u16_length_prefixed(cbb, &cookie))
return 0;
- if (!CBB_add_bytes(&cookie, S3I(s)->hs.tls13.cookie,
- S3I(s)->hs.tls13.cookie_len))
+ if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie,
+ s->s3->hs.tls13.cookie_len))
return 0;
if (!CBB_flush(cbb))
@@ -1812,8 +1812,8 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
* HRR from a server with a cookie to process after accepting
* one from the server in the same handshake
*/
- if (S3I(s)->hs.tls13.cookie != NULL ||
- S3I(s)->hs.tls13.cookie_len != 0) {
+ if (s->s3->hs.tls13.cookie != NULL ||
+ s->s3->hs.tls13.cookie_len != 0) {
*alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
@@ -1821,8 +1821,8 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
if (!CBS_get_u16_length_prefixed(cbs, &cookie))
goto err;
- if (!CBS_stow(&cookie, &S3I(s)->hs.tls13.cookie,
- &S3I(s)->hs.tls13.cookie_len))
+ if (!CBS_stow(&cookie, &s->s3->hs.tls13.cookie,
+ &s->s3->hs.tls13.cookie_len))
goto err;
return 1;
@@ -2049,7 +2049,7 @@ tlsext_extension_seen(SSL *s, uint16_t type)
if (tls_extension_find(type, &idx) == NULL)
return 0;
- return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
+ return ((s->s3->hs.extensions_seen & (1 << idx)) != 0);
}
static const struct tls_extension_funcs *
@@ -2149,7 +2149,7 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert)
tls_version = ssl_effective_tls_version(s);
- S3I(s)->hs.extensions_seen = 0;
+ s->s3->hs.extensions_seen = 0;
/* An empty extensions block is valid. */
if (CBS_len(cbs) == 0)
@@ -2191,9 +2191,9 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert)
}
/* Check for duplicate known extensions. */
- if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0)
+ if ((s->s3->hs.extensions_seen & (1 << idx)) != 0)
goto err;
- S3I(s)->hs.extensions_seen |= (1 << idx);
+ s->s3->hs.extensions_seen |= (1 << idx);
ext = tlsext_funcs(tlsext, is_server);
if (!ext->parse(s, msg_type, &extension_data, &alert_desc))
@@ -2215,10 +2215,10 @@ static void
tlsext_server_reset_state(SSL *s)
{
s->tlsext_status_type = -1;
- S3I(s)->renegotiate_seen = 0;
- free(S3I(s)->alpn_selected);
- S3I(s)->alpn_selected = NULL;
- S3I(s)->alpn_selected_len = 0;
+ s->s3->renegotiate_seen = 0;
+ free(s->s3->alpn_selected);
+ s->s3->alpn_selected = NULL;
+ s->s3->alpn_selected_len = 0;
s->internal->srtp_profile = NULL;
}
@@ -2241,10 +2241,10 @@ tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
static void
tlsext_client_reset_state(SSL *s)
{
- S3I(s)->renegotiate_seen = 0;
- free(S3I(s)->alpn_selected);
- S3I(s)->alpn_selected = NULL;
- S3I(s)->alpn_selected_len = 0;
+ s->s3->renegotiate_seen = 0;
+ free(s->s3->alpn_selected);
+ s->s3->alpn_selected = NULL;
+ s->s3->alpn_selected_len = 0;
}
int
diff --git a/lib/libssl/ssl_transcript.c b/lib/libssl/ssl_transcript.c
index 47aa15adc20..c54cdb22cb2 100644
--- a/lib/libssl/ssl_transcript.c
+++ b/lib/libssl/ssl_transcript.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_transcript.c,v 1.5 2021/05/16 14:10:43 jsing Exp $ */
+/* $OpenBSD: ssl_transcript.c,v 1.6 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
*
@@ -33,11 +33,11 @@ tls1_transcript_hash_init(SSL *s)
goto err;
}
- if ((S3I(s)->handshake_hash = EVP_MD_CTX_new()) == NULL) {
+ if ((s->s3->handshake_hash = EVP_MD_CTX_new()) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_DigestInit_ex(S3I(s)->handshake_hash, md, NULL)) {
+ if (!EVP_DigestInit_ex(s->s3->handshake_hash, md, NULL)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
@@ -62,10 +62,10 @@ tls1_transcript_hash_init(SSL *s)
int
tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len)
{
- if (S3I(s)->handshake_hash == NULL)
+ if (s->s3->handshake_hash == NULL)
return 1;
- return EVP_DigestUpdate(S3I(s)->handshake_hash, buf, len);
+ return EVP_DigestUpdate(s->s3->handshake_hash, buf, len);
}
int
@@ -76,17 +76,17 @@ tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len,
unsigned int mdlen;
int ret = 0;
- if (S3I(s)->handshake_hash == NULL)
+ if (s->s3->handshake_hash == NULL)
goto err;
- if (EVP_MD_CTX_size(S3I(s)->handshake_hash) > len)
+ if (EVP_MD_CTX_size(s->s3->handshake_hash) > len)
goto err;
if ((mdctx = EVP_MD_CTX_new()) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_MD_CTX_copy_ex(mdctx, S3I(s)->handshake_hash)) {
+ if (!EVP_MD_CTX_copy_ex(mdctx, s->s3->handshake_hash)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
@@ -108,17 +108,17 @@ tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len,
void
tls1_transcript_hash_free(SSL *s)
{
- EVP_MD_CTX_free(S3I(s)->handshake_hash);
- S3I(s)->handshake_hash = NULL;
+ EVP_MD_CTX_free(s->s3->handshake_hash);
+ s->s3->handshake_hash = NULL;
}
int
tls1_transcript_init(SSL *s)
{
- if (S3I(s)->handshake_transcript != NULL)
+ if (s->s3->handshake_transcript != NULL)
return 0;
- if ((S3I(s)->handshake_transcript = BUF_MEM_new()) == NULL)
+ if ((s->s3->handshake_transcript = BUF_MEM_new()) == NULL)
return 0;
tls1_transcript_reset(s);
@@ -129,8 +129,8 @@ tls1_transcript_init(SSL *s)
void
tls1_transcript_free(SSL *s)
{
- BUF_MEM_free(S3I(s)->handshake_transcript);
- S3I(s)->handshake_transcript = NULL;
+ BUF_MEM_free(s->s3->handshake_transcript);
+ s->s3->handshake_transcript = NULL;
}
void
@@ -143,7 +143,7 @@ tls1_transcript_reset(SSL *s)
* or if it failed (and returned zero)... our implementation never
* fails with a length of zero, so we trust all is okay...
*/
- (void)BUF_MEM_grow_clean(S3I(s)->handshake_transcript, 0);
+ (void)BUF_MEM_grow_clean(s->s3->handshake_transcript, 0);
tls1_transcript_unfreeze(s);
}
@@ -153,22 +153,22 @@ tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len)
{
size_t olen, nlen;
- if (S3I(s)->handshake_transcript == NULL)
+ if (s->s3->handshake_transcript == NULL)
return 1;
if (s->s3->flags & TLS1_FLAGS_FREEZE_TRANSCRIPT)
return 1;
- olen = S3I(s)->handshake_transcript->length;
+ olen = s->s3->handshake_transcript->length;
nlen = olen + len;
if (nlen < olen)
return 0;
- if (BUF_MEM_grow(S3I(s)->handshake_transcript, nlen) == 0)
+ if (BUF_MEM_grow(s->s3->handshake_transcript, nlen) == 0)
return 0;
- memcpy(S3I(s)->handshake_transcript->data + olen, buf, len);
+ memcpy(s->s3->handshake_transcript->data + olen, buf, len);
return 1;
}
@@ -176,11 +176,11 @@ tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len)
int
tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len)
{
- if (S3I(s)->handshake_transcript == NULL)
+ if (s->s3->handshake_transcript == NULL)
return 0;
- *data = S3I(s)->handshake_transcript->data;
- *len = S3I(s)->handshake_transcript->length;
+ *data = s->s3->handshake_transcript->data;
+ *len = s->s3->handshake_transcript->length;
return 1;
}
diff --git a/lib/libssl/ssl_versions.c b/lib/libssl/ssl_versions.c
index b5834dbe339..4069670dc94 100644
--- a/lib/libssl/ssl_versions.c
+++ b/lib/libssl/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.21 2021/10/23 14:40:54 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.22 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
@@ -224,10 +224,10 @@ ssl_tls_version(uint16_t version)
uint16_t
ssl_effective_tls_version(SSL *s)
{
- if (S3I(s)->hs.negotiated_tls_version > 0)
- return S3I(s)->hs.negotiated_tls_version;
+ if (s->s3->hs.negotiated_tls_version > 0)
+ return s->s3->hs.negotiated_tls_version;
- return S3I(s)->hs.our_max_tls_version;
+ return s->s3->hs.our_max_tls_version;
}
int
@@ -255,7 +255,7 @@ ssl_max_legacy_version(SSL *s, uint16_t *max_ver)
{
uint16_t max_version;
- if ((max_version = S3I(s)->hs.our_max_tls_version) > TLS1_2_VERSION)
+ if ((max_version = s->s3->hs.our_max_tls_version) > TLS1_2_VERSION)
max_version = TLS1_2_VERSION;
if (SSL_is_dtls(s)) {
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index a63da9c2636..c996159a475 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.153 2021/12/09 17:54:41 tb Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.154 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -149,8 +149,8 @@
void
tls1_cleanup_key_block(SSL *s)
{
- tls12_key_block_free(S3I(s)->hs.tls12.key_block);
- S3I(s)->hs.tls12.key_block = NULL;
+ tls12_key_block_free(s->s3->hs.tls12.key_block);
+ s->s3->hs.tls12.key_block = NULL;
}
/*
@@ -303,10 +303,10 @@ tls1_change_cipher_state(SSL *s, int is_write)
/* Use client write keys on client write and server read. */
if ((!s->server && is_write) || (s->server && !is_write)) {
- tls12_key_block_client_write(S3I(s)->hs.tls12.key_block,
+ tls12_key_block_client_write(s->s3->hs.tls12.key_block,
&mac_key, &key, &iv);
} else {
- tls12_key_block_server_write(S3I(s)->hs.tls12.key_block,
+ tls12_key_block_server_write(s->s3->hs.tls12.key_block,
&mac_key, &key, &iv);
}
@@ -354,7 +354,7 @@ tls1_setup_key_block(SSL *s)
* XXX - callers should be changed so that they only call this
* function once.
*/
- if (S3I(s)->hs.tls12.key_block != NULL)
+ if (s->s3->hs.tls12.key_block != NULL)
return (1);
if (s->session->cipher &&
@@ -384,7 +384,7 @@ tls1_setup_key_block(SSL *s)
if (!tls12_key_block_generate(key_block, s, aead, cipher, mac_hash))
goto err;
- S3I(s)->hs.tls12.key_block = key_block;
+ s->s3->hs.tls12.key_block = key_block;
key_block = NULL;
if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
@@ -393,15 +393,15 @@ tls1_setup_key_block(SSL *s)
* Enable vulnerability countermeasure for CBC ciphers with
* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
*/
- S3I(s)->need_empty_fragments = 1;
+ s->s3->need_empty_fragments = 1;
if (s->session->cipher != NULL) {
if (s->session->cipher->algorithm_enc == SSL_eNULL)
- S3I(s)->need_empty_fragments = 0;
+ s->s3->need_empty_fragments = 0;
#ifndef OPENSSL_NO_RC4
if (s->session->cipher->algorithm_enc == SSL_RC4)
- S3I(s)->need_empty_fragments = 0;
+ s->s3->need_empty_fragments = 0;
#endif
}
}
diff --git a/lib/libssl/tls12_lib.c b/lib/libssl/tls12_lib.c
index f30f3a7b463..773ba30bd07 100644
--- a/lib/libssl/tls12_lib.c
+++ b/lib/libssl/tls12_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_lib.c,v 1.3 2021/05/02 15:57:29 jsing Exp $ */
+/* $OpenBSD: tls12_lib.c,v 1.4 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
*
@@ -71,12 +71,12 @@ tls12_derive_finished(SSL *s)
{
if (!s->server) {
return tls12_client_finished_verify_data(s,
- S3I(s)->hs.finished, sizeof(S3I(s)->hs.finished),
- &S3I(s)->hs.finished_len);
+ s->s3->hs.finished, sizeof(s->s3->hs.finished),
+ &s->s3->hs.finished_len);
} else {
return tls12_server_finished_verify_data(s,
- S3I(s)->hs.finished, sizeof(S3I(s)->hs.finished),
- &S3I(s)->hs.finished_len);
+ s->s3->hs.finished, sizeof(s->s3->hs.finished),
+ &s->s3->hs.finished_len);
}
}
@@ -85,12 +85,12 @@ tls12_derive_peer_finished(SSL *s)
{
if (s->server) {
return tls12_client_finished_verify_data(s,
- S3I(s)->hs.peer_finished, sizeof(S3I(s)->hs.peer_finished),
- &S3I(s)->hs.peer_finished_len);
+ s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished),
+ &s->s3->hs.peer_finished_len);
} else {
return tls12_server_finished_verify_data(s,
- S3I(s)->hs.peer_finished, sizeof(S3I(s)->hs.peer_finished),
- &S3I(s)->hs.peer_finished_len);
+ s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished),
+ &s->s3->hs.peer_finished_len);
}
}
diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c
index a62e936ccb5..0379c978e92 100644
--- a/lib/libssl/tls13_legacy.c
+++ b/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_legacy.c,v 1.35 2022/01/25 15:00:09 tb Exp $ */
+/* $OpenBSD: tls13_legacy.c,v 1.36 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@@ -127,7 +127,7 @@ tls13_legacy_error(SSL *ssl)
int reason = SSL_R_UNKNOWN;
/* If we received a fatal alert we already put an error on the stack. */
- if (S3I(ssl)->fatal_alert != 0)
+ if (ssl->s3->fatal_alert != 0)
return;
switch (ctx->error.code) {
@@ -288,7 +288,7 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len)
* In the non-SSL_MODE_ENABLE_PARTIAL_WRITE case we have to loop until
* we have written out all of the requested data.
*/
- sent = S3I(ssl)->wnum;
+ sent = ssl->s3->wnum;
if (len < sent) {
SSLerror(ssl, SSL_R_BAD_LENGTH);
return -1;
@@ -296,12 +296,12 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len)
n = len - sent;
for (;;) {
if (n == 0) {
- S3I(ssl)->wnum = 0;
+ ssl->s3->wnum = 0;
return sent;
}
if ((ret = tls13_write_application_data(ctx->rl,
&buf[sent], n)) <= 0) {
- S3I(ssl)->wnum = sent;
+ ssl->s3->wnum = sent;
return tls13_legacy_return_code(ssl, ret);
}
sent += ret;
@@ -330,8 +330,8 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
/* Stash any unprocessed data from the last record. */
tls13_record_layer_rcontent(ctx->rl, &cbs);
if (CBS_len(&cbs) > 0) {
- if (!CBB_init_fixed(&cbb, S3I(s)->rbuf.buf,
- S3I(s)->rbuf.len))
+ if (!CBB_init_fixed(&cbb, s->s3->rbuf.buf,
+ s->s3->rbuf.len))
goto err;
if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE))
goto err;
@@ -344,12 +344,12 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
if (!CBB_finish(&cbb, NULL, NULL))
goto err;
- S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH;
- S3I(s)->rbuf.left = CBS_len(&cbs);
- S3I(s)->rrec.type = SSL3_RT_HANDSHAKE;
- S3I(s)->rrec.length = CBS_len(&cbs);
+ s->s3->rbuf.offset = SSL3_RT_HEADER_LENGTH;
+ s->s3->rbuf.left = CBS_len(&cbs);
+ s->s3->rrec.type = SSL3_RT_HANDSHAKE;
+ s->s3->rrec.length = CBS_len(&cbs);
s->internal->rstate = SSL_ST_READ_BODY;
- s->internal->packet = S3I(s)->rbuf.buf;
+ s->internal->packet = s->s3->rbuf.buf;
s->internal->packet_length = SSL3_RT_HEADER_LENGTH;
s->internal->mac_packet = 1;
}
@@ -362,9 +362,9 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
s->internal->init_buf->length, NULL))
goto err;
- S3I(s)->hs.tls12.reuse_message = 1;
- S3I(s)->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg);
- S3I(s)->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH;
+ s->s3->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg);
+ s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH;
return 1;
@@ -416,7 +416,7 @@ tls13_legacy_accept(SSL *ssl)
}
ssl->internal->tls13 = ctx;
ctx->ssl = ssl;
- ctx->hs = &S3I(ssl)->hs;
+ ctx->hs = &ssl->s3->hs;
if (!tls13_server_init(ctx)) {
if (ERR_peek_error() == 0)
@@ -452,7 +452,7 @@ tls13_legacy_connect(SSL *ssl)
}
ssl->internal->tls13 = ctx;
ctx->ssl = ssl;
- ctx->hs = &S3I(ssl)->hs;
+ ctx->hs = &ssl->s3->hs;
if (!tls13_client_init(ctx)) {
if (ERR_peek_error() == 0)
diff --git a/lib/libssl/tls13_lib.c b/lib/libssl/tls13_lib.c
index 1a9596adca8..20d3a38412b 100644
--- a/lib/libssl/tls13_lib.c
+++ b/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_lib.c,v 1.62 2021/09/16 19:25:30 jsing Exp $ */
+/* $OpenBSD: tls13_lib.c,v 1.63 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -111,7 +111,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
ctx->close_notify_recv = 1;
ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
- S3I(ctx->ssl)->warn_alert = alert_desc;
+ ctx->ssl->s3->warn_alert = alert_desc;
return;
}
@@ -124,7 +124,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
}
/* All other alerts are treated as fatal in TLSv1.3. */
- S3I(ctx->ssl)->fatal_alert = alert_desc;
+ ctx->ssl->s3->fatal_alert = alert_desc;
SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc);
ERR_asprintf_error_data("SSL alert number %d", alert_desc);