diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_asn1.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 8 |
8 files changed, 37 insertions, 37 deletions
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 2af6834d88..70a50acc5c 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_asn1.c,v 1.60 2021/10/23 08:13:02 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_asn1.c,v 1.61 2022/01/11 18:39:28 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -113,8 +113,8 @@ SSL_SESSION_encode(SSL_SESSION *s, unsigned char **out, size_t *out_len, | |||
| 113 | } | 113 | } |
| 114 | 114 | ||
| 115 | /* Peer certificate [3]. */ | 115 | /* Peer certificate [3]. */ |
| 116 | if (s->peer != NULL) { | 116 | if (s->peer_cert != NULL) { |
| 117 | if ((len = i2d_X509(s->peer, &peer_cert_bytes)) <= 0) | 117 | if ((len = i2d_X509(s->peer_cert, &peer_cert_bytes)) <= 0) |
| 118 | goto err; | 118 | goto err; |
| 119 | if (!CBB_add_asn1(&session, &peer_cert, SSLASN1_PEER_CERT_TAG)) | 119 | if (!CBB_add_asn1(&session, &peer_cert, SSLASN1_PEER_CERT_TAG)) |
| 120 | goto err; | 120 | goto err; |
| @@ -332,8 +332,8 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) | |||
| 332 | s->timeout = (long)timeout; | 332 | s->timeout = (long)timeout; |
| 333 | 333 | ||
| 334 | /* Peer certificate [3]. */ | 334 | /* Peer certificate [3]. */ |
| 335 | X509_free(s->peer); | 335 | X509_free(s->peer_cert); |
| 336 | s->peer = NULL; | 336 | s->peer_cert = NULL; |
| 337 | if (!CBS_get_optional_asn1(&session, &peer_cert, &present, | 337 | if (!CBS_get_optional_asn1(&session, &peer_cert, &present, |
| 338 | SSLASN1_PEER_CERT_TAG)) | 338 | SSLASN1_PEER_CERT_TAG)) |
| 339 | goto err; | 339 | goto err; |
| @@ -342,7 +342,7 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) | |||
| 342 | if (data_len > LONG_MAX) | 342 | if (data_len > LONG_MAX) |
| 343 | goto err; | 343 | goto err; |
| 344 | peer_cert_bytes = CBS_data(&peer_cert); | 344 | peer_cert_bytes = CBS_data(&peer_cert); |
| 345 | if (d2i_X509(&s->peer, &peer_cert_bytes, | 345 | if (d2i_X509(&s->peer_cert, &peer_cert_bytes, |
| 346 | (long)data_len) == NULL) | 346 | (long)data_len) == NULL) |
| 347 | goto err; | 347 | goto err; |
| 348 | } | 348 | } |
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 981161290f..8b5ccd480a 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.135 2022/01/11 18:28:41 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.136 2022/01/11 18:39:28 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1187,8 +1187,8 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1187 | s->session->peer_key = &s->session->peer_pkeys[i]; | 1187 | s->session->peer_key = &s->session->peer_pkeys[i]; |
| 1188 | 1188 | ||
| 1189 | X509_up_ref(x); | 1189 | X509_up_ref(x); |
| 1190 | X509_free(s->session->peer); | 1190 | X509_free(s->session->peer_cert); |
| 1191 | s->session->peer = x; | 1191 | s->session->peer_cert = x; |
| 1192 | 1192 | ||
| 1193 | s->session->verify_result = s->verify_result; | 1193 | s->session->verify_result = s->verify_result; |
| 1194 | 1194 | ||
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index bfa312207d..a90490ff55 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.284 2022/01/09 15:53:52 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.285 2022/01/11 18:39:28 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -870,7 +870,7 @@ SSL_get_peer_certificate(const SSL *s) | |||
| 870 | if ((s == NULL) || (s->session == NULL)) | 870 | if ((s == NULL) || (s->session == NULL)) |
| 871 | r = NULL; | 871 | r = NULL; |
| 872 | else | 872 | else |
| 873 | r = s->session->peer; | 873 | r = s->session->peer_cert; |
| 874 | 874 | ||
| 875 | if (r == NULL) | 875 | if (r == NULL) |
| 876 | return (r); | 876 | return (r); |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 0eca4e673d..36823d6462 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.381 2022/01/11 18:28:41 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.382 2022/01/11 18:39:28 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -476,7 +476,7 @@ struct ssl_session_st { | |||
| 476 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | 476 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; |
| 477 | 477 | ||
| 478 | /* This is the cert for the other end. */ | 478 | /* This is the cert for the other end. */ |
| 479 | X509 *peer; | 479 | X509 *peer_cert; |
| 480 | 480 | ||
| 481 | /* when app_verify_callback accepts a session where the peer's certificate | 481 | /* when app_verify_callback accepts a session where the peer's certificate |
| 482 | * is not ok, we must remember the error for session reuse: */ | 482 | * is not ok, we must remember the error for session reuse: */ |
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 8d0f0b928c..a49076be74 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.107 2022/01/08 12:59:59 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.108 2022/01/11 18:39:28 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -766,7 +766,7 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 766 | for (i = 0; i < SSL_PKEY_NUM; i++) | 766 | for (i = 0; i < SSL_PKEY_NUM; i++) |
| 767 | X509_free(ss->peer_pkeys[i].x509); | 767 | X509_free(ss->peer_pkeys[i].x509); |
| 768 | 768 | ||
| 769 | X509_free(ss->peer); | 769 | X509_free(ss->peer_cert); |
| 770 | 770 | ||
| 771 | sk_SSL_CIPHER_free(ss->ciphers); | 771 | sk_SSL_CIPHER_free(ss->ciphers); |
| 772 | 772 | ||
| @@ -881,7 +881,7 @@ SSL_SESSION_get0_cipher(const SSL_SESSION *s) | |||
| 881 | X509 * | 881 | X509 * |
| 882 | SSL_SESSION_get0_peer(SSL_SESSION *s) | 882 | SSL_SESSION_get0_peer(SSL_SESSION *s) |
| 883 | { | 883 | { |
| 884 | return s->peer; | 884 | return s->peer_cert; |
| 885 | } | 885 | } |
| 886 | 886 | ||
| 887 | int | 887 | int |
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index dd622c2831..786362ea02 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.138 2022/01/11 18:28:41 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.139 2022/01/11 18:39:28 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -453,7 +453,7 @@ ssl3_accept(SSL *s) | |||
| 453 | * s3_clnt.c accepts this for SSL 3). | 453 | * s3_clnt.c accepts this for SSL 3). |
| 454 | */ | 454 | */ |
| 455 | if (!(s->verify_mode & SSL_VERIFY_PEER) || | 455 | if (!(s->verify_mode & SSL_VERIFY_PEER) || |
| 456 | ((s->session->peer != NULL) && | 456 | ((s->session->peer_cert != NULL) && |
| 457 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | 457 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || |
| 458 | ((S3I(s)->hs.cipher->algorithm_auth & | 458 | ((S3I(s)->hs.cipher->algorithm_auth & |
| 459 | SSL_aNULL) && !(s->verify_mode & | 459 | SSL_aNULL) && !(s->verify_mode & |
| @@ -550,7 +550,7 @@ ssl3_accept(SSL *s) | |||
| 550 | } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { | 550 | } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { |
| 551 | S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; | 551 | S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; |
| 552 | s->internal->init_num = 0; | 552 | s->internal->init_num = 0; |
| 553 | if (!s->session->peer) | 553 | if (!s->session->peer_cert) |
| 554 | break; | 554 | break; |
| 555 | /* | 555 | /* |
| 556 | * Freeze the transcript for use during client | 556 | * Freeze the transcript for use during client |
| @@ -1807,7 +1807,7 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs) | |||
| 1807 | * it is completely valid to use a client certificate for | 1807 | * it is completely valid to use a client certificate for |
| 1808 | * authorization only. | 1808 | * authorization only. |
| 1809 | */ | 1809 | */ |
| 1810 | if ((client_pubkey = X509_get0_pubkey(s->session->peer)) != NULL) { | 1810 | if ((client_pubkey = X509_get0_pubkey(s->session->peer_cert)) != NULL) { |
| 1811 | if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0) | 1811 | if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0) |
| 1812 | ERR_clear_error(); | 1812 | ERR_clear_error(); |
| 1813 | } | 1813 | } |
| @@ -1906,7 +1906,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 1906 | const struct ssl_sigalg *sigalg = NULL; | 1906 | const struct ssl_sigalg *sigalg = NULL; |
| 1907 | uint16_t sigalg_value = SIGALG_NONE; | 1907 | uint16_t sigalg_value = SIGALG_NONE; |
| 1908 | EVP_PKEY *pkey = NULL; | 1908 | EVP_PKEY *pkey = NULL; |
| 1909 | X509 *peer = NULL; | 1909 | X509 *peer_cert = NULL; |
| 1910 | EVP_MD_CTX *mctx = NULL; | 1910 | EVP_MD_CTX *mctx = NULL; |
| 1911 | int al, verify; | 1911 | int al, verify; |
| 1912 | const unsigned char *hdata; | 1912 | const unsigned char *hdata; |
| @@ -1928,15 +1928,15 @@ ssl3_get_cert_verify(SSL *s) | |||
| 1928 | 1928 | ||
| 1929 | CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); | 1929 | CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); |
| 1930 | 1930 | ||
| 1931 | if (s->session->peer != NULL) { | 1931 | if (s->session->peer_cert != NULL) { |
| 1932 | peer = s->session->peer; | 1932 | peer_cert = s->session->peer_cert; |
| 1933 | pkey = X509_get_pubkey(peer); | 1933 | pkey = X509_get_pubkey(peer_cert); |
| 1934 | type = X509_certificate_type(peer, pkey); | 1934 | type = X509_certificate_type(peer_cert, pkey); |
| 1935 | } | 1935 | } |
| 1936 | 1936 | ||
| 1937 | if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { | 1937 | if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { |
| 1938 | S3I(s)->hs.tls12.reuse_message = 1; | 1938 | S3I(s)->hs.tls12.reuse_message = 1; |
| 1939 | if (peer != NULL) { | 1939 | if (peer_cert != NULL) { |
| 1940 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1940 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1941 | SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); | 1941 | SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); |
| 1942 | goto fatal_err; | 1942 | goto fatal_err; |
| @@ -1945,7 +1945,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 1945 | goto end; | 1945 | goto end; |
| 1946 | } | 1946 | } |
| 1947 | 1947 | ||
| 1948 | if (peer == NULL) { | 1948 | if (peer_cert == NULL) { |
| 1949 | SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED); | 1949 | SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED); |
| 1950 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1950 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1951 | goto fatal_err; | 1951 | goto fatal_err; |
| @@ -2240,8 +2240,8 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2240 | } | 2240 | } |
| 2241 | } | 2241 | } |
| 2242 | 2242 | ||
| 2243 | X509_free(s->session->peer); | 2243 | X509_free(s->session->peer_cert); |
| 2244 | s->session->peer = sk_X509_shift(sk); | 2244 | s->session->peer_cert = sk_X509_shift(sk); |
| 2245 | 2245 | ||
| 2246 | /* | 2246 | /* |
| 2247 | * Inconsistency alert: cert_chain does *not* include the | 2247 | * Inconsistency alert: cert_chain does *not* include the |
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index d961f98bef..3e168a0b54 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.91 2022/01/08 12:59:59 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.92 2022/01/11 18:39:28 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -638,8 +638,8 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 638 | s->session->peer_key = &s->session->peer_pkeys[cert_idx]; | 638 | s->session->peer_key = &s->session->peer_pkeys[cert_idx]; |
| 639 | 639 | ||
| 640 | X509_up_ref(cert); | 640 | X509_up_ref(cert); |
| 641 | X509_free(s->session->peer); | 641 | X509_free(s->session->peer_cert); |
| 642 | s->session->peer = cert; | 642 | s->session->peer_cert = cert; |
| 643 | 643 | ||
| 644 | s->session->verify_result = s->verify_result; | 644 | s->session->verify_result = s->verify_result; |
| 645 | 645 | ||
| @@ -694,7 +694,7 @@ tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 694 | if (!CBB_finish(&cbb, &sig_content, &sig_content_len)) | 694 | if (!CBB_finish(&cbb, &sig_content, &sig_content_len)) |
| 695 | goto err; | 695 | goto err; |
| 696 | 696 | ||
| 697 | if ((cert = ctx->ssl->session->peer) == NULL) | 697 | if ((cert = ctx->ssl->session->peer_cert) == NULL) |
| 698 | goto err; | 698 | goto err; |
| 699 | if ((pkey = X509_get0_pubkey(cert)) == NULL) | 699 | if ((pkey = X509_get0_pubkey(cert)) == NULL) |
| 700 | goto err; | 700 | goto err; |
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index e31ae38076..3330023430 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.93 2022/01/08 12:59:59 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_server.c,v 1.94 2022/01/11 18:39:28 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| @@ -931,8 +931,8 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 931 | s->session->peer_key = &s->session->peer_pkeys[cert_idx]; | 931 | s->session->peer_key = &s->session->peer_pkeys[cert_idx]; |
| 932 | 932 | ||
| 933 | X509_up_ref(cert); | 933 | X509_up_ref(cert); |
| 934 | X509_free(s->session->peer); | 934 | X509_free(s->session->peer_cert); |
| 935 | s->session->peer = cert; | 935 | s->session->peer_cert = cert; |
| 936 | 936 | ||
| 937 | s->session->verify_result = s->verify_result; | 937 | s->session->verify_result = s->verify_result; |
| 938 | 938 | ||
| @@ -984,7 +984,7 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 984 | if (!CBB_finish(&cbb, &sig_content, &sig_content_len)) | 984 | if (!CBB_finish(&cbb, &sig_content, &sig_content_len)) |
| 985 | goto err; | 985 | goto err; |
| 986 | 986 | ||
| 987 | if ((cert = ctx->ssl->session->peer) == NULL) | 987 | if ((cert = ctx->ssl->session->peer_cert) == NULL) |
| 988 | goto err; | 988 | goto err; |
| 989 | if ((pkey = X509_get0_pubkey(cert)) == NULL) | 989 | if ((pkey = X509_get0_pubkey(cert)) == NULL) |
| 990 | goto err; | 990 | goto err; |