Split most of SSL_METHOD out into an internal variant, which is opaque.

Discussed with beck@
author: jsing <> 2017-01-23 13:36:13 +0000
committer: jsing <> 2017-01-23 13:36:13 +0000
commit: 0eff443f2ac1ae9043870f2d40d9dc0d57f236d6 (patch)
tree: 84ee9c4c985fe1078df40f818b7697846dba1c18 /src/lib/libssl/s3_srvr.c
parent: 76088a8d37b68292f56046a6a4dea9544ad5ab89 (diff)
download: openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.gz
openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.bz2
openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.zip
1 files changed, 16 insertions, 16 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index fa958d96f8..59320ea0f6 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.148 2017/01/23 08:48:44 beck Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.149 2017/01/23 13:36:13 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -519,7 +519,7 @@ ssl3_accept(SSL *s)
                                        if (S3I(s)->handshake_dgst[dgst_num]) {
                                        int dgst_size;
-                                        s->method->ssl3_enc->cert_verify_mac(s,
+                                        s->method->internal->ssl3_enc->cert_verify_mac(s,
                                            EVP_MD_CTX_type(
                                            S3I(s)->handshake_dgst[dgst_num]),
                                            &(S3I(s)->tmp.cert_verify_md[offset]));
@@ -598,7 +598,7 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_CHANGE_B:
                        s->session->cipher = S3I(s)->tmp.new_cipher;
-                        if (!s->method->ssl3_enc->setup_key_block(s)) {
+                        if (!s->method->internal->ssl3_enc->setup_key_block(s)) {
                                ret = -1;
                                goto end;
                        }
@@ -611,7 +611,7 @@ ssl3_accept(SSL *s)
                        s->internal->state = SSL3_ST_SW_FINISHED_A;
                        s->internal->init_num = 0;
-                        if (!s->method->ssl3_enc->change_cipher_state(
+                        if (!s->method->internal->ssl3_enc->change_cipher_state(
                            s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
                                ret = -1;
                                goto end;
@@ -623,8 +623,8 @@ ssl3_accept(SSL *s)
                case SSL3_ST_SW_FINISHED_B:
                        ret = ssl3_send_finished(s,
                        SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
-                        s->method->ssl3_enc->server_finished_label,
+                        s->method->internal->ssl3_enc->server_finished_label,
-                        s->method->ssl3_enc->server_finished_label_len);
+                        s->method->internal->ssl3_enc->server_finished_label_len);
                        if (ret <= 0)
                                goto end;
                        s->internal->state = SSL3_ST_SW_FLUSH;
@@ -742,7 +742,7 @@ ssl3_get_client_hello(SSL *s)
                s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;
        }
        s->internal->first_packet = 1;
-        n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
            SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
            SSL3_RT_MAX_PLAIN_LENGTH, &ok);
@@ -1803,7 +1803,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
        }
        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
+            s->method->internal->ssl3_enc->generate_master_secret(s,
                s->session->master_key, p, i);
        explicit_bzero(p, i);
@@ -1859,7 +1859,7 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
        }
        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(
+            s->method->internal->ssl3_enc->generate_master_secret(
                s, s->session->master_key, p, key_size);
        explicit_bzero(p, key_size);
@@ -2013,7 +2013,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
        /* Compute the master secret */
        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(
+            s->method->internal->ssl3_enc->generate_master_secret(
                s, s->session->master_key, p, i);
        explicit_bzero(p, i);
@@ -2055,7 +2055,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, unsigned char *p, long n)
        S3I(s)->tmp.x25519 = NULL;
        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(
+            s->method->internal->ssl3_enc->generate_master_secret(
                s, s->session->master_key, shared_key, X25519_KEY_LENGTH);
        ret = 1;
@@ -2131,7 +2131,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
        }
        /* Generate master secret */
        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(
+            s->method->internal->ssl3_enc->generate_master_secret(
                s, s->session->master_key, premaster_secret, 32);
        /* Check if pubkey from client certificate was used */
        if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,
@@ -2164,7 +2164,7 @@ ssl3_get_client_key_exchange(SSL *s)
        long n;
        /* 2048 maxlen is a guess.  How long a key does that permit? */
-        n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
            SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
        if (!ok)
                return ((int)n);
@@ -2213,7 +2213,7 @@ ssl3_get_cert_verify(SSL *s)
        EVP_MD_CTX mctx;
        EVP_MD_CTX_init(&mctx);
-        n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
            SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
        if (!ok)
                return ((int)n);
@@ -2476,7 +2476,7 @@ ssl3_get_client_certificate(SSL *s)
        const unsigned char *q;
        STACK_OF(X509) *sk = NULL;
-        n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
            -1, s->internal->max_cert_list, &ok);
        if (!ok)
@@ -2867,7 +2867,7 @@ ssl3_get_next_proto(SSL *s)
        }
        /* 514 maxlen is enough for the payload format below */
-        n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
+        n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
            SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
        if (!ok)
                return ((int)n);
author	jsing <>	2017-01-23 13:36:13 +0000
committer	jsing <>	2017-01-23 13:36:13 +0000
commit	0eff443f2ac1ae9043870f2d40d9dc0d57f236d6 (patch)
tree	84ee9c4c985fe1078df40f818b7697846dba1c18 /src/lib/libssl/s3_srvr.c
parent	76088a8d37b68292f56046a6a4dea9544ad5ab89 (diff)
download	openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.gz openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.tar.bz2 openbsd-0eff443f2ac1ae9043870f2d40d9dc0d57f236d6.zip

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index fa958d96f8..59320ea0f6 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.148 2017/01/23 08:48:44 beck Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.149 2017/01/23 13:36:13 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -519,7 +519,7 @@ ssl3_accept(SSL *s)
519	if (S3I(s)->handshake_dgst[dgst_num]) {	519	if (S3I(s)->handshake_dgst[dgst_num]) {
520	int dgst_size;	520	int dgst_size;
521		521
522	s->method->ssl3_enc->cert_verify_mac(s,	522	s->method->internal->ssl3_enc->cert_verify_mac(s,
523	EVP_MD_CTX_type(	523	EVP_MD_CTX_type(
524	S3I(s)->handshake_dgst[dgst_num]),	524	S3I(s)->handshake_dgst[dgst_num]),
525	&(S3I(s)->tmp.cert_verify_md[offset]));	525	&(S3I(s)->tmp.cert_verify_md[offset]));
@@ -598,7 +598,7 @@ ssl3_accept(SSL *s)
598	case SSL3_ST_SW_CHANGE_B:	598	case SSL3_ST_SW_CHANGE_B:
599		599
600	s->session->cipher = S3I(s)->tmp.new_cipher;	600	s->session->cipher = S3I(s)->tmp.new_cipher;
601	if (!s->method->ssl3_enc->setup_key_block(s)) {	601	if (!s->method->internal->ssl3_enc->setup_key_block(s)) {
602	ret = -1;	602	ret = -1;
603	goto end;	603	goto end;
604	}	604	}
@@ -611,7 +611,7 @@ ssl3_accept(SSL *s)
611	s->internal->state = SSL3_ST_SW_FINISHED_A;	611	s->internal->state = SSL3_ST_SW_FINISHED_A;
612	s->internal->init_num = 0;	612	s->internal->init_num = 0;
613		613
614	if (!s->method->ssl3_enc->change_cipher_state(	614	if (!s->method->internal->ssl3_enc->change_cipher_state(
615	s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {	615	s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
616	ret = -1;	616	ret = -1;
617	goto end;	617	goto end;
@@ -623,8 +623,8 @@ ssl3_accept(SSL *s)
623	case SSL3_ST_SW_FINISHED_B:	623	case SSL3_ST_SW_FINISHED_B:
624	ret = ssl3_send_finished(s,	624	ret = ssl3_send_finished(s,
625	SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,	625	SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
626	s->method->ssl3_enc->server_finished_label,	626	s->method->internal->ssl3_enc->server_finished_label,
627	s->method->ssl3_enc->server_finished_label_len);	627	s->method->internal->ssl3_enc->server_finished_label_len);
628	if (ret <= 0)	628	if (ret <= 0)
629	goto end;	629	goto end;
630	s->internal->state = SSL3_ST_SW_FLUSH;	630	s->internal->state = SSL3_ST_SW_FLUSH;
@@ -742,7 +742,7 @@ ssl3_get_client_hello(SSL *s)
742	s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;	742	s->internal->state = SSL3_ST_SR_CLNT_HELLO_B;
743	}	743	}
744	s->internal->first_packet = 1;	744	s->internal->first_packet = 1;
745	n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,	745	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
746	SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,	746	SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
747	SSL3_RT_MAX_PLAIN_LENGTH, &ok);	747	SSL3_RT_MAX_PLAIN_LENGTH, &ok);
748		748
@@ -1803,7 +1803,7 @@ ssl3_get_client_kex_rsa(SSL s, unsigned char p, long n)
1803	}	1803	}
1804		1804
1805	s->session->master_key_length =	1805	s->session->master_key_length =
1806	s->method->ssl3_enc->generate_master_secret(s,	1806	s->method->internal->ssl3_enc->generate_master_secret(s,
1807	s->session->master_key, p, i);	1807	s->session->master_key, p, i);
1808		1808
1809	explicit_bzero(p, i);	1809	explicit_bzero(p, i);
@@ -1859,7 +1859,7 @@ ssl3_get_client_kex_dhe(SSL s, unsigned char p, long n)
1859	}	1859	}
1860		1860
1861	s->session->master_key_length =	1861	s->session->master_key_length =
1862	s->method->ssl3_enc->generate_master_secret(	1862	s->method->internal->ssl3_enc->generate_master_secret(
1863	s, s->session->master_key, p, key_size);	1863	s, s->session->master_key, p, key_size);
1864		1864
1865	explicit_bzero(p, key_size);	1865	explicit_bzero(p, key_size);
@@ -2013,7 +2013,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL s, unsigned char p, long n)
2013		2013
2014	/* Compute the master secret */	2014	/* Compute the master secret */
2015	s->session->master_key_length =	2015	s->session->master_key_length =
2016	s->method->ssl3_enc->generate_master_secret(	2016	s->method->internal->ssl3_enc->generate_master_secret(
2017	s, s->session->master_key, p, i);	2017	s, s->session->master_key, p, i);
2018		2018
2019	explicit_bzero(p, i);	2019	explicit_bzero(p, i);
@@ -2055,7 +2055,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL s, unsigned char p, long n)
2055	S3I(s)->tmp.x25519 = NULL;	2055	S3I(s)->tmp.x25519 = NULL;
2056		2056
2057	s->session->master_key_length =	2057	s->session->master_key_length =
2058	s->method->ssl3_enc->generate_master_secret(	2058	s->method->internal->ssl3_enc->generate_master_secret(
2059	s, s->session->master_key, shared_key, X25519_KEY_LENGTH);	2059	s, s->session->master_key, shared_key, X25519_KEY_LENGTH);
2060		2060
2061	ret = 1;	2061	ret = 1;
@@ -2131,7 +2131,7 @@ ssl3_get_client_kex_gost(SSL s, unsigned char p, long n)
2131	}	2131	}
2132	/* Generate master secret */	2132	/* Generate master secret */
2133	s->session->master_key_length =	2133	s->session->master_key_length =
2134	s->method->ssl3_enc->generate_master_secret(	2134	s->method->internal->ssl3_enc->generate_master_secret(
2135	s, s->session->master_key, premaster_secret, 32);	2135	s, s->session->master_key, premaster_secret, 32);
2136	/* Check if pubkey from client certificate was used */	2136	/* Check if pubkey from client certificate was used */
2137	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,	2137	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,
@@ -2164,7 +2164,7 @@ ssl3_get_client_key_exchange(SSL *s)
2164	long n;	2164	long n;
2165		2165
2166	/* 2048 maxlen is a guess. How long a key does that permit? */	2166	/* 2048 maxlen is a guess. How long a key does that permit? */
2167	n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,	2167	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
2168	SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);	2168	SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
2169	if (!ok)	2169	if (!ok)
2170	return ((int)n);	2170	return ((int)n);
@@ -2213,7 +2213,7 @@ ssl3_get_cert_verify(SSL *s)
2213	EVP_MD_CTX mctx;	2213	EVP_MD_CTX mctx;
2214	EVP_MD_CTX_init(&mctx);	2214	EVP_MD_CTX_init(&mctx);
2215		2215
2216	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,	2216	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
2217	SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);	2217	SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
2218	if (!ok)	2218	if (!ok)
2219	return ((int)n);	2219	return ((int)n);
@@ -2476,7 +2476,7 @@ ssl3_get_client_certificate(SSL *s)
2476	const unsigned char *q;	2476	const unsigned char *q;
2477	STACK_OF(X509) *sk = NULL;	2477	STACK_OF(X509) *sk = NULL;
2478		2478
2479	n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,	2479	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
2480	-1, s->internal->max_cert_list, &ok);	2480	-1, s->internal->max_cert_list, &ok);
2481		2481
2482	if (!ok)	2482	if (!ok)
@@ -2867,7 +2867,7 @@ ssl3_get_next_proto(SSL *s)
2867	}	2867	}
2868		2868
2869	/* 514 maxlen is enough for the payload format below */	2869	/* 514 maxlen is enough for the payload format below */
2870	n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,	2870	n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
2871	SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);	2871	SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
2872	if (!ok)	2872	if (!ok)
2873	return ((int)n);	2873	return ((int)n);