summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c671
1 files changed, 331 insertions, 340 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index f5f7bf66c1..4b5f119a88 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.305 2022/09/10 15:29:33 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.306 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -180,33 +180,33 @@ SSL_clear(SSL *s)
180 } 180 }
181 181
182 s->error = 0; 182 s->error = 0;
183 s->internal->hit = 0; 183 s->hit = 0;
184 s->internal->shutdown = 0; 184 s->shutdown = 0;
185 185
186 if (s->internal->renegotiate) { 186 if (s->renegotiate) {
187 SSLerror(s, ERR_R_INTERNAL_ERROR); 187 SSLerror(s, ERR_R_INTERNAL_ERROR);
188 return (0); 188 return (0);
189 } 189 }
190 190
191 s->version = s->method->version; 191 s->version = s->method->version;
192 s->client_version = s->version; 192 s->client_version = s->version;
193 s->internal->rwstate = SSL_NOTHING; 193 s->rwstate = SSL_NOTHING;
194 s->internal->rstate = SSL_ST_READ_HEADER; 194 s->rstate = SSL_ST_READ_HEADER;
195 195
196 tls13_ctx_free(s->internal->tls13); 196 tls13_ctx_free(s->tls13);
197 s->internal->tls13 = NULL; 197 s->tls13 = NULL;
198 198
199 ssl3_release_init_buffer(s); 199 ssl3_release_init_buffer(s);
200 200
201 ssl_clear_cipher_state(s); 201 ssl_clear_cipher_state(s);
202 202
203 s->internal->first_packet = 0; 203 s->first_packet = 0;
204 204
205 /* 205 /*
206 * Check to see if we were changed into a different method, if 206 * Check to see if we were changed into a different method, if
207 * so, revert back if we are not doing session-id reuse. 207 * so, revert back if we are not doing session-id reuse.
208 */ 208 */
209 if (!s->internal->in_handshake && (s->session == NULL) && 209 if (!s->in_handshake && (s->session == NULL) &&
210 (s->method != s->ctx->method)) { 210 (s->method != s->ctx->method)) {
211 s->method->ssl_free(s); 211 s->method->ssl_free(s);
212 s->method = s->ctx->method; 212 s->method = s->ctx->method;
@@ -227,8 +227,8 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
227 ctx->method = meth; 227 ctx->method = meth;
228 228
229 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 229 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
230 ctx->internal->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST, 230 ctx->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST,
231 ctx->internal->cert); 231 ctx->cert);
232 if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) { 232 if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) {
233 SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 233 SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
234 return (0); 234 return (0);
@@ -253,87 +253,85 @@ SSL_new(SSL_CTX *ctx)
253 253
254 if ((s = calloc(1, sizeof(*s))) == NULL) 254 if ((s = calloc(1, sizeof(*s))) == NULL)
255 goto err; 255 goto err;
256 if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL)
257 goto err;
258 256
259 if ((s->internal->rl = tls12_record_layer_new()) == NULL) 257 if ((s->rl = tls12_record_layer_new()) == NULL)
260 goto err; 258 goto err;
261 259
262 s->internal->min_tls_version = ctx->internal->min_tls_version; 260 s->min_tls_version = ctx->min_tls_version;
263 s->internal->max_tls_version = ctx->internal->max_tls_version; 261 s->max_tls_version = ctx->max_tls_version;
264 s->internal->min_proto_version = ctx->internal->min_proto_version; 262 s->min_proto_version = ctx->min_proto_version;
265 s->internal->max_proto_version = ctx->internal->max_proto_version; 263 s->max_proto_version = ctx->max_proto_version;
266 264
267 s->internal->options = ctx->internal->options; 265 s->options = ctx->options;
268 s->internal->mode = ctx->internal->mode; 266 s->mode = ctx->mode;
269 s->internal->max_cert_list = ctx->internal->max_cert_list; 267 s->max_cert_list = ctx->max_cert_list;
270 s->internal->num_tickets = ctx->internal->num_tickets; 268 s->num_tickets = ctx->num_tickets;
271 269
272 if ((s->cert = ssl_cert_dup(ctx->internal->cert)) == NULL) 270 if ((s->cert = ssl_cert_dup(ctx->cert)) == NULL)
273 goto err; 271 goto err;
274 272
275 s->internal->read_ahead = ctx->internal->read_ahead; 273 s->read_ahead = ctx->read_ahead;
276 s->internal->msg_callback = ctx->internal->msg_callback; 274 s->msg_callback = ctx->msg_callback;
277 s->internal->msg_callback_arg = ctx->internal->msg_callback_arg; 275 s->msg_callback_arg = ctx->msg_callback_arg;
278 s->verify_mode = ctx->verify_mode; 276 s->verify_mode = ctx->verify_mode;
279 s->sid_ctx_length = ctx->sid_ctx_length; 277 s->sid_ctx_length = ctx->sid_ctx_length;
280 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); 278 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
281 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); 279 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
282 s->internal->verify_callback = ctx->internal->default_verify_callback; 280 s->verify_callback = ctx->default_verify_callback;
283 s->internal->generate_session_id = ctx->internal->generate_session_id; 281 s->generate_session_id = ctx->generate_session_id;
284 282
285 s->param = X509_VERIFY_PARAM_new(); 283 s->param = X509_VERIFY_PARAM_new();
286 if (!s->param) 284 if (!s->param)
287 goto err; 285 goto err;
288 X509_VERIFY_PARAM_inherit(s->param, ctx->param); 286 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
289 s->internal->quiet_shutdown = ctx->internal->quiet_shutdown; 287 s->quiet_shutdown = ctx->quiet_shutdown;
290 s->max_send_fragment = ctx->internal->max_send_fragment; 288 s->max_send_fragment = ctx->max_send_fragment;
291 289
292 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 290 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
293 s->ctx = ctx; 291 s->ctx = ctx;
294 s->internal->tlsext_debug_cb = 0; 292 s->tlsext_debug_cb = 0;
295 s->internal->tlsext_debug_arg = NULL; 293 s->tlsext_debug_arg = NULL;
296 s->internal->tlsext_ticket_expected = 0; 294 s->tlsext_ticket_expected = 0;
297 s->tlsext_status_type = -1; 295 s->tlsext_status_type = -1;
298 s->internal->tlsext_status_expected = 0; 296 s->tlsext_status_expected = 0;
299 s->internal->tlsext_ocsp_ids = NULL; 297 s->tlsext_ocsp_ids = NULL;
300 s->internal->tlsext_ocsp_exts = NULL; 298 s->tlsext_ocsp_exts = NULL;
301 s->internal->tlsext_ocsp_resp = NULL; 299 s->tlsext_ocsp_resp = NULL;
302 s->internal->tlsext_ocsp_resp_len = 0; 300 s->tlsext_ocsp_resp_len = 0;
303 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); 301 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
304 s->initial_ctx = ctx; 302 s->initial_ctx = ctx;
305 303
306 if (ctx->internal->tlsext_ecpointformatlist != NULL) { 304 if (ctx->tlsext_ecpointformatlist != NULL) {
307 s->internal->tlsext_ecpointformatlist = 305 s->tlsext_ecpointformatlist =
308 calloc(ctx->internal->tlsext_ecpointformatlist_length, 306 calloc(ctx->tlsext_ecpointformatlist_length,
309 sizeof(ctx->internal->tlsext_ecpointformatlist[0])); 307 sizeof(ctx->tlsext_ecpointformatlist[0]));
310 if (s->internal->tlsext_ecpointformatlist == NULL) 308 if (s->tlsext_ecpointformatlist == NULL)
311 goto err; 309 goto err;
312 memcpy(s->internal->tlsext_ecpointformatlist, 310 memcpy(s->tlsext_ecpointformatlist,
313 ctx->internal->tlsext_ecpointformatlist, 311 ctx->tlsext_ecpointformatlist,
314 ctx->internal->tlsext_ecpointformatlist_length * 312 ctx->tlsext_ecpointformatlist_length *
315 sizeof(ctx->internal->tlsext_ecpointformatlist[0])); 313 sizeof(ctx->tlsext_ecpointformatlist[0]));
316 s->internal->tlsext_ecpointformatlist_length = 314 s->tlsext_ecpointformatlist_length =
317 ctx->internal->tlsext_ecpointformatlist_length; 315 ctx->tlsext_ecpointformatlist_length;
318 } 316 }
319 if (ctx->internal->tlsext_supportedgroups != NULL) { 317 if (ctx->tlsext_supportedgroups != NULL) {
320 s->internal->tlsext_supportedgroups = 318 s->tlsext_supportedgroups =
321 calloc(ctx->internal->tlsext_supportedgroups_length, 319 calloc(ctx->tlsext_supportedgroups_length,
322 sizeof(ctx->internal->tlsext_supportedgroups[0])); 320 sizeof(ctx->tlsext_supportedgroups[0]));
323 if (s->internal->tlsext_supportedgroups == NULL) 321 if (s->tlsext_supportedgroups == NULL)
324 goto err; 322 goto err;
325 memcpy(s->internal->tlsext_supportedgroups, 323 memcpy(s->tlsext_supportedgroups,
326 ctx->internal->tlsext_supportedgroups, 324 ctx->tlsext_supportedgroups,
327 ctx->internal->tlsext_supportedgroups_length * 325 ctx->tlsext_supportedgroups_length *
328 sizeof(ctx->internal->tlsext_supportedgroups[0])); 326 sizeof(ctx->tlsext_supportedgroups[0]));
329 s->internal->tlsext_supportedgroups_length = 327 s->tlsext_supportedgroups_length =
330 ctx->internal->tlsext_supportedgroups_length; 328 ctx->tlsext_supportedgroups_length;
331 } 329 }
332 330
333 CBS_init(&cbs, ctx->internal->alpn_client_proto_list, 331 CBS_init(&cbs, ctx->alpn_client_proto_list,
334 ctx->internal->alpn_client_proto_list_len); 332 ctx->alpn_client_proto_list_len);
335 if (!CBS_stow(&cbs, &s->internal->alpn_client_proto_list, 333 if (!CBS_stow(&cbs, &s->alpn_client_proto_list,
336 &s->internal->alpn_client_proto_list_len)) 334 &s->alpn_client_proto_list_len))
337 goto err; 335 goto err;
338 336
339 s->verify_result = X509_V_OK; 337 s->verify_result = X509_V_OK;
@@ -349,7 +347,7 @@ SSL_new(SSL_CTX *ctx)
349 347
350 SSL_clear(s); 348 SSL_clear(s);
351 349
352 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data); 350 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
353 351
354 return (s); 352 return (s);
355 353
@@ -391,7 +389,7 @@ int
391SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) 389SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
392{ 390{
393 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 391 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
394 ctx->internal->generate_session_id = cb; 392 ctx->generate_session_id = cb;
395 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 393 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
396 return (1); 394 return (1);
397} 395}
@@ -400,7 +398,7 @@ int
400SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) 398SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
401{ 399{
402 CRYPTO_w_lock(CRYPTO_LOCK_SSL); 400 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
403 ssl->internal->generate_session_id = cb; 401 ssl->generate_session_id = cb;
404 CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 402 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
405 return (1); 403 return (1);
406} 404}
@@ -426,7 +424,7 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
426 memcpy(r.session_id, id, id_len); 424 memcpy(r.session_id, id, id_len);
427 425
428 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 426 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
429 p = lh_SSL_SESSION_retrieve(ssl->ctx->internal->sessions, &r); 427 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
430 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 428 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
431 return (p != NULL); 429 return (p != NULL);
432} 430}
@@ -519,7 +517,7 @@ SSL_free(SSL *s)
519 517
520 X509_VERIFY_PARAM_free(s->param); 518 X509_VERIFY_PARAM_free(s->param);
521 519
522 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data); 520 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
523 521
524 if (s->bbio != NULL) { 522 if (s->bbio != NULL) {
525 /* If the buffering BIO is in place, pop it off */ 523 /* If the buffering BIO is in place, pop it off */
@@ -534,12 +532,12 @@ SSL_free(SSL *s)
534 BIO_free_all(s->rbio); 532 BIO_free_all(s->rbio);
535 BIO_free_all(s->wbio); 533 BIO_free_all(s->wbio);
536 534
537 tls13_ctx_free(s->internal->tls13); 535 tls13_ctx_free(s->tls13);
538 536
539 ssl3_release_init_buffer(s); 537 ssl3_release_init_buffer(s);
540 538
541 sk_SSL_CIPHER_free(s->cipher_list); 539 sk_SSL_CIPHER_free(s->cipher_list);
542 sk_SSL_CIPHER_free(s->internal->cipher_list_tls13); 540 sk_SSL_CIPHER_free(s->cipher_list_tls13);
543 541
544 /* Make the next call work :-) */ 542 /* Make the next call work :-) */
545 if (s->session != NULL) { 543 if (s->session != NULL) {
@@ -554,32 +552,31 @@ SSL_free(SSL *s)
554 free(s->tlsext_hostname); 552 free(s->tlsext_hostname);
555 SSL_CTX_free(s->initial_ctx); 553 SSL_CTX_free(s->initial_ctx);
556 554
557 free(s->internal->tlsext_ecpointformatlist); 555 free(s->tlsext_ecpointformatlist);
558 free(s->internal->tlsext_supportedgroups); 556 free(s->tlsext_supportedgroups);
559 557
560 sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts, 558 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
561 X509_EXTENSION_free); 559 X509_EXTENSION_free);
562 sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free); 560 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
563 free(s->internal->tlsext_ocsp_resp); 561 free(s->tlsext_ocsp_resp);
564 562
565 sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free); 563 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
566 564
567 if (s->method != NULL) 565 if (s->method != NULL)
568 s->method->ssl_free(s); 566 s->method->ssl_free(s);
569 567
570 SSL_CTX_free(s->ctx); 568 SSL_CTX_free(s->ctx);
571 569
572 free(s->internal->alpn_client_proto_list); 570 free(s->alpn_client_proto_list);
573 571
574 free(s->internal->quic_transport_params); 572 free(s->quic_transport_params);
575 573
576#ifndef OPENSSL_NO_SRTP 574#ifndef OPENSSL_NO_SRTP
577 sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles); 575 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
578#endif 576#endif
579 577
580 tls12_record_layer_free(s->internal->rl); 578 tls12_record_layer_free(s->rl);
581 579
582 free(s->internal);
583 free(s); 580 free(s);
584} 581}
585 582
@@ -768,25 +765,25 @@ SSL_get_verify_depth(const SSL *s)
768int 765int
769(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) 766(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
770{ 767{
771 return (s->internal->verify_callback); 768 return (s->verify_callback);
772} 769}
773 770
774void 771void
775SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) 772SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
776{ 773{
777 ctx->internal->keylog_callback = cb; 774 ctx->keylog_callback = cb;
778} 775}
779 776
780SSL_CTX_keylog_cb_func 777SSL_CTX_keylog_cb_func
781SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) 778SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
782{ 779{
783 return (ctx->internal->keylog_callback); 780 return (ctx->keylog_callback);
784} 781}
785 782
786int 783int
787SSL_set_num_tickets(SSL *s, size_t num_tickets) 784SSL_set_num_tickets(SSL *s, size_t num_tickets)
788{ 785{
789 s->internal->num_tickets = num_tickets; 786 s->num_tickets = num_tickets;
790 787
791 return 1; 788 return 1;
792} 789}
@@ -794,13 +791,13 @@ SSL_set_num_tickets(SSL *s, size_t num_tickets)
794size_t 791size_t
795SSL_get_num_tickets(const SSL *s) 792SSL_get_num_tickets(const SSL *s)
796{ 793{
797 return s->internal->num_tickets; 794 return s->num_tickets;
798} 795}
799 796
800int 797int
801SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) 798SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
802{ 799{
803 ctx->internal->num_tickets = num_tickets; 800 ctx->num_tickets = num_tickets;
804 801
805 return 1; 802 return 1;
806} 803}
@@ -808,7 +805,7 @@ SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
808size_t 805size_t
809SSL_CTX_get_num_tickets(const SSL_CTX *ctx) 806SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
810{ 807{
811 return ctx->internal->num_tickets; 808 return ctx->num_tickets;
812} 809}
813 810
814int 811int
@@ -826,7 +823,7 @@ SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
826int 823int
827(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) 824(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
828{ 825{
829 return (ctx->internal->default_verify_callback); 826 return (ctx->default_verify_callback);
830} 827}
831 828
832void 829void
@@ -835,7 +832,7 @@ SSL_set_verify(SSL *s, int mode,
835{ 832{
836 s->verify_mode = mode; 833 s->verify_mode = mode;
837 if (callback != NULL) 834 if (callback != NULL)
838 s->internal->verify_callback = callback; 835 s->verify_callback = callback;
839} 836}
840 837
841void 838void
@@ -847,13 +844,13 @@ SSL_set_verify_depth(SSL *s, int depth)
847void 844void
848SSL_set_read_ahead(SSL *s, int yes) 845SSL_set_read_ahead(SSL *s, int yes)
849{ 846{
850 s->internal->read_ahead = yes; 847 s->read_ahead = yes;
851} 848}
852 849
853int 850int
854SSL_get_read_ahead(const SSL *s) 851SSL_get_read_ahead(const SSL *s)
855{ 852{
856 return (s->internal->read_ahead); 853 return (s->read_ahead);
857} 854}
858 855
859int 856int
@@ -897,7 +894,7 @@ SSL_get_peer_cert_chain(const SSL *s)
897STACK_OF(X509) * 894STACK_OF(X509) *
898SSL_get0_verified_chain(const SSL *s) 895SSL_get0_verified_chain(const SSL *s)
899{ 896{
900 return s->internal->verified_chain; 897 return s->verified_chain;
901} 898}
902 899
903/* 900/*
@@ -939,17 +936,17 @@ SSL_copy_session_id(SSL *t, const SSL *f)
939int 936int
940SSL_CTX_check_private_key(const SSL_CTX *ctx) 937SSL_CTX_check_private_key(const SSL_CTX *ctx)
941{ 938{
942 if ((ctx == NULL) || (ctx->internal->cert == NULL) || 939 if ((ctx == NULL) || (ctx->cert == NULL) ||
943 (ctx->internal->cert->key->x509 == NULL)) { 940 (ctx->cert->key->x509 == NULL)) {
944 SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED); 941 SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED);
945 return (0); 942 return (0);
946 } 943 }
947 if (ctx->internal->cert->key->privatekey == NULL) { 944 if (ctx->cert->key->privatekey == NULL) {
948 SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED); 945 SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
949 return (0); 946 return (0);
950 } 947 }
951 return (X509_check_private_key(ctx->internal->cert->key->x509, 948 return (X509_check_private_key(ctx->cert->key->x509,
952 ctx->internal->cert->key->privatekey)); 949 ctx->cert->key->privatekey));
953} 950}
954 951
955/* Fix this function so that it takes an optional type parameter */ 952/* Fix this function so that it takes an optional type parameter */
@@ -979,7 +976,7 @@ SSL_check_private_key(const SSL *ssl)
979int 976int
980SSL_accept(SSL *s) 977SSL_accept(SSL *s)
981{ 978{
982 if (s->internal->handshake_func == NULL) 979 if (s->handshake_func == NULL)
983 SSL_set_accept_state(s); /* Not properly initialized yet */ 980 SSL_set_accept_state(s); /* Not properly initialized yet */
984 981
985 return (s->method->ssl_accept(s)); 982 return (s->method->ssl_accept(s));
@@ -988,7 +985,7 @@ SSL_accept(SSL *s)
988int 985int
989SSL_connect(SSL *s) 986SSL_connect(SSL *s)
990{ 987{
991 if (s->internal->handshake_func == NULL) 988 if (s->handshake_func == NULL)
992 SSL_set_connect_state(s); /* Not properly initialized yet */ 989 SSL_set_connect_state(s); /* Not properly initialized yet */
993 990
994 return (s->method->ssl_connect(s)); 991 return (s->method->ssl_connect(s));
@@ -1035,13 +1032,13 @@ SSL_read(SSL *s, void *buf, int num)
1035 return (-1); 1032 return (-1);
1036 } 1033 }
1037 1034
1038 if (s->internal->handshake_func == NULL) { 1035 if (s->handshake_func == NULL) {
1039 SSLerror(s, SSL_R_UNINITIALIZED); 1036 SSLerror(s, SSL_R_UNINITIALIZED);
1040 return (-1); 1037 return (-1);
1041 } 1038 }
1042 1039
1043 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { 1040 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1044 s->internal->rwstate = SSL_NOTHING; 1041 s->rwstate = SSL_NOTHING;
1045 return (0); 1042 return (0);
1046 } 1043 }
1047 return ssl3_read(s, buf, num); 1044 return ssl3_read(s, buf, num);
@@ -1079,12 +1076,12 @@ SSL_peek(SSL *s, void *buf, int num)
1079 return (-1); 1076 return (-1);
1080 } 1077 }
1081 1078
1082 if (s->internal->handshake_func == NULL) { 1079 if (s->handshake_func == NULL) {
1083 SSLerror(s, SSL_R_UNINITIALIZED); 1080 SSLerror(s, SSL_R_UNINITIALIZED);
1084 return (-1); 1081 return (-1);
1085 } 1082 }
1086 1083
1087 if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { 1084 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
1088 return (0); 1085 return (0);
1089 } 1086 }
1090 return ssl3_peek(s, buf, num); 1087 return ssl3_peek(s, buf, num);
@@ -1122,13 +1119,13 @@ SSL_write(SSL *s, const void *buf, int num)
1122 return (-1); 1119 return (-1);
1123 } 1120 }
1124 1121
1125 if (s->internal->handshake_func == NULL) { 1122 if (s->handshake_func == NULL) {
1126 SSLerror(s, SSL_R_UNINITIALIZED); 1123 SSLerror(s, SSL_R_UNINITIALIZED);
1127 return (-1); 1124 return (-1);
1128 } 1125 }
1129 1126
1130 if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { 1127 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1131 s->internal->rwstate = SSL_NOTHING; 1128 s->rwstate = SSL_NOTHING;
1132 SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN); 1129 SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN);
1133 return (-1); 1130 return (-1);
1134 } 1131 }
@@ -1221,7 +1218,7 @@ SSL_shutdown(SSL *s)
1221 * even if blocking I/O is used (see ssl3_shutdown). 1218 * even if blocking I/O is used (see ssl3_shutdown).
1222 */ 1219 */
1223 1220
1224 if (s->internal->handshake_func == NULL) { 1221 if (s->handshake_func == NULL) {
1225 SSLerror(s, SSL_R_UNINITIALIZED); 1222 SSLerror(s, SSL_R_UNINITIALIZED);
1226 return (-1); 1223 return (-1);
1227 } 1224 }
@@ -1235,10 +1232,10 @@ SSL_shutdown(SSL *s)
1235int 1232int
1236SSL_renegotiate(SSL *s) 1233SSL_renegotiate(SSL *s)
1237{ 1234{
1238 if (s->internal->renegotiate == 0) 1235 if (s->renegotiate == 0)
1239 s->internal->renegotiate = 1; 1236 s->renegotiate = 1;
1240 1237
1241 s->internal->new_session = 1; 1238 s->new_session = 1;
1242 1239
1243 return (s->method->ssl_renegotiate(s)); 1240 return (s->method->ssl_renegotiate(s));
1244} 1241}
@@ -1246,10 +1243,10 @@ SSL_renegotiate(SSL *s)
1246int 1243int
1247SSL_renegotiate_abbreviated(SSL *s) 1244SSL_renegotiate_abbreviated(SSL *s)
1248{ 1245{
1249 if (s->internal->renegotiate == 0) 1246 if (s->renegotiate == 0)
1250 s->internal->renegotiate = 1; 1247 s->renegotiate = 1;
1251 1248
1252 s->internal->new_session = 0; 1249 s->new_session = 0;
1253 1250
1254 return (s->method->ssl_renegotiate(s)); 1251 return (s->method->ssl_renegotiate(s));
1255} 1252}
@@ -1261,7 +1258,7 @@ SSL_renegotiate_pending(SSL *s)
1261 * Becomes true when negotiation is requested; 1258 * Becomes true when negotiation is requested;
1262 * false again once a handshake has finished. 1259 * false again once a handshake has finished.
1263 */ 1260 */
1264 return (s->internal->renegotiate != 0); 1261 return (s->renegotiate != 0);
1265} 1262}
1266 1263
1267long 1264long
@@ -1271,29 +1268,29 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1271 1268
1272 switch (cmd) { 1269 switch (cmd) {
1273 case SSL_CTRL_GET_READ_AHEAD: 1270 case SSL_CTRL_GET_READ_AHEAD:
1274 return (s->internal->read_ahead); 1271 return (s->read_ahead);
1275 case SSL_CTRL_SET_READ_AHEAD: 1272 case SSL_CTRL_SET_READ_AHEAD:
1276 l = s->internal->read_ahead; 1273 l = s->read_ahead;
1277 s->internal->read_ahead = larg; 1274 s->read_ahead = larg;
1278 return (l); 1275 return (l);
1279 1276
1280 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1277 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1281 s->internal->msg_callback_arg = parg; 1278 s->msg_callback_arg = parg;
1282 return (1); 1279 return (1);
1283 1280
1284 case SSL_CTRL_OPTIONS: 1281 case SSL_CTRL_OPTIONS:
1285 return (s->internal->options|=larg); 1282 return (s->options|=larg);
1286 case SSL_CTRL_CLEAR_OPTIONS: 1283 case SSL_CTRL_CLEAR_OPTIONS:
1287 return (s->internal->options&=~larg); 1284 return (s->options&=~larg);
1288 case SSL_CTRL_MODE: 1285 case SSL_CTRL_MODE:
1289 return (s->internal->mode|=larg); 1286 return (s->mode|=larg);
1290 case SSL_CTRL_CLEAR_MODE: 1287 case SSL_CTRL_CLEAR_MODE:
1291 return (s->internal->mode &=~larg); 1288 return (s->mode &=~larg);
1292 case SSL_CTRL_GET_MAX_CERT_LIST: 1289 case SSL_CTRL_GET_MAX_CERT_LIST:
1293 return (s->internal->max_cert_list); 1290 return (s->max_cert_list);
1294 case SSL_CTRL_SET_MAX_CERT_LIST: 1291 case SSL_CTRL_SET_MAX_CERT_LIST:
1295 l = s->internal->max_cert_list; 1292 l = s->max_cert_list;
1296 s->internal->max_cert_list = larg; 1293 s->max_cert_list = larg;
1297 return (l); 1294 return (l);
1298 case SSL_CTRL_SET_MTU: 1295 case SSL_CTRL_SET_MTU:
1299#ifndef OPENSSL_NO_DTLS1 1296#ifndef OPENSSL_NO_DTLS1
@@ -1326,7 +1323,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1326{ 1323{
1327 switch (cmd) { 1324 switch (cmd) {
1328 case SSL_CTRL_SET_MSG_CALLBACK: 1325 case SSL_CTRL_SET_MSG_CALLBACK:
1329 s->internal->msg_callback = (ssl_msg_callback_fn *)(fp); 1326 s->msg_callback = (ssl_msg_callback_fn *)(fp);
1330 return (1); 1327 return (1);
1331 1328
1332 default: 1329 default:
@@ -1337,7 +1334,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1337struct lhash_st_SSL_SESSION * 1334struct lhash_st_SSL_SESSION *
1338SSL_CTX_sessions(SSL_CTX *ctx) 1335SSL_CTX_sessions(SSL_CTX *ctx)
1339{ 1336{
1340 return (ctx->internal->sessions); 1337 return (ctx->sessions);
1341} 1338}
1342 1339
1343long 1340long
@@ -1347,72 +1344,72 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1347 1344
1348 switch (cmd) { 1345 switch (cmd) {
1349 case SSL_CTRL_GET_READ_AHEAD: 1346 case SSL_CTRL_GET_READ_AHEAD:
1350 return (ctx->internal->read_ahead); 1347 return (ctx->read_ahead);
1351 case SSL_CTRL_SET_READ_AHEAD: 1348 case SSL_CTRL_SET_READ_AHEAD:
1352 l = ctx->internal->read_ahead; 1349 l = ctx->read_ahead;
1353 ctx->internal->read_ahead = larg; 1350 ctx->read_ahead = larg;
1354 return (l); 1351 return (l);
1355 1352
1356 case SSL_CTRL_SET_MSG_CALLBACK_ARG: 1353 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1357 ctx->internal->msg_callback_arg = parg; 1354 ctx->msg_callback_arg = parg;
1358 return (1); 1355 return (1);
1359 1356
1360 case SSL_CTRL_GET_MAX_CERT_LIST: 1357 case SSL_CTRL_GET_MAX_CERT_LIST:
1361 return (ctx->internal->max_cert_list); 1358 return (ctx->max_cert_list);
1362 case SSL_CTRL_SET_MAX_CERT_LIST: 1359 case SSL_CTRL_SET_MAX_CERT_LIST:
1363 l = ctx->internal->max_cert_list; 1360 l = ctx->max_cert_list;
1364 ctx->internal->max_cert_list = larg; 1361 ctx->max_cert_list = larg;
1365 return (l); 1362 return (l);
1366 1363
1367 case SSL_CTRL_SET_SESS_CACHE_SIZE: 1364 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1368 l = ctx->internal->session_cache_size; 1365 l = ctx->session_cache_size;
1369 ctx->internal->session_cache_size = larg; 1366 ctx->session_cache_size = larg;
1370 return (l); 1367 return (l);
1371 case SSL_CTRL_GET_SESS_CACHE_SIZE: 1368 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1372 return (ctx->internal->session_cache_size); 1369 return (ctx->session_cache_size);
1373 case SSL_CTRL_SET_SESS_CACHE_MODE: 1370 case SSL_CTRL_SET_SESS_CACHE_MODE:
1374 l = ctx->internal->session_cache_mode; 1371 l = ctx->session_cache_mode;
1375 ctx->internal->session_cache_mode = larg; 1372 ctx->session_cache_mode = larg;
1376 return (l); 1373 return (l);
1377 case SSL_CTRL_GET_SESS_CACHE_MODE: 1374 case SSL_CTRL_GET_SESS_CACHE_MODE:
1378 return (ctx->internal->session_cache_mode); 1375 return (ctx->session_cache_mode);
1379 1376
1380 case SSL_CTRL_SESS_NUMBER: 1377 case SSL_CTRL_SESS_NUMBER:
1381 return (lh_SSL_SESSION_num_items(ctx->internal->sessions)); 1378 return (lh_SSL_SESSION_num_items(ctx->sessions));
1382 case SSL_CTRL_SESS_CONNECT: 1379 case SSL_CTRL_SESS_CONNECT:
1383 return (ctx->internal->stats.sess_connect); 1380 return (ctx->stats.sess_connect);
1384 case SSL_CTRL_SESS_CONNECT_GOOD: 1381 case SSL_CTRL_SESS_CONNECT_GOOD:
1385 return (ctx->internal->stats.sess_connect_good); 1382 return (ctx->stats.sess_connect_good);
1386 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: 1383 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1387 return (ctx->internal->stats.sess_connect_renegotiate); 1384 return (ctx->stats.sess_connect_renegotiate);
1388 case SSL_CTRL_SESS_ACCEPT: 1385 case SSL_CTRL_SESS_ACCEPT:
1389 return (ctx->internal->stats.sess_accept); 1386 return (ctx->stats.sess_accept);
1390 case SSL_CTRL_SESS_ACCEPT_GOOD: 1387 case SSL_CTRL_SESS_ACCEPT_GOOD:
1391 return (ctx->internal->stats.sess_accept_good); 1388 return (ctx->stats.sess_accept_good);
1392 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: 1389 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1393 return (ctx->internal->stats.sess_accept_renegotiate); 1390 return (ctx->stats.sess_accept_renegotiate);
1394 case SSL_CTRL_SESS_HIT: 1391 case SSL_CTRL_SESS_HIT:
1395 return (ctx->internal->stats.sess_hit); 1392 return (ctx->stats.sess_hit);
1396 case SSL_CTRL_SESS_CB_HIT: 1393 case SSL_CTRL_SESS_CB_HIT:
1397 return (ctx->internal->stats.sess_cb_hit); 1394 return (ctx->stats.sess_cb_hit);
1398 case SSL_CTRL_SESS_MISSES: 1395 case SSL_CTRL_SESS_MISSES:
1399 return (ctx->internal->stats.sess_miss); 1396 return (ctx->stats.sess_miss);
1400 case SSL_CTRL_SESS_TIMEOUTS: 1397 case SSL_CTRL_SESS_TIMEOUTS:
1401 return (ctx->internal->stats.sess_timeout); 1398 return (ctx->stats.sess_timeout);
1402 case SSL_CTRL_SESS_CACHE_FULL: 1399 case SSL_CTRL_SESS_CACHE_FULL:
1403 return (ctx->internal->stats.sess_cache_full); 1400 return (ctx->stats.sess_cache_full);
1404 case SSL_CTRL_OPTIONS: 1401 case SSL_CTRL_OPTIONS:
1405 return (ctx->internal->options|=larg); 1402 return (ctx->options|=larg);
1406 case SSL_CTRL_CLEAR_OPTIONS: 1403 case SSL_CTRL_CLEAR_OPTIONS:
1407 return (ctx->internal->options&=~larg); 1404 return (ctx->options&=~larg);
1408 case SSL_CTRL_MODE: 1405 case SSL_CTRL_MODE:
1409 return (ctx->internal->mode|=larg); 1406 return (ctx->mode|=larg);
1410 case SSL_CTRL_CLEAR_MODE: 1407 case SSL_CTRL_CLEAR_MODE:
1411 return (ctx->internal->mode&=~larg); 1408 return (ctx->mode&=~larg);
1412 case SSL_CTRL_SET_MAX_SEND_FRAGMENT: 1409 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1413 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) 1410 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1414 return (0); 1411 return (0);
1415 ctx->internal->max_send_fragment = larg; 1412 ctx->max_send_fragment = larg;
1416 return (1); 1413 return (1);
1417 default: 1414 default:
1418 return (ssl3_ctx_ctrl(ctx, cmd, larg, parg)); 1415 return (ssl3_ctx_ctrl(ctx, cmd, larg, parg));
@@ -1424,7 +1421,7 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1424{ 1421{
1425 switch (cmd) { 1422 switch (cmd) {
1426 case SSL_CTRL_SET_MSG_CALLBACK: 1423 case SSL_CTRL_SET_MSG_CALLBACK:
1427 ctx->internal->msg_callback = (ssl_msg_callback_fn *)fp; 1424 ctx->msg_callback = (ssl_msg_callback_fn *)fp;
1428 return (1); 1425 return (1);
1429 1426
1430 default: 1427 default:
@@ -1562,7 +1559,7 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1562 * ctx->cipher_list has been updated. 1559 * ctx->cipher_list has been updated.
1563 */ 1560 */
1564 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 1561 ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1565 ctx->internal->cipher_list_tls13, str, ctx->internal->cert); 1562 ctx->cipher_list_tls13, str, ctx->cert);
1566 if (ciphers == NULL) { 1563 if (ciphers == NULL) {
1567 return (0); 1564 return (0);
1568 } else if (sk_SSL_CIPHER_num(ciphers) == 0) { 1565 } else if (sk_SSL_CIPHER_num(ciphers) == 0) {
@@ -1575,12 +1572,12 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1575int 1572int
1576SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) 1573SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
1577{ 1574{
1578 if (!ssl_parse_ciphersuites(&ctx->internal->cipher_list_tls13, str)) { 1575 if (!ssl_parse_ciphersuites(&ctx->cipher_list_tls13, str)) {
1579 SSLerrorx(SSL_R_NO_CIPHER_MATCH); 1576 SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1580 return 0; 1577 return 0;
1581 } 1578 }
1582 if (!ssl_merge_cipherlists(ctx->cipher_list, 1579 if (!ssl_merge_cipherlists(ctx->cipher_list,
1583 ctx->internal->cipher_list_tls13, &ctx->cipher_list)) 1580 ctx->cipher_list_tls13, &ctx->cipher_list))
1584 return 0; 1581 return 0;
1585 1582
1586 return 1; 1583 return 1;
@@ -1592,8 +1589,8 @@ SSL_set_cipher_list(SSL *s, const char *str)
1592{ 1589{
1593 STACK_OF(SSL_CIPHER) *ciphers, *ciphers_tls13; 1590 STACK_OF(SSL_CIPHER) *ciphers, *ciphers_tls13;
1594 1591
1595 if ((ciphers_tls13 = s->internal->cipher_list_tls13) == NULL) 1592 if ((ciphers_tls13 = s->cipher_list_tls13) == NULL)
1596 ciphers_tls13 = s->ctx->internal->cipher_list_tls13; 1593 ciphers_tls13 = s->ctx->cipher_list_tls13;
1597 1594
1598 /* See comment in SSL_CTX_set_cipher_list. */ 1595 /* See comment in SSL_CTX_set_cipher_list. */
1599 ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, 1596 ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
@@ -1615,11 +1612,11 @@ SSL_set_ciphersuites(SSL *s, const char *str)
1615 if ((ciphers = s->cipher_list) == NULL) 1612 if ((ciphers = s->cipher_list) == NULL)
1616 ciphers = s->ctx->cipher_list; 1613 ciphers = s->ctx->cipher_list;
1617 1614
1618 if (!ssl_parse_ciphersuites(&s->internal->cipher_list_tls13, str)) { 1615 if (!ssl_parse_ciphersuites(&s->cipher_list_tls13, str)) {
1619 SSLerrorx(SSL_R_NO_CIPHER_MATCH); 1616 SSLerrorx(SSL_R_NO_CIPHER_MATCH);
1620 return (0); 1617 return (0);
1621 } 1618 }
1622 if (!ssl_merge_cipherlists(ciphers, s->internal->cipher_list_tls13, 1619 if (!ssl_merge_cipherlists(ciphers, s->cipher_list_tls13,
1623 &s->cipher_list)) 1620 &s->cipher_list))
1624 return 0; 1621 return 0;
1625 1622
@@ -1791,8 +1788,8 @@ SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
1791 goto err; 1788 goto err;
1792 } 1789 }
1793 1790
1794 if (!CBS_stow(&cbs, &ctx->internal->alpn_client_proto_list, 1791 if (!CBS_stow(&cbs, &ctx->alpn_client_proto_list,
1795 &ctx->internal->alpn_client_proto_list_len)) 1792 &ctx->alpn_client_proto_list_len))
1796 goto err; 1793 goto err;
1797 1794
1798 failed = 0; 1795 failed = 0;
@@ -1824,8 +1821,8 @@ SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
1824 goto err; 1821 goto err;
1825 } 1822 }
1826 1823
1827 if (!CBS_stow(&cbs, &ssl->internal->alpn_client_proto_list, 1824 if (!CBS_stow(&cbs, &ssl->alpn_client_proto_list,
1828 &ssl->internal->alpn_client_proto_list_len)) 1825 &ssl->alpn_client_proto_list_len))
1829 goto err; 1826 goto err;
1830 1827
1831 failed = 0; 1828 failed = 0;
@@ -1845,8 +1842,8 @@ SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
1845 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen, 1842 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
1846 const unsigned char *in, unsigned int inlen, void *arg), void *arg) 1843 const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1847{ 1844{
1848 ctx->internal->alpn_select_cb = cb; 1845 ctx->alpn_select_cb = cb;
1849 ctx->internal->alpn_select_cb_arg = arg; 1846 ctx->alpn_select_cb_arg = arg;
1850} 1847}
1851 1848
1852/* 1849/*
@@ -1874,12 +1871,12 @@ SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1874 const char *label, size_t llen, const unsigned char *p, size_t plen, 1871 const char *label, size_t llen, const unsigned char *p, size_t plen,
1875 int use_context) 1872 int use_context)
1876{ 1873{
1877 if (s->internal->tls13 != NULL && s->version == TLS1_3_VERSION) { 1874 if (s->tls13 != NULL && s->version == TLS1_3_VERSION) {
1878 if (!use_context) { 1875 if (!use_context) {
1879 p = NULL; 1876 p = NULL;
1880 plen = 0; 1877 plen = 0;
1881 } 1878 }
1882 return tls13_exporter(s->internal->tls13, label, llen, p, plen, 1879 return tls13_exporter(s->tls13, label, llen, p, plen,
1883 out, olen); 1880 out, olen);
1884 } 1881 }
1885 1882
@@ -1961,11 +1958,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
1961 SSLerrorx(ERR_R_MALLOC_FAILURE); 1958 SSLerrorx(ERR_R_MALLOC_FAILURE);
1962 return (NULL); 1959 return (NULL);
1963 } 1960 }
1964 if ((ret->internal = calloc(1, sizeof(*ret->internal))) == NULL) {
1965 free(ret);
1966 SSLerrorx(ERR_R_MALLOC_FAILURE);
1967 return (NULL);
1968 }
1969 1961
1970 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 1962 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1971 SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1963 SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -1973,62 +1965,62 @@ SSL_CTX_new(const SSL_METHOD *meth)
1973 } 1965 }
1974 1966
1975 ret->method = meth; 1967 ret->method = meth;
1976 ret->internal->min_tls_version = meth->min_tls_version; 1968 ret->min_tls_version = meth->min_tls_version;
1977 ret->internal->max_tls_version = meth->max_tls_version; 1969 ret->max_tls_version = meth->max_tls_version;
1978 ret->internal->min_proto_version = 0; 1970 ret->min_proto_version = 0;
1979 ret->internal->max_proto_version = 0; 1971 ret->max_proto_version = 0;
1980 ret->internal->mode = SSL_MODE_AUTO_RETRY; 1972 ret->mode = SSL_MODE_AUTO_RETRY;
1981 1973
1982 ret->cert_store = NULL; 1974 ret->cert_store = NULL;
1983 ret->internal->session_cache_mode = SSL_SESS_CACHE_SERVER; 1975 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
1984 ret->internal->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; 1976 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1985 ret->internal->session_cache_head = NULL; 1977 ret->session_cache_head = NULL;
1986 ret->internal->session_cache_tail = NULL; 1978 ret->session_cache_tail = NULL;
1987 1979
1988 /* We take the system default */ 1980 /* We take the system default */
1989 ret->session_timeout = ssl_get_default_timeout(); 1981 ret->session_timeout = ssl_get_default_timeout();
1990 1982
1991 ret->internal->new_session_cb = 0; 1983 ret->new_session_cb = 0;
1992 ret->internal->remove_session_cb = 0; 1984 ret->remove_session_cb = 0;
1993 ret->internal->get_session_cb = 0; 1985 ret->get_session_cb = 0;
1994 ret->internal->generate_session_id = 0; 1986 ret->generate_session_id = 0;
1995 1987
1996 memset((char *)&ret->internal->stats, 0, sizeof(ret->internal->stats)); 1988 memset((char *)&ret->stats, 0, sizeof(ret->stats));
1997 1989
1998 ret->references = 1; 1990 ret->references = 1;
1999 ret->internal->quiet_shutdown = 0; 1991 ret->quiet_shutdown = 0;
2000 1992
2001 ret->internal->info_callback = NULL; 1993 ret->info_callback = NULL;
2002 1994
2003 ret->internal->app_verify_callback = 0; 1995 ret->app_verify_callback = 0;
2004 ret->internal->app_verify_arg = NULL; 1996 ret->app_verify_arg = NULL;
2005 1997
2006 ret->internal->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; 1998 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
2007 ret->internal->read_ahead = 0; 1999 ret->read_ahead = 0;
2008 ret->internal->msg_callback = 0; 2000 ret->msg_callback = 0;
2009 ret->internal->msg_callback_arg = NULL; 2001 ret->msg_callback_arg = NULL;
2010 ret->verify_mode = SSL_VERIFY_NONE; 2002 ret->verify_mode = SSL_VERIFY_NONE;
2011 ret->sid_ctx_length = 0; 2003 ret->sid_ctx_length = 0;
2012 ret->internal->default_verify_callback = NULL; 2004 ret->default_verify_callback = NULL;
2013 2005
2014 if ((ret->internal->cert = ssl_cert_new()) == NULL) 2006 if ((ret->cert = ssl_cert_new()) == NULL)
2015 goto err; 2007 goto err;
2016 2008
2017 ret->default_passwd_callback = 0; 2009 ret->default_passwd_callback = 0;
2018 ret->default_passwd_callback_userdata = NULL; 2010 ret->default_passwd_callback_userdata = NULL;
2019 ret->internal->client_cert_cb = 0; 2011 ret->client_cert_cb = 0;
2020 ret->internal->app_gen_cookie_cb = 0; 2012 ret->app_gen_cookie_cb = 0;
2021 ret->internal->app_verify_cookie_cb = 0; 2013 ret->app_verify_cookie_cb = 0;
2022 2014
2023 ret->internal->sessions = lh_SSL_SESSION_new(); 2015 ret->sessions = lh_SSL_SESSION_new();
2024 if (ret->internal->sessions == NULL) 2016 if (ret->sessions == NULL)
2025 goto err; 2017 goto err;
2026 ret->cert_store = X509_STORE_new(); 2018 ret->cert_store = X509_STORE_new();
2027 if (ret->cert_store == NULL) 2019 if (ret->cert_store == NULL)
2028 goto err; 2020 goto err;
2029 2021
2030 ssl_create_cipher_list(ret->method, &ret->cipher_list, 2022 ssl_create_cipher_list(ret->method, &ret->cipher_list,
2031 NULL, SSL_DEFAULT_CIPHER_LIST, ret->internal->cert); 2023 NULL, SSL_DEFAULT_CIPHER_LIST, ret->cert);
2032 if (ret->cipher_list == NULL || 2024 if (ret->cipher_list == NULL ||
2033 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 2025 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
2034 SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS); 2026 SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS);
@@ -2039,28 +2031,28 @@ SSL_CTX_new(const SSL_METHOD *meth)
2039 if (!ret->param) 2031 if (!ret->param)
2040 goto err; 2032 goto err;
2041 2033
2042 if ((ret->internal->client_CA = sk_X509_NAME_new_null()) == NULL) 2034 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
2043 goto err; 2035 goto err;
2044 2036
2045 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->internal->ex_data); 2037 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
2046 2038
2047 ret->extra_certs = NULL; 2039 ret->extra_certs = NULL;
2048 2040
2049 ret->internal->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 2041 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
2050 2042
2051 ret->internal->tlsext_servername_callback = 0; 2043 ret->tlsext_servername_callback = 0;
2052 ret->internal->tlsext_servername_arg = NULL; 2044 ret->tlsext_servername_arg = NULL;
2053 2045
2054 /* Setup RFC4507 ticket keys */ 2046 /* Setup RFC4507 ticket keys */
2055 arc4random_buf(ret->internal->tlsext_tick_key_name, 16); 2047 arc4random_buf(ret->tlsext_tick_key_name, 16);
2056 arc4random_buf(ret->internal->tlsext_tick_hmac_key, 16); 2048 arc4random_buf(ret->tlsext_tick_hmac_key, 16);
2057 arc4random_buf(ret->internal->tlsext_tick_aes_key, 16); 2049 arc4random_buf(ret->tlsext_tick_aes_key, 16);
2058 2050
2059 ret->internal->tlsext_status_cb = 0; 2051 ret->tlsext_status_cb = 0;
2060 ret->internal->tlsext_status_arg = NULL; 2052 ret->tlsext_status_arg = NULL;
2061 2053
2062#ifndef OPENSSL_NO_ENGINE 2054#ifndef OPENSSL_NO_ENGINE
2063 ret->internal->client_cert_engine = NULL; 2055 ret->client_cert_engine = NULL;
2064#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO 2056#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
2065#define eng_strx(x) #x 2057#define eng_strx(x) #x
2066#define eng_str(x) eng_strx(x) 2058#define eng_str(x) eng_strx(x)
@@ -2083,7 +2075,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
2083 * Default is to connect to non-RI servers. When RI is more widely 2075 * Default is to connect to non-RI servers. When RI is more widely
2084 * deployed might change this. 2076 * deployed might change this.
2085 */ 2077 */
2086 ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT; 2078 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
2087 2079
2088 return (ret); 2080 return (ret);
2089 err: 2081 err:
@@ -2116,35 +2108,34 @@ SSL_CTX_free(SSL_CTX *ctx)
2116 * free ex_data, then finally free the cache. 2108 * free ex_data, then finally free the cache.
2117 * (See ticket [openssl.org #212].) 2109 * (See ticket [openssl.org #212].)
2118 */ 2110 */
2119 if (ctx->internal->sessions != NULL) 2111 if (ctx->sessions != NULL)
2120 SSL_CTX_flush_sessions(ctx, 0); 2112 SSL_CTX_flush_sessions(ctx, 0);
2121 2113
2122 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->internal->ex_data); 2114 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->ex_data);
2123 2115
2124 lh_SSL_SESSION_free(ctx->internal->sessions); 2116 lh_SSL_SESSION_free(ctx->sessions);
2125 2117
2126 X509_STORE_free(ctx->cert_store); 2118 X509_STORE_free(ctx->cert_store);
2127 sk_SSL_CIPHER_free(ctx->cipher_list); 2119 sk_SSL_CIPHER_free(ctx->cipher_list);
2128 sk_SSL_CIPHER_free(ctx->internal->cipher_list_tls13); 2120 sk_SSL_CIPHER_free(ctx->cipher_list_tls13);
2129 ssl_cert_free(ctx->internal->cert); 2121 ssl_cert_free(ctx->cert);
2130 sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free); 2122 sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free);
2131 sk_X509_pop_free(ctx->extra_certs, X509_free); 2123 sk_X509_pop_free(ctx->extra_certs, X509_free);
2132 2124
2133#ifndef OPENSSL_NO_SRTP 2125#ifndef OPENSSL_NO_SRTP
2134 if (ctx->internal->srtp_profiles) 2126 if (ctx->srtp_profiles)
2135 sk_SRTP_PROTECTION_PROFILE_free(ctx->internal->srtp_profiles); 2127 sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
2136#endif 2128#endif
2137 2129
2138#ifndef OPENSSL_NO_ENGINE 2130#ifndef OPENSSL_NO_ENGINE
2139 ENGINE_finish(ctx->internal->client_cert_engine); 2131 ENGINE_finish(ctx->client_cert_engine);
2140#endif 2132#endif
2141 2133
2142 free(ctx->internal->tlsext_ecpointformatlist); 2134 free(ctx->tlsext_ecpointformatlist);
2143 free(ctx->internal->tlsext_supportedgroups); 2135 free(ctx->tlsext_supportedgroups);
2144 2136
2145 free(ctx->internal->alpn_client_proto_list); 2137 free(ctx->alpn_client_proto_list);
2146 2138
2147 free(ctx->internal);
2148 free(ctx); 2139 free(ctx);
2149} 2140}
2150 2141
@@ -2183,15 +2174,15 @@ void
2183SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 2174SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
2184 int (*cb)(X509_STORE_CTX *, void *), void *arg) 2175 int (*cb)(X509_STORE_CTX *, void *), void *arg)
2185{ 2176{
2186 ctx->internal->app_verify_callback = cb; 2177 ctx->app_verify_callback = cb;
2187 ctx->internal->app_verify_arg = arg; 2178 ctx->app_verify_arg = arg;
2188} 2179}
2189 2180
2190void 2181void
2191SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) 2182SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
2192{ 2183{
2193 ctx->verify_mode = mode; 2184 ctx->verify_mode = mode;
2194 ctx->internal->default_verify_callback = cb; 2185 ctx->default_verify_callback = cb;
2195} 2186}
2196 2187
2197void 2188void
@@ -2363,14 +2354,14 @@ ssl_should_update_external_cache(SSL *s, int mode)
2363{ 2354{
2364 int cache_mode; 2355 int cache_mode;
2365 2356
2366 cache_mode = s->session_ctx->internal->session_cache_mode; 2357 cache_mode = s->session_ctx->session_cache_mode;
2367 2358
2368 /* Don't cache if mode says not to */ 2359 /* Don't cache if mode says not to */
2369 if ((cache_mode & mode) == 0) 2360 if ((cache_mode & mode) == 0)
2370 return 0; 2361 return 0;
2371 2362
2372 /* if it is not already cached, cache it */ 2363 /* if it is not already cached, cache it */
2373 if (!s->internal->hit) 2364 if (!s->hit)
2374 return 1; 2365 return 1;
2375 2366
2376 /* If it's TLS 1.3, do it to match OpenSSL */ 2367 /* If it's TLS 1.3, do it to match OpenSSL */
@@ -2385,14 +2376,14 @@ ssl_should_update_internal_cache(SSL *s, int mode)
2385{ 2376{
2386 int cache_mode; 2377 int cache_mode;
2387 2378
2388 cache_mode = s->session_ctx->internal->session_cache_mode; 2379 cache_mode = s->session_ctx->session_cache_mode;
2389 2380
2390 /* Don't cache if mode says not to */ 2381 /* Don't cache if mode says not to */
2391 if ((cache_mode & mode) == 0) 2382 if ((cache_mode & mode) == 0)
2392 return 0; 2383 return 0;
2393 2384
2394 /* If it is already cached, don't cache it again */ 2385 /* If it is already cached, don't cache it again */
2395 if (s->internal->hit) 2386 if (s->hit)
2396 return 0; 2387 return 0;
2397 2388
2398 if ((cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0) 2389 if ((cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0)
@@ -2415,11 +2406,11 @@ ssl_should_update_internal_cache(SSL *s, int mode)
2415 * to know about this even if it's a stateless ticket 2406 * to know about this even if it's a stateless ticket
2416 * from 1.3 so we can know when it is removed. 2407 * from 1.3 so we can know when it is removed.
2417 */ 2408 */
2418 if (s->session_ctx->internal->remove_session_cb != NULL) 2409 if (s->session_ctx->remove_session_cb != NULL)
2419 return 1; 2410 return 1;
2420 2411
2421 /* If we have set OP_NO_TICKET, cache it. */ 2412 /* If we have set OP_NO_TICKET, cache it. */
2422 if ((s->internal->options & SSL_OP_NO_TICKET) != 0) 2413 if ((s->options & SSL_OP_NO_TICKET) != 0)
2423 return 1; 2414 return 1;
2424 2415
2425 /* Otherwise do not cache */ 2416 /* Otherwise do not cache */
@@ -2434,7 +2425,7 @@ ssl_update_cache(SSL *s, int mode)
2434 if (s->session->session_id_length == 0) 2425 if (s->session->session_id_length == 0)
2435 return; 2426 return;
2436 2427
2437 cache_mode = s->session_ctx->internal->session_cache_mode; 2428 cache_mode = s->session_ctx->session_cache_mode;
2438 do_callback = ssl_should_update_external_cache(s, mode); 2429 do_callback = ssl_should_update_external_cache(s, mode);
2439 2430
2440 if (ssl_should_update_internal_cache(s, mode)) { 2431 if (ssl_should_update_internal_cache(s, mode)) {
@@ -2455,9 +2446,9 @@ ssl_update_cache(SSL *s, int mode)
2455 * same glorious experience they expect from OpenSSL which 2446 * same glorious experience they expect from OpenSSL which
2456 * does it this way. 2447 * does it this way.
2457 */ 2448 */
2458 if (do_callback && s->session_ctx->internal->new_session_cb != NULL) { 2449 if (do_callback && s->session_ctx->new_session_cb != NULL) {
2459 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); 2450 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2460 if (!s->session_ctx->internal->new_session_cb(s, s->session)) 2451 if (!s->session_ctx->new_session_cb(s, s->session))
2461 SSL_SESSION_free(s->session); 2452 SSL_SESSION_free(s->session);
2462 } 2453 }
2463 2454
@@ -2466,9 +2457,9 @@ ssl_update_cache(SSL *s, int mode)
2466 (cache_mode & mode) != 0) { 2457 (cache_mode & mode) != 0) {
2467 int connections; 2458 int connections;
2468 if (mode & SSL_SESS_CACHE_CLIENT) 2459 if (mode & SSL_SESS_CACHE_CLIENT)
2469 connections = s->session_ctx->internal->stats.sess_connect_good; 2460 connections = s->session_ctx->stats.sess_connect_good;
2470 else 2461 else
2471 connections = s->session_ctx->internal->stats.sess_accept_good; 2462 connections = s->session_ctx->stats.sess_accept_good;
2472 if ((connections & 0xff) == 0xff) 2463 if ((connections & 0xff) == 0xff)
2473 SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); 2464 SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2474 } 2465 }
@@ -2489,9 +2480,9 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method)
2489 if (s->method == method) 2480 if (s->method == method)
2490 return (ret); 2481 return (ret);
2491 2482
2492 if (s->internal->handshake_func == s->method->ssl_connect) 2483 if (s->handshake_func == s->method->ssl_connect)
2493 handshake_func = method->ssl_connect; 2484 handshake_func = method->ssl_connect;
2494 else if (s->internal->handshake_func == s->method->ssl_accept) 2485 else if (s->handshake_func == s->method->ssl_accept)
2495 handshake_func = method->ssl_accept; 2486 handshake_func = method->ssl_accept;
2496 2487
2497 if (s->method->version == method->version) { 2488 if (s->method->version == method->version) {
@@ -2501,7 +2492,7 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method)
2501 s->method = method; 2492 s->method = method;
2502 ret = s->method->ssl_new(s); 2493 ret = s->method->ssl_new(s);
2503 } 2494 }
2504 s->internal->handshake_func = handshake_func; 2495 s->handshake_func = handshake_func;
2505 2496
2506 return (ret); 2497 return (ret);
2507} 2498}
@@ -2537,7 +2528,7 @@ SSL_get_error(const SSL *s, int i)
2537 * try to write to the rbio, and an application 2528 * try to write to the rbio, and an application
2538 * program where rbio and wbio are separate couldn't 2529 * program where rbio and wbio are separate couldn't
2539 * even know what it should wait for. However if we 2530 * even know what it should wait for. However if we
2540 * ever set s->internal->rwstate incorrectly (so that we have 2531 * ever set s->rwstate incorrectly (so that we have
2541 * SSL_want_read(s) instead of SSL_want_write(s)) 2532 * SSL_want_read(s) instead of SSL_want_write(s))
2542 * and rbio and wbio *are* the same, this test works 2533 * and rbio and wbio *are* the same, this test works
2543 * around that bug; so it might be safer to keep it. 2534 * around that bug; so it might be safer to keep it.
@@ -2578,7 +2569,7 @@ SSL_get_error(const SSL *s, int i)
2578 if (SSL_want_x509_lookup(s)) 2569 if (SSL_want_x509_lookup(s))
2579 return (SSL_ERROR_WANT_X509_LOOKUP); 2570 return (SSL_ERROR_WANT_X509_LOOKUP);
2580 2571
2581 if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && 2572 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2582 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) 2573 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2583 return (SSL_ERROR_ZERO_RETURN); 2574 return (SSL_ERROR_ZERO_RETURN);
2584 2575
@@ -2631,15 +2622,15 @@ SSL_quic_max_handshake_flight_len(const SSL *ssl,
2631 * to request client certificates. 2622 * to request client certificates.
2632 */ 2623 */
2633 if ((SSL_get_verify_mode(ssl) & SSL_VERIFY_PEER) != 0 && 2624 if ((SSL_get_verify_mode(ssl) & SSL_VERIFY_PEER) != 0 &&
2634 ssl->internal->max_cert_list > flight_len) 2625 ssl->max_cert_list > flight_len)
2635 flight_len = ssl->internal->max_cert_list; 2626 flight_len = ssl->max_cert_list;
2636 } else { 2627 } else {
2637 /* 2628 /*
2638 * Clients may receive both Certificate message and a 2629 * Clients may receive both Certificate message and a
2639 * CertificateRequest message. 2630 * CertificateRequest message.
2640 */ 2631 */
2641 if (ssl->internal->max_cert_list * 2 > flight_len) 2632 if (ssl->max_cert_list * 2 > flight_len)
2642 flight_len = ssl->internal->max_cert_list * 2; 2633 flight_len = ssl->max_cert_list * 2;
2643 } 2634 }
2644 return flight_len; 2635 return flight_len;
2645 case ssl_encryption_application: 2636 case ssl_encryption_application:
@@ -2709,7 +2700,7 @@ SSL_process_quic_post_handshake(SSL *ssl)
2709int 2700int
2710SSL_do_handshake(SSL *s) 2701SSL_do_handshake(SSL *s)
2711{ 2702{
2712 if (s->internal->handshake_func == NULL) { 2703 if (s->handshake_func == NULL) {
2713 SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET); 2704 SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET);
2714 return (-1); 2705 return (-1);
2715 } 2706 }
@@ -2719,7 +2710,7 @@ SSL_do_handshake(SSL *s)
2719 if (!SSL_in_init(s) && !SSL_in_before(s)) 2710 if (!SSL_in_init(s) && !SSL_in_before(s))
2720 return 1; 2711 return 1;
2721 2712
2722 return s->internal->handshake_func(s); 2713 return s->handshake_func(s);
2723} 2714}
2724 2715
2725/* 2716/*
@@ -2730,9 +2721,9 @@ void
2730SSL_set_accept_state(SSL *s) 2721SSL_set_accept_state(SSL *s)
2731{ 2722{
2732 s->server = 1; 2723 s->server = 1;
2733 s->internal->shutdown = 0; 2724 s->shutdown = 0;
2734 s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; 2725 s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2735 s->internal->handshake_func = s->method->ssl_accept; 2726 s->handshake_func = s->method->ssl_accept;
2736 ssl_clear_cipher_state(s); 2727 ssl_clear_cipher_state(s);
2737} 2728}
2738 2729
@@ -2740,9 +2731,9 @@ void
2740SSL_set_connect_state(SSL *s) 2731SSL_set_connect_state(SSL *s)
2741{ 2732{
2742 s->server = 0; 2733 s->server = 0;
2743 s->internal->shutdown = 0; 2734 s->shutdown = 0;
2744 s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; 2735 s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2745 s->internal->handshake_func = s->method->ssl_connect; 2736 s->handshake_func = s->method->ssl_connect;
2746 ssl_clear_cipher_state(s); 2737 ssl_clear_cipher_state(s);
2747} 2738}
2748 2739
@@ -2832,24 +2823,24 @@ SSL_dup(SSL *s)
2832 goto err; 2823 goto err;
2833 } 2824 }
2834 2825
2835 ret->internal->options = s->internal->options; 2826 ret->options = s->options;
2836 ret->internal->mode = s->internal->mode; 2827 ret->mode = s->mode;
2837 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); 2828 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2838 SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); 2829 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2839 ret->internal->msg_callback = s->internal->msg_callback; 2830 ret->msg_callback = s->msg_callback;
2840 ret->internal->msg_callback_arg = s->internal->msg_callback_arg; 2831 ret->msg_callback_arg = s->msg_callback_arg;
2841 SSL_set_verify(ret, SSL_get_verify_mode(s), 2832 SSL_set_verify(ret, SSL_get_verify_mode(s),
2842 SSL_get_verify_callback(s)); 2833 SSL_get_verify_callback(s));
2843 SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); 2834 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2844 ret->internal->generate_session_id = s->internal->generate_session_id; 2835 ret->generate_session_id = s->generate_session_id;
2845 2836
2846 SSL_set_info_callback(ret, SSL_get_info_callback(s)); 2837 SSL_set_info_callback(ret, SSL_get_info_callback(s));
2847 2838
2848 ret->internal->debug = s->internal->debug; 2839 ret->debug = s->debug;
2849 2840
2850 /* copy app data, a little dangerous perhaps */ 2841 /* copy app data, a little dangerous perhaps */
2851 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, 2842 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2852 &ret->internal->ex_data, &s->internal->ex_data)) 2843 &ret->ex_data, &s->ex_data))
2853 goto err; 2844 goto err;
2854 2845
2855 /* setup rbio, and wbio */ 2846 /* setup rbio, and wbio */
@@ -2864,25 +2855,25 @@ SSL_dup(SSL *s)
2864 } else 2855 } else
2865 ret->wbio = ret->rbio; 2856 ret->wbio = ret->rbio;
2866 } 2857 }
2867 ret->internal->rwstate = s->internal->rwstate; 2858 ret->rwstate = s->rwstate;
2868 ret->internal->in_handshake = s->internal->in_handshake; 2859 ret->in_handshake = s->in_handshake;
2869 ret->internal->handshake_func = s->internal->handshake_func; 2860 ret->handshake_func = s->handshake_func;
2870 ret->server = s->server; 2861 ret->server = s->server;
2871 ret->internal->renegotiate = s->internal->renegotiate; 2862 ret->renegotiate = s->renegotiate;
2872 ret->internal->new_session = s->internal->new_session; 2863 ret->new_session = s->new_session;
2873 ret->internal->quiet_shutdown = s->internal->quiet_shutdown; 2864 ret->quiet_shutdown = s->quiet_shutdown;
2874 ret->internal->shutdown = s->internal->shutdown; 2865 ret->shutdown = s->shutdown;
2875 /* SSL_dup does not really work at any state, though */ 2866 /* SSL_dup does not really work at any state, though */
2876 ret->s3->hs.state = s->s3->hs.state; 2867 ret->s3->hs.state = s->s3->hs.state;
2877 ret->internal->rstate = s->internal->rstate; 2868 ret->rstate = s->rstate;
2878 2869
2879 /* 2870 /*
2880 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, 2871 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
2881 * ret->init_off 2872 * ret->init_off
2882 */ 2873 */
2883 ret->internal->init_num = 0; 2874 ret->init_num = 0;
2884 2875
2885 ret->internal->hit = s->internal->hit; 2876 ret->hit = s->hit;
2886 2877
2887 X509_VERIFY_PARAM_inherit(ret->param, s->param); 2878 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2888 2879
@@ -2891,16 +2882,16 @@ SSL_dup(SSL *s)
2891 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 2882 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2892 goto err; 2883 goto err;
2893 } 2884 }
2894 if (s->internal->cipher_list_tls13 != NULL) { 2885 if (s->cipher_list_tls13 != NULL) {
2895 if ((ret->internal->cipher_list_tls13 = 2886 if ((ret->cipher_list_tls13 =
2896 sk_SSL_CIPHER_dup(s->internal->cipher_list_tls13)) == NULL) 2887 sk_SSL_CIPHER_dup(s->cipher_list_tls13)) == NULL)
2897 goto err; 2888 goto err;
2898 } 2889 }
2899 2890
2900 /* Dup the client_CA list */ 2891 /* Dup the client_CA list */
2901 if (s->internal->client_CA != NULL) { 2892 if (s->client_CA != NULL) {
2902 if ((sk = sk_X509_NAME_dup(s->internal->client_CA)) == NULL) goto err; 2893 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2903 ret->internal->client_CA = sk; 2894 ret->client_CA = sk;
2904 for (i = 0; i < sk_X509_NAME_num(sk); i++) { 2895 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2905 xn = sk_X509_NAME_value(sk, i); 2896 xn = sk_X509_NAME_value(sk, i);
2906 if (sk_X509_NAME_set(sk, i, 2897 if (sk_X509_NAME_set(sk, i,
@@ -2920,8 +2911,8 @@ SSL_dup(SSL *s)
2920void 2911void
2921ssl_clear_cipher_state(SSL *s) 2912ssl_clear_cipher_state(SSL *s)
2922{ 2913{
2923 tls12_record_layer_clear_read_state(s->internal->rl); 2914 tls12_record_layer_clear_read_state(s->rl);
2924 tls12_record_layer_clear_write_state(s->internal->rl); 2915 tls12_record_layer_clear_write_state(s->rl);
2925} 2916}
2926 2917
2927void 2918void
@@ -2929,8 +2920,8 @@ ssl_info_callback(const SSL *s, int type, int value)
2929{ 2920{
2930 ssl_info_callback_fn *cb; 2921 ssl_info_callback_fn *cb;
2931 2922
2932 if ((cb = s->internal->info_callback) == NULL) 2923 if ((cb = s->info_callback) == NULL)
2933 cb = s->ctx->internal->info_callback; 2924 cb = s->ctx->info_callback;
2934 if (cb != NULL) 2925 if (cb != NULL)
2935 cb(s, type, value); 2926 cb(s, type, value);
2936} 2927}
@@ -2939,11 +2930,11 @@ void
2939ssl_msg_callback(SSL *s, int is_write, int content_type, 2930ssl_msg_callback(SSL *s, int is_write, int content_type,
2940 const void *msg_buf, size_t msg_len) 2931 const void *msg_buf, size_t msg_len)
2941{ 2932{
2942 if (s->internal->msg_callback == NULL) 2933 if (s->msg_callback == NULL)
2943 return; 2934 return;
2944 2935
2945 s->internal->msg_callback(is_write, s->version, content_type, 2936 s->msg_callback(is_write, s->version, content_type,
2946 msg_buf, msg_len, s, s->internal->msg_callback_arg); 2937 msg_buf, msg_len, s, s->msg_callback_arg);
2947} 2938}
2948 2939
2949void 2940void
@@ -3068,37 +3059,37 @@ ssl_free_wbio_buffer(SSL *s)
3068void 3059void
3069SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) 3060SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
3070{ 3061{
3071 ctx->internal->quiet_shutdown = mode; 3062 ctx->quiet_shutdown = mode;
3072} 3063}
3073 3064
3074int 3065int
3075SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) 3066SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
3076{ 3067{
3077 return (ctx->internal->quiet_shutdown); 3068 return (ctx->quiet_shutdown);
3078} 3069}
3079 3070
3080void 3071void
3081SSL_set_quiet_shutdown(SSL *s, int mode) 3072SSL_set_quiet_shutdown(SSL *s, int mode)
3082{ 3073{
3083 s->internal->quiet_shutdown = mode; 3074 s->quiet_shutdown = mode;
3084} 3075}
3085 3076
3086int 3077int
3087SSL_get_quiet_shutdown(const SSL *s) 3078SSL_get_quiet_shutdown(const SSL *s)
3088{ 3079{
3089 return (s->internal->quiet_shutdown); 3080 return (s->quiet_shutdown);
3090} 3081}
3091 3082
3092void 3083void
3093SSL_set_shutdown(SSL *s, int mode) 3084SSL_set_shutdown(SSL *s, int mode)
3094{ 3085{
3095 s->internal->shutdown = mode; 3086 s->shutdown = mode;
3096} 3087}
3097 3088
3098int 3089int
3099SSL_get_shutdown(const SSL *s) 3090SSL_get_shutdown(const SSL *s)
3100{ 3091{
3101 return (s->internal->shutdown); 3092 return (s->shutdown);
3102} 3093}
3103 3094
3104int 3095int
@@ -3123,7 +3114,7 @@ SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
3123 if (ssl->ctx == ctx) 3114 if (ssl->ctx == ctx)
3124 return (ssl->ctx); 3115 return (ssl->ctx);
3125 3116
3126 if ((new_cert = ssl_cert_dup(ctx->internal->cert)) == NULL) 3117 if ((new_cert = ssl_cert_dup(ctx->cert)) == NULL)
3127 return NULL; 3118 return NULL;
3128 ssl_cert_free(ssl->cert); 3119 ssl_cert_free(ssl->cert);
3129 ssl->cert = new_cert; 3120 ssl->cert = new_cert;
@@ -3157,12 +3148,12 @@ SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
3157void 3148void
3158SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val)) 3149SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
3159{ 3150{
3160 ssl->internal->info_callback = cb; 3151 ssl->info_callback = cb;
3161} 3152}
3162 3153
3163void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) 3154void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
3164{ 3155{
3165 return (ssl->internal->info_callback); 3156 return (ssl->info_callback);
3166} 3157}
3167 3158
3168int 3159int
@@ -3218,13 +3209,13 @@ SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
3218int 3209int
3219SSL_set_ex_data(SSL *s, int idx, void *arg) 3210SSL_set_ex_data(SSL *s, int idx, void *arg)
3220{ 3211{
3221 return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); 3212 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3222} 3213}
3223 3214
3224void * 3215void *
3225SSL_get_ex_data(const SSL *s, int idx) 3216SSL_get_ex_data(const SSL *s, int idx)
3226{ 3217{
3227 return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); 3218 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3228} 3219}
3229 3220
3230int 3221int
@@ -3238,13 +3229,13 @@ SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
3238int 3229int
3239SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) 3230SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
3240{ 3231{
3241 return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); 3232 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
3242} 3233}
3243 3234
3244void * 3235void *
3245SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) 3236SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
3246{ 3237{
3247 return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); 3238 return (CRYPTO_get_ex_data(&s->ex_data, idx));
3248} 3239}
3249 3240
3250int 3241int
@@ -3269,25 +3260,25 @@ SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
3269X509 * 3260X509 *
3270SSL_CTX_get0_certificate(const SSL_CTX *ctx) 3261SSL_CTX_get0_certificate(const SSL_CTX *ctx)
3271{ 3262{
3272 if (ctx->internal->cert == NULL) 3263 if (ctx->cert == NULL)
3273 return NULL; 3264 return NULL;
3274 3265
3275 return ctx->internal->cert->key->x509; 3266 return ctx->cert->key->x509;
3276} 3267}
3277 3268
3278EVP_PKEY * 3269EVP_PKEY *
3279SSL_CTX_get0_privatekey(const SSL_CTX *ctx) 3270SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
3280{ 3271{
3281 if (ctx->internal->cert == NULL) 3272 if (ctx->cert == NULL)
3282 return NULL; 3273 return NULL;
3283 3274
3284 return ctx->internal->cert->key->privatekey; 3275 return ctx->cert->key->privatekey;
3285} 3276}
3286 3277
3287int 3278int
3288SSL_want(const SSL *s) 3279SSL_want(const SSL *s)
3289{ 3280{
3290 return (s->internal->rwstate); 3281 return (s->rwstate);
3291} 3282}
3292 3283
3293void 3284void
@@ -3352,68 +3343,68 @@ SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
3352void 3343void
3353SSL_set_debug(SSL *s, int debug) 3344SSL_set_debug(SSL *s, int debug)
3354{ 3345{
3355 s->internal->debug = debug; 3346 s->debug = debug;
3356} 3347}
3357 3348
3358int 3349int
3359SSL_cache_hit(SSL *s) 3350SSL_cache_hit(SSL *s)
3360{ 3351{
3361 return (s->internal->hit); 3352 return (s->hit);
3362} 3353}
3363 3354
3364int 3355int
3365SSL_CTX_get_min_proto_version(SSL_CTX *ctx) 3356SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
3366{ 3357{
3367 return ctx->internal->min_proto_version; 3358 return ctx->min_proto_version;
3368} 3359}
3369 3360
3370int 3361int
3371SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version) 3362SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)
3372{ 3363{
3373 return ssl_version_set_min(ctx->method, version, 3364 return ssl_version_set_min(ctx->method, version,
3374 ctx->internal->max_tls_version, &ctx->internal->min_tls_version, 3365 ctx->max_tls_version, &ctx->min_tls_version,
3375 &ctx->internal->min_proto_version); 3366 &ctx->min_proto_version);
3376} 3367}
3377 3368
3378int 3369int
3379SSL_CTX_get_max_proto_version(SSL_CTX *ctx) 3370SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
3380{ 3371{
3381 return ctx->internal->max_proto_version; 3372 return ctx->max_proto_version;
3382} 3373}
3383 3374
3384int 3375int
3385SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version) 3376SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)
3386{ 3377{
3387 return ssl_version_set_max(ctx->method, version, 3378 return ssl_version_set_max(ctx->method, version,
3388 ctx->internal->min_tls_version, &ctx->internal->max_tls_version, 3379 ctx->min_tls_version, &ctx->max_tls_version,
3389 &ctx->internal->max_proto_version); 3380 &ctx->max_proto_version);
3390} 3381}
3391 3382
3392int 3383int
3393SSL_get_min_proto_version(SSL *ssl) 3384SSL_get_min_proto_version(SSL *ssl)
3394{ 3385{
3395 return ssl->internal->min_proto_version; 3386 return ssl->min_proto_version;
3396} 3387}
3397 3388
3398int 3389int
3399SSL_set_min_proto_version(SSL *ssl, uint16_t version) 3390SSL_set_min_proto_version(SSL *ssl, uint16_t version)
3400{ 3391{
3401 return ssl_version_set_min(ssl->method, version, 3392 return ssl_version_set_min(ssl->method, version,
3402 ssl->internal->max_tls_version, &ssl->internal->min_tls_version, 3393 ssl->max_tls_version, &ssl->min_tls_version,
3403 &ssl->internal->min_proto_version); 3394 &ssl->min_proto_version);
3404} 3395}
3405int 3396int
3406SSL_get_max_proto_version(SSL *ssl) 3397SSL_get_max_proto_version(SSL *ssl)
3407{ 3398{
3408 return ssl->internal->max_proto_version; 3399 return ssl->max_proto_version;
3409} 3400}
3410 3401
3411int 3402int
3412SSL_set_max_proto_version(SSL *ssl, uint16_t version) 3403SSL_set_max_proto_version(SSL *ssl, uint16_t version)
3413{ 3404{
3414 return ssl_version_set_max(ssl->method, version, 3405 return ssl_version_set_max(ssl->method, version,
3415 ssl->internal->min_tls_version, &ssl->internal->max_tls_version, 3406 ssl->min_tls_version, &ssl->max_tls_version,
3416 &ssl->internal->max_proto_version); 3407 &ssl->max_proto_version);
3417} 3408}
3418 3409
3419const SSL_METHOD * 3410const SSL_METHOD *
@@ -3425,13 +3416,13 @@ SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
3425int 3416int
3426SSL_CTX_get_security_level(const SSL_CTX *ctx) 3417SSL_CTX_get_security_level(const SSL_CTX *ctx)
3427{ 3418{
3428 return ctx->internal->cert->security_level; 3419 return ctx->cert->security_level;
3429} 3420}
3430 3421
3431void 3422void
3432SSL_CTX_set_security_level(SSL_CTX *ctx, int level) 3423SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
3433{ 3424{
3434 ctx->internal->cert->security_level = level; 3425 ctx->cert->security_level = level;
3435} 3426}
3436 3427
3437int 3428int
@@ -3456,16 +3447,16 @@ int
3456SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, 3447SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
3457 size_t params_len) 3448 size_t params_len)
3458{ 3449{
3459 freezero(ssl->internal->quic_transport_params, 3450 freezero(ssl->quic_transport_params,
3460 ssl->internal->quic_transport_params_len); 3451 ssl->quic_transport_params_len);
3461 ssl->internal->quic_transport_params = NULL; 3452 ssl->quic_transport_params = NULL;
3462 ssl->internal->quic_transport_params_len = 0; 3453 ssl->quic_transport_params_len = 0;
3463 3454
3464 if ((ssl->internal->quic_transport_params = malloc(params_len)) == NULL) 3455 if ((ssl->quic_transport_params = malloc(params_len)) == NULL)
3465 return 0; 3456 return 0;
3466 3457
3467 memcpy(ssl->internal->quic_transport_params, params, params_len); 3458 memcpy(ssl->quic_transport_params, params, params_len);
3468 ssl->internal->quic_transport_params_len = params_len; 3459 ssl->quic_transport_params_len = params_len;
3469 3460
3470 return 1; 3461 return 1;
3471} 3462}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 13:07:20 +0000