From fedd988b9f44e5e0ccf1a340f14354f32800d524 Mon Sep 17 00:00:00 2001 From: beck <> Date: Mon, 23 Jan 2017 06:45:30 +0000 Subject: Move a large part of ssl_st into internal, so we can see what squeals. ok jsing@ --- src/lib/libssl/s3_clnt.c | 116 +++++++++++++++++++++++------------------------ 1 file changed, 58 insertions(+), 58 deletions(-) (limited to 'src/lib/libssl/s3_clnt.c') diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 8c1a87f38e..0893682e75 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.167 2017/01/23 05:13:02 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.168 2017/01/23 06:45:30 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -197,7 +197,7 @@ ssl3_connect(SSL *s) switch (s->state) { case SSL_ST_RENEGOTIATE: - s->renegotiate = 1; + s->internal->renegotiate = 1; s->state = SSL_ST_CONNECT; s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ @@ -218,7 +218,7 @@ ssl3_connect(SSL *s) } /* s->version=SSL3_VERSION; */ - s->type = SSL_ST_CONNECT; + s->internal->type = SSL_ST_CONNECT; if (!ssl3_setup_init_buffer(s)) { ret = -1; @@ -242,18 +242,18 @@ ssl3_connect(SSL *s) s->state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CW_CLNT_HELLO_A: case SSL3_ST_CW_CLNT_HELLO_B: - s->shutdown = 0; + s->internal->shutdown = 0; ret = ssl3_client_hello(s); if (ret <= 0) goto end; s->state = SSL3_ST_CR_SRVR_HELLO_A; - s->init_num = 0; + s->internal->init_num = 0; /* turn on buffering for the next lot of output */ if (s->bbio != s->wbio) @@ -267,15 +267,15 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; - if (s->hit) { + if (s->internal->hit) { s->state = SSL3_ST_CR_FINISHED_A; - if (s->tlsext_ticket_expected) { + if (s->internal->tlsext_ticket_expected) { /* receive renewed session ticket */ s->state = SSL3_ST_CR_SESSION_TICKET_A; } } else s->state = SSL3_ST_CR_CERT_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_CERT_A: @@ -284,12 +284,12 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; if (ret == 2) { - s->hit = 1; - if (s->tlsext_ticket_expected) + s->internal->hit = 1; + if (s->internal->tlsext_ticket_expected) s->state = SSL3_ST_CR_SESSION_TICKET_A; else s->state = SSL3_ST_CR_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; break; } /* Check if it is anon DH/ECDH. */ @@ -298,7 +298,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; - if (s->tlsext_status_expected) + if (s->internal->tlsext_status_expected) s->state = SSL3_ST_CR_CERT_STATUS_A; else s->state = SSL3_ST_CR_KEY_EXCH_A; @@ -306,7 +306,7 @@ ssl3_connect(SSL *s) skip = 1; s->state = SSL3_ST_CR_KEY_EXCH_A; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_KEY_EXCH_A: @@ -315,7 +315,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_CERT_REQ_A; - s->init_num = 0; + s->internal->init_num = 0; /* * At this point we check that we have the @@ -333,7 +333,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_SRVR_DONE_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_SRVR_DONE_A: @@ -345,7 +345,7 @@ ssl3_connect(SSL *s) s->state = SSL3_ST_CW_CERT_A; else s->state = SSL3_ST_CW_KEY_EXCH_A; - s->init_num = 0; + s->internal->init_num = 0; break; @@ -357,7 +357,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CW_KEY_EXCH_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CW_KEY_EXCH_A: @@ -392,7 +392,7 @@ ssl3_connect(SSL *s) S3I(s)->change_cipher_spec = 0; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CW_CERT_VRFY_A: @@ -401,7 +401,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CW_CHANGE_A; - s->init_num = 0; + s->internal->init_num = 0; S3I(s)->change_cipher_spec = 0; break; @@ -416,7 +416,7 @@ ssl3_connect(SSL *s) s->state = SSL3_ST_CW_NEXT_PROTO_A; else s->state = SSL3_ST_CW_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; s->session->cipher = S3I(s)->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { @@ -453,7 +453,7 @@ ssl3_connect(SSL *s) /* clear flags */ s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; - if (s->hit) { + if (s->internal->hit) { S3I(s)->tmp.next_state = SSL_ST_OK; if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { @@ -463,14 +463,14 @@ ssl3_connect(SSL *s) } } else { /* Allow NewSessionTicket if ticket expected */ - if (s->tlsext_ticket_expected) + if (s->internal->tlsext_ticket_expected) S3I(s)->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; else S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A; } - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_SESSION_TICKET_A: @@ -479,7 +479,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_FINISHED_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_CERT_STATUS_A: @@ -488,7 +488,7 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; s->state = SSL3_ST_CR_KEY_EXCH_A; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CR_FINISHED_A: @@ -499,20 +499,20 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; - if (s->hit) + if (s->internal->hit) s->state = SSL3_ST_CW_CHANGE_A; else s->state = SSL_ST_OK; - s->init_num = 0; + s->internal->init_num = 0; break; case SSL3_ST_CW_FLUSH: - s->rwstate = SSL_WRITING; + s->internal->rwstate = SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { ret = -1; goto end; } - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; s->state = S3I(s)->tmp.next_state; break; @@ -520,9 +520,9 @@ ssl3_connect(SSL *s) /* clean a few things up */ tls1_cleanup_key_block(s); - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; + if (s->internal->init_buf != NULL) { + BUF_MEM_free(s->internal->init_buf); + s->internal->init_buf = NULL; } /* @@ -533,12 +533,12 @@ ssl3_connect(SSL *s) ssl_free_wbio_buffer(s); /* else do it later in ssl3_write */ - s->init_num = 0; - s->renegotiate = 0; - s->new_session = 0; + s->internal->init_num = 0; + s->internal->renegotiate = 0; + s->internal->new_session = 0; ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); - if (s->hit) + if (s->internal->hit) s->ctx->internal->stats.sess_hit++; ret = 1; @@ -562,7 +562,7 @@ ssl3_connect(SSL *s) /* did we do anything */ if (!S3I(s)->tmp.reuse_message && !skip) { - if (s->debug) { + if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; } @@ -592,7 +592,7 @@ ssl3_client_hello(SSL *s) size_t outlen; int i; - bufend = (unsigned char *)s->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; + bufend = (unsigned char *)s->internal->init_buf->data + SSL3_RT_MAX_PLAIN_LENGTH; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; @@ -654,7 +654,7 @@ ssl3_client_hello(SSL *s) p += SSL3_RANDOM_SIZE; /* Session ID */ - if (s->new_session) + if (s->internal->new_session) i = 0; else i = s->session->session_id_length; @@ -739,7 +739,7 @@ ssl3_get_server_hello(SSL *s) if (n < 0) goto truncated; - CBS_init(&cbs, s->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, n); if (SSL_IS_DTLS(s)) { if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { @@ -825,13 +825,13 @@ ssl3_get_server_hello(SSL *s) goto f_err; } s->s3->flags |= SSL3_FLAGS_CCS_OK; - s->hit = 1; + s->internal->hit = 1; } else { /* a miss or crap from the other end */ /* If we were trying for session-id reuse, make a new * SSL_SESSION so we don't stuff up other people */ - s->hit = 0; + s->internal->hit = 0; if (s->session->session_id_length > 0) { if (!ssl_get_new_session(s, 0)) { al = SSL_AD_INTERNAL_ERROR; @@ -881,7 +881,7 @@ ssl3_get_server_hello(SSL *s) */ if (s->session->cipher) s->session->cipher_id = s->session->cipher->id; - if (s->hit && (s->session->cipher_id != cipher->id)) { + if (s->internal->hit && (s->session->cipher_id != cipher->id)) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); @@ -951,7 +951,7 @@ ssl3_get_server_certificate(SSL *s) EVP_PKEY *pkey = NULL; n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); + SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); @@ -978,7 +978,7 @@ ssl3_get_server_certificate(SSL *s) if (n < 0) goto truncated; - CBS_init(&cbs, s->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, n); if (CBS_len(&cbs) < 3) goto truncated; @@ -1374,7 +1374,7 @@ ssl3_get_server_key_exchange(SSL *s) * as ServerKeyExchange message may be skipped. */ n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A, - SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok); + SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); @@ -1412,7 +1412,7 @@ ssl3_get_server_key_exchange(SSL *s) goto err; } - param = p = (unsigned char *)s->init_msg; + param = p = (unsigned char *)s->internal->init_msg; param_len = n; if (alg_k & SSL_kDHE) { @@ -1580,7 +1580,7 @@ ssl3_get_certificate_request(SSL *s) STACK_OF(X509_NAME) *ca_sk = NULL; n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A, - SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok); + SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); @@ -1617,7 +1617,7 @@ ssl3_get_certificate_request(SSL *s) if (n < 0) goto truncated; - CBS_init(&cert_request, s->init_msg, n); + CBS_init(&cert_request, s->internal->init_msg, n); if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, @@ -1779,7 +1779,7 @@ ssl3_get_new_session_ticket(SSL *s) goto f_err; } - CBS_init(&cbs, s->init_msg, n); + CBS_init(&cbs, s->internal->init_msg, n); if (!CBS_get_u32(&cbs, &lifetime_hint) || #if UINT32_MAX > LONG_MAX lifetime_hint > LONG_MAX || @@ -1851,7 +1851,7 @@ ssl3_get_cert_status(SSL *s) goto f_err; } - CBS_init(&cert_status, s->init_msg, n); + CBS_init(&cert_status, s->internal->init_msg, n); if (!CBS_get_u8(&cert_status, &status_type) || CBS_len(&cert_status) < 3) { /* need at least status type + length */ @@ -1876,15 +1876,15 @@ ssl3_get_cert_status(SSL *s) goto f_err; } - if (!CBS_stow(&response, &s->tlsext_ocsp_resp, + if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp, &stow_len) || stow_len > INT_MAX) { - s->tlsext_ocsp_resplen = 0; + s->internal->tlsext_ocsp_resplen = 0; al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE); goto f_err; } - s->tlsext_ocsp_resplen = (int)stow_len; + s->internal->tlsext_ocsp_resplen = (int)stow_len; if (s->ctx->internal->tlsext_status_cb) { int ret; @@ -2573,10 +2573,10 @@ ssl3_send_client_certificate(SSL *s) */ i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { - s->rwstate = SSL_X509_LOOKUP; + s->internal->rwstate = SSL_X509_LOOKUP; return (-1); } - s->rwstate = SSL_NOTHING; + s->internal->rwstate = SSL_NOTHING; if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { s->state = SSL3_ST_CW_CERT_B; if (!SSL_use_certificate(s, x509) || @@ -2738,7 +2738,7 @@ ssl3_check_finished(SSL *s) /* this function is called when we really expect a Certificate * message, so permit appropriate message length */ n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); + SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); S3I(s)->tmp.reuse_message = 1; -- cgit v1.2.3-55-g6feb