Commit 08557cf2 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Initial "opaque SSL" framework. If an application defines 

OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.

The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
parent c4d16287

CHANGES

+6 −0
Original line number Diff line number Diff line
@@ -4,6 +4,12 @@ 


 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]



  *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled

     with this defined it will not be affected by any changes to ssl internal

     structures. Add several utility functions to allow openssl application

     to work with OPENSSL_NO_SSL_INTERN defined.

     [Steve Henson]



  *) Minor change to DRBG entropy callback semantics. In some cases

     there is no mutiple of the block length between min_len and

     max_len. Allow the callback to return more than max_len bytes

apps/apps.h

+2 −0
Original line number Diff line number Diff line
@@ -365,6 +365,8 @@ int raw_write_stdout(const void *,int); 
double app_tminterval (int stop,int usertime);

#endif



#define OPENSSL_NO_SSL_INTERN



#ifndef OPENSSL_NO_NEXTPROTONEG

unsigned char *next_protos_parse(unsigned short *outlen, const char *in);

#endif

apps/ciphers.c

+1 −1
Original line number Diff line number Diff line
@@ -196,7 +196,7 @@ int MAIN(int argc, char **argv) 
			

			if (Verbose)

				{

				unsigned long id = c->id;

				unsigned long id = SSL_CIPHER_get_id(c);

				int id0 = (int)(id >> 24);

				int id1 = (int)((id >> 16) & 0xffL);

				int id2 = (int)((id >> 8) & 0xffL);

apps/s_client.c

+3 −3
Original line number Diff line number Diff line
@@ -1238,7 +1238,7 @@ re_start: 
			}

		}

#endif                                              

	if (c_Pause & 0x01) con->debug=1;

	if (c_Pause & 0x01) SSL_set_debug(con, 1);



	if ( SSL_version(con) == DTLS1_VERSION)

		{
@@ -1287,7 +1287,7 @@ re_start: 


	if (c_debug)

		{

		con->debug=1;

		SSL_set_debug(con, 1);

		BIO_set_callback(sbio,bio_dump_callback);

		BIO_set_callback_arg(sbio,(char *)bio_c_out);

		}
@@ -1972,7 +1972,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) 
			BIO_number_read(SSL_get_rbio(s)),

			BIO_number_written(SSL_get_wbio(s)));

		}

	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));

	BIO_printf(bio,(SSL_cache_hit(s)?"---\nReused, ":"---\nNew, "));

	c=SSL_get_current_cipher(s);

	BIO_printf(bio,"%s, Cipher is %s\n",

		SSL_CIPHER_get_version(c),

apps/s_server.c

+11 −11
Original line number Diff line number Diff line
@@ -2042,7 +2042,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) 


	if (s_debug)

		{

		con->debug=1;

		SSL_set_debug(con, 1);

		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);

		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);

		}
@@ -2380,7 +2380,7 @@ static int init_ssl_connection(SSL *con) 
		BIO_printf(bio_s_out, "\n");

		}

#endif

	if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");

	if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");

	if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &

		TLS1_FLAGS_TLS_PADDING_BUG)

		BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
@@ -2499,7 +2499,7 @@ static int www_body(char *hostname, int s, unsigned char *context) 


	if (s_debug)

		{

		con->debug=1;

		SSL_set_debug(con, 1);

		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);

		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);

		}
@@ -2585,7 +2585,7 @@ static int www_body(char *hostname, int s, unsigned char *context) 
				goto err;

				}

			/* EVIL HACK! */

			con->state = SSL_ST_ACCEPT;

			SSL_set_state(con, SSL_ST_ACCEPT);

			i=SSL_do_handshake(con);

			BIO_printf(bio_s_out, "SSL_do_handshake -> %d\n",i);

			if (i <= 0)
@@ -2651,7 +2651,7 @@ static int www_body(char *hostname, int s, unsigned char *context) 
					}

				BIO_puts(io,"\n");

				}

			BIO_printf(io,((con->hit)

			BIO_printf(io,(SSL_cache_hit(con)

				?"---\nReused, "

				:"---\nNew, "));

			c=SSL_get_current_cipher(con);
@@ -2908,7 +2908,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, 
typedef struct simple_ssl_session_st

	{

	unsigned char *id;

	int idlen;

	unsigned int idlen;

	unsigned char *der;

	int derlen;

	struct simple_ssl_session_st *next;
@@ -2923,10 +2923,10 @@ static int add_session(SSL *ssl, SSL_SESSION *session) 


	sess = OPENSSL_malloc(sizeof(simple_ssl_session));



	sess->idlen = session->session_id_length;

	sess->idlen = SSL_SESSION_get_id_len(session);

	sess->derlen = i2d_SSL_SESSION(session, NULL);



	sess->id = BUF_memdup(session->session_id, sess->idlen);

	sess->id = BUF_memdup(SSL_SESSION_get0_id(session), sess->idlen);



	sess->der = OPENSSL_malloc(sess->derlen);

	p = sess->der;
@@ -2945,7 +2945,7 @@ static SSL_SESSION *get_session(SSL *ssl, unsigned char *id, int idlen, 
	*do_copy = 0;

	for (sess = first; sess; sess = sess->next)

		{

		if (idlen == sess->idlen && !memcmp(sess->id, id, idlen))

		if (idlen == (int)sess->idlen && !memcmp(sess->id, id, idlen))

			{

			const unsigned char *p = sess->der;

			BIO_printf(bio_err, "Lookup session: cache hit\n");
@@ -2959,8 +2959,8 @@ static SSL_SESSION *get_session(SSL *ssl, unsigned char *id, int idlen, 
static void del_session(SSL_CTX *sctx, SSL_SESSION *session)

	{

	simple_ssl_session *sess, *prev = NULL;

	unsigned char *id = session->session_id;

	int idlen = session->session_id_length;

	const unsigned char *id = SSL_SESSION_get0_id(session);

	unsigned int idlen = SSL_SESSION_get_id_len(session);

	for (sess = first; sess; sess = sess->next)

		{

		if (idlen == sess->idlen && !memcmp(sess->id, id, idlen))