diff options
author | Todd Short <tshort@akamai.com> | 2018-12-12 13:09:50 -0500 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-04-29 17:26:09 +0100 |
commit | 555cbb328ee2eaa9356cd23e2194c1600653c500 (patch) | |
tree | 347c1fcdde0e9a736eb6c8590d95318b4c1940f6 /ssl/statem/extensions_clnt.c | |
parent | d7fcf1feac3b3b1bf1a162f632b1e7db4f075aed (diff) |
Collapse ssl3_state_st (s3) into ssl_st
With the removal of SSLv2, the s3 structure is always allocated, so
there is little point in having it be an allocated pointer. Collapse
the ssl3_state_st structure into ssl_st and fixup any references.
This should be faster than going through an indirection and due to
fewer allocations, but I'm not seeing any significant performance
improvement; it seems to be within the margin of error in timing.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7888)
Diffstat (limited to 'ssl/statem/extensions_clnt.c')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 86 |
1 files changed, 43 insertions, 43 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 9d7a4f8304..979954ff76 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -22,8 +22,8 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished, - s->s3->previous_client_finished_len) + || !WPACKET_sub_memcpy_u8(pkt, s->s3.previous_client_finished, + s->s3.previous_client_finished_len) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, ERR_R_INTERNAL_ERROR); @@ -387,7 +387,7 @@ EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - s->s3->alpn_sent = 0; + s->s3.alpn_sent = 0; if (s->ext.alpn == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) return EXT_RETURN_NOT_SENT; @@ -402,7 +402,7 @@ EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } - s->s3->alpn_sent = 1; + s->s3.alpn_sent = 1; return EXT_RETURN_SENT; } @@ -591,7 +591,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) EVP_PKEY *key_share_key = NULL; size_t encodedlen; - if (s->s3->tmp.pkey != NULL) { + if (s->s3.tmp.pkey != NULL) { if (!ossl_assert(s->hello_retry_request == SSL_HRR_PENDING)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, ERR_R_INTERNAL_ERROR); @@ -600,7 +600,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) /* * Could happen if we got an HRR that wasn't requesting a new key_share */ - key_share_key = s->s3->tmp.pkey; + key_share_key = s->s3.tmp.pkey; } else { key_share_key = ssl_generate_pkey_group(s, curve_id); if (key_share_key == NULL) { @@ -630,13 +630,13 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) * going to need to be able to save more than one EVP_PKEY. For now * we reuse the existing tmp.pkey */ - s->s3->tmp.pkey = key_share_key; - s->s3->group_id = curve_id; + s->s3.tmp.pkey = key_share_key; + s->s3.group_id = curve_id; OPENSSL_free(encoded_point); return 1; err: - if (s->s3->tmp.pkey == NULL) + if (s->s3.tmp.pkey == NULL) EVP_PKEY_free(key_share_key); OPENSSL_free(encoded_point); return 0; @@ -669,8 +669,8 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, * TODO(TLS1.3): Make the number of key_shares sent configurable. For * now, just send one */ - if (s->s3->group_id != 0) { - curve_id = s->s3->group_id; + if (s->s3.group_id != 0) { + curve_id = s->s3.group_id; } else { for (i = 0; i < num_groups; i++) { @@ -1224,16 +1224,16 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - size_t expected_len = s->s3->previous_client_finished_len - + s->s3->previous_server_finished_len; + size_t expected_len = s->s3.previous_client_finished_len + + s->s3.previous_server_finished_len; size_t ilen; const unsigned char *data; /* Check for logic errors */ if (!ossl_assert(expected_len == 0 - || s->s3->previous_client_finished_len != 0) + || s->s3.previous_client_finished_len != 0) || !ossl_assert(expected_len == 0 - || s->s3->previous_server_finished_len != 0)) { + || s->s3.previous_server_finished_len != 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, ERR_R_INTERNAL_ERROR); return 0; @@ -1260,22 +1260,22 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, return 0; } - if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len) - || memcmp(data, s->s3->previous_client_finished, - s->s3->previous_client_finished_len) != 0) { + if (!PACKET_get_bytes(pkt, &data, s->s3.previous_client_finished_len) + || memcmp(data, s->s3.previous_client_finished, + s->s3.previous_client_finished_len) != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); return 0; } - if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len) - || memcmp(data, s->s3->previous_server_finished, - s->s3->previous_server_finished_len) != 0) { + if (!PACKET_get_bytes(pkt, &data, s->s3.previous_server_finished_len) + || memcmp(data, s->s3.previous_server_finished, + s->s3.previous_server_finished_len) != 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, SSL_R_RENEGOTIATION_MISMATCH); return 0; } - s->s3->send_connection_binding = 1; + s->s3.send_connection_binding = 1; return 1; } @@ -1602,7 +1602,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, memcpy(s->ext.npn, selected, selected_len); s->ext.npn_len = selected_len; - s->s3->npn_seen = 1; + s->s3.npn_seen = 1; return 1; } @@ -1614,7 +1614,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t len; /* We must have requested it. */ - if (!s->s3->alpn_sent) { + if (!s->s3.alpn_sent) { SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_ALPN, SSL_R_BAD_EXTENSION); return 0; @@ -1632,23 +1632,23 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, SSL_R_BAD_EXTENSION); return 0; } - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = OPENSSL_malloc(len); - if (s->s3->alpn_selected == NULL) { + OPENSSL_free(s->s3.alpn_selected); + s->s3.alpn_selected = OPENSSL_malloc(len); + if (s->s3.alpn_selected == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ERR_R_INTERNAL_ERROR); return 0; } - if (!PACKET_copy_bytes(pkt, s->s3->alpn_selected, len)) { + if (!PACKET_copy_bytes(pkt, s->s3.alpn_selected, len)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, SSL_R_BAD_EXTENSION); return 0; } - s->s3->alpn_selected_len = len; + s->s3.alpn_selected_len = len; if (s->session->ext.alpn_selected == NULL || s->session->ext.alpn_selected_len != len - || memcmp(s->session->ext.alpn_selected, s->s3->alpn_selected, len) + || memcmp(s->session->ext.alpn_selected, s->s3.alpn_selected, len) != 0) { /* ALPN not consistent with the old session so cannot use early_data */ s->ext.early_data_ok = 0; @@ -1664,13 +1664,13 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } s->session->ext.alpn_selected = - OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); + OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ERR_R_INTERNAL_ERROR); return 0; } - s->session->ext.alpn_selected_len = s->s3->alpn_selected_len; + s->session->ext.alpn_selected_len = s->s3.alpn_selected_len; } return 1; @@ -1733,8 +1733,8 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, { /* Ignore if inappropriate ciphersuite */ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) - && s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD - && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4) + && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD + && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4) s->ext.use_etm = 1; return 1; @@ -1745,7 +1745,7 @@ int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, { if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) return 1; - s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; + s->s3.flags |= TLS1_FLAGS_RECEIVED_EXTMS; if (!s->hit) s->session->flags |= SSL_SESS_FLAG_EXTMS; @@ -1792,10 +1792,10 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, #ifndef OPENSSL_NO_TLS1_3 unsigned int group_id; PACKET encoded_pt; - EVP_PKEY *ckey = s->s3->tmp.pkey, *skey = NULL; + EVP_PKEY *ckey = s->s3.tmp.pkey, *skey = NULL; /* Sanity check */ - if (ckey == NULL || s->s3->peer_tmp != NULL) { + if (ckey == NULL || s->s3.peer_tmp != NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR); return 0; @@ -1821,7 +1821,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * It is an error if the HelloRetryRequest wants a key_share that we * already sent in the first ClientHello */ - if (group_id == s->s3->group_id) { + if (group_id == s->s3.group_id) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE); return 0; @@ -1840,13 +1840,13 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - s->s3->group_id = group_id; - EVP_PKEY_free(s->s3->tmp.pkey); - s->s3->tmp.pkey = NULL; + s->s3.group_id = group_id; + EVP_PKEY_free(s->s3.tmp.pkey); + s->s3.tmp.pkey = NULL; return 1; } - if (group_id != s->s3->group_id) { + if (group_id != s->s3.group_id) { /* * This isn't for the group that we sent in the original * key_share! @@ -1882,7 +1882,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, EVP_PKEY_free(skey); return 0; } - s->s3->peer_tmp = skey; + s->s3.peer_tmp = skey; #endif return 1; |