diff options
-rw-r--r-- | lib/libssl/d1_both.c | 8 | ||||
-rw-r--r-- | lib/libssl/d1_clnt.c | 72 | ||||
-rw-r--r-- | lib/libssl/d1_pkt.c | 20 | ||||
-rw-r--r-- | lib/libssl/d1_srvr.c | 92 | ||||
-rw-r--r-- | lib/libssl/s3_lib.c | 6 | ||||
-rw-r--r-- | lib/libssl/ssl.h | 14 | ||||
-rw-r--r-- | lib/libssl/ssl_both.c | 16 | ||||
-rw-r--r-- | lib/libssl/ssl_clnt.c | 106 | ||||
-rw-r--r-- | lib/libssl/ssl_err.c | 11 | ||||
-rw-r--r-- | lib/libssl/ssl_lib.c | 16 | ||||
-rw-r--r-- | lib/libssl/ssl_locl.h | 10 | ||||
-rw-r--r-- | lib/libssl/ssl_pkt.c | 24 | ||||
-rw-r--r-- | lib/libssl/ssl_srvr.c | 118 | ||||
-rw-r--r-- | lib/libssl/ssl_stat.c | 6 | ||||
-rw-r--r-- | lib/libssl/t1_lib.c | 4 |
15 files changed, 267 insertions, 256 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index 0b8999b7820..6b86cfc03e6 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.50 2017/03/04 16:32:00 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.51 2017/05/07 04:22:24 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -850,7 +850,7 @@ again: goto f_err; /* XDTLS: ressurect this when restart is in place */ - s->internal->state = stn; + S3I(s)->hs.state = stn; if (frag_len > 0) { unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; @@ -908,7 +908,7 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b) { unsigned char *p; - if (s->internal->state == a) { + if (S3I(s)->hs.state == a) { p = (unsigned char *)s->internal->init_buf->data; *p++=SSL3_MT_CCS; D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; @@ -922,7 +922,7 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b) /* buffer the message to handle re-xmits */ dtls1_buffer_message(s, 1); - s->internal->state = b; + S3I(s)->hs.state = b; } /* SSL3_ST_CW_CHANGE_B */ diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index 802aa5cde05..3eebf984173 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.75 2017/05/06 22:24:57 beck Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.76 2017/05/07 04:22:24 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -198,12 +198,12 @@ dtls1_connect(SSL *s) for (;;) { - state = s->internal->state; + state = S3I(s)->hs.state; - switch (s->internal->state) { + switch (S3I(s)->hs.state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - s->internal->state = SSL_ST_CONNECT; + S3I(s)->hs.state = SSL_ST_CONNECT; s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: @@ -239,7 +239,7 @@ dtls1_connect(SSL *s) /* don't push the buffering BIO quite yet */ - s->internal->state = SSL3_ST_CW_CLNT_HELLO_A; + S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; s->internal->init_num = 0; /* mark client_random uninitialized */ @@ -267,10 +267,10 @@ dtls1_connect(SSL *s) goto end; if (D1I(s)->send_cookie) { - s->internal->state = SSL3_ST_CW_FLUSH; + S3I(s)->hs.state = SSL3_ST_CW_FLUSH; S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A; } else - s->internal->state = SSL3_ST_CR_SRVR_HELLO_A; + S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; s->internal->init_num = 0; @@ -288,9 +288,9 @@ dtls1_connect(SSL *s) else { if (s->internal->hit) { - s->internal->state = SSL3_ST_CR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; } else - s->internal->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; + S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; } s->internal->init_num = 0; break; @@ -303,9 +303,9 @@ dtls1_connect(SSL *s) goto end; dtls1_stop_timer(s); if ( D1I(s)->send_cookie) /* start again, with a cookie */ - s->internal->state = SSL3_ST_CW_CLNT_HELLO_A; + S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; else - s->internal->state = SSL3_ST_CR_CERT_A; + S3I(s)->hs.state = SSL3_ST_CR_CERT_A; s->internal->init_num = 0; break; @@ -317,9 +317,9 @@ dtls1_connect(SSL *s) if (ret == 2) { s->internal->hit = 1; if (s->internal->tlsext_ticket_expected) - s->internal->state = SSL3_ST_CR_SESSION_TICKET_A; + S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; else - s->internal->state = SSL3_ST_CR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; } @@ -330,12 +330,12 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - s->internal->state = SSL3_ST_CR_CERT_STATUS_A; + S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A; else - s->internal->state = SSL3_ST_CR_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; } else { skip = 1; - s->internal->state = SSL3_ST_CR_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -345,7 +345,7 @@ dtls1_connect(SSL *s) ret = ssl3_get_server_key_exchange(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_CERT_REQ_A; + S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A; s->internal->init_num = 0; /* at this point we check that we have the @@ -361,7 +361,7 @@ dtls1_connect(SSL *s) ret = ssl3_get_certificate_request(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_SRVR_DONE_A; + S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A; s->internal->init_num = 0; break; @@ -376,7 +376,7 @@ dtls1_connect(SSL *s) else S3I(s)->hs.next_state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; - s->internal->state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.next_state; break; case SSL3_ST_CW_CERT_A: @@ -387,7 +387,7 @@ dtls1_connect(SSL *s) ret = ssl3_send_client_certificate(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CW_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -403,9 +403,9 @@ dtls1_connect(SSL *s) /* For TLS, cert_req is set to 2, so a cert chain * of nothing is sent, but no verify packet is sent */ if (S3I(s)->tmp.cert_req == 1) { - s->internal->state = SSL3_ST_CW_CERT_VRFY_A; + S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A; } else { - s->internal->state = SSL3_ST_CW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; S3I(s)->change_cipher_spec = 0; } @@ -418,7 +418,7 @@ dtls1_connect(SSL *s) ret = ssl3_send_client_verify(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; s->internal->init_num = 0; S3I(s)->change_cipher_spec = 0; break; @@ -432,7 +432,7 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CW_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; s->session->cipher = S3I(s)->hs.new_cipher; @@ -461,14 +461,14 @@ dtls1_connect(SSL *s) TLS_MD_CLIENT_FINISH_CONST_SIZE); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CW_FLUSH; + S3I(s)->hs.state = SSL3_ST_CW_FLUSH; /* clear flags */ s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; if (s->internal->hit) { S3I(s)->hs.next_state = SSL_ST_OK; if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { - s->internal->state = SSL_ST_OK; + S3I(s)->hs.state = SSL_ST_OK; s->s3->flags |= SSL3_FLAGS_POP_BUFFER; S3I(s)->delay_buf_pop_ret = 0; } @@ -490,7 +490,7 @@ dtls1_connect(SSL *s) ret = ssl3_get_new_session_ticket(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; @@ -499,7 +499,7 @@ dtls1_connect(SSL *s) ret = ssl3_get_cert_status(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -513,9 +513,9 @@ dtls1_connect(SSL *s) dtls1_stop_timer(s); if (s->internal->hit) - s->internal->state = SSL3_ST_CW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; else - s->internal->state = SSL_ST_OK; + S3I(s)->hs.state = SSL_ST_OK; s->internal->init_num = 0; @@ -527,14 +527,14 @@ dtls1_connect(SSL *s) /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.next_state; } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.next_state; break; case SSL_ST_OK: @@ -583,11 +583,11 @@ dtls1_connect(SSL *s) goto end; } - if ((cb != NULL) && (s->internal->state != state)) { - new_state = s->internal->state; - s->internal->state = state; + if ((cb != NULL) && (S3I(s)->hs.state != state)) { + new_state = S3I(s)->hs.state; + S3I(s)->hs.state = state; cb(s, SSL_CB_CONNECT_LOOP, 1); - s->internal->state = new_state; + S3I(s)->hs.state = new_state; } } skip = 0; diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 5fdd1768002..9f670fadfdc 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.62 2017/02/07 02:08:38 beck Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.63 2017/05/07 04:22:24 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -685,7 +685,7 @@ start: * so process data buffered during the last handshake * in advance, if any. */ - if (s->internal->state == SSL_ST_OK && rr->length == 0) { + if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0) { pitem *item; item = pqueue_pop(D1I(s)->buffered_app_data.q); if (item) { @@ -1028,9 +1028,9 @@ start: goto start; } - if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) && + if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; + S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; s->internal->renegotiate = 1; s->internal->new_session = 1; } @@ -1089,12 +1089,12 @@ start: */ if (S3I(s)->in_read_app_data && (S3I(s)->total_renegotiations != 0) && - (((s->internal->state & SSL_ST_CONNECT) && - (s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) && - (s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( - (s->internal->state & SSL_ST_ACCEPT) && - (s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) && - (s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { + (((S3I(s)->hs.state & SSL_ST_CONNECT) && + (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && + (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( + (S3I(s)->hs.state & SSL_ST_ACCEPT) && + (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && + (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { S3I(s)->in_read_app_data = 2; return (-1); } else { diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 1ef8bce56be..ae90ee2093e 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.87 2017/05/06 22:24:57 beck Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.88 2017/05/07 04:22:24 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -208,12 +208,12 @@ dtls1_accept(SSL *s) } for (;;) { - state = s->internal->state; + state = S3I(s)->hs.state; - switch (s->internal->state) { + switch (S3I(s)->hs.state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - /* s->internal->state=SSL_ST_ACCEPT; */ + /* S3I(s)->hs.state=SSL_ST_ACCEPT; */ case SSL_ST_BEFORE: case SSL_ST_ACCEPT: @@ -242,7 +242,7 @@ dtls1_accept(SSL *s) s->internal->init_num = 0; - if (s->internal->state != SSL_ST_RENEGOTIATE) { + if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) { /* Ok, we now need to push on a buffering BIO so that * the output is sent in a way that TCP likes :-) * ...but not with SCTP :-) @@ -257,13 +257,13 @@ dtls1_accept(SSL *s) goto end; } - s->internal->state = SSL3_ST_SR_CLNT_HELLO_A; + S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->internal->stats.sess_accept++; } else { - /* s->internal->state == SSL_ST_RENEGOTIATE, + /* S3I(s)->hs.state == SSL_ST_RENEGOTIATE, * we will just send a HelloRequest */ s->ctx->internal->stats.sess_accept_renegotiate++; - s->internal->state = SSL3_ST_SW_HELLO_REQ_A; + S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A; } break; @@ -278,7 +278,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A; - s->internal->state = SSL3_ST_SW_FLUSH; + S3I(s)->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; if (!tls1_init_finished_mac(s)) { @@ -288,7 +288,7 @@ dtls1_accept(SSL *s) break; case SSL3_ST_SW_HELLO_REQ_C: - s->internal->state = SSL_ST_OK; + S3I(s)->hs.state = SSL_ST_OK; break; case SSL3_ST_SR_CLNT_HELLO_A: @@ -302,9 +302,9 @@ dtls1_accept(SSL *s) dtls1_stop_timer(s); if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) - s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; + S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; else - s->internal->state = SSL3_ST_SW_SRVR_HELLO_A; + S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A; s->internal->init_num = 0; @@ -314,7 +314,7 @@ dtls1_accept(SSL *s) } /* If we're just listening, stop here */ - if (listen && s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) { + if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; D1I(s)->listen = 0; /* Set expected sequence numbers @@ -334,7 +334,7 @@ dtls1_accept(SSL *s) ret = dtls1_send_hello_verify_request(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SW_FLUSH; + S3I(s)->hs.state = SSL3_ST_SW_FLUSH; S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A; /* HelloVerifyRequest resets Finished MAC */ @@ -355,11 +355,11 @@ dtls1_accept(SSL *s) if (s->internal->hit) { if (s->internal->tlsext_ticket_expected) - s->internal->state = SSL3_ST_SW_SESSION_TICKET_A; + S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A; else - s->internal->state = SSL3_ST_SW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; } else - s->internal->state = SSL3_ST_SW_CERT_A; + S3I(s)->hs.state = SSL3_ST_SW_CERT_A; s->internal->init_num = 0; break; @@ -373,12 +373,12 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - s->internal->state = SSL3_ST_SW_CERT_STATUS_A; + S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A; else - s->internal->state = SSL3_ST_SW_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; } else { skip = 1; - s->internal->state = SSL3_ST_SW_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -396,7 +396,7 @@ dtls1_accept(SSL *s) } else skip = 1; - s->internal->state = SSL3_ST_SW_CERT_REQ_A; + S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A; s->internal->init_num = 0; break; @@ -428,14 +428,14 @@ dtls1_accept(SSL *s) /* no cert request */ skip = 1; S3I(s)->tmp.cert_request = 0; - s->internal->state = SSL3_ST_SW_SRVR_DONE_A; + S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; } else { S3I(s)->tmp.cert_request = 1; dtls1_start_timer(s); ret = ssl3_send_certificate_request(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SW_SRVR_DONE_A; + S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; s->internal->init_num = 0; } break; @@ -447,7 +447,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A; - s->internal->state = SSL3_ST_SW_FLUSH; + S3I(s)->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; break; @@ -457,14 +457,14 @@ dtls1_accept(SSL *s) /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.next_state; } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.next_state; break; case SSL3_ST_SR_CERT_A: @@ -475,7 +475,7 @@ dtls1_accept(SSL *s) goto end; } s->internal->init_num = 0; - s->internal->state = SSL3_ST_SR_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: @@ -484,7 +484,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SR_CERT_VRFY_A; + S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; if (ret == 2) { @@ -493,10 +493,10 @@ dtls1_accept(SSL *s) * a certificate, the CertificateVerify * message is not sent. */ - s->internal->state = SSL3_ST_SR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; } else if (SSL_USE_SIGALGS(s)) { - s->internal->state = SSL3_ST_SR_CERT_VRFY_A; + S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; if (!s->session->peer) break; @@ -516,7 +516,7 @@ dtls1_accept(SSL *s) goto end; } } else { - s->internal->state = SSL3_ST_SR_CERT_VRFY_A; + S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; /* @@ -547,7 +547,7 @@ dtls1_accept(SSL *s) ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; break; @@ -560,11 +560,11 @@ dtls1_accept(SSL *s) goto end; dtls1_stop_timer(s); if (s->internal->hit) - s->internal->state = SSL_ST_OK; + S3I(s)->hs.state = SSL_ST_OK; else if (s->internal->tlsext_ticket_expected) - s->internal->state = SSL3_ST_SW_SESSION_TICKET_A; + S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A; else - s->internal->state = SSL3_ST_SW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -573,7 +573,7 @@ dtls1_accept(SSL *s) ret = ssl3_send_newsession_ticket(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -582,7 +582,7 @@ dtls1_accept(SSL *s) ret = ssl3_send_cert_status(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SW_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -603,7 +603,7 @@ dtls1_accept(SSL *s) goto end; - s->internal->state = SSL3_ST_SW_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A; s->internal->init_num = 0; if (!tls1_change_cipher_state(s, @@ -623,7 +623,7 @@ dtls1_accept(SSL *s) TLS_MD_SERVER_FINISH_CONST_SIZE); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SW_FLUSH; + S3I(s)->hs.state = SSL3_ST_SW_FLUSH; if (s->internal->hit) { S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A; @@ -680,11 +680,11 @@ dtls1_accept(SSL *s) goto end; } - if ((cb != NULL) && (s->internal->state != state)) { - new_state = s->internal->state; - s->internal->state = state; + if ((cb != NULL) && (S3I(s)->hs.state != state)) { + new_state = S3I(s)->hs.state; + S3I(s)->hs.state = state; cb(s, SSL_CB_ACCEPT_LOOP, 1); - s->internal->state = new_state; + S3I(s)->hs.state = new_state; } } skip = 0; @@ -707,7 +707,7 @@ dtls1_send_hello_verify_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { + if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { if (s->ctx->internal->app_gen_cookie_cb == NULL || s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie, &(D1I(s)->cookie_len)) == 0) { @@ -727,10 +727,10 @@ dtls1_send_hello_verify_request(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; + S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; } - /* s->internal->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ + /* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ return (ssl3_handshake_write(s)); err: diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index f728eb76486..697ac6c7c5a 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.142 2017/05/06 22:24:57 beck Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.143 2017/05/07 04:22:24 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2540,7 +2540,7 @@ ssl3_shutdown(SSL *s) * Don't do anything much if we have not done the handshake or * we don't want to send messages :-) */ - if ((s->internal->quiet_shutdown) || (s->internal->state == SSL_ST_BEFORE)) { + if ((s->internal->quiet_shutdown) || (S3I(s)->hs.state == SSL_ST_BEFORE)) { s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return (1); } @@ -2704,7 +2704,7 @@ ssl3_renegotiate_check(SSL *s) * to SSL_ST_ACCEPT. */ /* SSL_ST_ACCEPT */ - s->internal->state = SSL_ST_RENEGOTIATE; + S3I(s)->hs.state = SSL_ST_RENEGOTIATE; S3I(s)->renegotiate = 0; S3I(s)->num_renegotiations++; S3I(s)->total_renegotiations++; diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 05d0660c494..dda5192c100 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.128 2017/05/06 20:37:25 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.129 2017/05/07 04:22:24 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -932,12 +932,12 @@ extern "C" { #define SSL_CB_HANDSHAKE_DONE 0x20 /* Is the SSL_connection established? */ -#define SSL_get_state(a) SSL_state(a) -#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) -#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) -#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) -#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) -#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) +#define SSL_get_state(a) (SSL_state((a))) +#define SSL_is_init_finished(a) (SSL_state((a)) == SSL_ST_OK) +#define SSL_in_init(a) (SSL_state((a))&SSL_ST_INIT) +#define SSL_in_before(a) (SSL_state((a))&SSL_ST_BEFORE) +#define SSL_in_connect_init(a) (SSL_state((a))&SSL_ST_CONNECT) +#define SSL_in_accept_init(a) (SSL_state((a))&SSL_ST_ACCEPT) /* The following 2 states are kept in ssl->rstate when reads fail, * you should not need these */ diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c index 13c39e85b2d..4a724560f24 100644 --- a/lib/libssl/ssl_both.c +++ b/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.8 2017/05/06 22:24:57 beck Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.9 2017/05/07 04:22:24 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -171,7 +171,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == a) { + if (S3I(s)->hs.state == a) { md_len = TLS1_FINISH_MAC_LENGTH; OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); @@ -199,7 +199,7 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = b; + S3I(s)->hs.state = b; } return (ssl3_handshake_write(s)); @@ -227,7 +227,7 @@ ssl3_take_mac(SSL *s) if (S3I(s)->hs.new_cipher == NULL) return; - if (s->internal->state & SSL_ST_CONNECT) { + if (S3I(s)->hs.state & SSL_ST_CONNECT) { sender = TLS_MD_SERVER_FINISH_CONST; slen = TLS_MD_SERVER_FINISH_CONST_SIZE; } else { @@ -313,13 +313,13 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b) { unsigned char *p; - if (s->internal->state == a) { + if (S3I(s)->hs.state == a) { p = (unsigned char *)s->internal->init_buf->data; *p = SSL3_MT_CCS; s->internal->init_num = 1; s->internal->init_off = 0; - s->internal->state = b; + S3I(s)->hs.state = b; } /* SSL3_ST_CW_CHANGE_B */ @@ -442,7 +442,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) p = (unsigned char *)s->internal->init_buf->data; /* s->internal->init_num < 4 */ - if (s->internal->state == st1) { + if (S3I(s)->hs.state == st1) { int skip_message; do { @@ -504,7 +504,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) goto err; } S3I(s)->tmp.message_size = l; - s->internal->state = stn; + S3I(s)->hs.state = stn; s->internal->init_msg = s->internal->init_buf->data + 4; s->internal->init_num = 0; diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index f6ca3e7f3cb..a1745143f01 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.13 2017/05/06 22:24:57 beck Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.14 2017/05/07 04:22:24 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -193,12 +193,12 @@ ssl3_connect(SSL *s) SSL_clear(s); for (;;) { - state = s->internal->state; + state = S3I(s)->hs.state; - switch (s->internal->state) { + switch (S3I(s)->hs.state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - s->internal->state = SSL_ST_CONNECT; + S3I(s)->hs.state = SSL_ST_CONNECT; s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: @@ -239,7 +239,7 @@ ssl3_connect(SSL *s) goto end; } - s->internal->state = SSL3_ST_CW_CLNT_HELLO_A; + S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; s->internal->init_num = 0; break; @@ -251,7 +251,7 @@ ssl3_connect(SSL *s) ret = ssl3_client_hello(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_SRVR_HELLO_A; + S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; s->internal->init_num = 0; /* turn on buffering for the next lot of output */ @@ -267,13 +267,13 @@ ssl3_connect(SSL *s) goto end; if (s->internal->hit) { - s->internal->state = SSL3_ST_CR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; if (s->internal->tlsext_ticket_expected) { /* receive renewed session ticket */ - s->internal->state = SSL3_ST_CR_SESSION_TICKET_A; + S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; } } else - s->internal->state = SSL3_ST_CR_CERT_A; + S3I(s)->hs.state = SSL3_ST_CR_CERT_A; s->internal->init_num = 0; break; @@ -285,9 +285,9 @@ ssl3_connect(SSL *s) if (ret == 2) { s->internal->hit = 1; if (s->internal->tlsext_ticket_expected) - s->internal->state = SSL3_ST_CR_SESSION_TICKET_A; + S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; else - s->internal->state = SSL3_ST_CR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; } @@ -298,12 +298,12 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - s->internal->state = SSL3_ST_CR_CERT_STATUS_A; + S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A; else - s->internal->state = SSL3_ST_CR_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; } else { skip = 1; - s->internal->state = SSL3_ST_CR_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -313,7 +313,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_server_key_exchange(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_CERT_REQ_A; + S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A; s->internal->init_num = 0; /* @@ -331,7 +331,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_certificate_request(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_SRVR_DONE_A; + S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A; s->internal->init_num = 0; break; @@ -341,9 +341,9 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; if (S3I(s)->tmp.cert_req) - s->internal->state = SSL3_ST_CW_CERT_A; + S3I(s)->hs.state = SSL3_ST_CW_CERT_A; else - s->internal->state = SSL3_ST_CW_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -355,7 +355,7 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_certificate(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CW_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -381,13 +381,13 @@ ssl3_connect(SSL *s) * inside the client certificate. */ if (S3I(s)->tmp.cert_req == 1) { - s->internal->state = SSL3_ST_CW_CERT_VRFY_A; + S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A; } else { - s->internal->state = SSL3_ST_CW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; S3I(s)->change_cipher_spec = 0; } if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { - s->internal->state = SSL3_ST_CW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; S3I(s)->change_cipher_spec = 0; } @@ -399,7 +399,7 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_verify(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; s->internal->init_num = 0; S3I(s)->change_cipher_spec = 0; break; @@ -412,9 +412,9 @@ ssl3_connect(SSL *s) goto end; if (S3I(s)->next_proto_neg_seen) - s->internal->state = SSL3_ST_CW_NEXT_PROTO_A; + S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_A; else - s->internal->state = SSL3_ST_CW_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; s->session->cipher = S3I(s)->hs.new_cipher; @@ -436,7 +436,7 @@ ssl3_connect(SSL *s) ret = ssl3_send_next_proto(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CW_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; break; case SSL3_ST_CW_FINISHED_A: @@ -448,7 +448,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->s3->flags |= SSL3_FLAGS_CCS_OK; - s->internal->state = SSL3_ST_CW_FLUSH; + S3I(s)->hs.state = SSL3_ST_CW_FLUSH; /* clear flags */ s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; @@ -456,7 +456,7 @@ ssl3_connect(SSL *s) S3I(s)->hs.next_state = SSL_ST_OK; if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { - s->internal->state = SSL_ST_OK; + S3I(s)->hs.state = SSL_ST_OK; s->s3->flags|=SSL3_FLAGS_POP_BUFFER; S3I(s)->delay_buf_pop_ret = 0; } @@ -477,7 +477,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_new_session_ticket(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; @@ -486,7 +486,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_cert_status(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_CR_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -499,9 +499,9 @@ ssl3_connect(SSL *s) goto end; if (s->internal->hit) - s->internal->state = SSL3_ST_CW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; else - s->internal->state = SSL_ST_OK; + S3I(s)->hs.state = SSL_ST_OK; s->internal->init_num = 0; break; @@ -512,7 +512,7 @@ ssl3_connect(SSL *s) goto end; } s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.next_state; break; case SSL_ST_OK: @@ -563,11 +563,11 @@ ssl3_connect(SSL *s) goto end; } - if ((cb != NULL) && (s->internal->state != state)) { - new_state = s->internal->state; - s->internal->state = state; + if ((cb != NULL) && (S3I(s)->hs.state != state)) { + new_state = S3I(s)->hs.state; + S3I(s)->hs.state = state; cb(s, SSL_CB_CONNECT_LOOP, 1); - s->internal->state = new_state; + S3I(s)->hs.state = new_state; } } skip = 0; @@ -591,7 +591,7 @@ ssl3_client_hello(SSL *s) bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; - if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_A) { + if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; if (ssl_supported_version_range(s, NULL, &max_version) != 1) { @@ -706,7 +706,7 @@ ssl3_client_hello(SSL *s) ssl3_handshake_msg_finish(s, p - d); - s->internal->state = SSL3_ST_CW_CLNT_HELLO_B; + S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B; } /* SSL3_ST_CW_CLNT_HELLO_B */ @@ -2273,7 +2273,7 @@ ssl3_send_client_key_exchange(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) { + if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) { alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; if ((sess_cert = SSI(s)->sess_cert) == NULL) { @@ -2309,7 +2309,7 @@ ssl3_send_client_key_exchange(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = SSL3_ST_CW_KEY_EXCH_B; + S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B; } /* SSL3_ST_CW_KEY_EXCH_B */ @@ -2335,7 +2335,7 @@ ssl3_send_client_verify(SSL *s) EVP_MD_CTX_init(&mctx); - if (s->internal->state == SSL3_ST_CW_CERT_VRFY_A) { + if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) { p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY); /* @@ -2459,7 +2459,7 @@ ssl3_send_client_verify(SSL *s) goto err; } - s->internal->state = SSL3_ST_CW_CERT_VRFY_B; + S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B; ssl3_handshake_msg_finish(s, n); } @@ -2485,16 +2485,16 @@ ssl3_send_client_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == SSL3_ST_CW_CERT_A) { + if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) { if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || (s->cert->key->privatekey == NULL)) - s->internal->state = SSL3_ST_CW_CERT_B; + S3I(s)->hs.state = SSL3_ST_CW_CERT_B; else - s->internal->state = SSL3_ST_CW_CERT_C; + S3I(s)->hs.state = SSL3_ST_CW_CERT_C; } /* We need to get a client cert */ - if (s->internal->state == SSL3_ST_CW_CERT_B) { + if (S3I(s)->hs.state == SSL3_ST_CW_CERT_B) { /* * If we get an error, we need to * ssl->rwstate=SSL_X509_LOOKUP; return(-1); @@ -2507,7 +2507,7 @@ ssl3_send_client_certificate(SSL *s) } s->internal->rwstate = SSL_NOTHING; if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { - s->internal->state = SSL3_ST_CW_CERT_B; + S3I(s)->hs.state = SSL3_ST_CW_CERT_B; if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey)) i = 0; @@ -2522,10 +2522,10 @@ ssl3_send_client_certificate(SSL *s) S3I(s)->tmp.cert_req = 2; /* Ok, we have a cert */ - s->internal->state = SSL3_ST_CW_CERT_C; + S3I(s)->hs.state = SSL3_ST_CW_CERT_C; } - if (s->internal->state == SSL3_ST_CW_CERT_C) { + if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) { if (!ssl3_handshake_msg_start_cbb(s, &cbb, &client_cert, SSL3_MT_CERTIFICATE)) goto err; @@ -2535,7 +2535,7 @@ ssl3_send_client_certificate(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = SSL3_ST_CW_CERT_D; + S3I(s)->hs.state = SSL3_ST_CW_CERT_D; } /* SSL3_ST_CW_CERT_D */ @@ -2625,7 +2625,7 @@ ssl3_send_next_proto(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == SSL3_ST_CW_NEXT_PROTO_A) { + if (S3I(s)->hs.state == SSL3_ST_CW_NEXT_PROTO_A) { pad_len = 32 - ((s->internal->next_proto_negotiated_len + 2) % 32); if (!ssl3_handshake_msg_start_cbb(s, &cbb, &nextproto, @@ -2644,7 +2644,7 @@ ssl3_send_next_proto(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = SSL3_ST_CW_NEXT_PROTO_B; + S3I(s)->hs.state = SSL3_ST_CW_NEXT_PROTO_B; } return (ssl3_handshake_write(s)); diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c index f9e450125b4..d61660c934d 100644 --- a/lib/libssl/ssl_err.c +++ b/lib/libssl/ssl_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_err.c,v 1.33 2017/02/07 02:08:38 beck Exp $ */ +/* $OpenBSD: ssl_err.c,v 1.34 2017/05/07 04:22:24 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -63,6 +63,8 @@ #include <openssl/err.h> #include <openssl/ssl.h> +#include "ssl_locl.h" + /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR @@ -667,3 +669,10 @@ SSL_state_func_code(int state) { } return 0xfff; } + +void +SSL_error_internal(const SSL *s, int r, char *f, int l) +{ + ERR_PUT_error(ERR_LIB_SSL, + (SSL_state_func_code(S3I(s)->hs.state)), r, f, l); +} diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 76b2f8a8c48..c593e7b42bc 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.160 2017/05/06 22:24:57 beck Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.161 2017/05/07 04:22:24 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -183,8 +183,6 @@ SSL_clear(SSL *s) s->internal->type = 0; - s->internal->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); - s->version = s->method->internal->version; s->client_version = s->version; s->internal->rwstate = SSL_NOTHING; @@ -212,6 +210,8 @@ SSL_clear(SSL *s) } else s->method->internal->ssl_clear(s); + S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); + return (1); } @@ -2397,7 +2397,7 @@ SSL_set_accept_state(SSL *s) { s->server = 1; s->internal->shutdown = 0; - s->internal->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; + S3I(s)->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; s->internal->handshake_func = s->method->internal->ssl_accept; /* clear the current cipher */ ssl_clear_cipher_ctx(s); @@ -2410,7 +2410,7 @@ SSL_set_connect_state(SSL *s) { s->server = 0; s->internal->shutdown = 0; - s->internal->state = SSL_ST_CONNECT|SSL_ST_BEFORE; + S3I(s)->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; s->internal->handshake_func = s->method->internal->ssl_connect; /* clear the current cipher */ ssl_clear_cipher_ctx(s); @@ -2544,7 +2544,7 @@ SSL_dup(SSL *s) ret->internal->quiet_shutdown = s->internal->quiet_shutdown; ret->internal->shutdown = s->internal->shutdown; /* SSL_dup does not really work at any state, though */ - ret->internal->state = s->internal->state; + S3I(ret)->hs.state = S3I(s)->hs.state; ret->internal->rstate = s->internal->rstate; /* @@ -2804,13 +2804,13 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) int SSL_state(const SSL *ssl) { - return (ssl->internal->state); + return (S3I(ssl)->hs.state); } void SSL_set_state(SSL *ssl, int state) { - ssl->internal->state = state; + S3I(ssl)->hs.state = state; } void diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 410fc046888..8f1721ce5a8 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.180 2017/05/06 22:24:58 beck Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.181 2017/05/07 04:22:24 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -432,6 +432,9 @@ typedef struct ssl_session_internal_st { #define SSI(s) (s->session->internal) typedef struct ssl_handshake_st { + /* state contains one of the SSL3_ST_* values. */ + int state; + /* used when SSL_ST_FLUSH_DATA is entered */ int next_state; @@ -776,7 +779,6 @@ typedef struct ssl_internal_st { * 2 if we are a server and are inside a handshake * (i.e. not just sending a HelloRequest) */ - int state; /* where we are */ int rstate; /* where we are when reading */ int mac_packet; @@ -1379,9 +1381,9 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, unsigned mac_secret_length); int SSL_state_func_code(int _state); -#define SSLerror(s, r) ERR_PUT_error(ERR_LIB_SSL, \ - (SSL_state_func_code(s->internal->state)),(r),__FILE__,__LINE__) +#define SSLerror(s, r) SSL_error_internal(s, r, __FILE__, __LINE__) #define SSLerrorx(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),__FILE__,__LINE__) +void SSL_error_internal(const SSL *s, int r, char *f, int l); __END_HIDDEN_DECLS diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index 953f3c118fd..163b0292af2 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.11 2017/05/06 22:24:58 beck Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.12 2017/05/07 04:22:24 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -728,7 +728,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* Some servers hang if iniatial client hello is larger than 256 * bytes and record version number > TLS 1.0 */ - if (s->internal->state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && + if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && TLS1_get_version(s) > TLS1_VERSION) *(p++) = 0x1; else @@ -1266,9 +1266,9 @@ start: /* Unexpected handshake message (Client Hello, or protocol violation) */ if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) { - if (((s->internal->state&SSL_ST_MASK) == SSL_ST_OK) && + if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - s->internal->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; + S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; s->internal->renegotiate = 1; s->internal->new_session = 1; } @@ -1326,12 +1326,12 @@ start: */ if (S3I(s)->in_read_app_data && (S3I(s)->total_renegotiations != 0) && - (((s->internal->state & SSL_ST_CONNECT) && - (s->internal->state >= SSL3_ST_CW_CLNT_HELLO_A) && - (s->internal->state <= SSL3_ST_CR_SRVR_HELLO_A)) || - ((s->internal->state & SSL_ST_ACCEPT) && - (s->internal->state <= SSL3_ST_SW_HELLO_REQ_A) && - (s->internal->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { + (((S3I(s)->hs.state & SSL_ST_CONNECT) && + (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && + (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || + ((S3I(s)->hs.state & SSL_ST_ACCEPT) && + (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && + (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { S3I(s)->in_read_app_data = 2; return (-1); } else { @@ -1355,7 +1355,7 @@ ssl3_do_change_cipher_spec(SSL *s) const char *sender; int slen; - if (s->internal->state & SSL_ST_ACCEPT) + if (S3I(s)->hs.state & SSL_ST_ACCEPT) i = SSL3_CHANGE_CIPHER_SERVER_READ; else i = SSL3_CHANGE_CIPHER_CLIENT_READ; @@ -1378,7 +1378,7 @@ ssl3_do_change_cipher_spec(SSL *s) /* we have to record the message digest at * this point so we can get it before we read * the finished message */ - if (s->internal->state & SSL_ST_CONNECT) { + if (S3I(s)->hs.state & SSL_ST_CONNECT) { sender = TLS_MD_SERVER_FINISH_CONST; slen = TLS_MD_SERVER_FINISH_CONST_SIZE; } else { diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 35a9ace5278..730d4ed1ad6 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.16 2017/05/06 22:24:58 beck Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.17 2017/05/07 04:22:24 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -195,12 +195,12 @@ ssl3_accept(SSL *s) } for (;;) { - state = s->internal->state; + state = S3I(s)->hs.state; - switch (s->internal->state) { + switch (S3I(s)->hs.state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - /* s->internal->state=SSL_ST_ACCEPT; */ + /* S3I(s)->hs.state=SSL_ST_ACCEPT; */ case SSL_ST_BEFORE: case SSL_ST_ACCEPT: @@ -229,7 +229,7 @@ ssl3_accept(SSL *s) s->internal->init_num = 0; - if (s->internal->state != SSL_ST_RENEGOTIATE) { + if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) { /* * Ok, we now need to push on a buffering BIO * so that the output is sent in a way that @@ -245,7 +245,7 @@ ssl3_accept(SSL *s) goto end; } - s->internal->state = SSL3_ST_SR_CLNT_HELLO_A; + S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->internal->stats.sess_accept++; } else if (!S3I(s)->send_connection_binding) { /* @@ -260,11 +260,11 @@ ssl3_accept(SSL *s) goto end; } else { /* - * s->internal->state == SSL_ST_RENEGOTIATE, + * S3I(s)->hs.state == SSL_ST_RENEGOTIATE, * we will just send a HelloRequest */ s->ctx->internal->stats.sess_accept_renegotiate++; - s->internal->state = SSL3_ST_SW_HELLO_REQ_A; + S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A; } break; @@ -276,7 +276,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C; - s->internal->state = SSL3_ST_SW_FLUSH; + S3I(s)->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; if (!tls1_init_finished_mac(s)) { @@ -286,7 +286,7 @@ ssl3_accept(SSL *s) break; case SSL3_ST_SW_HELLO_REQ_C: - s->internal->state = SSL_ST_OK; + S3I(s)->hs.state = SSL_ST_OK; break; case SSL3_ST_SR_CLNT_HELLO_A: @@ -301,7 +301,7 @@ ssl3_accept(SSL *s) } s->internal->renegotiate = 2; - s->internal->state = SSL3_ST_SW_SRVR_HELLO_A; + S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A; s->internal->init_num = 0; break; @@ -312,12 +312,12 @@ ssl3_accept(SSL *s) goto end; if (s->internal->hit) { if (s->internal->tlsext_ticket_expected) - s->internal->state = SSL3_ST_SW_SESSION_TICKET_A; + S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A; else - s->internal->state = SSL3_ST_SW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; } else - s->internal->state = SSL3_ST_SW_CERT_A; + S3I(s)->hs.state = SSL3_ST_SW_CERT_A; s->internal->init_num = 0; break; @@ -330,12 +330,12 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - s->internal->state = SSL3_ST_SW_CERT_STATUS_A; + S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A; else - s->internal->state = SSL3_ST_SW_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; } else { skip = 1; - s->internal->state = SSL3_ST_SW_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -359,7 +359,7 @@ ssl3_accept(SSL *s) } else skip = 1; - s->internal->state = SSL3_ST_SW_CERT_REQ_A; + S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A; s->internal->init_num = 0; break; @@ -391,7 +391,7 @@ ssl3_accept(SSL *s) /* No cert request */ skip = 1; S3I(s)->tmp.cert_request = 0; - s->internal->state = SSL3_ST_SW_SRVR_DONE_A; + S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; if (S3I(s)->handshake_buffer) { if (!tls1_digest_cached_records(s)) { ret = -1; @@ -403,7 +403,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_certificate_request(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SW_SRVR_DONE_A; + S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; s->internal->init_num = 0; } break; @@ -414,7 +414,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A; - s->internal->state = SSL3_ST_SW_FLUSH; + S3I(s)->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; break; @@ -438,7 +438,7 @@ ssl3_accept(SSL *s) } s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.next_state; break; case SSL3_ST_SR_CERT_A: @@ -449,7 +449,7 @@ ssl3_accept(SSL *s) goto end; } s->internal->init_num = 0; - s->internal->state = SSL3_ST_SR_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: @@ -469,12 +469,12 @@ ssl3_accept(SSL *s) * for key exchange. */ if (S3I(s)->next_proto_neg_seen) - s->internal->state = SSL3_ST_SR_NEXT_PROTO_A; + S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A; else - s->internal->state = SSL3_ST_SR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { - s->internal->state = SSL3_ST_SR_CERT_VRFY_A; + S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; if (!s->session->peer) break; @@ -493,7 +493,7 @@ ssl3_accept(SSL *s) goto end; } } else { - s->internal->state = SSL3_ST_SR_CERT_VRFY_A; + S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; /* @@ -526,9 +526,9 @@ ssl3_accept(SSL *s) goto end; if (S3I(s)->next_proto_neg_seen) - s->internal->state = SSL3_ST_SR_NEXT_PROTO_A; + S3I(s)->hs.state = SSL3_ST_SR_NEXT_PROTO_A; else - s->internal->state = SSL3_ST_SR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; break; @@ -538,7 +538,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; s->internal->init_num = 0; - s->internal->state = SSL3_ST_SR_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; break; case SSL3_ST_SR_FINISHED_A: @@ -549,11 +549,11 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; if (s->internal->hit) - s->internal->state = SSL_ST_OK; + S3I(s)->hs.state = SSL_ST_OK; else if (s->internal->tlsext_ticket_expected) - s->internal->state = SSL3_ST_SW_SESSION_TICKET_A; + S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A; else - s->internal->state = SSL3_ST_SW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -562,7 +562,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_newsession_ticket(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SW_CHANGE_A; + S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -571,7 +571,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_cert_status(s); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SW_KEY_EXCH_A; + S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -590,7 +590,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SW_FINISHED_A; + S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A; s->internal->init_num = 0; if (!tls1_change_cipher_state( @@ -609,7 +609,7 @@ ssl3_accept(SSL *s) TLS_MD_SERVER_FINISH_CONST_SIZE); if (ret <= 0) goto end; - s->internal->state = SSL3_ST_SW_FLUSH; + S3I(s)->hs.state = SSL3_ST_SW_FLUSH; if (s->internal->hit) { if (S3I(s)->next_proto_neg_seen) { s->s3->flags |= SSL3_FLAGS_CCS_OK; @@ -668,11 +668,11 @@ ssl3_accept(SSL *s) } - if ((cb != NULL) && (s->internal->state != state)) { - new_state = s->internal->state; - s->internal->state = state; + if ((cb != NULL) && (S3I(s)->hs.state != state)) { + new_state = S3I(s)->hs.state; + S3I(s)->hs.state = state; cb(s, SSL_CB_ACCEPT_LOOP, 1); - s->internal->state = new_state; + S3I(s)->hs.state = new_state; } } skip = 0; @@ -693,14 +693,14 @@ ssl3_send_hello_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == SSL3_ST_SW_HELLO_REQ_A) { + if (S3I(s)->hs.state == SSL3_ST_SW_HELLO_REQ_A) { if (!ssl3_handshake_msg_start_cbb(s, &cbb, &hello, SSL3_MT_HELLO_REQUEST)) goto err; if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = SSL3_ST_SW_HELLO_REQ_B; + S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_B; } /* SSL3_ST_SW_HELLO_REQ_B */ @@ -738,8 +738,8 @@ ssl3_get_client_hello(SSL *s) * If we are SSLv3, we will respond with SSLv3, even if prompted with * TLSv1. */ - if (s->internal->state == SSL3_ST_SR_CLNT_HELLO_A) { - s->internal->state = SSL3_ST_SR_CLNT_HELLO_B; + if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A) { + S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B; } s->internal->first_packet = 1; @@ -1087,7 +1087,7 @@ ssl3_send_server_hello(SSL *s) bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; - if (s->internal->state == SSL3_ST_SW_SRVR_HELLO_A) { + if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); if (!CBB_init_fixed(&cbb, p, bufend - p)) @@ -1169,14 +1169,14 @@ ssl3_send_server_done(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == SSL3_ST_SW_SRVR_DONE_A) { + if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_DONE_A) { if (!ssl3_handshake_msg_start_cbb(s, &cbb, &done, SSL3_MT_SERVER_DONE)) goto err; if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = SSL3_ST_SW_SRVR_DONE_B; + S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_B; } /* SSL3_ST_SW_SRVR_DONE_B */ @@ -1457,7 +1457,7 @@ ssl3_send_server_key_exchange(SSL *s) memset(&cbb, 0, sizeof(cbb)); EVP_MD_CTX_init(&md_ctx); - if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) { + if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) { type = S3I(s)->hs.new_cipher->algorithm_mkey; buf = s->internal->init_buf; @@ -1576,7 +1576,7 @@ ssl3_send_server_key_exchange(SSL *s) ssl3_handshake_msg_finish(s, n); } - s->internal->state = SSL3_ST_SW_KEY_EXCH_B; + S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B; EVP_MD_CTX_cleanup(&md_ctx); @@ -1601,7 +1601,7 @@ ssl3_send_certificate_request(SSL *s) X509_NAME *name; BUF_MEM *buf; - if (s->internal->state == SSL3_ST_SW_CERT_REQ_A) { + if (S3I(s)->hs.state == SSL3_ST_SW_CERT_REQ_A) { buf = s->internal->init_buf; d = p = ssl3_handshake_msg_start(s, @@ -1652,7 +1652,7 @@ ssl3_send_certificate_request(SSL *s) ssl3_handshake_msg_finish(s, n); - s->internal->state = SSL3_ST_SW_CERT_REQ_B; + S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_B; } /* SSL3_ST_SW_CERT_REQ_B */ @@ -2539,7 +2539,7 @@ ssl3_send_server_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == SSL3_ST_SW_CERT_A) { + if (S3I(s)->hs.state == SSL3_ST_SW_CERT_A) { if ((x = ssl_get_server_send_cert(s)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); return (0); @@ -2553,7 +2553,7 @@ ssl3_send_server_certificate(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = SSL3_ST_SW_CERT_B; + S3I(s)->hs.state = SSL3_ST_SW_CERT_B; } /* SSL3_ST_SW_CERT_B */ @@ -2581,7 +2581,7 @@ ssl3_send_newsession_ticket(SSL *s) unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[16]; - if (s->internal->state == SSL3_ST_SW_SESSION_TICKET_A) { + if (S3I(s)->hs.state == SSL3_ST_SW_SESSION_TICKET_A) { /* get session encoding length */ slen_full = i2d_SSL_SESSION(s->session, NULL); /* @@ -2694,7 +2694,7 @@ ssl3_send_newsession_ticket(SSL *s) ssl3_handshake_msg_finish(s, len); - s->internal->state = SSL3_ST_SW_SESSION_TICKET_B; + S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B; freezero(senc, slen_full); } @@ -2715,7 +2715,7 @@ ssl3_send_cert_status(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (s->internal->state == SSL3_ST_SW_CERT_STATUS_A) { + if (S3I(s)->hs.state == SSL3_ST_SW_CERT_STATUS_A) { if (!ssl3_handshake_msg_start_cbb(s, &cbb, &certstatus, SSL3_MT_CERTIFICATE_STATUS)) goto err; @@ -2729,7 +2729,7 @@ ssl3_send_cert_status(SSL *s) if (!ssl3_handshake_msg_finish_cbb(s, &cbb)) goto err; - s->internal->state = SSL3_ST_SW_CERT_STATUS_B; + S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_B; } /* SSL3_ST_SW_CERT_STATUS_B */ @@ -2769,7 +2769,7 @@ ssl3_get_next_proto(SSL *s) return ((int)n); /* - * s->internal->state doesn't reflect whether ChangeCipherSpec has been received + * S3I(s)->hs.state doesn't reflect whether ChangeCipherSpec has been received * in this handshake, but S3I(s)->change_cipher_spec does (will be reset * by ssl3_get_finished). */ diff --git a/lib/libssl/ssl_stat.c b/lib/libssl/ssl_stat.c index 4f93781f721..6b26d4c9153 100644 --- a/lib/libssl/ssl_stat.c +++ b/lib/libssl/ssl_stat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_stat.c,v 1.13 2017/01/23 08:48:45 beck Exp $ */ +/* $OpenBSD: ssl_stat.c,v 1.14 2017/05/07 04:22:24 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -91,7 +91,7 @@ SSL_state_string_long(const SSL *s) { const char *str; - switch (s->internal->state) { + switch (S3I(s)->hs.state) { case SSL_ST_BEFORE: str = "before SSL initialization"; break; @@ -347,7 +347,7 @@ SSL_state_string(const SSL *s) { const char *str; - switch (s->internal->state) { + switch (S3I(s)->hs.state) { case SSL_ST_BEFORE: str = "PINIT "; break; diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 2cb47a215c3..eb2314ac26a 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.116 2017/05/06 22:24:58 beck Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.117 2017/05/07 04:22:24 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -967,7 +967,7 @@ skip_ext: * includes the 5-byte record header in the buffer, while the * code in s3_clnt.c does not. */ - if (s->internal->state == SSL23_ST_CW_CLNT_HELLO_A) + if (S3I(s)->hs.state == SSL23_ST_CW_CLNT_HELLO_A) hlen -= 5; if (hlen > 0xff && hlen < 0x200) { hlen = 0x200 - hlen; |