diff options
| author | Matt Caswell <matt@openssl.org> | 2022-07-22 12:39:24 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2022-08-18 16:38:13 +0100 |
| commit | cffafb5f57da07d90b23d0bc215371078d1ecbef (patch) | |
| tree | 810b43388badf3c799ba090fd95376da7263e206 | |
| parent | 2f90f85cc018c55d2b73c691f192909e402d1416 (diff) | |
Move some fields out of the SSL object and into the record layer object
Fields such as rrlmethod and rrl are entirely related to the record layer,
and so should be in that object.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
| -rw-r--r-- | ssl/d1_lib.c | 4 | ||||
| -rw-r--r-- | ssl/record/rec_layer_d1.c | 15 | ||||
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 83 | ||||
| -rw-r--r-- | ssl/record/record.h | 10 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 18 | ||||
| -rw-r--r-- | ssl/ssl_local.h | 11 | ||||
| -rw-r--r-- | ssl/statem/extensions_clnt.c | 2 | ||||
| -rw-r--r-- | ssl/statem/statem.c | 4 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 2 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 22 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 8 | ||||
| -rw-r--r-- | test/sslapitest.c | 8 |
12 files changed, 100 insertions, 87 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index ced721840f..e569b986bc 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -845,7 +845,7 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client) BIO_ADDR_clear(client); /* Buffer the record for use by the record layer */ - if (BIO_write(s->rrlnext, buf, n) != n) { + if (BIO_write(s->rlayer.rrlnext, buf, n) != n) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); ret = -1; goto end; @@ -853,7 +853,7 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client) /* * Reset the record layer - but this time we can use the record we just - * buffered in s->rrlnext + * buffered in s->rlayer.rrlnext */ if (!ssl_set_new_record_layer(s, DTLS_ANY_VERSION, diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index f032e3ea49..a5d45b3ae3 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -275,10 +275,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, rr = &sc->rlayer.tlsrecs[sc->rlayer.num_recs]; ret = HANDLE_RLAYER_RETURN(sc, - sc->rrlmethod->read_record(sc->rrl, &rr->rechandle, - &rr->version, &rr->type, - &rr->data, &rr->length, - &rr->epoch, rr->seq_num)); + sc->rlayer.rrlmethod->read_record(sc->rlayer.rrl, + &rr->rechandle, + &rr->version, &rr->type, + &rr->data, &rr->length, + &rr->epoch, rr->seq_num)); if (ret <= 0) { ret = dtls1_read_failed(sc, ret); /* @@ -292,7 +293,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } rr->off = 0; sc->rlayer.num_recs++; - } while (sc->rrlmethod->processed_read_pending(sc->rrl) + } while (sc->rlayer.rrlmethod->processed_read_pending(sc->rlayer.rrl) && sc->rlayer.num_recs < SSL_MAX_PIPELINES); } rr = &sc->rlayer.tlsrecs[sc->rlayer.curr_rec]; @@ -530,7 +531,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } ssl_release_record(sc, rr); if (!(sc->mode & SSL_MODE_AUTO_RETRY)) { - if (!sc->rrlmethod->unprocessed_read_pending(sc->rrl)) { + if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) { /* no read-ahead left? */ BIO *bio; @@ -566,7 +567,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; if (!(sc->mode & SSL_MODE_AUTO_RETRY)) { - if (!sc->rrlmethod->unprocessed_read_pending(sc->rrl)) { + if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) { /* no read-ahead left? */ BIO *bio; /* diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 3a1c6ef7a2..e41c3a1698 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -49,6 +49,12 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl) RECORD_LAYER_reset_read_sequence(rl); RECORD_LAYER_reset_write_sequence(rl); + if (rl->rrlmethod != NULL) + rl->rrlmethod->free(rl->rrl); /* Ignore return value */ + BIO_free(rl->rrlnext); + rl->rrlmethod = NULL; + rl->rrlnext = NULL; + if (rl->d) DTLS_RECORD_LAYER_clear(rl); } @@ -62,14 +68,14 @@ void RECORD_LAYER_release(RECORD_LAYER *rl) /* Checks if we have unprocessed read ahead data pending */ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl) { - return rl->s->rrlmethod->unprocessed_read_pending(rl->s->rrl); + return rl->rrlmethod->unprocessed_read_pending(rl->rrl); } /* Checks if we have decrypted unread record data pending */ int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl) { return (rl->curr_rec < rl->num_recs) - || rl->s->rrlmethod->processed_read_pending(rl->s->rrl); + || rl->rrlmethod->processed_read_pending(rl->rrl); } int RECORD_LAYER_write_pending(const RECORD_LAYER *rl) @@ -113,7 +119,7 @@ size_t ssl3_pending(const SSL *s) num += sc->rlayer.tlsrecs[i].length; } - num += sc->rrlmethod->app_data_pending(sc->rrl); + num += sc->rlayer.rrlmethod->app_data_pending(sc->rlayer.rrl); return num; } @@ -129,7 +135,7 @@ void SSL_set_default_read_buffer_len(SSL *s, size_t len) if (sc == NULL) return; - sc->default_read_buf_len = len; + sc->rlayer.default_read_buf_len = len; } const char *SSL_rstate_string_long(const SSL *s) @@ -1100,7 +1106,7 @@ int ossl_tls_handle_rlayer_return(SSL_CONNECTION *s, int ret, char *file, } else if (ret == OSSL_RECORD_RETURN_FATAL) { ERR_new(); ERR_set_debug(file, line, 0); - ossl_statem_fatal(s, s->rrlmethod->get_alert_code(s->rrl), + ossl_statem_fatal(s, s->rlayer.rrlmethod->get_alert_code(s->rlayer.rrl), SSL_R_RECORD_LAYER_FAILURE, NULL); } /* @@ -1122,7 +1128,7 @@ void ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr) { if (rr->rechandle != NULL) { /* The record layer allocated the buffers for this record */ - s->rrlmethod->release_record(s->rrl, rr->rechandle); + s->rlayer.rrlmethod->release_record(s->rlayer.rrl, rr->rechandle); } else { /* We allocated the buffers for this record (only happens with DTLS) */ OPENSSL_free(rr->data); @@ -1235,17 +1241,18 @@ int ssl3_read_bytes(SSL *ssl, int type, int *recvd_type, unsigned char *buf, rr = &s->rlayer.tlsrecs[s->rlayer.num_recs]; ret = HANDLE_RLAYER_RETURN(s, - s->rrlmethod->read_record(s->rrl, &rr->rechandle, - &rr->version, &rr->type, - &rr->data, &rr->length, - NULL, NULL)); + s->rlayer.rrlmethod->read_record(s->rlayer.rrl, + &rr->rechandle, + &rr->version, &rr->type, + &rr->data, &rr->length, + NULL, NULL)); if (ret <= 0) { /* SSLfatal() already called if appropriate */ return ret; } rr->off = 0; s->rlayer.num_recs++; - } while (s->rrlmethod->processed_read_pending(s->rrl) + } while (s->rlayer.rrlmethod->processed_read_pending(s->rlayer.rrl) && s->rlayer.num_recs < SSL_MAX_PIPELINES); } rr = &s->rlayer.tlsrecs[s->rlayer.curr_rec]; @@ -1734,7 +1741,7 @@ static const OSSL_RECORD_METHOD *ssl_select_next_record_layer(SSL_CONNECTION *s, #endif /* Default to the current OSSL_RECORD_METHOD */ - return s->rrlmethod; + return s->rlayer.rrlmethod; } static int ssl_post_record_layer_select(SSL_CONNECTION *s) @@ -1742,16 +1749,16 @@ static int ssl_post_record_layer_select(SSL_CONNECTION *s) #ifndef OPENSSL_NO_KTLS SSL *ssl = SSL_CONNECTION_GET_SSL(s); - if (s->rrlmethod == &ossl_ktls_record_method) { + if (s->rlayer.rrlmethod == &ossl_ktls_record_method) { /* KTLS does not support renegotiation so disallow it */ SSL_set_options(ssl, SSL_OP_NO_RENEGOTIATION); } #endif - if (SSL_IS_FIRST_HANDSHAKE(s) && s->rrlmethod->set_first_handshake != NULL) - s->rrlmethod->set_first_handshake(s->rrl, 1); + if (SSL_IS_FIRST_HANDSHAKE(s) && s->rlayer.rrlmethod->set_first_handshake != NULL) + s->rlayer.rrlmethod->set_first_handshake(s->rlayer.rrl, 1); - if (s->max_pipelines != 0 && s->rrlmethod->set_max_pipelines != NULL) - s->rrlmethod->set_max_pipelines(s->rrl, s->max_pipelines); + if (s->max_pipelines != 0 && s->rlayer.rrlmethod->set_max_pipelines != NULL) + s->rlayer.rrlmethod->set_max_pipelines(s->rlayer.rrl, s->max_pipelines); return 1; } @@ -1767,7 +1774,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, { OSSL_PARAM options[5], *opts = options; OSSL_PARAM settings[6], *set = settings; - const OSSL_RECORD_METHOD *origmeth = s->rrlmethod; + const OSSL_RECORD_METHOD *origmeth = s->rlayer.rrlmethod; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); const OSSL_RECORD_METHOD *meth; int use_etm, stream_mac = 0, tlstree = 0; @@ -1777,15 +1784,15 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, meth = ssl_select_next_record_layer(s, level); - if (s->rrlmethod != NULL && !s->rrlmethod->free(s->rrl)) { + if (s->rlayer.rrlmethod != NULL && !s->rlayer.rrlmethod->free(s->rlayer.rrl)) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return 0; } if (meth != NULL) - s->rrlmethod = meth; + s->rlayer.rrlmethod = meth; - if (!ossl_assert(s->rrlmethod != NULL)) { + if (!ossl_assert(s->rlayer.rrlmethod != NULL)) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return 0; } @@ -1796,7 +1803,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, *opts++ = OSSL_PARAM_construct_uint32(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE, &s->mode); *opts++ = OSSL_PARAM_construct_size_t(OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN, - &s->default_read_buf_len); + &s->rlayer.default_read_buf_len); *opts++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD, &s->rlayer.read_ahead); *opts = OSSL_PARAM_construct_end(); @@ -1861,7 +1868,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, for (;;) { int rlret; - BIO *prev = s->rrlnext; + BIO *prev = s->rlayer.rrlnext; unsigned int epoch = 0;; if (SSL_CONNECTION_IS_DTLS(s) @@ -1869,24 +1876,28 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, epoch = DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer) + 1; /* new epoch */ if (SSL_CONNECTION_IS_DTLS(s)) - s->rrlnext = BIO_new(BIO_s_dgram_mem()); + s->rlayer.rrlnext = BIO_new(BIO_s_dgram_mem()); else - s->rrlnext = BIO_new(BIO_s_mem()); + s->rlayer.rrlnext = BIO_new(BIO_s_mem()); - if (s->rrlnext == NULL) { + if (s->rlayer.rrlnext == NULL) { BIO_free(prev); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - rlret = s->rrlmethod->new_record_layer(sctx->libctx, sctx->propq, - version, s->server, direction, - level, epoch, key, keylen, iv, - ivlen, mackey, mackeylen, ciph, - taglen, mactype, md, comp, prev, - s->rbio, s->rrlnext, NULL, NULL, - settings, options, - rlayer_dispatch, s, &s->rrl); + rlret = s->rlayer.rrlmethod->new_record_layer(sctx->libctx, + sctx->propq, + version, s->server, + direction, level, epoch, + key, keylen, iv, ivlen, + mackey, mackeylen, ciph, + taglen, mactype, md, comp, + prev, s->rbio, + s->rlayer.rrlnext, NULL, + NULL, settings, options, + rlayer_dispatch, s, + &s->rlayer.rrl); BIO_free(prev); switch (rlret) { case OSSL_RECORD_RETURN_FATAL: @@ -1894,12 +1905,12 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, return 0; case OSSL_RECORD_RETURN_NON_FATAL_ERR: - if (s->rrlmethod != origmeth && origmeth != NULL) { + if (s->rlayer.rrlmethod != origmeth && origmeth != NULL) { /* * We tried a new record layer method, but it didn't work out, * so we fallback to the original method and try again */ - s->rrlmethod = origmeth; + s->rlayer.rrlmethod = origmeth; continue; } SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_RECORD_LAYER); diff --git a/ssl/record/record.h b/ssl/record/record.h index c441f7baec..b75d8c86f3 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -148,6 +148,16 @@ typedef struct dtls_record_layer_st { typedef struct record_layer_st { /* The parent SSL_CONNECTION structure */ SSL_CONNECTION *s; + + /* Method to use for the read record layer*/ + const OSSL_RECORD_METHOD *rrlmethod; + /* The read record layer object itself */ + OSSL_RECORD_LAYER *rrl; + /* BIO to store data destined for the next read record layer epoch */ + BIO *rrlnext; + /* Default read buffer length to be passed to the record layer */ + size_t default_read_buf_len; + /* * Read as many input bytes as possible (for * non-blocking reads) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 9471c3f09b..bb2e6a196e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -656,8 +656,8 @@ int ossl_ssl_connection_reset(SSL *s) } RECORD_LAYER_clear(&sc->rlayer); - BIO_free(sc->rrlnext); - sc->rrlnext = NULL; + BIO_free(sc->rlayer.rrlnext); + sc->rlayer.rrlnext = NULL; if (!ssl_set_new_record_layer(sc, SSL_CONNECTION_IS_DTLS(sc) ? DTLS_ANY_VERSION : TLS_ANY_VERSION, @@ -807,7 +807,7 @@ SSL *ossl_ssl_connection_new(SSL_CTX *ctx) s->max_send_fragment = ctx->max_send_fragment; s->split_send_fragment = ctx->split_send_fragment; s->max_pipelines = ctx->max_pipelines; - s->default_read_buf_len = ctx->default_read_buf_len; + s->rlayer.default_read_buf_len = ctx->default_read_buf_len; s->ext.debug_cb = 0; s->ext.debug_arg = NULL; @@ -1345,14 +1345,10 @@ void ossl_ssl_connection_free(SSL *ssl) if (s == NULL) return; - if (s->rrlmethod != NULL) - s->rrlmethod->free(s->rrl); /* Ignore return value */ - BIO_free(s->rrlnext); - X509_VERIFY_PARAM_free(s->param); dane_final(&s->dane); - RECORD_LAYER_release(&s->rlayer); + RECORD_LAYER_clear(&s->rlayer); /* Ignore return value */ ssl_free_wbio_buffer(s); @@ -1435,7 +1431,7 @@ void SSL_set0_rbio(SSL *s, BIO *rbio) BIO_free_all(sc->rbio); sc->rbio = rbio; - sc->rrlmethod->set1_bio(sc->rrl, sc->rbio); + sc->rlayer.rrlmethod->set1_bio(sc->rlayer.rrl, sc->rbio); } void SSL_set0_wbio(SSL *s, BIO *wbio) @@ -2771,8 +2767,8 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) if (larg < 1 || larg > SSL_MAX_PIPELINES) return 0; sc->max_pipelines = larg; - if (sc->rrlmethod->set_max_pipelines != NULL) - sc->rrlmethod->set_max_pipelines(sc->rrl, (size_t)larg); + if (sc->rlayer.rrlmethod->set_max_pipelines != NULL) + sc->rlayer.rrlmethod->set_max_pipelines(sc->rlayer.rrl, (size_t)larg); return 1; case SSL_CTRL_GET_RI_SUPPORT: return sc->s3.send_connection_binding; diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 8633b59d0f..ea081815a5 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1764,18 +1764,9 @@ struct ssl_connection_st { */ int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); - /* Old RECORD_LAYER structure - to be removed eventually */ + /* Record layer data */ RECORD_LAYER rlayer; - /* New read direciton OSSL_RECORD_LAYER - to replace rlayer above */ - const OSSL_RECORD_METHOD *rrlmethod; - /* The read direction record layer */ - OSSL_RECORD_LAYER *rrl; - /* BIO to store data destined for the next record layer epoch */ - BIO *rrlnext; - /* Default read buffer length to be passed to the record layer */ - size_t default_read_buf_len; - /* Default password callback. */ pem_password_cb *default_passwd_callback; /* Default password callback user data. */ diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 4f98e6de09..ace5b58625 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1769,7 +1769,7 @@ int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, /* We just set it here. We validate it in ssl_choose_client_version */ s->version = version; - s->rrlmethod->set_protocol_version(s->rrl, version); + s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, version); return 1; } diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index ed27d27bce..7daa220443 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -196,8 +196,8 @@ int ossl_statem_in_error(const SSL_CONNECTION *s) void ossl_statem_set_in_init(SSL_CONNECTION *s, int init) { s->statem.in_init = init; - if (s->rrlmethod != NULL && s->rrlmethod->set_in_init != NULL) - s->rrlmethod->set_in_init(s->rrl, init); + if (s->rlayer.rrlmethod != NULL && s->rlayer.rrlmethod->set_in_init != NULL) + s->rlayer.rrlmethod->set_in_init(s->rlayer.rrl, init); } int ossl_statem_get_in_handshake(SSL_CONNECTION *s) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 1c7d75c10c..2bfa9a2abf 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1417,7 +1417,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) } s->hello_retry_request = SSL_HRR_PENDING; /* Tell the record layer that we know we're going to get TLSv1.3 */ - s->rrlmethod->set_protocol_version(s->rrl, s->version); + s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, s->version); hrr = 1; if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 6651c26935..3a76306b23 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -804,8 +804,8 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) * no longer tolerate unencrypted alerts. This is ignored if less than * TLSv1.3 */ - if (s->rrlmethod->set_plain_alerts != NULL) - s->rrlmethod->set_plain_alerts(s->rrl, 0); + if (s->rlayer.rrlmethod->set_plain_alerts != NULL) + s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 0); if (s->post_handshake_auth != SSL_PHA_REQUESTED) s->statem.cleanuphand = 1; if (SSL_CONNECTION_IS_TLS13(s) @@ -897,8 +897,8 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) if (was_first && !SSL_IS_FIRST_HANDSHAKE(s) - && s->rrlmethod->set_first_handshake != NULL) - s->rrlmethod->set_first_handshake(s->rrl, 0); + && s->rlayer.rrlmethod->set_first_handshake != NULL) + s->rlayer.rrlmethod->set_first_handshake(s->rlayer.rrl, 0); return MSG_PROCESS_FINISHED_READING; } @@ -1880,7 +1880,8 @@ int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello, check_for_downgrade(s, best_vers, dgrd); s->version = best_vers; ssl->method = best_method; - if (!s->rrlmethod->set_protocol_version(s->rrl, best_vers)) + if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, + best_vers)) return ERR_R_INTERNAL_ERROR; return 0; @@ -1910,7 +1911,8 @@ int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello, check_for_downgrade(s, vent->version, dgrd); s->version = vent->version; ssl->method = method; - if (!s->rrlmethod->set_protocol_version(s->rrl, s->version)) + if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, + s->version)) return ERR_R_INTERNAL_ERROR; return 0; @@ -1972,7 +1974,8 @@ int ssl_choose_client_version(SSL_CONNECTION *s, int version, * versions they don't want. If not, then easy to fix, just return * ssl_method_error(s, s->method) */ - if (!s->rrlmethod->set_protocol_version(s->rrl, s->version)) { + if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, + s->version)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2036,7 +2039,8 @@ int ssl_choose_client_version(SSL_CONNECTION *s, int version, continue; ssl->method = vent->cmeth(); - if (!s->rrlmethod->set_protocol_version(s->rrl, s->version)) { + if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, + s->version)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2205,7 +2209,7 @@ int ssl_set_client_hello_version(SSL_CONNECTION *s) * we read the ServerHello. So we need to tell the record layer * about this immediately. */ - s->rrlmethod->set_protocol_version(s->rrl, ver_max); + s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, ver_max); } } else if (ver_max > TLS1_2_VERSION) { /* TLS1.3 always uses TLS1.2 in the legacy_version field */ diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 2ed19231ab..d7acc5c879 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -914,8 +914,8 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) * is an unencrypted alert, an encrypted alert, or an encrypted * handshake message. We temporarily tolerate unencrypted alerts. */ - if (s->rrlmethod->set_plain_alerts != NULL) - s->rrlmethod->set_plain_alerts(s->rrl, 1); + if (s->rlayer.rrlmethod->set_plain_alerts != NULL) + s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 1); break; } @@ -3458,8 +3458,8 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, * To get this far we must have read encrypted data from the client. We no * longer tolerate unencrypted alerts. This is ignored if less than TLSv1.3 */ - if (s->rrlmethod->set_plain_alerts != NULL) - s->rrlmethod->set_plain_alerts(s->rrl, 0); + if (s->rlayer.rrlmethod->set_plain_alerts != NULL) + s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 0); if ((sk = sk_X509_new_null()) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); diff --git a/test/sslapitest.c b/test/sslapitest.c index 774728bbc1..a3aecb6477 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1088,9 +1088,9 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) cbuf[0] = count++; memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(crec_rseq_before, &clientsc->rrl->sequence, SEQ_NUM_SIZE); + memcpy(crec_rseq_before, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE); memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(srec_rseq_before, &serversc->rrl->sequence, SEQ_NUM_SIZE); + memcpy(srec_rseq_before, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE); if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf))) goto end; @@ -1111,9 +1111,9 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) } memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(crec_rseq_after, &clientsc->rrl->sequence, SEQ_NUM_SIZE); + memcpy(crec_rseq_after, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE); memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(srec_rseq_after, &serversc->rrl->sequence, SEQ_NUM_SIZE); + memcpy(srec_rseq_after, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE); /* verify the payload */ if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf))) |