From 2084371cb17b0ba8e005086f116e5a7698dfec69 Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Sun, 22 Jan 2017 07:16:40 +0000 Subject: Move most of DTLS1_STATE to internal. ok jsing@ --- lib/libssl/d1_both.c | 116 ++++++++++++++++++++++++------------------------ lib/libssl/d1_clnt.c | 26 +++++------ lib/libssl/d1_lib.c | 84 +++++++++++++++++------------------ lib/libssl/d1_pkt.c | 120 +++++++++++++++++++++++++------------------------- lib/libssl/d1_srvr.c | 34 +++++++------- lib/libssl/dtls1.h | 64 +-------------------------- lib/libssl/s3_clnt.c | 14 +++--- lib/libssl/s3_srvr.c | 12 ++--- lib/libssl/ssl_lib.c | 4 +- lib/libssl/ssl_locl.h | 63 +++++++++++++++++++++++++- lib/libssl/t1_enc.c | 8 ++-- 11 files changed, 272 insertions(+), 273 deletions(-) diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index 7f9d5af4ce9..d83df1c9a03 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.40 2016/12/06 13:38:11 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.41 2017/01/22 07:16:38 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -232,9 +232,9 @@ dtls1_do_write(SSL *s, int type) unsigned int len, frag_off, mac_size, blocksize; /* AHA! Figure out the MTU, and stick to the right size */ - if (s->d1->mtu < dtls1_min_mtu() && + if (D1I(s)->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), + D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); /* @@ -242,20 +242,20 @@ dtls1_do_write(SSL *s, int type) * doesn't know the MTU (ie., the initial write), so just * make sure we have a reasonable number */ - if (s->d1->mtu < dtls1_min_mtu()) { - s->d1->mtu = 0; - s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); + if (D1I(s)->mtu < dtls1_min_mtu()) { + D1I(s)->mtu = 0; + D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu); BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - s->d1->mtu, NULL); + D1I(s)->mtu, NULL); } } - OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); + OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) OPENSSL_assert(s->init_num == - (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); if (s->write_hash) mac_size = EVP_MD_CTX_size(s->write_hash); @@ -270,7 +270,7 @@ dtls1_do_write(SSL *s, int type) frag_off = 0; while (s->init_num) { - curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - + curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) - DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) { @@ -278,7 +278,7 @@ dtls1_do_write(SSL *s, int type) ret = BIO_flush(SSL_get_wbio(s)); if (ret <= 0) return ret; - curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - + curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; } @@ -322,7 +322,7 @@ dtls1_do_write(SSL *s, int type) */ if (BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) - s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), + D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); else return (-1); @@ -336,14 +336,14 @@ dtls1_do_write(SSL *s, int type) OPENSSL_assert(len == (unsigned int)ret); if (type == SSL3_RT_HANDSHAKE && - !s->d1->retransmitting) { + !D1I(s)->retransmitting) { /* * Should not be done for 'Hello Request's, * but in that case we'll ignore the result * anyway */ unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; - const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; + const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; int xlen; if (frag_off == 0) { @@ -420,7 +420,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) return s->init_num; } - msg_hdr = &s->d1->r_msg_hdr; + msg_hdr = &D1I(s)->r_msg_hdr; memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); again: @@ -452,8 +452,8 @@ again: memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); /* Don't change sequence numbers while listening */ - if (!s->d1->listen) - s->d1->handshake_read_seq++; + if (!D1I(s)->listen) + D1I(s)->handshake_read_seq++; s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; return s->init_num; @@ -487,7 +487,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) return SSL_AD_ILLEGAL_PARAMETER; } - if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ + if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */ { /* * msg_len is limited to 2^24, but is effectively checked @@ -500,11 +500,11 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) } s->s3->tmp.message_size = msg_len; - s->d1->r_msg_hdr.msg_len = msg_len; + D1I(s)->r_msg_hdr.msg_len = msg_len; s->s3->tmp.message_type = msg_hdr->type; - s->d1->r_msg_hdr.type = msg_hdr->type; - s->d1->r_msg_hdr.seq = msg_hdr->seq; - } else if (msg_len != s->d1->r_msg_hdr.msg_len) { + D1I(s)->r_msg_hdr.type = msg_hdr->type; + D1I(s)->r_msg_hdr.seq = msg_hdr->seq; + } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { /* * They must be playing with us! BTW, failure to enforce * upper limit would open possibility for buffer overrun. @@ -531,7 +531,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) int al; *ok = 0; - item = pqueue_peek(s->d1->buffered_messages); + item = pqueue_peek(D1I(s)->buffered_messages); if (item == NULL) return 0; @@ -541,9 +541,9 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) if (frag->reassembly != NULL) return 0; - if (s->d1->handshake_read_seq == frag->msg_header.seq) { + if (D1I(s)->handshake_read_seq == frag->msg_header.seq) { unsigned long frag_len = frag->msg_header.frag_len; - pqueue_pop(s->d1->buffered_messages); + pqueue_pop(D1I(s)->buffered_messages); al = dtls1_preprocess_fragment(s, &frag->msg_header, max); @@ -608,7 +608,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); seq64be[7] = (unsigned char)msg_hdr->seq; - item = pqueue_find(s->d1->buffered_messages, seq64be); + item = pqueue_find(D1I(s)->buffered_messages, seq64be); if (item == NULL) { frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); @@ -673,7 +673,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) goto err; } - pqueue_insert(s->d1->buffered_messages, item); + pqueue_insert(D1I(s)->buffered_messages, item); } return DTLS1_HM_FRAGMENT_RETRY; @@ -702,7 +702,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char) (msg_hdr->seq >> 8); seq64be[7] = (unsigned char) msg_hdr->seq; - item = pqueue_find(s->d1->buffered_messages, seq64be); + item = pqueue_find(D1I(s)->buffered_messages, seq64be); /* * If we already have an entry and this one is a fragment, @@ -717,9 +717,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) * a FINISHED before the SERVER_HELLO, which then must be a stale * retransmit. */ - if (msg_hdr->seq <= s->d1->handshake_read_seq || - msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || - (s->d1->handshake_read_seq == 0 && + if (msg_hdr->seq <= D1I(s)->handshake_read_seq || + msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL || + (D1I(s)->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { unsigned char devnull [256]; @@ -760,7 +760,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) if (item == NULL) goto err; - pqueue_insert(s->d1->buffered_messages, item); + pqueue_insert(D1I(s)->buffered_messages, item); } return DTLS1_HM_FRAGMENT_RETRY; @@ -814,8 +814,8 @@ again: * While listening, we accept seq 1 (ClientHello with cookie) * although we're still expecting seq 0 (ClientHello) */ - if (msg_hdr.seq != s->d1->handshake_read_seq && - !(s->d1->listen && msg_hdr.seq == 1)) + if (msg_hdr.seq != D1I(s)->handshake_read_seq && + !(D1I(s)->listen && msg_hdr.seq == 1)) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); len = msg_hdr.msg_len; @@ -825,7 +825,7 @@ again: if (frag_len && frag_len < len) return dtls1_reassemble_fragment(s, &msg_hdr, ok); - if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && + if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 && wire[0] == SSL3_MT_HELLO_REQUEST) { /* * The server may always send 'Hello Request' messages -- @@ -918,13 +918,13 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b) if (s->state == a) { p = (unsigned char *)s->init_buf->data; *p++=SSL3_MT_CCS; - s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; + D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; s->init_num = DTLS1_CCS_HEADER_LENGTH; s->init_off = 0; dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - s->d1->handshake_write_seq, 0, 0); + D1I(s)->handshake_write_seq, 0, 0); /* buffer the message to handle re-xmits */ dtls1_buffer_message(s, 1); @@ -1031,26 +1031,26 @@ dtls1_buffer_message(SSL *s, int is_ccs) memcpy(frag->fragment, s->init_buf->data, s->init_num); if (is_ccs) { - OPENSSL_assert(s->d1->w_msg_hdr.msg_len + + OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + ((s->version == DTLS1_VERSION) ? DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num); } else { - OPENSSL_assert(s->d1->w_msg_hdr.msg_len + + OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); } - frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; - frag->msg_header.seq = s->d1->w_msg_hdr.seq; - frag->msg_header.type = s->d1->w_msg_hdr.type; + frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len; + frag->msg_header.seq = D1I(s)->w_msg_hdr.seq; + frag->msg_header.type = D1I(s)->w_msg_hdr.type; frag->msg_header.frag_off = 0; - frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; + frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len; frag->msg_header.is_ccs = is_ccs; /* save current state*/ frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; frag->msg_header.saved_retransmit_state.session = s->session; - frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; + frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch; memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char)(dtls1_get_queue_priority( @@ -1120,21 +1120,21 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, saved_state.enc_write_ctx = s->enc_write_ctx; saved_state.write_hash = s->write_hash; saved_state.session = s->session; - saved_state.epoch = s->d1->w_epoch; + saved_state.epoch = D1I(s)->w_epoch; - s->d1->retransmitting = 1; + D1I(s)->retransmitting = 1; /* restore state in which the message was originally sent */ s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; s->session = frag->msg_header.saved_retransmit_state.session; - s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; + D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch; if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); - memcpy(s->s3->write_sequence, s->d1->last_write_sequence, + memcpy(s->s3->write_sequence, D1I(s)->last_write_sequence, sizeof(s->s3->write_sequence)); } @@ -1145,17 +1145,17 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, s->enc_write_ctx = saved_state.enc_write_ctx; s->write_hash = saved_state.write_hash; s->session = saved_state.session; - s->d1->w_epoch = saved_state.epoch; + D1I(s)->w_epoch = saved_state.epoch; if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { - memcpy(s->d1->last_write_sequence, s->s3->write_sequence, + memcpy(D1I(s)->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); } - s->d1->retransmitting = 0; + D1I(s)->retransmitting = 0; (void)BIO_flush(SSL_get_wbio(s)); return ret; @@ -1179,12 +1179,12 @@ dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len) { /* Don't change sequence numbers while listening */ - if (frag_off == 0 && !s->d1->listen) { - s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; - s->d1->next_handshake_write_seq++; + if (frag_off == 0 && !D1I(s)->listen) { + D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; + D1I(s)->next_handshake_write_seq++; } - dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, + dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq, frag_off, frag_len); return p += DTLS1_HM_HEADER_LENGTH; @@ -1195,7 +1195,7 @@ static void dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) { - struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; + struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; msg_hdr->type = mt; msg_hdr->msg_len = len; @@ -1207,7 +1207,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) { - struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; + struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; msg_hdr->frag_off = frag_off; msg_hdr->frag_len = frag_len; @@ -1216,7 +1216,7 @@ dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) static unsigned char * dtls1_write_message_header(SSL *s, unsigned char *p) { - struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; + struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; *p++ = msg_hdr->type; l2n3(msg_hdr->msg_len, p); diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index 633eabf8b42..d4b80311503 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.60 2017/01/21 06:50:02 jsing Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.61 2017/01/22 07:16:38 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -247,7 +247,7 @@ dtls1_connect(SSL *s) /* mark client_random uninitialized */ memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); - s->d1->send_cookie = 0; + D1I(s)->send_cookie = 0; s->hit = 0; break; @@ -268,7 +268,7 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; - if (s->d1->send_cookie) { + if (D1I(s)->send_cookie) { s->state = SSL3_ST_CW_FLUSH; s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A; } else @@ -304,7 +304,7 @@ dtls1_connect(SSL *s) if (ret <= 0) goto end; dtls1_stop_timer(s); - if ( s->d1->send_cookie) /* start again, with a cookie */ + if ( D1I(s)->send_cookie) /* start again, with a cookie */ s->state = SSL3_ST_CW_CLNT_HELLO_A; else s->state = SSL3_ST_CR_CERT_A; @@ -507,7 +507,7 @@ dtls1_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: - s->d1->change_cipher_spec_ok = 1; + D1I(s)->change_cipher_spec_ok = 1; ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) @@ -566,8 +566,8 @@ dtls1_connect(SSL *s) cb(s, SSL_CB_HANDSHAKE_DONE, 1); /* done with handshaking */ - s->d1->handshake_read_seq = 0; - s->d1->next_handshake_write_seq = 0; + D1I(s)->handshake_read_seq = 0; + D1I(s)->next_handshake_write_seq = 0; goto end; /* break; */ @@ -619,7 +619,7 @@ dtls1_get_hello_verify(SSL *s) return ((int)n); if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { - s->d1->send_cookie = 0; + D1I(s)->send_cookie = 0; s->s3->tmp.reuse_message = 1; return (1); } @@ -642,14 +642,14 @@ dtls1_get_hello_verify(SSL *s) if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) goto truncated; - if (!CBS_write_bytes(&cookie, s->d1->cookie, - sizeof(s->d1->cookie), &cookie_len)) { - s->d1->cookie_len = 0; + if (!CBS_write_bytes(&cookie, D1I(s)->cookie, + sizeof(D1I(s)->cookie), &cookie_len)) { + D1I(s)->cookie_len = 0; al = SSL_AD_ILLEGAL_PARAMETER; goto f_err; } - s->d1->cookie_len = cookie_len; - s->d1->send_cookie = 1; + D1I(s)->cookie_len = cookie_len; + D1I(s)->send_cookie = 1; return 1; diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c index 3bc1b42583e..697cb434f7a 100644 --- a/lib/libssl/d1_lib.c +++ b/lib/libssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.35 2017/01/22 03:50:45 jsing Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.36 2017/01/22 07:16:38 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -117,24 +117,24 @@ dtls1_new(SSL *s) /* d1->handshake_epoch=0; */ - d1->unprocessed_rcds.q = pqueue_new(); - d1->processed_rcds.q = pqueue_new(); - d1->buffered_messages = pqueue_new(); + d1->internal->unprocessed_rcds.q = pqueue_new(); + d1->internal->processed_rcds.q = pqueue_new(); + d1->internal->buffered_messages = pqueue_new(); d1->sent_messages = pqueue_new(); - d1->buffered_app_data.q = pqueue_new(); + d1->internal->buffered_app_data.q = pqueue_new(); if (s->server) { - d1->cookie_len = sizeof(s->d1->cookie); + d1->internal->cookie_len = sizeof(D1I(s)->cookie); } - if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q || - !d1->buffered_messages || !d1->sent_messages || - !d1->buffered_app_data.q) { - pqueue_free(d1->unprocessed_rcds.q); - pqueue_free(d1->processed_rcds.q); - pqueue_free(d1->buffered_messages); + if (!d1->internal->unprocessed_rcds.q || !d1->internal->processed_rcds.q || + !d1->internal->buffered_messages || !d1->sent_messages || + !d1->internal->buffered_app_data.q) { + pqueue_free(d1->internal->unprocessed_rcds.q); + pqueue_free(d1->internal->processed_rcds.q); + pqueue_free(d1->internal->buffered_messages); pqueue_free(d1->sent_messages); - pqueue_free(d1->buffered_app_data.q); + pqueue_free(d1->internal->buffered_app_data.q); free(d1); ssl3_free(s); return (0); @@ -152,21 +152,21 @@ dtls1_clear_queues(SSL *s) hm_fragment *frag = NULL; DTLS1_RECORD_DATA *rdata; - while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { + while ((item = pqueue_pop(D1I(s)->unprocessed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *) item->data; free(rdata->rbuf.buf); free(item->data); pitem_free(item); } - while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { + while ((item = pqueue_pop(D1I(s)->processed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *) item->data; free(rdata->rbuf.buf); free(item->data); pitem_free(item); } - while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) { + while ((item = pqueue_pop(D1I(s)->buffered_messages)) != NULL) { frag = (hm_fragment *)item->data; free(frag->fragment); free(frag); @@ -180,7 +180,7 @@ dtls1_clear_queues(SSL *s) pitem_free(item); } - while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) { + while ((item = pqueue_pop(D1I(s)->buffered_app_data.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *) item->data; free(rdata->rbuf.buf); free(item->data); @@ -198,11 +198,11 @@ dtls1_free(SSL *s) dtls1_clear_queues(s); - pqueue_free(s->d1->unprocessed_rcds.q); - pqueue_free(s->d1->processed_rcds.q); - pqueue_free(s->d1->buffered_messages); + pqueue_free(D1I(s)->unprocessed_rcds.q); + pqueue_free(D1I(s)->processed_rcds.q); + pqueue_free(D1I(s)->buffered_messages); pqueue_free(s->d1->sent_messages); - pqueue_free(s->d1->buffered_app_data.q); + pqueue_free(D1I(s)->buffered_app_data.q); explicit_bzero(s->d1->internal, sizeof(*s->d1->internal)); free(s->d1->internal); @@ -225,12 +225,12 @@ dtls1_clear(SSL *s) unsigned int mtu; if (s->d1) { - unprocessed_rcds = s->d1->unprocessed_rcds.q; - processed_rcds = s->d1->processed_rcds.q; - buffered_messages = s->d1->buffered_messages; + unprocessed_rcds = D1I(s)->unprocessed_rcds.q; + processed_rcds = D1I(s)->processed_rcds.q; + buffered_messages = D1I(s)->buffered_messages; sent_messages = s->d1->sent_messages; - buffered_app_data = s->d1->buffered_app_data.q; - mtu = s->d1->mtu; + buffered_app_data = D1I(s)->buffered_app_data.q; + mtu = D1I(s)->mtu; dtls1_clear_queues(s); @@ -240,18 +240,18 @@ dtls1_clear(SSL *s) s->d1->internal = internal; if (s->server) { - s->d1->cookie_len = sizeof(s->d1->cookie); + D1I(s)->cookie_len = sizeof(D1I(s)->cookie); } if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { - s->d1->mtu = mtu; + D1I(s)->mtu = mtu; } - s->d1->unprocessed_rcds.q = unprocessed_rcds; - s->d1->processed_rcds.q = processed_rcds; - s->d1->buffered_messages = buffered_messages; + D1I(s)->unprocessed_rcds.q = unprocessed_rcds; + D1I(s)->processed_rcds.q = processed_rcds; + D1I(s)->buffered_messages = buffered_messages; s->d1->sent_messages = sent_messages; - s->d1->buffered_app_data.q = buffered_app_data; + D1I(s)->buffered_app_data.q = buffered_app_data; } ssl3_clear(s); @@ -319,7 +319,7 @@ dtls1_start_timer(SSL *s) /* Add duration to current time */ s->d1->next_timeout.tv_sec += s->d1->timeout_duration; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, - &(s->d1->next_timeout)); + &s->d1->next_timeout); } struct timeval* @@ -396,7 +396,7 @@ void dtls1_stop_timer(SSL *s) { /* Reset everything */ - memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); + memset(&(D1I(s)->timeout), 0, sizeof(struct dtls1_timeout_st)); memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); s->d1->timeout_duration = 1; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, @@ -408,16 +408,16 @@ dtls1_stop_timer(SSL *s) int dtls1_check_timeout_num(SSL *s) { - s->d1->timeout.num_alerts++; + D1I(s)->timeout.num_alerts++; /* Reduce MTU after 2 unsuccessful retransmissions */ - if (s->d1->timeout.num_alerts > 2) { - s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), + if (D1I(s)->timeout.num_alerts > 2) { + D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); } - if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { + if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { /* fail the connection, enough alerts have been sent */ SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED); return -1; @@ -439,9 +439,9 @@ dtls1_handle_timeout(SSL *s) if (dtls1_check_timeout_num(s) < 0) return -1; - s->d1->timeout.read_timeouts++; - if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { - s->d1->timeout.read_timeouts = 1; + D1I(s)->timeout.read_timeouts++; + if (D1I(s)->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { + D1I(s)->timeout.read_timeouts = 1; } dtls1_start_timer(s); @@ -457,7 +457,7 @@ dtls1_listen(SSL *s, struct sockaddr *client) SSL_clear(s); SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); - s->d1->listen = 1; + D1I(s)->listen = 1; ret = SSL_accept(s); if (ret <= 0) diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 9ea7d5277a0..c44f8f0f58b 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.49 2016/11/04 18:00:12 guenther Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.50 2017/01/22 07:16:39 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -285,31 +285,31 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) * yet */ #define dtls1_get_unprocessed_record(s) \ dtls1_retrieve_buffered_record((s), \ - &((s)->d1->unprocessed_rcds)) + &((D1I(s))->unprocessed_rcds)) /* retrieve a buffered record that belongs to the current epoch, ie, processed */ #define dtls1_get_processed_record(s) \ dtls1_retrieve_buffered_record((s), \ - &((s)->d1->processed_rcds)) + &((D1I(s))->processed_rcds)) static int dtls1_process_buffered_records(SSL *s) { pitem *item; - item = pqueue_peek(s->d1->unprocessed_rcds.q); + item = pqueue_peek(D1I(s)->unprocessed_rcds.q); if (item) { /* Check if epoch is current. */ - if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) + if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch) return (1); /* Nothing to do. */ /* Process all the records. */ - while (pqueue_peek(s->d1->unprocessed_rcds.q)) { + while (pqueue_peek(D1I(s)->unprocessed_rcds.q)) { dtls1_get_unprocessed_record(s); if (! dtls1_process_record(s)) return (0); - if (dtls1_buffer_record(s, &(s->d1->processed_rcds), + if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds), s->s3->rrec.seq_num) < 0) return (-1); } @@ -317,8 +317,8 @@ dtls1_process_buffered_records(SSL *s) /* sync epoch numbers once all the unprocessed records * have been processed */ - s->d1->processed_rcds.epoch = s->d1->r_epoch; - s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; + D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch; + D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1; return (1); } @@ -581,7 +581,7 @@ again: * since they arrive from different connections and * would be dropped unnecessarily. */ - if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && + if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE && p != NULL && *p == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap)) goto again; @@ -596,8 +596,8 @@ again: * anything while listening. */ if (is_next_epoch) { - if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { - if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), + if ((SSL_in_init(s) || s->in_handshake) && !D1I(s)->listen) { + if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds), rr->seq_num) < 0) return (-1); /* Mark receipt of record. */ @@ -665,7 +665,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if ((ret = have_handshake_fragment(s, type, buf, len, peek))) return ret; - /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ + /* Now D1I(s)->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ if (!s->in_handshake && SSL_in_init(s)) { @@ -694,7 +694,7 @@ start: */ if (s->state == SSL_ST_OK && rr->length == 0) { pitem *item; - item = pqueue_pop(s->d1->buffered_app_data.q); + item = pqueue_pop(D1I(s)->buffered_app_data.q); if (item) { dtls1_copy_record(s, item); @@ -721,7 +721,7 @@ start: } } - if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) { + if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) { rr->length = 0; goto start; } @@ -736,7 +736,7 @@ start: * buffer the application data for later processing rather * than dropping the connection. */ - if (dtls1_buffer_record(s, &(s->d1->buffered_app_data), + if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data), rr->seq_num) < 0) { SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); return (-1); @@ -799,13 +799,13 @@ start: unsigned int *dest_len = NULL; if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof s->d1->handshake_fragment; - dest = s->d1->handshake_fragment; - dest_len = &s->d1->handshake_fragment_len; + dest_maxlen = sizeof D1I(s)->handshake_fragment; + dest = D1I(s)->handshake_fragment; + dest_len = &D1I(s)->handshake_fragment_len; } else if (rr->type == SSL3_RT_ALERT) { - dest_maxlen = sizeof(s->d1->alert_fragment); - dest = s->d1->alert_fragment; - dest_len = &s->d1->alert_fragment_len; + dest_maxlen = sizeof(D1I(s)->alert_fragment); + dest = D1I(s)->alert_fragment; + dest_len = &D1I(s)->alert_fragment_len; } /* else it's a CCS message, or application data or wrong */ else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -854,20 +854,20 @@ start: } } - /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; - * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. + /* D1I(s)->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; + * D1I(s)->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ /* If we are a client, check for an incoming 'Hello Request': */ if ((!s->server) && - (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && - (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && + (D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && + (D1I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && (s->session != NULL) && (s->session->cipher != NULL)) { - s->d1->handshake_fragment_len = 0; + D1I(s)->handshake_fragment_len = 0; - if ((s->d1->handshake_fragment[1] != 0) || - (s->d1->handshake_fragment[2] != 0) || - (s->d1->handshake_fragment[3] != 0)) { + if ((D1I(s)->handshake_fragment[1] != 0) || + (D1I(s)->handshake_fragment[2] != 0) || + (D1I(s)->handshake_fragment[3] != 0)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); goto err; @@ -877,12 +877,12 @@ start: if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - s->d1->handshake_fragment, 4, s, s->msg_callback_arg); + D1I(s)->handshake_fragment, 4, s, s->msg_callback_arg); if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && !s->s3->renegotiate) { - s->d1->handshake_read_seq++; + D1I(s)->handshake_read_seq++; s->new_session = 1; ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) { @@ -916,15 +916,15 @@ start: goto start; } - if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { - int alert_level = s->d1->alert_fragment[0]; - int alert_descr = s->d1->alert_fragment[1]; + if (D1I(s)->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { + int alert_level = D1I(s)->alert_fragment[0]; + int alert_descr = D1I(s)->alert_fragment[1]; - s->d1->alert_fragment_len = 0; + D1I(s)->alert_fragment_len = 0; if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_ALERT, - s->d1->alert_fragment, 2, s, s->msg_callback_arg); + D1I(s)->alert_fragment, 2, s, s->msg_callback_arg); if (s->info_callback != NULL) cb = s->info_callback; @@ -994,11 +994,11 @@ start: /* We can't process a CCS now, because previous handshake * messages are still missing, so just drop it. */ - if (!s->d1->change_cipher_spec_ok) { + if (!D1I(s)->change_cipher_spec_ok) { goto start; } - s->d1->change_cipher_spec_ok = 0; + D1I(s)->change_cipher_spec_ok = 0; s->s3->change_cipher_spec = 1; if (!ssl3_do_change_cipher_spec(s)) @@ -1011,14 +1011,14 @@ start: } /* Unexpected handshake message (Client Hello, or protocol violation) */ - if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && + if ((D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && !s->in_handshake) { struct hm_header_st msg_hdr; /* this may just be a stale retransmit */ if (!dtls1_get_message_header(rr->data, &msg_hdr)) return -1; - if (rr->epoch != s->d1->r_epoch) { + if (rr->epoch != D1I(s)->r_epoch) { rr->length = 0; goto start; } @@ -1151,24 +1151,24 @@ have_handshake_fragment(SSL *s, int type, unsigned char *buf, int len, int peek) { - if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0)) + if ((type == SSL3_RT_HANDSHAKE) && (D1I(s)->handshake_fragment_len > 0)) /* (partially) satisfy request from storage */ { - unsigned char *src = s->d1->handshake_fragment; + unsigned char *src = D1I(s)->handshake_fragment; unsigned char *dst = buf; unsigned int k, n; /* peek == 0 */ n = 0; - while ((len > 0) && (s->d1->handshake_fragment_len > 0)) { + while ((len > 0) && (D1I(s)->handshake_fragment_len > 0)) { *dst++ = *src++; len--; - s->d1->handshake_fragment_len--; + D1I(s)->handshake_fragment_len--; n++; } /* move any remaining fragment bytes: */ - for (k = 0; k < s->d1->handshake_fragment_len; k++) - s->d1->handshake_fragment[k] = *src++; + for (k = 0; k < D1I(s)->handshake_fragment_len; k++) + D1I(s)->handshake_fragment[k] = *src++; return n; } @@ -1306,11 +1306,11 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) /* there's only one epoch between handshake and app data */ - s2n(s->d1->w_epoch, pseq); + s2n(D1I(s)->w_epoch, pseq); /* XDTLS: ?? */ /* else - s2n(s->d1->handshake_epoch, pseq); + s2n(D1I(s)->handshake_epoch, pseq); */ memcpy(pseq, &(s->s3->write_sequence[2]), 6); @@ -1405,8 +1405,8 @@ dtls1_dispatch_alert(SSL *s) #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { - s2n(s->d1->handshake_read_seq, ptr); - l2n3(s->d1->r_msg_hdr.frag_off, ptr); + s2n(D1I(s)->handshake_read_seq, ptr); + l2n3(D1I(s)->r_msg_hdr.frag_off, ptr); } #endif @@ -1447,14 +1447,14 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch) *is_next_epoch = 0; /* In current epoch, accept HM, CCS, DATA, & ALERT */ - if (rr->epoch == s->d1->r_epoch) - return &s->d1->bitmap; + if (rr->epoch == D1I(s)->r_epoch) + return &D1I(s)->bitmap; /* Only HM and ALERT messages can be from the next epoch */ - else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && + else if (rr->epoch == (unsigned long)(D1I(s)->r_epoch + 1) && (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { *is_next_epoch = 1; - return &s->d1->next_bitmap; + return &D1I(s)->next_bitmap; } return NULL; @@ -1468,13 +1468,13 @@ dtls1_reset_seq_numbers(SSL *s, int rw) if (rw & SSL3_CC_READ) { seq = s->s3->read_sequence; - s->d1->r_epoch++; - memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); - memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); + D1I(s)->r_epoch++; + memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP)); + memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); } else { seq = s->s3->write_sequence; - memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); - s->d1->w_epoch++; + memcpy(D1I(s)->last_write_sequence, seq, sizeof(s->s3->write_sequence)); + D1I(s)->w_epoch++; } memset(seq, 0x00, seq_bytes); diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index 4322a219f5f..6990e39f604 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.70 2017/01/21 06:50:02 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.71 2017/01/22 07:16:39 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -193,14 +193,14 @@ dtls1_accept(SSL *s) else if (s->ctx->info_callback != NULL) cb = s->ctx->info_callback; - listen = s->d1->listen; + listen = D1I(s)->listen; /* init things to blank */ s->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - s->d1->listen = listen; + D1I(s)->listen = listen; if (s->cert == NULL) { SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET); @@ -317,13 +317,13 @@ dtls1_accept(SSL *s) /* If we're just listening, stop here */ if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; - s->d1->listen = 0; + D1I(s)->listen = 0; /* Set expected sequence numbers * to continue the handshake. */ - s->d1->handshake_read_seq = 2; - s->d1->handshake_write_seq = 1; - s->d1->next_handshake_write_seq = 1; + D1I(s)->handshake_read_seq = 2; + D1I(s)->handshake_write_seq = 1; + D1I(s)->next_handshake_write_seq = 1; goto end; } @@ -534,7 +534,7 @@ dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - s->d1->change_cipher_spec_ok = 1; + D1I(s)->change_cipher_spec_ok = 1; /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); if (ret <= 0) @@ -545,7 +545,7 @@ dtls1_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: - s->d1->change_cipher_spec_ok = 1; + D1I(s)->change_cipher_spec_ok = 1; ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) @@ -652,10 +652,10 @@ dtls1_accept(SSL *s) ret = 1; /* done handshaking, next message is client hello */ - s->d1->handshake_read_seq = 0; + D1I(s)->handshake_read_seq = 0; /* next message is server hello */ - s->d1->handshake_write_seq = 0; - s->d1->next_handshake_write_seq = 0; + D1I(s)->handshake_write_seq = 0; + D1I(s)->next_handshake_write_seq = 0; goto end; /* break; */ @@ -705,16 +705,16 @@ dtls1_send_hello_verify_request(SSL *s) *(p++) = s->version & 0xFF; if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0) { + s->ctx->app_gen_cookie_cb(s, D1I(s)->cookie, + &(D1I(s)->cookie_len)) == 0) { SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR); return 0; } - *(p++) = (unsigned char) s->d1->cookie_len; - memcpy(p, s->d1->cookie, s->d1->cookie_len); - p += s->d1->cookie_len; + *(p++) = (unsigned char) D1I(s)->cookie_len; + memcpy(p, D1I(s)->cookie, D1I(s)->cookie_len); + p += D1I(s)->cookie_len; ssl3_handshake_msg_finish(s, p - d); diff --git a/lib/libssl/dtls1.h b/lib/libssl/dtls1.h index 812b90592d3..c7b2d3af76b 100644 --- a/lib/libssl/dtls1.h +++ b/lib/libssl/dtls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dtls1.h,v 1.20 2017/01/22 03:50:45 jsing Exp $ */ +/* $OpenBSD: dtls1.h,v 1.21 2017/01/22 07:16:39 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -153,77 +153,15 @@ typedef struct hm_fragment_st { struct dtls1_state_internal_st; typedef struct dtls1_state_st { - unsigned int send_cookie; - unsigned char cookie[DTLS1_COOKIE_LENGTH]; - unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; - unsigned int cookie_len; - - /* - * The current data and handshake epoch. This is initially - * undefined, and starts at zero once the initial handshake is - * completed - */ - unsigned short r_epoch; - unsigned short w_epoch; - - /* records being received in the current epoch */ - DTLS1_BITMAP bitmap; - - /* renegotiation starts a new set of sequence numbers */ - DTLS1_BITMAP next_bitmap; - - /* handshake message numbers */ - unsigned short handshake_write_seq; - unsigned short next_handshake_write_seq; - - unsigned short handshake_read_seq; - - /* save last sequence number for retransmissions */ - unsigned char last_write_sequence[8]; - - /* Received handshake records (processed and unprocessed) */ - record_pqueue unprocessed_rcds; - record_pqueue processed_rcds; - - /* Buffered handshake messages */ - struct _pqueue *buffered_messages; - /* Buffered (sent) handshake records */ struct _pqueue *sent_messages; - /* Buffered application records. - * Only for records between CCS and Finished - * to prevent either protocol violation or - * unnecessary message loss. - */ - record_pqueue buffered_app_data; - - /* Is set when listening for new connections with dtls1_listen() */ - unsigned int listen; - - unsigned int mtu; /* max DTLS packet size */ - - struct hm_header_st w_msg_hdr; - struct hm_header_st r_msg_hdr; - - struct dtls1_timeout_st timeout; - /* Indicates when the last handshake msg or heartbeat sent will timeout */ struct timeval next_timeout; /* Timeout duration */ unsigned short timeout_duration; - /* storage for Alert/Handshake protocol data received but not - * yet processed by ssl3_read_bytes: */ - unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; - unsigned int alert_fragment_len; - unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; - unsigned int handshake_fragment_len; - - unsigned int retransmitting; - unsigned int change_cipher_spec_ok; - struct dtls1_state_internal_st *internal; } DTLS1_STATE; diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 74f44dd930a..d75ceb9d2d5 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.160 2017/01/22 06:36:49 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.161 2017/01/22 07:16:39 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -611,7 +611,7 @@ ssl3_client_hello(SSL *s) * HelloVerifyRequest, we must retain the original client * random value. */ - if (!SSL_IS_DTLS(s) || s->d1->send_cookie == 0) + if (!SSL_IS_DTLS(s) || D1I(s)->send_cookie == 0) arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO); @@ -671,14 +671,14 @@ ssl3_client_hello(SSL *s) /* DTLS Cookie. */ if (SSL_IS_DTLS(s)) { - if (s->d1->cookie_len > sizeof(s->d1->cookie)) { + if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) { SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); goto err; } - *(p++) = s->d1->cookie_len; - memcpy(p, s->d1->cookie, s->d1->cookie_len); - p += s->d1->cookie_len; + *(p++) = D1I(s)->cookie_len; + memcpy(p, D1I(s)->cookie, D1I(s)->cookie_len); + p += D1I(s)->cookie_len; } /* Ciphers supported */ @@ -743,7 +743,7 @@ ssl3_get_server_hello(SSL *s) if (SSL_IS_DTLS(s)) { if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { - if (s->d1->send_cookie == 0) { + if (D1I(s)->send_cookie == 0) { s->s3->tmp.reuse_message = 1; return (1); } else { diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 72d90a85c47..7912206785a 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.139 2017/01/22 06:36:49 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.140 2017/01/22 07:16:39 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -854,7 +854,7 @@ ssl3_get_client_hello(SSL *s) * HelloVerify message has not been sent--make sure that it * does not cause an overflow. */ - if (cookie_len > sizeof(s->d1->rcvd_cookie)) { + if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) { /* too much data */ al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, @@ -868,19 +868,19 @@ ssl3_get_client_hello(SSL *s) /* verify the cookie if appropriate option is set. */ if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && cookie_len > 0) { - memcpy(s->d1->rcvd_cookie, p, cookie_len); + memcpy(D1I(s)->rcvd_cookie, p, cookie_len); if (s->ctx->app_verify_cookie_cb != NULL) { if (s->ctx->app_verify_cookie_cb(s, - s->d1->rcvd_cookie, cookie_len) == 0) { + D1I(s)->rcvd_cookie, cookie_len) == 0) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; } /* else cookie verification succeeded */ - } else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie, - s->d1->cookie_len) != 0) { + } else if (timingsafe_memcmp(D1I(s)->rcvd_cookie, D1I(s)->cookie, + D1I(s)->cookie_len) != 0) { /* default verification */ al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 7031c91e1c3..50c764ae868 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.127 2017/01/22 06:36:49 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.128 2017/01/22 07:16:39 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1078,7 +1078,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return (0); #endif if (SSL_IS_DTLS(s)) { - s->d1->mtu = larg; + D1I(s)->mtu = larg; return (larg); } return (0); diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 805d68906a5..5681167242f 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.149 2017/01/22 06:36:49 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.150 2017/01/22 07:16:39 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -449,8 +449,69 @@ typedef struct ssl3_state_internal_st { } SSL3_STATE_INTERNAL; typedef struct dtls1_state_internal_st { + unsigned int send_cookie; + unsigned char cookie[DTLS1_COOKIE_LENGTH]; + unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; + unsigned int cookie_len; + /* + * The current data and handshake epoch. This is initially + * undefined, and starts at zero once the initial handshake is + * completed + */ + unsigned short r_epoch; + unsigned short w_epoch; + + /* records being received in the current epoch */ + DTLS1_BITMAP bitmap; + + /* renegotiation starts a new set of sequence numbers */ + DTLS1_BITMAP next_bitmap; + + /* handshake message numbers */ + unsigned short handshake_write_seq; + unsigned short next_handshake_write_seq; + + unsigned short handshake_read_seq; + + /* save last sequence number for retransmissions */ + unsigned char last_write_sequence[8]; + + /* Received handshake records (processed and unprocessed) */ + record_pqueue unprocessed_rcds; + record_pqueue processed_rcds; + + /* Buffered handshake messages */ + struct _pqueue *buffered_messages; + + /* Buffered application records. + * Only for records between CCS and Finished + * to prevent either protocol violation or + * unnecessary message loss. + */ + record_pqueue buffered_app_data; + + /* Is set when listening for new connections with dtls1_listen() */ + unsigned int listen; + + unsigned int mtu; /* max DTLS packet size */ + + struct hm_header_st w_msg_hdr; + struct hm_header_st r_msg_hdr; + + struct dtls1_timeout_st timeout; + + /* storage for Alert/Handshake protocol data received but not + * yet processed by ssl3_read_bytes: */ + unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; + unsigned int alert_fragment_len; + unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; + unsigned int handshake_fragment_len; + + unsigned int retransmitting; + unsigned int change_cipher_spec_ok; } DTLS1_STATE_INTERNAL; +#define D1I(s) (s->d1->internal) typedef struct cert_pkey_st { X509 *x509; diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 04219eb1b70..67ad1ae9248 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.87 2016/11/06 17:21:04 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.88 2017/01/22 07:16:39 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -849,7 +849,7 @@ tls1_enc(SSL *s, int send) if (SSL_IS_DTLS(s)) { dtls1_build_sequence_number(ad, seq, - send ? s->d1->w_epoch : s->d1->r_epoch); + send ? D1I(s)->w_epoch : D1I(s)->r_epoch); } else { memcpy(ad, seq, SSL3_SEQUENCE_SIZE); tls1_record_sequence_increment(seq); @@ -1040,7 +1040,7 @@ tls1_enc(SSL *s, int send) if (SSL_IS_DTLS(s)) { dtls1_build_sequence_number(buf, seq, - send ? s->d1->w_epoch : s->d1->r_epoch); + send ? D1I(s)->w_epoch : D1I(s)->r_epoch); } else { memcpy(buf, seq, SSL3_SEQUENCE_SIZE); tls1_record_sequence_increment(seq); @@ -1217,7 +1217,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) if (SSL_IS_DTLS(ssl)) dtls1_build_sequence_number(header, seq, - send ? ssl->d1->w_epoch : ssl->d1->r_epoch); + send ? D1I(ssl)->w_epoch : D1I(ssl)->r_epoch); else memcpy(header, seq, SSL3_SEQUENCE_SIZE); -- cgit v1.2.3