summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2021-10-25 10:01:46 +0000
committerjsing <>2021-10-25 10:01:46 +0000
commitb56105c2617b86206d3688dd7940aa6e553af6e1 (patch)
tree7da475234e07731ebcbe2828153d1920d308e436
parent75891c69eb8972c8d768d8bd1068a807ba084652 (diff)
downloadopenbsd-b56105c2617b86206d3688dd7940aa6e553af6e1.tar.gz
openbsd-b56105c2617b86206d3688dd7940aa6e553af6e1.tar.bz2
openbsd-b56105c2617b86206d3688dd7940aa6e553af6e1.zip
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.
ok beck@ tb@
Diffstat
-rw-r--r--src/lib/libssl/s3_lib.c6
-rw-r--r--src/lib/libssl/ssl_clnt.c36
-rw-r--r--src/lib/libssl/ssl_lib.c10
-rw-r--r--src/lib/libssl/ssl_locl.h43
-rw-r--r--src/lib/libssl/ssl_sess.c72
-rw-r--r--src/lib/libssl/ssl_srvr.c12
-rw-r--r--src/lib/libssl/ssl_tlsext.c18
-rw-r--r--src/lib/libssl/t1_lib.c10
-rw-r--r--src/lib/libssl/tls13_client.c12
-rw-r--r--src/lib/libssl/tls13_server.c12
10 files changed, 110 insertions, 121 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 8a96a2cdef..71b86770ca 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.216 2021/10/24 09:15:00 beck Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.217 2021/10/25 10:01:46 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1668,10 +1668,10 @@ _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
1668 1668
1669 *key = NULL; 1669 *key = NULL;
1670 1670
1671 if (s->session == NULL || SSI(s)->sess_cert == NULL) 1671 if (s->session == NULL || s->session->sess_cert == NULL)
1672 return 0; 1672 return 0;
1673 1673
1674 sc = SSI(s)->sess_cert; 1674 sc = s->session->sess_cert;
1675 1675
1676 if ((pkey = EVP_PKEY_new()) == NULL) 1676 if ((pkey = EVP_PKEY_new()) == NULL)
1677 return 0; 1677 return 0;
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index ea502e6a33..fe864d1cdc 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.116 2021/10/23 16:11:30 tb Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.117 2021/10/25 10:01:46 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -655,7 +655,7 @@ ssl3_send_client_hello(SSL *s)
655 if (sess == NULL || 655 if (sess == NULL ||
656 sess->ssl_version != s->version || 656 sess->ssl_version != s->version ||
657 (!sess->session_id_length && !sess->tlsext_tick) || 657 (!sess->session_id_length && !sess->tlsext_tick) ||
658 sess->internal->not_resumable) { 658 sess->not_resumable) {
659 if (!ssl_get_new_session(s, 0)) 659 if (!ssl_get_new_session(s, 0))
660 goto err; 660 goto err;
661 } 661 }
@@ -1157,8 +1157,8 @@ ssl3_get_server_certificate(SSL *s)
1157 sc = ssl_sess_cert_new(); 1157 sc = ssl_sess_cert_new();
1158 if (sc == NULL) 1158 if (sc == NULL)
1159 goto err; 1159 goto err;
1160 ssl_sess_cert_free(SSI(s)->sess_cert); 1160 ssl_sess_cert_free(s->session->sess_cert);
1161 SSI(s)->sess_cert = sc; 1161 s->session->sess_cert = sc;
1162 1162
1163 sc->cert_chain = sk; 1163 sc->cert_chain = sk;
1164 /* 1164 /*
@@ -1231,7 +1231,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
1231 int al; 1231 int al;
1232 1232
1233 alg_a = S3I(s)->hs.cipher->algorithm_auth; 1233 alg_a = S3I(s)->hs.cipher->algorithm_auth;
1234 sc = SSI(s)->sess_cert; 1234 sc = s->session->sess_cert;
1235 1235
1236 if ((dh = DH_new()) == NULL) { 1236 if ((dh = DH_new()) == NULL) {
1237 SSLerror(s, ERR_R_DH_LIB); 1237 SSLerror(s, ERR_R_DH_LIB);
@@ -1359,7 +1359,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
1359 int al; 1359 int al;
1360 1360
1361 alg_a = S3I(s)->hs.cipher->algorithm_auth; 1361 alg_a = S3I(s)->hs.cipher->algorithm_auth;
1362 sc = SSI(s)->sess_cert; 1362 sc = s->session->sess_cert;
1363 1363
1364 /* Only named curves are supported. */ 1364 /* Only named curves are supported. */
1365 if (!CBS_get_u8(cbs, &curve_type) || 1365 if (!CBS_get_u8(cbs, &curve_type) ||
@@ -1468,18 +1468,18 @@ ssl3_get_server_key_exchange(SSL *s)
1468 return (1); 1468 return (1);
1469 } 1469 }
1470 1470
1471 if (SSI(s)->sess_cert != NULL) { 1471 if (s->session->sess_cert != NULL) {
1472 DH_free(SSI(s)->sess_cert->peer_dh_tmp); 1472 DH_free(s->session->sess_cert->peer_dh_tmp);
1473 SSI(s)->sess_cert->peer_dh_tmp = NULL; 1473 s->session->sess_cert->peer_dh_tmp = NULL;
1474 1474
1475 EC_KEY_free(SSI(s)->sess_cert->peer_ecdh_tmp); 1475 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1476 SSI(s)->sess_cert->peer_ecdh_tmp = NULL; 1476 s->session->sess_cert->peer_ecdh_tmp = NULL;
1477 1477
1478 free(SSI(s)->sess_cert->peer_x25519_tmp); 1478 free(s->session->sess_cert->peer_x25519_tmp);
1479 SSI(s)->sess_cert->peer_x25519_tmp = NULL; 1479 s->session->sess_cert->peer_x25519_tmp = NULL;
1480 } else { 1480 } else {
1481 SSI(s)->sess_cert = ssl_sess_cert_new(); 1481 s->session->sess_cert = ssl_sess_cert_new();
1482 if (SSI(s)->sess_cert == NULL) 1482 if (s->session->sess_cert == NULL)
1483 goto err; 1483 goto err;
1484 } 1484 }
1485 1485
@@ -2267,7 +2267,7 @@ ssl3_send_client_key_exchange(SSL *s)
2267 if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) { 2267 if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
2268 alg_k = S3I(s)->hs.cipher->algorithm_mkey; 2268 alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2269 2269
2270 if ((sess_cert = SSI(s)->sess_cert) == NULL) { 2270 if ((sess_cert = s->session->sess_cert) == NULL) {
2271 ssl3_send_alert(s, SSL3_AL_FATAL, 2271 ssl3_send_alert(s, SSL3_AL_FATAL,
2272 SSL_AD_UNEXPECTED_MESSAGE); 2272 SSL_AD_UNEXPECTED_MESSAGE);
2273 SSLerror(s, ERR_R_INTERNAL_ERROR); 2273 SSLerror(s, ERR_R_INTERNAL_ERROR);
@@ -2670,12 +2670,12 @@ ssl3_check_cert_and_algorithm(SSL *s)
2670 if (alg_a & SSL_aNULL) 2670 if (alg_a & SSL_aNULL)
2671 return (1); 2671 return (1);
2672 2672
2673 sc = SSI(s)->sess_cert; 2673 sc = s->session->sess_cert;
2674 if (sc == NULL) { 2674 if (sc == NULL) {
2675 SSLerror(s, ERR_R_INTERNAL_ERROR); 2675 SSLerror(s, ERR_R_INTERNAL_ERROR);
2676 goto err; 2676 goto err;
2677 } 2677 }
2678 dh = SSI(s)->sess_cert->peer_dh_tmp; 2678 dh = s->session->sess_cert->peer_dh_tmp;
2679 2679
2680 /* This is the passed certificate. */ 2680 /* This is the passed certificate. */
2681 2681
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index cfd5c9bfb8..f64b89352e 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.275 2021/10/23 20:42:50 beck Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.276 2021/10/25 10:01:46 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -887,10 +887,10 @@ SSL_get_peer_cert_chain(const SSL *s)
887 STACK_OF(X509) *r; 887 STACK_OF(X509) *r;
888 888
889 if ((s == NULL) || (s->session == NULL) || 889 if ((s == NULL) || (s->session == NULL) ||
890 (SSI(s)->sess_cert == NULL)) 890 (s->session->sess_cert == NULL))
891 r = NULL; 891 r = NULL;
892 else 892 else
893 r = SSI(s)->sess_cert->cert_chain; 893 r = s->session->sess_cert->cert_chain;
894 894
895 /* 895 /*
896 * If we are a client, cert_chain includes the peer's own 896 * If we are a client, cert_chain includes the peer's own
@@ -2245,8 +2245,8 @@ ssl_using_ecc_cipher(SSL *s)
2245 alg_a = S3I(s)->hs.cipher->algorithm_auth; 2245 alg_a = S3I(s)->hs.cipher->algorithm_auth;
2246 alg_k = S3I(s)->hs.cipher->algorithm_mkey; 2246 alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2247 2247
2248 return SSI(s)->tlsext_ecpointformatlist != NULL && 2248 return s->session->tlsext_ecpointformatlist != NULL &&
2249 SSI(s)->tlsext_ecpointformatlist_length > 0 && 2249 s->session->tlsext_ecpointformatlist_length > 0 &&
2250 ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)); 2250 ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA));
2251} 2251}
2252 2252
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index aa6233e617..01c22762ef 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.366 2021/10/23 20:42:50 beck Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.367 2021/10/25 10:01:46 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -412,28 +412,6 @@ struct ssl_method_st {
412 unsigned int enc_flags; /* SSL_ENC_FLAG_* */ 412 unsigned int enc_flags; /* SSL_ENC_FLAG_* */
413}; 413};
414 414
415typedef struct ssl_session_internal_st {
416 CRYPTO_EX_DATA ex_data; /* application specific data */
417
418 /* These are used to make removal of session-ids more
419 * efficient and to implement a maximum cache size. */
420 struct ssl_session_st *prev, *next;
421
422 /* Used to indicate that session resumption is not allowed.
423 * Applications can also set this bit for a new session via
424 * not_resumable_session_cb to disable session caching and tickets. */
425 int not_resumable;
426
427 /* The cert is the certificate used to establish this connection */
428 struct sess_cert_st /* SESS_CERT */ *sess_cert;
429
430 size_t tlsext_ecpointformatlist_length;
431 uint8_t *tlsext_ecpointformatlist; /* peer's list */
432 size_t tlsext_supportedgroups_length;
433 uint16_t *tlsext_supportedgroups; /* peer's list */
434} SSL_SESSION_INTERNAL;
435#define SSI(s) (s->session->internal)
436
437/* Lets make this into an ASN.1 type structure as follows 415/* Lets make this into an ASN.1 type structure as follows
438 * SSL_SESSION_ID ::= SEQUENCE { 416 * SSL_SESSION_ID ::= SEQUENCE {
439 * version INTEGER, -- structure version number 417 * version INTEGER, -- structure version number
@@ -500,7 +478,24 @@ struct ssl_session_st {
500 size_t tlsext_ticklen; /* Session ticket length */ 478 size_t tlsext_ticklen; /* Session ticket length */
501 uint32_t tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 479 uint32_t tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
502 480
503 struct ssl_session_internal_st *internal; 481 CRYPTO_EX_DATA ex_data; /* application specific data */
482
483 /* These are used to make removal of session-ids more
484 * efficient and to implement a maximum cache size. */
485 struct ssl_session_st *prev, *next;
486
487 /* Used to indicate that session resumption is not allowed.
488 * Applications can also set this bit for a new session via
489 * not_resumable_session_cb to disable session caching and tickets. */
490 int not_resumable;
491
492 /* The cert is the certificate used to establish this connection */
493 struct sess_cert_st /* SESS_CERT */ *sess_cert;
494
495 size_t tlsext_ecpointformatlist_length;
496 uint8_t *tlsext_ecpointformatlist; /* peer's list */
497 size_t tlsext_supportedgroups_length;
498 uint16_t *tlsext_supportedgroups; /* peer's list */
504}; 499};
505 500
506typedef struct cert_pkey_st { 501typedef struct cert_pkey_st {
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 4e798e08f0..2fa6af4564 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.105 2021/09/08 17:27:33 tb Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.106 2021/10/25 10:01:46 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -186,13 +186,13 @@ SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
186int 186int
187SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) 187SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
188{ 188{
189 return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); 189 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
190} 190}
191 191
192void * 192void *
193SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) 193SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
194{ 194{
195 return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); 195 return (CRYPTO_get_ex_data(&s->ex_data, idx));
196} 196}
197 197
198uint32_t 198uint32_t
@@ -221,26 +221,21 @@ SSL_SESSION_new(void)
221 SSLerrorx(ERR_R_MALLOC_FAILURE); 221 SSLerrorx(ERR_R_MALLOC_FAILURE);
222 return (NULL); 222 return (NULL);
223 } 223 }
224 if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) {
225 free(ss);
226 SSLerrorx(ERR_R_MALLOC_FAILURE);
227 return (NULL);
228 }
229 224
230 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ 225 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
231 ss->references = 1; 226 ss->references = 1;
232 ss->timeout=60*5+4; /* 5 minute timeout by default */ 227 ss->timeout=60*5+4; /* 5 minute timeout by default */
233 ss->time = time(NULL); 228 ss->time = time(NULL);
234 ss->internal->prev = NULL; 229 ss->prev = NULL;
235 ss->internal->next = NULL; 230 ss->next = NULL;
236 ss->tlsext_hostname = NULL; 231 ss->tlsext_hostname = NULL;
237 232
238 ss->internal->tlsext_ecpointformatlist_length = 0; 233 ss->tlsext_ecpointformatlist_length = 0;
239 ss->internal->tlsext_ecpointformatlist = NULL; 234 ss->tlsext_ecpointformatlist = NULL;
240 ss->internal->tlsext_supportedgroups_length = 0; 235 ss->tlsext_supportedgroups_length = 0;
241 ss->internal->tlsext_supportedgroups = NULL; 236 ss->tlsext_supportedgroups = NULL;
242 237
243 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data); 238 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
244 239
245 return (ss); 240 return (ss);
246} 241}
@@ -738,7 +733,7 @@ remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
738 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 733 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
739 734
740 if (ret) { 735 if (ret) {
741 r->internal->not_resumable = 1; 736 r->not_resumable = 1;
742 if (ctx->internal->remove_session_cb != NULL) 737 if (ctx->internal->remove_session_cb != NULL)
743 ctx->internal->remove_session_cb(ctx, r); 738 ctx->internal->remove_session_cb(ctx, r);
744 SSL_SESSION_free(r); 739 SSL_SESSION_free(r);
@@ -760,12 +755,12 @@ SSL_SESSION_free(SSL_SESSION *ss)
760 if (i > 0) 755 if (i > 0)
761 return; 756 return;
762 757
763 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data); 758 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
764 759
765 explicit_bzero(ss->master_key, sizeof ss->master_key); 760 explicit_bzero(ss->master_key, sizeof ss->master_key);
766 explicit_bzero(ss->session_id, sizeof ss->session_id); 761 explicit_bzero(ss->session_id, sizeof ss->session_id);
767 762
768 ssl_sess_cert_free(ss->internal->sess_cert); 763 ssl_sess_cert_free(ss->sess_cert);
769 764
770 X509_free(ss->peer); 765 X509_free(ss->peer);
771 766
@@ -773,10 +768,9 @@ SSL_SESSION_free(SSL_SESSION *ss)
773 768
774 free(ss->tlsext_hostname); 769 free(ss->tlsext_hostname);
775 free(ss->tlsext_tick); 770 free(ss->tlsext_tick);
776 free(ss->internal->tlsext_ecpointformatlist); 771 free(ss->tlsext_ecpointformatlist);
777 free(ss->internal->tlsext_supportedgroups); 772 free(ss->tlsext_supportedgroups);
778 773
779 freezero(ss->internal, sizeof(*ss->internal));
780 freezero(ss, sizeof(*ss)); 774 freezero(ss, sizeof(*ss));
781} 775}
782 776
@@ -1007,7 +1001,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
1007 * save on locking overhead */ 1001 * save on locking overhead */
1008 (void)lh_SSL_SESSION_delete(p->cache, s); 1002 (void)lh_SSL_SESSION_delete(p->cache, s);
1009 SSL_SESSION_list_remove(p->ctx, s); 1003 SSL_SESSION_list_remove(p->ctx, s);
1010 s->internal->not_resumable = 1; 1004 s->not_resumable = 1;
1011 if (p->ctx->internal->remove_session_cb != NULL) 1005 if (p->ctx->internal->remove_session_cb != NULL)
1012 p->ctx->internal->remove_session_cb(p->ctx, s); 1006 p->ctx->internal->remove_session_cb(p->ctx, s);
1013 SSL_SESSION_free(s); 1007 SSL_SESSION_free(s);
@@ -1059,50 +1053,50 @@ ssl_clear_bad_session(SSL *s)
1059static void 1053static void
1060SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) 1054SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
1061{ 1055{
1062 if ((s->internal->next == NULL) || (s->internal->prev == NULL)) 1056 if (s->next == NULL || s->prev == NULL)
1063 return; 1057 return;
1064 1058
1065 if (s->internal->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) { 1059 if (s->next == (SSL_SESSION *)&(ctx->internal->session_cache_tail)) {
1066 /* last element in list */ 1060 /* last element in list */
1067 if (s->internal->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { 1061 if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) {
1068 /* only one element in list */ 1062 /* only one element in list */
1069 ctx->internal->session_cache_head = NULL; 1063 ctx->internal->session_cache_head = NULL;
1070 ctx->internal->session_cache_tail = NULL; 1064 ctx->internal->session_cache_tail = NULL;
1071 } else { 1065 } else {
1072 ctx->internal->session_cache_tail = s->internal->prev; 1066 ctx->internal->session_cache_tail = s->prev;
1073 s->internal->prev->internal->next = 1067 s->prev->next =
1074 (SSL_SESSION *)&(ctx->internal->session_cache_tail); 1068 (SSL_SESSION *)&(ctx->internal->session_cache_tail);
1075 } 1069 }
1076 } else { 1070 } else {
1077 if (s->internal->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) { 1071 if (s->prev == (SSL_SESSION *)&(ctx->internal->session_cache_head)) {
1078 /* first element in list */ 1072 /* first element in list */
1079 ctx->internal->session_cache_head = s->internal->next; 1073 ctx->internal->session_cache_head = s->next;
1080 s->internal->next->internal->prev = 1074 s->next->prev =
1081 (SSL_SESSION *)&(ctx->internal->session_cache_head); 1075 (SSL_SESSION *)&(ctx->internal->session_cache_head);
1082 } else { 1076 } else {
1083 /* middle of list */ 1077 /* middle of list */
1084 s->internal->next->internal->prev = s->internal->prev; 1078 s->next->prev = s->prev;
1085 s->internal->prev->internal->next = s->internal->next; 1079 s->prev->next = s->next;
1086 } 1080 }
1087 } 1081 }
1088 s->internal->prev = s->internal->next = NULL; 1082 s->prev = s->next = NULL;
1089} 1083}
1090 1084
1091static void 1085static void
1092SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) 1086SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
1093{ 1087{
1094 if ((s->internal->next != NULL) && (s->internal->prev != NULL)) 1088 if (s->next != NULL && s->prev != NULL)
1095 SSL_SESSION_list_remove(ctx, s); 1089 SSL_SESSION_list_remove(ctx, s);
1096 1090
1097 if (ctx->internal->session_cache_head == NULL) { 1091 if (ctx->internal->session_cache_head == NULL) {
1098 ctx->internal->session_cache_head = s; 1092 ctx->internal->session_cache_head = s;
1099 ctx->internal->session_cache_tail = s; 1093 ctx->internal->session_cache_tail = s;
1100 s->internal->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); 1094 s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head);
1101 s->internal->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail); 1095 s->next = (SSL_SESSION *)&(ctx->internal->session_cache_tail);
1102 } else { 1096 } else {
1103 s->internal->next = ctx->internal->session_cache_head; 1097 s->next = ctx->internal->session_cache_head;
1104 s->internal->next->internal->prev = s; 1098 s->next->prev = s;
1105 s->internal->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head); 1099 s->prev = (SSL_SESSION *)&(ctx->internal->session_cache_head);
1106 ctx->internal->session_cache_head = s; 1100 ctx->internal->session_cache_head = s;
1107 } 1101 }
1108} 1102}
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index ec1e69a8bb..42f64bf86d 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.122 2021/10/23 14:40:54 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.123 2021/10/25 10:01:46 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2433,15 +2433,15 @@ ssl3_get_client_certificate(SSL *s)
2433 * With the current implementation, sess_cert will always be NULL 2433 * With the current implementation, sess_cert will always be NULL
2434 * when we arrive here 2434 * when we arrive here
2435 */ 2435 */
2436 if (SSI(s)->sess_cert == NULL) { 2436 if (s->session->sess_cert == NULL) {
2437 SSI(s)->sess_cert = ssl_sess_cert_new(); 2437 s->session->sess_cert = ssl_sess_cert_new();
2438 if (SSI(s)->sess_cert == NULL) { 2438 if (s->session->sess_cert == NULL) {
2439 SSLerror(s, ERR_R_MALLOC_FAILURE); 2439 SSLerror(s, ERR_R_MALLOC_FAILURE);
2440 goto err; 2440 goto err;
2441 } 2441 }
2442 } 2442 }
2443 sk_X509_pop_free(SSI(s)->sess_cert->cert_chain, X509_free); 2443 sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
2444 SSI(s)->sess_cert->cert_chain = sk; 2444 s->session->sess_cert->cert_chain = sk;
2445 2445
2446 /* 2446 /*
2447 * Inconsistency alert: cert_chain does *not* include the 2447 * Inconsistency alert: cert_chain does *not* include the
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 3ad564964d..d8143ce1be 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.99 2021/09/10 09:25:29 tb Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.100 2021/10/25 10:01:46 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -243,7 +243,7 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
243 int i; 243 int i;
244 244
245 if (S3I(s)->hs.tls13.hrr) { 245 if (S3I(s)->hs.tls13.hrr) {
246 if (SSI(s)->tlsext_supportedgroups == NULL) { 246 if (s->session->tlsext_supportedgroups == NULL) {
247 *alert = SSL_AD_HANDSHAKE_FAILURE; 247 *alert = SSL_AD_HANDSHAKE_FAILURE;
248 return 0; 248 return 0;
249 } 249 }
@@ -251,7 +251,7 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
251 * In the case of TLSv1.3 the client cannot change 251 * In the case of TLSv1.3 the client cannot change
252 * the supported groups. 252 * the supported groups.
253 */ 253 */
254 if (groups_len != SSI(s)->tlsext_supportedgroups_length) { 254 if (groups_len != s->session->tlsext_supportedgroups_length) {
255 *alert = SSL_AD_ILLEGAL_PARAMETER; 255 *alert = SSL_AD_ILLEGAL_PARAMETER;
256 return 0; 256 return 0;
257 } 257 }
@@ -260,7 +260,7 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
260 260
261 if (!CBS_get_u16(&grouplist, &group)) 261 if (!CBS_get_u16(&grouplist, &group))
262 goto err; 262 goto err;
263 if (SSI(s)->tlsext_supportedgroups[i] != group) { 263 if (s->session->tlsext_supportedgroups[i] != group) {
264 *alert = SSL_AD_ILLEGAL_PARAMETER; 264 *alert = SSL_AD_ILLEGAL_PARAMETER;
265 return 0; 265 return 0;
266 } 266 }
@@ -269,7 +269,7 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
269 return 1; 269 return 1;
270 } 270 }
271 271
272 if (SSI(s)->tlsext_supportedgroups != NULL) 272 if (s->session->tlsext_supportedgroups != NULL)
273 goto err; 273 goto err;
274 274
275 if ((groups = reallocarray(NULL, groups_len, 275 if ((groups = reallocarray(NULL, groups_len,
@@ -290,8 +290,8 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
290 goto err; 290 goto err;
291 } 291 }
292 292
293 SSI(s)->tlsext_supportedgroups = groups; 293 s->session->tlsext_supportedgroups = groups;
294 SSI(s)->tlsext_supportedgroups_length = groups_len; 294 s->session->tlsext_supportedgroups_length = groups_len;
295 } 295 }
296 296
297 return 1; 297 return 1;
@@ -383,8 +383,8 @@ tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
383 } 383 }
384 384
385 if (!s->internal->hit) { 385 if (!s->internal->hit) {
386 if (!CBS_stow(&ecpf, &(SSI(s)->tlsext_ecpointformatlist), 386 if (!CBS_stow(&ecpf, &(s->session->tlsext_ecpointformatlist),
387 &(SSI(s)->tlsext_ecpointformatlist_length))) { 387 &(s->session->tlsext_ecpointformatlist_length))) {
388 *alert = SSL_AD_INTERNAL_ERROR; 388 *alert = SSL_AD_INTERNAL_ERROR;
389 return 0; 389 return 0;
390 } 390 }
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 3cb2d8a113..092331aae1 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.182 2021/07/01 17:53:39 jsing Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.183 2021/10/25 10:01:46 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -329,8 +329,8 @@ tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
329 size_t *pformatslen) 329 size_t *pformatslen)
330{ 330{
331 if (client_formats != 0) { 331 if (client_formats != 0) {
332 *pformats = SSI(s)->tlsext_ecpointformatlist; 332 *pformats = s->session->tlsext_ecpointformatlist;
333 *pformatslen = SSI(s)->tlsext_ecpointformatlist_length; 333 *pformatslen = s->session->tlsext_ecpointformatlist_length;
334 return; 334 return;
335 } 335 }
336 336
@@ -352,8 +352,8 @@ tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups,
352 size_t *pgroupslen) 352 size_t *pgroupslen)
353{ 353{
354 if (client_groups != 0) { 354 if (client_groups != 0) {
355 *pgroups = SSI(s)->tlsext_supportedgroups; 355 *pgroups = s->session->tlsext_supportedgroups;
356 *pgroupslen = SSI(s)->tlsext_supportedgroups_length; 356 *pgroupslen = s->session->tlsext_supportedgroups_length;
357 return; 357 return;
358 } 358 }
359 359
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 00a1c6baa4..4dfb02581a 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.87 2021/10/23 14:40:54 jsing Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.88 2021/10/25 10:01:46 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -628,16 +628,16 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
628 if ((cert_idx = ssl_cert_type(cert, pkey)) < 0) 628 if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)
629 goto err; 629 goto err;
630 630
631 ssl_sess_cert_free(SSI(s)->sess_cert); 631 ssl_sess_cert_free(s->session->sess_cert);
632 if ((SSI(s)->sess_cert = ssl_sess_cert_new()) == NULL) 632 if ((s->session->sess_cert = ssl_sess_cert_new()) == NULL)
633 goto err; 633 goto err;
634 634
635 SSI(s)->sess_cert->cert_chain = certs; 635 s->session->sess_cert->cert_chain = certs;
636 certs = NULL; 636 certs = NULL;
637 637
638 X509_up_ref(cert); 638 X509_up_ref(cert);
639 SSI(s)->sess_cert->peer_pkeys[cert_idx].x509 = cert; 639 s->session->sess_cert->peer_pkeys[cert_idx].x509 = cert;
640 SSI(s)->sess_cert->peer_key = &(SSI(s)->sess_cert->peer_pkeys[cert_idx]); 640 s->session->sess_cert->peer_key = &(s->session->sess_cert->peer_pkeys[cert_idx]);
641 641
642 X509_free(s->session->peer); 642 X509_free(s->session->peer);
643 643
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index a19b3825fe..733a71f7d1 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.86 2021/10/23 14:40:54 jsing Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.87 2021/10/25 10:01:46 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -922,16 +922,16 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
922 if ((cert_idx = ssl_cert_type(cert, pkey)) < 0) 922 if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)
923 goto err; 923 goto err;
924 924
925 ssl_sess_cert_free(SSI(s)->sess_cert); 925 ssl_sess_cert_free(s->session->sess_cert);
926 if ((SSI(s)->sess_cert = ssl_sess_cert_new()) == NULL) 926 if ((s->session->sess_cert = ssl_sess_cert_new()) == NULL)
927 goto err; 927 goto err;
928 928
929 SSI(s)->sess_cert->cert_chain = certs; 929 s->session->sess_cert->cert_chain = certs;
930 certs = NULL; 930 certs = NULL;
931 931
932 X509_up_ref(cert); 932 X509_up_ref(cert);
933 SSI(s)->sess_cert->peer_pkeys[cert_idx].x509 = cert; 933 s->session->sess_cert->peer_pkeys[cert_idx].x509 = cert;
934 SSI(s)->sess_cert->peer_key = &(SSI(s)->sess_cert->peer_pkeys[cert_idx]); 934 s->session->sess_cert->peer_key = &(s->session->sess_cert->peer_pkeys[cert_idx]);
935 935
936 X509_free(s->session->peer); 936 X509_free(s->session->peer);
937 937
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 01:00:06 +0000