diff options
author | Todd Short <tshort@akamai.com> | 2018-12-12 13:09:50 -0500 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-04-29 17:26:09 +0100 |
commit | 555cbb328ee2eaa9356cd23e2194c1600653c500 (patch) | |
tree | 347c1fcdde0e9a736eb6c8590d95318b4c1940f6 /ssl/statem/statem_srvr.c | |
parent | d7fcf1feac3b3b1bf1a162f632b1e7db4f075aed (diff) |
Collapse ssl3_state_st (s3) into ssl_st
With the removal of SSLv2, the s3 structure is always allocated, so
there is little point in having it be an allocated pointer. Collapse
the ssl3_state_st structure into ssl_st and fixup any references.
This should be faster than going through an indirection and due to
fewer allocations, but I'm not seeing any significant performance
improvement; it seems to be within the margin of error in timing.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7888)
Diffstat (limited to 'ssl/statem/statem_srvr.c')
-rw-r--r-- | ssl/statem/statem_srvr.c | 156 |
1 files changed, 78 insertions, 78 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 781efd236e..fe495a3a68 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -69,7 +69,7 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt) case TLS_ST_SR_END_OF_EARLY_DATA: case TLS_ST_SW_FINISHED: - if (s->s3->tmp.cert_request) { + if (s->s3.tmp.cert_request) { if (mt == SSL3_MT_CERTIFICATE) { st->hand_state = TLS_ST_SR_CERT; return 1; @@ -172,7 +172,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) * list if we requested a certificate) */ if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) { - if (s->s3->tmp.cert_request) { + if (s->s3.tmp.cert_request) { if (s->version == SSL3_VERSION) { if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { @@ -193,7 +193,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) st->hand_state = TLS_ST_SR_KEY_EXCH; return 1; } - } else if (s->s3->tmp.cert_request) { + } else if (s->s3.tmp.cert_request) { if (mt == SSL3_MT_CERTIFICATE) { st->hand_state = TLS_ST_SR_CERT; return 1; @@ -245,7 +245,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) case TLS_ST_SR_CHANGE: #ifndef OPENSSL_NO_NEXTPROTONEG - if (s->s3->npn_seen) { + if (s->s3.npn_seen) { if (mt == SSL3_MT_NEXT_PROTO) { st->hand_state = TLS_ST_SR_NEXT_PROTO; return 1; @@ -309,7 +309,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) */ static int send_server_key_exchange(SSL *s) { - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey; /* * only send a ServerKeyExchange if DH or fortezza but we have a @@ -371,7 +371,7 @@ int send_certificate_request(SSL *s) * section "Certificate request" in SSL 3 drafts and in * RFC 2246): */ - && (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) + && (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL) /* * ... except when the application insists on * verification (against the specs, but statem_clnt.c accepts @@ -379,12 +379,12 @@ int send_certificate_request(SSL *s) */ || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) /* don't request certificate for SRP auth */ - && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) + && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aSRP) /* * With normal PSK Certificates and Certificate Requests * are omitted */ - && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)) { + && !(s->s3.tmp.new_cipher->algorithm_auth & SSL_aPSK)) { return 1; } @@ -597,7 +597,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) } else { /* Check if it is anon DH or anon ECDH, */ /* normal PSK or SRP */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & + if (!(s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { st->hand_state = TLS_ST_SW_CERT; } else if (send_server_key_exchange(s)) { @@ -735,7 +735,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_SW_CHANGE: if (SSL_IS_TLS13(s)) break; - s->session->cipher = s->s3->tmp.new_cipher; + s->session->cipher = s->s3.tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { /* SSLfatal() already called */ return WORK_ERROR; @@ -753,7 +753,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_EARLY_DATA: if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING - && (s->s3->flags & TLS1_FLAGS_STATELESS) == 0) + && (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return WORK_FINISHED_CONTINUE; /* Fall through */ @@ -1236,7 +1236,7 @@ static int ssl_check_srp_ext_ClientHello(SSL *s) int ret; int al = SSL_AD_UNRECOGNIZED_NAME; - if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && + if ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_kSRP) && (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { if (s->srp_ctx.login == NULL) { /* @@ -1357,7 +1357,7 @@ static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello) ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ? sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; - s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, + s->s3.is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, ext_len); } #endif /* !OPENSSL_NO_EC */ @@ -1377,7 +1377,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) goto err; } if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0 - || (!s->s3->send_connection_binding + || (!s->s3.send_connection_binding && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) { ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); @@ -1626,7 +1626,7 @@ static int tls_early_post_process_client_hello(SSL *s) } /* Set up the client_random */ - memcpy(s->s3->client_random, clienthello->random, SSL3_RANDOM_SIZE); + memcpy(s->s3.client_random, clienthello->random, SSL3_RANDOM_SIZE); /* Choose the version */ @@ -1721,7 +1721,7 @@ static int tls_early_post_process_client_hello(SSL *s) goto err; } - s->s3->send_connection_binding = 0; + s->s3.send_connection_binding = 0; /* Check what signalling cipher-suite values were received. */ if (scsvs != NULL) { for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) { @@ -1734,7 +1734,7 @@ static int tls_early_post_process_client_hello(SSL *s) SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); goto err; } - s->s3->send_connection_binding = 1; + s->s3.send_connection_binding = 1; } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV && !ssl_check_version_downgrade(s)) { /* @@ -1764,8 +1764,8 @@ static int tls_early_post_process_client_hello(SSL *s) goto err; } if (s->hello_retry_request == SSL_HRR_PENDING - && (s->s3->tmp.new_cipher == NULL - || s->s3->tmp.new_cipher->id != cipher->id)) { + && (s->s3.tmp.new_cipher == NULL + || s->s3.tmp.new_cipher->id != cipher->id)) { /* * A previous HRR picked a different ciphersuite to the one we * just selected. Something must have changed. @@ -1775,7 +1775,7 @@ static int tls_early_post_process_client_hello(SSL *s) SSL_R_BAD_CIPHER); goto err; } - s->s3->tmp.new_cipher = cipher; + s->s3.tmp.new_cipher = cipher; } /* We need to do this before getting the session */ @@ -1901,7 +1901,7 @@ static int tls_early_post_process_client_hello(SSL *s) */ { unsigned char *pos; - pos = s->s3->server_random; + pos = s->s3.server_random; if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE, dgrd) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, @@ -1959,7 +1959,7 @@ static int tls_early_post_process_client_hello(SSL *s) * options, we will now look for them. We have complen-1 compression * algorithms from the client, starting at q. */ - s->s3->tmp.new_compression = NULL; + s->s3.tmp.new_compression = NULL; if (SSL_IS_TLS13(s)) { /* * We already checked above that the NULL compression method appears in @@ -1990,11 +1990,11 @@ static int tls_early_post_process_client_hello(SSL *s) for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) { comp = sk_SSL_COMP_value(s->ctx->comp_methods, m); if (comp_id == comp->id) { - s->s3->tmp.new_compression = comp; + s->s3.tmp.new_compression = comp; break; } } - if (s->s3->tmp.new_compression == NULL) { + if (s->s3.tmp.new_compression == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_INVALID_COMPRESSION_ALGORITHM); @@ -2032,7 +2032,7 @@ static int tls_early_post_process_client_hello(SSL *s) break; } if (done) - s->s3->tmp.new_compression = comp; + s->s3.tmp.new_compression = comp; else comp = NULL; } @@ -2108,12 +2108,12 @@ static int tls_handle_status_request(SSL *s) int ret; /* If no certificate can't return certificate status */ - if (s->s3->tmp.cert != NULL) { + if (s->s3.tmp.cert != NULL) { /* * Set current certificate to one we will use so SSL_get_certificate * et al can pick it up. */ - s->cert->key = s->s3->tmp.cert; + s->cert->key = s->s3.tmp.cert; ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); switch (ret) { /* We don't want to send a status request response */ @@ -2148,24 +2148,24 @@ int tls_handle_alpn(SSL *s) const unsigned char *selected = NULL; unsigned char selected_len = 0; - if (s->ctx->ext.alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) { + if (s->ctx->ext.alpn_select_cb != NULL && s->s3.alpn_proposed != NULL) { int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len, - s->s3->alpn_proposed, - (unsigned int)s->s3->alpn_proposed_len, + s->s3.alpn_proposed, + (unsigned int)s->s3.alpn_proposed_len, s->ctx->ext.alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len); - if (s->s3->alpn_selected == NULL) { + OPENSSL_free(s->s3.alpn_selected); + s->s3.alpn_selected = OPENSSL_memdup(selected, selected_len); + if (s->s3.alpn_selected == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN, ERR_R_INTERNAL_ERROR); return 0; } - s->s3->alpn_selected_len = selected_len; + s->s3.alpn_selected_len = selected_len; #ifndef OPENSSL_NO_NEXTPROTONEG /* ALPN takes precedence over NPN. */ - s->s3->npn_seen = 0; + s->s3.npn_seen = 0; #endif /* Check ALPN is consistent with session */ @@ -2270,7 +2270,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) SSL_R_NO_SHARED_CIPHER); goto err; } - s->s3->tmp.new_cipher = cipher; + s->s3.tmp.new_cipher = cipher; } if (!s->hit) { if (!tls_choose_sigalg(s, 1)) { @@ -2281,7 +2281,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) if (s->not_resumable_session_cb != NULL) s->session->not_resumable = s->not_resumable_session_cb(s, - ((s->s3->tmp.new_cipher->algorithm_mkey + ((s->s3.tmp.new_cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0)); if (s->session->not_resumable) /* do not send a session ticket */ @@ -2289,7 +2289,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) } } else { /* Session-id reuse */ - s->s3->tmp.new_cipher = s->session->cipher; + s->s3.tmp.new_cipher = s->session->cipher; } /*- @@ -2301,7 +2301,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) * ssl version is set - sslv3 * s->session - The ssl session has been setup. * s->hit - session reuse flag - * s->s3->tmp.new_cipher- the new cipher to use. + * s->s3.tmp.new_cipher - the new cipher to use. */ /* @@ -2363,7 +2363,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) */ || !WPACKET_memcpy(pkt, s->hello_retry_request == SSL_HRR_PENDING - ? hrrrandom : s->s3->server_random, + ? hrrrandom : s->s3.server_random, SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); @@ -2411,14 +2411,14 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) #ifdef OPENSSL_NO_COMP compm = 0; #else - if (usetls13 || s->s3->tmp.new_compression == NULL) + if (usetls13 || s->s3.tmp.new_compression == NULL) compm = 0; else - compm = s->s3->tmp.new_compression->id; + compm = s->s3.tmp.new_compression->id; #endif if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) - || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len) + || !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, &len) || !WPACKET_put_bytes_u8(pkt, compm)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); @@ -2461,7 +2461,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) int tls_construct_server_done(SSL *s, WPACKET *pkt) { - if (!s->s3->tmp.cert_request) { + if (!s->s3.tmp.cert_request) { if (!ssl3_digest_cached_records(s, 0)) { /* SSLfatal() already called */ return 0; @@ -2480,7 +2480,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) size_t encodedlen = 0; int curve_id = 0; #endif - const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg; + const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg; int i; unsigned long type; const BIGNUM *r[4]; @@ -2500,7 +2500,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } - type = s->s3->tmp.new_cipher->algorithm_mkey; + type = s->s3.tmp.new_cipher->algorithm_mkey; r[0] = r[1] = r[2] = r[3] = NULL; #ifndef OPENSSL_NO_PSK @@ -2554,20 +2554,20 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) SSL_R_DH_KEY_TOO_SMALL); goto err; } - if (s->s3->tmp.pkey != NULL) { + if (s->s3.tmp.pkey != NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } - s->s3->tmp.pkey = ssl_generate_pkey(pkdhp); - if (s->s3->tmp.pkey == NULL) { + s->s3.tmp.pkey = ssl_generate_pkey(pkdhp); + if (s->s3.tmp.pkey == NULL) { /* SSLfatal() already called */ goto err; } - dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey); + dh = EVP_PKEY_get0_DH(s->s3.tmp.pkey); if (dh == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, @@ -2585,7 +2585,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) #ifndef OPENSSL_NO_EC if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { - if (s->s3->tmp.pkey != NULL) { + if (s->s3.tmp.pkey != NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); @@ -2600,15 +2600,15 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); goto err; } - s->s3->tmp.pkey = ssl_generate_pkey_group(s, curve_id); + s->s3.tmp.pkey = ssl_generate_pkey_group(s, curve_id); /* Generate a new key for this curve */ - if (s->s3->tmp.pkey == NULL) { + if (s->s3.tmp.pkey == NULL) { /* SSLfatal() already called */ goto err; } /* Encode the public key. */ - encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey, + encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3.tmp.pkey, &encodedPoint); if (encodedlen == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, @@ -2649,8 +2649,8 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } - if (((s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0) - || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) { + if (((s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0) + || ((s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) { lu = NULL; } else if (lu == NULL) { SSLfatal(s, SSL_AD_DECODE_ERROR, @@ -2751,7 +2751,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) /* not anonymous */ if (lu != NULL) { - EVP_PKEY *pkey = s->s3->tmp.cert->privatekey; + EVP_PKEY *pkey = s->s3.tmp.cert->privatekey; const EVP_MD *md; unsigned char *sigbytes1, *sigbytes2, *tbs; size_t siglen, tbslen; @@ -2900,7 +2900,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) done: s->certreqs_sent++; - s->s3->tmp.cert_request = 1; + s->s3.tmp.cert_request = 1; return 1; } @@ -2950,17 +2950,17 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt) return 0; } - OPENSSL_free(s->s3->tmp.psk); - s->s3->tmp.psk = OPENSSL_memdup(psk, psklen); + OPENSSL_free(s->s3.tmp.psk); + s->s3.tmp.psk = OPENSSL_memdup(psk, psklen); OPENSSL_cleanse(psk, psklen); - if (s->s3->tmp.psk == NULL) { + if (s->s3.tmp.psk == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); return 0; } - s->s3->tmp.psklen = psklen; + s->s3.tmp.psklen = psklen; return 1; #else @@ -3158,7 +3158,7 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); goto err; } - skey = s->s3->tmp.pkey; + skey = s->s3.tmp.pkey; if (skey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_MISSING_TMP_DH_KEY); @@ -3198,8 +3198,8 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) } ret = 1; - EVP_PKEY_free(s->s3->tmp.pkey); - s->s3->tmp.pkey = NULL; + EVP_PKEY_free(s->s3.tmp.pkey); + s->s3.tmp.pkey = NULL; err: EVP_PKEY_free(ckey); return ret; @@ -3214,7 +3214,7 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) { #ifndef OPENSSL_NO_EC - EVP_PKEY *skey = s->s3->tmp.pkey; + EVP_PKEY *skey = s->s3.tmp.pkey; EVP_PKEY *ckey = NULL; int ret = 0; @@ -3264,8 +3264,8 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) } ret = 1; - EVP_PKEY_free(s->s3->tmp.pkey); - s->s3->tmp.pkey = NULL; + EVP_PKEY_free(s->s3.tmp.pkey); + s->s3.tmp.pkey = NULL; err: EVP_PKEY_free(ckey); @@ -3336,7 +3336,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) PACKET encdata; /* Get our certificate private key */ - alg_a = s->s3->tmp.new_cipher->algorithm_auth; + alg_a = s->s3.tmp.new_cipher->algorithm_auth; if (alg_a & SSL_aGOST12) { /* * New GOST ciphersuites have SSL_aGOST01 bit too @@ -3444,7 +3444,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) { unsigned long alg_k; - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + alg_k = s->s3.tmp.new_cipher->algorithm_mkey; /* For PSK parse and retrieve identity, obtain PSK key */ if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt)) { @@ -3500,8 +3500,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) return MSG_PROCESS_CONTINUE_PROCESSING; err: #ifndef OPENSSL_NO_PSK - OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); - s->s3->tmp.psk = NULL; + OPENSSL_clear_free(s->s3.tmp.psk, s->s3.tmp.psklen); + s->s3.tmp.psk = NULL; #endif return MSG_PROCESS_ERROR; } @@ -3553,7 +3553,7 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) } return WORK_FINISHED_CONTINUE; } else { - if (!s->s3->handshake_buffer) { + if (!s->s3.handshake_buffer) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); @@ -3684,7 +3684,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) goto err; } /* No client certificate so digest cached records */ - if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, 0)) { + if (s->s3.handshake_buffer && !ssl3_digest_cached_records(s, 0)) { /* SSLfatal() already called */ goto err; } @@ -3776,7 +3776,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) int tls_construct_server_certificate(SSL *s, WPACKET *pkt) { - CERT_PKEY *cpk = s->s3->tmp.cert; + CERT_PKEY *cpk = s->s3.tmp.cert; if (cpk == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, @@ -4106,17 +4106,17 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) s->session->master_key_length = hashlen; s->session->time = (long)time(NULL); - if (s->s3->alpn_selected != NULL) { + if (s->s3.alpn_selected != NULL) { OPENSSL_free(s->session->ext.alpn_selected); s->session->ext.alpn_selected = - OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); + OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); goto err; } - s->session->ext.alpn_selected_len = s->s3->alpn_selected_len; + s->session->ext.alpn_selected_len = s->s3.alpn_selected_len; } s->session->ext.max_early_data = s->max_early_data; } |