Split most of SSL_METHOD out into an internal variant, which is opaque.

Discussed with beck@
author: jsing <> 2017-01-23 13:36:13 +0000
committer: jsing <> 2017-01-23 13:36:13 +0000
commit: 0eff443f2ac1ae9043870f2d40d9dc0d57f236d6 (patch)
tree: 84ee9c4c985fe1078df40f818b7697846dba1c18 /src/lib/libssl/s3_clnt.c
parent: 76088a8d37b68292f56046a6a4dea9544ad5ab89 (diff)
download: openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.gz
openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.bz2
openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.zip
1 files changed, 20 insertions, 20 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index a6feb68e91..055f8d1f3a 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.169 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.170 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -419,12 +419,12 @@ ssl3_connect(SSL *s)
                        s->internal->init_num = 0;
                        s->session->cipher = S3I(s)->tmp.new_cipher;
-                        if (!s->method->ssl3_enc->setup_key_block(s)) {
+                        if (!s->method->internal->ssl3_enc->setup_key_block(s)) {
                                ret = -1;
                                goto end;
                        }
-                        if (!s->method->ssl3_enc->change_cipher_state(s,
+                        if (!s->method->internal->ssl3_enc->change_cipher_state(s,
                            SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
                                ret = -1;
                                goto end;
@@ -444,8 +444,8 @@ ssl3_connect(SSL *s)
                case SSL3_ST_CW_FINISHED_B:
                        ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
                            SSL3_ST_CW_FINISHED_B,
-                            s->method->ssl3_enc->client_finished_label,
+                            s->method->internal->ssl3_enc->client_finished_label,
-                            s->method->ssl3_enc->client_finished_label_len);
+                            s->method->internal->ssl3_enc->client_finished_label_len);
                        if (ret <= 0)
                                goto end;
                        s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -730,7 +730,7 @@ ssl3_get_server_hello(SSL *s)
        int i, al, ok;
        long n;
-        n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
            SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
        if (!ok)
@@ -950,7 +950,7 @@ ssl3_get_server_certificate(SSL *s)
        SESS_CERT               *sc;
        EVP_PKEY                *pkey = NULL;
-        n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A,
            SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
        if (!ok)
@@ -1373,7 +1373,7 @@ ssl3_get_server_key_exchange(SSL *s)
         * Use same message size as in ssl3_get_certificate_request()
         * as ServerKeyExchange message may be skipped.
         */
-        n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
            SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok);
        if (!ok)
                return ((int)n);
@@ -1579,7 +1579,7 @@ ssl3_get_certificate_request(SSL *s)
        const unsigned char     *q;
        STACK_OF(X509_NAME)     *ca_sk = NULL;
-        n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
            SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok);
        if (!ok)
@@ -1756,7 +1756,7 @@ ssl3_get_new_session_ticket(SSL *s)
        long                     n;
        CBS                      cbs, session_ticket;
-        n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
            SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
        if (!ok)
                return ((int)n);
@@ -1836,7 +1836,7 @@ ssl3_get_cert_status(SSL *s)
        long                     n;
        uint8_t                  status_type;
-        n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
            SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
            16384, &ok);
@@ -1915,7 +1915,7 @@ ssl3_get_server_done(SSL *s)
        int     ok, ret = 0;
        long    n;
-        n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
            SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
            30, /* should be very small, like 0 :-) */ &ok);
@@ -1979,7 +1979,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
                goto err;
        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
+            s->method->internal->ssl3_enc->generate_master_secret(s,
                s->session->master_key, pms, sizeof(pms));
        ret = 1;
@@ -2034,7 +2034,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
        /* Generate master key from the result. */
        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
+            s->method->internal->ssl3_enc->generate_master_secret(s,
                s->session->master_key, key, key_len);
        if (!CBB_add_u16_length_prefixed(cbb, &dh_Yc))
@@ -2109,7 +2109,7 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
        /* Generate master key from the result. */
        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
+            s->method->internal->ssl3_enc->generate_master_secret(s,
                s->session->master_key, key, key_len);
        encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
@@ -2178,7 +2178,7 @@ ssl3_send_client_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, CBB *cbb)
        /* Generate master key from the result. */
        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
+            s->method->internal->ssl3_enc->generate_master_secret(s,
                s->session->master_key, shared_key, X25519_KEY_LENGTH);
        ret = 1;
@@ -2318,7 +2318,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
        }
        EVP_PKEY_CTX_free(pkey_ctx);
        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
+            s->method->internal->ssl3_enc->generate_master_secret(s,
                s->session->master_key, premaster_secret, 32);
        ret = 1;
@@ -2415,7 +2415,7 @@ ssl3_send_client_verify(SSL *s)
                EVP_PKEY_sign_init(pctx);
                if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
                        if (!SSL_USE_SIGALGS(s))
-                                s->method->ssl3_enc->cert_verify_mac(s,
+                                s->method->internal->ssl3_enc->cert_verify_mac(s,
                                    NID_sha1, &(data[MD5_DIGEST_LENGTH]));
                } else {
                        ERR_clear_error();
@@ -2449,7 +2449,7 @@ ssl3_send_client_verify(SSL *s)
                        if (!tls1_digest_cached_records(s))
                                goto err;
                } else if (pkey->type == EVP_PKEY_RSA) {
-                        s->method->ssl3_enc->cert_verify_mac(
+                        s->method->internal->ssl3_enc->cert_verify_mac(
                            s, NID_md5, &(data[0]));
                        if (RSA_sign(NID_md5_sha1, data,
                            MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
@@ -2737,7 +2737,7 @@ ssl3_check_finished(SSL *s)
                return (1);
        /* this function is called when we really expect a Certificate
         * message, so permit appropriate message length */
-        n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A,
            SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
        if (!ok)
                return ((int)n);
author	jsing <>	2017-01-23 13:36:13 +0000
committer	jsing <>	2017-01-23 13:36:13 +0000
commit	0eff443f2ac1ae9043870f2d40d9dc0d57f236d6 (patch)
tree	84ee9c4c985fe1078df40f818b7697846dba1c18 /src/lib/libssl/s3_clnt.c
parent	76088a8d37b68292f56046a6a4dea9544ad5ab89 (diff)
download	openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.gz openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.bz2 openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index a6feb68e91..055f8d1f3a 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.169 2017/01/23 08:48:44 beck Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.170 2017/01/23 13:36:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -419,12 +419,12 @@ ssl3_connect(SSL *s)
419	s->internal->init_num = 0;	419	s->internal->init_num = 0;
420		420
421	s->session->cipher = S3I(s)->tmp.new_cipher;	421	s->session->cipher = S3I(s)->tmp.new_cipher;
422	if (!s->method->ssl3_enc->setup_key_block(s)) {	422	if (!s->method->internal->ssl3_enc->setup_key_block(s)) {
423	ret = -1;	423	ret = -1;
424	goto end;	424	goto end;
425	}	425	}
426		426
427	if (!s->method->ssl3_enc->change_cipher_state(s,	427	if (!s->method->internal->ssl3_enc->change_cipher_state(s,
428	SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {	428	SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
429	ret = -1;	429	ret = -1;
430	goto end;	430	goto end;
@@ -444,8 +444,8 @@ ssl3_connect(SSL *s)
444	case SSL3_ST_CW_FINISHED_B:	444	case SSL3_ST_CW_FINISHED_B:
445	ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,	445	ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
446	SSL3_ST_CW_FINISHED_B,	446	SSL3_ST_CW_FINISHED_B,
447	s->method->ssl3_enc->client_finished_label,	447	s->method->internal->ssl3_enc->client_finished_label,
448	s->method->ssl3_enc->client_finished_label_len);	448	s->method->internal->ssl3_enc->client_finished_label_len);
449	if (ret <= 0)	449	if (ret <= 0)
450	goto end;	450	goto end;
451	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	451	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
@@ -730,7 +730,7 @@ ssl3_get_server_hello(SSL *s)
730	int i, al, ok;	730	int i, al, ok;
731	long n;	731	long n;
732		732
733	n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,	733	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
734	SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);	734	SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
735		735
736	if (!ok)	736	if (!ok)
@@ -950,7 +950,7 @@ ssl3_get_server_certificate(SSL *s)
950	SESS_CERT *sc;	950	SESS_CERT *sc;
951	EVP_PKEY *pkey = NULL;	951	EVP_PKEY *pkey = NULL;
952		952
953	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,	953	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A,
954	SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);	954	SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
955		955
956	if (!ok)	956	if (!ok)
@@ -1373,7 +1373,7 @@ ssl3_get_server_key_exchange(SSL *s)
1373	* Use same message size as in ssl3_get_certificate_request()	1373	* Use same message size as in ssl3_get_certificate_request()
1374	* as ServerKeyExchange message may be skipped.	1374	* as ServerKeyExchange message may be skipped.
1375	*/	1375	*/
1376	n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,	1376	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
1377	SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok);	1377	SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok);
1378	if (!ok)	1378	if (!ok)
1379	return ((int)n);	1379	return ((int)n);
@@ -1579,7 +1579,7 @@ ssl3_get_certificate_request(SSL *s)
1579	const unsigned char *q;	1579	const unsigned char *q;
1580	STACK_OF(X509_NAME) *ca_sk = NULL;	1580	STACK_OF(X509_NAME) *ca_sk = NULL;
1581		1581
1582	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,	1582	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
1583	SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok);	1583	SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok);
1584		1584
1585	if (!ok)	1585	if (!ok)
@@ -1756,7 +1756,7 @@ ssl3_get_new_session_ticket(SSL *s)
1756	long n;	1756	long n;
1757	CBS cbs, session_ticket;	1757	CBS cbs, session_ticket;
1758		1758
1759	n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,	1759	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
1760	SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);	1760	SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
1761	if (!ok)	1761	if (!ok)
1762	return ((int)n);	1762	return ((int)n);
@@ -1836,7 +1836,7 @@ ssl3_get_cert_status(SSL *s)
1836	long n;	1836	long n;
1837	uint8_t status_type;	1837	uint8_t status_type;
1838		1838
1839	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,	1839	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
1840	SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,	1840	SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
1841	16384, &ok);	1841	16384, &ok);
1842		1842
@@ -1915,7 +1915,7 @@ ssl3_get_server_done(SSL *s)
1915	int ok, ret = 0;	1915	int ok, ret = 0;
1916	long n;	1916	long n;
1917		1917
1918	n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,	1918	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
1919	SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,	1919	SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
1920	30, /* should be very small, like 0 :-) */ &ok);	1920	30, /* should be very small, like 0 :-) */ &ok);
1921		1921
@@ -1979,7 +1979,7 @@ ssl3_send_client_kex_rsa(SSL s, SESS_CERT sess_cert, CBB *cbb)
1979	goto err;	1979	goto err;
1980		1980
1981	s->session->master_key_length =	1981	s->session->master_key_length =
1982	s->method->ssl3_enc->generate_master_secret(s,	1982	s->method->internal->ssl3_enc->generate_master_secret(s,
1983	s->session->master_key, pms, sizeof(pms));	1983	s->session->master_key, pms, sizeof(pms));
1984		1984
1985	ret = 1;	1985	ret = 1;
@@ -2034,7 +2034,7 @@ ssl3_send_client_kex_dhe(SSL s, SESS_CERT sess_cert, CBB *cbb)
2034		2034
2035	/* Generate master key from the result. */	2035	/* Generate master key from the result. */
2036	s->session->master_key_length =	2036	s->session->master_key_length =
2037	s->method->ssl3_enc->generate_master_secret(s,	2037	s->method->internal->ssl3_enc->generate_master_secret(s,
2038	s->session->master_key, key, key_len);	2038	s->session->master_key, key, key_len);
2039		2039
2040	if (!CBB_add_u16_length_prefixed(cbb, &dh_Yc))	2040	if (!CBB_add_u16_length_prefixed(cbb, &dh_Yc))
@@ -2109,7 +2109,7 @@ ssl3_send_client_kex_ecdhe_ecp(SSL s, SESS_CERT sc, CBB *cbb)
2109		2109
2110	/* Generate master key from the result. */	2110	/* Generate master key from the result. */
2111	s->session->master_key_length =	2111	s->session->master_key_length =
2112	s->method->ssl3_enc->generate_master_secret(s,	2112	s->method->internal->ssl3_enc->generate_master_secret(s,
2113	s->session->master_key, key, key_len);	2113	s->session->master_key, key, key_len);
2114		2114
2115	encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),	2115	encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
@@ -2178,7 +2178,7 @@ ssl3_send_client_kex_ecdhe_ecx(SSL s, SESS_CERT sc, CBB *cbb)
2178		2178
2179	/* Generate master key from the result. */	2179	/* Generate master key from the result. */
2180	s->session->master_key_length =	2180	s->session->master_key_length =
2181	s->method->ssl3_enc->generate_master_secret(s,	2181	s->method->internal->ssl3_enc->generate_master_secret(s,
2182	s->session->master_key, shared_key, X25519_KEY_LENGTH);	2182	s->session->master_key, shared_key, X25519_KEY_LENGTH);
2183		2183
2184	ret = 1;	2184	ret = 1;
@@ -2318,7 +2318,7 @@ ssl3_send_client_kex_gost(SSL s, SESS_CERT sess_cert, CBB *cbb)
2318	}	2318	}
2319	EVP_PKEY_CTX_free(pkey_ctx);	2319	EVP_PKEY_CTX_free(pkey_ctx);
2320	s->session->master_key_length =	2320	s->session->master_key_length =
2321	s->method->ssl3_enc->generate_master_secret(s,	2321	s->method->internal->ssl3_enc->generate_master_secret(s,
2322	s->session->master_key, premaster_secret, 32);	2322	s->session->master_key, premaster_secret, 32);
2323		2323
2324	ret = 1;	2324	ret = 1;
@@ -2415,7 +2415,7 @@ ssl3_send_client_verify(SSL *s)
2415	EVP_PKEY_sign_init(pctx);	2415	EVP_PKEY_sign_init(pctx);
2416	if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {	2416	if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
2417	if (!SSL_USE_SIGALGS(s))	2417	if (!SSL_USE_SIGALGS(s))
2418	s->method->ssl3_enc->cert_verify_mac(s,	2418	s->method->internal->ssl3_enc->cert_verify_mac(s,
2419	NID_sha1, &(data[MD5_DIGEST_LENGTH]));	2419	NID_sha1, &(data[MD5_DIGEST_LENGTH]));
2420	} else {	2420	} else {
2421	ERR_clear_error();	2421	ERR_clear_error();
@@ -2449,7 +2449,7 @@ ssl3_send_client_verify(SSL *s)
2449	if (!tls1_digest_cached_records(s))	2449	if (!tls1_digest_cached_records(s))
2450	goto err;	2450	goto err;
2451	} else if (pkey->type == EVP_PKEY_RSA) {	2451	} else if (pkey->type == EVP_PKEY_RSA) {
2452	s->method->ssl3_enc->cert_verify_mac(	2452	s->method->internal->ssl3_enc->cert_verify_mac(
2453	s, NID_md5, &(data[0]));	2453	s, NID_md5, &(data[0]));
2454	if (RSA_sign(NID_md5_sha1, data,	2454	if (RSA_sign(NID_md5_sha1, data,
2455	MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),	2455	MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
@@ -2737,7 +2737,7 @@ ssl3_check_finished(SSL *s)
2737	return (1);	2737	return (1);
2738	/* this function is called when we really expect a Certificate	2738	/* this function is called when we really expect a Certificate
2739	* message, so permit appropriate message length */	2739	* message, so permit appropriate message length */
2740	n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,	2740	n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A,
2741	SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);	2741	SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
2742	if (!ok)	2742	if (!ok)
2743	return ((int)n);	2743	return ((int)n);