Split out the remaining SSL_CTX controls into individual functions.

author: jsing <> 2017-08-09 17:42:12 +0000
committer: jsing <> 2017-08-09 17:42:12 +0000
commit: 8e507136325b4aead55fd47a2aeb15be4e9da3b0 (patch)
tree: 591aa87af9b1f951a1ae6c1a2886b709d5e152ea /src/lib
parent: c761fbd9220174379f2df5d4ed4e6a9050f80910 (diff)
download: openbsd-8e507136325b4aead55fd47a2aeb15be4e9da3b0.tar.gz
openbsd-8e507136325b4aead55fd47a2aeb15be4e9da3b0.tar.bz2
openbsd-8e507136325b4aead55fd47a2aeb15be4e9da3b0.zip
1 files changed, 88 insertions, 40 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 62761c32fe..b82cf36f2e 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.152 2017/08/09 17:21:34 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.153 2017/08/09 17:42:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2165,6 +2165,84 @@ _SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)
        return 1;
 }
+static int
+_SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg)
+{
+        ctx->internal->tlsext_servername_arg = arg;
+        return 1;
+}
+static int
+_SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
+{
+        if (keys == NULL)
+                return 48;
+        if (keys_len != 48) {
+                SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);
+                return 0;
+        }
+        memcpy(keys, ctx->internal->tlsext_tick_key_name, 16);
+        memcpy(keys + 16, ctx->internal->tlsext_tick_hmac_key, 16);
+        memcpy(keys + 32, ctx->internal->tlsext_tick_aes_key, 16);
+        return 1;
+}
+static int
+_SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
+{
+        if (keys == NULL)
+                return 48;
+        if (keys_len != 48) {
+                SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);
+                return 0;
+        }
+        memcpy(ctx->internal->tlsext_tick_key_name, keys, 16);
+        memcpy(ctx->internal->tlsext_tick_hmac_key, keys + 16, 16);
+        memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16);
+        return 1;
+}
+static int
+_SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg)
+{
+        ctx->internal->tlsext_status_arg = arg;
+        return 1;
+}
+static int
+_SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *cert)
+{
+        if (ctx->extra_certs == NULL) {
+                if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
+                        return 0;
+        }
+        if (sk_X509_push(ctx->extra_certs, cert) == 0)
+                return 0;
+        return 1;
+}
+int
+_SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs)
+{
+        *certs = ctx->extra_certs;
+        return 1;
+}
+int
+_SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx)
+{
+        sk_X509_pop_free(ctx->extra_certs, X509_free);
+        ctx->extra_certs = NULL;
+        return 1;
+}
 int
 SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)
 {
@@ -2204,55 +2282,25 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                return _SSL_CTX_set_ecdh_auto(ctx, larg);
        case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
-                ctx->internal->tlsext_servername_arg = parg;
+                return _SSL_CTX_set_tlsext_servername_arg(ctx, parg);
-                break;
-        case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
        case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
-                {
+                return _SSL_CTX_get_tlsext_ticket_keys(ctx, parg, larg);
-                        unsigned char *keys = parg;
-                        if (!keys)
+        case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
-                                return 48;
+                return _SSL_CTX_set_tlsext_ticket_keys(ctx, parg, larg);
-                        if (larg != 48) {
-                                SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);
-                                return 0;
-                        }
-                        if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
-                                memcpy(ctx->internal->tlsext_tick_key_name, keys, 16);
-                                memcpy(ctx->internal->tlsext_tick_hmac_key,
-                                    keys + 16, 16);
-                                memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16);
-                        } else {
-                                memcpy(keys, ctx->internal->tlsext_tick_key_name, 16);
-                                memcpy(keys + 16,
-                                    ctx->internal->tlsext_tick_hmac_key, 16);
-                                memcpy(keys + 32,
-                                    ctx->internal->tlsext_tick_aes_key, 16);
-                        }
-                        return 1;
-                }
        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
-                ctx->internal->tlsext_status_arg = parg;
+                return _SSL_CTX_set_tlsext_status_arg(ctx, parg);
-                return 1;
-                /* A Thawte special :-) */
        case SSL_CTRL_EXTRA_CHAIN_CERT:
-                if (ctx->extra_certs == NULL) {
+                return _SSL_CTX_add_extra_chain_cert(ctx, parg);
-                        if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
-                                return (0);
-                }
-                sk_X509_push(ctx->extra_certs,(X509 *)parg);
-                break;
        case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
-                *(STACK_OF(X509) **)parg = ctx->extra_certs;
+                return _SSL_CTX_get_extra_chain_certs(ctx, parg);
-                break;
        case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
-                sk_X509_pop_free(ctx->extra_certs, X509_free);
+                return _SSL_CTX_clear_extra_chain_certs(ctx);
-                ctx->extra_certs = NULL;
-                break;
        case SSL_CTRL_SET_GROUPS:
                return SSL_CTX_set1_groups(ctx, parg, larg);
author	jsing <>	2017-08-09 17:42:12 +0000
committer	jsing <>	2017-08-09 17:42:12 +0000
commit	8e507136325b4aead55fd47a2aeb15be4e9da3b0 (patch)
tree	591aa87af9b1f951a1ae6c1a2886b709d5e152ea /src/lib
parent	c761fbd9220174379f2df5d4ed4e6a9050f80910 (diff)
download	openbsd-8e507136325b4aead55fd47a2aeb15be4e9da3b0.tar.gz openbsd-8e507136325b4aead55fd47a2aeb15be4e9da3b0.tar.bz2 openbsd-8e507136325b4aead55fd47a2aeb15be4e9da3b0.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 62761c32fe..b82cf36f2e 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.152 2017/08/09 17:21:34 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.153 2017/08/09 17:42:12 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2165,6 +2165,84 @@ _SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)
2165	return 1;	2165	return 1;
2166	}	2166	}
2167		2167
		2168	static int
		2169	_SSL_CTX_set_tlsext_servername_arg(SSL_CTX ctx, void arg)
		2170	{
		2171	ctx->internal->tlsext_servername_arg = arg;
		2172	return 1;
		2173	}
		2174
		2175	static int
		2176	_SSL_CTX_get_tlsext_ticket_keys(SSL_CTX ctx, unsigned char keys, int keys_len)
		2177	{
		2178	if (keys == NULL)
		2179	return 48;
		2180
		2181	if (keys_len != 48) {
		2182	SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);
		2183	return 0;
		2184	}
		2185
		2186	memcpy(keys, ctx->internal->tlsext_tick_key_name, 16);
		2187	memcpy(keys + 16, ctx->internal->tlsext_tick_hmac_key, 16);
		2188	memcpy(keys + 32, ctx->internal->tlsext_tick_aes_key, 16);
		2189
		2190	return 1;
		2191	}
		2192
		2193	static int
		2194	_SSL_CTX_set_tlsext_ticket_keys(SSL_CTX ctx, unsigned char keys, int keys_len)
		2195	{
		2196	if (keys == NULL)
		2197	return 48;
		2198
		2199	if (keys_len != 48) {
		2200	SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);
		2201	return 0;
		2202	}
		2203
		2204	memcpy(ctx->internal->tlsext_tick_key_name, keys, 16);
		2205	memcpy(ctx->internal->tlsext_tick_hmac_key, keys + 16, 16);
		2206	memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16);
		2207
		2208	return 1;
		2209	}
		2210
		2211	static int
		2212	_SSL_CTX_set_tlsext_status_arg(SSL_CTX ctx, void arg)
		2213	{
		2214	ctx->internal->tlsext_status_arg = arg;
		2215	return 1;
		2216	}
		2217
		2218	static int
		2219	_SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 cert)
		2220	{
		2221	if (ctx->extra_certs == NULL) {
		2222	if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
		2223	return 0;
		2224	}
		2225	if (sk_X509_push(ctx->extra_certs, cert) == 0)
		2226	return 0;
		2227
		2228	return 1;
		2229	}
		2230
		2231	int
		2232	_SSL_CTX_get_extra_chain_certs(SSL_CTX ctx, STACK_OF(X509) *certs)
		2233	{
		2234	*certs = ctx->extra_certs;
		2235	return 1;
		2236	}
		2237
		2238	int
		2239	_SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx)
		2240	{
		2241	sk_X509_pop_free(ctx->extra_certs, X509_free);
		2242	ctx->extra_certs = NULL;
		2243	return 1;
		2244	}
		2245
2168	int	2246	int
2169	SSL_CTX_set1_groups(SSL_CTX ctx, const int groups, size_t groups_len)	2247	SSL_CTX_set1_groups(SSL_CTX ctx, const int groups, size_t groups_len)
2170	{	2248	{
@@ -2204,55 +2282,25 @@ ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
2204	return _SSL_CTX_set_ecdh_auto(ctx, larg);	2282	return _SSL_CTX_set_ecdh_auto(ctx, larg);
2205		2283
2206	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:	2284	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2207	ctx->internal->tlsext_servername_arg = parg;	2285	return _SSL_CTX_set_tlsext_servername_arg(ctx, parg);
2208	break;
2209		2286
2210	case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2211	case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:	2287	case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2212	{	2288	return _SSL_CTX_get_tlsext_ticket_keys(ctx, parg, larg);
2213	unsigned char *keys = parg;	2289
2214	if (!keys)	2290	case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2215	return 48;	2291	return _SSL_CTX_set_tlsext_ticket_keys(ctx, parg, larg);
2216	if (larg != 48) {
2217	SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);
2218	return 0;
2219	}
2220	if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
2221	memcpy(ctx->internal->tlsext_tick_key_name, keys, 16);
2222	memcpy(ctx->internal->tlsext_tick_hmac_key,
2223	keys + 16, 16);
2224	memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16);
2225	} else {
2226	memcpy(keys, ctx->internal->tlsext_tick_key_name, 16);
2227	memcpy(keys + 16,
2228	ctx->internal->tlsext_tick_hmac_key, 16);
2229	memcpy(keys + 32,
2230	ctx->internal->tlsext_tick_aes_key, 16);
2231	}
2232	return 1;
2233	}
2234		2292
2235	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:	2293	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2236	ctx->internal->tlsext_status_arg = parg;	2294	return _SSL_CTX_set_tlsext_status_arg(ctx, parg);
2237	return 1;
2238		2295
2239	/* A Thawte special :-) */
2240	case SSL_CTRL_EXTRA_CHAIN_CERT:	2296	case SSL_CTRL_EXTRA_CHAIN_CERT:
2241	if (ctx->extra_certs == NULL) {	2297	return _SSL_CTX_add_extra_chain_cert(ctx, parg);
2242	if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
2243	return (0);
2244	}
2245	sk_X509_push(ctx->extra_certs,(X509 *)parg);
2246	break;
2247		2298
2248	case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:	2299	case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
2249	(STACK_OF(X509) *)parg = ctx->extra_certs;	2300	return _SSL_CTX_get_extra_chain_certs(ctx, parg);
2250	break;
2251		2301
2252	case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:	2302	case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
2253	sk_X509_pop_free(ctx->extra_certs, X509_free);	2303	return _SSL_CTX_clear_extra_chain_certs(ctx);
2254	ctx->extra_certs = NULL;
2255	break;
2256		2304
2257	case SSL_CTRL_SET_GROUPS:	2305	case SSL_CTRL_SET_GROUPS:
2258	return SSL_CTX_set1_groups(ctx, parg, larg);	2306	return SSL_CTX_set1_groups(ctx, parg, larg);