mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code

Move most of DTLS1_STATE to internal.

Browse Source 
ok jsing@
This commit is contained in:
beck 2017-01-22 07:16:38 +00:00
parent cbc2743a6e
commit f727153215
11 changed files with 272 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
lib/libssl/d1_both.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: d1_both.c,v 1.40 2016/12/06 13:38:11 jsing Exp $ */
/* $OpenBSD: d1_both.c,v 1.41 2017/01/22 07:16:38 beck Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@ -232,9 +232,9 @@ dtls1_do_write(SSL *s, int type)
unsigned int len, frag_off, mac_size, blocksize;
/* AHA! Figure out the MTU, and stick to the right size */
if (s->d1->mtu < dtls1_min_mtu() &&
if (D1I(s)->mtu < dtls1_min_mtu() &&
!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
/*
@ -242,20 +242,20 @@ dtls1_do_write(SSL *s, int type)
* doesn't know the MTU (ie., the initial write), so just
* make sure we have a reasonable number
*/
if (s->d1->mtu < dtls1_min_mtu()) {
s->d1->mtu = 0;
s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
if (D1I(s)->mtu < dtls1_min_mtu()) {
D1I(s)->mtu = 0;
D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
s->d1->mtu, NULL);
D1I(s)->mtu, NULL);
}
}
OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu());
/* should have something reasonable now */
if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
(int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
if (s->write_hash)
mac_size = EVP_MD_CTX_size(s->write_hash);
@ -270,7 +270,7 @@ dtls1_do_write(SSL *s, int type)
frag_off = 0;
while (s->init_num) {
curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) -
DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
@ -278,7 +278,7 @@ dtls1_do_write(SSL *s, int type)
ret = BIO_flush(SSL_get_wbio(s));
if (ret <= 0)
return ret;
curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH -
mac_size - blocksize;
}
@ -322,7 +322,7 @@ dtls1_do_write(SSL *s, int type)
*/
if (BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
else
return (-1);
@ -336,14 +336,14 @@ dtls1_do_write(SSL *s, int type)
OPENSSL_assert(len == (unsigned int)ret);
if (type == SSL3_RT_HANDSHAKE &&
!s->d1->retransmitting) {
!D1I(s)->retransmitting) {
/*
* Should not be done for 'Hello Request's,
* but in that case we'll ignore the result
* anyway
*/
unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
int xlen;
if (frag_off == 0) {
@ -420,7 +420,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
return s->init_num;
}
msg_hdr = &s->d1->r_msg_hdr;
msg_hdr = &D1I(s)->r_msg_hdr;
memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
again:
@ -452,8 +452,8 @@ again:
memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
/* Don't change sequence numbers while listening */
if (!s->d1->listen)
s->d1->handshake_read_seq++;
if (!D1I(s)->listen)
D1I(s)->handshake_read_seq++;
s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
return s->init_num;
@ -487,7 +487,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
return SSL_AD_ILLEGAL_PARAMETER;
}
if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */
{
/*
* msg_len is limited to 2^24, but is effectively checked
@ -500,11 +500,11 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
}
s->s3->tmp.message_size = msg_len;
s->d1->r_msg_hdr.msg_len = msg_len;
D1I(s)->r_msg_hdr.msg_len = msg_len;
s->s3->tmp.message_type = msg_hdr->type;
s->d1->r_msg_hdr.type = msg_hdr->type;
s->d1->r_msg_hdr.seq = msg_hdr->seq;
} else if (msg_len != s->d1->r_msg_hdr.msg_len) {
D1I(s)->r_msg_hdr.type = msg_hdr->type;
D1I(s)->r_msg_hdr.seq = msg_hdr->seq;
} else if (msg_len != D1I(s)->r_msg_hdr.msg_len) {
/*
* They must be playing with us! BTW, failure to enforce
* upper limit would open possibility for buffer overrun.
@ -531,7 +531,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
int al;
*ok = 0;
item = pqueue_peek(s->d1->buffered_messages);
item = pqueue_peek(D1I(s)->buffered_messages);
if (item == NULL)
return 0;
@ -541,9 +541,9 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
if (frag->reassembly != NULL)
return 0;
if (s->d1->handshake_read_seq == frag->msg_header.seq) {
if (D1I(s)->handshake_read_seq == frag->msg_header.seq) {
unsigned long frag_len = frag->msg_header.frag_len;
pqueue_pop(s->d1->buffered_messages);
pqueue_pop(D1I(s)->buffered_messages);
al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
@ -608,7 +608,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
memset(seq64be, 0, sizeof(seq64be));
seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
seq64be[7] = (unsigned char)msg_hdr->seq;
item = pqueue_find(s->d1->buffered_messages, seq64be);
item = pqueue_find(D1I(s)->buffered_messages, seq64be);
if (item == NULL) {
frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
@ -673,7 +673,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
goto err;
}
pqueue_insert(s->d1->buffered_messages, item);
pqueue_insert(D1I(s)->buffered_messages, item);
}
return DTLS1_HM_FRAGMENT_RETRY;
@ -702,7 +702,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
memset(seq64be, 0, sizeof(seq64be));
seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
seq64be[7] = (unsigned char) msg_hdr->seq;
item = pqueue_find(s->d1->buffered_messages, seq64be);
item = pqueue_find(D1I(s)->buffered_messages, seq64be);
/*
* If we already have an entry and this one is a fragment,
@ -717,9 +717,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
* a FINISHED before the SERVER_HELLO, which then must be a stale
* retransmit.
*/
if (msg_hdr->seq <= s->d1->handshake_read_seq ||
msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
(s->d1->handshake_read_seq == 0 &&
if (msg_hdr->seq <= D1I(s)->handshake_read_seq ||
msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL ||
(D1I(s)->handshake_read_seq == 0 &&
msg_hdr->type == SSL3_MT_FINISHED)) {
unsigned char devnull [256];
@ -760,7 +760,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
if (item == NULL)
goto err;
pqueue_insert(s->d1->buffered_messages, item);
pqueue_insert(D1I(s)->buffered_messages, item);
}
return DTLS1_HM_FRAGMENT_RETRY;
@ -814,8 +814,8 @@ again:
* While listening, we accept seq 1 (ClientHello with cookie)
* although we're still expecting seq 0 (ClientHello)
*/
if (msg_hdr.seq != s->d1->handshake_read_seq &&
!(s->d1->listen && msg_hdr.seq == 1))
if (msg_hdr.seq != D1I(s)->handshake_read_seq &&
!(D1I(s)->listen && msg_hdr.seq == 1))
return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
len = msg_hdr.msg_len;
@ -825,7 +825,7 @@ again:
if (frag_len && frag_len < len)
return dtls1_reassemble_fragment(s, &msg_hdr, ok);
if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 &&
wire[0] == SSL3_MT_HELLO_REQUEST) {
/*
* The server may always send 'Hello Request' messages --
@ -918,13 +918,13 @@ dtls1_send_change_cipher_spec(SSL *s, int a, int b)
if (s->state == a) {
p = (unsigned char *)s->init_buf->data;
*p++=SSL3_MT_CCS;
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
s->init_num = DTLS1_CCS_HEADER_LENGTH;
s->init_off = 0;
dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
s->d1->handshake_write_seq, 0, 0);
D1I(s)->handshake_write_seq, 0, 0);
/* buffer the message to handle re-xmits */
dtls1_buffer_message(s, 1);
@ -1031,26 +1031,26 @@ dtls1_buffer_message(SSL *s, int is_ccs)
memcpy(frag->fragment, s->init_buf->data, s->init_num);
if (is_ccs) {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len +
((s->version == DTLS1_VERSION) ?
DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
} else {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len +
DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
}
frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
frag->msg_header.seq = s->d1->w_msg_hdr.seq;
frag->msg_header.type = s->d1->w_msg_hdr.type;
frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len;
frag->msg_header.seq = D1I(s)->w_msg_hdr.seq;
frag->msg_header.type = D1I(s)->w_msg_hdr.type;
frag->msg_header.frag_off = 0;
frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len;
frag->msg_header.is_ccs = is_ccs;
/* save current state*/
frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
frag->msg_header.saved_retransmit_state.session = s->session;
frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch;
memset(seq64be, 0, sizeof(seq64be));
seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
@ -1120,21 +1120,21 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
saved_state.enc_write_ctx = s->enc_write_ctx;
saved_state.write_hash = s->write_hash;
saved_state.session = s->session;
saved_state.epoch = s->d1->w_epoch;
saved_state.epoch = D1I(s)->w_epoch;
s->d1->retransmitting = 1;
D1I(s)->retransmitting = 1;
/* restore state in which the message was originally sent */
s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
s->session = frag->msg_header.saved_retransmit_state.session;
s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
if (frag->msg_header.saved_retransmit_state.epoch ==
saved_state.epoch - 1) {
memcpy(save_write_sequence, s->s3->write_sequence,
sizeof(s->s3->write_sequence));
memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
memcpy(s->s3->write_sequence, D1I(s)->last_write_sequence,
sizeof(s->s3->write_sequence));
}
@ -1145,17 +1145,17 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
s->enc_write_ctx = saved_state.enc_write_ctx;
s->write_hash = saved_state.write_hash;
s->session = saved_state.session;
s->d1->w_epoch = saved_state.epoch;
D1I(s)->w_epoch = saved_state.epoch;
if (frag->msg_header.saved_retransmit_state.epoch ==
saved_state.epoch - 1) {
memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
memcpy(D1I(s)->last_write_sequence, s->s3->write_sequence,
sizeof(s->s3->write_sequence));
memcpy(s->s3->write_sequence, save_write_sequence,
sizeof(s->s3->write_sequence));
}
s->d1->retransmitting = 0;
D1I(s)->retransmitting = 0;
(void)BIO_flush(SSL_get_wbio(s));
return ret;
@ -1179,12 +1179,12 @@ dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
unsigned long len, unsigned long frag_off, unsigned long frag_len)
{
/* Don't change sequence numbers while listening */
if (frag_off == 0 && !s->d1->listen) {
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
s->d1->next_handshake_write_seq++;
if (frag_off == 0 && !D1I(s)->listen) {
D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq;
D1I(s)->next_handshake_write_seq++;
}
dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq,
frag_off, frag_len);
return p += DTLS1_HM_HEADER_LENGTH;
@ -1195,7 +1195,7 @@ static void
dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
{
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
msg_hdr->type = mt;
msg_hdr->msg_len = len;
@ -1207,7 +1207,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
static void
dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
{
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
msg_hdr->frag_off = frag_off;
msg_hdr->frag_len = frag_len;
@ -1216,7 +1216,7 @@ dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
static unsigned char *
dtls1_write_message_header(SSL *s, unsigned char *p)
{
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr;
*p++ = msg_hdr->type;
l2n3(msg_hdr->msg_len, p);

26
lib/libssl/d1_clnt.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: d1_clnt.c,v 1.60 2017/01/21 06:50:02 jsing Exp $ */
/* $OpenBSD: d1_clnt.c,v 1.61 2017/01/22 07:16:38 beck Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@ -247,7 +247,7 @@ dtls1_connect(SSL *s)
/* mark client_random uninitialized */
memset(s->s3->client_random, 0,
sizeof(s->s3->client_random));
s->d1->send_cookie = 0;
D1I(s)->send_cookie = 0;
s->hit = 0;
break;
@ -268,7 +268,7 @@ dtls1_connect(SSL *s)
if (ret <= 0)
goto end;
if (s->d1->send_cookie) {
if (D1I(s)->send_cookie) {
s->state = SSL3_ST_CW_FLUSH;
s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
} else
@ -304,7 +304,7 @@ dtls1_connect(SSL *s)
if (ret <= 0)
goto end;
dtls1_stop_timer(s);
if ( s->d1->send_cookie) /* start again, with a cookie */
if ( D1I(s)->send_cookie) /* start again, with a cookie */
s->state = SSL3_ST_CW_CLNT_HELLO_A;
else
s->state = SSL3_ST_CR_CERT_A;
@ -507,7 +507,7 @@ dtls1_connect(SSL *s)
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
s->d1->change_cipher_spec_ok = 1;
D1I(s)->change_cipher_spec_ok = 1;
ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
if (ret <= 0)
@ -566,8 +566,8 @@ dtls1_connect(SSL *s)
cb(s, SSL_CB_HANDSHAKE_DONE, 1);
/* done with handshaking */
s->d1->handshake_read_seq = 0;
s->d1->next_handshake_write_seq = 0;
D1I(s)->handshake_read_seq = 0;
D1I(s)->next_handshake_write_seq = 0;
goto end;
/* break; */
@ -619,7 +619,7 @@ dtls1_get_hello_verify(SSL *s)
return ((int)n);
if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
s->d1->send_cookie = 0;
D1I(s)->send_cookie = 0;
s->s3->tmp.reuse_message = 1;
return (1);
}
@ -642,14 +642,14 @@ dtls1_get_hello_verify(SSL *s)
if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie))
goto truncated;
if (!CBS_write_bytes(&cookie, s->d1->cookie,
sizeof(s->d1->cookie), &cookie_len)) {
s->d1->cookie_len = 0;
if (!CBS_write_bytes(&cookie, D1I(s)->cookie,
sizeof(D1I(s)->cookie), &cookie_len)) {
D1I(s)->cookie_len = 0;
al = SSL_AD_ILLEGAL_PARAMETER;
goto f_err;
}
s->d1->cookie_len = cookie_len;
s->d1->send_cookie = 1;
D1I(s)->cookie_len = cookie_len;
D1I(s)->send_cookie = 1;
return 1;

84
lib/libssl/d1_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: d1_lib.c,v 1.35 2017/01/22 03:50:45 jsing Exp $ */
/* $OpenBSD: d1_lib.c,v 1.36 2017/01/22 07:16:38 beck Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@ -117,24 +117,24 @@ dtls1_new(SSL *s)
/* d1->handshake_epoch=0; */
d1->unprocessed_rcds.q = pqueue_new();
d1->processed_rcds.q = pqueue_new();
d1->buffered_messages = pqueue_new();
d1->internal->unprocessed_rcds.q = pqueue_new();
d1->internal->processed_rcds.q = pqueue_new();
d1->internal->buffered_messages = pqueue_new();
d1->sent_messages = pqueue_new();
d1->buffered_app_data.q = pqueue_new();
d1->internal->buffered_app_data.q = pqueue_new();
if (s->server) {
d1->cookie_len = sizeof(s->d1->cookie);
d1->internal->cookie_len = sizeof(D1I(s)->cookie);
}
if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q ||
!d1->buffered_messages || !d1->sent_messages ||
!d1->buffered_app_data.q) {
pqueue_free(d1->unprocessed_rcds.q);
pqueue_free(d1->processed_rcds.q);
pqueue_free(d1->buffered_messages);
if (!d1->internal->unprocessed_rcds.q || !d1->internal->processed_rcds.q ||
!d1->internal->buffered_messages || !d1->sent_messages ||
!d1->internal->buffered_app_data.q) {
pqueue_free(d1->internal->unprocessed_rcds.q);
pqueue_free(d1->internal->processed_rcds.q);
pqueue_free(d1->internal->buffered_messages);
pqueue_free(d1->sent_messages);
pqueue_free(d1->buffered_app_data.q);
pqueue_free(d1->internal->buffered_app_data.q);
free(d1);
ssl3_free(s);
return (0);
@ -152,21 +152,21 @@ dtls1_clear_queues(SSL *s)
hm_fragment *frag = NULL;
DTLS1_RECORD_DATA *rdata;
while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
while ((item = pqueue_pop(D1I(s)->unprocessed_rcds.q)) != NULL) {
rdata = (DTLS1_RECORD_DATA *) item->data;
free(rdata->rbuf.buf);
free(item->data);
pitem_free(item);
}
while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
while ((item = pqueue_pop(D1I(s)->processed_rcds.q)) != NULL) {
rdata = (DTLS1_RECORD_DATA *) item->data;
free(rdata->rbuf.buf);
free(item->data);
pitem_free(item);
}
while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
while ((item = pqueue_pop(D1I(s)->buffered_messages)) != NULL) {
frag = (hm_fragment *)item->data;
free(frag->fragment);
free(frag);
@ -180,7 +180,7 @@ dtls1_clear_queues(SSL *s)
pitem_free(item);
}
while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
while ((item = pqueue_pop(D1I(s)->buffered_app_data.q)) != NULL) {
rdata = (DTLS1_RECORD_DATA *) item->data;
free(rdata->rbuf.buf);
free(item->data);
@ -198,11 +198,11 @@ dtls1_free(SSL *s)
dtls1_clear_queues(s);
pqueue_free(s->d1->unprocessed_rcds.q);
pqueue_free(s->d1->processed_rcds.q);
pqueue_free(s->d1->buffered_messages);
pqueue_free(D1I(s)->unprocessed_rcds.q);
pqueue_free(D1I(s)->processed_rcds.q);
pqueue_free(D1I(s)->buffered_messages);
pqueue_free(s->d1->sent_messages);
pqueue_free(s->d1->buffered_app_data.q);
pqueue_free(D1I(s)->buffered_app_data.q);
explicit_bzero(s->d1->internal, sizeof(*s->d1->internal));
free(s->d1->internal);
@ -225,12 +225,12 @@ dtls1_clear(SSL *s)
unsigned int mtu;
if (s->d1) {
unprocessed_rcds = s->d1->unprocessed_rcds.q;
processed_rcds = s->d1->processed_rcds.q;
buffered_messages = s->d1->buffered_messages;
unprocessed_rcds = D1I(s)->unprocessed_rcds.q;
processed_rcds = D1I(s)->processed_rcds.q;
buffered_messages = D1I(s)->buffered_messages;
sent_messages = s->d1->sent_messages;
buffered_app_data = s->d1->buffered_app_data.q;
mtu = s->d1->mtu;
buffered_app_data = D1I(s)->buffered_app_data.q;
mtu = D1I(s)->mtu;
dtls1_clear_queues(s);
@ -240,18 +240,18 @@ dtls1_clear(SSL *s)
s->d1->internal = internal;
if (s->server) {
s->d1->cookie_len = sizeof(s->d1->cookie);
D1I(s)->cookie_len = sizeof(D1I(s)->cookie);
}
if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
s->d1->mtu = mtu;
D1I(s)->mtu = mtu;
}
s->d1->unprocessed_rcds.q = unprocessed_rcds;
s->d1->processed_rcds.q = processed_rcds;
s->d1->buffered_messages = buffered_messages;
D1I(s)->unprocessed_rcds.q = unprocessed_rcds;
D1I(s)->processed_rcds.q = processed_rcds;
D1I(s)->buffered_messages = buffered_messages;
s->d1->sent_messages = sent_messages;
s->d1->buffered_app_data.q = buffered_app_data;
D1I(s)->buffered_app_data.q = buffered_app_data;
}
ssl3_clear(s);
@ -319,7 +319,7 @@ dtls1_start_timer(SSL *s)
/* Add duration to current time */
s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
&(s->d1->next_timeout));
&s->d1->next_timeout);
}
struct timeval*
@ -396,7 +396,7 @@ void
dtls1_stop_timer(SSL *s)
{
/* Reset everything */
memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
memset(&(D1I(s)->timeout), 0, sizeof(struct dtls1_timeout_st));
memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
s->d1->timeout_duration = 1;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
@ -408,16 +408,16 @@ dtls1_stop_timer(SSL *s)
int
dtls1_check_timeout_num(SSL *s)
{
s->d1->timeout.num_alerts++;
D1I(s)->timeout.num_alerts++;
/* Reduce MTU after 2 unsuccessful retransmissions */
if (s->d1->timeout.num_alerts > 2) {
s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
if (D1I(s)->timeout.num_alerts > 2) {
D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
}
if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
/* fail the connection, enough alerts have been sent */
SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
return -1;
@ -439,9 +439,9 @@ dtls1_handle_timeout(SSL *s)
if (dtls1_check_timeout_num(s) < 0)
return -1;
s->d1->timeout.read_timeouts++;
if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
s->d1->timeout.read_timeouts = 1;
D1I(s)->timeout.read_timeouts++;
if (D1I(s)->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
D1I(s)->timeout.read_timeouts = 1;
}
dtls1_start_timer(s);
@ -457,7 +457,7 @@ dtls1_listen(SSL *s, struct sockaddr *client)
SSL_clear(s);
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
s->d1->listen = 1;
D1I(s)->listen = 1;
ret = SSL_accept(s);
if (ret <= 0)

120
lib/libssl/d1_pkt.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: d1_pkt.c,v 1.49 2016/11/04 18:00:12 guenther Exp $ */
/* $OpenBSD: d1_pkt.c,v 1.50 2017/01/22 07:16:39 beck Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@ -285,31 +285,31 @@ dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
* yet */
#define dtls1_get_unprocessed_record(s) \
dtls1_retrieve_buffered_record((s), \
&((s)->d1->unprocessed_rcds))
&((D1I(s))->unprocessed_rcds))
/* retrieve a buffered record that belongs to the current epoch, ie, processed */
#define dtls1_get_processed_record(s) \
dtls1_retrieve_buffered_record((s), \
&((s)->d1->processed_rcds))
&((D1I(s))->processed_rcds))
static int
dtls1_process_buffered_records(SSL *s)
{
pitem *item;
item = pqueue_peek(s->d1->unprocessed_rcds.q);
item = pqueue_peek(D1I(s)->unprocessed_rcds.q);
if (item) {
/* Check if epoch is current. */
if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch)
return (1);
/* Nothing to do. */
/* Process all the records. */
while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
while (pqueue_peek(D1I(s)->unprocessed_rcds.q)) {
dtls1_get_unprocessed_record(s);
if (! dtls1_process_record(s))
return (0);
if (dtls1_buffer_record(s, &(s->d1->processed_rcds),
if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds),
s->s3->rrec.seq_num) < 0)
return (-1);
}
@ -317,8 +317,8 @@ dtls1_process_buffered_records(SSL *s)
/* sync epoch numbers once all the unprocessed records
* have been processed */
s->d1->processed_rcds.epoch = s->d1->r_epoch;
s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;
D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
return (1);
}
@ -581,7 +581,7 @@ again:
* since they arrive from different connections and
* would be dropped unnecessarily.
*/
if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE &&
p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
!dtls1_record_replay_check(s, bitmap))
goto again;
@ -596,8 +596,8 @@ again:
* anything while listening.
*/
if (is_next_epoch) {
if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
if ((SSL_in_init(s) || s->in_handshake) && !D1I(s)->listen) {
if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds),
rr->seq_num) < 0)
return (-1);
/* Mark receipt of record. */
@ -665,7 +665,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
return ret;
/* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
/* Now D1I(s)->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
if (!s->in_handshake && SSL_in_init(s))
{
@ -694,7 +694,7 @@ start:
*/
if (s->state == SSL_ST_OK && rr->length == 0) {
pitem *item;
item = pqueue_pop(s->d1->buffered_app_data.q);
item = pqueue_pop(D1I(s)->buffered_app_data.q);
if (item) {
dtls1_copy_record(s, item);
@ -721,7 +721,7 @@ start:
}
}
if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) {
rr->length = 0;
goto start;
}
@ -736,7 +736,7 @@ start:
* buffer the application data for later processing rather
* than dropping the connection.
*/
if (dtls1_buffer_record(s, &(s->d1->buffered_app_data),
if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data),
rr->seq_num) < 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
return (-1);
@ -799,13 +799,13 @@ start:
unsigned int *dest_len = NULL;
if (rr->type == SSL3_RT_HANDSHAKE) {
dest_maxlen = sizeof s->d1->handshake_fragment;
dest = s->d1->handshake_fragment;
dest_len = &s->d1->handshake_fragment_len;
dest_maxlen = sizeof D1I(s)->handshake_fragment;
dest = D1I(s)->handshake_fragment;
dest_len = &D1I(s)->handshake_fragment_len;
} else if (rr->type == SSL3_RT_ALERT) {
dest_maxlen = sizeof(s->d1->alert_fragment);
dest = s->d1->alert_fragment;
dest_len = &s->d1->alert_fragment_len;
dest_maxlen = sizeof(D1I(s)->alert_fragment);
dest = D1I(s)->alert_fragment;
dest_len = &D1I(s)->alert_fragment_len;
}
/* else it's a CCS message, or application data or wrong */
else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
@ -854,20 +854,20 @@ start:
}
}
/* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
* s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
/* D1I(s)->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
* D1I(s)->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
* (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
/* If we are a client, check for an incoming 'Hello Request': */
if ((!s->server) &&
(s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
(s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
(D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
(D1I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
(s->session != NULL) && (s->session->cipher != NULL)) {
s->d1->handshake_fragment_len = 0;
D1I(s)->handshake_fragment_len = 0;
if ((s->d1->handshake_fragment[1] != 0) ||
(s->d1->handshake_fragment[2] != 0) ||
(s->d1->handshake_fragment[3] != 0)) {
if ((D1I(s)->handshake_fragment[1] != 0) ||
(D1I(s)->handshake_fragment[2] != 0) ||
(D1I(s)->handshake_fragment[3] != 0)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
goto err;
@ -877,12 +877,12 @@ start:
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
D1I(s)->handshake_fragment, 4, s, s->msg_callback_arg);
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!s->s3->renegotiate) {
s->d1->handshake_read_seq++;
D1I(s)->handshake_read_seq++;
s->new_session = 1;
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s)) {
@ -916,15 +916,15 @@ start:
goto start;
}
if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
int alert_level = s->d1->alert_fragment[0];
int alert_descr = s->d1->alert_fragment[1];
if (D1I(s)->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
int alert_level = D1I(s)->alert_fragment[0];
int alert_descr = D1I(s)->alert_fragment[1];
s->d1->alert_fragment_len = 0;
D1I(s)->alert_fragment_len = 0;
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_ALERT,
s->d1->alert_fragment, 2, s, s->msg_callback_arg);
D1I(s)->alert_fragment, 2, s, s->msg_callback_arg);
if (s->info_callback != NULL)
cb = s->info_callback;
@ -994,11 +994,11 @@ start:
/* We can't process a CCS now, because previous handshake
* messages are still missing, so just drop it.
*/
if (!s->d1->change_cipher_spec_ok) {
if (!D1I(s)->change_cipher_spec_ok) {
goto start;
}
s->d1->change_cipher_spec_ok = 0;
D1I(s)->change_cipher_spec_ok = 0;
s->s3->change_cipher_spec = 1;
if (!ssl3_do_change_cipher_spec(s))
@ -1011,14 +1011,14 @@ start:
}
/* Unexpected handshake message (Client Hello, or protocol violation) */
if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
if ((D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
!s->in_handshake) {
struct hm_header_st msg_hdr;
/* this may just be a stale retransmit */
if (!dtls1_get_message_header(rr->data, &msg_hdr))
return -1;
if (rr->epoch != s->d1->r_epoch) {
if (rr->epoch != D1I(s)->r_epoch) {
rr->length = 0;
goto start;
}
@ -1151,24 +1151,24 @@ have_handshake_fragment(SSL *s, int type, unsigned char *buf,
int len, int peek)
{
if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
if ((type == SSL3_RT_HANDSHAKE) && (D1I(s)->handshake_fragment_len > 0))
/* (partially) satisfy request from storage */
{
unsigned char *src = s->d1->handshake_fragment;
unsigned char *src = D1I(s)->handshake_fragment;
unsigned char *dst = buf;
unsigned int k, n;
/* peek == 0 */
n = 0;
while ((len > 0) && (s->d1->handshake_fragment_len > 0)) {
while ((len > 0) && (D1I(s)->handshake_fragment_len > 0)) {
*dst++ = *src++;
len--;
s->d1->handshake_fragment_len--;
D1I(s)->handshake_fragment_len--;
n++;
}
/* move any remaining fragment bytes: */
for (k = 0; k < s->d1->handshake_fragment_len; k++)
s->d1->handshake_fragment[k] = *src++;
for (k = 0; k < D1I(s)->handshake_fragment_len; k++)
D1I(s)->handshake_fragment[k] = *src++;
return n;
}
@ -1306,11 +1306,11 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
/* there's only one epoch between handshake and app data */
s2n(s->d1->w_epoch, pseq);
s2n(D1I(s)->w_epoch, pseq);
/* XDTLS: ?? */
/* else
s2n(s->d1->handshake_epoch, pseq);
s2n(D1I(s)->handshake_epoch, pseq);
*/
memcpy(pseq, &(s->s3->write_sequence[2]), 6);
@ -1405,8 +1405,8 @@ dtls1_dispatch_alert(SSL *s)
#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
s2n(s->d1->handshake_read_seq, ptr);
l2n3(s->d1->r_msg_hdr.frag_off, ptr);
s2n(D1I(s)->handshake_read_seq, ptr);
l2n3(D1I(s)->r_msg_hdr.frag_off, ptr);
}
#endif
@ -1447,14 +1447,14 @@ dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
*is_next_epoch = 0;
/* In current epoch, accept HM, CCS, DATA, & ALERT */
if (rr->epoch == s->d1->r_epoch)
return &s->d1->bitmap;
if (rr->epoch == D1I(s)->r_epoch)
return &D1I(s)->bitmap;
/* Only HM and ALERT messages can be from the next epoch */
else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
else if (rr->epoch == (unsigned long)(D1I(s)->r_epoch + 1) &&
(rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
*is_next_epoch = 1;
return &s->d1->next_bitmap;
return &D1I(s)->next_bitmap;
}
return NULL;
@ -1468,13 +1468,13 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
if (rw & SSL3_CC_READ) {
seq = s->s3->read_sequence;
s->d1->r_epoch++;
memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
D1I(s)->r_epoch++;
memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));
memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
} else {
seq = s->s3->write_sequence;
memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
s->d1->w_epoch++;
memcpy(D1I(s)->last_write_sequence, seq, sizeof(s->s3->write_sequence));
D1I(s)->w_epoch++;
}
memset(seq, 0x00, seq_bytes);

34
lib/libssl/d1_srvr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: d1_srvr.c,v 1.70 2017/01/21 06:50:02 jsing Exp $ */
/* $OpenBSD: d1_srvr.c,v 1.71 2017/01/22 07:16:39 beck Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@ -193,14 +193,14 @@ dtls1_accept(SSL *s)
else if (s->ctx->info_callback != NULL)
cb = s->ctx->info_callback;
listen = s->d1->listen;
listen = D1I(s)->listen;
/* init things to blank */
s->in_handshake++;
if (!SSL_in_init(s) || SSL_in_before(s))
SSL_clear(s);
s->d1->listen = listen;
D1I(s)->listen = listen;
if (s->cert == NULL) {
SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
@ -317,13 +317,13 @@ dtls1_accept(SSL *s)
/* If we're just listening, stop here */
if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
ret = 2;
s->d1->listen = 0;
D1I(s)->listen = 0;
/* Set expected sequence numbers
* to continue the handshake.
*/
s->d1->handshake_read_seq = 2;
s->d1->handshake_write_seq = 1;
s->d1->next_handshake_write_seq = 1;
D1I(s)->handshake_read_seq = 2;
D1I(s)->handshake_write_seq = 1;
D1I(s)->next_handshake_write_seq = 1;
goto end;
}
@ -534,7 +534,7 @@ dtls1_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
s->d1->change_cipher_spec_ok = 1;
D1I(s)->change_cipher_spec_ok = 1;
/* we should decide if we expected this one */
ret = ssl3_get_cert_verify(s);
if (ret <= 0)
@ -545,7 +545,7 @@ dtls1_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
s->d1->change_cipher_spec_ok = 1;
D1I(s)->change_cipher_spec_ok = 1;
ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0)
@ -652,10 +652,10 @@ dtls1_accept(SSL *s)
ret = 1;
/* done handshaking, next message is client hello */
s->d1->handshake_read_seq = 0;
D1I(s)->handshake_read_seq = 0;
/* next message is server hello */
s->d1->handshake_write_seq = 0;
s->d1->next_handshake_write_seq = 0;
D1I(s)->handshake_write_seq = 0;
D1I(s)->next_handshake_write_seq = 0;
goto end;
/* break; */
@ -705,16 +705,16 @@ dtls1_send_hello_verify_request(SSL *s)
*(p++) = s->version & 0xFF;
if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
&(s->d1->cookie_len)) == 0) {
s->ctx->app_gen_cookie_cb(s, D1I(s)->cookie,
&(D1I(s)->cookie_len)) == 0) {
SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
ERR_R_INTERNAL_ERROR);
return 0;
}
*(p++) = (unsigned char) s->d1->cookie_len;
memcpy(p, s->d1->cookie, s->d1->cookie_len);
p += s->d1->cookie_len;
*(p++) = (unsigned char) D1I(s)->cookie_len;
memcpy(p, D1I(s)->cookie, D1I(s)->cookie_len);
p += D1I(s)->cookie_len;
ssl3_handshake_msg_finish(s, p - d);

64
lib/libssl/dtls1.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dtls1.h,v 1.20 2017/01/22 03:50:45 jsing Exp $ */
/* $OpenBSD: dtls1.h,v 1.21 2017/01/22 07:16:39 beck Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@ -153,77 +153,15 @@ typedef struct hm_fragment_st {
struct dtls1_state_internal_st;
typedef struct dtls1_state_st {
unsigned int send_cookie;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
unsigned int cookie_len;
/*
* The current data and handshake epoch. This is initially
* undefined, and starts at zero once the initial handshake is
* completed
*/
unsigned short r_epoch;
unsigned short w_epoch;
/* records being received in the current epoch */
DTLS1_BITMAP bitmap;
/* renegotiation starts a new set of sequence numbers */
DTLS1_BITMAP next_bitmap;
/* handshake message numbers */
unsigned short handshake_write_seq;
unsigned short next_handshake_write_seq;
unsigned short handshake_read_seq;
/* save last sequence number for retransmissions */
unsigned char last_write_sequence[8];
/* Received handshake records (processed and unprocessed) */
record_pqueue unprocessed_rcds;
record_pqueue processed_rcds;
/* Buffered handshake messages */
struct _pqueue *buffered_messages;
/* Buffered (sent) handshake records */
struct _pqueue *sent_messages;
/* Buffered application records.
* Only for records between CCS and Finished
* to prevent either protocol violation or
* unnecessary message loss.
*/
record_pqueue buffered_app_data;
/* Is set when listening for new connections with dtls1_listen() */
unsigned int listen;
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
struct hm_header_st r_msg_hdr;
struct dtls1_timeout_st timeout;
/* Indicates when the last handshake msg or heartbeat sent will timeout */
struct timeval next_timeout;
/* Timeout duration */
unsigned short timeout_duration;
/* storage for Alert/Handshake protocol data received but not
* yet processed by ssl3_read_bytes: */
unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
unsigned int alert_fragment_len;
unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
unsigned int handshake_fragment_len;
unsigned int retransmitting;
unsigned int change_cipher_spec_ok;
struct dtls1_state_internal_st *internal;
} DTLS1_STATE;

14
lib/libssl/s3_clnt.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_clnt.c,v 1.160 2017/01/22 06:36:49 jsing Exp $ */
/* $OpenBSD: s3_clnt.c,v 1.161 2017/01/22 07:16:39 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -611,7 +611,7 @@ ssl3_client_hello(SSL *s)
* HelloVerifyRequest, we must retain the original client
* random value.
*/
if (!SSL_IS_DTLS(s) || s->d1->send_cookie == 0)
if (!SSL_IS_DTLS(s) || D1I(s)->send_cookie == 0)
arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
@ -671,14 +671,14 @@ ssl3_client_hello(SSL *s)
/* DTLS Cookie. */
if (SSL_IS_DTLS(s)) {
if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) {
SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
ERR_R_INTERNAL_ERROR);
goto err;
}
*(p++) = s->d1->cookie_len;
memcpy(p, s->d1->cookie, s->d1->cookie_len);
p += s->d1->cookie_len;
*(p++) = D1I(s)->cookie_len;
memcpy(p, D1I(s)->cookie, D1I(s)->cookie_len);
p += D1I(s)->cookie_len;
}
/* Ciphers supported */
@ -743,7 +743,7 @@ ssl3_get_server_hello(SSL *s)
if (SSL_IS_DTLS(s)) {
if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
if (s->d1->send_cookie == 0) {
if (D1I(s)->send_cookie == 0) {
s->s3->tmp.reuse_message = 1;
return (1);
} else {

12
lib/libssl/s3_srvr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_srvr.c,v 1.139 2017/01/22 06:36:49 jsing Exp $ */
/* $OpenBSD: s3_srvr.c,v 1.140 2017/01/22 07:16:39 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -854,7 +854,7 @@ ssl3_get_client_hello(SSL *s)
* HelloVerify message has not been sent--make sure that it
* does not cause an overflow.
*/
if (cookie_len > sizeof(s->d1->rcvd_cookie)) {
if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) {
/* too much data */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
@ -868,19 +868,19 @@ ssl3_get_client_hello(SSL *s)
/* verify the cookie if appropriate option is set. */
if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
cookie_len > 0) {
memcpy(s->d1->rcvd_cookie, p, cookie_len);
memcpy(D1I(s)->rcvd_cookie, p, cookie_len);
if (s->ctx->app_verify_cookie_cb != NULL) {
if (s->ctx->app_verify_cookie_cb(s,
s->d1->rcvd_cookie, cookie_len) == 0) {
D1I(s)->rcvd_cookie, cookie_len) == 0) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
SSL_R_COOKIE_MISMATCH);
goto f_err;
}
/* else cookie verification succeeded */
} else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
s->d1->cookie_len) != 0) {
} else if (timingsafe_memcmp(D1I(s)->rcvd_cookie, D1I(s)->cookie,
D1I(s)->cookie_len) != 0) {
/* default verification */
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,

4
lib/libssl/ssl_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_lib.c,v 1.127 2017/01/22 06:36:49 jsing Exp $ */
/* $OpenBSD: ssl_lib.c,v 1.128 2017/01/22 07:16:39 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -1078,7 +1078,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
return (0);
#endif
if (SSL_IS_DTLS(s)) {
s->d1->mtu = larg;
D1I(s)->mtu = larg;
return (larg);
}
return (0);

63
lib/libssl/ssl_locl.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_locl.h,v 1.149 2017/01/22 06:36:49 jsing Exp $ */
/* $OpenBSD: ssl_locl.h,v 1.150 2017/01/22 07:16:39 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -449,8 +449,69 @@ typedef struct ssl3_state_internal_st {
} SSL3_STATE_INTERNAL;
typedef struct dtls1_state_internal_st {
unsigned int send_cookie;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
unsigned int cookie_len;
/*
* The current data and handshake epoch. This is initially
* undefined, and starts at zero once the initial handshake is
* completed
*/
unsigned short r_epoch;
unsigned short w_epoch;
/* records being received in the current epoch */
DTLS1_BITMAP bitmap;
/* renegotiation starts a new set of sequence numbers */
DTLS1_BITMAP next_bitmap;
/* handshake message numbers */
unsigned short handshake_write_seq;
unsigned short next_handshake_write_seq;
unsigned short handshake_read_seq;
/* save last sequence number for retransmissions */
unsigned char last_write_sequence[8];
/* Received handshake records (processed and unprocessed) */
record_pqueue unprocessed_rcds;
record_pqueue processed_rcds;
/* Buffered handshake messages */
struct _pqueue *buffered_messages;
/* Buffered application records.
* Only for records between CCS and Finished
* to prevent either protocol violation or
* unnecessary message loss.
*/
record_pqueue buffered_app_data;
/* Is set when listening for new connections with dtls1_listen() */
unsigned int listen;
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
struct hm_header_st r_msg_hdr;
struct dtls1_timeout_st timeout;
/* storage for Alert/Handshake protocol data received but not
* yet processed by ssl3_read_bytes: */
unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
unsigned int alert_fragment_len;
unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
unsigned int handshake_fragment_len;
unsigned int retransmitting;
unsigned int change_cipher_spec_ok;
} DTLS1_STATE_INTERNAL;
#define D1I(s) (s->d1->internal)
typedef struct cert_pkey_st {
X509 *x509;

8
lib/libssl/t1_enc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: t1_enc.c,v 1.87 2016/11/06 17:21:04 jsing Exp $ */
/* $OpenBSD: t1_enc.c,v 1.88 2017/01/22 07:16:39 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -849,7 +849,7 @@ tls1_enc(SSL *s, int send)
if (SSL_IS_DTLS(s)) {
dtls1_build_sequence_number(ad, seq,
send ? s->d1->w_epoch : s->d1->r_epoch);
send ? D1I(s)->w_epoch : D1I(s)->r_epoch);
} else {
memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
tls1_record_sequence_increment(seq);
@ -1040,7 +1040,7 @@ tls1_enc(SSL *s, int send)
if (SSL_IS_DTLS(s)) {
dtls1_build_sequence_number(buf, seq,
send ? s->d1->w_epoch : s->d1->r_epoch);
send ? D1I(s)->w_epoch : D1I(s)->r_epoch);
} else {
memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
tls1_record_sequence_increment(seq);
@ -1217,7 +1217,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
if (SSL_IS_DTLS(ssl))
dtls1_build_sequence_number(header, seq,
send ? ssl->d1->w_epoch : ssl->d1->r_epoch);
send ? D1I(ssl)->w_epoch : D1I(ssl)->r_epoch);
else
memcpy(header, seq, SSL3_SEQUENCE_SIZE);