diff options
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 147 |
1 files changed, 74 insertions, 73 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index c9af96e48e..036a13b36a 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.133 2017/01/23 04:55:27 beck Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.134 2017/01/23 05:13:02 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -251,7 +251,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) | |||
| 251 | ctx->method = meth; | 251 | ctx->method = meth; |
| 252 | 252 | ||
| 253 | sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), | 253 | sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), |
| 254 | &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); | 254 | &(ctx->internal->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); |
| 255 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { | 255 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { |
| 256 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, | 256 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, |
| 257 | SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); | 257 | SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); |
| @@ -286,9 +286,9 @@ SSL_new(SSL_CTX *ctx) | |||
| 286 | 286 | ||
| 287 | s->options = ctx->options; | 287 | s->options = ctx->options; |
| 288 | s->mode = ctx->mode; | 288 | s->mode = ctx->mode; |
| 289 | s->max_cert_list = ctx->max_cert_list; | 289 | s->max_cert_list = ctx->internal->max_cert_list; |
| 290 | 290 | ||
| 291 | if (ctx->cert != NULL) { | 291 | if (ctx->internal->cert != NULL) { |
| 292 | /* | 292 | /* |
| 293 | * Earlier library versions used to copy the pointer to | 293 | * Earlier library versions used to copy the pointer to |
| 294 | * the CERT, not its contents; only when setting new | 294 | * the CERT, not its contents; only when setting new |
| @@ -300,13 +300,13 @@ SSL_new(SSL_CTX *ctx) | |||
| 300 | * Now we don't look at the SSL_CTX's CERT after having | 300 | * Now we don't look at the SSL_CTX's CERT after having |
| 301 | * duplicated it once. | 301 | * duplicated it once. |
| 302 | */ | 302 | */ |
| 303 | s->cert = ssl_cert_dup(ctx->cert); | 303 | s->cert = ssl_cert_dup(ctx->internal->cert); |
| 304 | if (s->cert == NULL) | 304 | if (s->cert == NULL) |
| 305 | goto err; | 305 | goto err; |
| 306 | } else | 306 | } else |
| 307 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ | 307 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ |
| 308 | 308 | ||
| 309 | s->read_ahead = ctx->read_ahead; | 309 | s->read_ahead = ctx->internal->read_ahead; |
| 310 | s->internal->msg_callback = ctx->internal->msg_callback; | 310 | s->internal->msg_callback = ctx->internal->msg_callback; |
| 311 | s->internal->msg_callback_arg = ctx->internal->msg_callback_arg; | 311 | s->internal->msg_callback_arg = ctx->internal->msg_callback_arg; |
| 312 | s->verify_mode = ctx->verify_mode; | 312 | s->verify_mode = ctx->verify_mode; |
| @@ -320,8 +320,8 @@ SSL_new(SSL_CTX *ctx) | |||
| 320 | if (!s->param) | 320 | if (!s->param) |
| 321 | goto err; | 321 | goto err; |
| 322 | X509_VERIFY_PARAM_inherit(s->param, ctx->param); | 322 | X509_VERIFY_PARAM_inherit(s->param, ctx->param); |
| 323 | s->quiet_shutdown = ctx->quiet_shutdown; | 323 | s->quiet_shutdown = ctx->internal->quiet_shutdown; |
| 324 | s->max_send_fragment = ctx->max_send_fragment; | 324 | s->max_send_fragment = ctx->internal->max_send_fragment; |
| 325 | 325 | ||
| 326 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); | 326 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 327 | s->ctx = ctx; | 327 | s->ctx = ctx; |
| @@ -441,7 +441,7 @@ SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 441 | memcpy(r.session_id, id, id_len); | 441 | memcpy(r.session_id, id, id_len); |
| 442 | 442 | ||
| 443 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 443 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 444 | p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); | 444 | p = lh_SSL_SESSION_retrieve(ssl->ctx->internal->sessions, &r); |
| 445 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 445 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 446 | return (p != NULL); | 446 | return (p != NULL); |
| 447 | } | 447 | } |
| @@ -876,19 +876,19 @@ SSL_copy_session_id(SSL *t, const SSL *f) | |||
| 876 | int | 876 | int |
| 877 | SSL_CTX_check_private_key(const SSL_CTX *ctx) | 877 | SSL_CTX_check_private_key(const SSL_CTX *ctx) |
| 878 | { | 878 | { |
| 879 | if ((ctx == NULL) || (ctx->cert == NULL) || | 879 | if ((ctx == NULL) || (ctx->internal->cert == NULL) || |
| 880 | (ctx->cert->key->x509 == NULL)) { | 880 | (ctx->internal->cert->key->x509 == NULL)) { |
| 881 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, | 881 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, |
| 882 | SSL_R_NO_CERTIFICATE_ASSIGNED); | 882 | SSL_R_NO_CERTIFICATE_ASSIGNED); |
| 883 | return (0); | 883 | return (0); |
| 884 | } | 884 | } |
| 885 | if (ctx->cert->key->privatekey == NULL) { | 885 | if (ctx->internal->cert->key->privatekey == NULL) { |
| 886 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, | 886 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, |
| 887 | SSL_R_NO_PRIVATE_KEY_ASSIGNED); | 887 | SSL_R_NO_PRIVATE_KEY_ASSIGNED); |
| 888 | return (0); | 888 | return (0); |
| 889 | } | 889 | } |
| 890 | return (X509_check_private_key(ctx->cert->key->x509, | 890 | return (X509_check_private_key(ctx->internal->cert->key->x509, |
| 891 | ctx->cert->key->privatekey)); | 891 | ctx->internal->cert->key->privatekey)); |
| 892 | } | 892 | } |
| 893 | 893 | ||
| 894 | /* Fix this function so that it takes an optional type parameter */ | 894 | /* Fix this function so that it takes an optional type parameter */ |
| @@ -1114,7 +1114,7 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | |||
| 1114 | struct lhash_st_SSL_SESSION * | 1114 | struct lhash_st_SSL_SESSION * |
| 1115 | SSL_CTX_sessions(SSL_CTX *ctx) | 1115 | SSL_CTX_sessions(SSL_CTX *ctx) |
| 1116 | { | 1116 | { |
| 1117 | return (ctx->sessions); | 1117 | return (ctx->internal->sessions); |
| 1118 | } | 1118 | } |
| 1119 | 1119 | ||
| 1120 | long | 1120 | long |
| @@ -1124,10 +1124,10 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | |||
| 1124 | 1124 | ||
| 1125 | switch (cmd) { | 1125 | switch (cmd) { |
| 1126 | case SSL_CTRL_GET_READ_AHEAD: | 1126 | case SSL_CTRL_GET_READ_AHEAD: |
| 1127 | return (ctx->read_ahead); | 1127 | return (ctx->internal->read_ahead); |
| 1128 | case SSL_CTRL_SET_READ_AHEAD: | 1128 | case SSL_CTRL_SET_READ_AHEAD: |
| 1129 | l = ctx->read_ahead; | 1129 | l = ctx->internal->read_ahead; |
| 1130 | ctx->read_ahead = larg; | 1130 | ctx->internal->read_ahead = larg; |
| 1131 | return (l); | 1131 | return (l); |
| 1132 | 1132 | ||
| 1133 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | 1133 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: |
| @@ -1135,27 +1135,27 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | |||
| 1135 | return (1); | 1135 | return (1); |
| 1136 | 1136 | ||
| 1137 | case SSL_CTRL_GET_MAX_CERT_LIST: | 1137 | case SSL_CTRL_GET_MAX_CERT_LIST: |
| 1138 | return (ctx->max_cert_list); | 1138 | return (ctx->internal->max_cert_list); |
| 1139 | case SSL_CTRL_SET_MAX_CERT_LIST: | 1139 | case SSL_CTRL_SET_MAX_CERT_LIST: |
| 1140 | l = ctx->max_cert_list; | 1140 | l = ctx->internal->max_cert_list; |
| 1141 | ctx->max_cert_list = larg; | 1141 | ctx->internal->max_cert_list = larg; |
| 1142 | return (l); | 1142 | return (l); |
| 1143 | 1143 | ||
| 1144 | case SSL_CTRL_SET_SESS_CACHE_SIZE: | 1144 | case SSL_CTRL_SET_SESS_CACHE_SIZE: |
| 1145 | l = ctx->session_cache_size; | 1145 | l = ctx->internal->session_cache_size; |
| 1146 | ctx->session_cache_size = larg; | 1146 | ctx->internal->session_cache_size = larg; |
| 1147 | return (l); | 1147 | return (l); |
| 1148 | case SSL_CTRL_GET_SESS_CACHE_SIZE: | 1148 | case SSL_CTRL_GET_SESS_CACHE_SIZE: |
| 1149 | return (ctx->session_cache_size); | 1149 | return (ctx->internal->session_cache_size); |
| 1150 | case SSL_CTRL_SET_SESS_CACHE_MODE: | 1150 | case SSL_CTRL_SET_SESS_CACHE_MODE: |
| 1151 | l = ctx->session_cache_mode; | 1151 | l = ctx->internal->session_cache_mode; |
| 1152 | ctx->session_cache_mode = larg; | 1152 | ctx->internal->session_cache_mode = larg; |
| 1153 | return (l); | 1153 | return (l); |
| 1154 | case SSL_CTRL_GET_SESS_CACHE_MODE: | 1154 | case SSL_CTRL_GET_SESS_CACHE_MODE: |
| 1155 | return (ctx->session_cache_mode); | 1155 | return (ctx->internal->session_cache_mode); |
| 1156 | 1156 | ||
| 1157 | case SSL_CTRL_SESS_NUMBER: | 1157 | case SSL_CTRL_SESS_NUMBER: |
| 1158 | return (lh_SSL_SESSION_num_items(ctx->sessions)); | 1158 | return (lh_SSL_SESSION_num_items(ctx->internal->sessions)); |
| 1159 | case SSL_CTRL_SESS_CONNECT: | 1159 | case SSL_CTRL_SESS_CONNECT: |
| 1160 | return (ctx->internal->stats.sess_connect); | 1160 | return (ctx->internal->stats.sess_connect); |
| 1161 | case SSL_CTRL_SESS_CONNECT_GOOD: | 1161 | case SSL_CTRL_SESS_CONNECT_GOOD: |
| @@ -1189,7 +1189,7 @@ SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | |||
| 1189 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | 1189 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: |
| 1190 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | 1190 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) |
| 1191 | return (0); | 1191 | return (0); |
| 1192 | ctx->max_send_fragment = larg; | 1192 | ctx->internal->max_send_fragment = larg; |
| 1193 | return (1); | 1193 | return (1); |
| 1194 | default: | 1194 | default: |
| 1195 | return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); | 1195 | return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); |
| @@ -1264,8 +1264,8 @@ ssl_get_ciphers_by_id(SSL *s) | |||
| 1264 | if (s->cipher_list_by_id != NULL) { | 1264 | if (s->cipher_list_by_id != NULL) { |
| 1265 | return (s->cipher_list_by_id); | 1265 | return (s->cipher_list_by_id); |
| 1266 | } else if ((s->ctx != NULL) && | 1266 | } else if ((s->ctx != NULL) && |
| 1267 | (s->ctx->cipher_list_by_id != NULL)) { | 1267 | (s->ctx->internal->cipher_list_by_id != NULL)) { |
| 1268 | return (s->ctx->cipher_list_by_id); | 1268 | return (s->ctx->internal->cipher_list_by_id); |
| 1269 | } | 1269 | } |
| 1270 | } | 1270 | } |
| 1271 | return (NULL); | 1271 | return (NULL); |
| @@ -1296,14 +1296,14 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | |||
| 1296 | STACK_OF(SSL_CIPHER) *sk; | 1296 | STACK_OF(SSL_CIPHER) *sk; |
| 1297 | 1297 | ||
| 1298 | sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, | 1298 | sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, |
| 1299 | &ctx->cipher_list_by_id, str); | 1299 | &ctx->internal->cipher_list_by_id, str); |
| 1300 | /* | 1300 | /* |
| 1301 | * ssl_create_cipher_list may return an empty stack if it | 1301 | * ssl_create_cipher_list may return an empty stack if it |
| 1302 | * was unable to find a cipher matching the given rule string | 1302 | * was unable to find a cipher matching the given rule string |
| 1303 | * (for example if the rule string specifies a cipher which | 1303 | * (for example if the rule string specifies a cipher which |
| 1304 | * has been disabled). This is not an error as far as | 1304 | * has been disabled). This is not an error as far as |
| 1305 | * ssl_create_cipher_list is concerned, and hence | 1305 | * ssl_create_cipher_list is concerned, and hence |
| 1306 | * ctx->cipher_list and ctx->cipher_list_by_id has been | 1306 | * ctx->cipher_list and ctx->internal->cipher_list_by_id has been |
| 1307 | * updated. | 1307 | * updated. |
| 1308 | */ | 1308 | */ |
| 1309 | if (sk == NULL) | 1309 | if (sk == NULL) |
| @@ -1823,10 +1823,10 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1823 | ret->method = meth; | 1823 | ret->method = meth; |
| 1824 | 1824 | ||
| 1825 | ret->cert_store = NULL; | 1825 | ret->cert_store = NULL; |
| 1826 | ret->session_cache_mode = SSL_SESS_CACHE_SERVER; | 1826 | ret->internal->session_cache_mode = SSL_SESS_CACHE_SERVER; |
| 1827 | ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; | 1827 | ret->internal->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; |
| 1828 | ret->session_cache_head = NULL; | 1828 | ret->internal->session_cache_head = NULL; |
| 1829 | ret->session_cache_tail = NULL; | 1829 | ret->internal->session_cache_tail = NULL; |
| 1830 | 1830 | ||
| 1831 | /* We take the system default */ | 1831 | /* We take the system default */ |
| 1832 | ret->session_timeout = meth->get_timeout(); | 1832 | ret->session_timeout = meth->get_timeout(); |
| @@ -1839,21 +1839,21 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1839 | memset((char *)&ret->internal->stats, 0, sizeof(ret->internal->stats)); | 1839 | memset((char *)&ret->internal->stats, 0, sizeof(ret->internal->stats)); |
| 1840 | 1840 | ||
| 1841 | ret->references = 1; | 1841 | ret->references = 1; |
| 1842 | ret->quiet_shutdown = 0; | 1842 | ret->internal->quiet_shutdown = 0; |
| 1843 | 1843 | ||
| 1844 | ret->internal->info_callback = NULL; | 1844 | ret->internal->info_callback = NULL; |
| 1845 | 1845 | ||
| 1846 | ret->internal->app_verify_callback = 0; | 1846 | ret->internal->app_verify_callback = 0; |
| 1847 | ret->internal->app_verify_arg = NULL; | 1847 | ret->internal->app_verify_arg = NULL; |
| 1848 | 1848 | ||
| 1849 | ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; | 1849 | ret->internal->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; |
| 1850 | ret->read_ahead = 0; | 1850 | ret->internal->read_ahead = 0; |
| 1851 | ret->internal->msg_callback = 0; | 1851 | ret->internal->msg_callback = 0; |
| 1852 | ret->internal->msg_callback_arg = NULL; | 1852 | ret->internal->msg_callback_arg = NULL; |
| 1853 | ret->verify_mode = SSL_VERIFY_NONE; | 1853 | ret->verify_mode = SSL_VERIFY_NONE; |
| 1854 | ret->sid_ctx_length = 0; | 1854 | ret->sid_ctx_length = 0; |
| 1855 | ret->internal->default_verify_callback = NULL; | 1855 | ret->internal->default_verify_callback = NULL; |
| 1856 | if ((ret->cert = ssl_cert_new()) == NULL) | 1856 | if ((ret->internal->cert = ssl_cert_new()) == NULL) |
| 1857 | goto err; | 1857 | goto err; |
| 1858 | 1858 | ||
| 1859 | ret->internal->default_passwd_callback = 0; | 1859 | ret->internal->default_passwd_callback = 0; |
| @@ -1862,15 +1862,15 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1862 | ret->internal->app_gen_cookie_cb = 0; | 1862 | ret->internal->app_gen_cookie_cb = 0; |
| 1863 | ret->internal->app_verify_cookie_cb = 0; | 1863 | ret->internal->app_verify_cookie_cb = 0; |
| 1864 | 1864 | ||
| 1865 | ret->sessions = lh_SSL_SESSION_new(); | 1865 | ret->internal->sessions = lh_SSL_SESSION_new(); |
| 1866 | if (ret->sessions == NULL) | 1866 | if (ret->internal->sessions == NULL) |
| 1867 | goto err; | 1867 | goto err; |
| 1868 | ret->cert_store = X509_STORE_new(); | 1868 | ret->cert_store = X509_STORE_new(); |
| 1869 | if (ret->cert_store == NULL) | 1869 | if (ret->cert_store == NULL) |
| 1870 | goto err; | 1870 | goto err; |
| 1871 | 1871 | ||
| 1872 | ssl_create_cipher_list(ret->method, &ret->cipher_list, | 1872 | ssl_create_cipher_list(ret->method, &ret->cipher_list, |
| 1873 | &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); | 1873 | &ret->internal->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); |
| 1874 | if (ret->cipher_list == NULL || | 1874 | if (ret->cipher_list == NULL || |
| 1875 | sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { | 1875 | sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { |
| 1876 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); | 1876 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); |
| @@ -1881,41 +1881,42 @@ SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1881 | if (!ret->param) | 1881 | if (!ret->param) |
| 1882 | goto err; | 1882 | goto err; |
| 1883 | 1883 | ||
| 1884 | if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { | 1884 | if ((ret->internal->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { |
| 1885 | SSLerr(SSL_F_SSL_CTX_NEW, | 1885 | SSLerr(SSL_F_SSL_CTX_NEW, |
| 1886 | SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); | 1886 | SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); |
| 1887 | goto err2; | 1887 | goto err2; |
| 1888 | } | 1888 | } |
| 1889 | if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { | 1889 | if ((ret->internal->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { |
| 1890 | SSLerr(SSL_F_SSL_CTX_NEW, | 1890 | SSLerr(SSL_F_SSL_CTX_NEW, |
| 1891 | SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); | 1891 | SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); |
| 1892 | goto err2; | 1892 | goto err2; |
| 1893 | } | 1893 | } |
| 1894 | 1894 | ||
| 1895 | if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) | 1895 | if ((ret->internal->client_CA = sk_X509_NAME_new_null()) == NULL) |
| 1896 | goto err; | 1896 | goto err; |
| 1897 | 1897 | ||
| 1898 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); | 1898 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->internal->ex_data); |
| 1899 | 1899 | ||
| 1900 | ret->extra_certs = NULL; | 1900 | ret->extra_certs = NULL; |
| 1901 | 1901 | ||
| 1902 | ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; | 1902 | ret->internal->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; |
| 1903 | 1903 | ||
| 1904 | ret->internal->tlsext_servername_callback = 0; | 1904 | ret->internal->tlsext_servername_callback = 0; |
| 1905 | ret->internal->tlsext_servername_arg = NULL; | 1905 | ret->internal->tlsext_servername_arg = NULL; |
| 1906 | 1906 | ||
| 1907 | /* Setup RFC4507 ticket keys */ | 1907 | /* Setup RFC4507 ticket keys */ |
| 1908 | arc4random_buf(ret->tlsext_tick_key_name, 16); | 1908 | arc4random_buf(ret->internal->tlsext_tick_key_name, 16); |
| 1909 | arc4random_buf(ret->tlsext_tick_hmac_key, 16); | 1909 | arc4random_buf(ret->internal->tlsext_tick_hmac_key, 16); |
| 1910 | arc4random_buf(ret->tlsext_tick_aes_key, 16); | 1910 | arc4random_buf(ret->internal->tlsext_tick_aes_key, 16); |
| 1911 | 1911 | ||
| 1912 | ret->internal->tlsext_status_cb = 0; | 1912 | ret->internal->tlsext_status_cb = 0; |
| 1913 | ret->internal->tlsext_status_arg = NULL; | 1913 | ret->internal->tlsext_status_arg = NULL; |
| 1914 | 1914 | ||
| 1915 | ret->internal->next_protos_advertised_cb = 0; | 1915 | ret->internal->next_protos_advertised_cb = 0; |
| 1916 | ret->internal->next_proto_select_cb = 0; | 1916 | ret->internal->next_proto_select_cb = 0; |
| 1917 | |||
| 1917 | #ifndef OPENSSL_NO_ENGINE | 1918 | #ifndef OPENSSL_NO_ENGINE |
| 1918 | ret->client_cert_engine = NULL; | 1919 | ret->internal->client_cert_engine = NULL; |
| 1919 | #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO | 1920 | #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO |
| 1920 | #define eng_strx(x) #x | 1921 | #define eng_strx(x) #x |
| 1921 | #define eng_str(x) eng_strx(x) | 1922 | #define eng_str(x) eng_strx(x) |
| @@ -1972,35 +1973,35 @@ SSL_CTX_free(SSL_CTX *a) | |||
| 1972 | * free ex_data, then finally free the cache. | 1973 | * free ex_data, then finally free the cache. |
| 1973 | * (See ticket [openssl.org #212].) | 1974 | * (See ticket [openssl.org #212].) |
| 1974 | */ | 1975 | */ |
| 1975 | if (a->sessions != NULL) | 1976 | if (a->internal->sessions != NULL) |
| 1976 | SSL_CTX_flush_sessions(a, 0); | 1977 | SSL_CTX_flush_sessions(a, 0); |
| 1977 | 1978 | ||
| 1978 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | 1979 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->internal->ex_data); |
| 1979 | 1980 | ||
| 1980 | if (a->sessions != NULL) | 1981 | if (a->internal->sessions != NULL) |
| 1981 | lh_SSL_SESSION_free(a->sessions); | 1982 | lh_SSL_SESSION_free(a->internal->sessions); |
| 1982 | 1983 | ||
| 1983 | if (a->cert_store != NULL) | 1984 | if (a->cert_store != NULL) |
| 1984 | X509_STORE_free(a->cert_store); | 1985 | X509_STORE_free(a->cert_store); |
| 1985 | if (a->cipher_list != NULL) | 1986 | if (a->cipher_list != NULL) |
| 1986 | sk_SSL_CIPHER_free(a->cipher_list); | 1987 | sk_SSL_CIPHER_free(a->cipher_list); |
| 1987 | if (a->cipher_list_by_id != NULL) | 1988 | if (a->internal->cipher_list_by_id != NULL) |
| 1988 | sk_SSL_CIPHER_free(a->cipher_list_by_id); | 1989 | sk_SSL_CIPHER_free(a->internal->cipher_list_by_id); |
| 1989 | if (a->cert != NULL) | 1990 | if (a->internal->cert != NULL) |
| 1990 | ssl_cert_free(a->cert); | 1991 | ssl_cert_free(a->internal->cert); |
| 1991 | if (a->client_CA != NULL) | 1992 | if (a->internal->client_CA != NULL) |
| 1992 | sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); | 1993 | sk_X509_NAME_pop_free(a->internal->client_CA, X509_NAME_free); |
| 1993 | if (a->extra_certs != NULL) | 1994 | if (a->extra_certs != NULL) |
| 1994 | sk_X509_pop_free(a->extra_certs, X509_free); | 1995 | sk_X509_pop_free(a->extra_certs, X509_free); |
| 1995 | 1996 | ||
| 1996 | #ifndef OPENSSL_NO_SRTP | 1997 | #ifndef OPENSSL_NO_SRTP |
| 1997 | if (a->srtp_profiles) | 1998 | if (a->internal->srtp_profiles) |
| 1998 | sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); | 1999 | sk_SRTP_PROTECTION_PROFILE_free(a->internal->srtp_profiles); |
| 1999 | #endif | 2000 | #endif |
| 2000 | 2001 | ||
| 2001 | #ifndef OPENSSL_NO_ENGINE | 2002 | #ifndef OPENSSL_NO_ENGINE |
| 2002 | if (a->client_cert_engine) | 2003 | if (a->internal->client_cert_engine) |
| 2003 | ENGINE_finish(a->client_cert_engine); | 2004 | ENGINE_finish(a->internal->client_cert_engine); |
| 2004 | #endif | 2005 | #endif |
| 2005 | 2006 | ||
| 2006 | free(a->internal->alpn_client_proto_list); | 2007 | free(a->internal->alpn_client_proto_list); |
| @@ -2272,7 +2273,7 @@ ssl_update_cache(SSL *s, int mode) | |||
| 2272 | if (s->session->session_id_length == 0) | 2273 | if (s->session->session_id_length == 0) |
| 2273 | return; | 2274 | return; |
| 2274 | 2275 | ||
| 2275 | i = s->session_ctx->session_cache_mode; | 2276 | i = s->session_ctx->internal->session_cache_mode; |
| 2276 | if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) | 2277 | if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) |
| 2277 | || SSL_CTX_add_session(s->session_ctx, s->session)) | 2278 | || SSL_CTX_add_session(s->session_ctx, s->session)) |
| 2278 | && (s->session_ctx->internal->new_session_cb != NULL)) { | 2279 | && (s->session_ctx->internal->new_session_cb != NULL)) { |
| @@ -2839,13 +2840,13 @@ ssl_free_wbio_buffer(SSL *s) | |||
| 2839 | void | 2840 | void |
| 2840 | SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) | 2841 | SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) |
| 2841 | { | 2842 | { |
| 2842 | ctx->quiet_shutdown = mode; | 2843 | ctx->internal->quiet_shutdown = mode; |
| 2843 | } | 2844 | } |
| 2844 | 2845 | ||
| 2845 | int | 2846 | int |
| 2846 | SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) | 2847 | SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) |
| 2847 | { | 2848 | { |
| 2848 | return (ctx->quiet_shutdown); | 2849 | return (ctx->internal->quiet_shutdown); |
| 2849 | } | 2850 | } |
| 2850 | 2851 | ||
| 2851 | void | 2852 | void |
| @@ -2893,7 +2894,7 @@ SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | |||
| 2893 | return (ssl->ctx); | 2894 | return (ssl->ctx); |
| 2894 | if (ctx == NULL) | 2895 | if (ctx == NULL) |
| 2895 | ctx = ssl->initial_ctx; | 2896 | ctx = ssl->initial_ctx; |
| 2896 | ssl->cert = ssl_cert_dup(ctx->cert); | 2897 | ssl->cert = ssl_cert_dup(ctx->internal->cert); |
| 2897 | if (ocert != NULL) { | 2898 | if (ocert != NULL) { |
| 2898 | int i; | 2899 | int i; |
| 2899 | /* Copy negotiated digests from original certificate. */ | 2900 | /* Copy negotiated digests from original certificate. */ |
| @@ -2992,13 +2993,13 @@ SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | |||
| 2992 | int | 2993 | int |
| 2993 | SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) | 2994 | SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) |
| 2994 | { | 2995 | { |
| 2995 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); | 2996 | return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); |
| 2996 | } | 2997 | } |
| 2997 | 2998 | ||
| 2998 | void * | 2999 | void * |
| 2999 | SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) | 3000 | SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) |
| 3000 | { | 3001 | { |
| 3001 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); | 3002 | return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); |
| 3002 | } | 3003 | } |
| 3003 | 3004 | ||
| 3004 | int | 3005 | int |