diff options
| -rw-r--r-- | ssl/d1_lib.c | 4 | ||||
| -rw-r--r-- | ssl/record/rec_layer_d1.c | 15 | ||||
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 83 | ||||
| -rw-r--r-- | ssl/record/record.h | 10 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 18 | ||||
| -rw-r--r-- | ssl/ssl_local.h | 11 | ||||
| -rw-r--r-- | ssl/statem/extensions_clnt.c | 2 | ||||
| -rw-r--r-- | ssl/statem/statem.c | 4 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 2 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 22 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 8 | ||||
| -rw-r--r-- | test/sslapitest.c | 8 |
12 files changed, 100 insertions, 87 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index ced721840f..e569b986bc 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -845,7 +845,7 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client) BIO_ADDR_clear(client); /* Buffer the record for use by the record layer */ - if (BIO_write(s->rrlnext, buf, n) != n) { + if (BIO_write(s->rlayer.rrlnext, buf, n) != n) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); ret = -1; goto end; @@ -853,7 +853,7 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client) /* * Reset the record layer - but this time we can use the record we just - * buffered in s->rrlnext + * buffered in s->rlayer.rrlnext */ if (!ssl_set_new_record_layer(s, DTLS_ANY_VERSION, diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index f032e3ea49..a5d45b3ae3 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -275,10 +275,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, rr = &sc->rlayer.tlsrecs[sc->rlayer.num_recs]; ret = HANDLE_RLAYER_RETURN(sc, - sc->rrlmethod->read_record(sc->rrl, &rr->rechandle, - &rr->version, &rr->type, - &rr->data, &rr->length, - &rr->epoch, rr->seq_num)); + sc->rlayer.rrlmethod->read_record(sc->rlayer.rrl, + &rr->rechandle, + &rr->version, &rr->type, + &rr->data, &rr->length, + &rr->epoch, rr->seq_num)); if (ret <= 0) { ret = dtls1_read_failed(sc, ret); /* @@ -292,7 +293,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } rr->off = 0; sc->rlayer.num_recs++; - } while (sc->rrlmethod->processed_read_pending(sc->rrl) + } while (sc->rlayer.rrlmethod->processed_read_pending(sc->rlayer.rrl) && sc->rlayer.num_recs < SSL_MAX_PIPELINES); } rr = &sc->rlayer.tlsrecs[sc->rlayer.curr_rec]; @@ -530,7 +531,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } ssl_release_record(sc, rr); if (!(sc->mode & SSL_MODE_AUTO_RETRY)) { - if (!sc->rrlmethod->unprocessed_read_pending(sc->rrl)) { + if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) { /* no read-ahead left? */ BIO *bio; @@ -566,7 +567,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; if (!(sc->mode & SSL_MODE_AUTO_RETRY)) { - if (!sc->rrlmethod->unprocessed_read_pending(sc->rrl)) { + if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) { /* no read-ahead left? */ BIO *bio; /* diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 3a1c6ef7a2..e41c3a1698 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -49,6 +49,12 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl) RECORD_LAYER_reset_read_sequence(rl); RECORD_LAYER_reset_write_sequence(rl); + if (rl->rrlmethod != NULL) + rl->rrlmethod->free(rl->rrl); /* Ignore return value */ + BIO_free(rl->rrlnext); + rl->rrlmethod = NULL; + rl->rrlnext = NULL; + if (rl->d) DTLS_RECORD_LAYER_clear(rl); } @@ -62,14 +68,14 @@ void RECORD_LAYER_release(RECORD_LAYER *rl) /* Checks if we have unprocessed read ahead data pending */ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl) { - return rl->s->rrlmethod->unprocessed_read_pending(rl->s->rrl); + return rl->rrlmethod->unprocessed_read_pending(rl->rrl); } /* Checks if we have decrypted unread record data pending */ int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl) { return (rl->curr_rec < rl->num_recs) - || rl->s->rrlmethod->processed_read_pending(rl->s->rrl); + || rl->rrlmethod->processed_read_pending(rl->rrl); } int RECORD_LAYER_write_pending(const RECORD_LAYER *rl) @@ -113,7 +119,7 @@ size_t ssl3_pending(const SSL *s) num += sc->rlayer.tlsrecs[i].length; } - num += sc->rrlmethod->app_data_pending(sc->rrl); + num += sc->rlayer.rrlmethod->app_data_pending(sc->rlayer.rrl); return num; } @@ -129,7 +135,7 @@ void SSL_set_default_read_buffer_len(SSL *s, size_t len) if (sc == NULL) return; - sc->default_read_buf_len = len; + sc->rlayer.default_read_buf_len = len; } const char *SSL_rstate_string_long(const SSL *s) @@ -1100,7 +1106,7 @@ int ossl_tls_handle_rlayer_return(SSL_CONNECTION *s, int ret, char *file, } else if (ret == OSSL_RECORD_RETURN_FATAL) { ERR_new(); ERR_set_debug(file, line, 0); - ossl_statem_fatal(s, s->rrlmethod->get_alert_code(s->rrl), + ossl_statem_fatal(s, s->rlayer.rrlmethod->get_alert_code(s->rlayer.rrl), SSL_R_RECORD_LAYER_FAILURE, NULL); } /* @@ -1122,7 +1128,7 @@ void ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr) { if (rr->rechandle != NULL) { /* The record layer allocated the buffers for this record */ - s->rrlmethod->release_record(s->rrl, rr->rechandle); + s->rlayer.rrlmethod->release_record(s->rlayer.rrl, rr->rechandle); } else { /* We allocated the buffers for this record (only happens with DTLS) */ OPENSSL_free(rr->data); @@ -1235,17 +1241,18 @@ int ssl3_read_bytes(SSL *ssl, int type, int *recvd_type, unsigned char *buf, rr = &s->rlayer.tlsrecs[s->rlayer.num_recs]; ret = HANDLE_RLAYER_RETURN(s, - s->rrlmethod->read_record(s->rrl, &rr->rechandle, - &rr->version, &rr->type, - &rr->data, &rr->length, - NULL, NULL)); + s->rlayer.rrlmethod->read_record(s->rlayer.rrl, + &rr->rechandle, + &rr->version, &rr->type, + &rr->data, &rr->length, + NULL, NULL)); if (ret <= 0) { /* SSLfatal() already called if appropriate */ return ret; } rr->off = 0; s->rlayer.num_recs++; - } while (s->rrlmethod->processed_read_pending(s->rrl) + } while (s->rlayer.rrlmethod->processed_read_pending(s->rlayer.rrl) && s->rlayer.num_recs < SSL_MAX_PIPELINES); } rr = &s->rlayer.tlsrecs[s->rlayer.curr_rec]; @@ -1734,7 +1741,7 @@ static const OSSL_RECORD_METHOD *ssl_select_next_record_layer(SSL_CONNECTION *s, #endif /* Default to the current OSSL_RECORD_METHOD */ - return s->rrlmethod; + return s->rlayer.rrlmethod; } static int ssl_post_record_layer_select(SSL_CONNECTION *s) @@ -1742,16 +1749,16 @@ static int ssl_post_record_layer_select(SSL_CONNECTION *s) #ifndef OPENSSL_NO_KTLS SSL *ssl = SSL_CONNECTION_GET_SSL(s); - if (s->rrlmethod == &ossl_ktls_record_method) { + if (s->rlayer.rrlmethod == &ossl_ktls_record_method) { /* KTLS does not support renegotiation so disallow it */ SSL_set_options(ssl, SSL_OP_NO_RENEGOTIATION); } #endif - if (SSL_IS_FIRST_HANDSHAKE(s) && s->rrlmethod->set_first_handshake != NULL) - s->rrlmethod->set_first_handshake(s->rrl, 1); + if (SSL_IS_FIRST_HANDSHAKE(s) && s->rlayer.rrlmethod->set_first_handshake != NULL) + s->rlayer.rrlmethod->set_first_handshake(s->rlayer.rrl, 1); - if (s->max_pipelines != 0 && s->rrlmethod->set_max_pipelines != NULL) - s->rrlmethod->set_max_pipelines(s->rrl, s->max_pipelines); + if (s->max_pipelines != 0 && s->rlayer.rrlmethod->set_max_pipelines != NULL) + s->rlayer.rrlmethod->set_max_pipelines(s->rlayer.rrl, s->max_pipelines); return 1; } @@ -1767,7 +1774,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, { OSSL_PARAM options[5], *opts = options; OSSL_PARAM settings[6], *set = settings; - const OSSL_RECORD_METHOD *origmeth = s->rrlmethod; + const OSSL_RECORD_METHOD *origmeth = s->rlayer.rrlmethod; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); const OSSL_RECORD_METHOD *meth; int use_etm, stream_mac = 0, tlstree = 0; @@ -1777,15 +1784,15 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, meth = ssl_select_next_record_layer(s, level); - if (s->rrlmethod != NULL && !s->rrlmethod->free(s->rrl)) { + if (s->rlayer.rrlmethod != NULL && !s->rlayer.rrlmethod->free(s->rlayer.rrl)) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return 0; } if (meth != NULL) - s->rrlmethod = meth; + s->rlayer.rrlmethod = meth; - if (!ossl_assert(s->rrlmethod != NULL)) { + if (!ossl_assert(s->rlayer.rrlmethod != NULL)) { ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return 0; } @@ -1796,7 +1803,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, *opts++ = OSSL_PARAM_construct_uint32(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE, &s->mode); *opts++ = OSSL_PARAM_construct_size_t(OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN, - &s->default_read_buf_len); + &s->rlayer.default_read_buf_len); *opts++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD, &s->rlayer.read_ahead); *opts = OSSL_PARAM_construct_end(); @@ -1861,7 +1868,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, for (;;) { int rlret; - BIO *prev = s->rrlnext; + BIO *prev = s->rlayer.rrlnext; unsigned int epoch = 0;; if (SSL_CONNECTION_IS_DTLS(s) @@ -1869,24 +1876,28 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, epoch = DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer) + 1; /* new epoch */ if (SSL_CONNECTION_IS_DTLS(s)) - s->rrlnext = BIO_new(BIO_s_dgram_mem()); + s->rlayer.rrlnext = BIO_new(BIO_s_dgram_mem()); else - s->rrlnext = BIO_new(BIO_s_mem()); + s->rlayer.rrlnext = BIO_new(BIO_s_mem()); - if (s->rrlnext == NULL) { + if (s->rlayer.rrlnext == NULL) { BIO_free(prev); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - rlret = s->rrlmethod->new_record_layer(sctx->libctx, sctx->propq, - version, s->server, direction, - level, epoch, key, keylen, iv, - ivlen, mackey, mackeylen, ciph, - taglen, mactype, md, comp, prev, - s->rbio, s->rrlnext, NULL, NULL, - settings, options, - rlayer_dispatch, s, &s->rrl); + rlret = s->rlayer.rrlmethod->new_record_layer(sctx->libctx, + sctx->propq, + version, s->server, + direction, level, epoch, + key, keylen, iv, ivlen, + mackey, mackeylen, ciph, + taglen, mactype, md, comp, + prev, s->rbio, + s->rlayer.rrlnext, NULL, + NULL, settings, options, + rlayer_dispatch, s, + &s->rlayer.rrl); BIO_free(prev); switch (rlret) { case OSSL_RECORD_RETURN_FATAL: @@ -1894,12 +1905,12 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, return 0; case OSSL_RECORD_RETURN_NON_FATAL_ERR: - if (s->rrlmethod != origmeth && origmeth != NULL) { + if (s->rlayer.rrlmethod != origmeth && origmeth != NULL) { /* * We tried a new record layer method, but it didn't work out, * so we fallback to the original method and try again */ - s->rrlmethod = origmeth; + s->rlayer.rrlmethod = origmeth; continue; } SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_RECORD_LAYER); diff --git a/ssl/record/record.h b/ssl/record/record.h index c441f7baec..b75d8c86f3 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -148,6 +148,16 @@ typedef struct dtls_record_layer_st { typedef struct record_layer_st { /* The parent SSL_CONNECTION structure */ SSL_CONNECTION *s; + + /* Method to use for the read record layer*/ + const OSSL_RECORD_METHOD *rrlmethod; + /* The read record layer object itself */ + OSSL_RECORD_LAYER *rrl; + /* BIO to store data destined for the next read record layer epoch */ + BIO *rrlnext; + /* Default read buffer length to be passed to the record layer */ + size_t default_read_buf_len; + /* * Read as many input bytes as possible (for * non-blocking reads) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 9471c3f09b..bb2e6a196e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -656,8 +656,8 @@ int ossl_ssl_connection_reset(SSL *s) } RECORD_LAYER_clear(&sc->rlayer); - BIO_free(sc->rrlnext); - sc->rrlnext = NULL; + BIO_free(sc->rlayer.rrlnext); + sc->rlayer.rrlnext = NULL; if (!ssl_set_new_record_layer(sc, SSL_CONNECTION_IS_DTLS(sc) ? DTLS_ANY_VERSION : TLS_ANY_VERSION, @@ -807,7 +807,7 @@ SSL *ossl_ssl_connection_new(SSL_CTX *ctx) s->max_send_fragment = ctx->max_send_fragment; s->split_send_fragment = ctx->split_send_fragment; s->max_pipelines = ctx->max_pipelines; - s->default_read_buf_len = ctx->default_read_buf_len; + s->rlayer.default_read_buf_len = ctx->default_read_buf_len; s->ext.debug_cb = 0; s->ext.debug_arg = NULL; @@ -1345,14 +1345,10 @@ void ossl_ssl_connection_free(SSL *ssl) if (s == NULL) return; - if (s->rrlmethod != NULL) - s->rrlmethod->free(s->rrl); /* Ignore return value */ - BIO_free(s->rrlnext); - X509_VERIFY_PARAM_free(s->param); dane_final(&s->dane); - RECORD_LAYER_release(&s->rlayer); + RECORD_LAYER_clear(&s->rlayer); /* Ignore return value */ ssl_free_wbio_buffer(s); @@ -1435,7 +1431,7 @@ void SSL_set0_rbio(SSL *s, BIO *rbio) BIO_free_all(sc->rbio); sc->rbio = rbio; - sc->rrlmethod->set1_bio(sc->rrl, sc->rbio); + sc->rlayer.rrlmethod->set1_bio(sc->rlayer.rrl, sc->rbio); } void SSL_set0_wbio(SSL *s, BIO *wbio) @@ -2771,8 +2767,8 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) if (larg < 1 || larg > SSL_MAX_PIPELINES) return 0; sc->max_pipelines = larg; - if (sc->rrlmethod->set_max_pipelines != NULL) - sc->rrlmethod->set_max_pipelines(sc->rrl, (size_t)larg); + if (sc->rlayer.rrlmethod->set_max_pipelines != NULL) + sc->rlayer.rrlmethod->set_max_pipelines(sc->rlayer.rrl, (size_t)larg); return 1; case SSL_CTRL_GET_RI_SUPPORT: return sc->s3.send_connection_binding; diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 8633b59d0f..ea081815a5 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1764,18 +1764,9 @@ struct ssl_connection_st { */ int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); - /* Old RECORD_LAYER structure - to be removed eventually */ + /* Record layer data */ RECORD_LAYER rlayer; - /* New read direciton OSSL_RECORD_LAYER - to replace rlayer above */ - const OSSL_RECORD_METHOD *rrlmethod; - /* The read direction record layer */ - OSSL_RECORD_LAYER *rrl; - /* BIO to store data destined for the next record layer epoch */ - BIO *rrlnext; - /* Default read buffer length to be passed to the record layer */ - size_t default_read_buf_len; - /* Default password callback. */ pem_password_cb *default_passwd_callback; /* Default password callback user data. */ diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 4f98e6de09..ace5b58625 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1769,7 +1769,7 @@ int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, /* We just set it here. We validate it in ssl_choose_client_version */ s->version = version; - s->rrlmethod->set_protocol_version(s->rrl, version); + s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, version); return 1; } diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index ed27d27bce..7daa220443 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -196,8 +196,8 @@ int ossl_statem_in_error(const SSL_CONNECTION *s) void ossl_statem_set_in_init(SSL_CONNECTION *s, int init) { s->statem.in_init = init; - if (s->rrlmethod != NULL && s->rrlmethod->set_in_init != NULL) - s->rrlmethod->set_in_init(s->rrl, init); + if (s->rlayer.rrlmethod != NULL && s->rlayer.rrlmethod->set_in_init != NULL) + s->rlayer.rrlmethod->set_in_init(s->rlayer.rrl, init); } int ossl_statem_get_in_handshake(SSL_CONNECTION *s) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 1c7d75c10c..2bfa9a2abf 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1417,7 +1417,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) } s->hello_retry_request = SSL_HRR_PENDING; /* Tell the record layer that we know we're going to get TLSv1.3 */ - s->rrlmethod->set_protocol_version(s->rrl, s->version); + s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, s->version); hrr = 1; if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 6651c26935..3a76306b23 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -804,8 +804,8 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) * no longer tolerate unencrypted alerts. This is ignored if less than * TLSv1.3 */ - if (s->rrlmethod->set_plain_alerts != NULL) - s->rrlmethod->set_plain_alerts(s->rrl, 0); + if (s->rlayer.rrlmethod->set_plain_alerts != NULL) + s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 0); if (s->post_handshake_auth != SSL_PHA_REQUESTED) s->statem.cleanuphand = 1; if (SSL_CONNECTION_IS_TLS13(s) @@ -897,8 +897,8 @@ MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt) if (was_first && !SSL_IS_FIRST_HANDSHAKE(s) - && s->rrlmethod->set_first_handshake != NULL) - s->rrlmethod->set_first_handshake(s->rrl, 0); + && s->rlayer.rrlmethod->set_first_handshake != NULL) + s->rlayer.rrlmethod->set_first_handshake(s->rlayer.rrl, 0); return MSG_PROCESS_FINISHED_READING; } @@ -1880,7 +1880,8 @@ int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello, check_for_downgrade(s, best_vers, dgrd); s->version = best_vers; ssl->method = best_method; - if (!s->rrlmethod->set_protocol_version(s->rrl, best_vers)) + if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, + best_vers)) return ERR_R_INTERNAL_ERROR; return 0; @@ -1910,7 +1911,8 @@ int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello, check_for_downgrade(s, vent->version, dgrd); s->version = vent->version; ssl->method = method; - if (!s->rrlmethod->set_protocol_version(s->rrl, s->version)) + if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, + s->version)) return ERR_R_INTERNAL_ERROR; return 0; @@ -1972,7 +1974,8 @@ int ssl_choose_client_version(SSL_CONNECTION *s, int version, * versions they don't want. If not, then easy to fix, just return * ssl_method_error(s, s->method) */ - if (!s->rrlmethod->set_protocol_version(s->rrl, s->version)) { + if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, + s->version)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2036,7 +2039,8 @@ int ssl_choose_client_version(SSL_CONNECTION *s, int version, continue; ssl->method = vent->cmeth(); - if (!s->rrlmethod->set_protocol_version(s->rrl, s->version)) { + if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, + s->version)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2205,7 +2209,7 @@ int ssl_set_client_hello_version(SSL_CONNECTION *s) * we read the ServerHello. So we need to tell the record layer * about this immediately. */ - s->rrlmethod->set_protocol_version(s->rrl, ver_max); + s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, ver_max); } } else if (ver_max > TLS1_2_VERSION) { /* TLS1.3 always uses TLS1.2 in the legacy_version field */ diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 2ed19231ab..d7acc5c879 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -914,8 +914,8 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst) * is an unencrypted alert, an encrypted alert, or an encrypted * handshake message. We temporarily tolerate unencrypted alerts. */ - if (s->rrlmethod->set_plain_alerts != NULL) - s->rrlmethod->set_plain_alerts(s->rrl, 1); + if (s->rlayer.rrlmethod->set_plain_alerts != NULL) + s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 1); break; } @@ -3458,8 +3458,8 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, * To get this far we must have read encrypted data from the client. We no * longer tolerate unencrypted alerts. This is ignored if less than TLSv1.3 */ - if (s->rrlmethod->set_plain_alerts != NULL) - s->rrlmethod->set_plain_alerts(s->rrl, 0); + if (s->rlayer.rrlmethod->set_plain_alerts != NULL) + s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 0); if ((sk = sk_X509_new_null()) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); diff --git a/test/sslapitest.c b/test/sslapitest.c index 774728bbc1..a3aecb6477 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1088,9 +1088,9 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) cbuf[0] = count++; memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(crec_rseq_before, &clientsc->rrl->sequence, SEQ_NUM_SIZE); + memcpy(crec_rseq_before, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE); memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(srec_rseq_before, &serversc->rrl->sequence, SEQ_NUM_SIZE); + memcpy(srec_rseq_before, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE); if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf))) goto end; @@ -1111,9 +1111,9 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) } memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(crec_rseq_after, &clientsc->rrl->sequence, SEQ_NUM_SIZE); + memcpy(crec_rseq_after, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE); memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(srec_rseq_after, &serversc->rrl->sequence, SEQ_NUM_SIZE); + memcpy(srec_rseq_after, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE); /* verify the payload */ if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf))) |