Move most of the SSL3_STATE fields to internal - the ones that remain are

known to be used by ports. ok beck@
author: jsing <> 2017-01-22 09:02:07 +0000
committer: jsing <> 2017-01-22 09:02:07 +0000
commit: bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1 (patch)
tree: 74edac7239262d369a6f63b69bea3291a4184000 /src/lib/libssl/ssl_lib.c
parent: d549b46158cee11991715ad9f53e1adaa39d2280 (diff)
download: openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.gz
openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.bz2
openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.zip
1 files changed, 16 insertions, 16 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 50c764ae86..96aea4c5dd 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.128 2017/01/22 07:16:39 beck Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.129 2017/01/22 09:02:07 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -702,10 +702,10 @@ SSL_get_finished(const SSL *s, void *buf, size_t count)
        size_t  ret = 0;
        if (s->s3 != NULL) {
-                ret = s->s3->tmp.finish_md_len;
+                ret = S3I(s)->tmp.finish_md_len;
                if (count > ret)
                        count = ret;
-                memcpy(buf, s->s3->tmp.finish_md, count);
+                memcpy(buf, S3I(s)->tmp.finish_md, count);
        }
        return (ret);
 }
@@ -717,10 +717,10 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
        size_t  ret = 0;
        if (s->s3 != NULL) {
-                ret = s->s3->tmp.peer_finish_md_len;
+                ret = S3I(s)->tmp.peer_finish_md_len;
                if (count > ret)
                        count = ret;
-                memcpy(buf, s->s3->tmp.peer_finish_md, count);
+                memcpy(buf, S3I(s)->tmp.peer_finish_md, count);
        }
        return (ret);
 }
@@ -1089,7 +1089,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
                return (1);
        case SSL_CTRL_GET_RI_SUPPORT:
                if (s->s3)
-                        return (s->s3->send_connection_binding);
+                        return (S3I(s)->send_connection_binding);
                else return (0);
        default:
                return (s->method->ssl_ctrl(s, cmd, larg, parg));
@@ -1425,7 +1425,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
        uint16_t                 cipher_value, max_version;
        if (s->s3)
-                s->s3->send_connection_binding = 0;
+                S3I(s)->send_connection_binding = 0;
        /*
         * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
@@ -1464,7 +1464,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
                                goto err;
                        }
-                        s->s3->send_connection_binding = 1;
+                        S3I(s)->send_connection_binding = 1;
                        continue;
                }
@@ -1725,8 +1725,8 @@ SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
        *len = 0;
        if (ssl->s3 != NULL) {
-                *data = ssl->s3->alpn_selected;
+                *data = ssl->s3->internal->alpn_selected;
-                *len = ssl->s3->alpn_selected_len;
+                *len = ssl->s3->internal->alpn_selected_len;
        }
 }
@@ -2119,7 +2119,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 int
 ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 {
-        const SSL_CIPHER        *cs = s->s3->tmp.new_cipher;
+        const SSL_CIPHER        *cs = S3I(s)->tmp.new_cipher;
        unsigned long            alg_a;
        alg_a = cs->algorithm_auth;
@@ -2148,9 +2148,9 @@ ssl_get_server_send_pkey(const SSL *s)
        int              i;
        c = s->cert;
-        ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
+        ssl_set_cert_masks(c, S3I(s)->tmp.new_cipher);
-        alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
        if (alg_a & SSL_aECDSA) {
                i = SSL_PKEY_ECC;
@@ -2221,9 +2221,9 @@ ssl_get_auto_dh(SSL *s)
        if (s->cert->dh_tmp_auto == 2) {
                keylen = 1024;
-        } else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
+        } else if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
                keylen = 1024;
-                if (s->s3->tmp.new_cipher->strength_bits == 256)
+                if (S3I(s)->tmp.new_cipher->strength_bits == 256)
                        keylen = 3072;
        } else {
                if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
@@ -2396,7 +2396,7 @@ SSL_get_error(const SSL *s, int i)
        if (i == 0) {
                if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-                    (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+                    (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY))
                return (SSL_ERROR_ZERO_RETURN);
        }
        return (SSL_ERROR_SYSCALL);
author	jsing <>	2017-01-22 09:02:07 +0000
committer	jsing <>	2017-01-22 09:02:07 +0000
commit	bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1 (patch)
tree	74edac7239262d369a6f63b69bea3291a4184000 /src/lib/libssl/ssl_lib.c
parent	d549b46158cee11991715ad9f53e1adaa39d2280 (diff)
download	openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.gz openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.tar.bz2 openbsd-bd2d858e0149e88f8fe4f0124d9b1e4d22553fd1.zip

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 50c764ae86..96aea4c5dd 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.128 2017/01/22 07:16:39 beck Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.129 2017/01/22 09:02:07 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -702,10 +702,10 @@ SSL_get_finished(const SSL s, void buf, size_t count)
702	size_t ret = 0;	702	size_t ret = 0;
703		703
704	if (s->s3 != NULL) {	704	if (s->s3 != NULL) {
705	ret = s->s3->tmp.finish_md_len;	705	ret = S3I(s)->tmp.finish_md_len;
706	if (count > ret)	706	if (count > ret)
707	count = ret;	707	count = ret;
708	memcpy(buf, s->s3->tmp.finish_md, count);	708	memcpy(buf, S3I(s)->tmp.finish_md, count);
709	}	709	}
710	return (ret);	710	return (ret);
711	}	711	}
@@ -717,10 +717,10 @@ SSL_get_peer_finished(const SSL s, void buf, size_t count)
717	size_t ret = 0;	717	size_t ret = 0;
718		718
719	if (s->s3 != NULL) {	719	if (s->s3 != NULL) {
720	ret = s->s3->tmp.peer_finish_md_len;	720	ret = S3I(s)->tmp.peer_finish_md_len;
721	if (count > ret)	721	if (count > ret)
722	count = ret;	722	count = ret;
723	memcpy(buf, s->s3->tmp.peer_finish_md, count);	723	memcpy(buf, S3I(s)->tmp.peer_finish_md, count);
724	}	724	}
725	return (ret);	725	return (ret);
726	}	726	}
@@ -1089,7 +1089,7 @@ SSL_ctrl(SSL s, int cmd, long larg, void parg)
1089	return (1);	1089	return (1);
1090	case SSL_CTRL_GET_RI_SUPPORT:	1090	case SSL_CTRL_GET_RI_SUPPORT:
1091	if (s->s3)	1091	if (s->s3)
1092	return (s->s3->send_connection_binding);	1092	return (S3I(s)->send_connection_binding);
1093	else return (0);	1093	else return (0);
1094	default:	1094	default:
1095	return (s->method->ssl_ctrl(s, cmd, larg, parg));	1095	return (s->method->ssl_ctrl(s, cmd, larg, parg));
@@ -1425,7 +1425,7 @@ ssl_bytes_to_cipher_list(SSL s, const unsigned char p, int num)
1425	uint16_t cipher_value, max_version;	1425	uint16_t cipher_value, max_version;
1426		1426
1427	if (s->s3)	1427	if (s->s3)
1428	s->s3->send_connection_binding = 0;	1428	S3I(s)->send_connection_binding = 0;
1429		1429
1430	/*	1430	/*
1431	* RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].	1431	* RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
@@ -1464,7 +1464,7 @@ ssl_bytes_to_cipher_list(SSL s, const unsigned char p, int num)
1464		1464
1465	goto err;	1465	goto err;
1466	}	1466	}
1467	s->s3->send_connection_binding = 1;	1467	S3I(s)->send_connection_binding = 1;
1468	continue;	1468	continue;
1469	}	1469	}
1470		1470
@@ -1725,8 +1725,8 @@ SSL_get0_alpn_selected(const SSL ssl, const unsigned char *data,
1725	*len = 0;	1725	*len = 0;
1726		1726
1727	if (ssl->s3 != NULL) {	1727	if (ssl->s3 != NULL) {
1728	*data = ssl->s3->alpn_selected;	1728	*data = ssl->s3->internal->alpn_selected;
1729	*len = ssl->s3->alpn_selected_len;	1729	*len = ssl->s3->internal->alpn_selected_len;
1730	}	1730	}
1731	}	1731	}
1732		1732
@@ -2119,7 +2119,7 @@ ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher)
2119	int	2119	int
2120	ssl_check_srvr_ecc_cert_and_alg(X509 x, SSL s)	2120	ssl_check_srvr_ecc_cert_and_alg(X509 x, SSL s)
2121	{	2121	{
2122	const SSL_CIPHER *cs = s->s3->tmp.new_cipher;	2122	const SSL_CIPHER *cs = S3I(s)->tmp.new_cipher;
2123	unsigned long alg_a;	2123	unsigned long alg_a;
2124		2124
2125	alg_a = cs->algorithm_auth;	2125	alg_a = cs->algorithm_auth;
@@ -2148,9 +2148,9 @@ ssl_get_server_send_pkey(const SSL *s)
2148	int i;	2148	int i;
2149		2149
2150	c = s->cert;	2150	c = s->cert;
2151	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);	2151	ssl_set_cert_masks(c, S3I(s)->tmp.new_cipher);
2152		2152
2153	alg_a = s->s3->tmp.new_cipher->algorithm_auth;	2153	alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
2154		2154
2155	if (alg_a & SSL_aECDSA) {	2155	if (alg_a & SSL_aECDSA) {
2156	i = SSL_PKEY_ECC;	2156	i = SSL_PKEY_ECC;
@@ -2221,9 +2221,9 @@ ssl_get_auto_dh(SSL *s)
2221		2221
2222	if (s->cert->dh_tmp_auto == 2) {	2222	if (s->cert->dh_tmp_auto == 2) {
2223	keylen = 1024;	2223	keylen = 1024;
2224	} else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {	2224	} else if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
2225	keylen = 1024;	2225	keylen = 1024;
2226	if (s->s3->tmp.new_cipher->strength_bits == 256)	2226	if (S3I(s)->tmp.new_cipher->strength_bits == 256)
2227	keylen = 3072;	2227	keylen = 3072;
2228	} else {	2228	} else {
2229	if ((cpk = ssl_get_server_send_pkey(s)) == NULL)	2229	if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
@@ -2396,7 +2396,7 @@ SSL_get_error(const SSL *s, int i)
2396		2396
2397	if (i == 0) {	2397	if (i == 0) {
2398	if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&	2398	if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2399	(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))	2399	(S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY))
2400	return (SSL_ERROR_ZERO_RETURN);	2400	return (SSL_ERROR_ZERO_RETURN);
2401	}	2401	}
2402	return (SSL_ERROR_SYSCALL);	2402	return (SSL_ERROR_SYSCALL);