}
if (s->d1->timer_cb != NULL)
- s->d1->timeout_duration_us = s->d1->timer_cb(SSL_CONNECTION_GET_SSL(s),
+ s->d1->timeout_duration_us = s->d1->timer_cb(SSL_CONNECTION_GET_USER_SSL(s),
s->d1->timeout_duration_us);
else
dtls1_double_timeout(s);
size_t len, void *cbarg)
{
SSL_CONNECTION *s = cbarg;
- SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s);
if (s->msg_callback != NULL)
s->msg_callback(write_p, version, content_type, buf, len, ssl,
static size_t rlayer_padding_wrapper(void *cbarg, int type, size_t len)
{
SSL_CONNECTION *s = cbarg;
- SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s);
return s->rlayer.record_padding_cb(ssl, type, len,
s->rlayer.record_padding_arg);
int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other)
{
- return s->cert->sec_cb(SSL_CONNECTION_GET_SSL(s), NULL, op, bits, nid,
+ return s->cert->sec_cb(SSL_CONNECTION_GET_USER_SSL(s), NULL, op, bits, nid,
other, s->cert->sec_ex);
}
*/
if (s->session_ctx->new_session_cb != NULL) {
SSL_SESSION_up_ref(s->session);
- if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_SSL(s),
+ if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_USER_SSL(s),
s->session))
SSL_SESSION_free(s->session);
}
do_sslkeylogfile(SSL_CONNECTION_GET_SSL(sc), (const char *)out);
#endif
if (sctx->keylog_callback != NULL)
- sctx->keylog_callback(SSL_CONNECTION_GET_SSL(sc), (const char *)out);
+ sctx->keylog_callback(SSL_CONNECTION_GET_USER_SSL(sc), (const char *)out);
OPENSSL_clear_free(out, out_len);
return 1;
}
if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
int copy = 1;
- ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_SSL(s),
+ ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_USER_SSL(s),
sess_id, sess_id_len, ©);
if (ret != NULL) {
thisex->type = type;
thisex->received_order = i++;
if (s->ext.debug_cb)
- s->ext.debug_cb(SSL_CONNECTION_GET_SSL(s), !s->server,
+ s->ext.debug_cb(SSL_CONNECTION_GET_USER_SSL(s), !s->server,
thisex->type, PACKET_data(&thisex->data),
PACKET_remaining(&thisex->data),
s->ext.debug_arg);
int ret = SSL_TLSEXT_ERR_NOACK;
int altmp = SSL_AD_UNRECOGNIZED_NAME;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
int was_ticket = (SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0;
}
if (sctx->ext.servername_cb != NULL)
- ret = sctx->ext.servername_cb(ssl, &altmp,
+ ret = sctx->ext.servername_cb(ussl, &altmp,
sctx->ext.servername_arg);
else if (s->session_ctx->ext.servername_cb != NULL)
- ret = s->session_ctx->ext.servername_cb(ssl, &altmp,
- s->session_ctx->ext.servername_arg);
+ ret = s->session_ctx->ext.servername_cb(ussl, &altmp,
+ s->session_ctx->ext.servername_arg);
/*
* For servers, propagate the SNI hostname from the temporary
|| !s->ext.early_data_ok
|| s->hello_retry_request != SSL_HRR_NONE
|| (s->allow_early_data_cb != NULL
- && !s->allow_early_data_cb(SSL_CONNECTION_GET_SSL(s),
- s->allow_early_data_cb_data))) {
+ && !s->allow_early_data_cb(SSL_CONNECTION_GET_USER_SSL(s),
+ s->allow_early_data_cb_data))) {
s->ext.early_data = SSL_EARLY_DATA_REJECTED;
} else {
s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
SSL_SESSION *psksess = NULL;
SSL_SESSION *edsess = NULL;
const EVP_MD *handmd = NULL;
- SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
if (s->hello_retry_request == SSL_HRR_PENDING)
handmd = ssl_handshake_md(s);
if (s->psk_use_session_cb != NULL
- && (!s->psk_use_session_cb(ssl, handmd, &id, &idlen, &psksess)
+ && (!s->psk_use_session_cb(ussl, handmd, &id, &idlen, &psksess)
|| (psksess != NULL
&& psksess->ssl_version != TLS1_3_VERSION))) {
SSL_SESSION_free(psksess);
size_t psklen = 0;
memset(identity, 0, sizeof(identity));
- psklen = s->psk_client_callback(ssl, NULL,
+ psklen = s->psk_client_callback(ussl, NULL,
identity, sizeof(identity) - 1,
psk, sizeof(psk));
* We found a PSK using an old style callback. We don't know
* the digest so we default to SHA256 as per the TLSv1.3 spec
*/
- cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
+ cipher = SSL_CIPHER_find(SSL_CONNECTION_GET_SSL(s),
+ tls13_aes128gcmsha256_id);
if (cipher == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
unsigned int context,
X509 *x, size_t chainidx)
{
- SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s);
if (s->ext.session_ticket_cb != NULL &&
!s->ext.session_ticket_cb(ssl, PACKET_data(pkt),
/* SSLfatal() already called */
return 0;
}
- if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_SSL(s),
+ if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_USER_SSL(s),
&selected, &selected_len,
PACKET_data(pkt), PACKET_remaining(pkt),
sctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK
if (meth->parse_cb == NULL)
return 1;
- if (meth->parse_cb(SSL_CONNECTION_GET_SSL(s), ext_type, context, ext_data,
+ if (meth->parse_cb(SSL_CONNECTION_GET_USER_SSL(s), ext_type, context, ext_data,
ext_size, x, chainidx, &al, meth->parse_arg) <= 0) {
SSLfatal(s, al, SSL_R_BAD_EXTENSION);
return 0;
continue;
if (meth->add_cb != NULL) {
- int cb_retval = meth->add_cb(SSL_CONNECTION_GET_SSL(s),
+ int cb_retval = meth->add_cb(SSL_CONNECTION_GET_USER_SSL(s),
meth->ext_type, context, &out,
&outlen, x, chainidx, &al,
meth->add_arg);
|| (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
|| !WPACKET_close(pkt)) {
if (meth->free_cb != NULL)
- meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context,
- out, meth->add_arg);
+ meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type,
+ context, out, meth->add_arg);
if (!for_comp)
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
*/
if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
if (meth->free_cb != NULL)
- meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type,
+ meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type,
context, out, meth->add_arg);
if (!for_comp)
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
meth->ext_flags |= SSL_EXT_FLAG_SENT;
}
if (meth->free_cb != NULL)
- meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context,
- out, meth->add_arg);
+ meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type,
+ context, out, meth->add_arg);
}
return 1;
}
X509 *x, size_t chainidx)
{
if (s->ext.session_ticket_cb &&
- !s->ext.session_ticket_cb(SSL_CONNECTION_GET_SSL(s),
+ !s->ext.session_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s),
PACKET_data(pkt), PACKET_remaining(pkt),
s->ext.session_ticket_cb_arg)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
}
/* Verify the app cookie */
- if (sctx->verify_stateless_cookie_cb(ssl,
+ if (sctx->verify_stateless_cookie_cb(SSL_CONNECTION_GET_USER_SSL(s),
PACKET_data(&appcookie),
PACKET_remaining(&appcookie)) == 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH);
unsigned int id, i, ext = 0;
const EVP_MD *md = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
- SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
/*
* If we have no PSK kex mode that we recognise then we can't resume so
idlen = PACKET_remaining(&identity);
if (s->psk_find_session_cb != NULL
- && !s->psk_find_session_cb(ssl, PACKET_data(&identity), idlen,
+ && !s->psk_find_session_cb(ussl, PACKET_data(&identity), idlen,
&sess)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION);
return 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
- pskdatalen = s->psk_server_callback(ssl, pskid, pskdata,
+ pskdatalen = s->psk_server_callback(ussl, pskid, pskdata,
sizeof(pskdata));
OPENSSL_free(pskid);
if (pskdatalen > PSK_MAX_PSK_LEN) {
* We found a PSK using an old style callback. We don't know
* the digest so we default to SHA256 as per the TLSv1.3 spec
*/
- cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
+ cipher = SSL_CIPHER_find(SSL_CONNECTION_GET_SSL(s),
+ tls13_aes128gcmsha256_id);
if (cipher == NULL) {
OPENSSL_cleanse(pskdata, pskdatalen);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
if (!npn_seen || sctx->ext.npn_advertised_cb == NULL)
return EXT_RETURN_NOT_SENT;
- ret = sctx->ext.npn_advertised_cb(SSL_CONNECTION_GET_SSL(s), &npa, &npalen,
- sctx->ext.npn_advertised_cb_arg);
+ ret = sctx->ext.npn_advertised_cb(SSL_CONNECTION_GET_USER_SSL(s), &npa,
+ &npalen, sctx->ext.npn_advertised_cb_arg);
if (ret == SSL_TLSEXT_ERR_OK) {
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
|| !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) {
int ret = EXT_RETURN_FAIL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0)
return EXT_RETURN_NOT_SENT;
}
/* Generate the application cookie */
- if (sctx->gen_stateless_cookie_cb(ssl, appcookie1,
+ if (sctx->gen_stateless_cookie_cb(ussl, appcookie1,
&appcookielen) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
return EXT_RETURN_FAIL;
int ret = -1;
int ssret;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
if (st->state == MSG_FLOW_ERROR) {
/* Shouldn't have been called if we're already in the error state */
s->server = server;
if (cb != NULL) {
if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_CONNECTION_IS_TLS13(s))
- cb(ssl, SSL_CB_HANDSHAKE_START, 1);
+ cb(ussl, SSL_CB_HANDSHAKE_START, 1);
}
/*
BUF_MEM_free(buf);
if (cb != NULL) {
if (server)
- cb(ssl, SSL_CB_ACCEPT_EXIT, ret);
+ cb(ussl, SSL_CB_ACCEPT_EXIT, ret);
else
- cb(ssl, SSL_CB_CONNECT_EXIT, ret);
+ cb(ussl, SSL_CB_CONNECT_EXIT, ret);
}
return ret;
}
WORK_STATE(*post_process_message) (SSL_CONNECTION *s, WORK_STATE wst);
size_t (*max_message_size) (SSL_CONNECTION *s);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
- SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s);
cb = get_callback(s);
CON_FUNC_RETURN (*confunc) (SSL_CONNECTION *s, WPACKET *pkt);
int mt;
WPACKET pkt;
- SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s);
cb = get_callback(s);
unsigned int context;
RAW_EXTENSION *extensions = NULL;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
#ifndef OPENSSL_NO_COMP
SSL_COMP *comp;
#endif
int master_key_length;
master_key_length = sizeof(s->session->master_key);
- if (s->ext.session_secret_cb(ssl, s->session->master_key,
+ if (s->ext.session_secret_cb(ussl, s->session->master_key,
&master_key_length,
NULL, &pref_cipher,
s->ext.session_secret_cb_arg)
*/
if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing
&& sctx->ext.status_cb != NULL) {
- int ret = sctx->ext.status_cb(SSL_CONNECTION_GET_SSL(s),
+ int ret = sctx->ext.status_cb(SSL_CONNECTION_GET_USER_SSL(s),
sctx->ext.status_arg);
if (ret == 0) {
memset(identity, 0, sizeof(identity));
- psklen = s->psk_client_callback(SSL_CONNECTION_GET_SSL(s),
+ psklen = s->psk_client_callback(SSL_CONNECTION_GET_USER_SSL(s),
s->session->psk_identity_hint,
identity, sizeof(identity) - 1,
psk, sizeof(psk));
}
#endif
if (sctx->client_cert_cb)
- i = sctx->client_cert_cb(SSL_CONNECTION_GET_SSL(s), px509, ppkey);
+ i = sctx->client_cert_cb(SSL_CONNECTION_GET_USER_SSL(s), px509, ppkey);
return i;
}
int retry = 1;
size_t len, frag_off, overhead, used_len;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
if (!dtls1_query_mtu(s))
return -1;
if (written == s->init_num) {
if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data,
- (size_t)(s->init_off + s->init_num), ssl,
+ (size_t)(s->init_off + s->init_num), ussl,
s->msg_callback_arg);
s->init_off = 0; /* done writing this message */
if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
if (s->msg_callback) {
s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
- p, 1, SSL_CONNECTION_GET_SSL(s),
+ p, 1, SSL_CONNECTION_GET_USER_SSL(s),
s->msg_callback_arg);
}
/*
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH,
- SSL_CONNECTION_GET_SSL(s), s->msg_callback_arg);
+ SSL_CONNECTION_GET_USER_SSL(s), s->msg_callback_arg);
end:
*len = s->init_num;
struct hm_header_st msg_hdr;
size_t readbytes;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
int chretran = 0;
unsigned char *p;
if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- p, DTLS1_HM_HEADER_LENGTH, ssl,
+ p, DTLS1_HM_HEADER_LENGTH, ussl,
s->msg_callback_arg);
s->init_num = 0;
int ret;
size_t written = 0;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
/*
* If we're running the test suite then we may need to mutate the message
s->statem.write_in_progress = 0;
if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data,
- (size_t)(s->init_off + s->init_num), ssl,
+ (size_t)(s->init_off + s->init_num), ussl,
s->msg_callback_arg);
return 1;
}
{
void (*cb) (const SSL *ssl, int type, int val) = NULL;
int cleanuphand = s->statem.cleanuphand;
- SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (clearbufs) {
* MUST NOT be used.
* Hence the init_buf can be cleared when DTLS over SCTP as transport is used.
*/
- || BIO_dgram_is_sctp(SSL_get_wbio(ssl))
+ || BIO_dgram_is_sctp(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s)))
#endif
) {
/*
unsigned char *p;
size_t l, readbytes;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
p = (unsigned char *)s->init_buf->data;
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- p, SSL3_HM_HEADER_LENGTH, ssl,
+ p, SSL3_HM_HEADER_LENGTH, ussl,
s->msg_callback_arg);
}
} while (skip_message);
unsigned char *p;
int i;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) {
/* We've already read everything in */
}
if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
- (size_t)s->init_num, ssl, s->msg_callback_arg);
+ (size_t)s->init_num, ussl, s->msg_callback_arg);
} else {
/*
* We defer feeding in the HRR until later. We'll do it as part of
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
- (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ssl,
+ (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ussl,
s->msg_callback_arg);
}
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (sctx->app_gen_cookie_cb == NULL
- || sctx->app_gen_cookie_cb(SSL_CONNECTION_GET_SSL(s), s->d1->cookie,
+ || sctx->app_gen_cookie_cb(SSL_CONNECTION_GET_USER_SSL(s), s->d1->cookie,
&cookie_leni) == 0
|| cookie_leni > DTLS1_COOKIE_LENGTH) {
SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
DOWNGRADE dgrd = DOWNGRADE_NONE;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
/* Finished parsing the ClientHello, now we can start processing it */
/* Give the ClientHello callback a crack at things */
if (sctx->client_hello_cb != NULL) {
/* A failure in the ClientHello callback terminates the connection. */
- switch (sctx->client_hello_cb(ssl, &al, sctx->client_hello_cb_arg)) {
+ switch (sctx->client_hello_cb(ussl, &al, sctx->client_hello_cb_arg)) {
case SSL_CLIENT_HELLO_SUCCESS:
break;
case SSL_CLIENT_HELLO_RETRY:
/* Empty cookie was already handled above by returning early. */
if (SSL_get_options(ssl) & SSL_OP_COOKIE_EXCHANGE) {
if (sctx->app_verify_cookie_cb != NULL) {
- if (sctx->app_verify_cookie_cb(ssl, clienthello->dtls_cookie,
- clienthello->dtls_cookie_len) == 0) {
+ if (sctx->app_verify_cookie_cb(ussl, clienthello->dtls_cookie,
+ clienthello->dtls_cookie_len) == 0) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_R_COOKIE_MISMATCH);
goto err;
int master_key_length;
master_key_length = sizeof(s->session->master_key);
- if (s->ext.session_secret_cb(ssl, s->session->master_key,
+ if (s->ext.session_secret_cb(ussl, s->session->master_key,
&master_key_length, ciphers,
&pref_cipher,
s->ext.session_secret_cb_arg)
* et al can pick it up.
*/
s->cert->key = s->s3.tmp.cert;
- ret = sctx->ext.status_cb(SSL_CONNECTION_GET_SSL(s),
+ ret = sctx->ext.status_cb(SSL_CONNECTION_GET_USER_SSL(s),
sctx->ext.status_arg);
switch (ret) {
/* We don't want to send a status request response */
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (sctx->ext.alpn_select_cb != NULL && s->s3.alpn_proposed != NULL) {
- int r = sctx->ext.alpn_select_cb(SSL_CONNECTION_GET_SSL(s),
+ int r = sctx->ext.alpn_select_cb(SSL_CONNECTION_GET_USER_SSL(s),
&selected, &selected_len,
s->s3.alpn_proposed,
(unsigned int)s->s3.alpn_proposed_len,
{
const SSL_CIPHER *cipher;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
if (wst == WORK_MORE_A) {
int rv = tls_early_post_process_client_hello(s);
if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) {
/* Let cert callback update server certificates if required */
if (!s->hit && s->cert->cert_cb != NULL) {
- int rv = s->cert->cert_cb(ssl, s->cert->cert_cb_arg);
+ int rv = s->cert->cert_cb(ussl, s->cert->cert_cb_arg);
+
if (rv == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CERT_CB_ERROR);
goto err;
/* check whether we should disable session resumption */
if (s->not_resumable_session_cb != NULL)
s->session->not_resumable =
- s->not_resumable_session_cb(ssl,
+ s->not_resumable_session_cb(ussl,
((s->s3.tmp.new_cipher->algorithm_mkey
& (SSL_kDHE | SSL_kECDHE)) != 0));
if (s->session->not_resumable)
}
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) {
- pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(SSL_CONNECTION_GET_SSL(s),
+ pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(SSL_CONNECTION_GET_USER_SSL(s),
0, 1024));
if (pkdh == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
- psklen = s->psk_server_callback(SSL_CONNECTION_GET_SSL(s),
+ psklen = s->psk_server_callback(SSL_CONNECTION_GET_USER_SSL(s),
s->session->psk_identity,
psk, sizeof(psk));
int iv_len;
CON_FUNC_RETURN ok = CON_FUNC_ERROR;
size_t macoffset, macendoffset;
- SSL *ssl = SSL_CONNECTION_GET_SSL(s);
+ SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* get session encoding length */
}
if (tctx->generate_ticket_cb != NULL &&
- tctx->generate_ticket_cb(SSL_CONNECTION_GET_SSL(s),
+ tctx->generate_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s),
tctx->ticket_cb_data) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
int rv = 0;
if (tctx->ext.ticket_key_evp_cb != NULL)
- rv = tctx->ext.ticket_key_evp_cb(SSL_CONNECTION_GET_SSL(s), nctick,
+ rv = tctx->ext.ticket_key_evp_cb(SSL_CONNECTION_GET_USER_SSL(s),
+ nctick,
nctick + TLSEXT_KEYNAME_LENGTH,
ctx,
ssl_hmac_get0_EVP_MAC_CTX(hctx),
#ifndef OPENSSL_NO_DEPRECATED_3_0
else if (tctx->ext.ticket_key_cb != NULL)
/* if 0 is returned, write an empty ticket */
- rv = tctx->ext.ticket_key_cb(SSL_CONNECTION_GET_SSL(s), nctick,
+ rv = tctx->ext.ticket_key_cb(SSL_CONNECTION_GET_USER_SSL(s), nctick,
nctick + TLSEXT_KEYNAME_LENGTH,
ctx, ssl_hmac_get0_HMAC_CTX(hctx), 0);
#endif
*ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) &&
((al =
- s->srp_ctx.TLS_ext_srp_username_callback(SSL_CONNECTION_GET_SSL(s),
+ s->srp_ctx.TLS_ext_srp_username_callback(SSL_CONNECTION_GET_USER_SSL(s),
ad,
s->srp_ctx.SRP_cb_arg)) !=
SSL_ERROR_NONE))
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
- if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(SSL_CONNECTION_GET_SSL(s),
+ if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(SSL_CONNECTION_GET_USER_SSL(s),
s->srp_ctx.SRP_cb_arg))
== NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED);
}
if (srp->SRP_verify_param_callback) {
- if (srp->SRP_verify_param_callback(SSL_CONNECTION_GET_SSL(s),
+ if (srp->SRP_verify_param_callback(SSL_CONNECTION_GET_USER_SSL(s),
srp->SRP_cb_arg) <= 0) {
SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_R_CALLBACK_FAILED);
return 0;
projects / thirdparty / openssl.git / commitdiff
