int SSL_clear(SSL *s)
{
-
if (s->method == NULL) {
SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
return (0);
s->version = s->method->version;
s->client_version = s->version;
s->rwstate = SSL_NOTHING;
- s->rstate = SSL_ST_READ_HEADER;
if (s->init_buf != NULL) {
BUF_MEM_free(s->init_buf);
return (0);
} else
s->method->ssl_clear(s);
+
+ RECORD_LAYER_clear(&s->rlayer);
+
return (1);
}
goto err;
memset(s, 0, sizeof(SSL));
+ RECORD_LAYER_init(&s->rlayer, s);
+
#ifndef OPENSSL_NO_KRB5
s->kssl_ctx = kssl_ctx_new();
#endif /* OPENSSL_NO_KRB5 */
if (s->cert == NULL)
goto err;
- s->read_ahead = ctx->read_ahead;
+ RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
s->msg_callback = ctx->msg_callback;
s->msg_callback_arg = ctx->msg_callback_arg;
s->verify_mode = ctx->verify_mode;
BIO_free(s->bbio);
s->bbio = NULL;
}
- if (s->rbio != NULL)
- BIO_free_all(s->rbio);
- if ((s->wbio != NULL) && (s->wbio != s->rbio))
+ BIO_free_all(s->rbio);
+ if (s->wbio != s->rbio)
BIO_free_all(s->wbio);
if (s->init_buf != NULL)
if (s->method != NULL)
s->method->ssl_free(s);
+ RECORD_LAYER_release(&s->rlayer);
+
if (s->ctx)
SSL_CTX_free(s->ctx);
void SSL_set_rbio(SSL *s, BIO *rbio)
{
- if ((s->rbio != NULL) && (s->rbio != rbio))
+ if (s->rbio != rbio)
BIO_free_all(s->rbio);
s->rbio = rbio;
}
s->bbio->next_bio = NULL;
}
}
- if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
+ if (s->wbio != wbio && s->rbio != s->wbio)
BIO_free_all(s->wbio);
s->wbio = wbio;
}
void SSL_set_read_ahead(SSL *s, int yes)
{
- s->read_ahead = yes;
+ RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
}
int SSL_get_read_ahead(const SSL *s)
{
- return (s->read_ahead);
+ return RECORD_LAYER_get_read_ahead(&s->rlayer);
}
int SSL_pending(const SSL *s)
* Now in theory, since the calling process own 't' it should be safe to
* modify. We need to be able to read f without being hassled
*/
-void SSL_copy_session_id(SSL *t, const SSL *f)
+int SSL_copy_session_id(SSL *t, const SSL *f)
{
- CERT *tmp;
-
/* Do we need to to SSL locking? */
if(!SSL_set_session(t, SSL_get_session(f))) {
- /* How do we handle this!! void function */
- return;
+ return 0;
}
/*
t->method->ssl_new(t); /* setup new */
}
- tmp = t->cert;
- if (f->cert != NULL) {
- CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
- t->cert = f->cert;
- } else
- t->cert = NULL;
- if (tmp != NULL)
- ssl_cert_free(tmp);
+ CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
+ ssl_cert_free(t->cert);
+ t->cert = f->cert;
if(!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) {
- /* Really should do something about this..but void function - ignore */
- ;
+ return 0;
}
+
+ return 1;
}
/* Fix this so it checks all the valid key/cert options */
int SSL_CTX_check_private_key(const SSL_CTX *ctx)
{
if ((ctx == NULL) ||
- (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) {
+ (ctx->cert->key->x509 == NULL)) {
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
SSL_R_NO_CERTIFICATE_ASSIGNED);
return (0);
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
return (0);
}
- if (ssl->cert == NULL) {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
- return 0;
- }
if (ssl->cert->key->x509 == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
return (0);
switch (cmd) {
case SSL_CTRL_GET_READ_AHEAD:
- return (s->read_ahead);
+ return (RECORD_LAYER_get_read_ahead(&s->rlayer));
case SSL_CTRL_SET_READ_AHEAD:
- l = s->read_ahead;
- s->read_ahead = larg;
+ l = RECORD_LAYER_get_read_ahead(&s->rlayer);
+ RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
return (l);
case SSL_CTRL_SET_MSG_CALLBACK_ARG:
ret->tlsext_servername_callback = 0;
ret->tlsext_servername_arg = NULL;
/* Setup RFC4507 ticket keys */
- if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
+ if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0)
|| (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
|| (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
ret->options |= SSL_OP_NO_TICKET;
if (s->session != NULL) {
/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
- SSL_copy_session_id(ret, s);
+ if(!SSL_copy_session_id(ret, s))
+ goto err;
} else {
/*
* No session has been established yet, so we have to expect that
ret->shutdown = s->shutdown;
ret->state = s->state; /* SSL_dup does not really work at any state,
* though */
- ret->rstate = s->rstate;
+ RECORD_LAYER_dup(&ret->rlayer, &s->rlayer);
ret->init_num = 0; /* would have to copy ret->init_buf,
* ret->init_msg, ret->init_num,
* ret->init_off */
SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
{
- CERT *ocert = ssl->cert;
+ CERT *new_cert;
if (ssl->ctx == ctx)
return ssl->ctx;
#ifndef OPENSSL_NO_TLSEXT
if (ctx == NULL)
ctx = ssl->initial_ctx;
#endif
- ssl->cert = ssl_cert_dup(ctx->cert);
- if (ocert) {
- /* Preserve any already negotiated parameters */
- if (ssl->server) {
- ssl->cert->peer_sigalgs = ocert->peer_sigalgs;
- ssl->cert->peer_sigalgslen = ocert->peer_sigalgslen;
- ocert->peer_sigalgs = NULL;
- ssl->cert->ciphers_raw = ocert->ciphers_raw;
- ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen;
- ocert->ciphers_raw = NULL;
- }
- ssl_cert_free(ocert);
+ new_cert = ssl_cert_dup(ctx->cert);
+ if (new_cert == NULL) {
+ return NULL;
}
+ /* Preserve any already negotiated parameters */
+ if (ssl->server) {
+ new_cert->peer_sigalgs = ssl->cert->peer_sigalgs;
+ new_cert->peer_sigalgslen = ssl->cert->peer_sigalgslen;
+ ssl->cert->peer_sigalgs = NULL;
+ new_cert->ciphers_raw = ssl->cert->ciphers_raw;
+ new_cert->ciphers_rawlen = ssl->cert->ciphers_rawlen;
+ ssl->cert->ciphers_raw = NULL;
+ }
+ ssl_cert_free(ssl->cert);
+ ssl->cert = new_cert;
/*
* Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
projects / openssl.git / blobdiff