Start splitting out SSL_CTX controls into individual functions, so that

they can eventually be exposed as direct functions/symbols.
author: jsing <> 2017-08-09 17:21:34 +0000
committer: jsing <> 2017-08-09 17:21:34 +0000
commit: c761fbd9220174379f2df5d4ed4e6a9050f80910 (patch)
tree: cbed44b2b43429a18fb79e17809fd77381db3eb9 /src/lib
parent: 809bf4325b667e7dcc0862b179cc7db32f895737 (diff)
download: openbsd-c761fbd9220174379f2df5d4ed4e6a9050f80910.tar.gz
openbsd-c761fbd9220174379f2df5d4ed4e6a9050f80910.tar.bz2
openbsd-c761fbd9220174379f2df5d4ed4e6a9050f80910.zip
1 files changed, 92 insertions, 71 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e3fcf59822..62761c32fe 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.151 2017/08/09 16:50:00 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.152 2017/08/09 17:21:34 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2107,73 +2107,101 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
        return (ret);
 }
-long
+static int
-ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+_SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
 {
-        CERT    *cert;
+        DH *dh_tmp;
-        cert = ctx->internal->cert;
+        if ((dh_tmp = DHparams_dup(dh)) == NULL) {
+                SSLerrorx(ERR_R_DH_LIB);
+                return 0;
+        }
-        switch (cmd) {
+        DH_free(ctx->internal->cert->dh_tmp);
-        case SSL_CTRL_NEED_TMP_RSA:
+        ctx->internal->cert->dh_tmp = dh_tmp;
-                return (0);
-        case SSL_CTRL_SET_TMP_RSA:
-        case SSL_CTRL_SET_TMP_RSA_CB:
-                SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return (0);
-        case SSL_CTRL_SET_TMP_DH:
-                {
-                        DH *new = NULL, *dh;
-                        dh = (DH *)parg;
+        return 1;
-                        if ((new = DHparams_dup(dh)) == NULL) {
+}
-                                SSLerrorx(ERR_R_DH_LIB);
-                                return 0;
+static int
-                        }
+_SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)
-                        DH_free(cert->dh_tmp);
+{
-                        cert->dh_tmp = new;
+        ctx->internal->cert->dh_tmp_auto = state;
-                        return 1;
+        return 1;
+}
+static int
+_SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh)
+{
+        EC_KEY *ecdh_tmp;
+        if (ecdh == NULL) {
+                SSLerrorx(ERR_R_ECDH_LIB);
+                return 0;
+        }
+        if ((ecdh_tmp = EC_KEY_dup(ecdh)) == NULL) {
+                SSLerrorx(ERR_R_EC_LIB);
+                return 0;
+        }
+        if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
+                if (!EC_KEY_generate_key(ecdh_tmp)) {
+                        EC_KEY_free(ecdh_tmp);
+                        SSLerrorx(ERR_R_ECDH_LIB);
+                        return 0;
                }
-                /*break; */
+        }
+        EC_KEY_free(ctx->internal->cert->ecdh_tmp);
+        ctx->internal->cert->ecdh_tmp = ecdh_tmp;
+        return 1;
+}
+static int
+_SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)
+{
+        ctx->internal->cert->ecdh_tmp_auto = state;
+        return 1;
+}
+int
+SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)
+{
+        return tls1_set_groups(&ctx->internal->tlsext_supportedgroups,
+            &ctx->internal->tlsext_supportedgroups_length, groups, groups_len);
+}
+int
+SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups)
+{
+        return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups,
+            &ctx->internal->tlsext_supportedgroups_length, groups);
+}
+long
+ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+        switch (cmd) {
+        case SSL_CTRL_SET_TMP_DH:
+                return _SSL_CTX_set_tmp_dh(ctx, parg);
        case SSL_CTRL_SET_TMP_DH_CB:
                SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return (0);
+                return 0;
        case SSL_CTRL_SET_DH_AUTO:
-                ctx->internal->cert->dh_tmp_auto = larg;
+                return _SSL_CTX_set_dh_auto(ctx, larg);
-                return (1);
        case SSL_CTRL_SET_TMP_ECDH:
-                {
+                return _SSL_CTX_set_tmp_ecdh(ctx, parg);
-                        EC_KEY *ecdh = NULL;
-                        if (parg == NULL) {
-                                SSLerrorx(ERR_R_ECDH_LIB);
-                                return 0;
-                        }
-                        ecdh = EC_KEY_dup((EC_KEY *)parg);
-                        if (ecdh == NULL) {
-                                SSLerrorx(ERR_R_EC_LIB);
-                                return 0;
-                        }
-                        if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
-                                if (!EC_KEY_generate_key(ecdh)) {
-                                        EC_KEY_free(ecdh);
-                                        SSLerrorx(ERR_R_ECDH_LIB);
-                                        return 0;
-                                }
-                        }
-                        EC_KEY_free(cert->ecdh_tmp);
-                        cert->ecdh_tmp = ecdh;
-                        return 1;
-                }
-                /* break; */
        case SSL_CTRL_SET_TMP_ECDH_CB:
                SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return (0);
+                return 0;
+        case SSL_CTRL_SET_ECDH_AUTO:
+                return _SSL_CTX_set_ecdh_auto(ctx, larg);
        case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
                ctx->internal->tlsext_servername_arg = parg;
@@ -2208,10 +2236,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                ctx->internal->tlsext_status_arg = parg;
                return 1;
-        case SSL_CTRL_SET_ECDH_AUTO:
-                ctx->internal->cert->ecdh_tmp_auto = larg;
-                return 1;
                /* A Thawte special :-) */
        case SSL_CTRL_EXTRA_CHAIN_CERT:
                if (ctx->extra_certs == NULL) {
@@ -2246,26 +2270,23 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                        return (0);
                return SSL_CTX_set_max_proto_version(ctx, larg);
+        /*
+         * Legacy controls that should eventually be removed.
+         */
+        case SSL_CTRL_NEED_TMP_RSA:
+                return 0;
+        case SSL_CTRL_SET_TMP_RSA:
+        case SSL_CTRL_SET_TMP_RSA_CB:
+                SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
        default:
                return (0);
        }
        return (1);
 }
-int
-SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)
-{
-        return tls1_set_groups(&ctx->internal->tlsext_supportedgroups,
-            &ctx->internal->tlsext_supportedgroups_length, groups, groups_len);
-}
-int
-SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups)
-{
-        return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups,
-            &ctx->internal->tlsext_supportedgroups_length, groups);
-}
 long
 ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 {
author	jsing <>	2017-08-09 17:21:34 +0000
committer	jsing <>	2017-08-09 17:21:34 +0000
commit	c761fbd9220174379f2df5d4ed4e6a9050f80910 (patch)
tree	cbed44b2b43429a18fb79e17809fd77381db3eb9 /src/lib
parent	809bf4325b667e7dcc0862b179cc7db32f895737 (diff)
download	openbsd-c761fbd9220174379f2df5d4ed4e6a9050f80910.tar.gz openbsd-c761fbd9220174379f2df5d4ed4e6a9050f80910.tar.bz2 openbsd-c761fbd9220174379f2df5d4ed4e6a9050f80910.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index e3fcf59822..62761c32fe 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.151 2017/08/09 16:50:00 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.152 2017/08/09 17:21:34 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2107,73 +2107,101 @@ ssl3_callback_ctrl(SSL s, int cmd, void (fp)(void))
2107	return (ret);	2107	return (ret);
2108	}	2108	}
2109		2109
2110	long	2110	static int
2111	ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)	2111	_SSL_CTX_set_tmp_dh(SSL_CTX ctx, DH dh)
2112	{	2112	{
2113	CERT *cert;	2113	DH *dh_tmp;
2114		2114
2115	cert = ctx->internal->cert;	2115	if ((dh_tmp = DHparams_dup(dh)) == NULL) {
		2116	SSLerrorx(ERR_R_DH_LIB);
		2117	return 0;
		2118	}
2116		2119
2117	switch (cmd) {	2120	DH_free(ctx->internal->cert->dh_tmp);
2118	case SSL_CTRL_NEED_TMP_RSA:	2121	ctx->internal->cert->dh_tmp = dh_tmp;
2119	return (0);
2120	case SSL_CTRL_SET_TMP_RSA:
2121	case SSL_CTRL_SET_TMP_RSA_CB:
2122	SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2123	return (0);
2124	case SSL_CTRL_SET_TMP_DH:
2125	{
2126	DH new = NULL, dh;
2127		2122
2128	dh = (DH *)parg;	2123	return 1;
2129	if ((new = DHparams_dup(dh)) == NULL) {	2124	}
2130	SSLerrorx(ERR_R_DH_LIB);	2125
2131	return 0;	2126	static int
2132	}	2127	_SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)
2133	DH_free(cert->dh_tmp);	2128	{
2134	cert->dh_tmp = new;	2129	ctx->internal->cert->dh_tmp_auto = state;
2135	return 1;	2130	return 1;
		2131	}
		2132
		2133	static int
		2134	_SSL_CTX_set_tmp_ecdh(SSL_CTX ctx, EC_KEY ecdh)
		2135	{
		2136	EC_KEY *ecdh_tmp;
		2137
		2138	if (ecdh == NULL) {
		2139	SSLerrorx(ERR_R_ECDH_LIB);
		2140	return 0;
		2141	}
		2142
		2143	if ((ecdh_tmp = EC_KEY_dup(ecdh)) == NULL) {
		2144	SSLerrorx(ERR_R_EC_LIB);
		2145	return 0;
		2146	}
		2147	if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
		2148	if (!EC_KEY_generate_key(ecdh_tmp)) {
		2149	EC_KEY_free(ecdh_tmp);
		2150	SSLerrorx(ERR_R_ECDH_LIB);
		2151	return 0;
2136	}	2152	}
2137	/break; /	2153	}
		2154
		2155	EC_KEY_free(ctx->internal->cert->ecdh_tmp);
		2156	ctx->internal->cert->ecdh_tmp = ecdh_tmp;
		2157
		2158	return 1;
		2159	}
		2160
		2161	static int
		2162	_SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)
		2163	{
		2164	ctx->internal->cert->ecdh_tmp_auto = state;
		2165	return 1;
		2166	}
		2167
		2168	int
		2169	SSL_CTX_set1_groups(SSL_CTX ctx, const int groups, size_t groups_len)
		2170	{
		2171	return tls1_set_groups(&ctx->internal->tlsext_supportedgroups,
		2172	&ctx->internal->tlsext_supportedgroups_length, groups, groups_len);
		2173	}
		2174
		2175	int
		2176	SSL_CTX_set1_groups_list(SSL_CTX ctx, const char groups)
		2177	{
		2178	return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups,
		2179	&ctx->internal->tlsext_supportedgroups_length, groups);
		2180	}
		2181
		2182	long
		2183	ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
		2184	{
		2185	switch (cmd) {
		2186	case SSL_CTRL_SET_TMP_DH:
		2187	return _SSL_CTX_set_tmp_dh(ctx, parg);
2138		2188
2139	case SSL_CTRL_SET_TMP_DH_CB:	2189	case SSL_CTRL_SET_TMP_DH_CB:
2140	SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);	2190	SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2141	return (0);	2191	return 0;
2142		2192
2143	case SSL_CTRL_SET_DH_AUTO:	2193	case SSL_CTRL_SET_DH_AUTO:
2144	ctx->internal->cert->dh_tmp_auto = larg;	2194	return _SSL_CTX_set_dh_auto(ctx, larg);
2145	return (1);
2146		2195
2147	case SSL_CTRL_SET_TMP_ECDH:	2196	case SSL_CTRL_SET_TMP_ECDH:
2148	{	2197	return _SSL_CTX_set_tmp_ecdh(ctx, parg);
2149	EC_KEY *ecdh = NULL;
2150
2151	if (parg == NULL) {
2152	SSLerrorx(ERR_R_ECDH_LIB);
2153	return 0;
2154	}
2155	ecdh = EC_KEY_dup((EC_KEY *)parg);
2156	if (ecdh == NULL) {
2157	SSLerrorx(ERR_R_EC_LIB);
2158	return 0;
2159	}
2160	if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
2161	if (!EC_KEY_generate_key(ecdh)) {
2162	EC_KEY_free(ecdh);
2163	SSLerrorx(ERR_R_ECDH_LIB);
2164	return 0;
2165	}
2166	}
2167
2168	EC_KEY_free(cert->ecdh_tmp);
2169	cert->ecdh_tmp = ecdh;
2170	return 1;
2171	}
2172	/* break; */
2173		2198
2174	case SSL_CTRL_SET_TMP_ECDH_CB:	2199	case SSL_CTRL_SET_TMP_ECDH_CB:
2175	SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);	2200	SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2176	return (0);	2201	return 0;
		2202
		2203	case SSL_CTRL_SET_ECDH_AUTO:
		2204	return _SSL_CTX_set_ecdh_auto(ctx, larg);
2177		2205
2178	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:	2206	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2179	ctx->internal->tlsext_servername_arg = parg;	2207	ctx->internal->tlsext_servername_arg = parg;
@@ -2208,10 +2236,6 @@ ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
2208	ctx->internal->tlsext_status_arg = parg;	2236	ctx->internal->tlsext_status_arg = parg;
2209	return 1;	2237	return 1;
2210		2238
2211	case SSL_CTRL_SET_ECDH_AUTO:
2212	ctx->internal->cert->ecdh_tmp_auto = larg;
2213	return 1;
2214
2215	/* A Thawte special :-) */	2239	/* A Thawte special :-) */
2216	case SSL_CTRL_EXTRA_CHAIN_CERT:	2240	case SSL_CTRL_EXTRA_CHAIN_CERT:
2217	if (ctx->extra_certs == NULL) {	2241	if (ctx->extra_certs == NULL) {
@@ -2246,26 +2270,23 @@ ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
2246	return (0);	2270	return (0);
2247	return SSL_CTX_set_max_proto_version(ctx, larg);	2271	return SSL_CTX_set_max_proto_version(ctx, larg);
2248		2272
		2273	/*
		2274	* Legacy controls that should eventually be removed.
		2275	*/
		2276	case SSL_CTRL_NEED_TMP_RSA:
		2277	return 0;
		2278
		2279	case SSL_CTRL_SET_TMP_RSA:
		2280	case SSL_CTRL_SET_TMP_RSA_CB:
		2281	SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		2282	return 0;
		2283
2249	default:	2284	default:
2250	return (0);	2285	return (0);
2251	}	2286	}
2252	return (1);	2287	return (1);
2253	}	2288	}
2254		2289
2255	int
2256	SSL_CTX_set1_groups(SSL_CTX ctx, const int groups, size_t groups_len)
2257	{
2258	return tls1_set_groups(&ctx->internal->tlsext_supportedgroups,
2259	&ctx->internal->tlsext_supportedgroups_length, groups, groups_len);
2260	}
2261
2262	int
2263	SSL_CTX_set1_groups_list(SSL_CTX ctx, const char groups)
2264	{
2265	return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups,
2266	&ctx->internal->tlsext_supportedgroups_length, groups);
2267	}
2268
2269	long	2290	long
2270	ssl3_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))	2291	ssl3_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))
2271	{	2292	{