diff options
| author | beck <> | 2017-01-22 05:14:42 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-22 05:14:42 +0000 |
| commit | 107eff56043a3070d462256dca1675a3db9d9eab (patch) | |
| tree | 1dd02af01decfe687352fed17d256637812f231a /src | |
| parent | 4e41b8e085c03099d680e9806dd3eea21afb86fe (diff) | |
| download | openbsd-107eff56043a3070d462256dca1675a3db9d9eab.tar.gz openbsd-107eff56043a3070d462256dca1675a3db9d9eab.tar.bz2 openbsd-107eff56043a3070d462256dca1675a3db9d9eab.zip | |
Move internal parts of ssl_session_st to internal
ok jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl.h | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 8 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 18 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 48 |
4 files changed, 40 insertions, 40 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index c8be3db253..b0f54100e2 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.104 2017/01/22 04:07:44 jsing Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.105 2017/01/22 05:14:42 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -507,10 +507,6 @@ struct ssl_session_st { | |||
| 507 | * efficient and to implement a maximum cache size. */ | 507 | * efficient and to implement a maximum cache size. */ |
| 508 | struct ssl_session_st *prev, *next; | 508 | struct ssl_session_st *prev, *next; |
| 509 | char *tlsext_hostname; | 509 | char *tlsext_hostname; |
| 510 | size_t tlsext_ecpointformatlist_length; | ||
| 511 | uint8_t *tlsext_ecpointformatlist; /* peer's list */ | ||
| 512 | size_t tlsext_ellipticcurvelist_length; | ||
| 513 | uint16_t *tlsext_ellipticcurvelist; /* peer's list */ | ||
| 514 | 510 | ||
| 515 | /* RFC4507 info */ | 511 | /* RFC4507 info */ |
| 516 | unsigned char *tlsext_tick; /* Session ticket */ | 512 | unsigned char *tlsext_tick; /* Session ticket */ |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index ab18ae1c83..b8b5dd0b1b 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.147 2017/01/22 04:07:44 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.148 2017/01/22 05:14:42 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -373,8 +373,12 @@ __BEGIN_HIDDEN_DECLS | |||
| 373 | #define NAMED_CURVE_TYPE 3 | 373 | #define NAMED_CURVE_TYPE 3 |
| 374 | 374 | ||
| 375 | typedef struct ssl_session_internal_st { | 375 | typedef struct ssl_session_internal_st { |
| 376 | 376 | size_t tlsext_ecpointformatlist_length; | |
| 377 | uint8_t *tlsext_ecpointformatlist; /* peer's list */ | ||
| 378 | size_t tlsext_ellipticcurvelist_length; | ||
| 379 | uint16_t *tlsext_ellipticcurvelist; /* peer's list */ | ||
| 377 | } SSL_SESSION_INTERNAL; | 380 | } SSL_SESSION_INTERNAL; |
| 381 | #define SSI(s) (s->session->internal) | ||
| 378 | 382 | ||
| 379 | typedef struct ssl_ctx_internal_st { | 383 | typedef struct ssl_ctx_internal_st { |
| 380 | uint16_t min_version; | 384 | uint16_t min_version; |
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 0970633a86..dc4894c64c 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.54 2017/01/22 03:50:45 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.55 2017/01/22 05:14:42 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -217,10 +217,10 @@ SSL_SESSION_new(void) | |||
| 217 | ss->next = NULL; | 217 | ss->next = NULL; |
| 218 | ss->tlsext_hostname = NULL; | 218 | ss->tlsext_hostname = NULL; |
| 219 | 219 | ||
| 220 | ss->tlsext_ecpointformatlist_length = 0; | 220 | ss->internal->tlsext_ecpointformatlist_length = 0; |
| 221 | ss->tlsext_ecpointformatlist = NULL; | 221 | ss->internal->tlsext_ecpointformatlist = NULL; |
| 222 | ss->tlsext_ellipticcurvelist_length = 0; | 222 | ss->internal->tlsext_ellipticcurvelist_length = 0; |
| 223 | ss->tlsext_ellipticcurvelist = NULL; | 223 | ss->internal->tlsext_ellipticcurvelist = NULL; |
| 224 | 224 | ||
| 225 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 225 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 226 | 226 | ||
| @@ -706,10 +706,10 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 706 | sk_SSL_CIPHER_free(ss->ciphers); | 706 | sk_SSL_CIPHER_free(ss->ciphers); |
| 707 | free(ss->tlsext_hostname); | 707 | free(ss->tlsext_hostname); |
| 708 | free(ss->tlsext_tick); | 708 | free(ss->tlsext_tick); |
| 709 | ss->tlsext_ecpointformatlist_length = 0; | 709 | ss->internal->tlsext_ecpointformatlist_length = 0; |
| 710 | free(ss->tlsext_ecpointformatlist); | 710 | free(ss->internal->tlsext_ecpointformatlist); |
| 711 | ss->tlsext_ellipticcurvelist_length = 0; | 711 | ss->internal->tlsext_ellipticcurvelist_length = 0; |
| 712 | free(ss->tlsext_ellipticcurvelist); | 712 | free(ss->internal->tlsext_ellipticcurvelist); |
| 713 | 713 | ||
| 714 | explicit_bzero(ss->internal, sizeof(*ss->internal)); | 714 | explicit_bzero(ss->internal, sizeof(*ss->internal)); |
| 715 | free(ss->internal); | 715 | free(ss->internal); |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 4e4fa21687..958c105dd9 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.96 2016/12/21 16:44:31 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.97 2017/01/22 05:14:42 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -371,8 +371,8 @@ tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats, | |||
| 371 | size_t *pformatslen) | 371 | size_t *pformatslen) |
| 372 | { | 372 | { |
| 373 | if (client_formats != 0) { | 373 | if (client_formats != 0) { |
| 374 | *pformats = s->session->tlsext_ecpointformatlist; | 374 | *pformats = SSI(s)->tlsext_ecpointformatlist; |
| 375 | *pformatslen = s->session->tlsext_ecpointformatlist_length; | 375 | *pformatslen = SSI(s)->tlsext_ecpointformatlist_length; |
| 376 | return; | 376 | return; |
| 377 | } | 377 | } |
| 378 | 378 | ||
| @@ -394,8 +394,8 @@ tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves, | |||
| 394 | size_t *pcurveslen) | 394 | size_t *pcurveslen) |
| 395 | { | 395 | { |
| 396 | if (client_curves != 0) { | 396 | if (client_curves != 0) { |
| 397 | *pcurves = s->session->tlsext_ellipticcurvelist; | 397 | *pcurves = SSI(s)->tlsext_ellipticcurvelist; |
| 398 | *pcurveslen = s->session->tlsext_ellipticcurvelist_length; | 398 | *pcurveslen = SSI(s)->tlsext_ellipticcurvelist_length; |
| 399 | return; | 399 | return; |
| 400 | } | 400 | } |
| 401 | 401 | ||
| @@ -956,7 +956,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 956 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 956 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 957 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 957 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 958 | using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && | 958 | using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && |
| 959 | s->session->tlsext_ecpointformatlist != NULL; | 959 | SSI(s)->tlsext_ecpointformatlist != NULL; |
| 960 | 960 | ||
| 961 | ret += 2; | 961 | ret += 2; |
| 962 | if (ret >= limit) | 962 | if (ret >= limit) |
| @@ -1343,9 +1343,9 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1343 | } | 1343 | } |
| 1344 | 1344 | ||
| 1345 | if (!s->hit) { | 1345 | if (!s->hit) { |
| 1346 | free(s->session->tlsext_ecpointformatlist); | 1346 | free(SSI(s)->tlsext_ecpointformatlist); |
| 1347 | s->session->tlsext_ecpointformatlist = NULL; | 1347 | SSI(s)->tlsext_ecpointformatlist = NULL; |
| 1348 | s->session->tlsext_ecpointformatlist_length = 0; | 1348 | SSI(s)->tlsext_ecpointformatlist_length = 0; |
| 1349 | 1349 | ||
| 1350 | if ((formats = reallocarray(NULL, formatslen, | 1350 | if ((formats = reallocarray(NULL, formatslen, |
| 1351 | sizeof(uint8_t))) == NULL) { | 1351 | sizeof(uint8_t))) == NULL) { |
| @@ -1353,8 +1353,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1353 | return 0; | 1353 | return 0; |
| 1354 | } | 1354 | } |
| 1355 | memcpy(formats, sdata, formatslen); | 1355 | memcpy(formats, sdata, formatslen); |
| 1356 | s->session->tlsext_ecpointformatlist = formats; | 1356 | SSI(s)->tlsext_ecpointformatlist = formats; |
| 1357 | s->session->tlsext_ecpointformatlist_length = | 1357 | SSI(s)->tlsext_ecpointformatlist_length = |
| 1358 | formatslen; | 1358 | formatslen; |
| 1359 | } | 1359 | } |
| 1360 | } else if (type == TLSEXT_TYPE_elliptic_curves && | 1360 | } else if (type == TLSEXT_TYPE_elliptic_curves && |
| @@ -1375,11 +1375,11 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1375 | curveslen /= 2; | 1375 | curveslen /= 2; |
| 1376 | 1376 | ||
| 1377 | if (!s->hit) { | 1377 | if (!s->hit) { |
| 1378 | if (s->session->tlsext_ellipticcurvelist) { | 1378 | if (SSI(s)->tlsext_ellipticcurvelist) { |
| 1379 | *al = TLS1_AD_DECODE_ERROR; | 1379 | *al = TLS1_AD_DECODE_ERROR; |
| 1380 | return 0; | 1380 | return 0; |
| 1381 | } | 1381 | } |
| 1382 | s->session->tlsext_ellipticcurvelist_length = 0; | 1382 | SSI(s)->tlsext_ellipticcurvelist_length = 0; |
| 1383 | if ((curves = reallocarray(NULL, curveslen, | 1383 | if ((curves = reallocarray(NULL, curveslen, |
| 1384 | sizeof(uint16_t))) == NULL) { | 1384 | sizeof(uint16_t))) == NULL) { |
| 1385 | *al = TLS1_AD_INTERNAL_ERROR; | 1385 | *al = TLS1_AD_INTERNAL_ERROR; |
| @@ -1387,8 +1387,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1387 | } | 1387 | } |
| 1388 | for (i = 0; i < curveslen; i++) | 1388 | for (i = 0; i < curveslen; i++) |
| 1389 | n2s(sdata, curves[i]); | 1389 | n2s(sdata, curves[i]); |
| 1390 | s->session->tlsext_ellipticcurvelist = curves; | 1390 | SSI(s)->tlsext_ellipticcurvelist = curves; |
| 1391 | s->session->tlsext_ellipticcurvelist_length = curveslen; | 1391 | SSI(s)->tlsext_ellipticcurvelist_length = curveslen; |
| 1392 | } | 1392 | } |
| 1393 | } | 1393 | } |
| 1394 | else if (type == TLSEXT_TYPE_session_ticket) { | 1394 | else if (type == TLSEXT_TYPE_session_ticket) { |
| @@ -1671,9 +1671,9 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) | |||
| 1671 | } | 1671 | } |
| 1672 | 1672 | ||
| 1673 | if (!s->hit) { | 1673 | if (!s->hit) { |
| 1674 | free(s->session->tlsext_ecpointformatlist); | 1674 | free(SSI(s)->tlsext_ecpointformatlist); |
| 1675 | s->session->tlsext_ecpointformatlist = NULL; | 1675 | SSI(s)->tlsext_ecpointformatlist = NULL; |
| 1676 | s->session->tlsext_ecpointformatlist_length = 0; | 1676 | SSI(s)->tlsext_ecpointformatlist_length = 0; |
| 1677 | 1677 | ||
| 1678 | if ((formats = reallocarray(NULL, formatslen, | 1678 | if ((formats = reallocarray(NULL, formatslen, |
| 1679 | sizeof(uint8_t))) == NULL) { | 1679 | sizeof(uint8_t))) == NULL) { |
| @@ -1681,8 +1681,8 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al) | |||
| 1681 | return 0; | 1681 | return 0; |
| 1682 | } | 1682 | } |
| 1683 | memcpy(formats, sdata, formatslen); | 1683 | memcpy(formats, sdata, formatslen); |
| 1684 | s->session->tlsext_ecpointformatlist = formats; | 1684 | SSI(s)->tlsext_ecpointformatlist = formats; |
| 1685 | s->session->tlsext_ecpointformatlist_length = | 1685 | SSI(s)->tlsext_ecpointformatlist_length = |
| 1686 | formatslen; | 1686 | formatslen; |
| 1687 | } | 1687 | } |
| 1688 | } | 1688 | } |
| @@ -1946,15 +1946,15 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1946 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 1946 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 1947 | if ((s->tlsext_ecpointformatlist != NULL) && | 1947 | if ((s->tlsext_ecpointformatlist != NULL) && |
| 1948 | (s->tlsext_ecpointformatlist_length > 0) && | 1948 | (s->tlsext_ecpointformatlist_length > 0) && |
| 1949 | (s->session->tlsext_ecpointformatlist != NULL) && | 1949 | (SSI(s)->tlsext_ecpointformatlist != NULL) && |
| 1950 | (s->session->tlsext_ecpointformatlist_length > 0) && | 1950 | (SSI(s)->tlsext_ecpointformatlist_length > 0) && |
| 1951 | ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { | 1951 | ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { |
| 1952 | /* we are using an ECC cipher */ | 1952 | /* we are using an ECC cipher */ |
| 1953 | size_t i; | 1953 | size_t i; |
| 1954 | unsigned char *list; | 1954 | unsigned char *list; |
| 1955 | int found_uncompressed = 0; | 1955 | int found_uncompressed = 0; |
| 1956 | list = s->session->tlsext_ecpointformatlist; | 1956 | list = SSI(s)->tlsext_ecpointformatlist; |
| 1957 | for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) { | 1957 | for (i = 0; i < SSI(s)->tlsext_ecpointformatlist_length; i++) { |
| 1958 | if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) { | 1958 | if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) { |
| 1959 | found_uncompressed = 1; | 1959 | found_uncompressed = 1; |
| 1960 | break; | 1960 | break; |