Split most of SSL_METHOD out into an internal variant, which is opaque.

Discussed with beck@
author: jsing <> 2017-01-23 13:36:13 +0000
committer: jsing <> 2017-01-23 13:36:13 +0000
commit: 0eff443f2ac1ae9043870f2d40d9dc0d57f236d6 (patch)
tree: 84ee9c4c985fe1078df40f818b7697846dba1c18 /src/lib/libssl/s3_pkt.c
parent: 76088a8d37b68292f56046a6a4dea9544ad5ab89 (diff)
download: openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.gz
openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.bz2
openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.zip
1 files changed, 13 insertions, 13 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 228c5f536c..40ab55b6ee 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.66 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.67 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -382,7 +382,7 @@ again:
        /* decrypt in place in 'rr->input' */
        rr->data = rr->input;
-        enc_err = s->method->ssl3_enc->enc(s, 0);
+        enc_err = s->method->internal->ssl3_enc->enc(s, 0);
        /* enc_err is:
         *    0: (in non-constant time) if the record is publically invalid.
         *    1: if the padding is valid
@@ -438,7 +438,7 @@ again:
                        mac = &rr->data[rr->length];
                }
-                i = s->method->ssl3_enc->mac(s,md,0 /* not send */);
+                i = s->method->internal->ssl3_enc->mac(s,md,0 /* not send */);
                if (i < 0 || mac == NULL ||
                    timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
                        enc_err = -1;
@@ -710,7 +710,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
         * wr->data still points in the wb->buf */
        if (mac_size != 0) {
-                if (s->method->ssl3_enc->mac(s,
+                if (s->method->internal->ssl3_enc->mac(s,
                    &(p[wr->length + eivlen]), 1) < 0)
                        goto err;
                wr->length += mac_size;
@@ -727,7 +727,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        }
        /* ssl3_enc can only have an error on read */
-        s->method->ssl3_enc->enc(s, 1);
+        s->method->internal->ssl3_enc->enc(s, 1);
        /* record length after mac and block padding */
        s2n(wr->length, plen);
@@ -1323,25 +1323,25 @@ ssl3_do_change_cipher_spec(SSL *s)
                }
                s->session->cipher = S3I(s)->tmp.new_cipher;
-                if (!s->method->ssl3_enc->setup_key_block(s))
+                if (!s->method->internal->ssl3_enc->setup_key_block(s))
                        return (0);
        }
-        if (!s->method->ssl3_enc->change_cipher_state(s, i))
+        if (!s->method->internal->ssl3_enc->change_cipher_state(s, i))
                return (0);
        /* we have to record the message digest at
         * this point so we can get it before we read
         * the finished message */
        if (s->internal->state & SSL_ST_CONNECT) {
-                sender = s->method->ssl3_enc->server_finished_label;
+                sender = s->method->internal->ssl3_enc->server_finished_label;
-                slen = s->method->ssl3_enc->server_finished_label_len;
+                slen = s->method->internal->ssl3_enc->server_finished_label_len;
        } else {
-                sender = s->method->ssl3_enc->client_finished_label;
+                sender = s->method->internal->ssl3_enc->client_finished_label;
-                slen = s->method->ssl3_enc->client_finished_label_len;
+                slen = s->method->internal->ssl3_enc->client_finished_label_len;
        }
-        i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+        i = s->method->internal->ssl3_enc->final_finish_mac(s, sender, slen,
            S3I(s)->tmp.peer_finish_md);
        if (i == 0) {
                SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
@@ -1356,7 +1356,7 @@ int
 ssl3_send_alert(SSL *s, int level, int desc)
 {
        /* Map tls/ssl alert value to correct one */
-        desc = s->method->ssl3_enc->alert_value(desc);
+        desc = s->method->internal->ssl3_enc->alert_value(desc);
        if (desc < 0)
                return -1;
        /* If a fatal one, remove from cache */
author	jsing <>	2017-01-23 13:36:13 +0000
committer	jsing <>	2017-01-23 13:36:13 +0000
commit	0eff443f2ac1ae9043870f2d40d9dc0d57f236d6 (patch)
tree	84ee9c4c985fe1078df40f818b7697846dba1c18 /src/lib/libssl/s3_pkt.c
parent	76088a8d37b68292f56046a6a4dea9544ad5ab89 (diff)
download	openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.gz openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.bz2 openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.zip

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 228c5f536c..40ab55b6ee 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_pkt.c,v 1.66 2017/01/23 08:48:44 beck Exp $ */	1	/* $OpenBSD: s3_pkt.c,v 1.67 2017/01/23 13:36:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -382,7 +382,7 @@ again:
382	/* decrypt in place in 'rr->input' */	382	/* decrypt in place in 'rr->input' */
383	rr->data = rr->input;	383	rr->data = rr->input;
384		384
385	enc_err = s->method->ssl3_enc->enc(s, 0);	385	enc_err = s->method->internal->ssl3_enc->enc(s, 0);
386	/* enc_err is:	386	/* enc_err is:
387	* 0: (in non-constant time) if the record is publically invalid.	387	* 0: (in non-constant time) if the record is publically invalid.
388	* 1: if the padding is valid	388	* 1: if the padding is valid
@@ -438,7 +438,7 @@ again:
438	mac = &rr->data[rr->length];	438	mac = &rr->data[rr->length];
439	}	439	}
440		440
441	i = s->method->ssl3_enc->mac(s,md,0 /* not send */);	441	i = s->method->internal->ssl3_enc->mac(s,md,0 /* not send */);
442	if (i < 0 \|\| mac == NULL \|\|	442	if (i < 0 \|\| mac == NULL \|\|
443	timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)	443	timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
444	enc_err = -1;	444	enc_err = -1;
@@ -710,7 +710,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf,
710	* wr->data still points in the wb->buf */	710	* wr->data still points in the wb->buf */
711		711
712	if (mac_size != 0) {	712	if (mac_size != 0) {
713	if (s->method->ssl3_enc->mac(s,	713	if (s->method->internal->ssl3_enc->mac(s,
714	&(p[wr->length + eivlen]), 1) < 0)	714	&(p[wr->length + eivlen]), 1) < 0)
715	goto err;	715	goto err;
716	wr->length += mac_size;	716	wr->length += mac_size;
@@ -727,7 +727,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf,
727	}	727	}
728		728
729	/* ssl3_enc can only have an error on read */	729	/* ssl3_enc can only have an error on read */
730	s->method->ssl3_enc->enc(s, 1);	730	s->method->internal->ssl3_enc->enc(s, 1);
731		731
732	/* record length after mac and block padding */	732	/* record length after mac and block padding */
733	s2n(wr->length, plen);	733	s2n(wr->length, plen);
@@ -1323,25 +1323,25 @@ ssl3_do_change_cipher_spec(SSL *s)
1323	}	1323	}
1324		1324
1325	s->session->cipher = S3I(s)->tmp.new_cipher;	1325	s->session->cipher = S3I(s)->tmp.new_cipher;
1326	if (!s->method->ssl3_enc->setup_key_block(s))	1326	if (!s->method->internal->ssl3_enc->setup_key_block(s))
1327	return (0);	1327	return (0);
1328	}	1328	}
1329		1329
1330	if (!s->method->ssl3_enc->change_cipher_state(s, i))	1330	if (!s->method->internal->ssl3_enc->change_cipher_state(s, i))
1331	return (0);	1331	return (0);
1332		1332
1333	/* we have to record the message digest at	1333	/* we have to record the message digest at
1334	* this point so we can get it before we read	1334	* this point so we can get it before we read
1335	* the finished message */	1335	* the finished message */
1336	if (s->internal->state & SSL_ST_CONNECT) {	1336	if (s->internal->state & SSL_ST_CONNECT) {
1337	sender = s->method->ssl3_enc->server_finished_label;	1337	sender = s->method->internal->ssl3_enc->server_finished_label;
1338	slen = s->method->ssl3_enc->server_finished_label_len;	1338	slen = s->method->internal->ssl3_enc->server_finished_label_len;
1339	} else {	1339	} else {
1340	sender = s->method->ssl3_enc->client_finished_label;	1340	sender = s->method->internal->ssl3_enc->client_finished_label;
1341	slen = s->method->ssl3_enc->client_finished_label_len;	1341	slen = s->method->internal->ssl3_enc->client_finished_label_len;
1342	}	1342	}
1343		1343
1344	i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,	1344	i = s->method->internal->ssl3_enc->final_finish_mac(s, sender, slen,
1345	S3I(s)->tmp.peer_finish_md);	1345	S3I(s)->tmp.peer_finish_md);
1346	if (i == 0) {	1346	if (i == 0) {
1347	SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);	1347	SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
@@ -1356,7 +1356,7 @@ int
1356	ssl3_send_alert(SSL *s, int level, int desc)	1356	ssl3_send_alert(SSL *s, int level, int desc)
1357	{	1357	{
1358	/* Map tls/ssl alert value to correct one */	1358	/* Map tls/ssl alert value to correct one */
1359	desc = s->method->ssl3_enc->alert_value(desc);	1359	desc = s->method->internal->ssl3_enc->alert_value(desc);
1360	if (desc < 0)	1360	if (desc < 0)
1361	return -1;	1361	return -1;
1362	/* If a fatal one, remove from cache */	1362	/* If a fatal one, remove from cache */