summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_srvr.c
diff options
context:
space:
mode:
authorjsing <>2017-01-23 13:36:13 +0000
committerjsing <>2017-01-23 13:36:13 +0000
commit0eff443f2ac1ae9043870f2d40d9dc0d57f236d6 (patch)
tree84ee9c4c985fe1078df40f818b7697846dba1c18 /src/lib/libssl/d1_srvr.c
parent76088a8d37b68292f56046a6a4dea9544ad5ab89 (diff)
downloadopenbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.gz
openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.bz2
openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.zip
Split most of SSL_METHOD out into an internal variant, which is opaque.
Discussed with beck@
Diffstat (limited to 'src/lib/libssl/d1_srvr.c')
-rw-r--r--src/lib/libssl/d1_srvr.c34
1 files changed, 19 insertions, 15 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 2a68483169..1787412bf5 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.78 2017/01/23 10:22:06 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.79 2017/01/23 13:36:13 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -128,7 +128,7 @@
128static const SSL_METHOD *dtls1_get_server_method(int ver); 128static const SSL_METHOD *dtls1_get_server_method(int ver);
129static int dtls1_send_hello_verify_request(SSL *s); 129static int dtls1_send_hello_verify_request(SSL *s);
130 130
131static const SSL_METHOD DTLSv1_server_method_data = { 131static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
132 .version = DTLS1_VERSION, 132 .version = DTLS1_VERSION,
133 .min_version = DTLS1_VERSION, 133 .min_version = DTLS1_VERSION,
134 .max_version = DTLS1_VERSION, 134 .max_version = DTLS1_VERSION,
@@ -141,21 +141,25 @@ static const SSL_METHOD DTLSv1_server_method_data = {
141 .ssl_peek = ssl3_peek, 141 .ssl_peek = ssl3_peek,
142 .ssl_write = ssl3_write, 142 .ssl_write = ssl3_write,
143 .ssl_shutdown = dtls1_shutdown, 143 .ssl_shutdown = dtls1_shutdown,
144 .ssl_pending = ssl3_pending,
145 .get_ssl_method = dtls1_get_server_method,
146 .get_timeout = dtls1_default_timeout,
147 .ssl_version = ssl_undefined_void_function,
144 .ssl_renegotiate = ssl3_renegotiate, 148 .ssl_renegotiate = ssl3_renegotiate,
145 .ssl_renegotiate_check = ssl3_renegotiate_check, 149 .ssl_renegotiate_check = ssl3_renegotiate_check,
146 .ssl_get_message = dtls1_get_message, 150 .ssl_get_message = dtls1_get_message,
147 .ssl_read_bytes = dtls1_read_bytes, 151 .ssl_read_bytes = dtls1_read_bytes,
148 .ssl_write_bytes = dtls1_write_app_data_bytes, 152 .ssl_write_bytes = dtls1_write_app_data_bytes,
153 .ssl3_enc = &DTLSv1_enc_data,
154};
155
156static const SSL_METHOD DTLSv1_server_method_data = {
149 .ssl_dispatch_alert = dtls1_dispatch_alert, 157 .ssl_dispatch_alert = dtls1_dispatch_alert,
150 .get_cipher_by_char = ssl3_get_cipher_by_char,
151 .put_cipher_by_char = ssl3_put_cipher_by_char,
152 .ssl_pending = ssl3_pending,
153 .num_ciphers = ssl3_num_ciphers, 158 .num_ciphers = ssl3_num_ciphers,
154 .get_cipher = dtls1_get_cipher, 159 .get_cipher = dtls1_get_cipher,
155 .get_ssl_method = dtls1_get_server_method, 160 .get_cipher_by_char = ssl3_get_cipher_by_char,
156 .get_timeout = dtls1_default_timeout, 161 .put_cipher_by_char = ssl3_put_cipher_by_char,
157 .ssl3_enc = &DTLSv1_enc_data, 162 .internal = &DTLSv1_server_method_internal_data,
158 .ssl_version = ssl_undefined_void_function,
159}; 163};
160 164
161const SSL_METHOD * 165const SSL_METHOD *
@@ -519,9 +523,9 @@ dtls1_accept(SSL *s)
519 523
520 /* We need to get hashes here so if there is 524 /* We need to get hashes here so if there is
521 * a client cert, it can be verified */ 525 * a client cert, it can be verified */
522 s->method->ssl3_enc->cert_verify_mac(s, 526 s->method->internal->ssl3_enc->cert_verify_mac(s,
523 NID_md5, &(S3I(s)->tmp.cert_verify_md[0])); 527 NID_md5, &(S3I(s)->tmp.cert_verify_md[0]));
524 s->method->ssl3_enc->cert_verify_mac(s, 528 s->method->internal->ssl3_enc->cert_verify_mac(s,
525 NID_sha1, 529 NID_sha1,
526 &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); 530 &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
527 } 531 }
@@ -579,7 +583,7 @@ dtls1_accept(SSL *s)
579 case SSL3_ST_SW_CHANGE_B: 583 case SSL3_ST_SW_CHANGE_B:
580 584
581 s->session->cipher = S3I(s)->tmp.new_cipher; 585 s->session->cipher = S3I(s)->tmp.new_cipher;
582 if (!s->method->ssl3_enc->setup_key_block(s)) { 586 if (!s->method->internal->ssl3_enc->setup_key_block(s)) {
583 ret = -1; 587 ret = -1;
584 goto end; 588 goto end;
585 } 589 }
@@ -594,7 +598,7 @@ dtls1_accept(SSL *s)
594 s->internal->state = SSL3_ST_SW_FINISHED_A; 598 s->internal->state = SSL3_ST_SW_FINISHED_A;
595 s->internal->init_num = 0; 599 s->internal->init_num = 0;
596 600
597 if (!s->method->ssl3_enc->change_cipher_state(s, 601 if (!s->method->internal->ssl3_enc->change_cipher_state(s,
598 SSL3_CHANGE_CIPHER_SERVER_WRITE)) { 602 SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
599 ret = -1; 603 ret = -1;
600 goto end; 604 goto end;
@@ -607,8 +611,8 @@ dtls1_accept(SSL *s)
607 case SSL3_ST_SW_FINISHED_B: 611 case SSL3_ST_SW_FINISHED_B:
608 ret = ssl3_send_finished(s, 612 ret = ssl3_send_finished(s,
609 SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B, 613 SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
610 s->method->ssl3_enc->server_finished_label, 614 s->method->internal->ssl3_enc->server_finished_label,
611 s->method->ssl3_enc->server_finished_label_len); 615 s->method->internal->ssl3_enc->server_finished_label_len);
612 if (ret <= 0) 616 if (ret <= 0)
613 goto end; 617 goto end;
614 s->internal->state = SSL3_ST_SW_FLUSH; 618 s->internal->state = SSL3_ST_SW_FLUSH;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 23:09:37 +0000