summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libssl/d1_both.c100
-rw-r--r--lib/libssl/d1_lib.c70
-rw-r--r--lib/libssl/d1_pkt.c36
-rw-r--r--lib/libssl/dtls_locl.h29
-rw-r--r--lib/libssl/ssl_both.c8
-rw-r--r--lib/libssl/ssl_clnt.c36
-rw-r--r--lib/libssl/ssl_lib.c4
-rw-r--r--lib/libssl/ssl_srvr.c42
8 files changed, 154 insertions, 171 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index 7365968db6b..07c868f45e6 100644
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.79 2021/10/23 08:34:36 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.80 2021/10/23 13:36:03 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -216,9 +216,9 @@ dtls1_do_write(SSL *s, int type)
size_t overhead;
/* AHA! Figure out the MTU, and stick to the right size */
- if (D1I(s)->mtu < dtls1_min_mtu() &&
+ if (s->d1->mtu < dtls1_min_mtu() &&
!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
- D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
+ s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
/*
@@ -226,27 +226,27 @@ dtls1_do_write(SSL *s, int type)
* doesn't know the MTU (ie., the initial write), so just
* make sure we have a reasonable number
*/
- if (D1I(s)->mtu < dtls1_min_mtu()) {
- D1I(s)->mtu = 0;
- D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu);
+ if (s->d1->mtu < dtls1_min_mtu()) {
+ s->d1->mtu = 0;
+ s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
- D1I(s)->mtu, NULL);
+ s->d1->mtu, NULL);
}
}
- OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu());
+ OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
/* should have something reasonable now */
if (s->internal->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->internal->init_num ==
- (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
+ (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead))
return -1;
frag_off = 0;
while (s->internal->init_num) {
- curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) -
+ curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
DTLS1_RT_HEADER_LENGTH - overhead;
if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
@@ -254,7 +254,7 @@ dtls1_do_write(SSL *s, int type)
ret = BIO_flush(SSL_get_wbio(s));
if (ret <= 0)
return ret;
- curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH -
+ curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
overhead;
}
@@ -279,8 +279,8 @@ dtls1_do_write(SSL *s, int type)
dtls1_fix_message_header(s, frag_off,
len - DTLS1_HM_HEADER_LENGTH);
- if (!dtls1_write_message_header(&D1I(s)->w_msg_hdr,
- D1I(s)->w_msg_hdr.frag_off, D1I(s)->w_msg_hdr.frag_len,
+ if (!dtls1_write_message_header(&s->d1->w_msg_hdr,
+ s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len,
(unsigned char *)&s->internal->init_buf->data[s->internal->init_off]))
return -1;
@@ -299,7 +299,7 @@ dtls1_do_write(SSL *s, int type)
*/
if (BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
- D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
+ s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
else
return (-1);
@@ -313,14 +313,14 @@ dtls1_do_write(SSL *s, int type)
OPENSSL_assert(len == (unsigned int)ret);
if (type == SSL3_RT_HANDSHAKE &&
- !D1I(s)->retransmitting) {
+ !s->d1->retransmitting) {
/*
* Should not be done for 'Hello Request's,
* but in that case we'll ignore the result
* anyway
*/
unsigned char *p = (unsigned char *)&s->internal->init_buf->data[s->internal->init_off];
- const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
+ const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
int xlen;
if (frag_off == 0) {
@@ -392,7 +392,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
return 1;
}
- msg_hdr = &D1I(s)->r_msg_hdr;
+ msg_hdr = &s->d1->r_msg_hdr;
memset(msg_hdr, 0, sizeof(struct hm_header_st));
again:
@@ -420,8 +420,8 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
memset(msg_hdr, 0, sizeof(struct hm_header_st));
/* Don't change sequence numbers while listening */
- if (!D1I(s)->listen)
- D1I(s)->handshake_read_seq++;
+ if (!s->d1->listen)
+ s->d1->handshake_read_seq++;
s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
return 1;
@@ -451,7 +451,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
return SSL_AD_ILLEGAL_PARAMETER;
}
- if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */
+ if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
{
/*
* msg_len is limited to 2^24, but is effectively checked
@@ -464,11 +464,11 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
}
S3I(s)->hs.tls12.message_size = msg_len;
- D1I(s)->r_msg_hdr.msg_len = msg_len;
+ s->d1->r_msg_hdr.msg_len = msg_len;
S3I(s)->hs.tls12.message_type = msg_hdr->type;
- D1I(s)->r_msg_hdr.type = msg_hdr->type;
- D1I(s)->r_msg_hdr.seq = msg_hdr->seq;
- } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) {
+ s->d1->r_msg_hdr.type = msg_hdr->type;
+ s->d1->r_msg_hdr.seq = msg_hdr->seq;
+ } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
/*
* They must be playing with us! BTW, failure to enforce
* upper limit would open possibility for buffer overrun.
@@ -494,7 +494,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
int al;
*ok = 0;
- item = pqueue_peek(D1I(s)->buffered_messages);
+ item = pqueue_peek(s->d1->buffered_messages);
if (item == NULL)
return 0;
@@ -504,9 +504,9 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
if (frag->reassembly != NULL)
return 0;
- if (D1I(s)->handshake_read_seq == frag->msg_header.seq) {
+ if (s->d1->handshake_read_seq == frag->msg_header.seq) {
unsigned long frag_len = frag->msg_header.frag_len;
- pqueue_pop(D1I(s)->buffered_messages);
+ pqueue_pop(s->d1->buffered_messages);
al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
@@ -571,7 +571,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
memset(seq64be, 0, sizeof(seq64be));
seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
seq64be[7] = (unsigned char)msg_hdr->seq;
- item = pqueue_find(D1I(s)->buffered_messages, seq64be);
+ item = pqueue_find(s->d1->buffered_messages, seq64be);
if (item == NULL) {
frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
@@ -636,7 +636,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
goto err;
}
- pqueue_insert(D1I(s)->buffered_messages, item);
+ pqueue_insert(s->d1->buffered_messages, item);
}
return DTLS1_HM_FRAGMENT_RETRY;
@@ -665,7 +665,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
memset(seq64be, 0, sizeof(seq64be));
seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
seq64be[7] = (unsigned char) msg_hdr->seq;
- item = pqueue_find(D1I(s)->buffered_messages, seq64be);
+ item = pqueue_find(s->d1->buffered_messages, seq64be);
/*
* If we already have an entry and this one is a fragment,
@@ -680,9 +680,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
* a FINISHED before the SERVER_HELLO, which then must be a stale
* retransmit.
*/
- if (msg_hdr->seq <= D1I(s)->handshake_read_seq ||
- msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL ||
- (D1I(s)->handshake_read_seq == 0 &&
+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
+ (s->d1->handshake_read_seq == 0 &&
msg_hdr->type == SSL3_MT_FINISHED)) {
unsigned char devnull [256];
@@ -723,7 +723,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
if (item == NULL)
goto err;
- pqueue_insert(D1I(s)->buffered_messages, item);
+ pqueue_insert(s->d1->buffered_messages, item);
}
return DTLS1_HM_FRAGMENT_RETRY;
@@ -777,8 +777,8 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
* While listening, we accept seq 1 (ClientHello with cookie)
* although we're still expecting seq 0 (ClientHello)
*/
- if (msg_hdr.seq != D1I(s)->handshake_read_seq &&
- !(D1I(s)->listen && msg_hdr.seq == 1))
+ if (msg_hdr.seq != s->d1->handshake_read_seq &&
+ !(s->d1->listen && msg_hdr.seq == 1))
return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
len = msg_hdr.msg_len;
@@ -788,7 +788,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
if (frag_len && frag_len < len)
return dtls1_reassemble_fragment(s, &msg_hdr, ok);
- if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 &&
+ if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
wire[0] == SSL3_MT_HELLO_REQUEST) {
/*
* The server may always send 'Hello Request' messages --
@@ -956,15 +956,15 @@ dtls1_buffer_message(SSL *s, int is_ccs)
memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num);
- OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len +
+ OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
(is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) ==
(unsigned int)s->internal->init_num);
- frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len;
- frag->msg_header.seq = D1I(s)->w_msg_hdr.seq;
- frag->msg_header.type = D1I(s)->w_msg_hdr.type;
+ frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
+ frag->msg_header.seq = s->d1->w_msg_hdr.seq;
+ frag->msg_header.type = s->d1->w_msg_hdr.type;
frag->msg_header.frag_off = 0;
- frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len;
+ frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
frag->msg_header.is_ccs = is_ccs;
/* save current state*/
@@ -1039,7 +1039,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
saved_state.session = s->session;
saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl);
- D1I(s)->retransmitting = 1;
+ s->d1->retransmitting = 1;
/* restore state in which the message was originally sent */
s->session = frag->msg_header.saved_retransmit_state.session;
@@ -1056,7 +1056,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
saved_state.epoch))
return 0;
- D1I(s)->retransmitting = 0;
+ s->d1->retransmitting = 0;
(void)BIO_flush(SSL_get_wbio(s));
return ret;
@@ -1085,12 +1085,12 @@ dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len,
unsigned long frag_off, unsigned long frag_len)
{
/* Don't change sequence numbers while listening */
- if (frag_off == 0 && !D1I(s)->listen) {
- D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
- D1I(s)->next_handshake_write_seq++;
+ if (frag_off == 0 && !s->d1->listen) {
+ s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+ s->d1->next_handshake_write_seq++;
}
- dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq,
+ dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
frag_off, frag_len);
}
@@ -1099,7 +1099,7 @@ void
dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
{
- struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
+ struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
msg_hdr->type = mt;
msg_hdr->msg_len = len;
@@ -1111,7 +1111,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
static void
dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
{
- struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
+ struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
msg_hdr->frag_off = frag_off;
msg_hdr->frag_len = frag_len;
diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c
index ec68b25140f..770734e6ffb 100644
--- a/lib/libssl/d1_lib.c
+++ b/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.60 2021/10/21 08:30:14 tb Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.61 2021/10/23 13:36:03 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -83,20 +83,18 @@ dtls1_new(SSL *s)
if ((s->d1 = calloc(1, sizeof(*s->d1))) == NULL)
goto err;
- if ((s->d1->internal = calloc(1, sizeof(*s->d1->internal))) == NULL)
- goto err;
- if ((s->d1->internal->unprocessed_rcds.q = pqueue_new()) == NULL)
+ if ((s->d1->unprocessed_rcds.q = pqueue_new()) == NULL)
goto err;
- if ((s->d1->internal->buffered_messages = pqueue_new()) == NULL)
+ if ((s->d1->buffered_messages = pqueue_new()) == NULL)
goto err;
if ((s->d1->sent_messages = pqueue_new()) == NULL)
goto err;
- if ((s->d1->internal->buffered_app_data.q = pqueue_new()) == NULL)
+ if ((s->d1->buffered_app_data.q = pqueue_new()) == NULL)
goto err;
if (s->server)
- s->d1->internal->cookie_len = sizeof(D1I(s)->cookie);
+ s->d1->cookie_len = sizeof(s->d1->cookie);
s->method->ssl_clear(s);
return (1);
@@ -140,10 +138,10 @@ dtls1_drain_fragments(pqueue queue)
static void
dtls1_clear_queues(SSL *s)
{
- dtls1_drain_records(D1I(s)->unprocessed_rcds.q);
- dtls1_drain_fragments(D1I(s)->buffered_messages);
+ dtls1_drain_records(s->d1->unprocessed_rcds.q);
+ dtls1_drain_fragments(s->d1->buffered_messages);
dtls1_drain_fragments(s->d1->sent_messages);
- dtls1_drain_records(D1I(s)->buffered_app_data.q);
+ dtls1_drain_records(s->d1->buffered_app_data.q);
}
void
@@ -156,18 +154,14 @@ dtls1_free(SSL *s)
if (s->d1 == NULL)
return;
- if (D1I(s) == NULL)
- goto out;
dtls1_clear_queues(s);
- pqueue_free(D1I(s)->unprocessed_rcds.q);
- pqueue_free(D1I(s)->buffered_messages);
+ pqueue_free(s->d1->unprocessed_rcds.q);
+ pqueue_free(s->d1->buffered_messages);
pqueue_free(s->d1->sent_messages);
- pqueue_free(D1I(s)->buffered_app_data.q);
+ pqueue_free(s->d1->buffered_app_data.q);
- out:
- freezero(s->d1->internal, sizeof(*s->d1->internal));
freezero(s->d1, sizeof(*s->d1));
s->d1 = NULL;
}
@@ -175,7 +169,6 @@ dtls1_free(SSL *s)
void
dtls1_clear(SSL *s)
{
- struct dtls1_state_internal_st *internal;
pqueue unprocessed_rcds;
pqueue buffered_messages;
pqueue sent_messages;
@@ -183,34 +176,31 @@ dtls1_clear(SSL *s)
unsigned int mtu;
if (s->d1) {
- unprocessed_rcds = D1I(s)->unprocessed_rcds.q;
- buffered_messages = D1I(s)->buffered_messages;
+ unprocessed_rcds = s->d1->unprocessed_rcds.q;
+ buffered_messages = s->d1->buffered_messages;
sent_messages = s->d1->sent_messages;
- buffered_app_data = D1I(s)->buffered_app_data.q;
- mtu = D1I(s)->mtu;
+ buffered_app_data = s->d1->buffered_app_data.q;
+ mtu = s->d1->mtu;
dtls1_clear_queues(s);
- memset(s->d1->internal, 0, sizeof(*s->d1->internal));
- internal = s->d1->internal;
memset(s->d1, 0, sizeof(*s->d1));
- s->d1->internal = internal;
- D1I(s)->unprocessed_rcds.epoch =
+ s->d1->unprocessed_rcds.epoch =
tls12_record_layer_read_epoch(s->internal->rl) + 1;
if (s->server) {
- D1I(s)->cookie_len = sizeof(D1I(s)->cookie);
+ s->d1->cookie_len = sizeof(s->d1->cookie);
}
if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
- D1I(s)->mtu = mtu;
+ s->d1->mtu = mtu;
}
- D1I(s)->unprocessed_rcds.q = unprocessed_rcds;
- D1I(s)->buffered_messages = buffered_messages;
+ s->d1->unprocessed_rcds.q = unprocessed_rcds;
+ s->d1->buffered_messages = buffered_messages;
s->d1->sent_messages = sent_messages;
- D1I(s)->buffered_app_data.q = buffered_app_data;
+ s->d1->buffered_app_data.q = buffered_app_data;
}
ssl3_clear(s);
@@ -356,7 +346,7 @@ void
dtls1_stop_timer(SSL *s)
{
/* Reset everything */
- memset(&(D1I(s)->timeout), 0, sizeof(struct dtls1_timeout_st));
+ memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
s->d1->timeout_duration = 1;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
@@ -368,16 +358,16 @@ dtls1_stop_timer(SSL *s)
int
dtls1_check_timeout_num(SSL *s)
{
- D1I(s)->timeout.num_alerts++;
+ s->d1->timeout.num_alerts++;
/* Reduce MTU after 2 unsuccessful retransmissions */
- if (D1I(s)->timeout.num_alerts > 2) {
- D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
+ if (s->d1->timeout.num_alerts > 2) {
+ s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
}
- if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
+ if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
/* fail the connection, enough alerts have been sent */
SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED);
return -1;
@@ -399,9 +389,9 @@ dtls1_handle_timeout(SSL *s)
if (dtls1_check_timeout_num(s) < 0)
return -1;
- D1I(s)->timeout.read_timeouts++;
- if (D1I(s)->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
- D1I(s)->timeout.read_timeouts = 1;
+ s->d1->timeout.read_timeouts++;
+ if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
+ s->d1->timeout.read_timeouts = 1;
}
dtls1_start_timer(s);
@@ -417,7 +407,7 @@ dtls1_listen(SSL *s, struct sockaddr *client)
SSL_clear(s);
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
- D1I(s)->listen = 1;
+ s->d1->listen = 1;
ret = SSL_accept(s);
if (ret <= 0)
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index aafadf16ef5..7aea85a4c4f 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.112 2021/09/04 14:31:54 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.113 2021/10/23 13:36:03 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -271,19 +271,19 @@ static int
dtls1_process_buffered_record(SSL *s)
{
/* Check if epoch is current. */
- if (D1I(s)->unprocessed_rcds.epoch !=
+ if (s->d1->unprocessed_rcds.epoch !=
tls12_record_layer_read_epoch(s->internal->rl))
return (0);
/* Update epoch once all unprocessed records have been processed. */
- if (pqueue_peek(D1I(s)->unprocessed_rcds.q) == NULL) {
- D1I(s)->unprocessed_rcds.epoch =
+ if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) {
+ s->d1->unprocessed_rcds.epoch =
tls12_record_layer_read_epoch(s->internal->rl) + 1;
return (0);
}
/* Process one of the records. */
- if (!dtls1_retrieve_buffered_record(s, &D1I(s)->unprocessed_rcds))
+ if (!dtls1_retrieve_buffered_record(s, &s->d1->unprocessed_rcds))
return (-1);
if (!dtls1_process_record(s))
return (-1);
@@ -449,7 +449,7 @@ dtls1_get_record(SSL *s)
* since they arrive from different connections and
* would be dropped unnecessarily.
*/
- if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE &&
+ if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
!dtls1_record_replay_check(s, bitmap, rr->seq_num))
goto again;
@@ -464,8 +464,8 @@ dtls1_get_record(SSL *s)
* anything while listening.
*/
if (is_next_epoch) {
- if ((SSL_in_init(s) || s->internal->in_handshake) && !D1I(s)->listen) {
- if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds),
+ if ((SSL_in_init(s) || s->internal->in_handshake) && !s->d1->listen) {
+ if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
rr->seq_num) < 0)
return (-1);
/* Mark receipt of record. */
@@ -552,7 +552,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
* in advance, if any.
*/
if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0)
- dtls1_retrieve_buffered_record(s, &(D1I(s)->buffered_app_data));
+ dtls1_retrieve_buffered_record(s, &(s->d1->buffered_app_data));
/* Check for timeout */
if (dtls1_handle_timeout(s) > 0)
@@ -571,7 +571,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
}
- if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) {
+ if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
rr->length = 0;
goto start;
}
@@ -586,7 +586,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
* buffer the application data for later processing rather
* than dropping the connection.
*/
- if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data),
+ if (dtls1_buffer_record(s, &(s->d1->buffered_app_data),
rr->seq_num) < 0) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
return (-1);
@@ -701,7 +701,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!S3I(s)->renegotiate) {
- D1I(s)->handshake_read_seq++;
+ s->d1->handshake_read_seq++;
s->internal->new_session = 1;
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s)) {
@@ -793,12 +793,12 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
/* We can't process a CCS now, because previous handshake
* messages are still missing, so just drop it.
*/
- if (!D1I(s)->change_cipher_spec_ok) {
+ if (!s->d1->change_cipher_spec_ok) {
rr->length = 0;
goto start;
}
- D1I(s)->change_cipher_spec_ok = 0;
+ s->d1->change_cipher_spec_ok = 0;
S3I(s)->change_cipher_spec = 1;
if (!ssl3_do_change_cipher_spec(s))
@@ -1069,13 +1069,13 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
/* In current epoch, accept HM, CCS, DATA, & ALERT */
if (rr->epoch == read_epoch)
- return &D1I(s)->bitmap;
+ return &s->d1->bitmap;
/* Only HM and ALERT messages can be from the next epoch */
if (rr->epoch == read_epoch_next &&
(rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
*is_next_epoch = 1;
- return &D1I(s)->next_bitmap;
+ return &s->d1->next_bitmap;
}
return NULL;
@@ -1084,6 +1084,6 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
void
dtls1_reset_read_seq_numbers(SSL *s)
{
- memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));
- memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP));
+ memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
+ memset(&(s->d1->next_bitmap), 0, sizeof(DTLS1_BITMAP));
}
diff --git a/lib/libssl/dtls_locl.h b/lib/libssl/dtls_locl.h
index 306fab2559f..3e4334bf915 100644
--- a/lib/libssl/dtls_locl.h
+++ b/lib/libssl/dtls_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls_locl.h,v 1.8 2021/10/23 08:34:36 jsing Exp $ */
+/* $OpenBSD: dtls_locl.h,v 1.9 2021/10/23 13:36:03 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -124,9 +124,16 @@ typedef struct dtls1_record_data_internal_st {
SSL3_RECORD_INTERNAL rrec;
} DTLS1_RECORD_DATA_INTERNAL;
-struct dtls1_state_internal_st;
+struct dtls1_state_st {
+ /* Buffered (sent) handshake records */
+ struct _pqueue *sent_messages;
+
+ /* Indicates when the last handshake msg or heartbeat sent will timeout */
+ struct timeval next_timeout;
+
+ /* Timeout duration */
+ unsigned short timeout_duration;
-typedef struct dtls1_state_internal_st {
unsigned int send_cookie;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
@@ -169,21 +176,7 @@ typedef struct dtls1_state_internal_st {
unsigned int retransmitting;
unsigned int change_cipher_spec_ok;
-} DTLS1_STATE_INTERNAL;
-#define D1I(s) (s->d1->internal)
-
-typedef struct dtls1_state_st {
- /* Buffered (sent) handshake records */
- struct _pqueue *sent_messages;
-
- /* Indicates when the last handshake msg or heartbeat sent will timeout */
- struct timeval next_timeout;
-
- /* Timeout duration */
- unsigned short timeout_duration;
-
- struct dtls1_state_internal_st *internal;
-} DTLS1_STATE;
+};
int dtls1_do_write(SSL *s, int type);
int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index fe7173e8a42..6e38463e27d 100644
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.37 2021/10/23 13:12:55 tb Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.38 2021/10/23 13:36:03 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -288,10 +288,10 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b)
s->internal->init_off = 0;
if (SSL_is_dtls(s)) {
- D1I(s)->handshake_write_seq =
- D1I(s)->next_handshake_write_seq;
+ s->d1->handshake_write_seq =
+ s->d1->next_handshake_write_seq;
dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
- D1I(s)->handshake_write_seq, 0, 0);
+ s->d1->handshake_write_seq, 0, 0);
dtls1_buffer_message(s, 1);
}
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 8a4c54e7b7e..ea13f81596d 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.113 2021/10/23 08:34:36 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.114 2021/10/23 13:36:03 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -249,7 +249,7 @@ ssl3_connect(SSL *s)
/* mark client_random uninitialized */
memset(s->s3->client_random, 0,
sizeof(s->s3->client_random));
- D1I(s)->send_cookie = 0;
+ s->d1->send_cookie = 0;
s->internal->hit = 0;
}
break;
@@ -269,7 +269,7 @@ ssl3_connect(SSL *s)
if (ret <= 0)
goto end;
- if (SSL_is_dtls(s) && D1I(s)->send_cookie) {
+ if (SSL_is_dtls(s) && s->d1->send_cookie) {
S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A;
} else
@@ -314,7 +314,7 @@ ssl3_connect(SSL *s)
if (ret <= 0)
goto end;
dtls1_stop_timer(s);
- if (D1I(s)->send_cookie) /* start again, with a cookie */
+ if (s->d1->send_cookie) /* start again, with a cookie */
S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
else
S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
@@ -529,7 +529,7 @@ ssl3_connect(SSL *s)
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
if (SSL_is_dtls(s))
- D1I(s)->change_cipher_spec_ok = 1;
+ s->d1->change_cipher_spec_ok = 1;
else
s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
@@ -595,8 +595,8 @@ ssl3_connect(SSL *s)
if (SSL_is_dtls(s)) {
/* done with handshaking */
- D1I(s)->handshake_read_seq = 0;
- D1I(s)->next_handshake_write_seq = 0;
+ s->d1->handshake_read_seq = 0;
+ s->d1->next_handshake_write_seq = 0;
}
goto end;
@@ -666,7 +666,7 @@ ssl3_send_client_hello(SSL *s)
* HelloVerifyRequest, we must retain the original client
* random value.
*/
- if (!SSL_is_dtls(s) || D1I(s)->send_cookie == 0)
+ if (!SSL_is_dtls(s) || s->d1->send_cookie == 0)
arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
if (!ssl3_handshake_msg_start(s, &cbb, &client_hello,
@@ -728,14 +728,14 @@ ssl3_send_client_hello(SSL *s)
/* DTLS Cookie. */
if (SSL_is_dtls(s)) {
- if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) {
+ if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
if (!CBB_add_u8_length_prefixed(&client_hello, &cookie))
goto err;
- if (!CBB_add_bytes(&cookie, D1I(s)->cookie,
- D1I(s)->cookie_len))
+ if (!CBB_add_bytes(&cookie, s->d1->cookie,
+ s->d1->cookie_len))
goto err;
}
@@ -789,7 +789,7 @@ ssl3_get_dtls_hello_verify(SSL *s)
return ret;
if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
- D1I(s)->send_cookie = 0;
+ s->d1->send_cookie = 0;
S3I(s)->hs.tls12.reuse_message = 1;
return (1);
}
@@ -819,14 +819,14 @@ ssl3_get_dtls_hello_verify(SSL *s)
goto fatal_err;
}
- if (!CBS_write_bytes(&cookie, D1I(s)->cookie,
- sizeof(D1I(s)->cookie), &cookie_len)) {
- D1I(s)->cookie_len = 0;
+ if (!CBS_write_bytes(&cookie, s->d1->cookie,
+ sizeof(s->d1->cookie), &cookie_len)) {
+ s->d1->cookie_len = 0;
al = SSL_AD_ILLEGAL_PARAMETER;
goto fatal_err;
}
- D1I(s)->cookie_len = cookie_len;
- D1I(s)->send_cookie = 1;
+ s->d1->cookie_len = cookie_len;
+ s->d1->send_cookie = 1;
return 1;
@@ -862,7 +862,7 @@ ssl3_get_server_hello(SSL *s)
if (SSL_is_dtls(s)) {
if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
- if (D1I(s)->send_cookie == 0) {
+ if (s->d1->send_cookie == 0) {
S3I(s)->hs.tls12.reuse_message = 1;
return (1);
} else {
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index cb8c02844c9..df025997397 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.269 2021/10/23 11:41:52 beck Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.270 2021/10/23 13:36:03 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1178,7 +1178,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
return (0);
#endif
if (SSL_is_dtls(s)) {
- D1I(s)->mtu = larg;
+ s->d1->mtu = larg;
return (larg);
}
return (0);
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 1bbe551b3c3..1aa0324b159 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.120 2021/10/23 08:34:36 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.121 2021/10/23 13:36:03 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -183,7 +183,7 @@ ssl3_accept(SSL *s)
errno = 0;
if (SSL_is_dtls(s))
- listen = D1I(s)->listen;
+ listen = s->d1->listen;
/* init things to blank */
s->internal->in_handshake++;
@@ -191,7 +191,7 @@ ssl3_accept(SSL *s)
SSL_clear(s);
if (SSL_is_dtls(s))
- D1I(s)->listen = listen;
+ s->d1->listen = listen;
for (;;) {
state = S3I(s)->hs.state;
@@ -332,14 +332,14 @@ ssl3_accept(SSL *s)
/* If we're just listening, stop here */
if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
ret = 2;
- D1I(s)->listen = 0;
+ s->d1->listen = 0;
/*
* Set expected sequence numbers to
* continue the handshake.
*/
- D1I(s)->handshake_read_seq = 2;
- D1I(s)->handshake_write_seq = 1;
- D1I(s)->next_handshake_write_seq = 1;
+ s->d1->handshake_read_seq = 2;
+ s->d1->handshake_write_seq = 1;
+ s->d1->next_handshake_write_seq = 1;
goto end;
}
} else {
@@ -584,7 +584,7 @@ ssl3_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
if (SSL_is_dtls(s))
- D1I(s)->change_cipher_spec_ok = 1;
+ s->d1->change_cipher_spec_ok = 1;
else
s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -599,7 +599,7 @@ ssl3_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
if (SSL_is_dtls(s))
- D1I(s)->change_cipher_spec_ok = 1;
+ s->d1->change_cipher_spec_ok = 1;
else
s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
@@ -706,10 +706,10 @@ ssl3_accept(SSL *s)
if (SSL_is_dtls(s)) {
/* Done handshaking, next message is client hello. */
- D1I(s)->handshake_read_seq = 0;
+ s->d1->handshake_read_seq = 0;
/* Next message is server hello. */
- D1I(s)->handshake_write_seq = 0;
- D1I(s)->next_handshake_write_seq = 0;
+ s->d1->handshake_write_seq = 0;
+ s->d1->next_handshake_write_seq = 0;
}
goto end;
/* break; */
@@ -924,7 +924,7 @@ ssl3_get_client_hello(SSL *s)
* message has not been sent - make sure that it does not cause
* an overflow.
*/
- if (CBS_len(&cookie) > sizeof(D1I(s)->rcvd_cookie)) {
+ if (CBS_len(&cookie) > sizeof(s->d1->rcvd_cookie)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_COOKIE_MISMATCH);
goto fatal_err;
@@ -936,21 +936,21 @@ ssl3_get_client_hello(SSL *s)
size_t cookie_len;
/* XXX - rcvd_cookie seems to only be used here... */
- if (!CBS_write_bytes(&cookie, D1I(s)->rcvd_cookie,
- sizeof(D1I(s)->rcvd_cookie), &cookie_len))
+ if (!CBS_write_bytes(&cookie, s->d1->rcvd_cookie,
+ sizeof(s->d1->rcvd_cookie), &cookie_len))
goto err;
if (s->ctx->internal->app_verify_cookie_cb != NULL) {
if (s->ctx->internal->app_verify_cookie_cb(s,
- D1I(s)->rcvd_cookie, cookie_len) == 0) {
+ s->d1->rcvd_cookie, cookie_len) == 0) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_COOKIE_MISMATCH);
goto fatal_err;
}
/* else cookie verification succeeded */
/* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */
- } else if (timingsafe_memcmp(D1I(s)->rcvd_cookie,
- D1I(s)->cookie, D1I(s)->cookie_len) != 0) {
+ } else if (timingsafe_memcmp(s->d1->rcvd_cookie,
+ s->d1->cookie, s->d1->cookie_len) != 0) {
/* default verification */
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_COOKIE_MISMATCH);
@@ -1166,8 +1166,8 @@ ssl3_send_dtls_hello_verify_request(SSL *s)
if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
if (s->ctx->internal->app_gen_cookie_cb == NULL ||
- s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie,
- &(D1I(s)->cookie_len)) == 0) {
+ s->ctx->internal->app_gen_cookie_cb(s, s->d1->cookie,
+ &(s->d1->cookie_len)) == 0) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -1184,7 +1184,7 @@ ssl3_send_dtls_hello_verify_request(SSL *s)
goto err;
if (!CBB_add_u8_length_prefixed(&verify, &cookie))
goto err;
- if (!CBB_add_bytes(&cookie, D1I(s)->cookie, D1I(s)->cookie_len))
+ if (!CBB_add_bytes(&cookie, s->d1->cookie, s->d1->cookie_len))
goto err;
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;