src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2017-01-22 09:02:08 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2017-01-22 09:02:08 +0000
commit	32623d6fad69e3ce3bfaf0d0f2cd3e74a9133586 (patch)
tree	340c85dd54327d82f72e0e172ba6fa4a1376a2a6 /lib/libssl/t1_enc.c
parent	0b291c7af172c50feaa7c669e3a49cb18750bf12 (diff)

Move most of the SSL3_STATE fields to internal - the ones that remain are

known to be used by ports. ok beck@

Diffstat (limited to 'lib/libssl/t1_enc.c')

-rw-r--r--

lib/libssl/t1_enc.c

152

1 files changed, 76 insertions, 76 deletions

diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index 67ad1ae9248..a8998b4dec5 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: t1_enc.c,v 1.88 2017/01/22 07:16:39 beck Exp $ */

+/* $OpenBSD: t1_enc.c,v 1.89 2017/01/22 09:02:07 jsing Exp $ */

@@ -146,26 +146,26 @@

void

tls1_cleanup_key_block(SSL *s)

{

- if (s->s3->tmp.key_block != NULL) {

- explicit_bzero(s->s3->tmp.key_block,

- s->s3->tmp.key_block_length);

- free(s->s3->tmp.key_block);

- s->s3->tmp.key_block = NULL;

+ if (S3I(s)->tmp.key_block != NULL) {

+ explicit_bzero(S3I(s)->tmp.key_block,

+ S3I(s)->tmp.key_block_length);

+ free(S3I(s)->tmp.key_block);

+ S3I(s)->tmp.key_block = NULL;

}

- s->s3->tmp.key_block_length = 0;

+ S3I(s)->tmp.key_block_length = 0;

}

int

tls1_init_finished_mac(SSL *s)

{

- BIO_free(s->s3->handshake_buffer);

+ BIO_free(S3I(s)->handshake_buffer);

tls1_free_digest_list(s);

- s->s3->handshake_buffer = BIO_new(BIO_s_mem());

- if (s->s3->handshake_buffer == NULL)

+ S3I(s)->handshake_buffer = BIO_new(BIO_s_mem());

+ if (S3I(s)->handshake_buffer == NULL)

return (0);

- (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);

+ (void)BIO_set_close(S3I(s)->handshake_buffer, BIO_CLOSE);

return (1);

}

@@ -177,15 +177,15 @@ tls1_free_digest_list(SSL *s)

if (s == NULL)

return;

- if (s->s3->handshake_dgst == NULL)

+ if (S3I(s)->handshake_dgst == NULL)

return;

for (i = 0; i < SSL_MAX_DIGEST; i++) {

- if (s->s3->handshake_dgst[i])

- EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);

+ if (S3I(s)->handshake_dgst[i])

+ EVP_MD_CTX_destroy(S3I(s)->handshake_dgst[i]);

}

- free(s->s3->handshake_dgst);

- s->s3->handshake_dgst = NULL;

+ free(S3I(s)->handshake_dgst);

+ S3I(s)->handshake_dgst = NULL;

}

int

@@ -193,16 +193,16 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len)

{

int i;

- if (s->s3->handshake_buffer &&

+ if (S3I(s)->handshake_buffer &&

!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {

- BIO_write(s->s3->handshake_buffer, (void *)buf, len);

+ BIO_write(S3I(s)->handshake_buffer, (void *)buf, len);

return 1;

}

for (i = 0; i < SSL_MAX_DIGEST; i++) {

- if (s->s3->handshake_dgst[i] == NULL)

+ if (S3I(s)->handshake_dgst[i] == NULL)

continue;

- if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len)) {

+ if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {

SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);

return 0;

}

@@ -221,12 +221,12 @@ tls1_digest_cached_records(SSL *s)

tls1_free_digest_list(s);

- s->s3->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));

- if (s->s3->handshake_dgst == NULL) {

+ S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));

+ if (S3I(s)->handshake_dgst == NULL) {

SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);

goto err;

}

- hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);

+ hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);

if (hdatalen <= 0) {

SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,

SSL_R_BAD_HANDSHAKE_LENGTH);

@@ -238,17 +238,17 @@ tls1_digest_cached_records(SSL *s)

if ((mask & ssl_get_algorithm2(s)) == 0 || md == NULL)

continue;

- s->s3->handshake_dgst[i] = EVP_MD_CTX_create();

- if (s->s3->handshake_dgst[i] == NULL) {

+ S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();

+ if (S3I(s)->handshake_dgst[i] == NULL) {

SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,

ERR_R_MALLOC_FAILURE);

goto err;

}

- if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL)) {

+ if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {

SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);

goto err;

}

- if (!EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata,

+ if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,

hdatalen)) {

SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB);

goto err;

@@ -256,8 +256,8 @@ tls1_digest_cached_records(SSL *s)

}

if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) {

- BIO_free(s->s3->handshake_buffer);

- s->s3->handshake_buffer = NULL;

+ BIO_free(S3I(s)->handshake_buffer);

+ S3I(s)->handshake_buffer = NULL;

}

return 1;

@@ -457,7 +457,7 @@ static int

tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,

unsigned key_len, const unsigned char *iv, unsigned iv_len)

{

- const EVP_AEAD *aead = s->s3->tmp.new_aead;

+ const EVP_AEAD *aead = S3I(s)->tmp.new_aead;

SSL_AEAD_CTX *aead_ctx;

if (is_read) {

@@ -482,10 +482,10 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,

aead_ctx->fixed_nonce_len = iv_len;

aead_ctx->variable_nonce_len = 8; /* always the case, currently. */

aead_ctx->variable_nonce_in_record =

- (s->s3->tmp.new_cipher->algorithm2 &

+ (S3I(s)->tmp.new_cipher->algorithm2 &

SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;

aead_ctx->xor_fixed_nonce =

- s->s3->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;

+ S3I(s)->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305;

aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);

if (aead_ctx->xor_fixed_nonce) {

@@ -526,12 +526,12 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,

const EVP_MD *mac;

int mac_type;

- cipher = s->s3->tmp.new_sym_enc;

- mac = s->s3->tmp.new_hash;

- mac_type = s->s3->tmp.new_mac_pkey_type;

+ cipher = S3I(s)->tmp.new_sym_enc;

+ mac = S3I(s)->tmp.new_hash;

+ mac_type = S3I(s)->tmp.new_mac_pkey_type;

if (is_read) {

- if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)

+ if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)

s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;

else

s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;

@@ -548,7 +548,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,

goto err;

s->read_hash = mac_ctx;

} else {

- if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)

+ if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)

s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;

else

s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;

@@ -595,15 +595,15 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,

mac_secret_size, (unsigned char *)mac_secret);

}

- if (s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {

+ if (S3I(s)->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {

int nid;

- if (s->s3->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)

+ if (S3I(s)->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)

nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;

else

nid = NID_id_tc26_gost_28147_param_Z;

EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);

- if (s->s3->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)

+ if (S3I(s)->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)

EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);

}

@@ -628,8 +628,8 @@ tls1_change_cipher_state(SSL *s, int which)

char is_read, use_client_keys;

- cipher = s->s3->tmp.new_sym_enc;

- aead = s->s3->tmp.new_aead;

+ cipher = S3I(s)->tmp.new_sym_enc;

+ aead = S3I(s)->tmp.new_aead;

* is_read is true if we have just read a ChangeCipherSpec message,

@@ -652,13 +652,13 @@ tls1_change_cipher_state(SSL *s, int which)

* dtls1_reset_seq_numbers().

if (!SSL_IS_DTLS(s)) {

- seq = is_read ? s->s3->read_sequence : s->s3->write_sequence;

+ seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence;

memset(seq, 0, SSL3_SEQUENCE_SIZE);

}

if (aead != NULL) {

key_len = EVP_AEAD_key_length(aead);

- iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->s3->tmp.new_cipher);

+ iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->tmp.new_cipher);

} else {

key_len = EVP_CIPHER_key_length(cipher);

iv_len = EVP_CIPHER_iv_length(cipher);

@@ -670,7 +670,7 @@ tls1_change_cipher_state(SSL *s, int which)

mac_secret_size = s->s3->tmp.new_mac_secret_size;

- key_block = s->s3->tmp.key_block;

+ key_block = S3I(s)->tmp.key_block;

client_write_mac_secret = key_block;

key_block += mac_secret_size;

server_write_mac_secret = key_block;

@@ -694,17 +694,17 @@ tls1_change_cipher_state(SSL *s, int which)

iv = server_write_iv;

}

- if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) {

+ if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {

SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);

goto err2;

}

if (is_read) {

- memcpy(s->s3->read_mac_secret, mac_secret, mac_secret_size);

- s->s3->read_mac_secret_size = mac_secret_size;

+ memcpy(S3I(s)->read_mac_secret, mac_secret, mac_secret_size);

+ S3I(s)->read_mac_secret_size = mac_secret_size;

} else {

- memcpy(s->s3->write_mac_secret, mac_secret, mac_secret_size);

- s->s3->write_mac_secret_size = mac_secret_size;

+ memcpy(S3I(s)->write_mac_secret, mac_secret, mac_secret_size);

+ S3I(s)->write_mac_secret_size = mac_secret_size;

}

if (aead != NULL) {

@@ -730,7 +730,7 @@ tls1_setup_key_block(SSL *s)

const EVP_MD *mac = NULL;

int ret = 0;

- if (s->s3->tmp.key_block_length != 0)

+ if (S3I(s)->tmp.key_block_length != 0)

return (1);

if (s->session->cipher &&

@@ -757,10 +757,10 @@ tls1_setup_key_block(SSL *s)

iv_len = EVP_GCM_TLS_FIXED_IV_LEN;

}

- s->s3->tmp.new_aead = aead;

- s->s3->tmp.new_sym_enc = cipher;

- s->s3->tmp.new_hash = mac;

- s->s3->tmp.new_mac_pkey_type = mac_type;

+ S3I(s)->tmp.new_aead = aead;

+ S3I(s)->tmp.new_sym_enc = cipher;

+ S3I(s)->tmp.new_hash = mac;

+ S3I(s)->tmp.new_mac_pkey_type = mac_type;

s->s3->tmp.new_mac_secret_size = mac_secret_size;

tls1_cleanup_key_block(s);

@@ -772,8 +772,8 @@ tls1_setup_key_block(SSL *s)

}

key_block_len = (mac_secret_size + key_len + iv_len) * 2;

- s->s3->tmp.key_block_length = key_block_len;

- s->s3->tmp.key_block = key_block;

+ S3I(s)->tmp.key_block_length = key_block_len;

+ S3I(s)->tmp.key_block = key_block;

if ((tmp_block = malloc(key_block_len)) == NULL) {

SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);

@@ -789,15 +789,15 @@ tls1_setup_key_block(SSL *s)

* Enable vulnerability countermeasure for CBC ciphers with

* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)

- s->s3->need_empty_fragments = 1;

+ S3I(s)->need_empty_fragments = 1;

if (s->session->cipher != NULL) {

if (s->session->cipher->algorithm_enc == SSL_eNULL)

- s->s3->need_empty_fragments = 0;

+ S3I(s)->need_empty_fragments = 0;

#ifndef OPENSSL_NO_RC4

if (s->session->cipher->algorithm_enc == SSL_RC4)

- s->s3->need_empty_fragments = 0;

+ S3I(s)->need_empty_fragments = 0;

#endif

}

@@ -834,12 +834,12 @@ tls1_enc(SSL *s, int send)

if (send) {

aead = s->aead_write_ctx;

- rec = &s->s3->wrec;

- seq = s->s3->write_sequence;

+ rec = &S3I(s)->wrec;

+ seq = S3I(s)->write_sequence;

} else {

aead = s->aead_read_ctx;

- rec = &s->s3->rrec;

- seq = s->s3->read_sequence;

+ rec = &S3I(s)->rrec;

+ seq = S3I(s)->read_sequence;

}

if (aead) {

@@ -1102,14 +1102,14 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)

unsigned int ret;

int i;

- if (s->s3->handshake_buffer)

+ if (S3I(s)->handshake_buffer)

if (!tls1_digest_cached_records(s))

return 0;

for (i = 0; i < SSL_MAX_DIGEST; i++) {

- if (s->s3->handshake_dgst[i] &&

- EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {

- d = s->s3->handshake_dgst[i];

+ if (S3I(s)->handshake_dgst[i] &&

+ EVP_MD_CTX_type(S3I(s)->handshake_dgst[i]) == md_nid) {

+ d = S3I(s)->handshake_dgst[i];

break;

}

@@ -1141,7 +1141,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)

q = buf;

- if (s->s3->handshake_buffer)

+ if (S3I(s)->handshake_buffer)

if (!tls1_digest_cached_records(s))

return 0;

@@ -1150,7 +1150,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)

for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {

if (ssl_get_algorithm2(s) & mask) {

int hashsize = EVP_MD_size(md);

- EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];

+ EVP_MD_CTX *hdgst = S3I(s)->handshake_dgst[idx];

if (!hdgst || hashsize < 0 ||

hashsize > (int)(sizeof buf - (size_t)(q - buf))) {

/* internal error: 'buf' is too small for this cipersuite! */

@@ -1193,12 +1193,12 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)

int t;

if (send) {

- rec = &(ssl->s3->wrec);

- seq = &(ssl->s3->write_sequence[0]);

+ rec = &(ssl->s3->internal->wrec);

+ seq = &(ssl->s3->internal->write_sequence[0]);

hash = ssl->write_hash;

} else {

- rec = &(ssl->s3->rrec);

- seq = &(ssl->s3->read_sequence[0]);

+ rec = &(ssl->s3->internal->rrec);

+ seq = &(ssl->s3->internal->read_sequence[0]);

hash = ssl->read_hash;

}

@@ -1241,8 +1241,8 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)

if (!ssl3_cbc_digest_record(mac_ctx,

md, &md_size, header, rec->input,

rec->length + md_size, orig_len,

- ssl->s3->read_mac_secret,

- ssl->s3->read_mac_secret_size))

+ ssl->s3->internal->read_mac_secret,

+ ssl->s3->internal->read_mac_secret_size))

return -1;

} else {

EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));