1 files changed, 66 insertions, 66 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 989165b207..52ad16a697 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.238 2022/08/21 19:39:44 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.239 2022/10/02 16:36:41 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1441,7 +1441,7 @@ ssl3_cipher_get_value(const SSL_CIPHER *c)
 int
 ssl3_pending(const SSL *s)
 {
-        if (s->internal->rstate == SSL_ST_READ_BODY)
+        if (s->rstate == SSL_ST_READ_BODY)
                return 0;
        return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
@@ -1493,13 +1493,13 @@ ssl3_handshake_msg_finish(SSL *s, CBB *handshake)
        if (outlen > INT_MAX)
                goto err;
-        if (!BUF_MEM_grow_clean(s->internal->init_buf, outlen))
+        if (!BUF_MEM_grow_clean(s->init_buf, outlen))
                goto err;
-        memcpy(s->internal->init_buf->data, data, outlen);
+        memcpy(s->init_buf->data, data, outlen);
-        s->internal->init_num = (int)outlen;
+        s->init_num = (int)outlen;
-        s->internal->init_off = 0;
+        s->init_off = 0;
        if (SSL_is_dtls(s)) {
                unsigned long len;
@@ -1572,7 +1572,7 @@ ssl3_free(SSL *s)
        tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
        sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
-        sk_X509_pop_free(s->internal->verified_chain, X509_free);
+        sk_X509_pop_free(s->verified_chain, X509_free);
        tls1_transcript_free(s);
        tls1_transcript_hash_free(s);
@@ -1595,8 +1595,8 @@ ssl3_clear(SSL *s)
        tls1_cleanup_key_block(s);
        sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
-        sk_X509_pop_free(s->internal->verified_chain, X509_free);
+        sk_X509_pop_free(s->verified_chain, X509_free);
-        s->internal->verified_chain = NULL;
+        s->verified_chain = NULL;
        freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
        s->s3->hs.sigalgs = NULL;
@@ -1656,7 +1656,7 @@ ssl3_clear(SSL *s)
        s->s3->num_renegotiations = 0;
        s->s3->in_read_app_data = 0;
-        s->internal->packet_length = 0;
+        s->packet_length = 0;
        s->version = TLS1_VERSION;
        s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
@@ -1725,7 +1725,7 @@ _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
 static int
 _SSL_session_reused(SSL *s)
 {
-        return s->internal->hit;
+        return s->hit;
 }
 static int
@@ -1834,7 +1834,7 @@ _SSL_set_tlsext_host_name(SSL *s, const char *name)
 static int
 _SSL_set_tlsext_debug_arg(SSL *s, void *arg)
 {
-        s->internal->tlsext_debug_arg = arg;
+        s->tlsext_debug_arg = arg;
        return 1;
 }
@@ -1854,7 +1854,7 @@ _SSL_set_tlsext_status_type(SSL *s, int type)
 static int
 _SSL_get_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) **exts)
 {
-        *exts = s->internal->tlsext_ocsp_exts;
+        *exts = s->tlsext_ocsp_exts;
        return 1;
 }
@@ -1862,14 +1862,14 @@ static int
 _SSL_set_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) *exts)
 {
        /* XXX - leak... */
-        s->internal->tlsext_ocsp_exts = exts;
+        s->tlsext_ocsp_exts = exts;
        return 1;
 }
 static int
 _SSL_get_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) **ids)
 {
-        *ids = s->internal->tlsext_ocsp_ids;
+        *ids = s->tlsext_ocsp_ids;
        return 1;
 }
@@ -1877,17 +1877,17 @@ static int
 _SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids)
 {
        /* XXX - leak... */
-        s->internal->tlsext_ocsp_ids = ids;
+        s->tlsext_ocsp_ids = ids;
        return 1;
 }
 static int
 _SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp)
 {
-        if (s->internal->tlsext_ocsp_resp != NULL &&
+        if (s->tlsext_ocsp_resp != NULL &&
-            s->internal->tlsext_ocsp_resp_len < INT_MAX) {
+            s->tlsext_ocsp_resp_len < INT_MAX) {
-                *resp = s->internal->tlsext_ocsp_resp;
+                *resp = s->tlsext_ocsp_resp;
-                return (int)s->internal->tlsext_ocsp_resp_len;
+                return (int)s->tlsext_ocsp_resp_len;
        }
        *resp = NULL;
@@ -1898,15 +1898,15 @@ _SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp)
 static int
 _SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len)
 {
-        free(s->internal->tlsext_ocsp_resp);
+        free(s->tlsext_ocsp_resp);
-        s->internal->tlsext_ocsp_resp = NULL;
+        s->tlsext_ocsp_resp = NULL;
-        s->internal->tlsext_ocsp_resp_len = 0;
+        s->tlsext_ocsp_resp_len = 0;
        if (resp_len < 0)
                return 0;
-        s->internal->tlsext_ocsp_resp = resp;
+        s->tlsext_ocsp_resp = resp;
-        s->internal->tlsext_ocsp_resp_len = (size_t)resp_len;
+        s->tlsext_ocsp_resp_len = (size_t)resp_len;
        return 1;
 }
@@ -1955,15 +1955,15 @@ SSL_clear_chain_certs(SSL *ssl)
 int
 SSL_set1_groups(SSL *s, const int *groups, size_t groups_len)
 {
-        return tls1_set_groups(&s->internal->tlsext_supportedgroups,
+        return tls1_set_groups(&s->tlsext_supportedgroups,
-            &s->internal->tlsext_supportedgroups_length, groups, groups_len);
+            &s->tlsext_supportedgroups_length, groups, groups_len);
 }
 int
 SSL_set1_groups_list(SSL *s, const char *groups)
 {
-        return tls1_set_group_list(&s->internal->tlsext_supportedgroups,
+        return tls1_set_group_list(&s->tlsext_supportedgroups,
-            &s->internal->tlsext_supportedgroups_length, groups);
+            &s->tlsext_supportedgroups_length, groups);
 }
 static int
@@ -2183,7 +2183,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
                return 1;
        case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
-                s->internal->tlsext_debug_cb = (void (*)(SSL *, int , int,
+                s->tlsext_debug_cb = (void (*)(SSL *, int , int,
                    unsigned char *, int, void *))fp;
                return 1;
        }
@@ -2211,8 +2211,8 @@ _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
                return 0;
        }
-        DH_free(ctx->internal->cert->dhe_params);
+        DH_free(ctx->cert->dhe_params);
-        ctx->internal->cert->dhe_params = dhe_params;
+        ctx->cert->dhe_params = dhe_params;
        return 1;
 }
@@ -2220,7 +2220,7 @@ _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
 static int
 _SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)
 {
-        ctx->internal->cert->dhe_params_auto = state;
+        ctx->cert->dhe_params_auto = state;
        return 1;
 }
@@ -2248,7 +2248,7 @@ _SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)
 static int
 _SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg)
 {
-        ctx->internal->tlsext_servername_arg = arg;
+        ctx->tlsext_servername_arg = arg;
        return 1;
 }
@@ -2263,9 +2263,9 @@ _SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
                return 0;
        }
-        memcpy(keys, ctx->internal->tlsext_tick_key_name, 16);
+        memcpy(keys, ctx->tlsext_tick_key_name, 16);
-        memcpy(keys + 16, ctx->internal->tlsext_tick_hmac_key, 16);
+        memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
-        memcpy(keys + 32, ctx->internal->tlsext_tick_aes_key, 16);
+        memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
        return 1;
 }
@@ -2281,9 +2281,9 @@ _SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
                return 0;
        }
-        memcpy(ctx->internal->tlsext_tick_key_name, keys, 16);
+        memcpy(ctx->tlsext_tick_key_name, keys, 16);
-        memcpy(ctx->internal->tlsext_tick_hmac_key, keys + 16, 16);
+        memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
-        memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16);
+        memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
        return 1;
 }
@@ -2291,14 +2291,14 @@ _SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
 static int
 _SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg)
 {
-        *arg = ctx->internal->tlsext_status_arg;
+        *arg = ctx->tlsext_status_arg;
        return 1;
 }
 static int
 _SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg)
 {
-        ctx->internal->tlsext_status_arg = arg;
+        ctx->tlsext_status_arg = arg;
        return 1;
 }
@@ -2331,8 +2331,8 @@ SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain)
 {
        *out_chain = NULL;
-        if (ctx->internal->cert->key != NULL)
+        if (ctx->cert->key != NULL)
-                *out_chain = ctx->internal->cert->key->chain;
+                *out_chain = ctx->cert->key->chain;
        return 1;
 }
@@ -2361,7 +2361,7 @@ _SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs)
 {
        *certs = ctx->extra_certs;
        if (*certs == NULL)
-                *certs = ctx->internal->cert->key->chain;
+                *certs = ctx->cert->key->chain;
        return 1;
 }
@@ -2384,15 +2384,15 @@ _SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx)
 int
 SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)
 {
-        return tls1_set_groups(&ctx->internal->tlsext_supportedgroups,
+        return tls1_set_groups(&ctx->tlsext_supportedgroups,
-            &ctx->internal->tlsext_supportedgroups_length, groups, groups_len);
+            &ctx->tlsext_supportedgroups_length, groups, groups_len);
 }
 int
 SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups)
 {
-        return tls1_set_group_list(&ctx->internal->tlsext_supportedgroups,
+        return tls1_set_group_list(&ctx->tlsext_supportedgroups,
-            &ctx->internal->tlsext_supportedgroups_length, groups);
+            &ctx->tlsext_supportedgroups_length, groups);
 }
 long
@@ -2507,7 +2507,7 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
                return 0;
        case SSL_CTRL_SET_TMP_DH_CB:
-                ctx->internal->cert->dhe_params_cb =
+                ctx->cert->dhe_params_cb =
                    (DH *(*)(SSL *, int, int))fp;
                return 1;
@@ -2515,20 +2515,20 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
                return 1;
        case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
-                ctx->internal->tlsext_servername_callback =
+                ctx->tlsext_servername_callback =
                    (int (*)(SSL *, int *, void *))fp;
                return 1;
        case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
-                *(int (**)(SSL *, void *))fp = ctx->internal->tlsext_status_cb;
+                *(int (**)(SSL *, void *))fp = ctx->tlsext_status_cb;
                return 1;
        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
-                ctx->internal->tlsext_status_cb = (int (*)(SSL *, void *))fp;
+                ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
                return 1;
        case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
-                ctx->internal->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char  *,
+                ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char  *,
                    unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
                return 1;
        }
@@ -2559,7 +2559,7 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
         * but would have to pay with the price of sk_SSL_CIPHER_dup().
         */
-        if (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
                prio = srvr;
                allow = clnt;
        } else {
@@ -2670,13 +2670,13 @@ ssl3_shutdown(SSL *s)
         * Don't do anything much if we have not done the handshake or
         * we don't want to send messages :-)
         */
-        if ((s->internal->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) {
+        if ((s->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) {
-                s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+                s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
                return (1);
        }
-        if (!(s->internal->shutdown & SSL_SENT_SHUTDOWN)) {
+        if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
-                s->internal->shutdown|=SSL_SENT_SHUTDOWN;
+                s->shutdown|=SSL_SENT_SHUTDOWN;
                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
                /*
                 * Our shutdown alert has been sent now, and if it still needs
@@ -2696,15 +2696,15 @@ ssl3_shutdown(SSL *s)
                         */
                        return (ret);
                }
-        } else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+        } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
                /* If we are waiting for a close from our peer, we are closed */
                s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
-                if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+                if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
                        return (-1);    /* return WANT_READ */
                }
        }
-        if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
+        if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
            !s->s3->alert_dispatch)
                return (1);
        else
@@ -2737,16 +2737,16 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek)
            peek);
        if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
                /*
-                 * ssl3_read_bytes decided to call s->internal->handshake_func,
+                 * ssl3_read_bytes decided to call s->handshake_func,
                 * which called ssl3_read_bytes to read handshake data.
                 * However, ssl3_read_bytes actually found application data
                 * and thinks that application data makes sense here; so disable
                 * handshake processing and try to read application data again.
                 */
-                s->internal->in_handshake++;
+                s->in_handshake++;
                ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA,
                    buf, len, peek);
-                s->internal->in_handshake--;
+                s->in_handshake--;
        } else
                s->s3->in_read_app_data = 0;
@@ -2768,7 +2768,7 @@ ssl3_peek(SSL *s, void *buf, int len)
 int
 ssl3_renegotiate(SSL *s)
 {
-        if (s->internal->handshake_func == NULL)
+        if (s->handshake_func == NULL)
                return 1;
        if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 989165b207..52ad16a697 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.238 2022/08/21 19:39:44 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.239 2022/10/02 16:36:41 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1441,7 +1441,7 @@ ssl3_cipher_get_value(const SSL_CIPHER *c)
1441	int	1441	int
1442	ssl3_pending(const SSL *s)	1442	ssl3_pending(const SSL *s)
1443	{	1443	{
1444	if (s->internal->rstate == SSL_ST_READ_BODY)	1444	if (s->rstate == SSL_ST_READ_BODY)
1445	return 0;	1445	return 0;
1446		1446
1447	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?	1447	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
@@ -1493,13 +1493,13 @@ ssl3_handshake_msg_finish(SSL s, CBB handshake)
1493	if (outlen > INT_MAX)	1493	if (outlen > INT_MAX)
1494	goto err;	1494	goto err;
1495		1495
1496	if (!BUF_MEM_grow_clean(s->internal->init_buf, outlen))	1496	if (!BUF_MEM_grow_clean(s->init_buf, outlen))
1497	goto err;	1497	goto err;
1498		1498
1499	memcpy(s->internal->init_buf->data, data, outlen);	1499	memcpy(s->init_buf->data, data, outlen);
1500		1500
1501	s->internal->init_num = (int)outlen;	1501	s->init_num = (int)outlen;
1502	s->internal->init_off = 0;	1502	s->init_off = 0;
1503		1503
1504	if (SSL_is_dtls(s)) {	1504	if (SSL_is_dtls(s)) {
1505	unsigned long len;	1505	unsigned long len;
@@ -1572,7 +1572,7 @@ ssl3_free(SSL *s)
1572	tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);	1572	tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
1573		1573
1574	sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);	1574	sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
1575	sk_X509_pop_free(s->internal->verified_chain, X509_free);	1575	sk_X509_pop_free(s->verified_chain, X509_free);
1576		1576
1577	tls1_transcript_free(s);	1577	tls1_transcript_free(s);
1578	tls1_transcript_hash_free(s);	1578	tls1_transcript_hash_free(s);
@@ -1595,8 +1595,8 @@ ssl3_clear(SSL *s)
1595		1595
1596	tls1_cleanup_key_block(s);	1596	tls1_cleanup_key_block(s);
1597	sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);	1597	sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
1598	sk_X509_pop_free(s->internal->verified_chain, X509_free);	1598	sk_X509_pop_free(s->verified_chain, X509_free);
1599	s->internal->verified_chain = NULL;	1599	s->verified_chain = NULL;
1600		1600
1601	freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);	1601	freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
1602	s->s3->hs.sigalgs = NULL;	1602	s->s3->hs.sigalgs = NULL;
@@ -1656,7 +1656,7 @@ ssl3_clear(SSL *s)
1656	s->s3->num_renegotiations = 0;	1656	s->s3->num_renegotiations = 0;
1657	s->s3->in_read_app_data = 0;	1657	s->s3->in_read_app_data = 0;
1658		1658
1659	s->internal->packet_length = 0;	1659	s->packet_length = 0;
1660	s->version = TLS1_VERSION;	1660	s->version = TLS1_VERSION;
1661		1661
1662	s->s3->hs.state = SSL_ST_BEFORE\|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);	1662	s->s3->hs.state = SSL_ST_BEFORE\|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
@@ -1725,7 +1725,7 @@ _SSL_get_peer_tmp_key(SSL s, EVP_PKEY *key)
1725	static int	1725	static int
1726	_SSL_session_reused(SSL *s)	1726	_SSL_session_reused(SSL *s)
1727	{	1727	{
1728	return s->internal->hit;	1728	return s->hit;
1729	}	1729	}
1730		1730
1731	static int	1731	static int
@@ -1834,7 +1834,7 @@ _SSL_set_tlsext_host_name(SSL s, const char name)
1834	static int	1834	static int
1835	_SSL_set_tlsext_debug_arg(SSL s, void arg)	1835	_SSL_set_tlsext_debug_arg(SSL s, void arg)
1836	{	1836	{
1837	s->internal->tlsext_debug_arg = arg;	1837	s->tlsext_debug_arg = arg;
1838	return 1;	1838	return 1;
1839	}	1839	}
1840		1840
@@ -1854,7 +1854,7 @@ _SSL_set_tlsext_status_type(SSL *s, int type)
1854	static int	1854	static int
1855	_SSL_get_tlsext_status_exts(SSL s, STACK_OF(X509_EXTENSION) *exts)	1855	_SSL_get_tlsext_status_exts(SSL s, STACK_OF(X509_EXTENSION) *exts)
1856	{	1856	{
1857	*exts = s->internal->tlsext_ocsp_exts;	1857	*exts = s->tlsext_ocsp_exts;
1858	return 1;	1858	return 1;
1859	}	1859	}
1860		1860
@@ -1862,14 +1862,14 @@ static int
1862	_SSL_set_tlsext_status_exts(SSL s, STACK_OF(X509_EXTENSION) exts)	1862	_SSL_set_tlsext_status_exts(SSL s, STACK_OF(X509_EXTENSION) exts)
1863	{	1863	{
1864	/* XXX - leak... */	1864	/* XXX - leak... */
1865	s->internal->tlsext_ocsp_exts = exts;	1865	s->tlsext_ocsp_exts = exts;
1866	return 1;	1866	return 1;
1867	}	1867	}
1868		1868
1869	static int	1869	static int
1870	_SSL_get_tlsext_status_ids(SSL s, STACK_OF(OCSP_RESPID) *ids)	1870	_SSL_get_tlsext_status_ids(SSL s, STACK_OF(OCSP_RESPID) *ids)
1871	{	1871	{
1872	*ids = s->internal->tlsext_ocsp_ids;	1872	*ids = s->tlsext_ocsp_ids;
1873	return 1;	1873	return 1;
1874	}	1874	}
1875		1875
@@ -1877,17 +1877,17 @@ static int
1877	_SSL_set_tlsext_status_ids(SSL s, STACK_OF(OCSP_RESPID) ids)	1877	_SSL_set_tlsext_status_ids(SSL s, STACK_OF(OCSP_RESPID) ids)
1878	{	1878	{
1879	/* XXX - leak... */	1879	/* XXX - leak... */
1880	s->internal->tlsext_ocsp_ids = ids;	1880	s->tlsext_ocsp_ids = ids;
1881	return 1;	1881	return 1;
1882	}	1882	}
1883		1883
1884	static int	1884	static int
1885	_SSL_get_tlsext_status_ocsp_resp(SSL s, unsigned char *resp)	1885	_SSL_get_tlsext_status_ocsp_resp(SSL s, unsigned char *resp)
1886	{	1886	{
1887	if (s->internal->tlsext_ocsp_resp != NULL &&	1887	if (s->tlsext_ocsp_resp != NULL &&
1888	s->internal->tlsext_ocsp_resp_len < INT_MAX) {	1888	s->tlsext_ocsp_resp_len < INT_MAX) {
1889	*resp = s->internal->tlsext_ocsp_resp;	1889	*resp = s->tlsext_ocsp_resp;
1890	return (int)s->internal->tlsext_ocsp_resp_len;	1890	return (int)s->tlsext_ocsp_resp_len;
1891	}	1891	}
1892		1892
1893	*resp = NULL;	1893	*resp = NULL;
@@ -1898,15 +1898,15 @@ _SSL_get_tlsext_status_ocsp_resp(SSL s, unsigned char *resp)
1898	static int	1898	static int
1899	_SSL_set_tlsext_status_ocsp_resp(SSL s, unsigned char resp, int resp_len)	1899	_SSL_set_tlsext_status_ocsp_resp(SSL s, unsigned char resp, int resp_len)
1900	{	1900	{
1901	free(s->internal->tlsext_ocsp_resp);	1901	free(s->tlsext_ocsp_resp);
1902	s->internal->tlsext_ocsp_resp = NULL;	1902	s->tlsext_ocsp_resp = NULL;
1903	s->internal->tlsext_ocsp_resp_len = 0;	1903	s->tlsext_ocsp_resp_len = 0;
1904		1904
1905	if (resp_len < 0)	1905	if (resp_len < 0)
1906	return 0;	1906	return 0;
1907		1907
1908	s->internal->tlsext_ocsp_resp = resp;	1908	s->tlsext_ocsp_resp = resp;
1909	s->internal->tlsext_ocsp_resp_len = (size_t)resp_len;	1909	s->tlsext_ocsp_resp_len = (size_t)resp_len;
1910		1910
1911	return 1;	1911	return 1;
1912	}	1912	}
@@ -1955,15 +1955,15 @@ SSL_clear_chain_certs(SSL *ssl)
1955	int	1955	int
1956	SSL_set1_groups(SSL s, const int groups, size_t groups_len)	1956	SSL_set1_groups(SSL s, const int groups, size_t groups_len)
1957	{	1957	{
1958	return tls1_set_groups(&s->internal->tlsext_supportedgroups,	1958	return tls1_set_groups(&s->tlsext_supportedgroups,
1959	&s->internal->tlsext_supportedgroups_length, groups, groups_len);	1959	&s->tlsext_supportedgroups_length, groups, groups_len);
1960	}	1960	}
1961		1961
1962	int	1962	int
1963	SSL_set1_groups_list(SSL s, const char groups)	1963	SSL_set1_groups_list(SSL s, const char groups)
1964	{	1964	{
1965	return tls1_set_group_list(&s->internal->tlsext_supportedgroups,	1965	return tls1_set_group_list(&s->tlsext_supportedgroups,
1966	&s->internal->tlsext_supportedgroups_length, groups);	1966	&s->tlsext_supportedgroups_length, groups);
1967	}	1967	}
1968		1968
1969	static int	1969	static int
@@ -2183,7 +2183,7 @@ ssl3_callback_ctrl(SSL s, int cmd, void (fp)(void))
2183	return 1;	2183	return 1;
2184		2184
2185	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:	2185	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2186	s->internal->tlsext_debug_cb = (void ()(SSL , int , int,	2186	s->tlsext_debug_cb = (void ()(SSL , int , int,
2187	unsigned char , int, void ))fp;	2187	unsigned char , int, void ))fp;
2188	return 1;	2188	return 1;
2189	}	2189	}
@@ -2211,8 +2211,8 @@ _SSL_CTX_set_tmp_dh(SSL_CTX ctx, DH dh)
2211	return 0;	2211	return 0;
2212	}	2212	}
2213		2213
2214	DH_free(ctx->internal->cert->dhe_params);	2214	DH_free(ctx->cert->dhe_params);
2215	ctx->internal->cert->dhe_params = dhe_params;	2215	ctx->cert->dhe_params = dhe_params;
2216		2216
2217	return 1;	2217	return 1;
2218	}	2218	}
@@ -2220,7 +2220,7 @@ _SSL_CTX_set_tmp_dh(SSL_CTX ctx, DH dh)
2220	static int	2220	static int
2221	_SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)	2221	_SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)
2222	{	2222	{
2223	ctx->internal->cert->dhe_params_auto = state;	2223	ctx->cert->dhe_params_auto = state;
2224	return 1;	2224	return 1;
2225	}	2225	}
2226		2226
@@ -2248,7 +2248,7 @@ _SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)
2248	static int	2248	static int
2249	_SSL_CTX_set_tlsext_servername_arg(SSL_CTX ctx, void arg)	2249	_SSL_CTX_set_tlsext_servername_arg(SSL_CTX ctx, void arg)
2250	{	2250	{
2251	ctx->internal->tlsext_servername_arg = arg;	2251	ctx->tlsext_servername_arg = arg;
2252	return 1;	2252	return 1;
2253	}	2253	}
2254		2254
@@ -2263,9 +2263,9 @@ _SSL_CTX_get_tlsext_ticket_keys(SSL_CTX ctx, unsigned char keys, int keys_len)
2263	return 0;	2263	return 0;
2264	}	2264	}
2265		2265
2266	memcpy(keys, ctx->internal->tlsext_tick_key_name, 16);	2266	memcpy(keys, ctx->tlsext_tick_key_name, 16);
2267	memcpy(keys + 16, ctx->internal->tlsext_tick_hmac_key, 16);	2267	memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2268	memcpy(keys + 32, ctx->internal->tlsext_tick_aes_key, 16);	2268	memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2269		2269
2270	return 1;	2270	return 1;
2271	}	2271	}
@@ -2281,9 +2281,9 @@ _SSL_CTX_set_tlsext_ticket_keys(SSL_CTX ctx, unsigned char keys, int keys_len)
2281	return 0;	2281	return 0;
2282	}	2282	}
2283		2283
2284	memcpy(ctx->internal->tlsext_tick_key_name, keys, 16);	2284	memcpy(ctx->tlsext_tick_key_name, keys, 16);
2285	memcpy(ctx->internal->tlsext_tick_hmac_key, keys + 16, 16);	2285	memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2286	memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16);	2286	memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2287		2287
2288	return 1;	2288	return 1;
2289	}	2289	}
@@ -2291,14 +2291,14 @@ _SSL_CTX_set_tlsext_ticket_keys(SSL_CTX ctx, unsigned char keys, int keys_len)
2291	static int	2291	static int
2292	_SSL_CTX_get_tlsext_status_arg(SSL_CTX ctx, void *arg)	2292	_SSL_CTX_get_tlsext_status_arg(SSL_CTX ctx, void *arg)
2293	{	2293	{
2294	*arg = ctx->internal->tlsext_status_arg;	2294	*arg = ctx->tlsext_status_arg;
2295	return 1;	2295	return 1;
2296	}	2296	}
2297		2297
2298	static int	2298	static int
2299	_SSL_CTX_set_tlsext_status_arg(SSL_CTX ctx, void arg)	2299	_SSL_CTX_set_tlsext_status_arg(SSL_CTX ctx, void arg)
2300	{	2300	{
2301	ctx->internal->tlsext_status_arg = arg;	2301	ctx->tlsext_status_arg = arg;
2302	return 1;	2302	return 1;
2303	}	2303	}
2304		2304
@@ -2331,8 +2331,8 @@ SSL_CTX_get0_chain_certs(const SSL_CTX ctx, STACK_OF(X509) *out_chain)
2331	{	2331	{
2332	*out_chain = NULL;	2332	*out_chain = NULL;
2333		2333
2334	if (ctx->internal->cert->key != NULL)	2334	if (ctx->cert->key != NULL)
2335	*out_chain = ctx->internal->cert->key->chain;	2335	*out_chain = ctx->cert->key->chain;
2336		2336
2337	return 1;	2337	return 1;
2338	}	2338	}
@@ -2361,7 +2361,7 @@ _SSL_CTX_get_extra_chain_certs(SSL_CTX ctx, STACK_OF(X509) *certs)
2361	{	2361	{
2362	*certs = ctx->extra_certs;	2362	*certs = ctx->extra_certs;
2363	if (*certs == NULL)	2363	if (*certs == NULL)
2364	*certs = ctx->internal->cert->key->chain;	2364	*certs = ctx->cert->key->chain;
2365		2365
2366	return 1;	2366	return 1;
2367	}	2367	}
@@ -2384,15 +2384,15 @@ _SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx)
2384	int	2384	int
2385	SSL_CTX_set1_groups(SSL_CTX ctx, const int groups, size_t groups_len)	2385	SSL_CTX_set1_groups(SSL_CTX ctx, const int groups, size_t groups_len)
2386	{	2386	{
2387	return tls1_set_groups(&ctx->internal->tlsext_supportedgroups,	2387	return tls1_set_groups(&ctx->tlsext_supportedgroups,
2388	&ctx->internal->tlsext_supportedgroups_length, groups, groups_len);	2388	&ctx->tlsext_supportedgroups_length, groups, groups_len);
2389	}	2389	}
2390		2390
2391	int	2391	int
2392	SSL_CTX_set1_groups_list(SSL_CTX ctx, const char groups)	2392	SSL_CTX_set1_groups_list(SSL_CTX ctx, const char groups)
2393	{	2393	{
2394	return tls1_set_group_list(&ctx->internal->tlsext_supportedgroups,	2394	return tls1_set_group_list(&ctx->tlsext_supportedgroups,
2395	&ctx->internal->tlsext_supportedgroups_length, groups);	2395	&ctx->tlsext_supportedgroups_length, groups);
2396	}	2396	}
2397		2397
2398	long	2398	long
@@ -2507,7 +2507,7 @@ ssl3_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))
2507	return 0;	2507	return 0;
2508		2508
2509	case SSL_CTRL_SET_TMP_DH_CB:	2509	case SSL_CTRL_SET_TMP_DH_CB:
2510	ctx->internal->cert->dhe_params_cb =	2510	ctx->cert->dhe_params_cb =
2511	(DH ()(SSL *, int, int))fp;	2511	(DH ()(SSL *, int, int))fp;
2512	return 1;	2512	return 1;
2513		2513
@@ -2515,20 +2515,20 @@ ssl3_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))
2515	return 1;	2515	return 1;
2516		2516
2517	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:	2517	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2518	ctx->internal->tlsext_servername_callback =	2518	ctx->tlsext_servername_callback =
2519	(int ()(SSL , int , void ))fp;	2519	(int ()(SSL , int , void ))fp;
2520	return 1;	2520	return 1;
2521		2521
2522	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:	2522	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
2523	(int ()(SSL , void *))fp = ctx->internal->tlsext_status_cb;	2523	(int ()(SSL , void *))fp = ctx->tlsext_status_cb;
2524	return 1;	2524	return 1;
2525		2525
2526	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:	2526	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2527	ctx->internal->tlsext_status_cb = (int ()(SSL , void *))fp;	2527	ctx->tlsext_status_cb = (int ()(SSL , void *))fp;
2528	return 1;	2528	return 1;
2529		2529
2530	case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:	2530	case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2531	ctx->internal->tlsext_ticket_key_cb = (int ()(SSL , unsigned char *,	2531	ctx->tlsext_ticket_key_cb = (int ()(SSL , unsigned char *,
2532	unsigned char , EVP_CIPHER_CTX , HMAC_CTX *, int))fp;	2532	unsigned char , EVP_CIPHER_CTX , HMAC_CTX *, int))fp;
2533	return 1;	2533	return 1;
2534	}	2534	}
@@ -2559,7 +2559,7 @@ ssl3_choose_cipher(SSL s, STACK_OF(SSL_CIPHER) clnt,
2559	* but would have to pay with the price of sk_SSL_CIPHER_dup().	2559	* but would have to pay with the price of sk_SSL_CIPHER_dup().
2560	*/	2560	*/
2561		2561
2562	if (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {	2562	if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
2563	prio = srvr;	2563	prio = srvr;
2564	allow = clnt;	2564	allow = clnt;
2565	} else {	2565	} else {
@@ -2670,13 +2670,13 @@ ssl3_shutdown(SSL *s)
2670	* Don't do anything much if we have not done the handshake or	2670	* Don't do anything much if we have not done the handshake or
2671	* we don't want to send messages :-)	2671	* we don't want to send messages :-)
2672	*/	2672	*/
2673	if ((s->internal->quiet_shutdown) \|\| (s->s3->hs.state == SSL_ST_BEFORE)) {	2673	if ((s->quiet_shutdown) \|\| (s->s3->hs.state == SSL_ST_BEFORE)) {
2674	s->internal->shutdown = (SSL_SENT_SHUTDOWN\|SSL_RECEIVED_SHUTDOWN);	2674	s->shutdown = (SSL_SENT_SHUTDOWN\|SSL_RECEIVED_SHUTDOWN);
2675	return (1);	2675	return (1);
2676	}	2676	}
2677		2677
2678	if (!(s->internal->shutdown & SSL_SENT_SHUTDOWN)) {	2678	if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
2679	s->internal->shutdown\|=SSL_SENT_SHUTDOWN;	2679	s->shutdown\|=SSL_SENT_SHUTDOWN;
2680	ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);	2680	ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
2681	/*	2681	/*
2682	* Our shutdown alert has been sent now, and if it still needs	2682	* Our shutdown alert has been sent now, and if it still needs
@@ -2696,15 +2696,15 @@ ssl3_shutdown(SSL *s)
2696	*/	2696	*/
2697	return (ret);	2697	return (ret);
2698	}	2698	}
2699	} else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {	2699	} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2700	/* If we are waiting for a close from our peer, we are closed */	2700	/* If we are waiting for a close from our peer, we are closed */
2701	s->method->ssl_read_bytes(s, 0, NULL, 0, 0);	2701	s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
2702	if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) {	2702	if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2703	return (-1); /* return WANT_READ */	2703	return (-1); /* return WANT_READ */
2704	}	2704	}
2705	}	2705	}
2706		2706
2707	if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN\|SSL_RECEIVED_SHUTDOWN)) &&	2707	if ((s->shutdown == (SSL_SENT_SHUTDOWN\|SSL_RECEIVED_SHUTDOWN)) &&
2708	!s->s3->alert_dispatch)	2708	!s->s3->alert_dispatch)
2709	return (1);	2709	return (1);
2710	else	2710	else
@@ -2737,16 +2737,16 @@ ssl3_read_internal(SSL s, void buf, int len, int peek)
2737	peek);	2737	peek);
2738	if ((ret == -1) && (s->s3->in_read_app_data == 2)) {	2738	if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
2739	/*	2739	/*
2740	* ssl3_read_bytes decided to call s->internal->handshake_func,	2740	* ssl3_read_bytes decided to call s->handshake_func,
2741	* which called ssl3_read_bytes to read handshake data.	2741	* which called ssl3_read_bytes to read handshake data.
2742	* However, ssl3_read_bytes actually found application data	2742	* However, ssl3_read_bytes actually found application data
2743	* and thinks that application data makes sense here; so disable	2743	* and thinks that application data makes sense here; so disable
2744	* handshake processing and try to read application data again.	2744	* handshake processing and try to read application data again.
2745	*/	2745	*/
2746	s->internal->in_handshake++;	2746	s->in_handshake++;
2747	ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA,	2747	ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA,
2748	buf, len, peek);	2748	buf, len, peek);
2749	s->internal->in_handshake--;	2749	s->in_handshake--;
2750	} else	2750	} else
2751	s->s3->in_read_app_data = 0;	2751	s->s3->in_read_app_data = 0;
2752		2752
@@ -2768,7 +2768,7 @@ ssl3_peek(SSL s, void buf, int len)
2768	int	2768	int
2769	ssl3_renegotiate(SSL *s)	2769	ssl3_renegotiate(SSL *s)
2770	{	2770	{
2771	if (s->internal->handshake_func == NULL)	2771	if (s->handshake_func == NULL)
2772	return 1;	2772	return 1;
2773		2773
2774	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)	2774	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)