diff options
-rw-r--r-- | lib/libssl/d1_both.c | 100 | ||||
-rw-r--r-- | lib/libssl/d1_lib.c | 70 | ||||
-rw-r--r-- | lib/libssl/d1_pkt.c | 36 | ||||
-rw-r--r-- | lib/libssl/dtls_locl.h | 29 | ||||
-rw-r--r-- | lib/libssl/ssl_both.c | 8 | ||||
-rw-r--r-- | lib/libssl/ssl_clnt.c | 36 | ||||
-rw-r--r-- | lib/libssl/ssl_lib.c | 4 | ||||
-rw-r--r-- | lib/libssl/ssl_srvr.c | 42 |
8 files changed, 154 insertions, 171 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index 7365968db6b..07c868f45e6 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.79 2021/10/23 08:34:36 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.80 2021/10/23 13:36:03 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -216,9 +216,9 @@ dtls1_do_write(SSL *s, int type) size_t overhead; /* AHA! Figure out the MTU, and stick to the right size */ - if (D1I(s)->mtu < dtls1_min_mtu() && + if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); /* @@ -226,27 +226,27 @@ dtls1_do_write(SSL *s, int type) * doesn't know the MTU (ie., the initial write), so just * make sure we have a reasonable number */ - if (D1I(s)->mtu < dtls1_min_mtu()) { - D1I(s)->mtu = 0; - D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu); + if (s->d1->mtu < dtls1_min_mtu()) { + s->d1->mtu = 0; + s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - D1I(s)->mtu, NULL); + s->d1->mtu, NULL); } } - OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu()); + OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ if (s->internal->init_off == 0 && type == SSL3_RT_HANDSHAKE) OPENSSL_assert(s->internal->init_num == - (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); if (!tls12_record_layer_write_overhead(s->internal->rl, &overhead)) return -1; frag_off = 0; while (s->internal->init_num) { - curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) - + curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - DTLS1_RT_HEADER_LENGTH - overhead; if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) { @@ -254,7 +254,7 @@ dtls1_do_write(SSL *s, int type) ret = BIO_flush(SSL_get_wbio(s)); if (ret <= 0) return ret; - curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH - + curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - overhead; } @@ -279,8 +279,8 @@ dtls1_do_write(SSL *s, int type) dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH); - if (!dtls1_write_message_header(&D1I(s)->w_msg_hdr, - D1I(s)->w_msg_hdr.frag_off, D1I(s)->w_msg_hdr.frag_len, + if (!dtls1_write_message_header(&s->d1->w_msg_hdr, + s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len, (unsigned char *)&s->internal->init_buf->data[s->internal->init_off])) return -1; @@ -299,7 +299,7 @@ dtls1_do_write(SSL *s, int type) */ if (BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) - D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); else return (-1); @@ -313,14 +313,14 @@ dtls1_do_write(SSL *s, int type) OPENSSL_assert(len == (unsigned int)ret); if (type == SSL3_RT_HANDSHAKE && - !D1I(s)->retransmitting) { + !s->d1->retransmitting) { /* * Should not be done for 'Hello Request's, * but in that case we'll ignore the result * anyway */ unsigned char *p = (unsigned char *)&s->internal->init_buf->data[s->internal->init_off]; - const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; int xlen; if (frag_off == 0) { @@ -392,7 +392,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max) return 1; } - msg_hdr = &D1I(s)->r_msg_hdr; + msg_hdr = &s->d1->r_msg_hdr; memset(msg_hdr, 0, sizeof(struct hm_header_st)); again: @@ -420,8 +420,8 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max) memset(msg_hdr, 0, sizeof(struct hm_header_st)); /* Don't change sequence numbers while listening */ - if (!D1I(s)->listen) - D1I(s)->handshake_read_seq++; + if (!s->d1->listen) + s->d1->handshake_read_seq++; s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; return 1; @@ -451,7 +451,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) return SSL_AD_ILLEGAL_PARAMETER; } - if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */ + if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ { /* * msg_len is limited to 2^24, but is effectively checked @@ -464,11 +464,11 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) } S3I(s)->hs.tls12.message_size = msg_len; - D1I(s)->r_msg_hdr.msg_len = msg_len; + s->d1->r_msg_hdr.msg_len = msg_len; S3I(s)->hs.tls12.message_type = msg_hdr->type; - D1I(s)->r_msg_hdr.type = msg_hdr->type; - D1I(s)->r_msg_hdr.seq = msg_hdr->seq; - } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { + s->d1->r_msg_hdr.type = msg_hdr->type; + s->d1->r_msg_hdr.seq = msg_hdr->seq; + } else if (msg_len != s->d1->r_msg_hdr.msg_len) { /* * They must be playing with us! BTW, failure to enforce * upper limit would open possibility for buffer overrun. @@ -494,7 +494,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) int al; *ok = 0; - item = pqueue_peek(D1I(s)->buffered_messages); + item = pqueue_peek(s->d1->buffered_messages); if (item == NULL) return 0; @@ -504,9 +504,9 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) if (frag->reassembly != NULL) return 0; - if (D1I(s)->handshake_read_seq == frag->msg_header.seq) { + if (s->d1->handshake_read_seq == frag->msg_header.seq) { unsigned long frag_len = frag->msg_header.frag_len; - pqueue_pop(D1I(s)->buffered_messages); + pqueue_pop(s->d1->buffered_messages); al = dtls1_preprocess_fragment(s, &frag->msg_header, max); @@ -571,7 +571,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); seq64be[7] = (unsigned char)msg_hdr->seq; - item = pqueue_find(D1I(s)->buffered_messages, seq64be); + item = pqueue_find(s->d1->buffered_messages, seq64be); if (item == NULL) { frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); @@ -636,7 +636,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) goto err; } - pqueue_insert(D1I(s)->buffered_messages, item); + pqueue_insert(s->d1->buffered_messages, item); } return DTLS1_HM_FRAGMENT_RETRY; @@ -665,7 +665,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char) (msg_hdr->seq >> 8); seq64be[7] = (unsigned char) msg_hdr->seq; - item = pqueue_find(D1I(s)->buffered_messages, seq64be); + item = pqueue_find(s->d1->buffered_messages, seq64be); /* * If we already have an entry and this one is a fragment, @@ -680,9 +680,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) * a FINISHED before the SERVER_HELLO, which then must be a stale * retransmit. */ - if (msg_hdr->seq <= D1I(s)->handshake_read_seq || - msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL || - (D1I(s)->handshake_read_seq == 0 && + if (msg_hdr->seq <= s->d1->handshake_read_seq || + msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || + (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { unsigned char devnull [256]; @@ -723,7 +723,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) if (item == NULL) goto err; - pqueue_insert(D1I(s)->buffered_messages, item); + pqueue_insert(s->d1->buffered_messages, item); } return DTLS1_HM_FRAGMENT_RETRY; @@ -777,8 +777,8 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) * While listening, we accept seq 1 (ClientHello with cookie) * although we're still expecting seq 0 (ClientHello) */ - if (msg_hdr.seq != D1I(s)->handshake_read_seq && - !(D1I(s)->listen && msg_hdr.seq == 1)) + if (msg_hdr.seq != s->d1->handshake_read_seq && + !(s->d1->listen && msg_hdr.seq == 1)) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); len = msg_hdr.msg_len; @@ -788,7 +788,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if (frag_len && frag_len < len) return dtls1_reassemble_fragment(s, &msg_hdr, ok); - if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 && + if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && wire[0] == SSL3_MT_HELLO_REQUEST) { /* * The server may always send 'Hello Request' messages -- @@ -956,15 +956,15 @@ dtls1_buffer_message(SSL *s, int is_ccs) memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num); - OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + + OPENSSL_assert(s->d1->w_msg_hdr.msg_len + (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) == (unsigned int)s->internal->init_num); - frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len; - frag->msg_header.seq = D1I(s)->w_msg_hdr.seq; - frag->msg_header.type = D1I(s)->w_msg_hdr.type; + frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; + frag->msg_header.seq = s->d1->w_msg_hdr.seq; + frag->msg_header.type = s->d1->w_msg_hdr.type; frag->msg_header.frag_off = 0; - frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len; + frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; frag->msg_header.is_ccs = is_ccs; /* save current state*/ @@ -1039,7 +1039,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, saved_state.session = s->session; saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl); - D1I(s)->retransmitting = 1; + s->d1->retransmitting = 1; /* restore state in which the message was originally sent */ s->session = frag->msg_header.saved_retransmit_state.session; @@ -1056,7 +1056,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, saved_state.epoch)) return 0; - D1I(s)->retransmitting = 0; + s->d1->retransmitting = 0; (void)BIO_flush(SSL_get_wbio(s)); return ret; @@ -1085,12 +1085,12 @@ dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len) { /* Don't change sequence numbers while listening */ - if (frag_off == 0 && !D1I(s)->listen) { - D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; - D1I(s)->next_handshake_write_seq++; + if (frag_off == 0 && !s->d1->listen) { + s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; + s->d1->next_handshake_write_seq++; } - dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq, + dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, frag_off, frag_len); } @@ -1099,7 +1099,7 @@ void dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) { - struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; msg_hdr->type = mt; msg_hdr->msg_len = len; @@ -1111,7 +1111,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) { - struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; msg_hdr->frag_off = frag_off; msg_hdr->frag_len = frag_len; diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c index ec68b25140f..770734e6ffb 100644 --- a/lib/libssl/d1_lib.c +++ b/lib/libssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.60 2021/10/21 08:30:14 tb Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.61 2021/10/23 13:36:03 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -83,20 +83,18 @@ dtls1_new(SSL *s) if ((s->d1 = calloc(1, sizeof(*s->d1))) == NULL) goto err; - if ((s->d1->internal = calloc(1, sizeof(*s->d1->internal))) == NULL) - goto err; - if ((s->d1->internal->unprocessed_rcds.q = pqueue_new()) == NULL) + if ((s->d1->unprocessed_rcds.q = pqueue_new()) == NULL) goto err; - if ((s->d1->internal->buffered_messages = pqueue_new()) == NULL) + if ((s->d1->buffered_messages = pqueue_new()) == NULL) goto err; if ((s->d1->sent_messages = pqueue_new()) == NULL) goto err; - if ((s->d1->internal->buffered_app_data.q = pqueue_new()) == NULL) + if ((s->d1->buffered_app_data.q = pqueue_new()) == NULL) goto err; if (s->server) - s->d1->internal->cookie_len = sizeof(D1I(s)->cookie); + s->d1->cookie_len = sizeof(s->d1->cookie); s->method->ssl_clear(s); return (1); @@ -140,10 +138,10 @@ dtls1_drain_fragments(pqueue queue) static void dtls1_clear_queues(SSL *s) { - dtls1_drain_records(D1I(s)->unprocessed_rcds.q); - dtls1_drain_fragments(D1I(s)->buffered_messages); + dtls1_drain_records(s->d1->unprocessed_rcds.q); + dtls1_drain_fragments(s->d1->buffered_messages); dtls1_drain_fragments(s->d1->sent_messages); - dtls1_drain_records(D1I(s)->buffered_app_data.q); + dtls1_drain_records(s->d1->buffered_app_data.q); } void @@ -156,18 +154,14 @@ dtls1_free(SSL *s) if (s->d1 == NULL) return; - if (D1I(s) == NULL) - goto out; dtls1_clear_queues(s); - pqueue_free(D1I(s)->unprocessed_rcds.q); - pqueue_free(D1I(s)->buffered_messages); + pqueue_free(s->d1->unprocessed_rcds.q); + pqueue_free(s->d1->buffered_messages); pqueue_free(s->d1->sent_messages); - pqueue_free(D1I(s)->buffered_app_data.q); + pqueue_free(s->d1->buffered_app_data.q); - out: - freezero(s->d1->internal, sizeof(*s->d1->internal)); freezero(s->d1, sizeof(*s->d1)); s->d1 = NULL; } @@ -175,7 +169,6 @@ dtls1_free(SSL *s) void dtls1_clear(SSL *s) { - struct dtls1_state_internal_st *internal; pqueue unprocessed_rcds; pqueue buffered_messages; pqueue sent_messages; @@ -183,34 +176,31 @@ dtls1_clear(SSL *s) unsigned int mtu; if (s->d1) { - unprocessed_rcds = D1I(s)->unprocessed_rcds.q; - buffered_messages = D1I(s)->buffered_messages; + unprocessed_rcds = s->d1->unprocessed_rcds.q; + buffered_messages = s->d1->buffered_messages; sent_messages = s->d1->sent_messages; - buffered_app_data = D1I(s)->buffered_app_data.q; - mtu = D1I(s)->mtu; + buffered_app_data = s->d1->buffered_app_data.q; + mtu = s->d1->mtu; dtls1_clear_queues(s); - memset(s->d1->internal, 0, sizeof(*s->d1->internal)); - internal = s->d1->internal; memset(s->d1, 0, sizeof(*s->d1)); - s->d1->internal = internal; - D1I(s)->unprocessed_rcds.epoch = + s->d1->unprocessed_rcds.epoch = tls12_record_layer_read_epoch(s->internal->rl) + 1; if (s->server) { - D1I(s)->cookie_len = sizeof(D1I(s)->cookie); + s->d1->cookie_len = sizeof(s->d1->cookie); } if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { - D1I(s)->mtu = mtu; + s->d1->mtu = mtu; } - D1I(s)->unprocessed_rcds.q = unprocessed_rcds; - D1I(s)->buffered_messages = buffered_messages; + s->d1->unprocessed_rcds.q = unprocessed_rcds; + s->d1->buffered_messages = buffered_messages; s->d1->sent_messages = sent_messages; - D1I(s)->buffered_app_data.q = buffered_app_data; + s->d1->buffered_app_data.q = buffered_app_data; } ssl3_clear(s); @@ -356,7 +346,7 @@ void dtls1_stop_timer(SSL *s) { /* Reset everything */ - memset(&(D1I(s)->timeout), 0, sizeof(struct dtls1_timeout_st)); + memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); s->d1->timeout_duration = 1; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, @@ -368,16 +358,16 @@ dtls1_stop_timer(SSL *s) int dtls1_check_timeout_num(SSL *s) { - D1I(s)->timeout.num_alerts++; + s->d1->timeout.num_alerts++; /* Reduce MTU after 2 unsuccessful retransmissions */ - if (D1I(s)->timeout.num_alerts > 2) { - D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + if (s->d1->timeout.num_alerts > 2) { + s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); } - if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { + if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { /* fail the connection, enough alerts have been sent */ SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED); return -1; @@ -399,9 +389,9 @@ dtls1_handle_timeout(SSL *s) if (dtls1_check_timeout_num(s) < 0) return -1; - D1I(s)->timeout.read_timeouts++; - if (D1I(s)->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { - D1I(s)->timeout.read_timeouts = 1; + s->d1->timeout.read_timeouts++; + if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { + s->d1->timeout.read_timeouts = 1; } dtls1_start_timer(s); @@ -417,7 +407,7 @@ dtls1_listen(SSL *s, struct sockaddr *client) SSL_clear(s); SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); - D1I(s)->listen = 1; + s->d1->listen = 1; ret = SSL_accept(s); if (ret <= 0) diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index aafadf16ef5..7aea85a4c4f 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.112 2021/09/04 14:31:54 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.113 2021/10/23 13:36:03 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -271,19 +271,19 @@ static int dtls1_process_buffered_record(SSL *s) { /* Check if epoch is current. */ - if (D1I(s)->unprocessed_rcds.epoch != + if (s->d1->unprocessed_rcds.epoch != tls12_record_layer_read_epoch(s->internal->rl)) return (0); /* Update epoch once all unprocessed records have been processed. */ - if (pqueue_peek(D1I(s)->unprocessed_rcds.q) == NULL) { - D1I(s)->unprocessed_rcds.epoch = + if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) { + s->d1->unprocessed_rcds.epoch = tls12_record_layer_read_epoch(s->internal->rl) + 1; return (0); } /* Process one of the records. */ - if (!dtls1_retrieve_buffered_record(s, &D1I(s)->unprocessed_rcds)) + if (!dtls1_retrieve_buffered_record(s, &s->d1->unprocessed_rcds)) return (-1); if (!dtls1_process_record(s)) return (-1); @@ -449,7 +449,7 @@ dtls1_get_record(SSL *s) * since they arrive from different connections and * would be dropped unnecessarily. */ - if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE && + if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && p != NULL && *p == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap, rr->seq_num)) goto again; @@ -464,8 +464,8 @@ dtls1_get_record(SSL *s) * anything while listening. */ if (is_next_epoch) { - if ((SSL_in_init(s) || s->internal->in_handshake) && !D1I(s)->listen) { - if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds), + if ((SSL_in_init(s) || s->internal->in_handshake) && !s->d1->listen) { + if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0) return (-1); /* Mark receipt of record. */ @@ -552,7 +552,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) * in advance, if any. */ if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0) - dtls1_retrieve_buffered_record(s, &(D1I(s)->buffered_app_data)); + dtls1_retrieve_buffered_record(s, &(s->d1->buffered_app_data)); /* Check for timeout */ if (dtls1_handle_timeout(s) > 0) @@ -571,7 +571,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } - if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) { + if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) { rr->length = 0; goto start; } @@ -586,7 +586,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) * buffer the application data for later processing rather * than dropping the connection. */ - if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data), + if (dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num) < 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); return (-1); @@ -701,7 +701,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && !S3I(s)->renegotiate) { - D1I(s)->handshake_read_seq++; + s->d1->handshake_read_seq++; s->internal->new_session = 1; ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) { @@ -793,12 +793,12 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) /* We can't process a CCS now, because previous handshake * messages are still missing, so just drop it. */ - if (!D1I(s)->change_cipher_spec_ok) { + if (!s->d1->change_cipher_spec_ok) { rr->length = 0; goto start; } - D1I(s)->change_cipher_spec_ok = 0; + s->d1->change_cipher_spec_ok = 0; S3I(s)->change_cipher_spec = 1; if (!ssl3_do_change_cipher_spec(s)) @@ -1069,13 +1069,13 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch) /* In current epoch, accept HM, CCS, DATA, & ALERT */ if (rr->epoch == read_epoch) - return &D1I(s)->bitmap; + return &s->d1->bitmap; /* Only HM and ALERT messages can be from the next epoch */ if (rr->epoch == read_epoch_next && (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { *is_next_epoch = 1; - return &D1I(s)->next_bitmap; + return &s->d1->next_bitmap; } return NULL; @@ -1084,6 +1084,6 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch) void dtls1_reset_read_seq_numbers(SSL *s) { - memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP)); - memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP)); + memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); + memset(&(s->d1->next_bitmap), 0, sizeof(DTLS1_BITMAP)); } diff --git a/lib/libssl/dtls_locl.h b/lib/libssl/dtls_locl.h index 306fab2559f..3e4334bf915 100644 --- a/lib/libssl/dtls_locl.h +++ b/lib/libssl/dtls_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dtls_locl.h,v 1.8 2021/10/23 08:34:36 jsing Exp $ */ +/* $OpenBSD: dtls_locl.h,v 1.9 2021/10/23 13:36:03 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -124,9 +124,16 @@ typedef struct dtls1_record_data_internal_st { SSL3_RECORD_INTERNAL rrec; } DTLS1_RECORD_DATA_INTERNAL; -struct dtls1_state_internal_st; +struct dtls1_state_st { + /* Buffered (sent) handshake records */ + struct _pqueue *sent_messages; + + /* Indicates when the last handshake msg or heartbeat sent will timeout */ + struct timeval next_timeout; + + /* Timeout duration */ + unsigned short timeout_duration; -typedef struct dtls1_state_internal_st { unsigned int send_cookie; unsigned char cookie[DTLS1_COOKIE_LENGTH]; unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; @@ -169,21 +176,7 @@ typedef struct dtls1_state_internal_st { unsigned int retransmitting; unsigned int change_cipher_spec_ok; -} DTLS1_STATE_INTERNAL; -#define D1I(s) (s->d1->internal) - -typedef struct dtls1_state_st { - /* Buffered (sent) handshake records */ - struct _pqueue *sent_messages; - - /* Indicates when the last handshake msg or heartbeat sent will timeout */ - struct timeval next_timeout; - - /* Timeout duration */ - unsigned short timeout_duration; - - struct dtls1_state_internal_st *internal; -} DTLS1_STATE; +}; int dtls1_do_write(SSL *s, int type); int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c index fe7173e8a42..6e38463e27d 100644 --- a/lib/libssl/ssl_both.c +++ b/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.37 2021/10/23 13:12:55 tb Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.38 2021/10/23 13:36:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -288,10 +288,10 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b) s->internal->init_off = 0; if (SSL_is_dtls(s)) { - D1I(s)->handshake_write_seq = - D1I(s)->next_handshake_write_seq; + s->d1->handshake_write_seq = + s->d1->next_handshake_write_seq; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - D1I(s)->handshake_write_seq, 0, 0); + s->d1->handshake_write_seq, 0, 0); dtls1_buffer_message(s, 1); } diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 8a4c54e7b7e..ea13f81596d 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.113 2021/10/23 08:34:36 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.114 2021/10/23 13:36:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -249,7 +249,7 @@ ssl3_connect(SSL *s) /* mark client_random uninitialized */ memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); - D1I(s)->send_cookie = 0; + s->d1->send_cookie = 0; s->internal->hit = 0; } break; @@ -269,7 +269,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; - if (SSL_is_dtls(s) && D1I(s)->send_cookie) { + if (SSL_is_dtls(s) && s->d1->send_cookie) { S3I(s)->hs.state = SSL3_ST_CW_FLUSH; S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A; } else @@ -314,7 +314,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; dtls1_stop_timer(s); - if (D1I(s)->send_cookie) /* start again, with a cookie */ + if (s->d1->send_cookie) /* start again, with a cookie */ S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; else S3I(s)->hs.state = SSL3_ST_CR_CERT_A; @@ -529,7 +529,7 @@ ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: if (SSL_is_dtls(s)) - D1I(s)->change_cipher_spec_ok = 1; + s->d1->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, @@ -595,8 +595,8 @@ ssl3_connect(SSL *s) if (SSL_is_dtls(s)) { /* done with handshaking */ - D1I(s)->handshake_read_seq = 0; - D1I(s)->next_handshake_write_seq = 0; + s->d1->handshake_read_seq = 0; + s->d1->next_handshake_write_seq = 0; } goto end; @@ -666,7 +666,7 @@ ssl3_send_client_hello(SSL *s) * HelloVerifyRequest, we must retain the original client * random value. */ - if (!SSL_is_dtls(s) || D1I(s)->send_cookie == 0) + if (!SSL_is_dtls(s) || s->d1->send_cookie == 0) arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); if (!ssl3_handshake_msg_start(s, &cbb, &client_hello, @@ -728,14 +728,14 @@ ssl3_send_client_hello(SSL *s) /* DTLS Cookie. */ if (SSL_is_dtls(s)) { - if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) { + if (s->d1->cookie_len > sizeof(s->d1->cookie)) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } if (!CBB_add_u8_length_prefixed(&client_hello, &cookie)) goto err; - if (!CBB_add_bytes(&cookie, D1I(s)->cookie, - D1I(s)->cookie_len)) + if (!CBB_add_bytes(&cookie, s->d1->cookie, + s->d1->cookie_len)) goto err; } @@ -789,7 +789,7 @@ ssl3_get_dtls_hello_verify(SSL *s) return ret; if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { - D1I(s)->send_cookie = 0; + s->d1->send_cookie = 0; S3I(s)->hs.tls12.reuse_message = 1; return (1); } @@ -819,14 +819,14 @@ ssl3_get_dtls_hello_verify(SSL *s) goto fatal_err; } - if (!CBS_write_bytes(&cookie, D1I(s)->cookie, - sizeof(D1I(s)->cookie), &cookie_len)) { - D1I(s)->cookie_len = 0; + if (!CBS_write_bytes(&cookie, s->d1->cookie, + sizeof(s->d1->cookie), &cookie_len)) { + s->d1->cookie_len = 0; al = SSL_AD_ILLEGAL_PARAMETER; goto fatal_err; } - D1I(s)->cookie_len = cookie_len; - D1I(s)->send_cookie = 1; + s->d1->cookie_len = cookie_len; + s->d1->send_cookie = 1; return 1; @@ -862,7 +862,7 @@ ssl3_get_server_hello(SSL *s) if (SSL_is_dtls(s)) { if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { - if (D1I(s)->send_cookie == 0) { + if (s->d1->send_cookie == 0) { S3I(s)->hs.tls12.reuse_message = 1; return (1); } else { diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index cb8c02844c9..df025997397 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.269 2021/10/23 11:41:52 beck Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.270 2021/10/23 13:36:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1178,7 +1178,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return (0); #endif if (SSL_is_dtls(s)) { - D1I(s)->mtu = larg; + s->d1->mtu = larg; return (larg); } return (0); diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 1bbe551b3c3..1aa0324b159 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.120 2021/10/23 08:34:36 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.121 2021/10/23 13:36:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -183,7 +183,7 @@ ssl3_accept(SSL *s) errno = 0; if (SSL_is_dtls(s)) - listen = D1I(s)->listen; + listen = s->d1->listen; /* init things to blank */ s->internal->in_handshake++; @@ -191,7 +191,7 @@ ssl3_accept(SSL *s) SSL_clear(s); if (SSL_is_dtls(s)) - D1I(s)->listen = listen; + s->d1->listen = listen; for (;;) { state = S3I(s)->hs.state; @@ -332,14 +332,14 @@ ssl3_accept(SSL *s) /* If we're just listening, stop here */ if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; - D1I(s)->listen = 0; + s->d1->listen = 0; /* * Set expected sequence numbers to * continue the handshake. */ - D1I(s)->handshake_read_seq = 2; - D1I(s)->handshake_write_seq = 1; - D1I(s)->next_handshake_write_seq = 1; + s->d1->handshake_read_seq = 2; + s->d1->handshake_write_seq = 1; + s->d1->next_handshake_write_seq = 1; goto end; } } else { @@ -584,7 +584,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: if (SSL_is_dtls(s)) - D1I(s)->change_cipher_spec_ok = 1; + s->d1->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; @@ -599,7 +599,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: if (SSL_is_dtls(s)) - D1I(s)->change_cipher_spec_ok = 1; + s->d1->change_cipher_spec_ok = 1; else s->s3->flags |= SSL3_FLAGS_CCS_OK; ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, @@ -706,10 +706,10 @@ ssl3_accept(SSL *s) if (SSL_is_dtls(s)) { /* Done handshaking, next message is client hello. */ - D1I(s)->handshake_read_seq = 0; + s->d1->handshake_read_seq = 0; /* Next message is server hello. */ - D1I(s)->handshake_write_seq = 0; - D1I(s)->next_handshake_write_seq = 0; + s->d1->handshake_write_seq = 0; + s->d1->next_handshake_write_seq = 0; } goto end; /* break; */ @@ -924,7 +924,7 @@ ssl3_get_client_hello(SSL *s) * message has not been sent - make sure that it does not cause * an overflow. */ - if (CBS_len(&cookie) > sizeof(D1I(s)->rcvd_cookie)) { + if (CBS_len(&cookie) > sizeof(s->d1->rcvd_cookie)) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_COOKIE_MISMATCH); goto fatal_err; @@ -936,21 +936,21 @@ ssl3_get_client_hello(SSL *s) size_t cookie_len; /* XXX - rcvd_cookie seems to only be used here... */ - if (!CBS_write_bytes(&cookie, D1I(s)->rcvd_cookie, - sizeof(D1I(s)->rcvd_cookie), &cookie_len)) + if (!CBS_write_bytes(&cookie, s->d1->rcvd_cookie, + sizeof(s->d1->rcvd_cookie), &cookie_len)) goto err; if (s->ctx->internal->app_verify_cookie_cb != NULL) { if (s->ctx->internal->app_verify_cookie_cb(s, - D1I(s)->rcvd_cookie, cookie_len) == 0) { + s->d1->rcvd_cookie, cookie_len) == 0) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_COOKIE_MISMATCH); goto fatal_err; } /* else cookie verification succeeded */ /* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */ - } else if (timingsafe_memcmp(D1I(s)->rcvd_cookie, - D1I(s)->cookie, D1I(s)->cookie_len) != 0) { + } else if (timingsafe_memcmp(s->d1->rcvd_cookie, + s->d1->cookie, s->d1->cookie_len) != 0) { /* default verification */ al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_COOKIE_MISMATCH); @@ -1166,8 +1166,8 @@ ssl3_send_dtls_hello_verify_request(SSL *s) if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { if (s->ctx->internal->app_gen_cookie_cb == NULL || - s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie, - &(D1I(s)->cookie_len)) == 0) { + s->ctx->internal->app_gen_cookie_cb(s, s->d1->cookie, + &(s->d1->cookie_len)) == 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); return 0; } @@ -1184,7 +1184,7 @@ ssl3_send_dtls_hello_verify_request(SSL *s) goto err; if (!CBB_add_u8_length_prefixed(&verify, &cookie)) goto err; - if (!CBB_add_bytes(&cookie, D1I(s)->cookie, D1I(s)->cookie_len)) + if (!CBB_add_bytes(&cookie, s->d1->cookie, s->d1->cookie_len)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; |