summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libssl/d1_lib.c21
-rw-r--r--lib/libssl/dtls1.h6
-rw-r--r--lib/libssl/s3_lib.c18
-rw-r--r--lib/libssl/ssl.h16
-rw-r--r--lib/libssl/ssl3.h6
-rw-r--r--lib/libssl/ssl_lib.c35
-rw-r--r--lib/libssl/ssl_locl.h22
-rw-r--r--lib/libssl/ssl_sess.c16
8 files changed, 111 insertions, 29 deletions
diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c
index 56c79f30aa8..3bc1b42583e 100644
--- a/lib/libssl/d1_lib.c
+++ b/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.34 2016/11/04 18:33:11 guenther Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.35 2017/01/22 03:50:45 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -105,7 +105,12 @@ dtls1_new(SSL *s)
if (!ssl3_new(s))
return (0);
- if ((d1 = calloc(1, sizeof *d1)) == NULL) {
+ if ((d1 = calloc(1, sizeof(*d1))) == NULL) {
+ ssl3_free(s);
+ return (0);
+ }
+ if ((d1->internal = calloc(1, sizeof(*d1->internal))) == NULL) {
+ free(d1);
ssl3_free(s);
return (0);
}
@@ -199,14 +204,19 @@ dtls1_free(SSL *s)
pqueue_free(s->d1->sent_messages);
pqueue_free(s->d1->buffered_app_data.q);
- explicit_bzero(s->d1, sizeof *s->d1);
+ explicit_bzero(s->d1->internal, sizeof(*s->d1->internal));
+ free(s->d1->internal);
+
+ explicit_bzero(s->d1, sizeof(*s->d1));
free(s->d1);
+
s->d1 = NULL;
}
void
dtls1_clear(SSL *s)
{
+ struct dtls1_state_internal_st *internal;
pqueue unprocessed_rcds;
pqueue processed_rcds;
pqueue buffered_messages;
@@ -224,7 +234,10 @@ dtls1_clear(SSL *s)
dtls1_clear_queues(s);
- memset(s->d1, 0, sizeof(*(s->d1)));
+ memset(s->d1->internal, 0, sizeof(*s->d1->internal));
+ internal = s->d1->internal;
+ memset(s->d1, 0, sizeof(*s->d1));
+ s->d1->internal = internal;
if (s->server) {
s->d1->cookie_len = sizeof(s->d1->cookie);
diff --git a/lib/libssl/dtls1.h b/lib/libssl/dtls1.h
index 8ec0bb84212..812b90592d3 100644
--- a/lib/libssl/dtls1.h
+++ b/lib/libssl/dtls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls1.h,v 1.19 2016/12/30 15:10:57 jsing Exp $ */
+/* $OpenBSD: dtls1.h,v 1.20 2017/01/22 03:50:45 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -150,6 +150,8 @@ typedef struct hm_fragment_st {
unsigned char *reassembly;
} hm_fragment;
+struct dtls1_state_internal_st;
+
typedef struct dtls1_state_st {
unsigned int send_cookie;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
@@ -222,7 +224,7 @@ typedef struct dtls1_state_st {
unsigned int retransmitting;
unsigned int change_cipher_spec_ok;
-
+ struct dtls1_state_internal_st *internal;
} DTLS1_STATE;
typedef struct dtls1_record_data_st {
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 0dda987d4c1..6f5ee4fa50d 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.117 2017/01/22 00:09:13 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.118 2017/01/22 03:50:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1811,6 +1811,10 @@ ssl3_new(SSL *s)
{
if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL)
return (0);
+ if ((s->s3->internal = calloc(1, sizeof(*s->s3->internal))) == NULL) {
+ free(s->s3);
+ return (0);
+ }
s->method->ssl_clear(s);
@@ -1840,14 +1844,19 @@ ssl3_free(SSL *s)
tls1_free_digest_list(s);
free(s->s3->alpn_selected);
- explicit_bzero(s->s3, sizeof *s->s3);
+ explicit_bzero(s->s3->internal, sizeof(*s->s3->internal));
+ free(s->s3->internal);
+
+ explicit_bzero(s->s3, sizeof(*s->s3));
free(s->s3);
+
s->s3 = NULL;
}
void
ssl3_clear(SSL *s)
{
+ struct ssl3_state_internal_st *internal;
unsigned char *rp, *wp;
size_t rlen, wlen;
@@ -1878,7 +1887,10 @@ ssl3_clear(SSL *s)
free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
- memset(s->s3, 0, sizeof *s->s3);
+ memset(s->s3->internal, 0, sizeof(*s->s3->internal));
+ internal = s->s3->internal;
+ memset(s->s3, 0, sizeof(*s->s3));
+ s->s3->internal = internal;
s->s3->rbuf.buf = rp;
s->s3->wbuf.buf = wp;
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 37844bdeaa0..e8ad9fb4704 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.102 2016/12/30 17:20:51 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.103 2017/01/22 03:50:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -353,6 +353,7 @@ extern "C" {
* 'struct ssl_st *' function parameters used to prototype callbacks
* in SSL_CTX. */
typedef struct ssl_st *ssl_crock_st;
+
typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_cipher_st SSL_CIPHER;
@@ -455,6 +456,8 @@ struct ssl_method_st {
* Look in ssl/ssl_asn1.c for more details
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
*/
+struct ssl_session_internal_st;
+
struct ssl_session_st {
int ssl_version; /* what ssl version session info is
* being kept in here? */
@@ -513,6 +516,8 @@ struct ssl_session_st {
unsigned char *tlsext_tick; /* Session ticket */
size_t tlsext_ticklen; /* Session ticket length */
long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
+
+ struct ssl_session_internal_st *internal;
};
#endif
@@ -687,6 +692,8 @@ struct lhash_st_SSL_SESSION {
int dummy;
};
+struct ssl_ctx_internal_st;
+
struct ssl_ctx_st {
const SSL_METHOD *method;
@@ -885,6 +892,8 @@ struct ssl_ctx_st {
/* SRTP profiles we are willing to do from RFC 5764 */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+
+ struct ssl_ctx_internal_st *internal;
};
#endif
@@ -997,6 +1006,7 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
#ifndef OPENSSL_NO_SSL_INTERN
+struct ssl_internal_st;
struct ssl_st {
/* protocol version
@@ -1192,6 +1202,7 @@ struct ssl_st {
void *tls_session_secret_cb_arg;
SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
+#define session_ctx initial_ctx
/* Next protocol negotiation. For the client, this is the protocol that
* we sent in NextProtocol and is set when handling ServerHello
@@ -1203,8 +1214,6 @@ struct ssl_st {
unsigned char *next_proto_negotiated;
unsigned char next_proto_negotiated_len;
-#define session_ctx initial_ctx
-
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */
SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */
@@ -1224,6 +1233,7 @@ struct ssl_st {
* 2 if we are a server and are inside a handshake
* (i.e. not just sending a HelloRequest) */
+ struct ssl_internal_st *internal;
};
#endif
diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index c52c0a780eb..63441761050 100644
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.43 2016/12/30 15:10:57 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.44 2017/01/22 03:50:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -359,6 +359,8 @@ typedef struct ssl3_buffer_st {
#ifndef OPENSSL_NO_SSL_INTERN
+struct ssl3_state_internal_st;
+
typedef struct ssl3_state_st {
long flags;
int delay_buf_pop_ret;
@@ -489,6 +491,8 @@ typedef struct ssl3_state_st {
*/
unsigned char *alpn_selected;
unsigned int alpn_selected_len;
+
+ struct ssl3_state_internal_st *internal;
} SSL3_STATE;
#endif
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 7eb192eb2cd..d9e5166cdd2 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.125 2017/01/21 04:16:49 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.126 2017/01/22 03:50:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -274,10 +274,15 @@ SSL_new(SSL_CTX *ctx)
return (NULL);
}
- s = calloc(1, sizeof(SSL));
- if (s == NULL)
- goto err;
-
+ if ((s = calloc(1, sizeof(*s))) == NULL) {
+ SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) {
+ free(s);
+ SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
s->options = ctx->options;
s->mode = ctx->mode;
@@ -361,7 +366,7 @@ SSL_new(SSL_CTX *ctx)
return (s);
-err:
+ err:
SSL_free(s);
SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
return (NULL);
@@ -549,7 +554,6 @@ SSL_free(SSL *s)
SSL_CTX_free(s->ctx);
-
free(s->next_proto_negotiated);
free(s->alpn_client_proto_list);
@@ -558,6 +562,7 @@ SSL_free(SSL *s)
sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
#endif
+ free(s->internal);
free(s);
}
@@ -1792,21 +1797,28 @@ ssl_session_LHASH_COMP(const void *arg1, const void *arg2)
SSL_CTX *
SSL_CTX_new(const SSL_METHOD *meth)
{
- SSL_CTX *ret = NULL;
+ SSL_CTX *ret;
if (meth == NULL) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
return (NULL);
}
+ if ((ret = calloc(1, sizeof(*ret))) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ if ((ret->internal = calloc(1, sizeof(*ret->internal))) == NULL) {
+ free(ret);
+ SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+
if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
SSLerr(SSL_F_SSL_CTX_NEW,
SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
goto err;
}
- ret = calloc(1, sizeof(SSL_CTX));
- if (ret == NULL)
- goto err;
ret->method = meth;
@@ -1993,6 +2005,7 @@ SSL_CTX_free(SSL_CTX *a)
free(a->alpn_client_proto_list);
+ free(a->internal);
free(a);
}
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 5748875092b..50f527aad51 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.145 2017/01/21 04:18:18 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.146 2017/01/22 03:50:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -372,6 +372,26 @@ __BEGIN_HIDDEN_DECLS
#define EXPLICIT_CHAR2_CURVE_TYPE 2
#define NAMED_CURVE_TYPE 3
+typedef struct ssl_session_internal_st {
+
+} SSL_SESSION_INTERNAL;
+
+typedef struct ssl_ctx_internal_st {
+
+} SSL_CTX_INTERNAL;
+
+typedef struct ssl_internal_st {
+
+} SSL_INTERNAL;
+
+typedef struct ssl3_state_internal_st {
+
+} SSL3_STATE_INTERNAL;
+
+typedef struct dtls1_state_internal_st {
+
+} DTLS1_STATE_INTERNAL;
+
typedef struct cert_pkey_st {
X509 *x509;
EVP_PKEY *privatekey;
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index f6e2642aeb0..0970633a862 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.53 2016/11/02 11:21:05 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.54 2017/01/22 03:50:45 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -199,10 +199,14 @@ SSL_SESSION_new(void)
{
SSL_SESSION *ss;
- ss = calloc(1, sizeof(SSL_SESSION));
- if (ss == NULL) {
+ if ((ss = calloc(1, sizeof(*ss))) == NULL) {
SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
- return (0);
+ return (NULL);
+ }
+ if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) {
+ free(ss);
+ SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
}
ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
@@ -706,6 +710,10 @@ SSL_SESSION_free(SSL_SESSION *ss)
free(ss->tlsext_ecpointformatlist);
ss->tlsext_ellipticcurvelist_length = 0;
free(ss->tlsext_ellipticcurvelist);
+
+ explicit_bzero(ss->internal, sizeof(*ss->internal));
+ free(ss->internal);
+
explicit_bzero(ss, sizeof(*ss));
free(ss);
}