From 6ba40c14589593245fa8f6bac2ec9b6f09c21892 Mon Sep 17 00:00:00 2001 From: jsing Date: Thu, 1 Jul 2021 17:53:39 +0000 Subject: [PATCH] Merge SSL_METHOD_INTERNAL into SSL_METHOD. Now that SSL_METHOD is opaque and in internal headers, we can remove SSL_METHOD_INTERNAL by merging it back into SSL_METHOD. ok tb@ --- lib/libssl/bio_ssl.c | 6 +- lib/libssl/d1_both.c | 14 ++-- lib/libssl/d1_lib.c | 4 +- lib/libssl/s3_lib.c | 19 ++--- lib/libssl/ssl_both.c | 6 +- lib/libssl/ssl_lib.c | 62 ++++++++--------- lib/libssl/ssl_locl.h | 18 ++--- lib/libssl/ssl_methods.c | 130 +++++++++-------------------------- lib/libssl/ssl_packet.c | 5 +- lib/libssl/ssl_versions.c | 21 +++--- lib/libssl/t1_enc.c | 4 +- lib/libssl/t1_lib.c | 6 +- lib/libssl/tls13_handshake.c | 4 +- lib/libssl/tls13_legacy.c | 16 ++--- lib/libssl/tls13_server.c | 6 +- 15 files changed, 126 insertions(+), 195 deletions(-) diff --git a/lib/libssl/bio_ssl.c b/lib/libssl/bio_ssl.c index 460b09fd871..bb40b2a6f75 100644 --- a/lib/libssl/bio_ssl.c +++ b/lib/libssl/bio_ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_ssl.c,v 1.30 2021/06/11 11:13:53 jsing Exp $ */ +/* $OpenBSD: bio_ssl.c,v 1.31 2021/07/01 17:53:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -294,10 +294,10 @@ ssl_ctrl(BIO *b, int cmd, long num, void *ptr) SSL_shutdown(ssl); if (ssl->internal->handshake_func == - ssl->method->internal->ssl_connect) + ssl->method->ssl_connect) SSL_set_connect_state(ssl); else if (ssl->internal->handshake_func == - ssl->method->internal->ssl_accept) + ssl->method->ssl_accept) SSL_set_accept_state(ssl); SSL_clear(ssl); diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index 52189128c86..2e5e86641c0 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.75 2021/06/11 17:29:48 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.76 2021/07/01 17:53:39 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -600,7 +600,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) unsigned char devnull [256]; while (frag_len) { - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0); if (i <= 0) @@ -612,7 +612,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) } /* read the body of the fragment (header has already been read */ - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, frag->fragment + msg_hdr->frag_off, frag_len, 0); if (i <= 0 || (unsigned long)i != frag_len) goto err; @@ -690,7 +690,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) unsigned char devnull [256]; while (frag_len) { - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0); if (i <= 0) @@ -712,7 +712,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) if (frag_len) { /* read the body of the fragment (header has already been read */ - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, frag->fragment, frag_len, 0); if (i <= 0 || (unsigned long)i != frag_len) goto err; @@ -756,7 +756,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) } /* read handshake message header */ - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, DTLS1_HM_HEADER_LENGTH, 0); if (i <= 0) /* nbio, or an error */ { @@ -825,7 +825,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if (frag_len > 0) { unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[frag_off], frag_len, 0); /* XDTLS: fix this--message fragments cannot span multiple packets */ if (i <= 0) { diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c index 66895a361f2..6d9959ff43a 100644 --- a/lib/libssl/d1_lib.c +++ b/lib/libssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.56 2021/06/19 16:52:47 jsing Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.57 2021/07/01 17:53:39 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -100,7 +100,7 @@ dtls1_new(SSL *s) if (s->server) s->d1->internal->cookie_len = sizeof(D1I(s)->cookie); - s->method->internal->ssl_clear(s); + s->method->ssl_clear(s); return (1); err: diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 0cdf9edd2fe..125c108f02e 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.211 2021/06/30 18:07:50 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.212 2021/07/01 17:53:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1548,7 +1548,7 @@ ssl3_new(SSL *s) return (0); } - s->method->internal->ssl_clear(s); + s->method->ssl_clear(s); return (1); } @@ -2688,7 +2688,7 @@ ssl3_shutdown(SSL *s) } } else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { /* If we are waiting for a close from our peer, we are closed */ - s->method->internal->ssl_read_bytes(s, 0, NULL, 0, 0); + s->method->ssl_read_bytes(s, 0, NULL, 0, 0); if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { return(-1); /* return WANT_READ */ } @@ -2709,8 +2709,8 @@ ssl3_write(SSL *s, const void *buf, int len) if (S3I(s)->renegotiate) ssl3_renegotiate_check(s); - return s->method->internal->ssl_write_bytes(s, - SSL3_RT_APPLICATION_DATA, buf, len); + return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, + buf, len); } static int @@ -2722,8 +2722,9 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek) if (S3I(s)->renegotiate) ssl3_renegotiate_check(s); S3I(s)->in_read_app_data = 1; - ret = s->method->internal->ssl_read_bytes(s, - SSL3_RT_APPLICATION_DATA, buf, len, peek); + + ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, + peek); if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->internal->handshake_func, @@ -2733,8 +2734,8 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek) * handshake processing and try to read application data again. */ s->internal->in_handshake++; - ret = s->method->internal->ssl_read_bytes(s, - SSL3_RT_APPLICATION_DATA, buf, len, peek); + ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, + buf, len, peek); s->internal->in_handshake--; } else S3I(s)->in_read_app_data = 0; diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c index d3d4883b35f..03c5a2f1e95 100644 --- a/lib/libssl/ssl_both.c +++ b/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.32 2021/06/11 11:13:53 jsing Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.33 2021/07/01 17:53:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -433,7 +433,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) do { while (s->internal->init_num < 4) { - i = s->method->internal->ssl_read_bytes(s, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->internal->init_num], 4 - s->internal->init_num, 0); if (i <= 0) { @@ -500,7 +500,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) p = s->internal->init_msg; n = S3I(s)->hs.tls12.message_size - s->internal->init_num; while (n > 0) { - i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->internal->init_num], n, 0); if (i <= 0) { s->internal->rwstate = SSL_READING; diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index dd46bf94231..bb4b700e0b9 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.261 2021/06/19 16:52:47 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.262 2021/07/01 17:53:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -187,7 +187,7 @@ SSL_clear(SSL *s) return (0); } - s->version = s->method->internal->version; + s->version = s->method->version; s->client_version = s->version; s->internal->rwstate = SSL_NOTHING; s->internal->rstate = SSL_ST_READ_HEADER; @@ -207,12 +207,12 @@ SSL_clear(SSL *s) */ if (!s->internal->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { - s->method->internal->ssl_free(s); + s->method->ssl_free(s); s->method = s->ctx->method; - if (!s->method->internal->ssl_new(s)) + if (!s->method->ssl_new(s)) return (0); } else - s->method->internal->ssl_clear(s); + s->method->ssl_clear(s); return (1); } @@ -342,11 +342,11 @@ SSL_new(SSL_CTX *ctx) s->method = ctx->method; - if (!s->method->internal->ssl_new(s)) + if (!s->method->ssl_new(s)) goto err; s->references = 1; - s->server = ctx->method->internal->server; + s->server = ctx->method->server; SSL_clear(s); @@ -566,7 +566,7 @@ SSL_free(SSL *s) sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free); if (s->method != NULL) - s->method->internal->ssl_free(s); + s->method->ssl_free(s); SSL_CTX_free(s->ctx); @@ -811,7 +811,7 @@ SSL_get_read_ahead(const SSL *s) int SSL_pending(const SSL *s) { - return (s->method->internal->ssl_pending(s)); + return (s->method->ssl_pending(s)); } X509 * @@ -866,9 +866,9 @@ SSL_copy_session_id(SSL *t, const SSL *f) /* What if we are set up for one protocol but want to talk another? */ if (t->method != f->method) { - t->method->internal->ssl_free(t); + t->method->ssl_free(t); t->method = f->method; - if (!t->method->internal->ssl_new(t)) + if (!t->method->ssl_new(t)) return 0; } @@ -933,7 +933,7 @@ SSL_accept(SSL *s) if (s->internal->handshake_func == NULL) SSL_set_accept_state(s); /* Not properly initialized yet */ - return (s->method->internal->ssl_accept(s)); + return (s->method->ssl_accept(s)); } int @@ -942,13 +942,13 @@ SSL_connect(SSL *s) if (s->internal->handshake_func == NULL) SSL_set_connect_state(s); /* Not properly initialized yet */ - return (s->method->internal->ssl_connect(s)); + return (s->method->ssl_connect(s)); } int SSL_is_dtls(const SSL *s) { - return s->method->internal->dtls; + return s->method->dtls; } int @@ -1085,7 +1085,7 @@ SSL_shutdown(SSL *s) } if (s != NULL && !SSL_in_init(s)) - return (s->method->internal->ssl_shutdown(s)); + return (s->method->ssl_shutdown(s)); return (1); } @@ -1098,7 +1098,7 @@ SSL_renegotiate(SSL *s) s->internal->new_session = 1; - return (s->method->internal->ssl_renegotiate(s)); + return (s->method->ssl_renegotiate(s)); } int @@ -1109,7 +1109,7 @@ SSL_renegotiate_abbreviated(SSL *s) s->internal->new_session = 0; - return (s->method->internal->ssl_renegotiate(s)); + return (s->method->ssl_renegotiate(s)); } int @@ -1825,8 +1825,8 @@ SSL_CTX_new(const SSL_METHOD *meth) } ret->method = meth; - ret->internal->min_tls_version = meth->internal->min_tls_version; - ret->internal->max_tls_version = meth->internal->max_tls_version; + ret->internal->min_tls_version = meth->min_tls_version; + ret->internal->max_tls_version = meth->max_tls_version; ret->internal->min_proto_version = 0; ret->internal->max_proto_version = 0; ret->internal->mode = SSL_MODE_AUTO_RETRY; @@ -2293,17 +2293,17 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) if (s->method == method) return (ret); - if (s->internal->handshake_func == s->method->internal->ssl_connect) - handshake_func = method->internal->ssl_connect; - else if (s->internal->handshake_func == s->method->internal->ssl_accept) - handshake_func = method->internal->ssl_accept; + if (s->internal->handshake_func == s->method->ssl_connect) + handshake_func = method->ssl_connect; + else if (s->internal->handshake_func == s->method->ssl_accept) + handshake_func = method->ssl_accept; - if (s->method->internal->version == method->internal->version) { + if (s->method->version == method->version) { s->method = method; } else { - s->method->internal->ssl_free(s); + s->method->ssl_free(s); s->method = method; - ret = s->method->internal->ssl_new(s); + ret = s->method->ssl_new(s); } s->internal->handshake_func = handshake_func; @@ -2398,7 +2398,7 @@ SSL_do_handshake(SSL *s) return (-1); } - s->method->internal->ssl_renegotiate_check(s); + s->method->ssl_renegotiate_check(s); if (SSL_in_init(s) || SSL_in_before(s)) { ret = s->internal->handshake_func(s); @@ -2416,7 +2416,7 @@ SSL_set_accept_state(SSL *s) s->server = 1; s->internal->shutdown = 0; S3I(s)->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; - s->internal->handshake_func = s->method->internal->ssl_accept; + s->internal->handshake_func = s->method->ssl_accept; ssl_clear_cipher_state(s); } @@ -2426,7 +2426,7 @@ SSL_set_connect_state(SSL *s) s->server = 0; s->internal->shutdown = 0; S3I(s)->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; - s->internal->handshake_func = s->method->internal->ssl_connect; + s->internal->handshake_func = s->method->ssl_connect; ssl_clear_cipher_state(s); } @@ -2503,9 +2503,9 @@ SSL_dup(SSL *s) * and thus we can't use SSL_copy_session_id. */ - ret->method->internal->ssl_free(ret); + ret->method->ssl_free(ret); ret->method = s->method; - ret->method->internal->ssl_new(ret); + ret->method->ssl_new(ret); ssl_cert_free(ret->cert); if ((ret->cert = ssl_cert_dup(s->cert)) == NULL) diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 10fa9b6c174..6ffc2e053cd 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.353 2021/06/30 18:04:06 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.354 2021/07/01 17:53:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -319,19 +319,19 @@ __BEGIN_HIDDEN_DECLS /* See if we use signature algorithms extension. */ #define SSL_USE_SIGALGS(s) \ - (s->method->internal->enc_flags & SSL_ENC_FLAG_SIGALGS) + (s->method->enc_flags & SSL_ENC_FLAG_SIGALGS) /* See if we use SHA256 default PRF. */ #define SSL_USE_SHA256_PRF(s) \ - (s->method->internal->enc_flags & SSL_ENC_FLAG_SHA256_PRF) + (s->method->enc_flags & SSL_ENC_FLAG_SHA256_PRF) /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ #define SSL_USE_TLS1_2_CIPHERS(s) \ - (s->method->internal->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) + (s->method->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) /* Allow TLS 1.3 ciphersuites only. */ #define SSL_USE_TLS1_3_CIPHERS(s) \ - (s->method->internal->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS) + (s->method->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS) #define SSL_PKEY_RSA 0 #define SSL_PKEY_ECC 1 @@ -378,7 +378,7 @@ struct ssl_cipher_st { int alg_bits; /* Number of bits for algorithm */ }; -typedef struct ssl_method_internal_st { +struct ssl_method_st { int dtls; int server; int version; @@ -402,17 +402,13 @@ typedef struct ssl_method_internal_st { int peek); int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); - unsigned int enc_flags; /* SSL_ENC_FLAG_* */ -} SSL_METHOD_INTERNAL; - -struct ssl_method_st { int (*ssl_dispatch_alert)(SSL *s); int (*num_ciphers)(void); const SSL_CIPHER *(*get_cipher)(unsigned int ncipher); const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr); - const struct ssl_method_internal_st *internal; + unsigned int enc_flags; /* SSL_ENC_FLAG_* */ }; typedef struct ssl_session_internal_st { diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c index f1a59cd7383..a3097c37b97 100644 --- a/lib/libssl/ssl_methods.c +++ b/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.25 2021/05/16 13:56:31 jsing Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.26 2021/07/01 17:53:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,7 +60,7 @@ #include "ssl_locl.h" #include "tls13_internal.h" -static const SSL_METHOD_INTERNAL DTLS_method_internal_data = { +static const SSL_METHOD DTLS_method_data = { .dtls = 1, .server = 1, .version = DTLS1_2_VERSION, @@ -77,19 +77,15 @@ static const SSL_METHOD_INTERNAL DTLS_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD DTLS_method_data = { .ssl_dispatch_alert = dtls1_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &DTLS_method_internal_data, + .enc_flags = TLSV1_2_ENC_FLAGS, }; -static const SSL_METHOD_INTERNAL DTLS_client_method_internal_data = { +static const SSL_METHOD DTLS_client_method_data = { .dtls = 1, .server = 0, .version = DTLS1_2_VERSION, @@ -106,19 +102,15 @@ static const SSL_METHOD_INTERNAL DTLS_client_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD DTLS_client_method_data = { .ssl_dispatch_alert = dtls1_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &DTLS_client_method_internal_data, + .enc_flags = TLSV1_2_ENC_FLAGS, }; -static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { +static const SSL_METHOD DTLSv1_method_data = { .dtls = 1, .server = 1, .version = DTLS1_VERSION, @@ -135,19 +127,15 @@ static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_1_ENC_FLAGS, -}; - -static const SSL_METHOD DTLSv1_method_data = { .ssl_dispatch_alert = dtls1_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &DTLSv1_method_internal_data, + .enc_flags = TLSV1_1_ENC_FLAGS, }; -static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { +static const SSL_METHOD DTLSv1_client_method_data = { .dtls = 1, .server = 0, .version = DTLS1_VERSION, @@ -164,19 +152,15 @@ static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_1_ENC_FLAGS, -}; - -static const SSL_METHOD DTLSv1_client_method_data = { .ssl_dispatch_alert = dtls1_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &DTLSv1_client_method_internal_data, + .enc_flags = TLSV1_1_ENC_FLAGS, }; -static const SSL_METHOD_INTERNAL DTLSv1_2_method_internal_data = { +static const SSL_METHOD DTLSv1_2_method_data = { .dtls = 1, .server = 1, .version = DTLS1_2_VERSION, @@ -193,19 +177,15 @@ static const SSL_METHOD_INTERNAL DTLSv1_2_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD DTLSv1_2_method_data = { .ssl_dispatch_alert = dtls1_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &DTLSv1_2_method_internal_data, + .enc_flags = TLSV1_2_ENC_FLAGS, }; -static const SSL_METHOD_INTERNAL DTLSv1_2_client_method_internal_data = { +static const SSL_METHOD DTLSv1_2_client_method_data = { .dtls = 1, .server = 0, .version = DTLS1_2_VERSION, @@ -222,16 +202,12 @@ static const SSL_METHOD_INTERNAL DTLSv1_2_client_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD DTLSv1_2_client_method_data = { .ssl_dispatch_alert = dtls1_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = dtls1_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &DTLSv1_2_client_method_internal_data, + .enc_flags = TLSV1_2_ENC_FLAGS, }; const SSL_METHOD * @@ -289,7 +265,7 @@ DTLS_server_method(void) } #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) -static const SSL_METHOD_INTERNAL TLS_method_internal_data = { +static const SSL_METHOD TLS_method_data = { .dtls = 0, .server = 1, .version = TLS1_3_VERSION, @@ -306,20 +282,16 @@ static const SSL_METHOD_INTERNAL TLS_method_internal_data = { .ssl_pending = tls13_legacy_pending, .ssl_read_bytes = tls13_legacy_read_bytes, .ssl_write_bytes = tls13_legacy_write_bytes, - .enc_flags = TLSV1_3_ENC_FLAGS, -}; - -static const SSL_METHOD TLS_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_method_internal_data, + .enc_flags = TLSV1_3_ENC_FLAGS, }; #endif -static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { +static const SSL_METHOD TLS_legacy_method_data = { .dtls = 0, .server = 1, .version = TLS1_2_VERSION, @@ -336,20 +308,16 @@ static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD TLS_legacy_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_legacy_method_internal_data, + .enc_flags = TLSV1_2_ENC_FLAGS, }; #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) -static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { +static const SSL_METHOD TLS_client_method_data = { .dtls = 0, .server = 0, .version = TLS1_3_VERSION, @@ -366,21 +334,17 @@ static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { .ssl_pending = tls13_legacy_pending, .ssl_read_bytes = tls13_legacy_read_bytes, .ssl_write_bytes = tls13_legacy_write_bytes, - .enc_flags = TLSV1_3_ENC_FLAGS, -}; - -static const SSL_METHOD TLS_client_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_client_method_internal_data, + .enc_flags = TLSV1_3_ENC_FLAGS, }; #else -static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { +static const SSL_METHOD TLS_legacy_client_method_data = { .dtls = 0, .server = 0, .version = TLS1_2_VERSION, @@ -397,20 +361,16 @@ static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD TLS_legacy_client_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_legacy_client_method_internal_data, + .enc_flags = TLSV1_2_ENC_FLAGS, }; #endif -static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { +static const SSL_METHOD TLSv1_method_data = { .dtls = 0, .server = 1, .version = TLS1_VERSION, @@ -427,19 +387,15 @@ static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_method_internal_data, + .enc_flags = TLSV1_ENC_FLAGS, }; -static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { +static const SSL_METHOD TLSv1_client_method_data = { .dtls = 0, .server = 0, .version = TLS1_VERSION, @@ -456,19 +412,15 @@ static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_client_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_client_method_internal_data, + .enc_flags = TLSV1_ENC_FLAGS, }; -static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { +static const SSL_METHOD TLSv1_1_method_data = { .dtls = 0, .server = 1, .version = TLS1_1_VERSION, @@ -485,19 +437,15 @@ static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_1_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_1_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_1_method_internal_data, + .enc_flags = TLSV1_1_ENC_FLAGS, }; -static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { +static const SSL_METHOD TLSv1_1_client_method_data = { .dtls = 0, .server = 0, .version = TLS1_1_VERSION, @@ -514,19 +462,15 @@ static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_1_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_1_client_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_1_client_method_internal_data, + .enc_flags = TLSV1_1_ENC_FLAGS, }; -static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { +static const SSL_METHOD TLSv1_2_method_data = { .dtls = 0, .server = 1, .version = TLS1_2_VERSION, @@ -543,19 +487,15 @@ static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_2_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_2_method_internal_data, + .enc_flags = TLSV1_2_ENC_FLAGS, }; -static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { +static const SSL_METHOD TLSv1_2_client_method_data = { .dtls = 0, .server = 0, .version = TLS1_2_VERSION, @@ -572,16 +512,12 @@ static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .enc_flags = TLSV1_2_ENC_FLAGS, -}; - -static const SSL_METHOD TLSv1_2_client_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_2_client_method_internal_data, + .enc_flags = TLSV1_2_ENC_FLAGS, }; const SSL_METHOD * diff --git a/lib/libssl/ssl_packet.c b/lib/libssl/ssl_packet.c index 0a0c5a29df0..af56dcef7f6 100644 --- a/lib/libssl/ssl_packet.c +++ b/lib/libssl/ssl_packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_packet.c,v 1.11 2021/05/16 14:10:43 jsing Exp $ */ +/* $OpenBSD: ssl_packet.c,v 1.12 2021/07/01 17:53:39 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -246,8 +246,7 @@ ssl_server_legacy_first_packet(SSL *s) return 1; /* Only continue if this is not a version locked method. */ - if (s->method->internal->min_tls_version == - s->method->internal->max_tls_version) + if (s->method->min_tls_version == s->method->max_tls_version) return 1; if (ssl_is_sslv2_client_hello(&header) == 1) { diff --git a/lib/libssl/ssl_versions.c b/lib/libssl/ssl_versions.c index 68e69ebca31..c633b58c254 100644 --- a/lib/libssl/ssl_versions.c +++ b/lib/libssl/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.19 2021/06/27 16:54:14 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.20 2021/07/01 17:53:39 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -61,7 +61,7 @@ ssl_version_set_min(const SSL_METHOD *meth, uint16_t proto_ver, uint16_t min_proto, min_version, max_version; if (proto_ver == 0) { - *out_tls_ver = meth->internal->min_tls_version; + *out_tls_ver = meth->min_tls_version; *out_proto_ver = 0; return 1; } @@ -69,17 +69,17 @@ ssl_version_set_min(const SSL_METHOD *meth, uint16_t proto_ver, min_version = proto_ver; max_version = max_tls_ver; - if (meth->internal->dtls) { + if (meth->dtls) { if ((min_version = ssl_dtls_to_tls_version(proto_ver)) == 0) return 0; } if (!ssl_clamp_tls_version_range(&min_version, &max_version, - meth->internal->min_tls_version, meth->internal->max_tls_version)) + meth->min_tls_version, meth->max_tls_version)) return 0; min_proto = min_version; - if (meth->internal->dtls) { + if (meth->dtls) { if ((min_proto = ssl_tls_to_dtls_version(min_version)) == 0) return 0; } @@ -96,7 +96,7 @@ ssl_version_set_max(const SSL_METHOD *meth, uint16_t proto_ver, uint16_t max_proto, min_version, max_version; if (proto_ver == 0) { - *out_tls_ver = meth->internal->max_tls_version; + *out_tls_ver = meth->max_tls_version; *out_proto_ver = 0; return 1; } @@ -104,17 +104,17 @@ ssl_version_set_max(const SSL_METHOD *meth, uint16_t proto_ver, min_version = min_tls_ver; max_version = proto_ver; - if (meth->internal->dtls) { + if (meth->dtls) { if ((max_version = ssl_dtls_to_tls_version(proto_ver)) == 0) return 0; } if (!ssl_clamp_tls_version_range(&min_version, &max_version, - meth->internal->min_tls_version, meth->internal->max_tls_version)) + meth->min_tls_version, meth->max_tls_version)) return 0; max_proto = max_version; - if (meth->internal->dtls) { + if (meth->dtls) { if ((max_proto = ssl_tls_to_dtls_version(max_version)) == 0) return 0; } @@ -195,8 +195,7 @@ ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) /* Limit to the versions supported by this method. */ if (!ssl_clamp_tls_version_range(&min_version, &max_version, - s->method->internal->min_tls_version, - s->method->internal->max_tls_version)) + s->method->min_tls_version, s->method->max_tls_version)) return 0; if (min_ver != NULL) diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 15afb1bae8f..65e20633988 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.150 2021/06/13 15:34:41 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.151 2021/07/01 17:53:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -389,7 +389,7 @@ tls1_setup_key_block(SSL *s) key_block = NULL; if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && - s->method->internal->version <= TLS1_VERSION) { + s->method->version <= TLS1_VERSION) { /* * Enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 72958b7c568..3cb2d8a1132 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.181 2021/06/11 11:13:53 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.182 2021/07/01 17:53:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -129,7 +129,7 @@ tls1_new(SSL *s) { if (!ssl3_new(s)) return (0); - s->method->internal->ssl_clear(s); + s->method->ssl_clear(s); return (1); } @@ -147,7 +147,7 @@ void tls1_clear(SSL *s) { ssl3_clear(s); - s->version = s->method->internal->version; + s->version = s->method->version; } static const int nid_list[] = { diff --git a/lib/libssl/tls13_handshake.c b/lib/libssl/tls13_handshake.c index 55fefe544f2..310a2116b87 100644 --- a/lib/libssl/tls13_handshake.c +++ b/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.68 2021/06/28 18:48:56 tb Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.69 2021/07/01 17:53:39 jsing Exp $ */ /* * Copyright (c) 2018-2021 Theo Buehler * Copyright (c) 2019 Joel Sing @@ -535,7 +535,7 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx, tls13_handshake_msg_free(ctx->hs_msg); ctx->hs_msg = NULL; - if (ctx->ssl->method->internal->version < TLS1_3_VERSION) + if (ctx->ssl->method->version < TLS1_3_VERSION) return TLS13_IO_USE_LEGACY; return ret; diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c index cd9ec9942d0..beb89524027 100644 --- a/lib/libssl/tls13_legacy.c +++ b/lib/libssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.25 2021/06/28 15:36:51 tb Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.26 2021/07/01 17:53:39 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -358,8 +358,8 @@ tls13_use_legacy_client(struct tls13_ctx *ctx) if (!tls13_use_legacy_stack(ctx)) return 0; - s->internal->handshake_func = s->method->internal->ssl_connect; - s->client_version = s->version = s->method->internal->max_tls_version; + s->internal->handshake_func = s->method->ssl_connect; + s->client_version = s->version = s->method->max_tls_version; return 1; } @@ -372,8 +372,8 @@ tls13_use_legacy_server(struct tls13_ctx *ctx) if (!tls13_use_legacy_stack(ctx)) return 0; - s->internal->handshake_func = s->method->internal->ssl_accept; - s->client_version = s->version = s->method->internal->max_tls_version; + s->internal->handshake_func = s->method->ssl_accept; + s->client_version = s->version = s->method->max_tls_version; s->server = 1; return 1; @@ -405,7 +405,7 @@ tls13_legacy_accept(SSL *ssl) ret = tls13_server_accept(ctx); if (ret == TLS13_IO_USE_LEGACY) - return ssl->method->internal->ssl_accept(ssl); + return ssl->method->ssl_accept(ssl); return tls13_legacy_return_code(ssl, ret); } @@ -420,7 +420,7 @@ tls13_legacy_connect(SSL *ssl) /* XXX drop back to legacy for client auth for now */ if (ssl->cert->key->privatekey != NULL) { ssl->method = tls_legacy_client_method(); - return ssl->method->internal->ssl_connect(ssl); + return ssl->method->ssl_connect(ssl); } #endif @@ -444,7 +444,7 @@ tls13_legacy_connect(SSL *ssl) ret = tls13_client_connect(ctx); if (ret == TLS13_IO_USE_LEGACY) - return ssl->method->internal->ssl_connect(ssl); + return ssl->method->ssl_connect(ssl); return tls13_legacy_return_code(ssl, ret); } diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index ff410fbb34d..d2c7abbf7c5 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.83 2021/06/29 19:20:39 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.84 2021/07/01 17:53:39 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -282,7 +282,7 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; /* See if we switched back to the legacy client method. */ - if (s->method->internal->version < TLS1_3_VERSION) + if (s->method->version < TLS1_3_VERSION) return 1; /* @@ -460,7 +460,7 @@ tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs) return 0; /* XXX - need further checks. */ - if (s->method->internal->version < TLS1_3_VERSION) + if (s->method->version < TLS1_3_VERSION) return 0; ctx->hs->tls13.hrr = 0; -- 2.20.1