From: Dr. Stephen Henson Date: Fri, 5 Aug 2005 23:56:11 +0000 (+0000) Subject: Initialize SSL_METHOD structures at compile time. This removes the need X-Git-Tag: OpenSSL_0_9_8k^2~1866 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f3b656b246f45a0159aea9c38634a9f72f98d31d;p=oweals%2Fopenssl.git Initialize SSL_METHOD structures at compile time. This removes the need for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used. --- diff --git a/CHANGES b/CHANGES index 614348b8c4..d025d780a3 100644 --- a/CHANGES +++ b/CHANGES @@ -14,6 +14,10 @@ Changes between 0.9.8 and 0.9.8a [XX xxx XXXX] + *) Initialize SSL_METHOD structures at compile time instead of during + runtime, thus removing the need for a lock. + [Steve Henson] + *) Make PKCS7_decrypt() work even if no certificate is supplied by attempting to decrypt each encrypted key in turn. Add support to smime utility. diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index deeb50da3d..15ccf435fc 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -136,28 +136,10 @@ static SSL_METHOD *dtls1_get_client_method(int ver) return(NULL); } -SSL_METHOD *DTLSv1_client_method(void) - { - static int init=1; - static SSL_METHOD DTLSv1_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&DTLSv1_client_data,(char *)dtlsv1_base_method(), - sizeof(SSL_METHOD)); - DTLSv1_client_data.ssl_connect=dtls1_connect; - DTLSv1_client_data.get_ssl_method=dtls1_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&DTLSv1_client_data); - } +IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, + ssl_undefined_function, + dtls1_connect, + dtls1_get_client_method) int dtls1_connect(SSL *s) { diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index ea0dbf4831..070bb1ec18 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -63,9 +63,7 @@ const char *dtls1_version_str="DTLSv1" OPENSSL_VERSION_PTEXT; -static long dtls1_default_timeout(void); - -static SSL3_ENC_METHOD DTLSv1_enc_data={ +SSL3_ENC_METHOD DTLSv1_enc_data={ dtls1_enc, tls1_mac, tls1_setup_key_block, @@ -79,49 +77,17 @@ static SSL3_ENC_METHOD DTLSv1_enc_data={ tls1_alert_code, }; -static SSL_METHOD DTLSv1_data= { - DTLS1_VERSION, - dtls1_new, - dtls1_clear, - dtls1_free, - ssl_undefined_function, - ssl_undefined_function, - ssl3_read, - ssl3_peek, - ssl3_write, - ssl3_shutdown, - ssl3_renegotiate, - ssl3_renegotiate_check, - dtls1_get_message, - dtls1_read_bytes, - dtls1_write_app_data_bytes, - dtls1_dispatch_alert, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl3_get_cipher_by_char, - ssl3_put_cipher_by_char, - ssl3_pending, - ssl3_num_ciphers, - ssl3_get_cipher, - ssl_bad_method, - dtls1_default_timeout, - &DTLSv1_enc_data, - ssl_undefined_void_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - }; - -static long dtls1_default_timeout(void) +long dtls1_default_timeout(void) { /* 2 hours, the 24 hours mentioned in the DTLSv1 spec * is way too long for http, the cache would over fill */ return(60*60*2); } -SSL_METHOD *dtlsv1_base_method(void) - { - return(&DTLSv1_data); - } +IMPLEMENT_dtls1_meth_func(dtls1_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) int dtls1_new(SSL *s) { diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c index dc4c8ede86..8a6cf31947 100644 --- a/ssl/d1_meth.c +++ b/ssl/d1_meth.c @@ -70,27 +70,8 @@ static SSL_METHOD *dtls1_get_method(int ver) return(NULL); } -SSL_METHOD *DTLSv1_method(void) - { - static int init=1; - static SSL_METHOD DTLSv1_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&DTLSv1_data,(char *)dtlsv1_base_method(), - sizeof(SSL_METHOD)); - DTLSv1_data.ssl_connect=dtls1_connect; - DTLSv1_data.ssl_accept=dtls1_accept; - DTLSv1_data.get_ssl_method=dtls1_get_method; - init=0; - } +IMPLEMENT_dtls1_meth_func(DTLSv1_method, + dtls1_accept, + dtls1_connect, + dtls1_get_method) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - - return(&DTLSv1_data); - } diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 8865dd2a4e..6057c1088d 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -137,28 +137,10 @@ static SSL_METHOD *dtls1_get_server_method(int ver) return(NULL); } -SSL_METHOD *DTLSv1_server_method(void) - { - static int init=1; - static SSL_METHOD DTLSv1_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&DTLSv1_server_data,(char *)dtlsv1_base_method(), - sizeof(SSL_METHOD)); - DTLSv1_server_data.ssl_accept=dtls1_accept; - DTLSv1_server_data.get_ssl_method=dtls1_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&DTLSv1_server_data); - } +IMPLEMENT_dtls1_meth_func(DTLSv1_server_method, + dtls1_accept, + ssl_undefined_function, + dtls1_get_server_method) int dtls1_accept(SSL *s) { diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index b21308b6f2..8bac26c5ac 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -80,28 +80,10 @@ static SSL_METHOD *ssl23_get_client_method(int ver) return(NULL); } -SSL_METHOD *SSLv23_client_method(void) - { - static int init=1; - static SSL_METHOD SSLv23_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv23_client_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_client_data.ssl_connect=ssl23_connect; - SSLv23_client_data.get_ssl_method=ssl23_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv23_client_data); - } +IMPLEMENT_ssl23_meth_func(SSLv23_client_method, + ssl_undefined_function, + ssl23_connect, + ssl23_get_client_method) int ssl23_connect(SSL *s) { diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index 2c5129831a..fc2981308d 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -60,59 +60,17 @@ #include #include "ssl_locl.h" -static int ssl23_num_ciphers(void ); -static SSL_CIPHER *ssl23_get_cipher(unsigned int u); -static int ssl23_read(SSL *s, void *buf, int len); -static int ssl23_peek(SSL *s, void *buf, int len); -static int ssl23_write(SSL *s, const void *buf, int len); -static long ssl23_default_timeout(void ); -static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); -const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT; - -static SSL_METHOD SSLv23_data= { - TLS1_VERSION, - tls1_new, - tls1_clear, - tls1_free, - ssl_undefined_function, - ssl_undefined_function, - ssl23_read, - ssl23_peek, - ssl23_write, - ssl_undefined_function, - ssl_undefined_function, - ssl_ok, - ssl3_get_message, - ssl3_read_bytes, - ssl3_write_bytes, - ssl3_dispatch_alert, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl23_get_cipher_by_char, - ssl23_put_cipher_by_char, - ssl_undefined_const_function, - ssl23_num_ciphers, - ssl23_get_cipher, - ssl_bad_method, - ssl23_default_timeout, - &ssl3_undef_enc_method, - ssl_undefined_void_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - }; - -static long ssl23_default_timeout(void) +long ssl23_default_timeout(void) { return(300); } -SSL_METHOD *sslv23_base_method(void) - { - return(&SSLv23_data); - } +IMPLEMENT_ssl23_meth_func(sslv23_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) -static int ssl23_num_ciphers(void) +int ssl23_num_ciphers(void) { return(ssl3_num_ciphers() #ifndef OPENSSL_NO_SSL2 @@ -121,7 +79,7 @@ static int ssl23_num_ciphers(void) ); } -static SSL_CIPHER *ssl23_get_cipher(unsigned int u) +SSL_CIPHER *ssl23_get_cipher(unsigned int u) { unsigned int uu=ssl3_num_ciphers(); @@ -137,7 +95,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u) /* This function needs to check if the ciphers required are actually * available */ -static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) +SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { SSL_CIPHER c,*cp; unsigned long id; @@ -155,7 +113,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) return(cp); } -static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) +int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) { long l; @@ -170,7 +128,7 @@ static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) return(3); } -static int ssl23_read(SSL *s, void *buf, int len) +int ssl23_read(SSL *s, void *buf, int len) { int n; @@ -193,7 +151,7 @@ static int ssl23_read(SSL *s, void *buf, int len) } } -static int ssl23_peek(SSL *s, void *buf, int len) +int ssl23_peek(SSL *s, void *buf, int len) { int n; @@ -216,7 +174,7 @@ static int ssl23_peek(SSL *s, void *buf, int len) } } -static int ssl23_write(SSL *s, const void *buf, int len) +int ssl23_write(SSL *s, const void *buf, int len) { int n; diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c index f207140835..c88569d32c 100644 --- a/ssl/s23_meth.c +++ b/ssl/s23_meth.c @@ -73,27 +73,8 @@ static SSL_METHOD *ssl23_get_method(int ver) return(NULL); } -SSL_METHOD *SSLv23_method(void) - { - static int init=1; - static SSL_METHOD SSLv23_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(), - sizeof(SSL_METHOD)); - SSLv23_data.ssl_connect=ssl23_connect; - SSLv23_data.ssl_accept=ssl23_accept; - SSLv23_data.get_ssl_method=ssl23_get_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv23_data); - } +IMPLEMENT_ssl23_meth_func(SSLv23_method, + ssl23_accept, + ssl23_connect, + ssl23_get_method) diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index c5404ca0bc..945a2c9872 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -132,28 +132,10 @@ static SSL_METHOD *ssl23_get_server_method(int ver) return(NULL); } -SSL_METHOD *SSLv23_server_method(void) - { - static int init=1; - static SSL_METHOD SSLv23_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv23_server_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_server_data.ssl_accept=ssl23_accept; - SSLv23_server_data.get_ssl_method=ssl23_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv23_server_data); - } +IMPLEMENT_ssl23_meth_func(SSLv23_server_method, + ssl23_accept, + ssl_undefined_function, + ssl23_get_server_method) int ssl23_accept(SSL *s) { diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 33ea7592c4..0c9e24d5c4 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -137,28 +137,10 @@ static SSL_METHOD *ssl2_get_client_method(int ver) return(NULL); } -SSL_METHOD *SSLv2_client_method(void) - { - static int init=1; - static SSL_METHOD SSLv2_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_client_data.ssl_connect=ssl2_connect; - SSLv2_client_data.get_ssl_method=ssl2_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv2_client_data); - } +IMPLEMENT_ssl2_meth_func(SSLv2_client_method, + ssl_undefined_function, + ssl2_connect, + ssl2_get_client_method) int ssl2_connect(SSL *s) { diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index a454d73dc5..cec19673f5 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -63,7 +63,6 @@ #include #include -static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) @@ -211,47 +210,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ /* end of list :-) */ }; -static SSL_METHOD SSLv2_data= { - SSL2_VERSION, - ssl2_new, /* local */ - ssl2_clear, /* local */ - ssl2_free, /* local */ - ssl_undefined_function, - ssl_undefined_function, - ssl2_read, - ssl2_peek, - ssl2_write, - ssl2_shutdown, - ssl_ok, /* NULL - renegotiate */ - ssl_ok, /* NULL - check renegotiate */ - NULL, /* NULL - ssl_get_message */ - NULL, /* NULL - ssl_get_record */ - NULL, /* NULL - ssl_write_bytes */ - NULL, /* NULL - dispatch_alert */ - ssl2_ctrl, /* local */ - ssl2_ctx_ctrl, /* local */ - ssl2_get_cipher_by_char, - ssl2_put_cipher_by_char, - ssl2_pending, - ssl2_num_ciphers, - ssl2_get_cipher, - ssl_bad_method, - ssl2_default_timeout, - &ssl3_undef_enc_method, - ssl_undefined_void_function, - ssl2_callback_ctrl, /* local */ - ssl2_ctx_callback_ctrl, /* local */ - }; - -static long ssl2_default_timeout(void) +long ssl2_default_timeout(void) { return(300); } -SSL_METHOD *sslv2_base_method(void) - { - return(&SSLv2_data); - } +IMPLEMENT_ssl2_meth_func(sslv2_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) int ssl2_num_ciphers(void) { diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c index 8b6cbd086e..a35e435b71 100644 --- a/ssl/s2_meth.c +++ b/ssl/s2_meth.c @@ -70,29 +70,11 @@ static SSL_METHOD *ssl2_get_method(int ver) return(NULL); } -SSL_METHOD *SSLv2_method(void) - { - static int init=1; - static SSL_METHOD SSLv2_data; +IMPLEMENT_ssl2_meth_func(SSLv2_method, + ssl2_accept, + ssl2_connect, + ssl2_get_method) - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_data.ssl_connect=ssl2_connect; - SSLv2_data.ssl_accept=ssl2_accept; - SSLv2_data.get_ssl_method=ssl2_get_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv2_data); - } #else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 546feb5174..247cc89155 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -137,28 +137,10 @@ static SSL_METHOD *ssl2_get_server_method(int ver) return(NULL); } -SSL_METHOD *SSLv2_server_method(void) - { - static int init=1; - static SSL_METHOD SSLv2_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_server_data.ssl_accept=ssl2_accept; - SSLv2_server_data.get_ssl_method=ssl2_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv2_server_data); - } +IMPLEMENT_ssl2_meth_func(SSLv2_server_method, + ssl2_accept, + ssl_undefined_function, + ssl2_get_server_method) int ssl2_accept(SSL *s) { diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 4f67cda042..51d4c48724 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -151,28 +151,10 @@ static SSL_METHOD *ssl3_get_client_method(int ver) return(NULL); } -SSL_METHOD *SSLv3_client_method(void) - { - static int init=1; - static SSL_METHOD SSLv3_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), - sizeof(SSL_METHOD)); - SSLv3_client_data.ssl_connect=ssl3_connect; - SSLv3_client_data.get_ssl_method=ssl3_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv3_client_data); - } +IMPLEMENT_ssl3_meth_func(SSLv3_client_method, + ssl_undefined_function, + ssl3_connect, + ssl3_get_client_method) int ssl3_connect(SSL *s) { diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d9d6ddbbe3..e42967b7e3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -135,8 +135,6 @@ const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) -static long ssl3_default_timeout(void ); - OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* The RSA ciphers */ /* Cipher 01 */ @@ -1356,7 +1354,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* end of list */ }; -static SSL3_ENC_METHOD SSLv3_enc_data={ +SSL3_ENC_METHOD SSLv3_enc_data={ ssl3_enc, ssl3_mac, ssl3_setup_key_block, @@ -1370,49 +1368,17 @@ static SSL3_ENC_METHOD SSLv3_enc_data={ ssl3_alert_code, }; -static SSL_METHOD SSLv3_data= { - SSL3_VERSION, - ssl3_new, - ssl3_clear, - ssl3_free, - ssl_undefined_function, - ssl_undefined_function, - ssl3_read, - ssl3_peek, - ssl3_write, - ssl3_shutdown, - ssl3_renegotiate, - ssl3_renegotiate_check, - ssl3_get_message, - ssl3_read_bytes, - ssl3_write_bytes, - ssl3_dispatch_alert, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl3_get_cipher_by_char, - ssl3_put_cipher_by_char, - ssl3_pending, - ssl3_num_ciphers, - ssl3_get_cipher, - ssl_bad_method, - ssl3_default_timeout, - &SSLv3_enc_data, - ssl_undefined_void_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - }; - -static long ssl3_default_timeout(void) +long ssl3_default_timeout(void) { /* 2 hours, the 24 hours mentioned in the SSLv3 spec * is way too long for http, the cache would over fill */ return(60*60*2); } -SSL_METHOD *sslv3_base_method(void) - { - return(&SSLv3_data); - } +IMPLEMENT_ssl3_meth_func(sslv3_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) int ssl3_num_ciphers(void) { diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c index 1fd7a96f87..6a6eb1c58f 100644 --- a/ssl/s3_meth.c +++ b/ssl/s3_meth.c @@ -69,27 +69,9 @@ static SSL_METHOD *ssl3_get_method(int ver) return(NULL); } -SSL_METHOD *SSLv3_method(void) - { - static int init=1; - static SSL_METHOD SSLv3_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(), - sizeof(SSL_METHOD)); - SSLv3_data.ssl_connect=ssl3_connect; - SSLv3_data.ssl_accept=ssl3_accept; - SSLv3_data.get_ssl_method=ssl3_get_method; - init=0; - } +IMPLEMENT_ssl3_meth_func(SSLv3_method, + ssl3_accept, + ssl3_connect, + ssl3_get_method) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv3_data); - } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index cd10334b90..7cc7634bb3 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -156,28 +156,10 @@ static SSL_METHOD *ssl3_get_server_method(int ver) return(NULL); } -SSL_METHOD *SSLv3_server_method(void) - { - static int init=1; - static SSL_METHOD SSLv3_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), - sizeof(SSL_METHOD)); - SSLv3_server_data.ssl_accept=ssl3_accept; - SSLv3_server_data.get_ssl_method=ssl3_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&SSLv3_server_data); - } +IMPLEMENT_ssl3_meth_func(SSLv3_server_method, + ssl3_accept, + ssl_undefined_function, + ssl3_get_server_method) int ssl3_accept(SSL *s) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index f61b1cd7e5..69970a7692 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -515,6 +515,195 @@ SSL_METHOD *sslv2_base_method(void); SSL_METHOD *sslv23_base_method(void); SSL_METHOD *sslv3_base_method(void); +extern SSL3_ENC_METHOD TLSv1_enc_data; +extern SSL3_ENC_METHOD SSLv3_enc_data; +extern SSL3_ENC_METHOD DTLSv1_enc_data; + +#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +SSL_METHOD *func_name(void) \ + { \ + static SSL_METHOD func_name##_data= { \ + TLS1_VERSION, \ + tls1_new, \ + tls1_clear, \ + tls1_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + ssl3_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + ssl3_get_message, \ + ssl3_read_bytes, \ + ssl3_write_bytes, \ + ssl3_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + s_get_meth, \ + tls1_default_timeout, \ + &TLSv1_enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +SSL_METHOD *func_name(void) \ + { \ + static SSL_METHOD func_name##_data= { \ + SSL3_VERSION, \ + ssl3_new, \ + ssl3_clear, \ + ssl3_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + ssl3_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + ssl3_get_message, \ + ssl3_read_bytes, \ + ssl3_write_bytes, \ + ssl3_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + s_get_meth, \ + ssl3_default_timeout, \ + &SSLv3_enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +SSL_METHOD *func_name(void) \ + { \ + static SSL_METHOD func_name##_data= { \ + TLS1_VERSION, \ + tls1_new, \ + tls1_clear, \ + tls1_free, \ + s_accept, \ + s_connect, \ + ssl23_read, \ + ssl23_peek, \ + ssl23_write, \ + ssl_undefined_function, \ + ssl_undefined_function, \ + ssl_ok, \ + ssl3_get_message, \ + ssl3_read_bytes, \ + ssl3_write_bytes, \ + ssl3_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl23_get_cipher_by_char, \ + ssl23_put_cipher_by_char, \ + ssl_undefined_const_function, \ + ssl23_num_ciphers, \ + ssl23_get_cipher, \ + s_get_meth, \ + ssl23_default_timeout, \ + &ssl3_undef_enc_method, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +SSL_METHOD *func_name(void) \ + { \ + static SSL_METHOD func_name##_data= { \ + SSL2_VERSION, \ + ssl2_new, /* local */ \ + ssl2_clear, /* local */ \ + ssl2_free, /* local */ \ + s_accept, \ + s_connect, \ + ssl2_read, \ + ssl2_peek, \ + ssl2_write, \ + ssl2_shutdown, \ + ssl_ok, /* NULL - renegotiate */ \ + ssl_ok, /* NULL - check renegotiate */ \ + NULL, /* NULL - ssl_get_message */ \ + NULL, /* NULL - ssl_get_record */ \ + NULL, /* NULL - ssl_write_bytes */ \ + NULL, /* NULL - dispatch_alert */ \ + ssl2_ctrl, /* local */ \ + ssl2_ctx_ctrl, /* local */ \ + ssl2_get_cipher_by_char, \ + ssl2_put_cipher_by_char, \ + ssl2_pending, \ + ssl2_num_ciphers, \ + ssl2_get_cipher, \ + s_get_meth, \ + ssl2_default_timeout, \ + &ssl3_undef_enc_method, \ + ssl_undefined_void_function, \ + ssl2_callback_ctrl, /* local */ \ + ssl2_ctx_callback_ctrl, /* local */ \ + }; \ + return &func_name##_data; \ + } + +#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +SSL_METHOD *func_name(void) \ + { \ + static SSL_METHOD func_name##_data= { \ + DTLS1_VERSION, \ + dtls1_new, \ + dtls1_clear, \ + dtls1_free, \ + s_accept, \ + s_connect, \ + ssl3_read, \ + ssl3_peek, \ + ssl3_write, \ + ssl3_shutdown, \ + ssl3_renegotiate, \ + ssl3_renegotiate_check, \ + dtls1_get_message, \ + dtls1_read_bytes, \ + dtls1_write_app_data_bytes, \ + dtls1_dispatch_alert, \ + ssl3_ctrl, \ + ssl3_ctx_ctrl, \ + ssl3_get_cipher_by_char, \ + ssl3_put_cipher_by_char, \ + ssl3_pending, \ + ssl3_num_ciphers, \ + ssl3_get_cipher, \ + s_get_meth, \ + dtls1_default_timeout, \ + &DTLSv1_enc_data, \ + ssl_undefined_void_function, \ + ssl3_callback_ctrl, \ + ssl3_ctx_callback_ctrl, \ + }; \ + return &func_name##_data; \ + } + void ssl_clear_cipher_ctx(SSL *s); int ssl_clear_bad_session(SSL *s); CERT *ssl_cert_new(void); @@ -578,6 +767,7 @@ long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); int ssl2_pending(const SSL *s); +long ssl2_default_timeout(void ); SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); @@ -629,7 +819,18 @@ int ssl3_pending(const SSL *s); void ssl3_record_sequence_update(unsigned char *seq); int ssl3_do_change_cipher_spec(SSL *ssl); - +long ssl3_default_timeout(void ); + +int ssl23_num_ciphers(void ); +SSL_CIPHER *ssl23_get_cipher(unsigned int u); +int ssl23_read(SSL *s, void *buf, int len); +int ssl23_peek(SSL *s, void *buf, int len); +int ssl23_write(SSL *s, const void *buf, int len); +int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); +SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); +long ssl23_default_timeout(void ); + +long tls1_default_timeout(void); int dtls1_do_write(SSL *s,int type); int ssl3_read_n(SSL *s, int n, int max, int extend); int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); @@ -640,6 +841,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len); + int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); @@ -654,6 +856,7 @@ void dtls1_clear_record_buffer(SSL *s); void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); +long dtls1_default_timeout(void); /* some client-only functions */ diff --git a/ssl/t1_clnt.c b/ssl/t1_clnt.c index 57205fb429..4d1e198cdc 100644 --- a/ssl/t1_clnt.c +++ b/ssl/t1_clnt.c @@ -72,26 +72,8 @@ static SSL_METHOD *tls1_get_client_method(int ver) return(NULL); } -SSL_METHOD *TLSv1_client_method(void) - { - static int init=1; - static SSL_METHOD TLSv1_client_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), - sizeof(SSL_METHOD)); - TLSv1_client_data.ssl_connect=ssl3_connect; - TLSv1_client_data.get_ssl_method=tls1_get_client_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&TLSv1_client_data); - } +IMPLEMENT_tls1_meth_func(TLSv1_client_method, + ssl_undefined_function, + ssl3_connect, + tls1_get_client_method) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 6f95fc1ca8..d4516eba71 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -62,9 +62,7 @@ const char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT; -static long tls1_default_timeout(void); - -static SSL3_ENC_METHOD TLSv1_enc_data={ +SSL3_ENC_METHOD TLSv1_enc_data={ tls1_enc, tls1_mac, tls1_setup_key_block, @@ -78,49 +76,17 @@ static SSL3_ENC_METHOD TLSv1_enc_data={ tls1_alert_code, }; -static SSL_METHOD TLSv1_data= { - TLS1_VERSION, - tls1_new, - tls1_clear, - tls1_free, - ssl_undefined_function, - ssl_undefined_function, - ssl3_read, - ssl3_peek, - ssl3_write, - ssl3_shutdown, - ssl3_renegotiate, - ssl3_renegotiate_check, - ssl3_get_message, - ssl3_read_bytes, - ssl3_write_bytes, - ssl3_dispatch_alert, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl3_get_cipher_by_char, - ssl3_put_cipher_by_char, - ssl3_pending, - ssl3_num_ciphers, - ssl3_get_cipher, - ssl_bad_method, - tls1_default_timeout, - &TLSv1_enc_data, - ssl_undefined_void_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - }; - -static long tls1_default_timeout(void) +long tls1_default_timeout(void) { /* 2 hours, the 24 hours mentioned in the TLSv1 spec * is way too long for http, the cache would over fill */ return(60*60*2); } -SSL_METHOD *tlsv1_base_method(void) - { - return(&TLSv1_data); - } +IMPLEMENT_tls1_meth_func(tlsv1_base_method, + ssl_undefined_function, + ssl_undefined_function, + ssl_bad_method) int tls1_new(SSL *s) { diff --git a/ssl/t1_meth.c b/ssl/t1_meth.c index fcc243f782..f5d8df634e 100644 --- a/ssl/t1_meth.c +++ b/ssl/t1_meth.c @@ -69,28 +69,8 @@ static SSL_METHOD *tls1_get_method(int ver) return(NULL); } -SSL_METHOD *TLSv1_method(void) - { - static int init=1; - static SSL_METHOD TLSv1_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), - sizeof(SSL_METHOD)); - TLSv1_data.ssl_connect=ssl3_connect; - TLSv1_data.ssl_accept=ssl3_accept; - TLSv1_data.get_ssl_method=tls1_get_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - - return(&TLSv1_data); - } +IMPLEMENT_tls1_meth_func(TLSv1_method, + ssl3_accept, + ssl3_connect, + tls1_get_method) diff --git a/ssl/t1_srvr.c b/ssl/t1_srvr.c index 1c1149e49f..b75636abba 100644 --- a/ssl/t1_srvr.c +++ b/ssl/t1_srvr.c @@ -73,26 +73,8 @@ static SSL_METHOD *tls1_get_server_method(int ver) return(NULL); } -SSL_METHOD *TLSv1_server_method(void) - { - static int init=1; - static SSL_METHOD TLSv1_server_data; - - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); - - if (init) - { - memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), - sizeof(SSL_METHOD)); - TLSv1_server_data.ssl_accept=ssl3_accept; - TLSv1_server_data.get_ssl_method=tls1_get_server_method; - init=0; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); - } - return(&TLSv1_server_data); - } +IMPLEMENT_tls1_meth_func(TLSv1_server_method, + ssl3_accept, + ssl_undefined_function, + tls1_get_server_method)