From 4d69f9e69d2f5069ab37da68f4b93a6f337fb13e Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 18 May 2015 23:29:57 +0100
Subject: [PATCH] move masks out of CERT structure

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 ssl/s3_clnt.c  |  5 ++---
 ssl/s3_lib.c   | 10 ++++------
 ssl/ssl_cert.c |  5 -----
 ssl/ssl_lib.c  |  9 ++++-----
 ssl/ssl_locl.h | 23 +++++++++++------------
 ssl/ssl_rsa.c  |  2 --
 ssl/t1_lib.c   | 38 ++++++++++++++++++--------------------
 7 files changed, 39 insertions(+), 53 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 3b49fa4a33..46f9909830 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -957,7 +957,6 @@ int ssl3_get_server_hello(SSL *s)
 {
     STACK_OF(SSL_CIPHER) *sk;
     const SSL_CIPHER *c;
-    CERT *ct = s->cert;
     unsigned char *p, *d;
     int i, al = SSL_AD_INTERNAL_ERROR, ok;
     unsigned int j;
@@ -1151,9 +1150,9 @@ int ssl3_get_server_hello(SSL *s)
     }
     /* Set version disabled mask now we know version */
     if (!SSL_USE_TLS1_2_CIPHERS(s))
-        ct->mask_ssl = SSL_TLSV1_2;
+        s->s3->tmp.mask_ssl = SSL_TLSV1_2;
     else
-        ct->mask_ssl = 0;
+        s->s3->tmp.mask_ssl = 0;
     /*
      * If it is a disabled cipher we didn't send it in client hello, so
      * return an error.
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c28c447618..78e95fc6d6 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3843,11 +3843,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
     SSL_CIPHER *c, *ret = NULL;
     STACK_OF(SSL_CIPHER) *prio, *allow;
     int i, ii, ok;
-    CERT *cert;
     unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
 
     /* Let's see which ciphers we can support */
-    cert = s->cert;
 
 #if 0
     /*
@@ -3893,10 +3891,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
             continue;
 
         ssl_set_masks(s, c);
-        mask_k = cert->mask_k;
-        mask_a = cert->mask_a;
-        emask_k = cert->export_mask_k;
-        emask_a = cert->export_mask_a;
+        mask_k = s->s3->tmp.mask_k;
+        mask_a = s->s3->tmp.mask_a;
+        emask_k = s->s3->tmp.export_mask_k;
+        emask_a = s->s3->tmp.export_mask_a;
 #ifndef OPENSSL_NO_SRP
         if (s->srp_ctx.srp_Mask & SSL_kSRP) {
             mask_k |= SSL_kSRP;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 14c0c16142..987b2b72c0 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -196,11 +196,6 @@ CERT *ssl_cert_dup(CERT *cert)
     memset(ret, 0, sizeof(*ret));
 
     ret->key = &ret->pkeys[cert->key - cert->pkeys];
-    ret->valid = cert->valid;
-    ret->mask_k = cert->mask_k;
-    ret->mask_a = cert->mask_a;
-    ret->export_mask_k = cert->export_mask_k;
-    ret->export_mask_a = cert->export_mask_a;
 
 #ifndef OPENSSL_NO_RSA
     if (cert->rsa_tmp != NULL) {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b44cb1956f..2624b377f4 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2114,11 +2114,10 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
     emask_a |= SSL_aPSK;
 #endif
 
-    c->mask_k = mask_k;
-    c->mask_a = mask_a;
-    c->export_mask_k = emask_k;
-    c->export_mask_a = emask_a;
-    c->valid = 1;
+    s->s3->tmp.mask_k = mask_k;
+    s->s3->tmp.mask_a = mask_a;
+    s->s3->tmp.export_mask_k = emask_k;
+    s->s3->tmp.export_mask_a = emask_a;
 }
 
 /* This handy macro borrowed from crypto/x509v3/v3_purp.c */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index d2ee6344ae..04e59085d2 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1301,6 +1301,17 @@ typedef struct ssl3_state_st {
          * If zero it can't be used at all.
          */
         int valid_flags[SSL_PKEY_NUM];
+        /*
+         * For servers the following masks are for the key and auth algorithms
+         * that are supported by the certs below. For clients they are masks of
+         * *disabled* algorithms based on the current session.
+         */
+        unsigned long mask_k;
+        unsigned long mask_a;
+        unsigned long export_mask_k;
+        unsigned long export_mask_a;
+        /* Client only */
+        unsigned long mask_ssl;
     } tmp;
 
     /* Connection binding to prevent renegotiation attacks */
@@ -1509,18 +1520,6 @@ typedef struct cert_st {
      * an index, not a pointer.
      */
     CERT_PKEY *key;
-    /*
-     * For servers the following masks are for the key and auth algorithms
-     * that are supported by the certs below. For clients they are masks of
-     * *disabled* algorithms based on the current session.
-     */
-    int valid;
-    unsigned long mask_k;
-    unsigned long mask_a;
-    unsigned long export_mask_k;
-    unsigned long export_mask_a;
-    /* Client only */
-    unsigned long mask_ssl;
 # ifndef OPENSSL_NO_RSA
     RSA *rsa_tmp;
     RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize);
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 31ce9bdbd1..a9c832c8b6 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -216,7 +216,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
     CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
     c->pkeys[i].privatekey = pkey;
     c->key = &(c->pkeys[i]);
-    c->valid = 0;
     return (1);
 }
 
@@ -420,7 +419,6 @@ static int ssl_set_cert(CERT *c, X509 *x)
     c->pkeys[i].x509 = x;
     c->key = &(c->pkeys[i]);
 
-    c->valid = 0;
     return (1);
 }
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 529157425a..f3fa0f5f5e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1048,46 +1048,44 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
  */
 void ssl_set_client_disabled(SSL *s)
 {
-    CERT *c = s->cert;
-    c->mask_a = 0;
-    c->mask_k = 0;
+    s->s3->tmp.mask_a = 0;
+    s->s3->tmp.mask_k = 0;
     /* Don't allow TLS 1.2 only ciphers if we don't suppport them */
     if (!SSL_CLIENT_USE_TLS1_2_CIPHERS(s))
-        c->mask_ssl = SSL_TLSV1_2;
+        s->s3->tmp.mask_ssl = SSL_TLSV1_2;
     else
-        c->mask_ssl = 0;
-    ssl_set_sig_mask(&c->mask_a, s, SSL_SECOP_SIGALG_MASK);
+        s->s3->tmp.mask_ssl = 0;
+    ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
     /*
      * Disable static DH if we don't include any appropriate signature
      * algorithms.
      */
-    if (c->mask_a & SSL_aRSA)
-        c->mask_k |= SSL_kDHr | SSL_kECDHr;
-    if (c->mask_a & SSL_aDSS)
-        c->mask_k |= SSL_kDHd;
-    if (c->mask_a & SSL_aECDSA)
-        c->mask_k |= SSL_kECDHe;
+    if (s->s3->tmp.mask_a & SSL_aRSA)
+        s->s3->tmp.mask_k |= SSL_kDHr | SSL_kECDHr;
+    if (s->s3->tmp.mask_a & SSL_aDSS)
+        s->s3->tmp.mask_k |= SSL_kDHd;
+    if (s->s3->tmp.mask_a & SSL_aECDSA)
+        s->s3->tmp.mask_k |= SSL_kECDHe;
 # ifndef OPENSSL_NO_PSK
     /* with PSK there must be client callback set */
     if (!s->psk_client_callback) {
-        c->mask_a |= SSL_aPSK;
-        c->mask_k |= SSL_kPSK;
+        s->s3->tmp.mask_a |= SSL_aPSK;
+        s->s3->tmp.mask_k |= SSL_kPSK;
     }
 # endif                         /* OPENSSL_NO_PSK */
 # ifndef OPENSSL_NO_SRP
     if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) {
-        c->mask_a |= SSL_aSRP;
-        c->mask_k |= SSL_kSRP;
+        s->s3->tmp.mask_a |= SSL_aSRP;
+        s->s3->tmp.mask_k |= SSL_kSRP;
     }
 # endif
-    c->valid = 1;
 }
 
 int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op)
 {
-    CERT *ct = s->cert;
-    if (c->algorithm_ssl & ct->mask_ssl || c->algorithm_mkey & ct->mask_k
-        || c->algorithm_auth & ct->mask_a)
+    if (c->algorithm_ssl & s->s3->tmp.mask_ssl
+        || c->algorithm_mkey & s->s3->tmp.mask_k
+        || c->algorithm_auth & s->s3->tmp.mask_a)
         return 1;
     return !ssl_security(s, op, c->strength_bits, 0, (void *)c);
 }