mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-19 08:23:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

SSL object refactoring using SSL_CONNECTION object

Browse Source 
Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented a QUIC stream.

It requires adding if after every SSL_CONNECTION_FROM_SSL() call
which itself has to be added to almost every public SSL_ API call.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18612)
This commit is contained in:
Tomas Mraz 2022-06-20 17:11:28 +02:00 committed by Hugo Landau
parent ce602bb0a2
commit 38b051a1fe
49 changed files with 4815 additions and 2939 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ssl/bio_ssl.c
View File

@ -227,19 +227,23 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO *dbio, *bio;
long ret = 1;
BIO *next;
SSL_CONNECTION *sc = NULL;
bs = BIO_get_data(b);
next = BIO_next(b);
ssl = bs->ssl;
if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
if ((ssl == NULL
|| (sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL)
&& cmd != BIO_C_SET_SSL)
return 0;
/* TODO(QUIC): The rbio/wbio might be from QUIC_CONNECTION instead */
switch (cmd) {
case BIO_CTRL_RESET:
SSL_shutdown(ssl);
if (ssl->handshake_func == ssl->method->ssl_connect)
if (sc->handshake_func == ssl->method->ssl_connect)
SSL_set_connect_state(ssl);
else if (ssl->handshake_func == ssl->method->ssl_accept)
else if (sc->handshake_func == ssl->method->ssl_accept)
SSL_set_accept_state(ssl);
if (!SSL_clear(ssl)) {
@ -249,8 +253,8 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
if (next != NULL)
ret = BIO_ctrl(next, cmd, num, ptr);
else if (ssl->rbio != NULL)
ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
else if (sc->rbio != NULL)
ret = BIO_ctrl(sc->rbio, cmd, num, ptr);
else
ret = 1;
break;
@ -311,20 +315,20 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_set_shutdown(b, (int)num);
break;
case BIO_CTRL_WPENDING:
ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
ret = BIO_ctrl(sc->wbio, cmd, num, ptr);
break;
case BIO_CTRL_PENDING:
ret = SSL_pending(ssl);
if (ret == 0)
ret = BIO_pending(ssl->rbio);
ret = BIO_pending(sc->rbio);
break;
case BIO_CTRL_FLUSH:
BIO_clear_retry_flags(b);
ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
ret = BIO_ctrl(sc->wbio, cmd, num, ptr);
BIO_copy_next_retry(b);
break;
case BIO_CTRL_PUSH:
if ((next != NULL) && (next != ssl->rbio)) {
if ((next != NULL) && (next != sc->rbio)) {
/*
* We are going to pass ownership of next to the SSL object...but
* we don't own a reference to pass yet - so up ref
@ -378,13 +382,13 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = (dbs->ssl != NULL);
break;
case BIO_C_GET_FD:
ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
ret = BIO_ctrl(sc->rbio, cmd, num, ptr);
break;
case BIO_CTRL_SET_CALLBACK:
ret = 0; /* use callback ctrl */
break;
default:
ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
ret = BIO_ctrl(sc->rbio, cmd, num, ptr);
break;
}
return ret;
@ -400,7 +404,7 @@ static long ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
ssl = bs->ssl;
switch (cmd) {
case BIO_CTRL_SET_CALLBACK:
ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
ret = BIO_callback_ctrl(SSL_get_rbio(ssl), cmd, fp);
break;
default:
ret = 0;

169
ssl/d1_lib.c
View File

@ -15,7 +15,7 @@
#include "internal/time.h"
static void get_current_time(struct timeval *t);
static int dtls1_handshake_write(SSL *s);
static int dtls1_handshake_write(SSL_CONNECTION *s);
static size_t dtls1_link_min_mtu(void);
/* XDTLS: figure out the right values */
@ -65,18 +65,22 @@ long dtls1_default_timeout(void)
return (60 * 60 * 2);
}
int dtls1_new(SSL *s)
int dtls1_new(SSL *ssl)
{
DTLS1_STATE *d1;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return 0;
if (!DTLS_RECORD_LAYER_new(&s->rlayer)) {
return 0;
}
if (!ssl3_new(s))
if (!ssl3_new(ssl))
return 0;
if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) {
ssl3_free(s);
ssl3_free(ssl);
return 0;
}
@ -94,25 +98,25 @@ int dtls1_new(SSL *s)
pqueue_free(d1->buffered_messages);
pqueue_free(d1->sent_messages);
OPENSSL_free(d1);
ssl3_free(s);
ssl3_free(ssl);
return 0;
}
s->d1 = d1;
if (!s->method->ssl_clear(s))
if (!ssl->method->ssl_clear(ssl))
return 0;
return 1;
}
static void dtls1_clear_queues(SSL *s)
static void dtls1_clear_queues(SSL_CONNECTION *s)
{
dtls1_clear_received_buffer(s);
dtls1_clear_sent_buffer(s);
}
void dtls1_clear_received_buffer(SSL *s)
void dtls1_clear_received_buffer(SSL_CONNECTION *s)
{
pitem *item = NULL;
hm_fragment *frag = NULL;
@ -124,7 +128,7 @@ void dtls1_clear_received_buffer(SSL *s)
}
}
void dtls1_clear_sent_buffer(SSL *s)
void dtls1_clear_sent_buffer(SSL_CONNECTION *s)
{
pitem *item = NULL;
hm_fragment *frag = NULL;
@ -137,11 +141,16 @@ void dtls1_clear_sent_buffer(SSL *s)
}
void dtls1_free(SSL *s)
void dtls1_free(SSL *ssl)
{
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return;
DTLS_RECORD_LAYER_free(&s->rlayer);
ssl3_free(s);
ssl3_free(ssl);
if (s->d1 != NULL) {
dtls1_clear_queues(s);
@ -153,13 +162,18 @@ void dtls1_free(SSL *s)
s->d1 = NULL;
}
int dtls1_clear(SSL *s)
int dtls1_clear(SSL *ssl)
{
pqueue *buffered_messages;
pqueue *sent_messages;
size_t mtu;
size_t link_mtu;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return 0;
DTLS_RECORD_LAYER_clear(&s->rlayer);
if (s->d1) {
@ -181,7 +195,7 @@ int dtls1_clear(SSL *s)
s->d1->cookie_len = sizeof(s->d1->cookie);
}
if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
if (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU) {
s->d1->mtu = mtu;
s->d1->link_mtu = link_mtu;
}
@ -190,24 +204,28 @@ int dtls1_clear(SSL *s)
s->d1->sent_messages = sent_messages;
}
if (!ssl3_clear(s))
if (!ssl3_clear(ssl))
return 0;
if (s->method->version == DTLS_ANY_VERSION)
if (ssl->method->version == DTLS_ANY_VERSION)
s->version = DTLS_MAX_VERSION_INTERNAL;
#ifndef OPENSSL_NO_DTLS1_METHOD
else if (s->options & SSL_OP_CISCO_ANYCONNECT)
s->client_version = s->version = DTLS1_BAD_VER;
#endif
else
s->version = s->method->version;
s->version = ssl->method->version;
return 1;
}
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
long dtls1_ctrl(SSL *ssl, int cmd, long larg, void *parg)
{
int ret = 0;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return 0;
switch (cmd) {
case DTLS_CTRL_GET_TIMEOUT:
@ -235,19 +253,20 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
s->d1->mtu = larg;
return larg;
default:
ret = ssl3_ctrl(s, cmd, larg, parg);
ret = ssl3_ctrl(ssl, cmd, larg, parg);
break;
}
return ret;
}
void dtls1_start_timer(SSL *s)
void dtls1_start_timer(SSL_CONNECTION *s)
{
unsigned int sec, usec;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
#ifndef OPENSSL_NO_SCTP
/* Disable timer for SCTP */
if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
if (BIO_dgram_is_sctp(SSL_get_wbio(ssl))) {
memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
return;
}
@ -260,7 +279,7 @@ void dtls1_start_timer(SSL *s)
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
if (s->d1->timer_cb != NULL)
s->d1->timeout_duration_us = s->d1->timer_cb(s, 0);
s->d1->timeout_duration_us = s->d1->timer_cb(ssl, 0);
else
s->d1->timeout_duration_us = 1000000;
}
@ -281,11 +300,11 @@ void dtls1_start_timer(SSL *s)
s->d1->next_timeout.tv_usec -= 1000000;
}
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
&(s->d1->next_timeout));
}
struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
struct timeval *dtls1_get_timeout(SSL_CONNECTION *s, struct timeval *timeleft)
{
struct timeval timenow;
@ -325,7 +344,7 @@ struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
return timeleft;
}
int dtls1_is_timer_expired(SSL *s)
int dtls1_is_timer_expired(SSL_CONNECTION *s)
{
struct timeval timeleft;
@ -343,36 +362,37 @@ int dtls1_is_timer_expired(SSL *s)
return 1;
}
static void dtls1_double_timeout(SSL *s)
static void dtls1_double_timeout(SSL_CONNECTION *s)
{
s->d1->timeout_duration_us *= 2;
if (s->d1->timeout_duration_us > 60000000)
s->d1->timeout_duration_us = 60000000;
}
void dtls1_stop_timer(SSL *s)
void dtls1_stop_timer(SSL_CONNECTION *s)
{
/* Reset everything */
s->d1->timeout_num_alerts = 0;
memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
s->d1->timeout_duration_us = 1000000;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
&(s->d1->next_timeout));
/* Clear retransmission buffer */
dtls1_clear_sent_buffer(s);
}
int dtls1_check_timeout_num(SSL *s)
int dtls1_check_timeout_num(SSL_CONNECTION *s)
{
size_t mtu;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
s->d1->timeout_num_alerts++;
/* Reduce MTU after 2 unsuccessful retransmissions */
if (s->d1->timeout_num_alerts > 2
&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
&& !(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
mtu =
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
if (mtu < s->d1->mtu)
s->d1->mtu = mtu;
}
@ -386,7 +406,7 @@ int dtls1_check_timeout_num(SSL *s)
return 0;
}
int dtls1_handle_timeout(SSL *s)
int dtls1_handle_timeout(SSL_CONNECTION *s)
{
/* if no timer is expired, don't do anything */
if (!dtls1_is_timer_expired(s)) {
@ -394,7 +414,8 @@ int dtls1_handle_timeout(SSL *s)
}
if (s->d1->timer_cb != NULL)
s->d1->timeout_duration_us = s->d1->timer_cb(s, s->d1->timeout_duration_us);
s->d1->timeout_duration_us = s->d1->timer_cb(SSL_CONNECTION_GET_SSL(s),
s->d1->timeout_duration_us);
else
dtls1_double_timeout(s);
@ -417,7 +438,7 @@ static void get_current_time(struct timeval *t)
#define LISTEN_SEND_VERIFY_REQUEST 1
#ifndef OPENSSL_NO_SOCK
int DTLSv1_listen(SSL *s, BIO_ADDR *client)
int DTLSv1_listen(SSL *ssl, BIO_ADDR *client)
{
int next, n, ret = 0;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
@ -429,20 +450,24 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
BIO *rbio, *wbio;
BIO_ADDR *tmpclient = NULL;
PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return -1;
if (s->handshake_func == NULL) {
/* Not properly initialized yet */
SSL_set_accept_state(s);
SSL_set_accept_state(ssl);
}
/* Ensure there is no state left over from a previous invocation */
if (!SSL_clear(s))
if (!SSL_clear(ssl))
return -1;
ERR_clear_error();
rbio = SSL_get_rbio(s);
wbio = SSL_get_wbio(s);
rbio = SSL_get_rbio(ssl);
wbio = SSL_get_wbio(ssl);
if (!rbio || !wbio) {
ERR_raise(ERR_LIB_SSL, SSL_R_BIO_NOT_SET);
@ -517,7 +542,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
if (s->msg_callback)
s->msg_callback(0, 0, SSL3_RT_HEADER, buf,
DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
DTLS1_RT_HEADER_LENGTH, ssl, s->msg_callback_arg);
/* Get the record header */
if (!PACKET_get_1(&pkt, &rectype)
@ -600,7 +625,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, data,
fraglen + DTLS1_HM_HEADER_LENGTH, s,
fraglen + DTLS1_HM_HEADER_LENGTH, ssl,
s->msg_callback_arg);
if (!PACKET_get_net_2(&msgpayload, &clientvers)) {
@ -611,8 +636,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
/*
* Verify client version is supported
*/
if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) &&
s->method->version != DTLS_ANY_VERSION) {
if (DTLS_VERSION_LT(clientvers, (unsigned int)ssl->method->version) &&
ssl->method->version != DTLS_ANY_VERSION) {
ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_VERSION_NUMBER);
goto end;
}
@ -638,12 +663,12 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
/*
* We have a cookie, so lets check it.
*/
if (s->ctx->app_verify_cookie_cb == NULL) {
if (ssl->ctx->app_verify_cookie_cb == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_NO_VERIFY_COOKIE_CALLBACK);
/* This is fatal */
return -1;
}
if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt),
if (ssl->ctx->app_verify_cookie_cb(ssl, PACKET_data(&cookiepkt),
(unsigned int)PACKET_remaining(&cookiepkt)) == 0) {
/*
* We treat invalid cookies in the same was as no cookie as
@ -668,8 +693,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
*/
/* Generate the cookie */
if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
if (ssl->ctx->app_gen_cookie_cb == NULL ||
ssl->ctx->app_gen_cookie_cb(ssl, cookie, &cookielen) == 0 ||
cookielen > 255) {
ERR_raise(ERR_LIB_SSL, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
/* This is fatal */
@ -681,8 +706,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* haven't decided which version to use yet send back using version
* 1.0 header: otherwise some clients will ignore it.
*/
version = (s->method->version == DTLS_ANY_VERSION) ? DTLS1_VERSION
: s->version;
version = (ssl->method->version == DTLS_ANY_VERSION) ? DTLS1_VERSION
: s->version;
/* Construct the record and message headers */
if (!WPACKET_init_static_len(&wpkt,
@ -753,7 +778,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
if (s->msg_callback)
s->msg_callback(1, 0, SSL3_RT_HEADER, buf,
DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
DTLS1_RT_HEADER_LENGTH, ssl,
s->msg_callback_arg);
if ((tmpclient = BIO_ADDR_new()) == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
@ -807,7 +833,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* We are doing cookie exchange, so make sure we set that option in the
* SSL object
*/
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
/*
* Tell the state machine that we've done the initial hello verify
@ -832,7 +858,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
}
#endif
static int dtls1_handshake_write(SSL *s)
static int dtls1_handshake_write(SSL_CONNECTION *s)
{
return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
}
@ -842,10 +868,14 @@ int dtls1_shutdown(SSL *s)
int ret;
#ifndef OPENSSL_NO_SCTP
BIO *wbio;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (s == NULL)
return -1;
wbio = SSL_get_wbio(s);
if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
!(s->shutdown & SSL_SENT_SHUTDOWN)) {
!(sc->shutdown & SSL_SENT_SHUTDOWN)) {
ret = BIO_dgram_sctp_wait_for_dry(wbio);
if (ret < 0)
return -1;
@ -862,19 +892,21 @@ int dtls1_shutdown(SSL *s)
return ret;
}
int dtls1_query_mtu(SSL *s)
int dtls1_query_mtu(SSL_CONNECTION *s)
{
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->d1->link_mtu) {
s->d1->mtu =
s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(ssl));
s->d1->link_mtu = 0;
}
/* AHA! Figure out the MTU, and stick to the right size */
if (s->d1->mtu < dtls1_min_mtu(s)) {
if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
if (!(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
s->d1->mtu =
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
/*
* I've seen the kernel return bogus numbers when it doesn't know
@ -883,7 +915,7 @@ int dtls1_query_mtu(SSL *s)
if (s->d1->mtu < dtls1_min_mtu(s)) {
/* Set to min mtu */
s->d1->mtu = dtls1_min_mtu(s);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SET_MTU,
(long)s->d1->mtu, NULL);
}
} else
@ -898,16 +930,24 @@ static size_t dtls1_link_min_mtu(void)
sizeof(g_probable_mtu[0])) - 1]);
}
size_t dtls1_min_mtu(SSL *s)
size_t dtls1_min_mtu(SSL_CONNECTION *s)
{
return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(ssl));
}
size_t DTLS_get_data_mtu(const SSL *s)
size_t DTLS_get_data_mtu(const SSL *ssl)
{
size_t mac_overhead, int_overhead, blocksize, ext_overhead;
const SSL_CIPHER *ciph = SSL_get_current_cipher(s);
size_t mtu = s->d1->mtu;
const SSL_CIPHER *ciph = SSL_get_current_cipher(ssl);
size_t mtu;
const SSL_CONNECTION *s = SSL_CONNECTION_FROM_CONST_SSL_ONLY(ssl);
if (s == NULL)
return 0;
mtu = s->d1->mtu;
if (ciph == NULL)
return 0;
@ -939,7 +979,12 @@ size_t DTLS_get_data_mtu(const SSL *s)
return mtu;
}
void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb)
void DTLS_set_timer_cb(SSL *ssl, DTLS_timer_cb cb)
{
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return;
s->d1->timer_cb = cb;
}

24
ssl/d1_msg.c
View File

@ -13,9 +13,13 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
size_t *written)
{
int i;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
i = s->handshake_func(s);
if (sc == NULL)
return -1;
if (SSL_in_init(s) && !ossl_statem_get_in_handshake(sc)) {
i = sc->handshake_func(s);
if (i < 0)
return i;
if (i == 0) {
@ -29,16 +33,20 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
return -1;
}
return dtls1_write_bytes(s, type, buf_, len, written);
return dtls1_write_bytes(sc, type, buf_, len, written);
}
int dtls1_dispatch_alert(SSL *s)
int dtls1_dispatch_alert(SSL *ssl)
{
int i, j;
void (*cb) (const SSL *ssl, int type, int val) = NULL;
unsigned char buf[DTLS1_AL_HEADER_LENGTH];
unsigned char *ptr = &buf[0];
size_t written;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return 0;
s->s3.alert_dispatch = 0;
@ -55,16 +63,16 @@ int dtls1_dispatch_alert(SSL *s)
if (s->msg_callback)
s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert,
2, s, s->msg_callback_arg);
2, ssl, s->msg_callback_arg);
if (s->info_callback != NULL)
cb = s->info_callback;
else if (s->ctx->info_callback != NULL)
cb = s->ctx->info_callback;
else if (ssl->ctx->info_callback != NULL)
cb = ssl->ctx->info_callback;
if (cb != NULL) {
j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1];
cb(s, SSL_CB_WRITE_ALERT, j);
cb(ssl, SSL_CB_WRITE_ALERT, j);
}
}
return i;

22
ssl/d1_srtp.c
View File

@ -144,14 +144,21 @@ int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
{
return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (sc == NULL)
return 0;
return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles);
}
STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
{
if (s != NULL) {
if (s->srtp_profiles != NULL) {
return s->srtp_profiles;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (sc != NULL) {
if (sc->srtp_profiles != NULL) {
return sc->srtp_profiles;
} else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
return s->ctx->srtp_profiles;
}
@ -162,6 +169,11 @@ STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
{
return s->srtp_profile;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (sc == NULL)
return 0;
return sc->srtp_profile;
}
#endif

14
ssl/ktls.c
View File

@ -18,7 +18,7 @@
* record layer. If read_ahead is enabled, then this might be false and this
* function will fail.
*/
static int count_unprocessed_records(SSL *s)
static int count_unprocessed_records(SSL_CONNECTION *s)
{
SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
PACKET pkt, subpkt;
@ -48,7 +48,7 @@ static int count_unprocessed_records(SSL *s)
* partial record, fail and return 0. Otherwise, update the sequence
* number at *rec_seq for the count of unprocessed records and return 1.
*/
static int check_rx_read_ahead(SSL *s, unsigned char *rec_seq)
static int check_rx_read_ahead(SSL_CONNECTION *s, unsigned char *rec_seq)
{
int bit, count_unprocessed;
@ -80,7 +80,7 @@ static int check_rx_read_ahead(SSL *s, unsigned char *rec_seq)
* provider is found, but this checks if the socket option
* supports the cipher suite used at all.
*/
int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c,
const EVP_CIPHER_CTX *dd)
{
@ -120,7 +120,8 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
}
/* Function to configure kernel TLS structure */
int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c,
EVP_CIPHER_CTX *dd,
void *rl_sequence, ktls_crypto_info_t *crypto_info,
int is_tx, unsigned char *iv,
unsigned char *key, unsigned char *mac_key,
@ -186,7 +187,7 @@ int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
#if defined(OPENSSL_SYS_LINUX)
/* Function to check supported ciphers in Linux */
int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c,
const EVP_CIPHER_CTX *dd)
{
switch (s->version) {
@ -225,7 +226,8 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
}
/* Function to configure kernel TLS structure */
int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c,
EVP_CIPHER_CTX *dd,
void *rl_sequence, ktls_crypto_info_t *crypto_info,
int is_tx, unsigned char *iv,
unsigned char *key, unsigned char *mac_key,

2
ssl/priority_queue.c
View File

@ -356,7 +356,7 @@ void ossl_pqueue_free(OSSL_PQUEUE *pq)
OPENSSL_free(pq->heap);
OPENSSL_free(pq->elements);
OPENSSL_free(pq);
}
}
}
void ossl_pqueue_pop_free(OSSL_PQUEUE *pq, void (*freefunc)(void *))

99
ssl/quic/quic_impl.c
View File

@ -11,16 +11,74 @@
#include <openssl/objects.h>
#include "quic_local.h"
int ossl_quic_new(SSL *s)
SSL *ossl_quic_new(SSL_CTX *ctx)
{
QUIC_CONNECTION *qc;
SSL *ssl = NULL;
SSL_CONNECTION *sc;
qc = OPENSSL_zalloc(sizeof(*qc));
if (qc == NULL)
goto err;
ssl = &qc->ssl;
if (!ossl_ssl_init(ssl, ctx, SSL_TYPE_QUIC_CONNECTION)) {
OPENSSL_free(qc);
ssl = NULL;
goto err;
}
qc->tls = ossl_ssl_connection_new(ctx);
if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
goto err;
/* override the user_ssl of the inner connection */
sc->user_ssl = ssl;
/* We'll need to set proper TLS method on qc->tls here */
return ssl;
err:
ossl_quic_free(ssl);
return NULL;
}
int ossl_quic_init(SSL *s)
{
return s->method->ssl_clear(s);
}
void ossl_quic_free(SSL *s)
void ossl_quic_deinit(SSL *s)
{
return;
}
void ossl_quic_free(SSL *s)
{
QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
if (qc == NULL) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (sc != NULL)
ossl_ssl_connection_free(s);
return;
}
SSL_free(qc->tls);
return;
}
int ossl_quic_reset(SSL *s)
{
QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
if (qc == NULL) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
return sc != NULL ? ossl_ssl_connection_reset(s) : 0;
}
return ossl_ssl_connection_reset(qc->tls);
}
int ossl_quic_clear(SSL *s)
{
return 1;
@ -28,13 +86,23 @@ int ossl_quic_clear(SSL *s)
int ossl_quic_accept(SSL *s)
{
s->statem.in_init = 0;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
if (sc == NULL)
return 0;
sc->statem.in_init = 0;
return 1;
}
int ossl_quic_connect(SSL *s)
{
s->statem.in_init = 0;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
if (sc == NULL)
return 0;
sc->statem.in_init = 0;
return 1;
}
@ -42,14 +110,15 @@ int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes)
{
int ret;
BIO *rbio = SSL_get_rbio(s);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
if (rbio == NULL)
if (sc == NULL || rbio == NULL)
return 0;
s->rwstate = SSL_READING;
sc->rwstate = SSL_READING;
ret = BIO_read_ex(rbio, buf, len, readbytes);
if (ret > 0 || !BIO_should_retry(rbio))
s->rwstate = SSL_NOTHING;
sc->rwstate = SSL_NOTHING;
return ret <= 0 ? -1 : ret;
}
@ -62,14 +131,15 @@ int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
{
BIO *wbio = SSL_get_wbio(s);
int ret;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
if (wbio == NULL)
if (sc == NULL || wbio == NULL)
return 0;
s->rwstate = SSL_WRITING;
sc->rwstate = SSL_WRITING;
ret = BIO_write_ex(wbio, buf, len, written);
if (ret > 0 || !BIO_should_retry(wbio))
s->rwstate = SSL_NOTHING;
sc->rwstate = SSL_NOTHING;
return ret;
}
@ -80,12 +150,17 @@ int ossl_quic_shutdown(SSL *s)
long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
if (sc == NULL)
return 0;
switch(cmd) {
case SSL_CTRL_CHAIN:
if (larg)
return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
else
return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
}
return 0;
}

44
ssl/quic/quic_local.h
View File

@ -13,6 +13,36 @@
# include <openssl/ssl.h>
# include "../ssl_local.h"
typedef struct quic_conn_st {
/* type identifier and common data */
struct ssl_st ssl;
/* the associated tls-1.3 connection data */
SSL *tls;
/* just an example member */
uint64_t conn_id;
} QUIC_CONNECTION;
# define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \
((ssl) == NULL ? NULL \
: ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
? (c QUIC_CONNECTION *)(ssl) \
: NULL))
# define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) \
((ssl) == NULL ? NULL \
: ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \
: NULL))
# define QUIC_CONNECTION_FROM_SSL(ssl) \
QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
# define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \
QUIC_CONNECTION_FROM_SSL_int(ssl, const)
# define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \
SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
# define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \
SSL_CONNECTION_FROM_CONST_QUIC_SSL_int(ssl, const)
# define OSSL_QUIC_ANY_VERSION 0xFFFFF
# define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \
@ -24,8 +54,11 @@ const SSL_METHOD *func_name(void) \
0, \
0, \
ossl_quic_new, \
ossl_quic_clear, \
ossl_quic_free, \
ossl_quic_reset, \
ossl_quic_init, \
ossl_quic_clear, \
ossl_quic_deinit, \
q_accept, \
q_connect, \
ossl_quic_read, \
@ -53,8 +86,11 @@ const SSL_METHOD *func_name(void) \
return &func_name##_data; \
}
__owur int ossl_quic_new(SSL *s);
__owur SSL *ossl_quic_new(SSL_CTX *ctx);
__owur int ossl_quic_init(SSL *s);
void ossl_quic_deinit(SSL *s);
void ossl_quic_free(SSL *s);
int ossl_quic_reset(SSL *s);
int ossl_quic_clear(SSL *s);
__owur int ossl_quic_accept(SSL *s);
__owur int ossl_quic_connect(SSL *s);
@ -63,9 +99,9 @@ __owur int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes);
__owur int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written);
__owur int ossl_quic_shutdown(SSL *s);
__owur long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg);
__owur long ossl_quic_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
__owur long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
__owur long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur long ossl_quic_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
__owur long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void));
__owur size_t ossl_quic_pending(const SSL *s);
__owur long ossl_quic_default_timeout(void);
__owur int ossl_quic_num_ciphers(void);

4
ssl/record/dtls1_bitmap.c
View File

@ -35,7 +35,7 @@ static int satsub64be(const unsigned char *v1, const unsigned char *v2)
return (int)ret;
}
int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
int dtls1_record_replay_check(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap)
{
int cmp;
unsigned int shift;
@ -56,7 +56,7 @@ int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
return 1;
}
void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
void dtls1_record_bitmap_update(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap)
{
int cmp;
unsigned int shift;

253
ssl/record/rec_layer_d1.c
View File

@ -124,7 +124,7 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
}
/* copy buffered record into SSL structure */
static int dtls1_copy_record(SSL *s, pitem *item)
static int dtls1_copy_record(SSL_CONNECTION *s, pitem *item)
{
DTLS1_RECORD_DATA *rdata;
@ -143,10 +143,14 @@ static int dtls1_copy_record(SSL *s, pitem *item)
return 1;
}
int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
int dtls1_buffer_record(SSL_CONNECTION *s, record_pqueue *queue,
unsigned char *priority)
{
DTLS1_RECORD_DATA *rdata;
pitem *item;
#ifndef OPENSSL_NO_SCTP
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
#endif
/* Limit the size of the queue to prevent DOS attacks */
if (pqueue_size(queue->q) >= 100)
@ -170,10 +174,10 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
#ifndef OPENSSL_NO_SCTP
/* Store bio_dgram_sctp_rcvinfo struct */
if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
(SSL_get_state(s) == TLS_ST_SR_FINISHED
|| SSL_get_state(s) == TLS_ST_CR_FINISHED)) {
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
if (BIO_dgram_is_sctp(SSL_get_rbio(ssl)) &&
(SSL_get_state(ssl) == TLS_ST_SR_FINISHED
|| SSL_get_state(ssl) == TLS_ST_CR_FINISHED)) {
BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
sizeof(rdata->recordinfo), &rdata->recordinfo);
}
#endif
@ -201,7 +205,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
return 1;
}
int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
int dtls1_retrieve_buffered_record(SSL_CONNECTION *s, record_pqueue *queue)
{
pitem *item;
@ -226,7 +230,7 @@ int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
dtls1_retrieve_buffered_record((s), \
&((s)->rlayer.d->unprocessed_rcds))
int dtls1_process_buffered_records(SSL *s)
int dtls1_process_buffered_records(SSL_CONNECTION *s)
{
pitem *item;
SSL3_BUFFER *rb;
@ -270,7 +274,7 @@ int dtls1_process_buffered_records(SSL *s)
}
#ifndef OPENSSL_NO_SCTP
/* Only do replay check if no SCTP bio */
if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
if (!BIO_dgram_is_sctp(SSL_get_rbio(SSL_CONNECTION_GET_SSL(s))))
#endif
{
/*
@ -347,10 +351,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
size_t n;
SSL3_RECORD *rr;
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) {
if (sc == NULL)
return -1;
if (!SSL3_BUFFER_is_initialised(&sc->rlayer.rbuf)) {
/* Not initialized yet */
if (!ssl3_setup_buffers(s)) {
if (!ssl3_setup_buffers(sc)) {
/* SSLfatal() already called */
return -1;
}
@ -359,13 +367,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
(type != SSL3_RT_HANDSHAKE)) ||
(peek && (type != SSL3_RT_APPLICATION_DATA))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
if (!ossl_statem_get_in_handshake(sc) && SSL_in_init(s)) {
/* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s);
i = sc->handshake_func(s);
/* SSLfatal() already called if appropriate */
if (i < 0)
return i;
@ -374,7 +382,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
start:
s->rwstate = SSL_NOTHING;
sc->rwstate = SSL_NOTHING;
/*-
* s->s3.rrec.type - is the type of record
@ -382,7 +390,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* s->s3.rrec.off, - offset into 'data' for next read
* s->s3.rrec.length, - number of bytes.
*/
rr = s->rlayer.rrec;
rr = sc->rlayer.rrec;
/*
* We are not handshaking and have no data yet, so process data buffered
@ -390,7 +398,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/
if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) {
pitem *item;
item = pqueue_pop(s->rlayer.d->buffered_app_data.q);
item = pqueue_pop(sc->rlayer.d->buffered_app_data.q);
if (item) {
#ifndef OPENSSL_NO_SCTP
/* Restore bio_dgram_sctp_rcvinfo struct */
@ -401,7 +409,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
#endif
dtls1_copy_record(s, item);
dtls1_copy_record(sc, item);
OPENSSL_free(item->data);
pitem_free(item);
@ -409,20 +417,20 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
/* Check for timeout */
if (dtls1_handle_timeout(s) > 0) {
if (dtls1_handle_timeout(sc) > 0) {
goto start;
} else if (ossl_statem_in_error(s)) {
} else if (ossl_statem_in_error(sc)) {
/* dtls1_handle_timeout() has failed with a fatal error */
return -1;
}
/* get new packet if necessary */
if ((SSL3_RECORD_get_length(rr) == 0)
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) {
RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
iret = dtls1_get_record(s);
|| (sc->rlayer.rstate == SSL_ST_READ_BODY)) {
RECORD_LAYER_set_numrpipes(&sc->rlayer, 0);
iret = dtls1_get_record(sc);
if (iret <= 0) {
iret = dtls1_read_failed(s, iret);
iret = dtls1_read_failed(sc, iret);
/*
* Anything other than a timeout is an error. SSLfatal() already
* called if appropriate.
@ -432,7 +440,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
else
goto start;
}
RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
RECORD_LAYER_set_numrpipes(&sc->rlayer, 1);
}
/*
@ -441,11 +449,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/
if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
&& SSL3_RECORD_get_length(rr) != 0)
s->rlayer.alert_count = 0;
sc->rlayer.alert_count = 0;
/* we now have a packet which can be read and processed */
if (s->s3.change_cipher_spec /* set when we receive ChangeCipherSpec,
if (sc->s3.change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */
&& (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
/*
@ -453,7 +461,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* the packets were reordered on their way, so buffer the application
* data for later processing rather than dropping the connection.
*/
if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data),
if (dtls1_buffer_record(sc, &(sc->rlayer.d->buffered_app_data),
SSL3_RECORD_get_seq_num(rr)) < 0) {
/* SSLfatal() already called */
return -1;
@ -467,10 +475,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* If the other end has shut down, throw anything we read away (even in
* 'peek' mode)
*/
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr);
s->rwstate = SSL_NOTHING;
sc->rwstate = SSL_NOTHING;
return 0;
}
@ -487,8 +495,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* doing a handshake for the first time
*/
if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
(s->enc_read_ctx == NULL)) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
(sc->enc_read_ctx == NULL)) {
SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE,
SSL_R_APP_DATA_IN_HANDSHAKE);
return -1;
}
@ -517,12 +525,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (SSL3_RECORD_get_length(rr) == 0)
SSL3_RECORD_set_read(rr);
} else {
if (s->options & SSL_OP_CLEANSE_PLAINTEXT)
if (sc->options & SSL_OP_CLEANSE_PLAINTEXT)
OPENSSL_cleanse(&(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
SSL3_RECORD_sub_length(rr, n);
SSL3_RECORD_add_off(rr, n);
if (SSL3_RECORD_get_length(rr) == 0) {
s->rlayer.rstate = SSL_ST_READ_HEADER;
sc->rlayer.rstate = SSL_ST_READ_HEADER;
SSL3_RECORD_set_off(rr, 0);
SSL3_RECORD_set_read(rr);
}
@ -534,9 +542,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* anymore, finally set shutdown.
*/
if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
s->d1->shutdown_received
sc->d1->shutdown_received
&& BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) {
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
return 0;
}
#endif
@ -559,16 +567,16 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|| !PACKET_get_1(&alert, &alert_level)
|| !PACKET_get_1(&alert, &alert_descr)
|| PACKET_remaining(&alert) != 0) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT);
SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT);
return -1;
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s,
s->msg_callback_arg);
if (sc->msg_callback)
sc->msg_callback(0, sc->version, SSL3_RT_ALERT, alert_bytes, 2, s,
sc->msg_callback_arg);
if (s->info_callback != NULL)
cb = s->info_callback;
if (sc->info_callback != NULL)
cb = sc->info_callback;
else if (s->ctx->info_callback != NULL)
cb = s->ctx->info_callback;
@ -578,12 +586,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
if (alert_level == SSL3_AL_WARNING) {
s->s3.warn_alert = alert_descr;
sc->s3.warn_alert = alert_descr;
SSL3_RECORD_set_read(rr);
s->rlayer.alert_count++;
if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
sc->rlayer.alert_count++;
if (sc->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE,
SSL_R_TOO_MANY_WARN_ALERTS);
return -1;
}
@ -597,37 +605,37 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/
if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) {
s->d1->shutdown_received = 1;
s->rwstate = SSL_READING;
sc->d1->shutdown_received = 1;
sc->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
return -1;
}
#endif
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
return 0;
}
} else if (alert_level == SSL3_AL_FATAL) {
s->rwstate = SSL_NOTHING;
s->s3.fatal_alert = alert_descr;
SSLfatal_data(s, SSL_AD_NO_ALERT,
sc->rwstate = SSL_NOTHING;
sc->s3.fatal_alert = alert_descr;
SSLfatal_data(sc, SSL_AD_NO_ALERT,
SSL_AD_REASON_OFFSET + alert_descr,
"SSL alert number %d", alert_descr);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL3_RECORD_set_read(rr);
SSL_CTX_remove_session(s->session_ctx, s->session);
SSL_CTX_remove_session(sc->session_ctx, sc->session);
return 0;
} else {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE);
SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE);
return -1;
}
goto start;
}
if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
if (sc->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
* shutdown */
s->rwstate = SSL_NOTHING;
sc->rwstate = SSL_NOTHING;
SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr);
return 0;
@ -647,14 +655,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* Unexpected handshake message (Client Hello, or protocol violation)
*/
if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) &&
!ossl_statem_get_in_handshake(s)) {
!ossl_statem_get_in_handshake(sc)) {
struct hm_header_st msg_hdr;
/*
* This may just be a stale retransmit. Also sanity check that we have
* at least enough record bytes for a message header
*/
if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch
if (SSL3_RECORD_get_epoch(rr) != sc->rlayer.d->r_epoch
|| SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) {
SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr);
@ -668,24 +676,24 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* here, then retransmit our CCS and FINISHED.
*/
if (msg_hdr.type == SSL3_MT_FINISHED) {
if (dtls1_check_timeout_num(s) < 0) {
if (dtls1_check_timeout_num(sc) < 0) {
/* SSLfatal) already called */
return -1;
}
if (dtls1_retransmit_buffered_messages(s) <= 0) {
if (dtls1_retransmit_buffered_messages(sc) <= 0) {
/* Fail if we encountered a fatal error */
if (ossl_statem_in_error(s))
if (ossl_statem_in_error(sc))
return -1;
}
SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr);
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
if (!(sc->mode & SSL_MODE_AUTO_RETRY)) {
if (SSL3_BUFFER_get_left(&sc->rlayer.rbuf) == 0) {
/* no read-ahead left? */
BIO *bio;
s->rwstate = SSL_READING;
sc->rwstate = SSL_READING;
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
@ -702,22 +710,22 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* finished
*/
if (!ossl_assert(SSL_is_init_finished(s))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
/* We found handshake data, so we're going back into init */
ossl_statem_set_in_init(s, 1);
ossl_statem_set_in_init(sc, 1);
i = s->handshake_func(s);
i = sc->handshake_func(s);
/* SSLfatal() called if appropriate */
if (i < 0)
return i;
if (i == 0)
return -1;
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
if (!(sc->mode & SSL_MODE_AUTO_RETRY)) {
if (SSL3_BUFFER_get_left(&sc->rlayer.rbuf) == 0) {
/* no read-ahead left? */
BIO *bio;
/*
@ -726,7 +734,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* option set. Otherwise renegotiation may cause nasty
* problems in the blocking world
*/
s->rwstate = SSL_READING;
sc->rwstate = SSL_READING;
bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
@ -738,7 +746,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
switch (SSL3_RECORD_get_type(rr)) {
default:
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
return -1;
case SSL3_RT_CHANGE_CIPHER_SPEC:
case SSL3_RT_ALERT:
@ -748,7 +756,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
* that should not happen when type != rr->type
*/
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR);
SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR);
return -1;
case SSL3_RT_APPLICATION_DATA:
/*
@ -758,13 +766,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* application data at this point (session renegotiation not yet
* started), we will indulge it.
*/
if (s->s3.in_read_app_data &&
(s->s3.total_renegotiations != 0) &&
ossl_statem_app_data_allowed(s)) {
s->s3.in_read_app_data = 2;
if (sc->s3.in_read_app_data &&
(sc->s3.total_renegotiations != 0) &&
ossl_statem_app_data_allowed(sc)) {
sc->s3.in_read_app_data = 2;
return -1;
} else {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
return -1;
}
}
@ -775,8 +783,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* Call this to write data in records of type 'type' It will return <= 0 if
* not all data has been sent or non-blocking IO.
*/
int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
size_t *written)
int dtls1_write_bytes(SSL_CONNECTION *s, int type, const void *buf,
size_t len, size_t *written)
{
int i;
@ -789,7 +797,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
return i;
}
int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,
size_t len, int create_empty_fragment, size_t *written)
{
unsigned char *p, *pseq;
@ -799,20 +807,21 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
SSL3_RECORD wr;
SSL3_BUFFER *wb;
SSL_SESSION *sess;
SSL *s = SSL_CONNECTION_GET_SSL(sc);
wb = &s->rlayer.wbuf[0];
wb = &sc->rlayer.wbuf[0];
/*
* DTLS writes whole datagrams, so there can't be anything left in
* the buffer.
*/
if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
/* If we have an alert to send, lets send it */
if (s->s3.alert_dispatch) {
if (sc->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
if (i <= 0)
return i;
@ -822,24 +831,24 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
if (len == 0 && !create_empty_fragment)
return 0;
if (len > ssl_get_max_send_fragment(s)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
if (len > ssl_get_max_send_fragment(sc)) {
SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
return 0;
}
sess = s->session;
sess = sc->session;
if ((sess == NULL)
|| (s->enc_write_ctx == NULL)
|| (EVP_MD_CTX_get0_md(s->write_hash) == NULL))
|| (sc->enc_write_ctx == NULL)
|| (EVP_MD_CTX_get0_md(sc->write_hash) == NULL))
clear = 1;
if (clear)
mac_size = 0;
else {
mac_size = EVP_MD_CTX_get_size(s->write_hash);
mac_size = EVP_MD_CTX_get_size(sc->write_hash);
if (mac_size < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSLfatal(sc, SSL_AD_INTERNAL_ERROR,
SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
return -1;
}
@ -857,12 +866,12 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
* header: otherwise some clients will ignore it.
*/
if (s->method->version == DTLS_ANY_VERSION &&
s->max_proto_version != DTLS1_BAD_VER) {
sc->max_proto_version != DTLS1_BAD_VER) {
*(p++) = DTLS1_VERSION >> 8;
*(p++) = DTLS1_VERSION & 0xff;
} else {
*(p++) = s->version >> 8;
*(p++) = s->version & 0xff;
*(p++) = sc->version >> 8;
*(p++) = sc->version & 0xff;
}
/* field where we are to write out packet epoch, seq num and len */
@ -870,10 +879,10 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
p += 10;
/* Explicit IV length, block ciphers appropriate version flag */
if (s->enc_write_ctx) {
int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx);
if (sc->enc_write_ctx) {
int mode = EVP_CIPHER_CTX_get_mode(sc->enc_write_ctx);
if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx);
eivlen = EVP_CIPHER_CTX_get_iv_length(sc->enc_write_ctx);
if (eivlen <= 1)
eivlen = 0;
}
@ -897,9 +906,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
*/
/* first we compress */
if (s->compress != NULL) {
if (!ssl3_do_compress(s, &wr)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE);
if (sc->compress != NULL) {
if (!ssl3_do_compress(sc, &wr)) {
SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE);
return -1;
}
} else {
@ -914,11 +923,11 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
* wb->buf
*/
if (!SSL_WRITE_ETM(s) && mac_size != 0) {
if (!s->method->ssl3_enc->mac(s, &wr,
if (!SSL_WRITE_ETM(sc) && mac_size != 0) {
if (!s->method->ssl3_enc->mac(sc, &wr,
&(p[SSL3_RECORD_get_length(&wr) + eivlen]),
1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
SSL3_RECORD_add_length(&wr, mac_size);
@ -931,17 +940,17 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
if (eivlen)
SSL3_RECORD_add_length(&wr, eivlen);
if (s->method->ssl3_enc->enc(s, &wr, 1, 1, NULL, mac_size) < 1) {
if (!ossl_statem_in_error(s)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
if (s->method->ssl3_enc->enc(sc, &wr, 1, 1, NULL, mac_size) < 1) {
if (!ossl_statem_in_error(sc)) {
SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
}
return -1;
}
if (SSL_WRITE_ETM(s) && mac_size != 0) {
if (!s->method->ssl3_enc->mac(s, &wr,
if (SSL_WRITE_ETM(sc) && mac_size != 0) {
if (!s->method->ssl3_enc->mac(sc, &wr,
&(p[SSL3_RECORD_get_length(&wr)]), 1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
SSL3_RECORD_add_length(&wr, mac_size);
@ -951,15 +960,15 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
/* there's only one epoch between handshake and app data */
s2n(s->rlayer.d->w_epoch, pseq);
s2n(sc->rlayer.d->w_epoch, pseq);
memcpy(pseq, &(s->rlayer.write_sequence[2]), 6);
memcpy(pseq, &(sc->rlayer.write_sequence[2]), 6);
pseq += 6;
s2n(SSL3_RECORD_get_length(&wr), pseq);
if (s->msg_callback)
s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH,
DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
if (sc->msg_callback)
sc->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH,
DTLS1_RT_HEADER_LENGTH, s, sc->msg_callback_arg);
/*
* we should now have wr.data pointing to the encrypted data, which is
@ -968,7 +977,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
SSL3_RECORD_set_type(&wr, type); /* not needed but helps for debugging */
SSL3_RECORD_add_length(&wr, DTLS1_RT_HEADER_LENGTH);
ssl3_record_sequence_update(&(s->rlayer.write_sequence[0]));
ssl3_record_sequence_update(&(sc->rlayer.write_sequence[0]));
if (create_empty_fragment) {
/*
@ -987,16 +996,16 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
* memorize arguments so that ssl3_write_pending can detect bad write
* retries later
*/
s->rlayer.wpend_tot = len;
s->rlayer.wpend_buf = buf;
s->rlayer.wpend_type = type;
s->rlayer.wpend_ret = len;
sc->rlayer.wpend_tot = len;
sc->rlayer.wpend_buf = buf;
sc->rlayer.wpend_type = type;
sc->rlayer.wpend_ret = len;
/* we now just need to write the buffer. Calls SSLfatal() as required. */
return ssl3_write_pending(s, type, buf, len, written);
return ssl3_write_pending(sc, type, buf, len, written);
}
DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
DTLS1_BITMAP *dtls1_get_bitmap(SSL_CONNECTION *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch)
{
@ -1021,7 +1030,7 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
return NULL;
}
void dtls1_reset_seq_numbers(SSL *s, int rw)
void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw)
{
unsigned char *seq;
unsigned int seq_bytes = sizeof(s->rlayer.read_sequence);

147
ssl/record/rec_layer_s3.c
View File

@ -26,7 +26,7 @@
# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
#endif
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s)
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s)
{
rl->s = s;
RECORD_LAYER_set_first_record(&s->rlayer);
@ -111,15 +111,19 @@ void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
size_t ssl3_pending(const SSL *s)
{
size_t i, num = 0;
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (s->rlayer.rstate == SSL_ST_READ_BODY)
if (sc == NULL)
return 0;
for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) {
if (SSL3_RECORD_get_type(&s->rlayer.rrec[i])
if (sc->rlayer.rstate == SSL_ST_READ_BODY)
return 0;
for (i = 0; i < RECORD_LAYER_get_numrpipes(&sc->rlayer); i++) {
if (SSL3_RECORD_get_type(&sc->rlayer.rrec[i])
!= SSL3_RT_APPLICATION_DATA)
return 0;
num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]);
num += SSL3_RECORD_get_length(&sc->rlayer.rrec[i]);
}
return num;
@ -132,12 +136,22 @@ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
void SSL_set_default_read_buffer_len(SSL *s, size_t len)
{
SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&s->rlayer), len);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return;
SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&sc->rlayer), len);
}
const char *SSL_rstate_string_long(const SSL *s)
{
switch (s->rlayer.rstate) {
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return NULL;
switch (sc->rlayer.rstate) {
case SSL_ST_READ_HEADER:
return "read header";
case SSL_ST_READ_BODY:
@ -151,7 +165,12 @@ const char *SSL_rstate_string_long(const SSL *s)
const char *SSL_rstate_string(const SSL *s)
{
switch (s->rlayer.rstate) {
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return NULL;
switch (sc->rlayer.rstate) {
case SSL_ST_READ_HEADER:
return "RH";
case SSL_ST_READ_BODY:
@ -166,8 +185,8 @@ const char *SSL_rstate_string(const SSL *s)
/*
* Return values are as per SSL_read()
*/
int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
size_t *readbytes)
int ssl3_read_n(SSL_CONNECTION *s, size_t n, size_t max, int extend,
int clearold, size_t *readbytes)
{
/*
* If extend == 0, obtain new n-byte packet; if extend == 1, increase
@ -243,7 +262,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
* operation returns the whole packet at once (as long as it fits into
* the buffer).
*/
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
if (left == 0 && extend)
return 0;
if (left > 0 && n > left)
@ -272,7 +291,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
* Also, we always act like read_ahead is set for DTLS.
*/
if (!BIO_get_ktls_recv(s->rbio) && !s->rlayer.read_ahead
&& !SSL_IS_DTLS(s)) {
&& !SSL_CONNECTION_IS_DTLS(s)) {
/* ignore max parameter */
max = n;
} else {
@ -302,7 +321,8 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
&& !BIO_should_retry(s->rbio)
&& BIO_eof(s->rbio)) {
if (s->options & SSL_OP_IGNORE_UNEXPECTED_EOF) {
SSL_set_shutdown(s, SSL_RECEIVED_SHUTDOWN);
SSL_set_shutdown(SSL_CONNECTION_GET_SSL(s),
SSL_RECEIVED_SHUTDOWN);
s->s3.warn_alert = SSL_AD_CLOSE_NOTIFY;
} else {
SSLfatal(s, SSL_AD_DECODE_ERROR,
@ -316,7 +336,8 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
if (ret <= 0) {
rb->left = left;
if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
if ((s->mode & SSL_MODE_RELEASE_BUFFERS) != 0
&& !SSL_CONNECTION_IS_DTLS(s))
if (len + left == 0)
ssl3_release_read_buffer(s);
return ret;
@ -327,7 +348,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
* underlying transport protocol is message oriented as opposed to
* byte oriented as in the TLS case.
*/
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
if (n > left)
n = left; /* makes the while condition false */
}
@ -346,7 +367,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
* Call this to write data in records of type 'type' It will return <= 0 if
* not all data has been sent or non-blocking IO.
*/
int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
int ssl3_write_bytes(SSL *ssl, int type, const void *buf_, size_t len,
size_t *written)
{
const unsigned char *buf = buf_;
@ -355,10 +376,15 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
size_t nw;
#endif
SSL3_BUFFER *wb = &s->rlayer.wbuf[0];
SSL3_BUFFER *wb;
int i;
size_t tmpwrit;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return -1;
wb = &s->rlayer.wbuf[0];
s->rwstate = SSL_NOTHING;
tot = s->rlayer.wnum;
/*
@ -377,7 +403,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
}
if (s->early_data_state == SSL_EARLY_DATA_WRITING
&& !early_data_count_ok(s, len, 0, 1)) {
&& !ossl_early_data_count_ok(s, len, 0, 1)) {
/* SSLfatal() already called */
return -1;
}
@ -398,9 +424,9 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
* between receiving the EoED and the CF - but we don't want to handle those
* messages yet.
*/
if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)
if (SSL_in_init(ssl) && !ossl_statem_get_in_handshake(s)
&& s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
i = s->handshake_func(s);
i = s->handshake_func(ssl);
/* SSLfatal() already called */
if (i < 0)
return i;
@ -481,7 +507,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
}
if (s->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
i = ssl->method->ssl_dispatch_alert(ssl);
if (i <= 0) {
/* SSLfatal() already called if appropriate */
s->rlayer.wnum = tot;
@ -559,7 +585,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
} else
#endif /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */
if (tot == len) { /* done? */
if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_CONNECTION_IS_DTLS(s))
ssl3_release_write_buffer(s);
*written = tot;
@ -652,7 +678,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
if (tmpwrit == n
&& (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0
&& !SSL_IS_DTLS(s))
&& !SSL_CONNECTION_IS_DTLS(s))
ssl3_release_write_buffer(s);
*written = tot + tmpwrit;
@ -664,7 +690,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
}
}
int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
int do_ssl3_write(SSL_CONNECTION *s, int type, const unsigned char *buf,
size_t *pipelens, size_t numpipes,
int create_empty_fragment, size_t *written)
{
@ -682,6 +708,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
size_t totlen = 0, len, wpinited = 0;
size_t j;
int using_ktls;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
for (j = 0; j < numpipes; j++)
totlen += pipelens[j];
@ -696,7 +723,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* If we have an alert to send, lets send it */
if (s->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
i = ssl->method->ssl_dispatch_alert(ssl);
if (i <= 0) {
/* SSLfatal() already called if appropriate */
return i;
@ -830,7 +857,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
}
/* Explicit IV length, block ciphers appropriate version flag */
if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) {
if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)
&& !SSL_CONNECTION_TREAT_AS_TLS13(s)) {
int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx);
if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx);
@ -863,7 +891,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* In TLSv1.3, once encrypting, we always use application data for the
* record type
*/
if (SSL_TREAT_AS_TLS13(s)
if (SSL_CONNECTION_TREAT_AS_TLS13(s)
&& s->enc_write_ctx != NULL
&& (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
|| type != SSL3_RT_ALERT))
@ -876,9 +904,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* Some servers hang if initial client hello is larger than 256 bytes
* and record version number > TLS 1.0
*/
if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
if (SSL_get_state(ssl) == TLS_ST_CW_CLNT_HELLO
&& !s->renegotiate
&& TLS1_get_version(s) > TLS1_VERSION
&& TLS1_get_version(ssl) > TLS1_VERSION
&& s->hello_retry_request == SSL_HRR_NONE)
version = TLS1_VERSION;
SSL3_RECORD_set_rec_version(thiswr, version);
@ -934,7 +962,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
}
}
if (SSL_TREAT_AS_TLS13(s)
if (SSL_CONNECTION_TREAT_AS_TLS13(s)
&& !using_ktls
&& s->enc_write_ctx != NULL
&& (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
@ -954,7 +982,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
size_t padding = 0;
size_t max_padding = max_send_fragment - rlen;
if (s->record_padding_cb != NULL) {
padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg);
padding = s->record_padding_cb(ssl, type, rlen, s->record_padding_arg);
} else if (s->block_padding > 0) {
size_t mask = s->block_padding - 1;
size_t remainder;
@ -994,7 +1022,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned char *mac;
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
|| !ssl->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@ -1039,7 +1067,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
}
} else {
if (!using_ktls) {
if (s->method->ssl3_enc->enc(s, wr, numpipes, 1, NULL,
if (ssl->method->ssl3_enc->enc(s, wr, numpipes, 1, NULL,
mac_size) < 1) {
if (!ossl_statem_in_error(s)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -1073,7 +1101,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned char *mac;
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
|| !ssl->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@ -1090,14 +1118,14 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
recordstart = WPACKET_get_curr(thispkt) - len
- SSL3_RT_HEADER_LENGTH;
s->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart,
SSL3_RT_HEADER_LENGTH, s,
SSL3_RT_HEADER_LENGTH, ssl,
s->msg_callback_arg);
if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) {
if (SSL_CONNECTION_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) {
unsigned char ctype = type;
s->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE,
&ctype, 1, s, s->msg_callback_arg);
&ctype, 1, ssl, s->msg_callback_arg);
}
}
@ -1157,8 +1185,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
*
* Return values are as per SSL_write()
*/
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
size_t *written)
int ssl3_write_pending(SSL_CONNECTION *s, int type, const unsigned char *buf,
size_t len, size_t *written)
{
int i;
SSL3_BUFFER *wb = s->rlayer.wbuf;
@ -1221,7 +1249,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
*written = s->rlayer.wpend_ret;
return 1;
} else if (i <= 0) {
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
/*
* For DTLS, just drop it. That's kind of the whole point in
* using a datagram service
@ -1264,7 +1292,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
* Application data protocol
* none of our business
*/
int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
int ssl3_read_bytes(SSL *ssl, int type, int *recvd_type, unsigned char *buf,
size_t len, int peek, size_t *readbytes)
{
int i, j, ret;
@ -1272,7 +1300,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
SSL3_RECORD *rr;
SSL3_BUFFER *rbuf;
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
int is_tls13 = SSL_IS_TLS13(s);
int is_tls13;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
is_tls13 = SSL_CONNECTION_IS_TLS13(s);
rbuf = &s->rlayer.rbuf;
@ -1322,9 +1353,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* Now s->rlayer.handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
*/
if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
if (!ossl_statem_get_in_handshake(s) && SSL_in_init(ssl)) {
/* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s);
i = s->handshake_func(ssl);
/* SSLfatal() already called */
if (i < 0)
return i;
@ -1373,7 +1404,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (s->rlayer.handshake_fragment_len > 0
&& SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
&& SSL_IS_TLS13(s)) {
&& SSL_CONNECTION_IS_TLS13(s)) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA);
return -1;
@ -1420,8 +1451,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* make sure that we are not getting application data when we are
* doing a handshake for the first time
*/
if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
(s->enc_read_ctx == NULL)) {
if (SSL_in_init(ssl) && type == SSL3_RT_APPLICATION_DATA
&& s->enc_read_ctx == NULL) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_APP_DATA_IN_HANDSHAKE);
return -1;
}
@ -1511,7 +1542,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
return -1;
}
if (s->method->version == TLS_ANY_VERSION
if (ssl->method->version == TLS_ANY_VERSION
&& (s->server || rr->type != SSL3_RT_ALERT)) {
/*
* If we've got this far and still haven't decided on what version
@ -1544,17 +1575,17 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s,
s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, ssl,
s->msg_callback_arg);
if (s->info_callback != NULL)
cb = s->info_callback;
else if (s->ctx->info_callback != NULL)
cb = s->ctx->info_callback;
else if (ssl->ctx->info_callback != NULL)
cb = ssl->ctx->info_callback;
if (cb != NULL) {
j = (alert_level << 8) | alert_descr;
cb(s, SSL_CB_READ_ALERT, j);
cb(ssl, SSL_CB_READ_ALERT, j);
}
if (alert_level == SSL3_AL_WARNING
@ -1621,7 +1652,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* because we are unable to write any response due to having already
* sent close_notify.
*/
if (!SSL_IS_TLS13(s)) {
if (!SSL_CONNECTION_IS_TLS13(s)) {
SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr);
@ -1629,7 +1660,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
goto start;
s->rwstate = SSL_READING;
rbio = SSL_get_rbio(s);
rbio = SSL_get_rbio(ssl);
BIO_clear_retry_flags(rbio);
BIO_set_retry_read(rbio);
return -1;
@ -1694,7 +1725,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* We found handshake data, so we're going back into init */
ossl_statem_set_in_init(s, 1);
i = s->handshake_func(s);
i = s->handshake_func(ssl);
/* SSLfatal() already called if appropriate */
if (i < 0)
return i;
@ -1721,7 +1752,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* problems in the blocking world
*/
s->rwstate = SSL_READING;
bio = SSL_get_rbio(s);
bio = SSL_get_rbio(ssl);
BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio);
return -1;
@ -1772,8 +1803,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* decryption was applied. We just skip it and move on to the next
* record.
*/
if (!early_data_count_ok(s, rr->length,
EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
if (!ossl_early_data_count_ok(s, rr->length,
EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
/* SSLfatal() already called */
return -1;
}

43
ssl/record/record.h
View File

@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
typedef struct ssl_connection_st SSL_CONNECTION;
/*****************************************************************************
* *
* These structures should be considered PRIVATE to the record layer. No *
@ -127,8 +129,8 @@ typedef struct dtls_record_layer_st {
*****************************************************************************/
typedef struct record_layer_st {
/* The parent SSL structure */
SSL *s;
/* The parent SSL_CONNECTION structure */
SSL_CONNECTION *s;
/*
* Read as many input bytes as possible (for
* non-blocking reads)
@ -199,7 +201,7 @@ typedef struct ssl_mac_buf_st SSL_MAC_BUF;
#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf)
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s);
void RECORD_LAYER_clear(RECORD_LAYER *rl);
void RECORD_LAYER_release(RECORD_LAYER *rl);
int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
@ -212,23 +214,26 @@ size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
__owur size_t ssl3_pending(const SSL *s);
__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len,
size_t *written);
int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
int do_ssl3_write(SSL_CONNECTION *s, int type, const unsigned char *buf,
size_t *pipelens, size_t numpipes,
int create_empty_fragment, size_t *written);
__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, size_t len, int peek,
size_t *readbytes);
__owur int ssl3_setup_buffers(SSL *s);
__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send,
SSL_MAC_BUF *mac, size_t macsize);
__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
__owur int ssl3_setup_buffers(SSL_CONNECTION *s);
__owur int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs,
int send, SSL_MAC_BUF *mac, size_t macsize);
__owur int n_ssl3_mac(SSL_CONNECTION *s, SSL3_RECORD *rec, unsigned char *md,
int send);
__owur int ssl3_write_pending(SSL_CONNECTION *s, int type,
const unsigned char *buf, size_t len,
size_t *written);
__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
SSL_MAC_BUF *mac, size_t macsize);
__owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
__owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send,
SSL_MAC_BUF *mac, size_t macsize);
__owur int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs,
int sending, SSL_MAC_BUF *mac, size_t macsize);
__owur int tls1_mac(SSL_CONNECTION *s, SSL3_RECORD *rec, unsigned char *md,
int send);
__owur int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs,
int send, SSL_MAC_BUF *mac, size_t macsize);
int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
@ -238,10 +243,10 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, size_t len, int peek,
size_t *readbytes);
__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
size_t *written);
int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
__owur int dtls1_write_bytes(SSL_CONNECTION *s, int type, const void *buf,
size_t len, size_t *written);
int do_dtls1_write(SSL_CONNECTION *s, int type, const unsigned char *buf,
size_t len, int create_empty_fragment, size_t *written);
void dtls1_reset_seq_numbers(SSL *s, int rw);
int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq,
void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw);
int dtls_buffer_listen_record(SSL_CONNECTION *s, size_t len, unsigned char *seq,
size_t off);

39
ssl/record/record_local.h
View File

@ -36,20 +36,21 @@
#define RECORD_LAYER_clear_first_record(rl) ((rl)->is_first_record = 0)
#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch)
__owur int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
size_t *readbytes);
__owur int ssl3_read_n(SSL_CONNECTION *s, size_t n, size_t max, int extend,
int clearold, size_t *readbytes);
DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
DTLS1_BITMAP *dtls1_get_bitmap(SSL_CONNECTION *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch);
int dtls1_process_buffered_records(SSL *s);
int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue);
int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);
int dtls1_process_buffered_records(SSL_CONNECTION *s);
int dtls1_retrieve_buffered_record(SSL_CONNECTION *s, record_pqueue *queue);
int dtls1_buffer_record(SSL_CONNECTION *s, record_pqueue *q,
unsigned char *priority);
void ssl3_record_sequence_update(unsigned char *seq);
/* Functions provided by the DTLS1_BITMAP component */
int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
int dtls1_record_replay_check(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap);
void dtls1_record_bitmap_update(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap);
/* Macros/functions provided by the SSL3_BUFFER component */
@ -71,10 +72,11 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
void SSL3_BUFFER_clear(SSL3_BUFFER *b);
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n);
void SSL3_BUFFER_release(SSL3_BUFFER *b);
__owur int ssl3_setup_read_buffer(SSL *s);
__owur int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len);
int ssl3_release_read_buffer(SSL *s);
int ssl3_release_write_buffer(SSL *s);
__owur int ssl3_setup_read_buffer(SSL_CONNECTION *s);
__owur int ssl3_setup_write_buffer(SSL_CONNECTION *s, size_t numwpipes,
size_t len);
int ssl3_release_read_buffer(SSL_CONNECTION *s);
int ssl3_release_write_buffer(SSL_CONNECTION *s);
/* Macros/functions provided by the SSL3_RECORD component */
@ -104,9 +106,9 @@ int ssl3_release_write_buffer(SSL *s);
void SSL3_RECORD_clear(SSL3_RECORD *r, size_t);
void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs);
void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);
int ssl3_get_record(SSL *s);
__owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr);
__owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr);
int ssl3_get_record(SSL_CONNECTION *s);
__owur int ssl3_do_compress(SSL_CONNECTION *ssl, SSL3_RECORD *wr);
__owur int ssl3_do_uncompress(SSL_CONNECTION *ssl, SSL3_RECORD *rr);
__owur int ssl3_cbc_remove_padding_and_mac(size_t *reclen,
size_t origreclen,
unsigned char *recdata,
@ -122,6 +124,7 @@ __owur int tls1_cbc_remove_padding_and_mac(size_t *reclen,
size_t block_size, size_t mac_size,
int aead,
OSSL_LIB_CTX *libctx);
int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
__owur int dtls1_get_record(SSL *s);
int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send);
int dtls1_process_record(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap);
__owur int dtls1_get_record(SSL_CONNECTION *s);
int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length,
size_t overhead, int send);

15
ssl/record/ssl3_buffer.c
View File

@ -34,7 +34,7 @@ void SSL3_BUFFER_release(SSL3_BUFFER *b)
b->buf = NULL;
}
int ssl3_setup_read_buffer(SSL *s)
int ssl3_setup_read_buffer(SSL_CONNECTION *s)
{
unsigned char *p;
size_t len, align = 0, headerlen;
@ -42,7 +42,7 @@ int ssl3_setup_read_buffer(SSL *s)
b = RECORD_LAYER_get_rbuf(&s->rlayer);
if (SSL_IS_DTLS(s))
if (SSL_CONNECTION_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH;
else
headerlen = SSL3_RT_HEADER_LENGTH;
@ -76,7 +76,8 @@ int ssl3_setup_read_buffer(SSL *s)
return 1;
}
int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
int ssl3_setup_write_buffer(SSL_CONNECTION *s, size_t numwpipes,
size_t len)
{
unsigned char *p;
size_t align = 0, headerlen;
@ -86,7 +87,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
s->rlayer.numwpipes = numwpipes;
if (len == 0) {
if (SSL_IS_DTLS(s))
if (SSL_CONNECTION_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH + 1;
else
headerlen = SSL3_RT_HEADER_LENGTH;
@ -139,7 +140,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
return 1;
}
int ssl3_setup_buffers(SSL *s)
int ssl3_setup_buffers(SSL_CONNECTION *s)
{
if (!ssl3_setup_read_buffer(s)) {
/* SSLfatal() already called */
@ -152,7 +153,7 @@ int ssl3_setup_buffers(SSL *s)
return 1;
}
int ssl3_release_write_buffer(SSL *s)
int ssl3_release_write_buffer(SSL_CONNECTION *s)
{
SSL3_BUFFER *wb;
size_t pipes;
@ -172,7 +173,7 @@ int ssl3_release_write_buffer(SSL *s)
return 1;
}
int ssl3_release_read_buffer(SSL *s)
int ssl3_release_read_buffer(SSL_CONNECTION *s)
{
SSL3_BUFFER *b;

138
ssl/record/ssl3_record.c
View File

@ -67,7 +67,7 @@ void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
* Peeks ahead into "read_ahead" data to see if we have a whole record waiting
* for us in the buffer.
*/
static int ssl3_record_app_data_waiting(SSL *s)
static int ssl3_record_app_data_waiting(SSL_CONNECTION *s)
{
SSL3_BUFFER *rbuf;
size_t left, len;
@ -102,7 +102,8 @@ static int ssl3_record_app_data_waiting(SSL *s)
return 1;
}
int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send)
int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length,
size_t overhead, int send)
{
uint32_t max_early_data;
SSL_SESSION *sess = s->session;
@ -170,7 +171,7 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send)
* |max_pipelines|
*/
/* used only by ssl3_read_bytes */
int ssl3_get_record(SSL *s)
int ssl3_get_record(SSL_CONNECTION *s)
{
int enc_err, rret;
int i;
@ -188,6 +189,7 @@ int ssl3_get_record(SSL *s)
int using_ktls;
SSL_MAC_BUF *macbufs = NULL;
int ret = -1;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
rr = RECORD_LAYER_get_rrec(&s->rlayer);
rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
@ -291,7 +293,7 @@ int ssl3_get_record(SSL *s)
|| !PACKET_get_net_2(&pkt, &version)
|| !PACKET_get_net_2_len(&pkt, &thisrr->length)) {
if (s->msg_callback)
s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s,
s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, ssl,
s->msg_callback_arg);
SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
@ -300,7 +302,7 @@ int ssl3_get_record(SSL *s)
thisrr->rec_version = version;
if (s->msg_callback)
s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, s,
s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, ssl,
s->msg_callback_arg);
/*
@ -310,7 +312,7 @@ int ssl3_get_record(SSL *s)
* yet, but we still treat it as TLSv1.3, so we must check for
* that explicitly
*/
if (!s->first_packet && !SSL_IS_TLS13(s)
if (!s->first_packet && !SSL_CONNECTION_IS_TLS13(s)
&& s->hello_retry_request != SSL_HRR_PENDING
&& version != (unsigned int)s->version) {
if ((s->version & 0xFF00) == (version & 0xFF00)
@ -366,7 +368,7 @@ int ssl3_get_record(SSL *s)
}
}
if (SSL_IS_TLS13(s)
if (SSL_CONNECTION_IS_TLS13(s)
&& s->enc_read_ctx != NULL
&& !using_ktls) {
if (thisrr->type != SSL3_RT_APPLICATION_DATA
@ -397,7 +399,7 @@ int ssl3_get_record(SSL *s)
/* now s->rlayer.rstate == SSL_ST_READ_BODY */
}
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH;
/* KTLS strips the inner record type. */
@ -503,7 +505,8 @@ int ssl3_get_record(SSL *s)
if (num_recs == 1
&& thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC
&& (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE)
&& (SSL_CONNECTION_IS_TLS13(s)
|| s->hello_retry_request != SSL_HRR_NONE)
&& SSL_IS_FIRST_HANDSHAKE(s)) {
/*
* CCS messages must be exactly 1 byte long, containing the value 0x01
@ -563,7 +566,7 @@ int ssl3_get_record(SSL *s)
}
thisrr->length -= mac_size;
mac = thisrr->data + thisrr->length;
i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
i = ssl->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) {
SSLfatal(s, SSL_AD_BAD_RECORD_MAC,
SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
@ -585,7 +588,7 @@ int ssl3_get_record(SSL *s)
}
}
enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0, macbufs, mac_size);
enc_err = ssl->method->ssl3_enc->enc(s, rr, num_recs, 0, macbufs, mac_size);
/*-
* enc_err is:
@ -606,8 +609,8 @@ int ssl3_get_record(SSL *s)
thisrr = &rr[0];
if (!early_data_count_ok(s, thisrr->length,
EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
if (!ossl_early_data_count_ok(s, thisrr->length,
EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
/* SSLfatal() already called */
goto end;
}
@ -638,7 +641,7 @@ int ssl3_get_record(SSL *s)
SSL_MAC_BUF *thismb = &macbufs[j];
thisrr = &rr[j];
i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
i = ssl->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
if (i == 0 || thismb == NULL || thismb->mac == NULL
|| CRYPTO_memcmp(md, thismb->mac, (size_t)mac_size) != 0)
enc_err = 0;
@ -683,7 +686,7 @@ int ssl3_get_record(SSL *s)
}
}
if (SSL_IS_TLS13(s)
if (SSL_CONNECTION_IS_TLS13(s)
&& s->enc_read_ctx != NULL
&& thisrr->type != SSL3_RT_ALERT) {
/*
@ -717,14 +720,14 @@ int ssl3_get_record(SSL *s)
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE,
&thisrr->type, 1, s, s->msg_callback_arg);
&thisrr->type, 1, ssl, s->msg_callback_arg);
}
/*
* TLSv1.3 alert and handshake records are required to be non-zero in
* length.
*/
if (SSL_IS_TLS13(s)
if (SSL_CONNECTION_IS_TLS13(s)
&& (thisrr->type == SSL3_RT_HANDSHAKE
|| thisrr->type == SSL3_RT_ALERT)
&& thisrr->length == 0) {
@ -781,7 +784,7 @@ int ssl3_get_record(SSL *s)
if (s->early_data_state == SSL_EARLY_DATA_READING) {
thisrr = &rr[0];
if (thisrr->type == SSL3_RT_APPLICATION_DATA
&& !early_data_count_ok(s, thisrr->length, 0, 0)) {
&& !ossl_early_data_count_ok(s, thisrr->length, 0, 0)) {
/* SSLfatal already called */
goto end;
}
@ -800,7 +803,7 @@ int ssl3_get_record(SSL *s)
return ret;
}
int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
int ssl3_do_uncompress(SSL_CONNECTION *sc, SSL3_RECORD *rr)
{
#ifndef OPENSSL_NO_COMP
int i;
@ -812,7 +815,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
if (rr->comp == NULL)
return 0;
i = COMP_expand_block(ssl->expand, rr->comp,
i = COMP_expand_block(sc->expand, rr->comp,
SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
if (i < 0)
return 0;
@ -823,12 +826,12 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
return 1;
}
int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
int ssl3_do_compress(SSL_CONNECTION *sc, SSL3_RECORD *wr)
{
#ifndef OPENSSL_NO_COMP
int i;
i = COMP_compress_block(ssl->compress, wr->data,
i = COMP_compress_block(sc->compress, wr->data,
(int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD),
wr->input, (int)wr->length);
if (i < 0)
@ -850,7 +853,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
* 0: if the record is publicly invalid, or an internal error
* 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised)
*/
int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
SSL_MAC_BUF *mac, size_t macsize)
{
SSL3_RECORD *rec;
@ -957,7 +960,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
(mac != NULL) ? &mac->alloced : NULL,
bs,
macsize,
s->ctx->libctx);
SSL_CONNECTION_GET_CTX(s)->libctx);
}
}
return 1;
@ -974,7 +977,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
* decryption failed, or Encrypt-then-mac decryption failed.
* 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised)
*/
int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
SSL_MAC_BUF *macs, size_t macsize)
{
EVP_CIPHER_CTX *ds;
@ -1022,7 +1025,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
*/
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
} else if (RAND_bytes_ex(s->ctx->libctx, recs[ctr].input,
} else if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
recs[ctr].input,
ivlen, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
@ -1076,7 +1080,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
: RECORD_LAYER_get_read_sequence(&s->rlayer);
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
/* DTLS does not support pipelining */
unsigned char dtlsseq[8], *p = dtlsseq;
@ -1163,7 +1167,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
}
}
if (!SSL_IS_DTLS(s) && tlstree_enc) {
if (!SSL_CONNECTION_IS_DTLS(s) && tlstree_enc) {
unsigned char *seq;
int decrement_seq = 0;
@ -1282,7 +1286,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
pad ? (size_t)pad : macsize,
(EVP_CIPHER_get_flags(enc)
& EVP_CIPH_FLAG_AEAD_CIPHER) != 0,
s->ctx->libctx))
SSL_CONNECTION_GET_CTX(s)->libctx))
return 0;
}
}
@ -1310,7 +1314,8 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
}
}
int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
int n_ssl3_mac(SSL_CONNECTION *sc, SSL3_RECORD *rec, unsigned char *md,
int sending)
{
unsigned char *mac_sec, *seq;
const EVP_MD_CTX *hash;
@ -1320,13 +1325,13 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
int t;
if (sending) {
mac_sec = &(ssl->s3.write_mac_secret[0]);
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash;
mac_sec = &(sc->s3.write_mac_secret[0]);
seq = RECORD_LAYER_get_write_sequence(&sc->rlayer);
hash = sc->write_hash;
} else {
mac_sec = &(ssl->s3.read_mac_secret[0]);
seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
hash = ssl->read_hash;
mac_sec = &(sc->s3.read_mac_secret[0]);
seq = RECORD_LAYER_get_read_sequence(&sc->rlayer);
hash = sc->read_hash;
}
t = EVP_MD_CTX_get_size(hash);
@ -1336,7 +1341,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
npad = (48 / md_size) * md_size;
if (!sending
&& EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE
&& EVP_CIPHER_CTX_get_mode(sc->enc_read_ctx) == EVP_CIPH_CBC_MODE
&& ssl3_cbc_record_digest_supported(hash)) {
#ifdef OPENSSL_NO_DEPRECATED_3_0
return 0;
@ -1410,7 +1415,8 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
return 1;
}
int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
int tls1_mac(SSL_CONNECTION *sc, SSL3_RECORD *rec, unsigned char *md,
int sending)
{
unsigned char *seq;
EVP_MD_CTX *hash;
@ -1418,19 +1424,19 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
int i;
EVP_MD_CTX *hmac = NULL, *mac_ctx;
unsigned char header[13];
int stream_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
: (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM);
int tlstree_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE)
: (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE);
int stream_mac = sending ? (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
: (sc->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM);
int tlstree_mac = sending ? (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE)
: (sc->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE);
int t;
int ret = 0;
if (sending) {
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash;
seq = RECORD_LAYER_get_write_sequence(&sc->rlayer);
hash = sc->write_hash;
} else {
seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
hash = ssl->read_hash;
seq = RECORD_LAYER_get_read_sequence(&sc->rlayer);
hash = sc->read_hash;
}
t = EVP_MD_CTX_get_size(hash);
@ -1449,15 +1455,16 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
mac_ctx = hmac;
}
if (!SSL_IS_DTLS(ssl) && tlstree_mac && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) {
if (!SSL_CONNECTION_IS_DTLS(sc) && tlstree_mac
&& EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) {
goto end;
}
if (SSL_IS_DTLS(ssl)) {
if (SSL_CONNECTION_IS_DTLS(sc)) {
unsigned char dtlsseq[8], *p = dtlsseq;
s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :
DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p);
s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&sc->rlayer) :
DTLS_RECORD_LAYER_get_r_epoch(&sc->rlayer), p);
memcpy(p, &seq[2], 6);
memcpy(header, dtlsseq, 8);
@ -1465,13 +1472,13 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
memcpy(header, seq, 8);
header[8] = rec->type;
header[9] = (unsigned char)(ssl->version >> 8);
header[10] = (unsigned char)(ssl->version);
header[9] = (unsigned char)(sc->version >> 8);
header[10] = (unsigned char)(sc->version);
header[11] = (unsigned char)(rec->length >> 8);
header[12] = (unsigned char)(rec->length & 0xff);
if (!sending && !SSL_READ_ETM(ssl)
&& EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE
if (!sending && !SSL_READ_ETM(sc)
&& EVP_CIPHER_CTX_get_mode(sc->enc_read_ctx) == EVP_CIPH_CBC_MODE
&& ssl3_cbc_record_digest_supported(mac_ctx)) {
OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params;
@ -1498,7 +1505,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
BIO_dump_indent(trc_out, rec->data, rec->length, 4);
} OSSL_TRACE_END(TLS);
if (!SSL_IS_DTLS(ssl)) {
if (!SSL_CONNECTION_IS_DTLS(sc)) {
for (i = 7; i >= 0; i--) {
++seq[i];
if (seq[i] != 0)
@ -1515,7 +1522,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
return ret;
}
int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
int dtls1_process_record(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap)
{
int i;
int enc_err;
@ -1527,6 +1534,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH;
SSL_MAC_BUF macbuf = { NULL, 0 };
int ret = 0;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
rr = RECORD_LAYER_get_rrec(&s->rlayer);
sess = s->session;
@ -1581,7 +1589,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
}
rr->length -= mac_size;
mac = rr->data + rr->length;
i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
i = ssl->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) {
SSLfatal(s, SSL_AD_BAD_RECORD_MAC,
SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
@ -1600,7 +1608,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
* errors in the queue from processing bogus junk that we ignored.
*/
ERR_set_mark();
enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0, &macbuf, mac_size);
enc_err = ssl->method->ssl3_enc->enc(s, rr, 1, 0, &macbuf, mac_size);
/*-
* enc_err is:
@ -1632,7 +1640,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
&& (EVP_MD_CTX_get0_md(s->read_hash) != NULL)) {
/* s->read_hash != NULL => mac_size != -1 */
i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
i = ssl->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
if (i == 0 || macbuf.mac == NULL
|| CRYPTO_memcmp(md, macbuf.mac, mac_size) != 0)
enc_err = 0;
@ -1710,7 +1718,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
* ssl->s3.rrec.length - number of bytes
*/
/* used only by dtls1_read_bytes */
int dtls1_get_record(SSL *s)
int dtls1_get_record(SSL_CONNECTION *s)
{
int ssl_major, ssl_minor;
int rret;
@ -1720,6 +1728,7 @@ int dtls1_get_record(SSL *s)
unsigned short version;
DTLS1_BITMAP *bitmap;
unsigned int is_next_epoch;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
rr = RECORD_LAYER_get_rrec(&s->rlayer);
@ -1763,7 +1772,7 @@ int dtls1_get_record(SSL *s)
if (s->msg_callback)
s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH,
s, s->msg_callback_arg);
ssl, s->msg_callback_arg);
/* Pull apart the header into the DTLS1_RECORD */
rr->type = *(p++);
@ -1859,7 +1868,7 @@ int dtls1_get_record(SSL *s)
}
#ifndef OPENSSL_NO_SCTP
/* Only do replay check if no SCTP bio */
if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
if (!BIO_dgram_is_sctp(SSL_get_rbio(ssl))) {
#endif
/* Check whether this is a repeat, or aged record. */
if (!dtls1_record_replay_check(s, bitmap)) {
@ -1884,7 +1893,7 @@ int dtls1_get_record(SSL *s)
* processed at this time.
*/
if (is_next_epoch) {
if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) {
if ((SSL_in_init(ssl) || ossl_statem_get_in_handshake(s))) {
if (dtls1_buffer_record (s,
&(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),
rr->seq_num) < 0) {
@ -1913,7 +1922,8 @@ int dtls1_get_record(SSL *s)
}
int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off)
int dtls_buffer_listen_record(SSL_CONNECTION *s, size_t len, unsigned char *seq,
size_t off)
{
SSL3_RECORD *rr;

6
ssl/record/ssl3_record_tls13.c
View File

@ -20,7 +20,7 @@
* 0: On failure
* 1: if the record encryption/decryption was successful.
*/
int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
ossl_unused SSL_MAC_BUF *mac, ossl_unused size_t macsize)
{
EVP_CIPHER_CTX *ctx;
@ -140,8 +140,8 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0
|| (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
taglen,
rec->data + rec->length) <= 0)) {
taglen,
rec->data + rec->length) <= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}

34
ssl/s3_enc.c
View File

@ -15,7 +15,7 @@
#include <openssl/core_names.h>
#include "internal/cryptlib.h"
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
static int ssl3_generate_key_block(SSL_CONNECTION *s, unsigned char *km, int num)
{
const EVP_MD *md5 = NULL, *sha1 = NULL;
EVP_MD_CTX *m5;
@ -24,13 +24,14 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
unsigned char c = 'A';
unsigned int i, k;
int ret = 0;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
#ifdef CHARSET_EBCDIC
c = os_toascii[c]; /* 'A' in ASCII */
#endif
k = 0;
md5 = ssl_evp_md_fetch(s->ctx->libctx, NID_md5, s->ctx->propq);
sha1 = ssl_evp_md_fetch(s->ctx->libctx, NID_sha1, s->ctx->propq);
md5 = ssl_evp_md_fetch(sctx->libctx, NID_md5, sctx->propq);
sha1 = ssl_evp_md_fetch(sctx->libctx, NID_sha1, sctx->propq);
m5 = EVP_MD_CTX_new();
s1 = EVP_MD_CTX_new();
if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) {
@ -86,7 +87,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
return ret;
}
int ssl3_change_cipher_state(SSL *s, int which)
int ssl3_change_cipher_state(SSL_CONNECTION *s, int which)
{
unsigned char *p, *mac_secret;
unsigned char *ms, *key, *iv;
@ -237,7 +238,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
return 0;
}
int ssl3_setup_key_block(SSL *s)
int ssl3_setup_key_block(SSL_CONNECTION *s)
{
unsigned char *p;
const EVP_CIPHER *c;
@ -249,8 +250,8 @@ int ssl3_setup_key_block(SSL *s)
if (s->s3.tmp.key_block_length != 0)
return 1;
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp,
0)) {
if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash,
NULL, NULL, &comp, 0)) {
/* Error is already recorded */
SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
return 0;
@ -305,14 +306,14 @@ int ssl3_setup_key_block(SSL *s)
return ret;
}
void ssl3_cleanup_key_block(SSL *s)
void ssl3_cleanup_key_block(SSL_CONNECTION *s)
{
OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length);
s->s3.tmp.key_block = NULL;
s->s3.tmp.key_block_length = 0;
}
int ssl3_init_finished_mac(SSL *s)
int ssl3_init_finished_mac(SSL_CONNECTION *s)
{
BIO *buf = BIO_new(BIO_s_mem());
@ -331,7 +332,7 @@ int ssl3_init_finished_mac(SSL *s)
* together.
*/
void ssl3_free_digest_list(SSL *s)
void ssl3_free_digest_list(SSL_CONNECTION *s)
{
BIO_free(s->s3.handshake_buffer);
s->s3.handshake_buffer = NULL;
@ -339,7 +340,7 @@ void ssl3_free_digest_list(SSL *s)
s->s3.handshake_dgst = NULL;
}
int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len)
int ssl3_finish_mac(SSL_CONNECTION *s, const unsigned char *buf, size_t len)
{
int ret;
@ -364,7 +365,7 @@ int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len)
return 1;
}
int ssl3_digest_cached_records(SSL *s, int keep)
int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep)
{
const EVP_MD *md;
long hdatalen;
@ -413,7 +414,7 @@ void ssl3_digest_master_key_set_params(const SSL_SESSION *session,
params[n++] = OSSL_PARAM_construct_end();
}
size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender, size_t len,
unsigned char *p)
{
int ret;
@ -466,7 +467,8 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
return ret;
}
int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
unsigned char *p,
size_t len, size_t *secret_size)
{
static const unsigned char *salt[3] = {
@ -491,7 +493,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
return 0;
}
for (i = 0; i < 3; i++) {
if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0
if (EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->sha1, NULL) <= 0
|| EVP_DigestUpdate(ctx, salt[i],
strlen((const char *)salt[i])) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0
@ -500,7 +502,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
|| EVP_DigestUpdate(ctx, &(s->s3.server_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(ctx, buf, &n) <= 0
|| EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
|| EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->md5, NULL) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, buf, n) <= 0
|| EVP_DigestFinal_ex(ctx, out, &n) <= 0) {

452
ssl/s3_lib.c
View File

File diff suppressed because it is too large Load Diff

41
ssl/s3_msg.c
View File

@ -9,9 +9,10 @@
#include "ssl_local.h"
int ssl3_do_change_cipher_spec(SSL *s)
int ssl3_do_change_cipher_spec(SSL_CONNECTION *s)
{
int i;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->server)
i = SSL3_CHANGE_CIPHER_SERVER_READ;
@ -26,13 +27,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
}
s->session->cipher = s->s3.tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s)) {
if (!ssl->method->ssl3_enc->setup_key_block(s)) {
/* SSLfatal() already called */
return 0;
}
}
if (!s->method->ssl3_enc->change_cipher_state(s, i)) {
if (!ssl->method->ssl3_enc->change_cipher_state(s, i)) {
/* SSLfatal() already called */
return 0;
}
@ -40,13 +41,15 @@ int ssl3_do_change_cipher_spec(SSL *s)
return 1;
}
int ssl3_send_alert(SSL *s, int level, int desc)
int ssl3_send_alert(SSL_CONNECTION *s, int level, int desc)
{
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* Map tls/ssl alert value to correct one */
if (SSL_TREAT_AS_TLS13(s))
if (SSL_CONNECTION_TREAT_AS_TLS13(s))
desc = tls13_alert_code(desc);
else
desc = s->method->ssl3_enc->alert_value(desc);
desc = ssl->method->ssl3_enc->alert_value(desc);
if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
* protocol_version alerts */
@ -63,7 +66,7 @@ int ssl3_send_alert(SSL *s, int level, int desc)
s->s3.send_alert[1] = desc;
if (!RECORD_LAYER_write_pending(&s->rlayer)) {
/* data still being written out? */
return s->method->ssl_dispatch_alert(s);
return ssl->method->ssl_dispatch_alert(ssl);
}
/*
* else data is still being written out, we will get written some time in
@ -78,31 +81,35 @@ int ssl3_dispatch_alert(SSL *s)
size_t alertlen;
void (*cb) (const SSL *ssl, int type, int val) = NULL;
size_t written;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
s->s3.alert_dispatch = 0;
if (sc == NULL)
return -1;
sc->s3.alert_dispatch = 0;
alertlen = 2;
i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3.send_alert[0], &alertlen, 1, 0,
i = do_ssl3_write(sc, SSL3_RT_ALERT, &sc->s3.send_alert[0], &alertlen, 1, 0,
&written);
if (i <= 0) {
s->s3.alert_dispatch = 1;
sc->s3.alert_dispatch = 1;
} else {
/*
* Alert sent to BIO - now flush. If the message does not get sent due
* to non-blocking IO, we will not worry too much.
*/
(void)BIO_flush(s->wbio);
(void)BIO_flush(sc->wbio);
if (s->msg_callback)
s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert,
2, s, s->msg_callback_arg);
if (sc->msg_callback)
sc->msg_callback(1, sc->version, SSL3_RT_ALERT, sc->s3.send_alert,
2, s, sc->msg_callback_arg);
if (s->info_callback != NULL)
cb = s->info_callback;
if (sc->info_callback != NULL)
cb = sc->info_callback;
else if (s->ctx->info_callback != NULL)
cb = s->ctx->info_callback;
if (cb != NULL) {
j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1];
j = (sc->s3.send_alert[0] << 8) | sc->s3.send_alert[1];
cb(s, SSL_CB_WRITE_ALERT, j);
}
}

106
ssl/ssl_cert.c
View File

@ -248,7 +248,7 @@ void ssl_cert_free(CERT *c)
OPENSSL_free(c);
}
int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
{
int i, r;
CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key;
@ -269,7 +269,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
return 1;
}
int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
{
STACK_OF(X509) *dchain;
if (!chain)
@ -284,7 +284,7 @@ int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
return 1;
}
int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
{
int r;
CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
@ -302,7 +302,7 @@ int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
return 1;
}
int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
{
if (!ssl_cert_add0_chain_cert(s, ctx, x))
return 0;
@ -369,23 +369,25 @@ void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
* 0: Verify failure or error
* -1: Retry required
*/
int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk)
{
X509 *x;
int i = 0;
X509_STORE *verify_store;
X509_STORE_CTX *ctx = NULL;
X509_VERIFY_PARAM *param;
SSL_CTX *sctx;
if ((sk == NULL) || (sk_X509_num(sk) == 0))
return 0;
sctx = SSL_CONNECTION_GET_CTX(s);
if (s->cert->verify_store)
verify_store = s->cert->verify_store;
else
verify_store = s->ctx->cert_store;
verify_store = sctx->cert_store;
ctx = X509_STORE_CTX_new_ex(s->ctx->libctx, s->ctx->propq);
ctx = X509_STORE_CTX_new_ex(sctx->libctx, sctx->propq);
if (ctx == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
@ -402,12 +404,13 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
* point, for now a single @SECLEVEL sets the same policy for TLS crypto
* and PKI authentication.
*/
X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
X509_VERIFY_PARAM_set_auth_level(param,
SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)));
/* Set suite B flags if needed */
X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
if (!X509_STORE_CTX_set_ex_data
(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
if (!X509_STORE_CTX_set_ex_data(ctx,
SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
goto end;
}
@ -430,8 +433,8 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
if (s->verify_callback)
X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
if (s->ctx->app_verify_callback != NULL) {
i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg);
if (sctx->app_verify_callback != NULL) {
i = sctx->app_verify_callback(ctx, sctx->app_verify_arg);
} else {
i = X509_verify_cert(ctx);
/* We treat an error in the same way as a failure to verify */
@ -491,7 +494,12 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
{
set0_CA_list(&s->ca_names, name_list);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return;
set0_CA_list(&sc->ca_names, name_list);
}
void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
@ -506,7 +514,12 @@ const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
{
return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names;
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return NULL;
return sc->ca_names != NULL ? sc->ca_names : s->ctx->ca_names;
}
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
@ -521,20 +534,35 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
{
set0_CA_list(&s->client_ca_names, name_list);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return;
set0_CA_list(&sc->client_ca_names, name_list);
}
const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
{
return s->s3.tmp.peer_ca_names;
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return NULL;
return sc->s3.tmp.peer_ca_names;
}
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
{
if (!s->server)
return s->s3.tmp.peer_ca_names;
return s->client_ca_names != NULL ? s->client_ca_names
: s->ctx->client_ca_names;
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return NULL;
if (!sc->server)
return sc->s3.tmp.peer_ca_names;
return sc->client_ca_names != NULL ? sc->client_ca_names
: s->ctx->client_ca_names;
}
static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
@ -558,7 +586,12 @@ static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
int SSL_add1_to_CA_list(SSL *ssl, const X509 *x)
{
return add_ca_name(&ssl->ca_names, x);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
return add_ca_name(&sc->ca_names, x);
}
int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
@ -572,7 +605,12 @@ int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
*/
int SSL_add_client_CA(SSL *ssl, X509 *x)
{
return add_ca_name(&ssl->client_ca_names, x);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
return add_ca_name(&sc->client_ca_names, x);
}
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
@ -849,18 +887,18 @@ int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
}
/* Build a certificate chain for current certificate */
int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags)
{
CERT *c = s ? s->cert : ctx->cert;
CERT *c = s != NULL ? s->cert : ctx->cert;
CERT_PKEY *cpk = c->key;
X509_STORE *chain_store = NULL;
X509_STORE_CTX *xs_ctx = NULL;
STACK_OF(X509) *chain = NULL, *untrusted = NULL;
X509 *x;
SSL_CTX *real_ctx = (s == NULL) ? ctx : s->ctx;
SSL_CTX *real_ctx = (s == NULL) ? ctx : SSL_CONNECTION_GET_CTX(s);
int i, rv = 0;
if (!cpk->x509) {
if (cpk->x509 == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET);
goto err;
}
@ -878,12 +916,10 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
if (!X509_STORE_add_cert(chain_store, cpk->x509))
goto err;
} else {
if (c->chain_store)
if (c->chain_store != NULL)
chain_store = c->chain_store;
else if (s)
chain_store = s->ctx->cert_store;
else
chain_store = ctx->cert_store;
chain_store = real_ctx->cert_store;
if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
untrusted = cpk->chain;
@ -1008,6 +1044,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
void *ex)
{
int level, minbits, pfs_mask;
const SSL_CONNECTION *sc;
minbits = ssl_get_security_level_bits(s, ctx, &level);
@ -1046,7 +1083,9 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
break;
}
case SSL_SECOP_VERSION:
if (!SSL_IS_DTLS(s)) {
if ((sc = SSL_CONNECTION_FROM_CONST_SSL(s)) == NULL)
return 0;
if (!SSL_CONNECTION_IS_DTLS(sc)) {
/* SSLv3, TLS v1.0 and TLS v1.1 only allowed at level 0 */
if (nid <= TLS1_1_VERSION && level > 0)
return 0;
@ -1072,9 +1111,10 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
return 1;
}
int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other)
{
return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
return s->cert->sec_cb(SSL_CONNECTION_GET_SSL(s), NULL, op, bits, nid,
other, s->cert->sec_ex);
}
int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)

33
ssl/ssl_ciph.c
View File

@ -625,14 +625,15 @@ const EVP_MD *ssl_md(SSL_CTX *ctx, int idx)
return ctx->ssl_digest_methods[idx];
}
const EVP_MD *ssl_handshake_md(SSL *s)
const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s)
{
return ssl_md(s->ctx, ssl_get_algorithm2(s));
return ssl_md(SSL_CONNECTION_GET_CTX(s), ssl_get_algorithm2(s));
}
const EVP_MD *ssl_prf_md(SSL *s)
const EVP_MD *ssl_prf_md(SSL_CONNECTION *s)
{
return ssl_md(s->ctx, ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
return ssl_md(SSL_CONNECTION_GET_CTX(s),
ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
}
#define ITEM_SEP(a) \
@ -1431,15 +1432,22 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
int SSL_set_ciphersuites(SSL *s, const char *str)
{
STACK_OF(SSL_CIPHER) *cipher_list;
int ret = set_ciphersuites(&(s->tls13_ciphersuites), str);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
int ret;
if (s->cipher_list == NULL) {
if (sc == NULL)
return 0;
ret = set_ciphersuites(&(sc->tls13_ciphersuites), str);
if (sc->cipher_list == NULL) {
if ((cipher_list = SSL_get_ciphers(s)) != NULL)
s->cipher_list = sk_SSL_CIPHER_dup(cipher_list);
sc->cipher_list = sk_SSL_CIPHER_dup(cipher_list);
}
if (ret && s->cipher_list != NULL)
return update_cipher_list(s->ctx, &s->cipher_list, &s->cipher_list_by_id,
s->tls13_ciphersuites);
if (ret && sc->cipher_list != NULL)
return update_cipher_list(s->ctx, &sc->cipher_list,
&sc->cipher_list_by_id,
sc->tls13_ciphersuites);
return ret;
}
@ -2096,10 +2104,11 @@ int SSL_COMP_get_id(const SSL_COMP *comp)
#endif
}
const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr,
const SSL_CIPHER *ssl_get_cipher_by_char(SSL_CONNECTION *s,
const unsigned char *ptr,
int all)
{
const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
const SSL_CIPHER *c = SSL_CONNECTION_GET_SSL(s)->method->get_cipher_by_char(ptr);
if (c == NULL || (!all && c->valid == 0))
return NULL;

53
ssl/ssl_conf.c
View File

@ -431,16 +431,23 @@ static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
{
int rv = 1;
CERT *c = NULL;
if (cctx->ctx) {
if (cctx->ctx != NULL) {
rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value);
c = cctx->ctx->cert;
}
if (cctx->ssl) {
rv = SSL_use_certificate_chain_file(cctx->ssl, value);
c = cctx->ssl->cert;
if (cctx->ssl != NULL) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl);
if (sc != NULL) {
rv = SSL_use_certificate_chain_file(cctx->ssl, value);
c = sc->cert;
} else {
rv = 0;
}
}
if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
if (rv > 0 && c != NULL && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
char **pfilename = &cctx->cert_filename[c->key - c->pkeys];
OPENSSL_free(*pfilename);
*pfilename = OPENSSL_strdup(value);
if (*pfilename == NULL)
@ -484,7 +491,12 @@ static int do_store(SSL_CONF_CTX *cctx,
cert = cctx->ctx->cert;
ctx = cctx->ctx;
} else if (cctx->ssl != NULL) {
cert = cctx->ssl->cert;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl);
if (sc == NULL)
return 0;
cert = sc->cert;
ctx = cctx->ssl->ctx;
} else {
return 1;
@ -977,11 +989,16 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
/* See if any certificates are missing private keys */
size_t i;
CERT *c = NULL;
if (cctx->ctx)
if (cctx->ctx != NULL) {
c = cctx->ctx->cert;
else if (cctx->ssl)
c = cctx->ssl->cert;
if (c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
} else if (cctx->ssl != NULL) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl);
if (sc != NULL)
c = sc->cert;
}
if (c != NULL && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
for (i = 0; i < SSL_PKEY_NUM; i++) {
const char *p = cctx->cert_filename[i];
/*
@ -1050,12 +1067,16 @@ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl)
{
cctx->ssl = ssl;
cctx->ctx = NULL;
if (ssl) {
cctx->poptions = &ssl->options;
cctx->min_version = &ssl->min_proto_version;
cctx->max_version = &ssl->max_proto_version;
cctx->pcert_flags = &ssl->cert->cert_flags;
cctx->pvfy_flags = &ssl->verify_mode;
if (ssl != NULL) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return;
cctx->poptions = &sc->options;
cctx->min_version = &sc->min_proto_version;
cctx->max_version = &sc->max_proto_version;
cctx->pcert_flags = &sc->cert->cert_flags;
cctx->pvfy_flags = &sc->verify_mode;
} else {
cctx->poptions = NULL;
cctx->min_version = NULL;

2040
ssl/ssl_lib.c
View File

File diff suppressed because it is too large Load Diff

483
ssl/ssl_local.h
View File

@ -338,45 +338,47 @@
# define SSL3_CK_CIPHERSUITE_FLAG 0x03000000
/* Check if an SSL structure is using DTLS */
# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
# define SSL_CONNECTION_IS_DTLS(s) \
(SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
/* Check if we are using TLSv1.3 */
# define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \
&& (s)->method->version >= TLS1_3_VERSION \
&& (s)->method->version != TLS_ANY_VERSION)
# define SSL_CONNECTION_IS_TLS13(s) (!SSL_CONNECTION_IS_DTLS(s) \
&& SSL_CONNECTION_GET_SSL(s)->method->version >= TLS1_3_VERSION \
&& SSL_CONNECTION_GET_SSL(s)->method->version != TLS_ANY_VERSION)
# define SSL_TREAT_AS_TLS13(s) \
(SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
# define SSL_CONNECTION_TREAT_AS_TLS13(s) \
(SSL_CONNECTION_IS_TLS13(s) \
|| (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
|| (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
|| (s)->early_data_state == SSL_EARLY_DATA_WRITING \
|| (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \
|| (s)->hello_retry_request == SSL_HRR_PENDING)
# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3.tmp.finish_md_len == 0 \
# define SSL_IS_FIRST_HANDSHAKE(s) ((s)->s3.tmp.finish_md_len == 0 \
|| (s)->s3.tmp.peer_finish_md_len == 0)
/* See if we need explicit IV */
# define SSL_USE_EXPLICIT_IV(s) \
(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
(SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
/*
* See if we use signature algorithms extension and signature algorithm
* before signatures.
*/
# define SSL_USE_SIGALGS(s) \
(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
(SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
/*
* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may
* apply to others in future.
*/
# define SSL_USE_TLS1_2_CIPHERS(s) \
(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
(SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
/*
* Determine if a client can use TLS 1.2 ciphersuites: can't rely on method
* flags because it may not be set to correct version yet.
*/
# define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \
((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \
(SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION)))
((!SSL_CONNECTION_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \
(SSL_CONNECTION_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION)))
/*
* Determine if a client should send signature algorithms extension:
* as with TLS1.2 cipher we can't rely on method flags.
@ -487,9 +489,12 @@ struct ssl_method_st {
int version;
unsigned flags;
unsigned long mask;
int (*ssl_new) (SSL *s);
int (*ssl_clear) (SSL *s);
SSL *(*ssl_new) (SSL_CTX *ctx);
void (*ssl_free) (SSL *s);
int (*ssl_reset) (SSL *s);
int (*ssl_init) (SSL *s);
int (*ssl_clear) (SSL *s);
void (*ssl_deinit) (SSL *s);
int (*ssl_accept) (SSL *s);
int (*ssl_connect) (SSL *s);
int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes);
@ -1209,14 +1214,32 @@ struct ssl_ctx_st {
typedef struct cert_pkey_st CERT_PKEY;
#define SSL_TYPE_SSL_CONNECTION 0
#define SSL_TYPE_QUIC_CONNECTION 1
#define SSL_TYPE_QUIC_STREAM 2
struct ssl_st {
int type;
SSL_CTX *ctx;
const SSL_METHOD *method;
CRYPTO_REF_COUNT references;
CRYPTO_RWLOCK *lock;
/* extra application data */
CRYPTO_EX_DATA ex_data;
};
struct ssl_connection_st {
/* type identifier and common data */
struct ssl_st ssl;
#ifndef OPENSSL_NO_QUIC
/* pointer to parent SSL of QUIC_CONNECTION or self */
struct ssl_st *user_ssl;
#endif
/*
* protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
* DTLS1_VERSION)
*/
int version;
/* SSLv3 */
const SSL_METHOD *method;
/*
* There are 2 BIO's even though they are normally both the same. This
* is so data can be read and written to different handlers
@ -1535,12 +1558,9 @@ struct ssl_st {
SSL_psk_find_session_cb_func psk_find_session_cb;
SSL_psk_use_session_cb_func psk_use_session_cb;
SSL_CTX *ctx;
/* Verified chain of peer */
STACK_OF(X509) *verified_chain;
long verify_result;
/* extra application data */
CRYPTO_EX_DATA ex_data;
/*
* What we put in certificate_authorities extension for TLS 1.3
* (ClientHello and CertificateRequest) or just client cert requests for
@ -1549,7 +1569,6 @@ struct ssl_st {
*/
STACK_OF(X509_NAME) *ca_names;
STACK_OF(X509_NAME) *client_ca_names;
CRYPTO_REF_COUNT references;
/* protocol behaviour */
uint64_t options;
/* API behaviour */
@ -1776,8 +1795,6 @@ struct ssl_st {
void *record_padding_arg;
size_t block_padding;
CRYPTO_RWLOCK *lock;
/* The number of TLS1.3 tickets to automatically send */
size_t num_tickets;
/* The number of TLS1.3 tickets actually sent so far */
@ -1801,6 +1818,39 @@ struct ssl_st {
size_t shared_sigalgslen;
};
# define SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, c) \
((ssl) == NULL ? NULL \
: ((ssl)->type == SSL_TYPE_SSL_CONNECTION \
? (c SSL_CONNECTION *)(ssl) \
: NULL))
# define SSL_CONNECTION_NO_CONST
# define SSL_CONNECTION_FROM_SSL_ONLY(ssl) \
SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, SSL_CONNECTION_NO_CONST)
# define SSL_CONNECTION_FROM_CONST_SSL_ONLY(ssl) \
SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, const)
# define SSL_CONNECTION_GET_CTX(sc) ((sc)->ssl.ctx)
# ifndef OPENSSL_NO_QUIC
# include "quic/quic_local.h"
# define SSL_CONNECTION_FROM_SSL_int(ssl, c) \
((ssl) == NULL ? NULL \
: ((ssl)->type == SSL_TYPE_SSL_CONNECTION \
? (c SSL_CONNECTION *)(ssl) \
: ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \
: NULL)))
# define SSL_CONNECTION_FROM_SSL(ssl) \
SSL_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
# define SSL_CONNECTION_FROM_CONST_SSL(ssl) \
SSL_CONNECTION_FROM_SSL_int(ssl, const)
# define SSL_CONNECTION_GET_SSL(sc) ((sc)->user_ssl)
# else
# define SSL_CONNECTION_FROM_SSL(ssl) \
SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, SSL_CONNECTION_NO_CONST)
# define SSL_CONNECTION_FROM_CONST_SSL(ssl) \
SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, const)
# define SSL_CONNECTION_GET_SSL(sc) (&(sc)->ssl)
# endif
/*
* Structure containing table entry of values associated with the signature
* algorithms (signature scheme) extension
@ -2075,37 +2125,39 @@ typedef struct cert_st {
* of a mess of functions, but hell, think of it as an opaque structure :-)
*/
typedef struct ssl3_enc_method {
int (*enc) (SSL *, SSL3_RECORD *, size_t, int, SSL_MAC_BUF *, size_t);
int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int);
int (*setup_key_block) (SSL *);
int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
size_t, size_t *);
int (*change_cipher_state) (SSL *, int);
size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *);
int (*enc) (SSL_CONNECTION *, SSL3_RECORD *, size_t, int,
SSL_MAC_BUF *, size_t);
int (*mac) (SSL_CONNECTION *, SSL3_RECORD *, unsigned char *, int);
int (*setup_key_block) (SSL_CONNECTION *);
int (*generate_master_secret) (SSL_CONNECTION *, unsigned char *,
unsigned char *, size_t, size_t *);
int (*change_cipher_state) (SSL_CONNECTION *, int);
size_t (*final_finish_mac) (SSL_CONNECTION *, const char *, size_t,
unsigned char *);
const char *client_finished_label;
size_t client_finished_label_len;
const char *server_finished_label;
size_t server_finished_label_len;
int (*alert_value) (int);
int (*export_keying_material) (SSL *, unsigned char *, size_t,
int (*export_keying_material) (SSL_CONNECTION *, unsigned char *, size_t,
const char *, size_t,
const unsigned char *, size_t,
int use_context);
/* Various flags indicating protocol version requirements */
uint32_t enc_flags;
/* Set the handshake header */
int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type);
int (*set_handshake_header) (SSL_CONNECTION *s, WPACKET *pkt, int type);
/* Close construction of the handshake message */
int (*close_construct_packet) (SSL *s, WPACKET *pkt, int htype);
int (*close_construct_packet) (SSL_CONNECTION *s, WPACKET *pkt, int htype);
/* Write out handshake message */
int (*do_write) (SSL *s);
int (*do_write) (SSL_CONNECTION *s);
} SSL3_ENC_METHOD;
# define ssl_set_handshake_header(s, pkt, htype) \
s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype))
SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->set_handshake_header((s), (pkt), (htype))
# define ssl_close_construct_packet(s, pkt, htype) \
s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype))
# define ssl_do_write(s) s->method->ssl3_enc->do_write(s)
SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->close_construct_packet((s), (pkt), (htype))
# define ssl_do_write(s) SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->do_write(s)
/* Values for enc_flags */
@ -2248,6 +2300,9 @@ const SSL_METHOD *func_name(void) \
version, \
flags, \
mask, \
ossl_ssl_connection_new, \
ossl_ssl_connection_free, \
ossl_ssl_connection_reset, \
tls1_new, \
tls1_clear, \
tls1_free, \
@ -2285,6 +2340,9 @@ const SSL_METHOD *func_name(void) \
SSL3_VERSION, \
SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \
SSL_OP_NO_SSLv3, \
ossl_ssl_connection_new, \
ossl_ssl_connection_free, \
ossl_ssl_connection_reset, \
ssl3_new, \
ssl3_clear, \
ssl3_free, \
@ -2323,6 +2381,9 @@ const SSL_METHOD *func_name(void) \
version, \
flags, \
mask, \
ossl_ssl_connection_new, \
ossl_ssl_connection_free, \
ossl_ssl_connection_reset, \
dtls1_new, \
dtls1_clear, \
dtls1_free, \
@ -2354,14 +2415,14 @@ const SSL_METHOD *func_name(void) \
}
struct openssl_ssl_test_functions {
int (*p_ssl_init_wbio_buffer) (SSL *s);
int (*p_ssl3_setup_buffers) (SSL *s);
int (*p_ssl_init_wbio_buffer) (SSL_CONNECTION *s);
int (*p_ssl3_setup_buffers) (SSL_CONNECTION *s);
};
const char *ssl_protocol_to_string(int version);
/* Returns true if certificate and private key for 'idx' are present */
static ossl_inline int ssl_has_cert(const SSL *s, int idx)
static ossl_inline int ssl_has_cert(const SSL_CONNECTION *s, int idx)
{
if (idx < 0 || idx >= SSL_PKEY_NUM)
return 0;
@ -2369,7 +2430,8 @@ static ossl_inline int ssl_has_cert(const SSL *s, int idx)
&& s->cert->pkeys[idx].privatekey != NULL;
}
static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups,
static ossl_inline void tls1_get_peer_groups(SSL_CONNECTION *s,
const uint16_t **pgroups,
size_t *pgroupslen)
{
*pgroups = s->ext.peer_supportedgroups;
@ -2378,19 +2440,25 @@ static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups,
# ifndef OPENSSL_UNIT_TEST
__owur int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, int type);
__owur SSL *ossl_ssl_connection_new(SSL_CTX *ctx);
void ossl_ssl_connection_free(SSL *ssl);
__owur int ossl_ssl_connection_reset(SSL *ssl);
__owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes);
__owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written);
void ssl_clear_cipher_ctx(SSL *s);
int ssl_clear_bad_session(SSL *s);
void ssl_clear_cipher_ctx(SSL_CONNECTION *s);
int ssl_clear_bad_session(SSL_CONNECTION *s);
__owur CERT *ssl_cert_new(void);
__owur CERT *ssl_cert_dup(CERT *cert);
void ssl_cert_clear_certs(CERT *c);
void ssl_cert_free(CERT *c);
__owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss);
__owur int ssl_get_new_session(SSL *s, int session);
__owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
__owur int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss);
__owur int ssl_get_new_session(SSL_CONNECTION *s, int session);
__owur SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
const unsigned char *sess_id,
size_t sess_id_len);
__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello);
__owur int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello);
__owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket);
__owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
@ -2402,12 +2470,13 @@ __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str,
CERT *c);
__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format);
__owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **skp,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal);
void ssl_update_cache(SSL *s, int mode);
__owur int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites,
int sslv2format);
__owur int ossl_bytes_to_cipher_list(SSL_CONNECTION *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **skp,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal);
void ssl_update_cache(SSL_CONNECTION *s, int mode);
__owur int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc,
const EVP_CIPHER **enc);
__owur int ssl_cipher_get_evp(SSL_CTX *ctxc, const SSL_SESSION *s,
@ -2418,24 +2487,27 @@ __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
size_t *int_overhead, size_t *blocksize,
size_t *ext_overhead);
__owur int ssl_cert_is_disabled(SSL_CTX *ctx, size_t idx);
__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL_CONNECTION *ssl,
const unsigned char *ptr,
int all);
__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
__owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
__owur int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx,
STACK_OF(X509) *chain);
__owur int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx,
STACK_OF(X509) *chain);
__owur int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x);
__owur int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x);
__owur int ssl_cert_select_current(CERT *c, X509 *x);
__owur int ssl_cert_set_current(CERT *c, long arg);
void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg);
__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
__owur int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk);
__owur int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags);
__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
int ref);
__owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain);
__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
__owur int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid,
void *other);
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
void *other);
int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp);
@ -2448,51 +2520,52 @@ __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx);
int ssl_undefined_function(SSL *s);
__owur int ssl_undefined_void_function(void);
__owur int ssl_undefined_const_function(const SSL *s);
__owur int ssl_get_server_cert_serverinfo(SSL *s,
__owur int ssl_get_server_cert_serverinfo(SSL_CONNECTION *s,
const unsigned char **serverinfo,
size_t *serverinfo_length);
void ssl_set_masks(SSL *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
void ssl_set_masks(SSL_CONNECTION *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL_CONNECTION *sc);
__owur int ssl_x509err2alert(int type);
void ssl_sort_cipher_list(void);
int ssl_load_ciphers(SSL_CTX *ctx);
__owur int ssl_setup_sig_algs(SSL_CTX *ctx);
int ssl_load_groups(SSL_CTX *ctx);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
size_t len, DOWNGRADE dgrd);
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
int free_pms);
__owur EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm);
__owur int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen);
__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey,
__owur int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
unsigned char *field, size_t len,
DOWNGRADE dgrd);
__owur int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
size_t pmslen, int free_pms);
__owur EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm);
__owur int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen);
__owur int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey,
int genmaster);
__owur int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,
__owur int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
const unsigned char *ct, size_t ctlen,
int gensecret);
__owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
__owur int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
unsigned char **ctp, size_t *ctlenp,
int gensecret);
__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
__owur int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
void *key);
__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);
__owur unsigned int ssl_get_max_send_fragment(const SSL_CONNECTION *sc);
__owur unsigned int ssl_get_split_send_fragment(const SSL_CONNECTION *sc);
__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);
__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname);
__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
size_t *len);
int ssl3_init_finished_mac(SSL *s);
__owur int ssl3_setup_key_block(SSL *s);
__owur int ssl3_change_cipher_state(SSL *s, int which);
void ssl3_cleanup_key_block(SSL *s);
__owur int ssl3_do_write(SSL *s, int type);
int ssl3_send_alert(SSL *s, int level, int desc);
__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
int ssl3_init_finished_mac(SSL_CONNECTION *s);
__owur int ssl3_setup_key_block(SSL_CONNECTION *s);
__owur int ssl3_change_cipher_state(SSL_CONNECTION *s, int which);
void ssl3_cleanup_key_block(SSL_CONNECTION *s);
__owur int ssl3_do_write(SSL_CONNECTION *s, int type);
int ssl3_send_alert(SSL_CONNECTION *s, int level, int desc);
__owur int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
unsigned char *p, size_t len,
size_t *secret_size);
__owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt);
__owur int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt);
__owur int ssl3_num_ciphers(void);
__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int ssl3_renegotiate(SSL *ssl);
@ -2500,16 +2573,17 @@ int ssl3_renegotiate_check(SSL *ssl, int initok);
void ssl3_digest_master_key_set_params(const SSL_SESSION *session,
OSSL_PARAM params[]);
__owur int ssl3_dispatch_alert(SSL *s);
__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen,
unsigned char *p);
__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len);
void ssl3_free_digest_list(SSL *s);
__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
__owur size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender,
size_t slen, unsigned char *p);
__owur int ssl3_finish_mac(SSL_CONNECTION *s, const unsigned char *buf,
size_t len);
void ssl3_free_digest_list(SSL_CONNECTION *s);
__owur unsigned long ssl3_output_cert_chain(SSL_CONNECTION *s, WPACKET *pkt,
CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s,
STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *srvr);
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes);
@ -2522,34 +2596,35 @@ __owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
__owur int ssl3_do_change_cipher_spec(SSL *ssl);
__owur int ssl3_do_change_cipher_spec(SSL_CONNECTION *s);
__owur long ssl3_default_timeout(void);
__owur int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
__owur int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype);
__owur int tls_setup_handshake(SSL *s);
__owur int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
__owur int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype);
__owur int ssl3_handshake_write(SSL *s);
__owur int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt,
int htype);
__owur int tls_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype);
__owur int tls_setup_handshake(SSL_CONNECTION *s);
__owur int dtls1_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype);
__owur int dtls1_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype);
__owur int ssl3_handshake_write(SSL_CONNECTION *s);
__owur int ssl_allow_compression(SSL *s);
__owur int ssl_allow_compression(SSL_CONNECTION *s);
__owur int ssl_version_supported(const SSL *s, int version,
__owur int ssl_version_supported(const SSL_CONNECTION *s, int version,
const SSL_METHOD **meth);
__owur int ssl_set_client_hello_version(SSL *s);
__owur int ssl_check_version_downgrade(SSL *s);
__owur int ssl_set_client_hello_version(SSL_CONNECTION *s);
__owur int ssl_check_version_downgrade(SSL_CONNECTION *s);
__owur int ssl_set_version_bound(int method_version, int version, int *bound);
__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello,
__owur int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello,
DOWNGRADE *dgrd);
__owur int ssl_choose_client_version(SSL *s, int version,
__owur int ssl_choose_client_version(SSL_CONNECTION *s, int version,
RAW_EXTENSION *extensions);
__owur int ssl_get_min_max_version(const SSL *s, int *min_version,
__owur int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version,
int *max_version, int *real_max);
__owur long tls1_default_timeout(void);
__owur int dtls1_do_write(SSL *s, int type);
void dtls1_set_message_header(SSL *s,
__owur int dtls1_do_write(SSL_CONNECTION *s, int type);
void dtls1_set_message_header(SSL_CONNECTION *s,
unsigned char mt,
size_t len,
size_t frag_off, size_t frag_len);
@ -2557,27 +2632,29 @@ void dtls1_set_message_header(SSL *s,
int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
size_t *written);
__owur int dtls1_read_failed(SSL *s, int code);
__owur int dtls1_buffer_message(SSL *s, int ccs);
__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found);
__owur int dtls1_read_failed(SSL_CONNECTION *s, int code);
__owur int dtls1_buffer_message(SSL_CONNECTION *s, int ccs);
__owur int dtls1_retransmit_message(SSL_CONNECTION *s, unsigned short seq,
int *found);
__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
int dtls1_retransmit_buffered_messages(SSL *s);
void dtls1_clear_received_buffer(SSL *s);
void dtls1_clear_sent_buffer(SSL *s);
int dtls1_retransmit_buffered_messages(SSL_CONNECTION *s);
void dtls1_clear_received_buffer(SSL_CONNECTION *s);
void dtls1_clear_sent_buffer(SSL_CONNECTION *s);
void dtls1_get_message_header(unsigned char *data,
struct hm_header_st *msg_hdr);
__owur long dtls1_default_timeout(void);
__owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
__owur int dtls1_check_timeout_num(SSL *s);
__owur int dtls1_handle_timeout(SSL *s);
void dtls1_start_timer(SSL *s);
void dtls1_stop_timer(SSL *s);
__owur int dtls1_is_timer_expired(SSL *s);
__owur struct timeval *dtls1_get_timeout(SSL_CONNECTION *s,
struct timeval *timeleft);
__owur int dtls1_check_timeout_num(SSL_CONNECTION *s);
__owur int dtls1_handle_timeout(SSL_CONNECTION *s);
void dtls1_start_timer(SSL_CONNECTION *s);
void dtls1_stop_timer(SSL_CONNECTION *s);
__owur int dtls1_is_timer_expired(SSL_CONNECTION *s);
__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
size_t cookie_len);
__owur size_t dtls1_min_mtu(SSL *s);
__owur size_t dtls1_min_mtu(SSL_CONNECTION *s);
void dtls1_hm_fragment_free(hm_fragment *frag);
__owur int dtls1_query_mtu(SSL *s);
__owur int dtls1_query_mtu(SSL_CONNECTION *s);
__owur int tls1_new(SSL *s);
void tls1_free(SSL *s);
@ -2591,64 +2668,66 @@ __owur int dtls1_shutdown(SSL *s);
__owur int dtls1_dispatch_alert(SSL *s);
__owur int ssl_init_wbio_buffer(SSL *s);
int ssl_free_wbio_buffer(SSL *s);
__owur int ssl_init_wbio_buffer(SSL_CONNECTION *s);
int ssl_free_wbio_buffer(SSL_CONNECTION *s);
__owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s);
__owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
unsigned char *p);
__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
__owur int tls1_change_cipher_state(SSL_CONNECTION *s, int which);
__owur int tls1_setup_key_block(SSL_CONNECTION *s);
__owur size_t tls1_final_finish_mac(SSL_CONNECTION *s, const char *str,
size_t slen, unsigned char *p);
__owur int tls1_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
unsigned char *p, size_t len,
size_t *secret_size);
__owur int tls13_setup_key_block(SSL *s);
__owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
__owur int tls13_setup_key_block(SSL_CONNECTION *s);
__owur size_t tls13_final_finish_mac(SSL_CONNECTION *s, const char *str, size_t slen,
unsigned char *p);
__owur int tls13_change_cipher_state(SSL *s, int which);
__owur int tls13_update_key(SSL *s, int send);
__owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
__owur int tls13_change_cipher_state(SSL_CONNECTION *s, int which);
__owur int tls13_update_key(SSL_CONNECTION *s, int send);
__owur int tls13_hkdf_expand(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret,
const unsigned char *label, size_t labellen,
const unsigned char *data, size_t datalen,
unsigned char *out, size_t outlen, int fatal);
__owur int tls13_derive_key(SSL *s, const EVP_MD *md,
__owur int tls13_derive_key(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret, unsigned char *key,
size_t keylen);
__owur int tls13_derive_iv(SSL *s, const EVP_MD *md,
__owur int tls13_derive_iv(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret, unsigned char *iv,
size_t ivlen);
__owur int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
__owur int tls13_derive_finishedkey(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret,
unsigned char *fin, size_t finlen);
int tls13_generate_secret(SSL *s, const EVP_MD *md,
int tls13_generate_secret(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *prevsecret,
const unsigned char *insecret,
size_t insecretlen,
unsigned char *outsecret);
__owur int tls13_generate_handshake_secret(SSL *s,
__owur int tls13_generate_handshake_secret(SSL_CONNECTION *s,
const unsigned char *insecret,
size_t insecretlen);
__owur int tls13_generate_master_secret(SSL *s, unsigned char *out,
__owur int tls13_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
unsigned char *prev, size_t prevlen,
size_t *secret_size);
__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
__owur int tls1_export_keying_material(SSL_CONNECTION *s,
unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *p, size_t plen,
int use_context);
__owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
__owur int tls13_export_keying_material(SSL_CONNECTION *s,
unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *context,
size_t contextlen, int use_context);
__owur int tls13_export_keying_material_early(SSL *s, unsigned char *out,
size_t olen, const char *label,
size_t llen,
__owur int tls13_export_keying_material_early(SSL_CONNECTION *s,
unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *context,
size_t contextlen);
__owur int tls1_alert_code(int code);
__owur int tls13_alert_code(int code);
__owur int ssl3_alert_code(int code);
__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CONNECTION *s);
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
@ -2657,80 +2736,87 @@ __owur uint16_t ssl_group_id_tls13_to_internal(uint16_t curve_id);
__owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id);
__owur int tls1_group_id2nid(uint16_t group_id, int include_unknown);
__owur uint16_t tls1_nid2group_id(int nid);
__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
__owur int tls1_check_group_id(SSL_CONNECTION *s, uint16_t group_id,
int check_own_curves);
__owur uint16_t tls1_shared_group(SSL_CONNECTION *s, int nmatch);
__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
int *curves, size_t ncurves);
__owur int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen,
const char *str);
__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
__owur int tls_valid_group(SSL *s, uint16_t group_id, int minversion,
__owur EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id);
__owur int tls_valid_group(SSL_CONNECTION *s, uint16_t group_id, int minversion,
int maxversion, int isec, int *okfortls13);
__owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id);
void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
__owur EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id);
void tls1_get_formatlist(SSL_CONNECTION *s, const unsigned char **pformats,
size_t *num_formats);
__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
__owur int tls1_check_ec_tmp_key(SSL_CONNECTION *s, unsigned long id);
__owur int tls_group_allowed(SSL *s, uint16_t curve, int op);
void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
__owur int tls_group_allowed(SSL_CONNECTION *s, uint16_t curve, int op);
void tls1_get_supported_groups(SSL_CONNECTION *s, const uint16_t **pgroups,
size_t *pgroupslen);
__owur int tls1_set_server_sigalgs(SSL *s);
__owur int tls1_set_server_sigalgs(SSL_CONNECTION *s);
__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL_CONNECTION *s,
CLIENTHELLO_MSG *hello,
SSL_SESSION **ret);
__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s,
const unsigned char *etick,
size_t eticklen,
const unsigned char *sess_id,
size_t sesslen, SSL_SESSION **psess);
__owur int tls_use_ticket(SSL *s);
__owur int tls_use_ticket(SSL_CONNECTION *s);
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op);
__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
__owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
int client);
__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen,
int client);
int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
int idx);
void tls1_set_cert_validity(SSL *s);
int tls1_check_chain(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pk,
STACK_OF(X509) *chain, int idx);
void tls1_set_cert_validity(SSL_CONNECTION *s);
# ifndef OPENSSL_NO_CT
__owur int ssl_validate_ct(SSL *s);
__owur int ssl_validate_ct(SSL_CONNECTION *s);
# endif
__owur EVP_PKEY *ssl_get_auto_dh(SSL *s);
__owur EVP_PKEY *ssl_get_auto_dh(SSL_CONNECTION *s);
__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
int vfy);
__owur int ssl_security_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, int vfy,
int is_ee);
__owur int ssl_security_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk,
X509 *ex, int vfy);
int tls_choose_sigalg(SSL *s, int fatalerrs);
int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs);
__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
__owur long ssl_get_algorithm2(SSL *s);
__owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
__owur long ssl_get_algorithm2(SSL_CONNECTION *s);
__owur int tls12_copy_sigalgs(SSL_CONNECTION *s, WPACKET *pkt,
const uint16_t *psig, size_t psiglen);
__owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen);
__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert);
__owur int tls1_process_sigalgs(SSL *s);
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
__owur int tls1_save_sigalgs(SSL_CONNECTION *s, PACKET *pkt, int cert);
__owur int tls1_process_sigalgs(SSL_CONNECTION *s);
__owur int tls1_set_peer_legacy_sigalg(SSL_CONNECTION *s, const EVP_PKEY *pkey);
__owur int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu,
const EVP_MD **pmd);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
__owur int tls_check_sigalg_curve(const SSL *s, int curve);
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
__owur int ssl_set_client_disabled(SSL *s);
__owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde);
__owur size_t tls12_get_psigalgs(SSL_CONNECTION *s, int sent,
const uint16_t **psigs);
__owur int tls_check_sigalg_curve(const SSL_CONNECTION *s, int curve);
__owur int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t, EVP_PKEY *pkey);
__owur int ssl_set_client_disabled(SSL_CONNECTION *s);
__owur int ssl_cipher_disabled(const SSL_CONNECTION *s, const SSL_CIPHER *c,
int op, int echde);
__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
size_t *hashlen);
__owur int ssl_handshake_hash(SSL_CONNECTION *s,
unsigned char *out, size_t outlen,
size_t *hashlen);
__owur const EVP_MD *ssl_md(SSL_CTX *ctx, int idx);
__owur const EVP_MD *ssl_handshake_md(SSL *s);
__owur const EVP_MD *ssl_prf_md(SSL *s);
__owur const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s);
__owur const EVP_MD *ssl_prf_md(SSL_CONNECTION *s);
/*
* ssl_log_rsa_client_key_exchange logs |premaster| to the SSL_CTX associated
@ -2738,7 +2824,7 @@ __owur const EVP_MD *ssl_prf_md(SSL *s);
* failure. The entry is identified by the first 8 bytes of
* |encrypted_premaster|.
*/
__owur int ssl_log_rsa_client_key_exchange(SSL *ssl,
__owur int ssl_log_rsa_client_key_exchange(SSL_CONNECTION *s,
const uint8_t *encrypted_premaster,
size_t encrypted_premaster_len,
const uint8_t *premaster,
@ -2749,7 +2835,7 @@ __owur int ssl_log_rsa_client_key_exchange(SSL *ssl,
* logging is available. It returns one on success and zero on failure. It tags
* the entry with |label|.
*/
__owur int ssl_log_secret(SSL *ssl, const char *label,
__owur int ssl_log_secret(SSL_CONNECTION *s, const char *label,
const uint8_t *secret, size_t secret_len);
#define MASTER_SECRET_LABEL "CLIENT_RANDOM"
@ -2763,9 +2849,10 @@ __owur int ssl_log_secret(SSL *ssl, const char *label,
# ifndef OPENSSL_NO_KTLS
/* ktls.c */
int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c,
const EVP_CIPHER_CTX *dd);
int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c,
EVP_CIPHER_CTX *dd,
void *rl_sequence, ktls_crypto_info_t *crypto_info,
int is_tx, unsigned char *iv,
unsigned char *key, unsigned char *mac_key,
@ -2784,13 +2871,13 @@ __owur int ssl3_cbc_digest_record(const EVP_MD *md,
const unsigned char *mac_secret,
size_t mac_secret_length, char is_sslv3);
__owur int srp_generate_server_master_secret(SSL *s);
__owur int srp_generate_client_master_secret(SSL *s);
__owur int srp_verify_server_param(SSL *s);
__owur int srp_generate_server_master_secret(SSL_CONNECTION *s);
__owur int srp_generate_client_master_secret(SSL_CONNECTION *s);
__owur int srp_verify_server_param(SSL_CONNECTION *s);
/* statem/statem_srvr.c */
__owur int send_certificate_request(SSL *s);
__owur int send_certificate_request(SSL_CONNECTION *s);
/* statem/extensions_cust.c */
@ -2800,10 +2887,11 @@ custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
void custom_ext_init(custom_ext_methods *meths);
__owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
__owur int custom_ext_parse(SSL_CONNECTION *s, unsigned int context,
unsigned int ext_type,
const unsigned char *ext_data, size_t ext_size,
X509 *x, size_t chainidx);
__owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x,
__owur int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x,
size_t chainidx, int maxversion);
__owur int custom_exts_copy(custom_ext_methods *dst,
@ -2828,14 +2916,15 @@ const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx,
int ssl_evp_md_up_ref(const EVP_MD *md);
void ssl_evp_md_free(const EVP_MD *md);
int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx,
int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *ciph,
const EVP_MD *md);
void tls_engine_finish(ENGINE *e);
const EVP_CIPHER *tls_get_cipher_from_engine(int nid);
const EVP_MD *tls_get_digest_from_engine(int nid);
int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey);
int tls_engine_load_ssl_client_cert(SSL_CONNECTION *s, X509 **px509,
EVP_PKEY **ppkey);
int ssl_hmac_old_new(SSL_HMAC *ret);
void ssl_hmac_old_free(SSL_HMAC *ctx);
int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md);
@ -2845,13 +2934,13 @@ size_t ssl_hmac_old_size(const SSL_HMAC *ctx);
int ssl_ctx_srp_ctx_free_intern(SSL_CTX *ctx);
int ssl_ctx_srp_ctx_init_intern(SSL_CTX *ctx);
int ssl_srp_ctx_free_intern(SSL *s);
int ssl_srp_ctx_init_intern(SSL *s);
int ssl_srp_ctx_free_intern(SSL_CONNECTION *s);
int ssl_srp_ctx_init_intern(SSL_CONNECTION *s);
int ssl_srp_calc_a_param_intern(SSL *s);
int ssl_srp_server_param_with_username_intern(SSL *s, int *ad);
int ssl_srp_calc_a_param_intern(SSL_CONNECTION *s);
int ssl_srp_server_param_with_username_intern(SSL_CONNECTION *s, int *ad);
void ssl_session_calculate_timeout(SSL_SESSION* ss);
void ssl_session_calculate_timeout(SSL_SESSION *ss);
# else /* OPENSSL_UNIT_TEST */

62
ssl/ssl_rsa.c
View File

@ -31,18 +31,23 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
int SSL_use_certificate(SSL *ssl, X509 *x)
{
int rv;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
if (x == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
rv = ssl_security_cert(ssl, NULL, x, 0, 1);
rv = ssl_security_cert(sc, NULL, x, 0, 1);
if (rv != 1) {
ERR_raise(ERR_LIB_SSL, rv);
return 0;
}
return ssl_set_cert(ssl->cert, x);
return ssl_set_cert(sc->cert, x);
}
int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
@ -76,9 +81,14 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
j = ERR_R_ASN1_LIB;
cert = d2i_X509_bio(in, &x);
} else if (type == SSL_FILETYPE_PEM) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
goto end;
j = ERR_R_PEM_LIB;
cert = PEM_read_bio_X509(in, &x, ssl->default_passwd_callback,
ssl->default_passwd_callback_userdata);
cert = PEM_read_bio_X509(in, &x, sc->default_passwd_callback,
sc->default_passwd_callback_userdata);
} else {
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
goto end;
@ -141,12 +151,16 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{
int ret;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
if (pkey == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
ret = ssl_set_pkey(ssl->cert, pkey);
ret = ssl_set_pkey(sc->cert, pkey);
return ret;
}
@ -167,10 +181,15 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
goto end;
}
if (type == SSL_FILETYPE_PEM) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
goto end;
j = ERR_R_PEM_LIB;
pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
ssl->default_passwd_callback,
ssl->default_passwd_callback_userdata,
sc->default_passwd_callback,
sc->default_passwd_callback_userdata,
ssl->ctx->libctx,
ssl->ctx->propq);
} else if (type == SSL_FILETYPE_ASN1) {
@ -438,8 +457,13 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
passwd_callback = ctx->default_passwd_callback;
passwd_callback_userdata = ctx->default_passwd_callback_userdata;
} else {
passwd_callback = ssl->default_passwd_callback;
passwd_callback_userdata = ssl->default_passwd_callback_userdata;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
passwd_callback = sc->default_passwd_callback;
passwd_callback_userdata = sc->default_passwd_callback_userdata;
}
in = BIO_new(BIO_s_file());
@ -612,13 +636,19 @@ static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
{
const unsigned char *serverinfo = NULL;
size_t serverinfo_length = 0;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
return -1;
}
/* We only support extensions for the first Certificate */
if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
return 0;
/* Is there serverinfo data for the chosen server cert? */
if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
if ((ssl_get_server_cert_serverinfo(sc, &serverinfo,
&serverinfo_length)) != 0) {
/* Find the relevant extension from the serverinfo */
int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
@ -890,18 +920,24 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
size_t i;
int j;
int rv;
CERT *c = ssl != NULL ? ssl->cert : ctx->cert;
CERT *c;
STACK_OF(X509) *dup_chain = NULL;
EVP_PKEY *pubkey = NULL;
SSL_CONNECTION *sc = NULL;
if (ctx == NULL &&
(sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL)
return 0;
c = sc != NULL ? sc->cert : ctx->cert;
/* Do all security checks before anything else */
rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
rv = ssl_security_cert(sc, ctx, x509, 0, 1);
if (rv != 1) {
ERR_raise(ERR_LIB_SSL, rv);
goto out;
}
for (j = 0; j < sk_X509_num(chain); j++) {
rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0);
rv = ssl_security_cert(sc, ctx, sk_X509_value(chain, j), 0, 0);
if (rv != 1) {
ERR_raise(ERR_LIB_SSL, rv);
goto out;

108
ssl/ssl_sess.c
View File

@ -88,13 +88,19 @@ void ssl_session_calculate_timeout(SSL_SESSION *ss)
SSL_SESSION *SSL_get_session(const SSL *ssl)
/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
{
return ssl->session;
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return NULL;
return sc->session;
}
SSL_SESSION *SSL_get1_session(SSL *ssl)
/* variant of SSL_get_session: caller really gets something */
{
SSL_SESSION *sess;
/*
* Need to lock this all up rather than just use CRYPTO_add so that
* somebody doesn't free ssl->session between when we check it's non-null
@ -102,8 +108,8 @@ SSL_SESSION *SSL_get1_session(SSL *ssl)
*/
if (!CRYPTO_THREAD_read_lock(ssl->lock))
return NULL;
sess = ssl->session;
if (sess)
sess = SSL_get_session(ssl);
if (sess != NULL)
SSL_SESSION_up_ref(sess);
CRYPTO_THREAD_unlock(ssl->lock);
return sess;
@ -335,10 +341,11 @@ static int def_generate_session_id(SSL *ssl, unsigned char *id,
return 0;
}
int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss)
{
unsigned int tmp;
GEN_SESSION_CB cb = def_generate_session_id;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
switch (s->version) {
case SSL3_VERSION:
@ -377,10 +384,10 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
}
/* Choose which callback will set the session ID */
if (!CRYPTO_THREAD_read_lock(s->lock))
if (!CRYPTO_THREAD_read_lock(SSL_CONNECTION_GET_SSL(s)->lock))
return 0;
if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
CRYPTO_THREAD_unlock(s->lock);
CRYPTO_THREAD_unlock(ssl->lock);
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
return 0;
@ -390,11 +397,11 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
else if (s->session_ctx->generate_session_id)
cb = s->session_ctx->generate_session_id;
CRYPTO_THREAD_unlock(s->session_ctx->lock);
CRYPTO_THREAD_unlock(s->lock);
CRYPTO_THREAD_unlock(ssl->lock);
/* Choose a session ID */
memset(ss->session_id, 0, ss->session_id_length);
tmp = (int)ss->session_id_length;
if (!cb(s, ss->session_id, &tmp)) {
if (!cb(ssl, ss->session_id, &tmp)) {
/* The callback failed */
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
@ -412,7 +419,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
}
ss->session_id_length = tmp;
/* Finally, check for a conflict */
if (SSL_has_matching_session_id(s, ss->session_id,
if (SSL_has_matching_session_id(ssl, ss->session_id,
(unsigned int)ss->session_id_length)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
return 0;
@ -421,7 +428,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
return 1;
}
int ssl_get_new_session(SSL *s, int session)
int ssl_get_new_session(SSL_CONNECTION *s, int session)
{
/* This gets used by clients and servers. */
@ -434,7 +441,7 @@ int ssl_get_new_session(SSL *s, int session)
/* If the context has a default timeout, use it */
if (s->session_ctx->session_timeout == 0)
ss->timeout = SSL_get_default_timeout(s);
ss->timeout = SSL_get_default_timeout(SSL_CONNECTION_GET_SSL(s));
else
ss->timeout = s->session_ctx->session_timeout;
ssl_session_calculate_timeout(ss);
@ -443,7 +450,7 @@ int ssl_get_new_session(SSL *s, int session)
s->session = NULL;
if (session) {
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
/*
* We generate the session id while constructing the
* NewSessionTicket in TLSv1.3.
@ -477,7 +484,8 @@ int ssl_get_new_session(SSL *s, int session)
return 1;
}
SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
const unsigned char *sess_id,
size_t sess_id_len)
{
SSL_SESSION *ret = NULL;
@ -508,7 +516,8 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
int copy = 1;
ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, &copy);
ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_SSL(s),
sess_id, sess_id_len, &copy);
if (ret != NULL) {
ssl_tsan_counter(s->session_ctx,
@ -560,7 +569,7 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
* - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
* if the server should issue a new session ticket (to 0 otherwise).
*/
int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
{
/* This is used only by servers. */
@ -569,7 +578,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
int try_session_cache = 0;
SSL_TICKET_STATUS r;
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
/*
* By default we will send a new ticket. This can be overridden in the
* ticket processing.
@ -664,7 +673,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
goto err;
}
if (!SSL_IS_TLS13(s)) {
if (!SSL_CONNECTION_IS_TLS13(s)) {
/* We already did this for TLS1.3 */
SSL_SESSION_free(s->session);
s->session = ret;
@ -678,7 +687,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
if (ret != NULL) {
SSL_SESSION_free(ret);
/* In TLSv1.3 s->session was already set to ret, so we NULL it out */
if (SSL_IS_TLS13(s))
if (SSL_CONNECTION_IS_TLS13(s))
s->session = NULL;
if (!try_session_cache) {
@ -859,7 +868,12 @@ int SSL_SESSION_up_ref(SSL_SESSION *ss)
int SSL_set_session(SSL *s, SSL_SESSION *session)
{
ssl_clear_bad_session(s);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
ssl_clear_bad_session(sc);
if (s->ctx->method != s->method) {
if (!SSL_set_ssl_method(s, s->ctx->method))
return 0;
@ -867,10 +881,10 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
if (session != NULL) {
SSL_SESSION_up_ref(session);
s->verify_result = session->verify_result;
sc->verify_result = session->verify_result;
}
SSL_SESSION_free(s->session);
s->session = session;
SSL_SESSION_free(sc->session);
sc->session = session;
return 1;
}
@ -1088,42 +1102,53 @@ int SSL_set_session_secret_cb(SSL *s,
tls_session_secret_cb_fn tls_session_secret_cb,
void *arg)
{
if (s == NULL)
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
s->ext.session_secret_cb = tls_session_secret_cb;
s->ext.session_secret_cb_arg = arg;
sc->ext.session_secret_cb = tls_session_secret_cb;
sc->ext.session_secret_cb_arg = arg;
return 1;
}
int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
void *arg)
{
if (s == NULL)
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
s->ext.session_ticket_cb = cb;
s->ext.session_ticket_cb_arg = arg;
sc->ext.session_ticket_cb = cb;
sc->ext.session_ticket_cb_arg = arg;
return 1;
}
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
{
if (s->version >= TLS1_VERSION) {
OPENSSL_free(s->ext.session_ticket);
s->ext.session_ticket = NULL;
s->ext.session_ticket =
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
if (sc->version >= TLS1_VERSION) {
OPENSSL_free(sc->ext.session_ticket);
sc->ext.session_ticket = NULL;
sc->ext.session_ticket =
OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
if (s->ext.session_ticket == NULL) {
if (sc->ext.session_ticket == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
if (ext_data != NULL) {
s->ext.session_ticket->length = ext_len;
s->ext.session_ticket->data = s->ext.session_ticket + 1;
memcpy(s->ext.session_ticket->data, ext_data, ext_len);
sc->ext.session_ticket->length = ext_len;
sc->ext.session_ticket->data = sc->ext.session_ticket + 1;
memcpy(sc->ext.session_ticket->data, ext_data, ext_len);
} else {
s->ext.session_ticket->length = 0;
s->ext.session_ticket->data = NULL;
sc->ext.session_ticket->length = 0;
sc->ext.session_ticket->data = NULL;
}
return 1;
@ -1180,11 +1205,12 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free);
}
int ssl_clear_bad_session(SSL *s)
int ssl_clear_bad_session(SSL_CONNECTION *s)
{
if ((s->session != NULL) &&
!(s->shutdown & SSL_SENT_SHUTDOWN) &&
!(SSL_in_init(s) || SSL_in_before(s))) {
!(SSL_in_init(SSL_CONNECTION_GET_SSL(s))
|| SSL_in_before(SSL_CONNECTION_GET_SSL(s)))) {
SSL_CTX_remove_session(s->session_ctx, s->session);
return 1;
} else
@ -1293,7 +1319,7 @@ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
}
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
SSL_SESSION *(*cb) (struct ssl_st *ssl,
SSL_SESSION *(*cb) (SSL *ssl,
const unsigned char *data,
int len, int *copy))
{

8
ssl/ssl_stat.c
View File

@ -13,7 +13,9 @@
const char *SSL_state_string_long(const SSL *s)
{
if (ossl_statem_in_error(s))
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL || ossl_statem_in_error(sc))
return "error";
switch (SSL_get_state(s)) {
@ -120,7 +122,9 @@ const char *SSL_state_string_long(const SSL *s)
const char *SSL_state_string(const SSL *s)
{
if (ossl_statem_in_error(s))
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL || ossl_statem_in_error(sc))
return "SSLERR";
switch (SSL_get_state(s)) {

226
ssl/statem/extensions.c
View File

@ -18,46 +18,50 @@
#include "../ssl_local.h"
#include "statem_local.h"
static int final_renegotiate(SSL *s, unsigned int context, int sent);
static int init_server_name(SSL *s, unsigned int context);
static int final_server_name(SSL *s, unsigned int context, int sent);
static int final_ec_pt_formats(SSL *s, unsigned int context, int sent);
static int init_session_ticket(SSL *s, unsigned int context);
static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent);
static int init_server_name(SSL_CONNECTION *s, unsigned int context);
static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent);
static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context,
int sent);
static int init_session_ticket(SSL_CONNECTION *s, unsigned int context);
#ifndef OPENSSL_NO_OCSP
static int init_status_request(SSL *s, unsigned int context);
static int init_status_request(SSL_CONNECTION *s, unsigned int context);
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
static int init_npn(SSL *s, unsigned int context);
static int init_npn(SSL_CONNECTION *s, unsigned int context);
#endif
static int init_alpn(SSL *s, unsigned int context);
static int final_alpn(SSL *s, unsigned int context, int sent);
static int init_sig_algs_cert(SSL *s, unsigned int context);
static int init_sig_algs(SSL *s, unsigned int context);
static int init_certificate_authorities(SSL *s, unsigned int context);
static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
static int init_alpn(SSL_CONNECTION *s, unsigned int context);
static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent);
static int init_sig_algs_cert(SSL_CONNECTION *s, unsigned int context);
static int init_sig_algs(SSL_CONNECTION *s, unsigned int context);
static int init_certificate_authorities(SSL_CONNECTION *s,
unsigned int context);
static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s,
WPACKET *pkt,
unsigned int context,
X509 *x,
size_t chainidx);
static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
#ifndef OPENSSL_NO_SRP
static int init_srp(SSL *s, unsigned int context);
static int init_srp(SSL_CONNECTION *s, unsigned int context);
#endif
static int init_ec_point_formats(SSL *s, unsigned int context);
static int init_etm(SSL *s, unsigned int context);
static int init_ems(SSL *s, unsigned int context);
static int final_ems(SSL *s, unsigned int context, int sent);
static int init_psk_kex_modes(SSL *s, unsigned int context);
static int final_key_share(SSL *s, unsigned int context, int sent);
static int init_ec_point_formats(SSL_CONNECTION *s, unsigned int context);
static int init_etm(SSL_CONNECTION *s, unsigned int context);
static int init_ems(SSL_CONNECTION *s, unsigned int context);
static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent);
static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context);
static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent);
#ifndef OPENSSL_NO_SRTP
static int init_srtp(SSL *s, unsigned int context);
static int init_srtp(SSL_CONNECTION *s, unsigned int context);
#endif
static int final_sig_algs(SSL *s, unsigned int context, int sent);
static int final_early_data(SSL *s, unsigned int context, int sent);
static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
static int init_post_handshake_auth(SSL *s, unsigned int context);
static int final_psk(SSL *s, unsigned int context, int sent);
static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent);
static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent);
static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
int sent);
static int init_post_handshake_auth(SSL_CONNECTION *s, unsigned int context);
static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent);
/* Structure to define a built-in extension */
typedef struct extensions_definition_st {
@ -72,25 +76,27 @@ typedef struct extensions_definition_st {
* Initialise extension before parsing. Always called for relevant contexts
* even if extension not present
*/
int (*init)(SSL *s, unsigned int context);
int (*init)(SSL_CONNECTION *s, unsigned int context);
/* Parse extension sent from client to server */
int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int (*parse_ctos)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
/* Parse extension send from server to client */
int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int (*parse_stoc)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
/* Construct extension sent from server to client */
EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN (*construct_stoc)(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
/* Construct extension sent from client to server */
EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN (*construct_ctos)(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
/*
* Finalise extension after parsing. Always called where an extensions was
* initialised even if the extension was not present. |sent| is set to 1 if
* the extension was seen, or 0 otherwise.
*/
int (*final)(SSL *s, unsigned int context, int sent);
int (*final)(SSL_CONNECTION *s, unsigned int context, int sent);
} EXTENSION_DEFINITION;
/*
@ -385,13 +391,14 @@ static const EXTENSION_DEFINITION ext_defs[] = {
};
/* Check whether an extension's context matches the current context */
static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx)
static int validate_context(SSL_CONNECTION *s, unsigned int extctx,
unsigned int thisctx)
{
/* Check we're allowed to use this extension in this context */
if ((thisctx & extctx) == 0)
return 0;
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
if ((extctx & SSL_EXT_TLS_ONLY) != 0)
return 0;
} else if ((extctx & SSL_EXT_DTLS_ONLY) != 0) {
@ -401,7 +408,8 @@ static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx)
return 1;
}
int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts)
int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx,
RAW_EXTENSION *exts)
{
size_t i, num_exts, builtin_num = OSSL_NELEM(ext_defs), offset;
RAW_EXTENSION *thisext;
@ -445,9 +453,9 @@ int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts)
* indicate the extension is not allowed. If returning 1 then |*found| is set to
* the definition for the extension we found.
*/
static int verify_extension(SSL *s, unsigned int context, unsigned int type,
custom_ext_methods *meths, RAW_EXTENSION *rawexlist,
RAW_EXTENSION **found)
static int verify_extension(SSL_CONNECTION *s, unsigned int context,
unsigned int type, custom_ext_methods *meths,
RAW_EXTENSION *rawexlist, RAW_EXTENSION **found)
{
size_t i;
size_t builtin_num = OSSL_NELEM(ext_defs);
@ -493,7 +501,8 @@ static int verify_extension(SSL *s, unsigned int context, unsigned int type,
* the extension is relevant for the current context |thisctx| or not. Returns
* 1 if the extension is relevant for this context, and 0 otherwise
*/
int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx)
int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx,
unsigned int thisctx)
{
int is_tls13;
@ -504,9 +513,9 @@ int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx)
if ((thisctx & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)
is_tls13 = 1;
else
is_tls13 = SSL_IS_TLS13(s);
is_tls13 = SSL_CONNECTION_IS_TLS13(s);
if ((SSL_IS_DTLS(s)
if ((SSL_CONNECTION_IS_DTLS(s)
&& (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0)
|| (s->version == SSL3_VERSION
&& (extctx & SSL_EXT_SSL3_ALLOWED) == 0)
@ -543,7 +552,8 @@ int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx)
* found, or an internal error occurred. We only check duplicates for
* extensions that we know about. We ignore others.
*/
int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
unsigned int context,
RAW_EXTENSION **res, size_t *len, int init)
{
PACKET extensions = *packet;
@ -631,8 +641,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
thisex->type = type;
thisex->received_order = i++;
if (s->ext.debug_cb)
s->ext.debug_cb(s, !s->server, thisex->type,
PACKET_data(&thisex->data),
s->ext.debug_cb(SSL_CONNECTION_GET_SSL(s), !s->server,
thisex->type, PACKET_data(&thisex->data),
PACKET_remaining(&thisex->data),
s->ext.debug_arg);
}
@ -674,11 +684,11 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
* Certificate. Returns 1 on success or 0 on failure. If an extension is not
* present this counted as success.
*/
int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context,
RAW_EXTENSION *exts, X509 *x, size_t chainidx)
{
RAW_EXTENSION *currext = &exts[idx];
int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
int (*parser)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx) = NULL;
/* Skip if the extension is not present */
@ -724,7 +734,8 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
* working on a Certificate message then we also pass the Certificate |x| and
* its position in the |chainidx|, with 0 being the first certificate.
*/
int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,
int tls_parse_all_extensions(SSL_CONNECTION *s, int context,
RAW_EXTENSION *exts, X509 *x,
size_t chainidx, int fin)
{
size_t i, numexts = OSSL_NELEM(ext_defs);
@ -759,8 +770,8 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,
return 1;
}
int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx,
int max_version)
int should_add_extension(SSL_CONNECTION *s, unsigned int extctx,
unsigned int thisctx, int max_version)
{
/* Skip if not relevant for our context */
if ((extctx & thisctx) == 0)
@ -770,7 +781,7 @@ int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx,
if (!extension_is_relevant(s, extctx, thisctx)
|| ((extctx & SSL_EXT_TLS1_3_ONLY) != 0
&& (thisctx & SSL_EXT_CLIENT_HELLO) != 0
&& (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)))
&& (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION)))
return 0;
return 1;
@ -784,7 +795,8 @@ int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx,
* 0 being the first in the chain). Returns 1 on success or 0 on failure. On a
* failure construction stops at the first extension to fail to construct.
*/
int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
size_t i;
@ -824,7 +836,8 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
}
for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) {
EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN (*construct)(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN ret;
@ -865,7 +878,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
* otherwise. These functions return 1 on success or 0 on failure.
*/
static int final_renegotiate(SSL *s, unsigned int context, int sent)
static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent)
{
if (!s->server) {
/*
@ -905,7 +918,7 @@ static ossl_inline void ssl_tsan_decr(const SSL_CTX *ctx,
}
}
static int init_server_name(SSL *s, unsigned int context)
static int init_server_name(SSL_CONNECTION *s, unsigned int context)
{
if (s->server) {
s->servername_done = 0;
@ -917,22 +930,24 @@ static int init_server_name(SSL *s, unsigned int context)
return 1;
}
static int final_server_name(SSL *s, unsigned int context, int sent)
static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent)
{
int ret = SSL_TLSEXT_ERR_NOACK;
int altmp = SSL_AD_UNRECOGNIZED_NAME;
int was_ticket = (SSL_get_options(s) & SSL_OP_NO_TICKET) == 0;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
int was_ticket = (SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0;
if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) {
if (!ossl_assert(sctx != NULL) || !ossl_assert(s->session_ctx != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
if (s->ctx->ext.servername_cb != NULL)
ret = s->ctx->ext.servername_cb(s, &altmp,
s->ctx->ext.servername_arg);
if (sctx->ext.servername_cb != NULL)
ret = sctx->ext.servername_cb(ssl, &altmp,
sctx->ext.servername_arg);
else if (s->session_ctx->ext.servername_cb != NULL)
ret = s->session_ctx->ext.servername_cb(s, &altmp,
ret = s->session_ctx->ext.servername_cb(ssl, &altmp,
s->session_ctx->ext.servername_arg);
/*
@ -960,9 +975,9 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
* context, to avoid the confusing situation of having sess_accept_good
* exceed sess_accept (zero) for the new context.
*/
if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx
if (SSL_IS_FIRST_HANDSHAKE(s) && sctx != s->session_ctx
&& s->hello_retry_request == SSL_HRR_NONE) {
ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept);
ssl_tsan_counter(sctx, &sctx->stats.sess_accept);
ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept);
}
@ -972,10 +987,10 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
* Also, if this is not a resumption, create a new session ID
*/
if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected
&& was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) {
&& was_ticket && (SSL_get_options(ssl) & SSL_OP_NO_TICKET) != 0) {
s->ext.ticket_expected = 0;
if (!s->hit) {
SSL_SESSION* ss = SSL_get_session(s);
SSL_SESSION* ss = SSL_get_session(ssl);
if (ss != NULL) {
OPENSSL_free(ss->ext.tick);
@ -1001,7 +1016,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
case SSL_TLSEXT_ERR_ALERT_WARNING:
/* TLSv1.3 doesn't have warning alerts so we suppress this */
if (!SSL_IS_TLS13(s))
if (!SSL_CONNECTION_IS_TLS13(s))
ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
s->servername_done = 0;
return 1;
@ -1015,7 +1030,8 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
}
}
static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context,
int sent)
{
unsigned long alg_k, alg_a;
@ -1053,7 +1069,7 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
return 1;
}
static int init_session_ticket(SSL *s, unsigned int context)
static int init_session_ticket(SSL_CONNECTION *s, unsigned int context)
{
if (!s->server)
s->ext.ticket_expected = 0;
@ -1062,7 +1078,7 @@ static int init_session_ticket(SSL *s, unsigned int context)
}
#ifndef OPENSSL_NO_OCSP
static int init_status_request(SSL *s, unsigned int context)
static int init_status_request(SSL_CONNECTION *s, unsigned int context)
{
if (s->server) {
s->ext.status_type = TLSEXT_STATUSTYPE_nothing;
@ -1081,7 +1097,7 @@ static int init_status_request(SSL *s, unsigned int context)
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
static int init_npn(SSL *s, unsigned int context)
static int init_npn(SSL_CONNECTION *s, unsigned int context)
{
s->s3.npn_seen = 0;
@ -1089,7 +1105,7 @@ static int init_npn(SSL *s, unsigned int context)
}
#endif
static int init_alpn(SSL *s, unsigned int context)
static int init_alpn(SSL_CONNECTION *s, unsigned int context)
{
OPENSSL_free(s->s3.alpn_selected);
s->s3.alpn_selected = NULL;
@ -1102,12 +1118,12 @@ static int init_alpn(SSL *s, unsigned int context)
return 1;
}
static int final_alpn(SSL *s, unsigned int context, int sent)
static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent)
{
if (!s->server && !sent && s->session->ext.alpn_selected != NULL)
s->ext.early_data_ok = 0;
if (!s->server || !SSL_IS_TLS13(s))
if (!s->server || !SSL_CONNECTION_IS_TLS13(s))
return 1;
/*
@ -1122,7 +1138,7 @@ static int final_alpn(SSL *s, unsigned int context, int sent)
return tls_handle_alpn(s);
}
static int init_sig_algs(SSL *s, unsigned int context)
static int init_sig_algs(SSL_CONNECTION *s, unsigned int context)
{
/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3.tmp.peer_sigalgs);
@ -1132,7 +1148,8 @@ static int init_sig_algs(SSL *s, unsigned int context)
return 1;
}
static int init_sig_algs_cert(SSL *s, ossl_unused unsigned int context)
static int init_sig_algs_cert(SSL_CONNECTION *s,
ossl_unused unsigned int context)
{
/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
@ -1143,7 +1160,7 @@ static int init_sig_algs_cert(SSL *s, ossl_unused unsigned int context)
}
#ifndef OPENSSL_NO_SRP
static int init_srp(SSL *s, unsigned int context)
static int init_srp(SSL_CONNECTION *s, unsigned int context)
{
OPENSSL_free(s->srp_ctx.login);
s->srp_ctx.login = NULL;
@ -1152,7 +1169,7 @@ static int init_srp(SSL *s, unsigned int context)
}
#endif
static int init_ec_point_formats(SSL *s, unsigned int context)
static int init_ec_point_formats(SSL_CONNECTION *s, unsigned int context)
{
OPENSSL_free(s->ext.peer_ecpointformats);
s->ext.peer_ecpointformats = NULL;
@ -1161,14 +1178,14 @@ static int init_ec_point_formats(SSL *s, unsigned int context)
return 1;
}
static int init_etm(SSL *s, unsigned int context)
static int init_etm(SSL_CONNECTION *s, unsigned int context)
{
s->ext.use_etm = 0;
return 1;
}
static int init_ems(SSL *s, unsigned int context)
static int init_ems(SSL_CONNECTION *s, unsigned int context)
{
if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
@ -1178,7 +1195,7 @@ static int init_ems(SSL *s, unsigned int context)
return 1;
}
static int final_ems(SSL *s, unsigned int context, int sent)
static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent)
{
/*
* Check extended master secret extension is not dropped on
@ -1204,14 +1221,15 @@ static int final_ems(SSL *s, unsigned int context, int sent)
return 1;
}
static int init_certificate_authorities(SSL *s, unsigned int context)
static int init_certificate_authorities(SSL_CONNECTION *s, unsigned int context)
{
sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
s->s3.tmp.peer_ca_names = NULL;
return 1;
}
static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s,
WPACKET *pkt,
unsigned int context,
X509 *x,
size_t chainidx)
@ -1240,7 +1258,7 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1254,7 +1272,7 @@ static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
}
#ifndef OPENSSL_NO_SRTP
static int init_srtp(SSL *s, unsigned int context)
static int init_srtp(SSL_CONNECTION *s, unsigned int context)
{
if (s->server)
s->srtp_profile = NULL;
@ -1263,9 +1281,9 @@ static int init_srtp(SSL *s, unsigned int context)
}
#endif
static int final_sig_algs(SSL *s, unsigned int context, int sent)
static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent)
{
if (!sent && SSL_IS_TLS13(s) && !s->hit) {
if (!sent && SSL_CONNECTION_IS_TLS13(s) && !s->hit) {
SSLfatal(s, TLS13_AD_MISSING_EXTENSION,
SSL_R_MISSING_SIGALGS_EXTENSION);
return 0;
@ -1274,10 +1292,10 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent)
return 1;
}
static int final_key_share(SSL *s, unsigned int context, int sent)
static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent)
{
#if !defined(OPENSSL_NO_TLS1_3)
if (!SSL_IS_TLS13(s))
if (!SSL_CONNECTION_IS_TLS13(s))
return 1;
/* Nothing to do for key_share in an HRR */
@ -1434,13 +1452,14 @@ static int final_key_share(SSL *s, unsigned int context, int sent)
return 1;
}
static int init_psk_kex_modes(SSL *s, unsigned int context)
static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context)
{
s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE;
return 1;
}
int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *msgstart,
size_t binderoffset, const unsigned char *binderin,
unsigned char *binderout, SSL_SESSION *sess, int sign,
int external)
@ -1462,6 +1481,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
int hashsizei = EVP_MD_get_size(md);
int ret = -1;
int usepskfored = 0;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* Ensure cast to size_t is safe */
if (!ossl_assert(hashsizei >= 0)) {
@ -1581,8 +1601,8 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
goto err;
}
mackey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC",
s->ctx->propq, finishedkey,
mackey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC",
sctx->propq, finishedkey,
hashsize);
if (mackey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -1593,8 +1613,8 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
binderout = tmpbinder;
bindersize = hashsize;
if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), s->ctx->libctx,
s->ctx->propq, mackey, NULL) <= 0
if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), sctx->libctx,
sctx->propq, mackey, NULL) <= 0
|| EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
|| EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
|| bindersize != hashsize) {
@ -1620,7 +1640,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
return ret;
}
static int final_early_data(SSL *s, unsigned int context, int sent)
static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent)
{
if (!sent)
return 1;
@ -1647,7 +1667,7 @@ static int final_early_data(SSL *s, unsigned int context, int sent)
|| !s->ext.early_data_ok
|| s->hello_retry_request != SSL_HRR_NONE
|| (s->allow_early_data_cb != NULL
&& !s->allow_early_data_cb(s,
&& !s->allow_early_data_cb(SSL_CONNECTION_GET_SSL(s),
s->allow_early_data_cb_data))) {
s->ext.early_data = SSL_EARLY_DATA_REJECTED;
} else {
@ -1663,7 +1683,8 @@ static int final_early_data(SSL *s, unsigned int context, int sent)
return 1;
}
static int final_maxfragmentlen(SSL *s, unsigned int context, int sent)
static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
int sent)
{
/*
* Session resumption on server-side with MFL extension active
@ -1687,7 +1708,8 @@ static int final_maxfragmentlen(SSL *s, unsigned int context, int sent)
return 1;
}
static int init_post_handshake_auth(SSL *s, ossl_unused unsigned int context)
static int init_post_handshake_auth(SSL_CONNECTION *s,
ossl_unused unsigned int context)
{
s->post_handshake_auth = SSL_PHA_NONE;
@ -1698,7 +1720,7 @@ static int init_post_handshake_auth(SSL *s, ossl_unused unsigned int context)
* If clients offer "pre_shared_key" without a "psk_key_exchange_modes"
* extension, servers MUST abort the handshake.
*/
static int final_psk(SSL *s, unsigned int context, int sent)
static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent)
{
if (s->server && sent && s->clienthello != NULL
&& !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) {

173
ssl/statem/extensions_clnt.c
View File

@ -12,7 +12,7 @@
#include "internal/cryptlib.h"
#include "statem_local.h"
EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -32,7 +32,7 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -58,7 +58,7 @@ EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt,
}
/* Push a Max Fragment Len extension into ClientHello */
EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -83,7 +83,8 @@ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt,
}
#ifndef OPENSSL_NO_SRP
EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_srp(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
/* Add SRP username if there is one */
@ -108,19 +109,20 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context,
}
#endif
static int use_ecc(SSL *s, int min_version, int max_version)
static int use_ecc(SSL_CONNECTION *s, int min_version, int max_version)
{
int i, end, ret = 0;
unsigned long alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
const uint16_t *pgroups = NULL;
size_t num_groups, j;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* See if we support any ECC ciphersuites */
if (s->version == SSL3_VERSION)
return 0;
cipher_stack = SSL_get1_supported_ciphers(s);
cipher_stack = SSL_get1_supported_ciphers(ssl);
end = sk_SSL_CIPHER_num(cipher_stack);
for (i = 0; i < end; i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
@ -151,7 +153,7 @@ static int use_ecc(SSL *s, int min_version, int max_version)
return 0;
}
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -182,7 +184,7 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -201,7 +203,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
* if we don't have EC support then we don't send this extension.
*/
if (!use_ecc(s, min_version, max_version)
&& (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))
&& (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION))
return EXT_RETURN_NOT_SENT;
/*
@ -266,7 +268,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -307,7 +309,7 @@ EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -334,7 +336,7 @@ EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
}
#ifndef OPENSSL_NO_OCSP
EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -399,10 +401,12 @@ EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt,
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
if (s->ctx->ext.npn_select_cb == NULL || !SSL_IS_FIRST_HANDSHAKE(s))
if (SSL_CONNECTION_GET_CTX(s)->ext.npn_select_cb == NULL
|| !SSL_IS_FIRST_HANDSHAKE(s))
return EXT_RETURN_NOT_SENT;
/*
@ -419,7 +423,8 @@ EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
}
#endif
EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
s->s3.alpn_sent = 0;
@ -443,11 +448,12 @@ EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
#ifndef OPENSSL_NO_SRTP
EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s);
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(ssl);
int i, end;
if (clnt == NULL)
@ -484,7 +490,8 @@ EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt,
}
#endif
EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
@ -500,7 +507,8 @@ EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context,
}
#ifndef OPENSSL_NO_CT
EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
if (s->ct_validation_callback == NULL)
@ -520,7 +528,8 @@ EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context,
}
#endif
EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET)
@ -535,7 +544,7 @@ EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -578,7 +587,7 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
/*
* Construct a psk_kex_modes extension.
*/
EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -605,7 +614,7 @@ EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt,
}
#ifndef OPENSSL_NO_TLS1_3
static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
static int add_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int curve_id)
{
unsigned char *encoded_point = NULL;
EVP_PKEY *key_share_key = NULL;
@ -661,7 +670,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
}
#endif
EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -721,7 +730,8 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
#endif
}
EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
EXT_RETURN ret = EXT_RETURN_FAIL;
@ -749,7 +759,7 @@ EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
return ret;
}
EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -761,12 +771,13 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
SSL_SESSION *psksess = NULL;
SSL_SESSION *edsess = NULL;
const EVP_MD *handmd = NULL;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->hello_retry_request == SSL_HRR_PENDING)
handmd = ssl_handshake_md(s);
if (s->psk_use_session_cb != NULL
&& (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess)
&& (!s->psk_use_session_cb(ssl, handmd, &id, &idlen, &psksess)
|| (psksess != NULL
&& psksess->ssl_version != TLS1_3_VERSION))) {
SSL_SESSION_free(psksess);
@ -780,7 +791,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
size_t psklen = 0;
memset(identity, 0, sizeof(identity));
psklen = s->psk_client_callback(s, NULL, identity, sizeof(identity) - 1,
psklen = s->psk_client_callback(ssl, NULL,
identity, sizeof(identity) - 1,
psk, sizeof(psk));
if (psklen > PSK_MAX_PSK_LEN) {
@ -801,7 +813,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
* We found a PSK using an old style callback. We don't know
* the digest so we default to SHA256 as per the TLSv1.3 spec
*/
cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
if (cipher == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
@ -918,7 +930,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
*/
#define PSK_PRE_BINDER_OVERHEAD (2 + 2 + 2 + 2 + 4 + 2 + 1)
EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -946,7 +958,8 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
if (s->session->ssl_version == TLS1_3_VERSION
&& s->session->ext.ticklen != 0
&& s->session->cipher != NULL) {
const EVP_MD *md = ssl_md(s->ctx, s->session->cipher->algorithm2);
const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
s->session->cipher->algorithm2);
if (md != NULL) {
/*
@ -987,7 +1000,8 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
/*
* Construct the pre_shared_key extension
*/
EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
#ifndef OPENSSL_NO_TLS1_3
@ -996,6 +1010,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL;
const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
int dores = 0;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
s->ext.tick_identity = 0;
@ -1022,7 +1037,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
mdres = ssl_md(s->ctx, s->session->cipher->algorithm2);
mdres = ssl_md(sctx, s->session->cipher->algorithm2);
if (mdres == NULL) {
/*
* Don't recognize this cipher so we can't use the session.
@ -1095,7 +1110,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
return EXT_RETURN_NOT_SENT;
if (s->psksession != NULL) {
mdpsk = ssl_md(s->ctx, s->psksession->cipher->algorithm2);
mdpsk = ssl_md(sctx, s->psksession->cipher->algorithm2);
if (mdpsk == NULL) {
/*
* Don't recognize this cipher so we can't use the session.
@ -1185,7 +1200,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
#endif
}
EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pkt,
ossl_unused unsigned int context,
ossl_unused X509 *x,
ossl_unused size_t chainidx)
@ -1214,7 +1229,8 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt,
/*
* Parse the server's renegotiation binding and abort if it's not right
*/
int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
size_t expected_len = s->s3.previous_client_finished_len
@ -1268,7 +1284,8 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
}
/* Parse the server's max fragment len extension packet */
int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
unsigned int value;
@ -1306,7 +1323,8 @@ int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
return 1;
}
int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
if (s->ext.hostname == NULL) {
@ -1334,7 +1352,8 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
return 1;
}
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
size_t ecpointformats_len;
@ -1373,13 +1392,16 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
return 1;
}
int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->ext.session_ticket_cb != NULL &&
!s->ext.session_ticket_cb(s, PACKET_data(pkt),
PACKET_remaining(pkt),
s->ext.session_ticket_cb_arg)) {
!s->ext.session_ticket_cb(ssl, PACKET_data(pkt),
PACKET_remaining(pkt),
s->ext.session_ticket_cb_arg)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION);
return 0;
}
@ -1399,7 +1421,8 @@ int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
}
#ifndef OPENSSL_NO_OCSP
int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
@ -1415,12 +1438,12 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
return 0;
}
if (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0) {
if (!SSL_CONNECTION_IS_TLS13(s) && PACKET_remaining(pkt) > 0) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
return 0;
}
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
/* We only know how to handle this if it's for the first Certificate in
* the chain. We ignore any other responses.
*/
@ -1440,8 +1463,8 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
#ifndef OPENSSL_NO_CT
int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
/* We ignore this if the server sends it in a CertificateRequest */
@ -1508,7 +1531,7 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
* elements of zero length are allowed and the set of elements must exactly
* fill the length of the block. Returns 1 on success or 0 on failure.
*/
static int ssl_next_proto_validate(SSL *s, PACKET *pkt)
static int ssl_next_proto_validate(SSL_CONNECTION *s, PACKET *pkt)
{
PACKET tmp_protocol;
@ -1523,19 +1546,20 @@ static int ssl_next_proto_validate(SSL *s, PACKET *pkt)
return 1;
}
int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
unsigned char *selected;
unsigned char selected_len;
PACKET tmppkt;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* Check if we are in a renegotiation. If so ignore this extension */
if (!SSL_IS_FIRST_HANDSHAKE(s))
return 1;
/* We must have requested it. */
if (s->ctx->ext.npn_select_cb == NULL) {
if (sctx->ext.npn_select_cb == NULL) {
SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
return 0;
}
@ -1546,10 +1570,10 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
/* SSLfatal() already called */
return 0;
}
if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len,
PACKET_data(pkt),
PACKET_remaining(pkt),
s->ctx->ext.npn_select_cb_arg) !=
if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_SSL(s),
&selected, &selected_len,
PACKET_data(pkt), PACKET_remaining(pkt),
sctx->ext.npn_select_cb_arg) !=
SSL_TLSEXT_ERR_OK) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION);
return 0;
@ -1575,8 +1599,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
#endif
int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
size_t len;
@ -1640,8 +1664,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
#ifndef OPENSSL_NO_SRTP
int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, size_t chainidx)
{
unsigned int id, ct, mki;
int i;
@ -1664,7 +1688,7 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
/* Throw an error if the server gave us an unsolicited extension */
clnt = SSL_get_srtp_profiles(s);
clnt = SSL_get_srtp_profiles(SSL_CONNECTION_GET_SSL(s));
if (clnt == NULL) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_NO_SRTP_PROFILES);
return 0;
@ -1689,8 +1713,8 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
#endif
int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_stoc_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
/* Ignore if inappropriate ciphersuite */
if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
@ -1705,8 +1729,8 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1;
}
int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET)
return 1;
@ -1717,7 +1741,8 @@ int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1;
}
int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
unsigned int version;
@ -1748,7 +1773,8 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
return 1;
}
int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
#ifndef OPENSSL_NO_TLS1_3
@ -1836,7 +1862,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
s->session->kex_group = group_id;
}
if ((ginf = tls1_group_id_lookup(s->ctx, group_id)) == NULL) {
if ((ginf = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s),
group_id)) == NULL) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
return 0;
}
@ -1885,8 +1912,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1;
}
int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
PACKET cookie;
@ -1900,7 +1927,8 @@ int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1;
}
int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) {
@ -1938,7 +1966,8 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
return 1;
}
int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
#ifndef OPENSSL_NO_TLS1_3

19
ssl/statem/extensions_cust.c
View File

@ -110,7 +110,8 @@ void custom_ext_init(custom_ext_methods *exts)
}
/* Pass received custom extension data to the application for parsing. */
int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
int custom_ext_parse(SSL_CONNECTION *s, unsigned int context,
unsigned int ext_type,
const unsigned char *ext_data, size_t ext_size, X509 *x,
size_t chainidx)
{
@ -154,11 +155,11 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
/* If no parse function set return success */
if (!meth->parse_cb)
if (meth->parse_cb == NULL)
return 1;
if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx,
&al, meth->parse_arg) <= 0) {
if (meth->parse_cb(SSL_CONNECTION_GET_SSL(s), ext_type, context, ext_data,
ext_size, x, chainidx, &al, meth->parse_arg) <= 0) {
SSLfatal(s, al, SSL_R_BAD_EXTENSION);
return 0;
}
@ -170,8 +171,8 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
* Request custom extension data from the application and add to the return
* buffer.
*/
int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
int maxversion)
int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x,
size_t chainidx, int maxversion)
{
custom_ext_methods *exts = &s->cert->custext;
custom_ext_method *meth;
@ -204,7 +205,8 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
continue;
if (meth->add_cb != NULL) {
int cb_retval = meth->add_cb(s, meth->ext_type, context, &out,
int cb_retval = meth->add_cb(SSL_CONNECTION_GET_SSL(s),
meth->ext_type, context, &out,
&outlen, x, chainidx, &al,
meth->add_arg);
@ -239,7 +241,8 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
meth->ext_flags |= SSL_EXT_FLAG_SENT;
}
if (meth->free_cb != NULL)
meth->free_cb(s, meth->ext_type, context, out, meth->add_arg);
meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context,
out, meth->add_arg);
}
return 1;
}

203
ssl/statem/extensions_srvr.c
View File

@ -38,7 +38,8 @@
/*
* Parse the client's renegotiation binding and abort if it's not right
*/
int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
unsigned int ilen;
@ -91,8 +92,8 @@ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
* extension.
* - On session reconnect, the servername extension may be absent.
*/
int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, size_t chainidx)
{
unsigned int servname_type;
PACKET sni, hostname;
@ -126,7 +127,7 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
* In TLSv1.2 and below the SNI is associated with the session. In TLSv1.3
* we always use the SNI value from the handshake.
*/
if (!s->hit || SSL_IS_TLS13(s)) {
if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) {
if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) {
SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, SSL_R_BAD_EXTENSION);
return 0;
@ -163,7 +164,8 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
return 1;
}
int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
unsigned int value;
@ -200,8 +202,8 @@ int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
}
#ifndef OPENSSL_NO_SRP
int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
PACKET srp_I;
@ -220,7 +222,8 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
#endif
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
PACKET ec_point_format_list;
@ -243,13 +246,14 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
return 1;
}
int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
if (s->ext.session_ticket_cb &&
!s->ext.session_ticket_cb(s, PACKET_data(pkt),
PACKET_remaining(pkt),
s->ext.session_ticket_cb_arg)) {
!s->ext.session_ticket_cb(SSL_CONNECTION_GET_SSL(s),
PACKET_data(pkt), PACKET_remaining(pkt),
s->ext.session_ticket_cb_arg)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -257,7 +261,7 @@ int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
return 1;
}
int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt,
int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt,
ossl_unused unsigned int context,
ossl_unused X509 *x,
ossl_unused size_t chainidx)
@ -278,8 +282,8 @@ int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt,
return 1;
}
int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, size_t chainidx)
{
PACKET supported_sig_algs;
@ -298,7 +302,8 @@ int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
#ifndef OPENSSL_NO_OCSP
int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
PACKET responder_id_list, exts;
@ -402,8 +407,8 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
/*
* We shouldn't accept this extension on a
@ -420,8 +425,8 @@ int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
* Save the ALPN extension in a ClientHello.|pkt| holds the contents of the ALPN
* extension, not including type and length. Returns: 1 on success, 0 on error.
*/
int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
PACKET protocol_list, save_protocol_list, protocol;
@ -457,16 +462,17 @@ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
#ifndef OPENSSL_NO_SRTP
int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, size_t chainidx)
{
STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
unsigned int ct, mki_len, id;
int i, srtp_pref;
PACKET subpkt;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* Ignore this if we have no SRTP profiles */
if (SSL_get_srtp_profiles(s) == NULL)
if (SSL_get_srtp_profiles(ssl) == NULL)
return 1;
/* Pull off the length of the cipher suite list and check it is even */
@ -477,7 +483,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 0;
}
srvr = SSL_get_srtp_profiles(s);
srvr = SSL_get_srtp_profiles(ssl);
s->srtp_profile = NULL;
/* Search all profiles for a match initially */
srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
@ -524,8 +530,8 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
#endif
int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))
s->ext.use_etm = 1;
@ -537,7 +543,8 @@ int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
* Process a psk_kex_modes extension received in the ClientHello. |pkt| contains
* the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
*/
int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
#ifndef OPENSSL_NO_TLS1_3
@ -566,8 +573,8 @@ int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
* Process a key_share extension received in the ClientHello. |pkt| contains
* the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
*/
int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, size_t chainidx)
{
#ifndef OPENSSL_NO_TLS1_3
unsigned int group_id;
@ -679,8 +686,8 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1;
}
int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
#ifndef OPENSSL_NO_TLS1_3
unsigned int format, version, key_share, group_id;
@ -693,9 +700,11 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
unsigned char hrr[MAX_HRR_SIZE];
size_t rawlen, hmaclen, hrrlen, ciphlen;
unsigned long tm, now;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* Ignore any cookie if we're not set up to verify it */
if (s->ctx->verify_stateless_cookie_cb == NULL
if (sctx->verify_stateless_cookie_cb == NULL
|| (s->s3.flags & TLS1_FLAGS_STATELESS) == 0)
return 1;
@ -716,8 +725,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
/* Verify the HMAC of the cookie */
hctx = EVP_MD_CTX_create();
pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC",
s->ctx->propq,
pkey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC",
sctx->propq,
s->session_ctx->ext.cookie_hmac_key,
sizeof(s->session_ctx->ext.cookie_hmac_key));
if (hctx == NULL || pkey == NULL) {
@ -728,8 +737,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
hmaclen = SHA256_DIGEST_LENGTH;
if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx,
s->ctx->propq, pkey, NULL) <= 0
if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", sctx->libctx,
sctx->propq, pkey, NULL) <= 0
|| EVP_DigestSign(hctx, hmac, &hmaclen, data,
rawlen - SHA256_DIGEST_LENGTH) <= 0
|| hmaclen != SHA256_DIGEST_LENGTH) {
@ -809,8 +818,9 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
/* Verify the app cookie */
if (s->ctx->verify_stateless_cookie_cb(s, PACKET_data(&appcookie),
PACKET_remaining(&appcookie)) == 0) {
if (sctx->verify_stateless_cookie_cb(ssl,
PACKET_data(&appcookie),
PACKET_remaining(&appcookie)) == 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH);
return 0;
}
@ -830,8 +840,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|| !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE)
|| !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id,
s->tmp_session_id_len)
|| !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt,
&ciphlen)
|| !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt,
&ciphlen)
|| !WPACKET_put_bytes_u8(&hrrpkt, 0)
|| !WPACKET_start_sub_packet_u16(&hrrpkt)) {
WPACKET_cleanup(&hrrpkt);
@ -886,7 +896,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1;
}
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
PACKET supported_groups_list;
@ -899,7 +910,7 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
return 0;
}
if (!s->hit || SSL_IS_TLS13(s)) {
if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) {
OPENSSL_free(s->ext.peer_supportedgroups);
s->ext.peer_supportedgroups = NULL;
s->ext.peer_supportedgroups_len = 0;
@ -914,8 +925,8 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
return 1;
}
int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
/* The extension must always be empty */
if (PACKET_remaining(pkt) != 0) {
@ -932,7 +943,7 @@ int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
if (PACKET_remaining(pkt) != 0) {
@ -948,7 +959,7 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
return 1;
}
static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL_CONNECTION *s, PACKET *tick,
SSL_SESSION **sess)
{
SSL_SESSION *tmpsess = NULL;
@ -976,14 +987,16 @@ static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
return SSL_TICKET_SUCCESS;
}
int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx)
int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
PACKET identities, binders, binder;
size_t binderoffset, hashsize;
SSL_SESSION *sess = NULL;
unsigned int id, i, ext = 0;
const EVP_MD *md = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/*
* If we have no PSK kex mode that we recognise then we can't resume so
@ -1012,7 +1025,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
idlen = PACKET_remaining(&identity);
if (s->psk_find_session_cb != NULL
&& !s->psk_find_session_cb(s, PACKET_data(&identity), idlen,
&& !s->psk_find_session_cb(ssl, PACKET_data(&identity), idlen,
&sess)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION);
return 0;
@ -1030,7 +1043,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
pskdatalen = s->psk_server_callback(s, pskid, pskdata,
pskdatalen = s->psk_server_callback(ssl, pskid, pskdata,
sizeof(pskdata));
OPENSSL_free(pskid);
if (pskdatalen > PSK_MAX_PSK_LEN) {
@ -1044,7 +1057,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
* We found a PSK using an old style callback. We don't know
* the digest so we default to SHA256 as per the TLSv1.3 spec
*/
cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
if (cipher == NULL) {
OPENSSL_cleanse(pskdata, pskdatalen);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -1155,13 +1168,13 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
}
md = ssl_md(s->ctx, sess->cipher->algorithm2);
md = ssl_md(sctx, sess->cipher->algorithm2);
if (md == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
if (!EVP_MD_is_a(md,
EVP_MD_get0_name(ssl_md(s->ctx,
EVP_MD_get0_name(ssl_md(sctx,
s->s3.tmp.new_cipher->algorithm2)))) {
/* The ciphersuite is not compatible with this session. */
SSL_SESSION_free(sess);
@ -1212,7 +1225,7 @@ err:
return 0;
}
int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt,
int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *s, PACKET *pkt,
ossl_unused unsigned int context,
ossl_unused X509 *x,
ossl_unused size_t chainidx)
@ -1231,7 +1244,7 @@ int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt,
/*
* Add the server's renegotiation binding
*/
EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1255,7 +1268,7 @@ EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1266,7 +1279,7 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
* Prior to TLSv1.3 we ignore any SNI in the current handshake if resuming.
* We just use the servername from the initial handshake.
*/
if (s->hit && !SSL_IS_TLS13(s))
if (s->hit && !SSL_CONNECTION_IS_TLS13(s))
return EXT_RETURN_NOT_SENT;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
@ -1279,7 +1292,7 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
}
/* Add/include the server's max fragment len extension into ServerHello */
EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1301,7 +1314,7 @@ EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1327,7 +1340,7 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1347,7 +1360,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
}
/* Copy group ID if supported */
version = SSL_version(s);
version = SSL_version(SSL_CONNECTION_GET_SSL(s));
for (i = 0; i < numgroups; i++) {
uint16_t group = groups[i];
@ -1387,7 +1400,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1406,7 +1419,7 @@ EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
}
#ifndef OPENSSL_NO_OCSP
EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1417,7 +1430,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
if (!s->ext.status_expected)
return EXT_RETURN_NOT_SENT;
if (SSL_IS_TLS13(s) && chainidx != 0)
if (SSL_CONNECTION_IS_TLS13(s) && chainidx != 0)
return EXT_RETURN_NOT_SENT;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
@ -1431,7 +1444,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
* send back an empty extension, with the certificate status appearing as a
* separate message
*/
if (SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) {
if (SSL_CONNECTION_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) {
/* SSLfatal() already called */
return EXT_RETURN_FAIL;
}
@ -1445,7 +1458,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1453,13 +1466,14 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
unsigned int npalen;
int ret;
int npn_seen = s->s3.npn_seen;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
s->s3.npn_seen = 0;
if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL)
if (!npn_seen || sctx->ext.npn_advertised_cb == NULL)
return EXT_RETURN_NOT_SENT;
ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen,
s->ctx->ext.npn_advertised_cb_arg);
ret = sctx->ext.npn_advertised_cb(SSL_CONNECTION_GET_SSL(s), &npa, &npalen,
sctx->ext.npn_advertised_cb_arg);
if (ret == SSL_TLSEXT_ERR_OK) {
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
|| !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) {
@ -1473,7 +1487,7 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
}
#endif
EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
if (s->s3.alpn_selected == NULL)
@ -1495,7 +1509,7 @@ EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
}
#ifndef OPENSSL_NO_SRTP
EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1516,7 +1530,8 @@ EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt,
}
#endif
EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
if (!s->ext.use_etm)
@ -1545,7 +1560,8 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
@ -1560,11 +1576,11 @@ EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
if (!ossl_assert(SSL_IS_TLS13(s))) {
if (!ossl_assert(SSL_CONNECTION_IS_TLS13(s))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
@ -1580,7 +1596,7 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1630,7 +1646,8 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
if ((ginf = tls1_group_id_lookup(s->ctx, s->s3.group_id)) == NULL) {
if ((ginf = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s),
s->s3.group_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
@ -1713,7 +1730,8 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
#endif
}
EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
#ifndef OPENSSL_NO_TLS1_3
@ -1723,11 +1741,13 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
EVP_MD_CTX *hctx;
EVP_PKEY *pkey;
int ret = EXT_RETURN_FAIL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0)
return EXT_RETURN_NOT_SENT;
if (s->ctx->gen_stateless_cookie_cb == NULL) {
if (sctx->gen_stateless_cookie_cb == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_COOKIE_CALLBACK_SET);
return EXT_RETURN_FAIL;
}
@ -1740,8 +1760,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
|| !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION)
|| !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
|| !WPACKET_put_bytes_u16(pkt, s->s3.group_id)
|| !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt,
&ciphlen)
|| !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt,
&ciphlen)
/* Is there a key_share extension present in this HRR? */
|| !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL)
|| !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL))
@ -1772,7 +1792,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
}
/* Generate the application cookie */
if (s->ctx->gen_stateless_cookie_cb(s, appcookie1, &appcookielen) == 0) {
if (sctx->gen_stateless_cookie_cb(ssl, appcookie1,
&appcookielen) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
return EXT_RETURN_FAIL;
}
@ -1795,8 +1816,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
/* HMAC the cookie */
hctx = EVP_MD_CTX_create();
pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC",
s->ctx->propq,
pkey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC",
sctx->propq,
s->session_ctx->ext.cookie_hmac_key,
sizeof(s->session_ctx->ext.cookie_hmac_key));
if (hctx == NULL || pkey == NULL) {
@ -1804,8 +1825,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
goto err;
}
if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx,
s->ctx->propq, pkey, NULL) <= 0
if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", sctx->libctx,
sctx->propq, pkey, NULL) <= 0
|| EVP_DigestSign(hctx, hmac, &hmaclen, cookie,
totcookielen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -1837,7 +1858,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
#endif
}
EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1852,7 +1873,8 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
if (((s->s3.tmp.new_cipher->id & 0xFFFF) != 0x80
&& (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81)
|| (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0)
|| (SSL_get_options(SSL_CONNECTION_GET_SSL(s))
& SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0)
return EXT_RETURN_NOT_SENT;
if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) {
@ -1863,7 +1885,7 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
{
@ -1895,7 +1917,8 @@ EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
if (!s->hit)

179
ssl/statem/statem.c
View File

@ -62,29 +62,49 @@ typedef enum {
SUB_STATE_END_HANDSHAKE
} SUB_STATE_RETURN;
static int state_machine(SSL *s, int server);
static void init_read_state_machine(SSL *s);
static SUB_STATE_RETURN read_state_machine(SSL *s);
static void init_write_state_machine(SSL *s);
static SUB_STATE_RETURN write_state_machine(SSL *s);
static int state_machine(SSL_CONNECTION *s, int server);
static void init_read_state_machine(SSL_CONNECTION *s);
static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s);
static void init_write_state_machine(SSL_CONNECTION *s);
static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s);
OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
{
return ssl->statem.hand_state;
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
if (sc == NULL)
return TLS_ST_BEFORE;
return sc->statem.hand_state;
}
int SSL_in_init(const SSL *s)
{
return s->statem.in_init;
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return 0;
return sc->statem.in_init;
}
int SSL_is_init_finished(const SSL *s)
{
return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK);
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return 0;
return !(sc->statem.in_init) && (sc->statem.hand_state == TLS_ST_OK);
}
int SSL_in_before(const SSL *s)
{
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return 0;
/*
* Historically being "in before" meant before anything had happened. In the
* current code though we remain in the "before" state for a while after we
@ -92,14 +112,14 @@ int SSL_in_before(const SSL *s)
* first message to arrive). There "in before" is taken to mean "in before"
* and not started any handshake process yet.
*/
return (s->statem.hand_state == TLS_ST_BEFORE)
&& (s->statem.state == MSG_FLOW_UNINITED);
return (sc->statem.hand_state == TLS_ST_BEFORE)
&& (sc->statem.state == MSG_FLOW_UNINITED);
}
/*
* Clear the state machine state and reset back to MSG_FLOW_UNINITED
*/
void ossl_statem_clear(SSL *s)
void ossl_statem_clear(SSL_CONNECTION *s)
{
s->statem.state = MSG_FLOW_UNINITED;
s->statem.hand_state = TLS_ST_BEFORE;
@ -110,13 +130,13 @@ void ossl_statem_clear(SSL *s)
/*
* Set the state machine up ready for a renegotiation handshake
*/
void ossl_statem_set_renegotiate(SSL *s)
void ossl_statem_set_renegotiate(SSL_CONNECTION *s)
{
s->statem.in_init = 1;
s->statem.request_state = TLS_ST_SW_HELLO_REQ;
}
void ossl_statem_send_fatal(SSL *s, int al)
void ossl_statem_send_fatal(SSL_CONNECTION *s, int al)
{
/* We shouldn't call SSLfatal() twice. Once is enough */
if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
@ -134,7 +154,8 @@ void ossl_statem_send_fatal(SSL *s, int al)
* into an error state and sends an alert if appropriate.
* This is a permanent error for the current connection.
*/
void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason,
const char *fmt, ...)
{
va_list args;
@ -164,7 +185,7 @@ void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
* 1: Yes
* 0: No
*/
int ossl_statem_in_error(const SSL *s)
int ossl_statem_in_error(const SSL_CONNECTION *s)
{
if (s->statem.state == MSG_FLOW_ERROR)
return 1;
@ -172,17 +193,17 @@ int ossl_statem_in_error(const SSL *s)
return 0;
}
void ossl_statem_set_in_init(SSL *s, int init)
void ossl_statem_set_in_init(SSL_CONNECTION *s, int init)
{
s->statem.in_init = init;
}
int ossl_statem_get_in_handshake(SSL *s)
int ossl_statem_get_in_handshake(SSL_CONNECTION *s)
{
return s->statem.in_handshake;
}
void ossl_statem_set_in_handshake(SSL *s, int inhand)
void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand)
{
if (inhand)
s->statem.in_handshake++;
@ -191,7 +212,7 @@ void ossl_statem_set_in_handshake(SSL *s, int inhand)
}
/* Are we in a sensible state to skip over unreadable early data? */
int ossl_statem_skip_early_data(SSL *s)
int ossl_statem_skip_early_data(SSL_CONNECTION *s)
{
if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
return 0;
@ -212,7 +233,7 @@ int ossl_statem_skip_early_data(SSL *s)
* attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake()
* or similar.
*/
void ossl_statem_check_finish_init(SSL *s, int sending)
void ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending)
{
if (sending == -1) {
if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
@ -246,7 +267,7 @@ void ossl_statem_check_finish_init(SSL *s, int sending)
}
}
void ossl_statem_set_hello_verify_done(SSL *s)
void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s)
{
s->statem.state = MSG_FLOW_UNINITED;
s->statem.in_init = 1;
@ -262,22 +283,34 @@ void ossl_statem_set_hello_verify_done(SSL *s)
int ossl_statem_connect(SSL *s)
{
return state_machine(s, 0);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return -1;
return state_machine(sc, 0);
}
int ossl_statem_accept(SSL *s)
{
return state_machine(s, 1);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return -1;
return state_machine(sc, 1);
}
typedef void (*info_cb) (const SSL *, int, int);
static info_cb get_callback(SSL *s)
static info_cb get_callback(SSL_CONNECTION *s)
{
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (s->info_callback != NULL)
return s->info_callback;
else if (s->ctx->info_callback != NULL)
return s->ctx->info_callback;
else if (sctx->info_callback != NULL)
return sctx->info_callback;
return NULL;
}
@ -310,13 +343,14 @@ static info_cb get_callback(SSL *s)
* 1: Success
* <=0: NBIO or error
*/
static int state_machine(SSL *s, int server)
static int state_machine(SSL_CONNECTION *s, int server)
{
BUF_MEM *buf = NULL;
void (*cb) (const SSL *ssl, int type, int val) = NULL;
OSSL_STATEM *st = &s->statem;
int ret = -1;
int ssret;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (st->state == MSG_FLOW_ERROR) {
/* Shouldn't have been called if we're already in the error state */
@ -329,21 +363,21 @@ static int state_machine(SSL *s, int server)
cb = get_callback(s);
st->in_handshake++;
if (!SSL_in_init(s) || SSL_in_before(s)) {
if (!SSL_in_init(ssl) || SSL_in_before(ssl)) {
/*
* If we are stateless then we already called SSL_clear() - don't do
* it again and clear the STATELESS flag itself.
*/
if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s))
if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(ssl))
return -1;
}
#ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
if (SSL_CONNECTION_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(ssl))) {
/*
* Notify SCTP BIO socket to enter handshake mode and prevent stream
* identifier other than 0.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL);
}
#endif
@ -358,8 +392,8 @@ static int state_machine(SSL *s, int server)
s->server = server;
if (cb != NULL) {
if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_IS_TLS13(s))
cb(s, SSL_CB_HANDSHAKE_START, 1);
if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_CONNECTION_IS_TLS13(s))
cb(ssl, SSL_CB_HANDSHAKE_START, 1);
}
/*
@ -368,7 +402,7 @@ static int state_machine(SSL *s, int server)
* doomed to failure.
*/
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
(server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) {
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
@ -415,14 +449,14 @@ static int state_machine(SSL *s, int server)
* SCTP
*/
#ifndef OPENSSL_NO_SCTP
if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
if (!SSL_CONNECTION_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(ssl)))
#endif
if (!ssl_init_wbio_buffer(s)) {
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
goto end;
}
if ((SSL_in_before(s))
if ((SSL_in_before(ssl))
|| s->renegotiate) {
if (!tls_setup_handshake(s)) {
/* SSLfatal() already called */
@ -472,12 +506,12 @@ static int state_machine(SSL *s, int server)
st->in_handshake--;
#ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
if (SSL_CONNECTION_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(ssl))) {
/*
* Notify SCTP BIO socket to leave handshake mode and allow stream
* identifier other than 0.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL);
}
#endif
@ -485,9 +519,9 @@ static int state_machine(SSL *s, int server)
BUF_MEM_free(buf);
if (cb != NULL) {
if (server)
cb(s, SSL_CB_ACCEPT_EXIT, ret);
cb(ssl, SSL_CB_ACCEPT_EXIT, ret);
else
cb(s, SSL_CB_CONNECT_EXIT, ret);
cb(ssl, SSL_CB_CONNECT_EXIT, ret);
}
return ret;
}
@ -495,14 +529,14 @@ static int state_machine(SSL *s, int server)
/*
* Initialise the MSG_FLOW_READING sub-state machine
*/
static void init_read_state_machine(SSL *s)
static void init_read_state_machine(SSL_CONNECTION *s)
{
OSSL_STATEM *st = &s->statem;
st->read_state = READ_STATE_HEADER;
}
static int grow_init_buf(SSL *s, size_t size) {
static int grow_init_buf(SSL_CONNECTION *s, size_t size) {
size_t msg_offset = (char *)s->init_msg - s->init_buf->data;
@ -543,17 +577,18 @@ static int grow_init_buf(SSL *s, size_t size) {
* control returns to the calling application. When this function is recalled we
* will resume in the same state where we left off.
*/
static SUB_STATE_RETURN read_state_machine(SSL *s)
static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s)
{
OSSL_STATEM *st = &s->statem;
int ret, mt;
size_t len = 0;
int (*transition) (SSL *s, int mt);
int (*transition) (SSL_CONNECTION *s, int mt);
PACKET pkt;
MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
size_t (*max_message_size) (SSL *s);
MSG_PROCESS_RETURN(*process_message) (SSL_CONNECTION *s, PACKET *pkt);
WORK_STATE(*post_process_message) (SSL_CONNECTION *s, WORK_STATE wst);
size_t (*max_message_size) (SSL_CONNECTION *s);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
cb = get_callback(s);
@ -578,7 +613,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
switch (st->read_state) {
case READ_STATE_HEADER:
/* Get the state the peer wants to move to */
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
/*
* In DTLS we get the whole message in one go - header and body
*/
@ -595,9 +630,9 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
if (cb != NULL) {
/* Notify callback of an impending state change */
if (s->server)
cb(s, SSL_CB_ACCEPT_LOOP, 1);
cb(ssl, SSL_CB_ACCEPT_LOOP, 1);
else
cb(s, SSL_CB_CONNECT_LOOP, 1);
cb(ssl, SSL_CB_CONNECT_LOOP, 1);
}
/*
* Validate that we are allowed to move to the new state and move
@ -613,7 +648,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
}
/* dtls_get_message already did this */
if (!SSL_IS_DTLS(s)
if (!SSL_CONNECTION_IS_DTLS(s)
&& s->s3.tmp.message_size > 0
&& !grow_init_buf(s, s->s3.tmp.message_size
+ SSL3_HM_HEADER_LENGTH)) {
@ -625,7 +660,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
/* Fall through */
case READ_STATE_BODY:
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
/*
* Actually we already have the body, but we give DTLS the
* opportunity to do any further processing.
@ -655,7 +690,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
return SUB_STATE_ERROR;
case MSG_PROCESS_FINISHED_READING:
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
dtls1_stop_timer(s);
}
return SUB_STATE_FINISHED;
@ -687,7 +722,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
break;
case WORK_FINISHED_STOP:
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
dtls1_stop_timer(s);
}
return SUB_STATE_FINISHED;
@ -705,13 +740,13 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
/*
* Send a previously constructed message to the peer.
*/
static int statem_do_write(SSL *s)
static int statem_do_write(SSL_CONNECTION *s)
{
OSSL_STATEM *st = &s->statem;
if (st->hand_state == TLS_ST_CW_CHANGE
|| st->hand_state == TLS_ST_SW_CHANGE) {
if (SSL_IS_DTLS(s))
if (SSL_CONNECTION_IS_DTLS(s))
return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
else
return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
@ -723,7 +758,7 @@ static int statem_do_write(SSL *s)
/*
* Initialise the MSG_FLOW_WRITING sub-state machine
*/
static void init_write_state_machine(SSL *s)
static void init_write_state_machine(SSL_CONNECTION *s)
{
OSSL_STATEM *st = &s->statem;
@ -761,20 +796,22 @@ static void init_write_state_machine(SSL *s)
* message has been completed. As for WRITE_STATE_PRE_WORK this could also
* result in an NBIO event.
*/
static SUB_STATE_RETURN write_state_machine(SSL *s)
static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s)
{
OSSL_STATEM *st = &s->statem;
int ret;
WRITE_TRAN(*transition) (SSL *s);
WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst);
WORK_STATE(*post_work) (SSL *s, WORK_STATE wst);
int (*get_construct_message_f) (SSL *s,
int (**confunc) (SSL *s, WPACKET *pkt),
WRITE_TRAN(*transition) (SSL_CONNECTION *s);
WORK_STATE(*pre_work) (SSL_CONNECTION *s, WORK_STATE wst);
WORK_STATE(*post_work) (SSL_CONNECTION *s, WORK_STATE wst);
int (*get_construct_message_f) (SSL_CONNECTION *s,
int (**confunc) (SSL_CONNECTION *s,
WPACKET *pkt),
int *mt);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
int (*confunc) (SSL *s, WPACKET *pkt);
int (*confunc) (SSL_CONNECTION *s, WPACKET *pkt);
int mt;
WPACKET pkt;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
cb = get_callback(s);
@ -796,9 +833,9 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
if (cb != NULL) {
/* Notify callback of an impending state change */
if (s->server)
cb(s, SSL_CB_ACCEPT_LOOP, 1);
cb(ssl, SSL_CB_ACCEPT_LOOP, 1);
else
cb(s, SSL_CB_CONNECT_LOOP, 1);
cb(ssl, SSL_CB_CONNECT_LOOP, 1);
}
switch (transition(s)) {
case WRITE_TRAN_CONTINUE:
@ -864,7 +901,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
/* Fall through */
case WRITE_STATE_SEND:
if (SSL_IS_DTLS(s) && st->use_timer) {
if (SSL_CONNECTION_IS_DTLS(s) && st->use_timer) {
dtls1_start_timer(s);
}
ret = statem_do_write(s);
@ -904,7 +941,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
/*
* Flush the write BIO
*/
int statem_flush(SSL *s)
int statem_flush(SSL_CONNECTION *s)
{
s->rwstate = SSL_WRITING;
if (BIO_flush(s->wbio) <= 0) {
@ -923,7 +960,7 @@ int statem_flush(SSL *s)
* 1: Yes (application data allowed)
* 0: No (application data not allowed)
*/
int ossl_statem_app_data_allowed(SSL *s)
int ossl_statem_app_data_allowed(SSL_CONNECTION *s)
{
OSSL_STATEM *st = &s->statem;
@ -957,7 +994,7 @@ int ossl_statem_app_data_allowed(SSL *s)
* This function returns 1 if TLS exporter is ready to export keying
* material, or 0 if otherwise.
*/
int ossl_statem_export_allowed(SSL *s)
int ossl_statem_export_allowed(SSL_CONNECTION *s)
{
return s->s3.previous_server_finished_len != 0
&& s->statem.hand_state != TLS_ST_SW_FINISHED;
@ -967,7 +1004,7 @@ int ossl_statem_export_allowed(SSL *s)
* Return 1 if early TLS exporter is ready to export keying material,
* or 0 if otherwise.
*/
int ossl_statem_export_early_allowed(SSL *s)
int ossl_statem_export_early_allowed(SSL_CONNECTION *s)
{
/*
* The early exporter secret is only present on the server if we

31
ssl/statem/statem.h
View File

@ -130,10 +130,11 @@ typedef struct ossl_statem_st OSSL_STATEM;
__owur int ossl_statem_accept(SSL *s);
__owur int ossl_statem_connect(SSL *s);
void ossl_statem_clear(SSL *s);
void ossl_statem_set_renegotiate(SSL *s);
void ossl_statem_send_fatal(SSL *s, int al);
void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...);
void ossl_statem_clear(SSL_CONNECTION *s);
void ossl_statem_set_renegotiate(SSL_CONNECTION *s);
void ossl_statem_send_fatal(SSL_CONNECTION *s, int al);
void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason,
const char *fmt, ...);
# define SSL_AD_NO_ALERT -1
# define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al))
# define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL)
@ -142,16 +143,16 @@ void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...);
ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
ossl_statem_fatal)
int ossl_statem_in_error(const SSL *s);
void ossl_statem_set_in_init(SSL *s, int init);
int ossl_statem_get_in_handshake(SSL *s);
void ossl_statem_set_in_handshake(SSL *s, int inhand);
__owur int ossl_statem_skip_early_data(SSL *s);
void ossl_statem_check_finish_init(SSL *s, int send);
void ossl_statem_set_hello_verify_done(SSL *s);
__owur int ossl_statem_app_data_allowed(SSL *s);
__owur int ossl_statem_export_allowed(SSL *s);
__owur int ossl_statem_export_early_allowed(SSL *s);
int ossl_statem_in_error(const SSL_CONNECTION *s);
void ossl_statem_set_in_init(SSL_CONNECTION *s, int init);
int ossl_statem_get_in_handshake(SSL_CONNECTION *s);
void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand);
__owur int ossl_statem_skip_early_data(SSL_CONNECTION *s);
void ossl_statem_check_finish_init(SSL_CONNECTION *s, int send);
void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s);
__owur int ossl_statem_app_data_allowed(SSL_CONNECTION *s);
__owur int ossl_statem_export_allowed(SSL_CONNECTION *s);
__owur int ossl_statem_export_early_allowed(SSL_CONNECTION *s);
/* Flush the write BIO */
int statem_flush(SSL *s);
int statem_flush(SSL_CONNECTION *s);

359
ssl/statem/statem_clnt.c
View File

File diff suppressed because it is too large Load Diff

129
ssl/statem/statem_dtls.c
View File

@ -43,15 +43,17 @@ static unsigned char bitmask_start_values[] =
static unsigned char bitmask_end_values[] =
{ 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f };
static void dtls1_fix_message_header(SSL *s, size_t frag_off,
static void dtls1_fix_message_header(SSL_CONNECTION *s, size_t frag_off,
size_t frag_len);
static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
static unsigned char *dtls1_write_message_header(SSL_CONNECTION *s,
unsigned char *p);
static void dtls1_set_message_header_int(SSL_CONNECTION *s, unsigned char mt,
size_t len,
unsigned short seq_num,
size_t frag_off,
size_t frag_len);
static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len);
static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype,
size_t *len);
static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly)
{
@ -109,13 +111,14 @@ void dtls1_hm_fragment_free(hm_fragment *frag)
* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
* SSL3_RT_CHANGE_CIPHER_SPEC)
*/
int dtls1_do_write(SSL *s, int type)
int dtls1_do_write(SSL_CONNECTION *s, int type)
{
int ret;
size_t written;
size_t curr_mtu;
int retry = 1;
size_t len, frag_off, mac_size, blocksize, used_len;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (!dtls1_query_mtu(s))
return -1;
@ -248,9 +251,9 @@ int dtls1_do_write(SSL *s, int type)
* retransmit anything. continue as if everything is fine and
* wait for an alert to handle the retransmit
*/
if (retry && BIO_ctrl(SSL_get_wbio(s),
if (retry && BIO_ctrl(SSL_get_wbio(ssl),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
if (!(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
if (!dtls1_query_mtu(s))
return -1;
/* Have one more go */
@ -303,7 +306,7 @@ int dtls1_do_write(SSL *s, int type)
if (written == s->init_num) {
if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data,
(size_t)(s->init_off + s->init_num), s,
(size_t)(s->init_off + s->init_num), ssl,
s->msg_callback_arg);
s->init_off = 0; /* done writing this message */
@ -328,7 +331,7 @@ int dtls1_do_write(SSL *s, int type)
return 0;
}
int dtls_get_message(SSL *s, int *mt)
int dtls_get_message(SSL_CONNECTION *s, int *mt)
{
struct hm_header_st *msg_hdr;
unsigned char *p;
@ -356,7 +359,8 @@ int dtls_get_message(SSL *s, int *mt)
if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
if (s->msg_callback) {
s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
p, 1, s, s->msg_callback_arg);
p, 1, SSL_CONNECTION_GET_SSL(s),
s->msg_callback_arg);
}
/*
* This isn't a real handshake message so skip the processing below.
@ -387,7 +391,7 @@ int dtls_get_message(SSL *s, int *mt)
* DTLS to do any further processing it wants at the same point that TLS would
* be asked for the message body.
*/
int dtls_get_message_body(SSL *s, size_t *len)
int dtls_get_message_body(SSL_CONNECTION *s, size_t *len)
{
unsigned char *msg = (unsigned char *)s->init_buf->data;
size_t msg_len = s->init_num + DTLS1_HM_HEADER_LENGTH;
@ -416,7 +420,7 @@ int dtls_get_message_body(SSL *s, size_t *len)
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH,
s, s->msg_callback_arg);
SSL_CONNECTION_GET_SSL(s), s->msg_callback_arg);
end:
*len = s->init_num;
@ -428,7 +432,7 @@ int dtls_get_message_body(SSL *s, size_t *len)
* permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
* may be greater if the maximum certificate list size requires it.
*/
static size_t dtls1_max_handshake_message_len(const SSL *s)
static size_t dtls1_max_handshake_message_len(const SSL_CONNECTION *s)
{
size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
if (max_len < s->max_cert_list)
@ -436,7 +440,8 @@ static size_t dtls1_max_handshake_message_len(const SSL *s)
return max_len;
}
static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
static int dtls1_preprocess_fragment(SSL_CONNECTION *s,
struct hm_header_st *msg_hdr)
{
size_t frag_off, frag_len, msg_len;
@ -482,7 +487,7 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
* Returns 1 if there is a buffered fragment available, 0 if not, or -1 on a
* fatal error.
*/
static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len)
static int dtls1_retrieve_buffered_fragment(SSL_CONNECTION *s, size_t *len)
{
/*-
* (0) check whether the desired fragment is available
@ -545,8 +550,8 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len)
}
}
static int
dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
static int dtls1_reassemble_fragment(SSL_CONNECTION *s,
const struct hm_header_st *msg_hdr)
{
hm_fragment *frag = NULL;
pitem *item = NULL;
@ -554,6 +559,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
unsigned char seq64be[8];
size_t frag_len = msg_hdr->frag_len;
size_t readbytes;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
@ -594,11 +600,11 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
unsigned char devnull[256];
while (frag_len) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
devnull,
frag_len >
sizeof(devnull) ? sizeof(devnull) :
frag_len, 0, &readbytes);
i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
devnull,
frag_len >
sizeof(devnull) ? sizeof(devnull) :
frag_len, 0, &readbytes);
if (i <= 0)
goto err;
frag_len -= readbytes;
@ -607,9 +613,9 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
}
/* read the body of the fragment (header has already been read */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
frag->fragment + msg_hdr->frag_off,
frag_len, 0, &readbytes);
i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
frag->fragment + msg_hdr->frag_off,
frag_len, 0, &readbytes);
if (i <= 0 || readbytes != frag_len)
i = -1;
if (i <= 0)
@ -654,8 +660,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
return -1;
}
static int
dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
static int dtls1_process_out_of_seq_message(SSL_CONNECTION *s,
const struct hm_header_st *msg_hdr)
{
int i = -1;
hm_fragment *frag = NULL;
@ -663,6 +669,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
unsigned char seq64be[8];
size_t frag_len = msg_hdr->frag_len;
size_t readbytes;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
goto err;
@ -691,11 +698,11 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
unsigned char devnull[256];
while (frag_len) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
devnull,
frag_len >
sizeof(devnull) ? sizeof(devnull) :
frag_len, 0, &readbytes);
i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
devnull,
frag_len >
sizeof(devnull) ? sizeof(devnull) :
frag_len, 0, &readbytes);
if (i <= 0)
goto err;
frag_len -= readbytes;
@ -718,9 +725,9 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
/*
* read the body of the fragment (header has already been read
*/
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
frag->fragment, frag_len, 0,
&readbytes);
i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
frag->fragment, frag_len, 0,
&readbytes);
if (i<=0 || readbytes != frag_len)
i = -1;
if (i <= 0)
@ -752,13 +759,15 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
return 0;
}
static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype,
size_t *len)
{
unsigned char wire[DTLS1_HM_HEADER_LENGTH];
size_t mlen, frag_off, frag_len;
int i, ret, recvd_type;
struct hm_header_st msg_hdr;
size_t readbytes;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
*errtype = 0;
@ -776,8 +785,8 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
}
/* read handshake message header */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire,
DTLS1_HM_HEADER_LENGTH, 0, &readbytes);
i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, &recvd_type, wire,
DTLS1_HM_HEADER_LENGTH, 0, &readbytes);
if (i <= 0) { /* nbio, or an error */
s->rwstate = SSL_READING;
*len = 0;
@ -849,7 +858,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
wire, DTLS1_HM_HEADER_LENGTH, s,
wire, DTLS1_HM_HEADER_LENGTH, ssl,
s->msg_callback_arg);
s->init_num = 0;
@ -870,8 +879,8 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
unsigned char *p =
(unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
&p[frag_off], frag_len, 0, &readbytes);
i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
&p[frag_off], frag_len, 0, &readbytes);
/*
* This shouldn't ever fail due to NBIO because we already checked
@ -919,7 +928,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
* ssl->session->read_compression assign
* ssl->session->read_hash assign
*/
int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt)
{
if (s->version == DTLS1_BAD_VER) {
s->d1->next_handshake_write_seq++;
@ -938,13 +947,14 @@ int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
* Wait for a dry event. Should only be called at a point in the handshake
* where we are not expecting any data from the peer except an alert.
*/
WORK_STATE dtls_wait_for_dry(SSL *s)
WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s)
{
int ret, errtype;
size_t len;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* read app data until dry event */
ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(ssl));
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return WORK_ERROR;
@ -965,16 +975,18 @@ WORK_STATE dtls_wait_for_dry(SSL *s)
s->s3.in_read_app_data = 2;
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
BIO_clear_retry_flags(SSL_get_rbio(ssl));
BIO_set_retry_read(SSL_get_rbio(ssl));
return WORK_MORE_A;
}
return WORK_FINISHED_CONTINUE;
}
#endif
int dtls1_read_failed(SSL *s, int code)
int dtls1_read_failed(SSL_CONNECTION *s, int code)
{
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (code > 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
@ -988,9 +1000,9 @@ int dtls1_read_failed(SSL *s, int code)
return code;
}
/* done, no need to send a retransmit */
if (!SSL_in_init(s))
if (!SSL_in_init(ssl))
{
BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
BIO_set_flags(SSL_get_rbio(ssl), BIO_FLAGS_READ);
return code;
}
@ -1012,7 +1024,7 @@ int dtls1_get_queue_priority(unsigned short seq, int is_ccs)
return seq * 2 - is_ccs;
}
int dtls1_retransmit_buffered_messages(SSL *s)
int dtls1_retransmit_buffered_messages(SSL_CONNECTION *s)
{
pqueue *sent = s->d1->sent_messages;
piterator iter;
@ -1034,7 +1046,7 @@ int dtls1_retransmit_buffered_messages(SSL *s)
return 1;
}
int dtls1_buffer_message(SSL *s, int is_ccs)
int dtls1_buffer_message(SSL_CONNECTION *s, int is_ccs)
{
pitem *item;
hm_fragment *frag;
@ -1105,7 +1117,7 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
return 1;
}
int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
int dtls1_retransmit_message(SSL_CONNECTION *s, unsigned short seq, int *found)
{
int ret;
/* XDTLS: for now assuming that read/writes are blocking */
@ -1178,7 +1190,7 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
return ret;
}
void dtls1_set_message_header(SSL *s,
void dtls1_set_message_header(SSL_CONNECTION *s,
unsigned char mt, size_t len,
size_t frag_off, size_t frag_len)
{
@ -1193,7 +1205,7 @@ void dtls1_set_message_header(SSL *s,
/* don't actually do the writing, wait till the MTU has been retrieved */
static void
dtls1_set_message_header_int(SSL *s, unsigned char mt,
dtls1_set_message_header_int(SSL_CONNECTION *s, unsigned char mt,
size_t len, unsigned short seq_num,
size_t frag_off, size_t frag_len)
{
@ -1207,7 +1219,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt,
}
static void
dtls1_fix_message_header(SSL *s, size_t frag_off, size_t frag_len)
dtls1_fix_message_header(SSL_CONNECTION *s, size_t frag_off, size_t frag_len)
{
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
@ -1215,7 +1227,8 @@ dtls1_fix_message_header(SSL *s, size_t frag_off, size_t frag_len)
msg_hdr->frag_len = frag_len;
}
static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p)
static unsigned char *dtls1_write_message_header(SSL_CONNECTION *s,
unsigned char *p)
{
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
@ -1240,7 +1253,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
n2l3(data, msg_hdr->frag_len);
}
int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
int dtls1_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
{
unsigned char *header;
@ -1264,7 +1277,7 @@ int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
return 1;
}
int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
int dtls1_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype)
{
size_t msglen;

309
ssl/statem/statem_lib.c
View File

@ -40,12 +40,13 @@ const unsigned char hrrrandom[] = {
* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
* SSL3_RT_CHANGE_CIPHER_SPEC)
*/
int ssl3_do_write(SSL *s, int type)
int ssl3_do_write(SSL_CONNECTION *s, int type)
{
int ret;
size_t written = 0;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
ret = ssl3_write_bytes(ssl, type, &s->init_buf->data[s->init_off],
s->init_num, &written);
if (ret < 0)
return -1;
@ -55,7 +56,8 @@ int ssl3_do_write(SSL *s, int type)
* ignore the result anyway
* TLS1.3 KeyUpdate and NewSessionTicket do not need to be added
*/
if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET
if (!SSL_CONNECTION_IS_TLS13(s)
|| (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET
&& s->statem.hand_state != TLS_ST_CW_KEY_UPDATE
&& s->statem.hand_state != TLS_ST_SW_KEY_UPDATE))
if (!ssl3_finish_mac(s,
@ -65,7 +67,7 @@ int ssl3_do_write(SSL *s, int type)
if (written == s->init_num) {
if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data,
(size_t)(s->init_off + s->init_num), s,
(size_t)(s->init_off + s->init_num), ssl,
s->msg_callback_arg);
return 1;
}
@ -74,7 +76,7 @@ int ssl3_do_write(SSL *s, int type)
return 0;
}
int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
int tls_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype)
{
size_t msglen;
@ -88,9 +90,11 @@ int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
return 1;
}
int tls_setup_handshake(SSL *s)
int tls_setup_handshake(SSL_CONNECTION *s)
{
int ver_min, ver_max, ok;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (!ssl3_init_finished_mac(s)) {
/* SSLfatal() already called */
@ -106,11 +110,11 @@ int tls_setup_handshake(SSL *s)
}
/* Sanity check that we have MD5-SHA1 if we need it */
if (s->ctx->ssl_digest_methods[SSL_MD_MD5_SHA1_IDX] == NULL) {
if (sctx->ssl_digest_methods[SSL_MD_MD5_SHA1_IDX] == NULL) {
int md5sha1_needed = 0;
/* We don't have MD5-SHA1 - do we need it? */
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
if (DTLS_VERSION_LE(ver_max, DTLS1_VERSION))
md5sha1_needed = 1;
} else {
@ -129,12 +133,12 @@ int tls_setup_handshake(SSL *s)
ok = 1;
/* Don't allow TLSv1.1 or below to be negotiated */
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
if (DTLS_VERSION_LT(ver_min, DTLS1_2_VERSION))
ok = SSL_set_min_proto_version(s, DTLS1_2_VERSION);
ok = SSL_set_min_proto_version(ssl, DTLS1_2_VERSION);
} else {
if (ver_min < TLS1_2_VERSION)
ok = SSL_set_min_proto_version(s, TLS1_2_VERSION);
ok = SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
}
if (!ok) {
/* Shouldn't happen */
@ -145,7 +149,7 @@ int tls_setup_handshake(SSL *s)
ok = 0;
if (s->server) {
STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(s);
STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(ssl);
int i;
/*
@ -156,7 +160,7 @@ int tls_setup_handshake(SSL *s)
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
if (DTLS_VERSION_GE(ver_max, c->min_dtls) &&
DTLS_VERSION_LE(ver_max, c->max_dtls))
ok = 1;
@ -178,7 +182,7 @@ int tls_setup_handshake(SSL *s)
ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_accept);
} else {
/* N.B. s->ctx may not equal s->session_ctx */
ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept_renegotiate);
ssl_tsan_counter(sctx, &sctx->stats.sess_accept_renegotiate);
s->s3.tmp.cert_request = 0;
}
@ -195,7 +199,7 @@ int tls_setup_handshake(SSL *s)
s->s3.tmp.cert_req = 0;
if (SSL_IS_DTLS(s))
if (SSL_CONNECTION_IS_DTLS(s))
s->statem.use_timer = 1;
}
@ -209,7 +213,7 @@ int tls_setup_handshake(SSL *s)
#define TLS13_TBS_START_SIZE 64
#define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1)
static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
static int get_cert_verify_tbs_data(SSL_CONNECTION *s, unsigned char *tls13tbs,
void **hdata, size_t *hdatalen)
{
#ifdef CHARSET_EBCDIC
@ -225,7 +229,8 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
static const char servercontext[] = "TLS 1.3, server CertificateVerify";
static const char clientcontext[] = "TLS 1.3, client CertificateVerify";
#endif
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
size_t hashlen;
/* Set the first 64 bytes of to-be-signed data to octet 32 */
@ -270,7 +275,7 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
return 1;
}
int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt)
{
EVP_PKEY *pkey = NULL;
const EVP_MD *md = NULL;
@ -281,6 +286,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
unsigned char *sig = NULL;
unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (lu == NULL || s->s3.tmp.cert == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -288,7 +294,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
}
pkey = s->s3.tmp.cert->privatekey;
if (pkey == NULL || !tls1_lookup_md(s->ctx, lu, &md)) {
if (pkey == NULL || !tls1_lookup_md(sctx, lu, &md)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@ -312,7 +318,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
if (EVP_DigestSignInit_ex(mctx, &pctx,
md == NULL ? NULL : EVP_MD_get0_name(md),
s->ctx->libctx, s->ctx->propq, pkey,
sctx->libctx, sctx->propq, pkey,
NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err;
@ -394,7 +400,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
return 0;
}
MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
{
EVP_PKEY *pkey = NULL;
const unsigned char *data;
@ -411,6 +417,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
EVP_MD_CTX *mctx = EVP_MD_CTX_new();
EVP_PKEY_CTX *pctx = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (mctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
@ -446,7 +453,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
goto err;
}
if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) {
if (!tls1_lookup_md(sctx, s->s3.tmp.peer_sigalg, &md)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@ -490,7 +497,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
if (EVP_DigestVerifyInit_ex(mctx, &pctx,
md == NULL ? NULL : EVP_MD_get0_name(md),
s->ctx->libctx, s->ctx->propq, pkey,
sctx->libctx, sctx->propq, pkey,
NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err;
@ -547,7 +554,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
* want to make sure that SSL_get1_peer_certificate() will return the actual
* server certificate from the client_cert_cb callback.
*/
if (!s->server && SSL_IS_TLS13(s) && s->s3.tmp.cert_req == 1)
if (!s->server && SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.cert_req == 1)
ret = MSG_PROCESS_CONTINUE_PROCESSING;
else
ret = MSG_PROCESS_CONTINUE_READING;
@ -561,11 +568,12 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
return ret;
}
int tls_construct_finished(SSL *s, WPACKET *pkt)
int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
{
size_t finish_md_len;
const char *sender;
size_t slen;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* This is a real handshake so make sure we clean it up at the end */
if (!s->server && s->post_handshake_auth != SSL_PHA_REQUESTED)
@ -575,26 +583,26 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
* We only change the keys if we didn't already do this when we sent the
* client certificate
*/
if (SSL_IS_TLS13(s)
if (SSL_CONNECTION_IS_TLS13(s)
&& !s->server
&& s->s3.tmp.cert_req == 0
&& (!s->method->ssl3_enc->change_cipher_state(s,
&& (!ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {;
/* SSLfatal() already called */
return 0;
}
if (s->server) {
sender = s->method->ssl3_enc->server_finished_label;
slen = s->method->ssl3_enc->server_finished_label_len;
sender = ssl->method->ssl3_enc->server_finished_label;
slen = ssl->method->ssl3_enc->server_finished_label_len;
} else {
sender = s->method->ssl3_enc->client_finished_label;
slen = s->method->ssl3_enc->client_finished_label_len;
sender = ssl->method->ssl3_enc->client_finished_label;
slen = ssl->method->ssl3_enc->client_finished_label_len;
}
finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
sender, slen,
s->s3.tmp.finish_md);
finish_md_len = ssl->method->ssl3_enc->final_finish_mac(s,
sender, slen,
s->s3.tmp.finish_md);
if (finish_md_len == 0) {
/* SSLfatal() already called */
return 0;
@ -611,9 +619,9 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
* Log the master secret, if logging is enabled. We don't log it for
* TLSv1.3: there's a different key schedule for that.
*/
if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL,
s->session->master_key,
s->session->master_key_length)) {
if (!SSL_CONNECTION_IS_TLS13(s)
&& !ssl_log_secret(s, MASTER_SECRET_LABEL, s->session->master_key,
s->session->master_key_length)) {
/* SSLfatal() already called */
return 0;
}
@ -638,7 +646,7 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
return 1;
}
int tls_construct_key_update(SSL *s, WPACKET *pkt)
int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt)
{
if (!WPACKET_put_bytes_u8(pkt, s->key_update)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -649,7 +657,7 @@ int tls_construct_key_update(SSL *s, WPACKET *pkt)
return 1;
}
MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, PACKET *pkt)
{
unsigned int updatetype;
@ -698,22 +706,23 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
* to far.
*/
int ssl3_take_mac(SSL *s)
int ssl3_take_mac(SSL_CONNECTION *s)
{
const char *sender;
size_t slen;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (!s->server) {
sender = s->method->ssl3_enc->server_finished_label;
slen = s->method->ssl3_enc->server_finished_label_len;
sender = ssl->method->ssl3_enc->server_finished_label;
slen = ssl->method->ssl3_enc->server_finished_label_len;
} else {
sender = s->method->ssl3_enc->client_finished_label;
slen = s->method->ssl3_enc->client_finished_label_len;
sender = ssl->method->ssl3_enc->client_finished_label;
slen = ssl->method->ssl3_enc->client_finished_label_len;
}
s->s3.tmp.peer_finish_md_len =
s->method->ssl3_enc->final_finish_mac(s, sender, slen,
s->s3.tmp.peer_finish_md);
ssl->method->ssl3_enc->final_finish_mac(s, sender, slen,
s->s3.tmp.peer_finish_md);
if (s->s3.tmp.peer_finish_md_len == 0) {
/* SSLfatal() already called */
@ -723,7 +732,8 @@ int ssl3_take_mac(SSL *s)
return 1;
}
MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s,
PACKET *pkt)
{
size_t remain;
@ -733,7 +743,7 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
* been consumed by ssl_get_message() so there should be no bytes left,
* unless we're using DTLS1_BAD_VER, which has an extra 2 bytes
*/
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
if ((s->version == DTLS1_BAD_VER
&& remain != DTLS1_CCS_HEADER_LENGTH + 1)
|| (s->version != DTLS1_BAD_VER
@ -760,7 +770,7 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
return MSG_PROCESS_ERROR;
}
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
dtls1_reset_seq_numbers(s, SSL3_CC_READ);
if (s->version == DTLS1_BAD_VER)
@ -772,16 +782,18 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
* SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
* SCTP is used
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
BIO_ctrl(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s)),
BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
#endif
}
return MSG_PROCESS_CONTINUE_READING;
}
MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt)
{
size_t md_len;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* This is a real handshake so make sure we clean it up at the end */
@ -794,7 +806,8 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
s->statem.enc_read_state = ENC_READ_STATE_VALID;
if (s->post_handshake_auth != SSL_PHA_REQUESTED)
s->statem.cleanuphand = 1;
if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) {
if (SSL_CONNECTION_IS_TLS13(s)
&& !tls13_save_handshake_digest_for_pha(s)) {
/* SSLfatal() already called */
return MSG_PROCESS_ERROR;
}
@ -804,13 +817,14 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
* In TLSv1.3 a Finished message signals a key change so the end of the
* message must be on a record boundary.
*/
if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {
if (SSL_CONNECTION_IS_TLS13(s)
&& RECORD_LAYER_processed_read_pending(&s->rlayer)) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_NOT_ON_RECORD_BOUNDARY);
return MSG_PROCESS_ERROR;
}
/* If this occurs, we have missed a message */
if (!SSL_IS_TLS13(s) && !s->s3.change_cipher_spec) {
if (!SSL_CONNECTION_IS_TLS13(s) && !s->s3.change_cipher_spec) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
return MSG_PROCESS_ERROR;
}
@ -850,24 +864,24 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
* In TLS1.3 we also have to change cipher state and do any final processing
* of the initial server flight (if we are a client)
*/
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
if (s->server) {
if (s->post_handshake_auth != SSL_PHA_REQUESTED &&
!s->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) {
!ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) {
/* SSLfatal() already called */
return MSG_PROCESS_ERROR;
}
} else {
/* TLS 1.3 gets the secret size from the handshake md */
size_t dummy;
if (!s->method->ssl3_enc->generate_master_secret(s,
if (!ssl->method->ssl3_enc->generate_master_secret(s,
s->master_secret, s->handshake_secret, 0,
&dummy)) {
/* SSLfatal() already called */
return MSG_PROCESS_ERROR;
}
if (!s->method->ssl3_enc->change_cipher_state(s,
if (!ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) {
/* SSLfatal() already called */
return MSG_PROCESS_ERROR;
@ -882,7 +896,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
return MSG_PROCESS_FINISHED_READING;
}
int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt)
{
if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -893,7 +907,8 @@ int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
}
/* Add a certificate to the WPACKET */
static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain)
static int ssl_add_cert_to_wpacket(SSL_CONNECTION *s, WPACKET *pkt,
X509 *x, int chain)
{
int len;
unsigned char *outbytes;
@ -909,7 +924,7 @@ static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain)
return 0;
}
if (SSL_IS_TLS13(s)
if (SSL_CONNECTION_IS_TLS13(s)
&& !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x,
chain)) {
/* SSLfatal() already called */
@ -920,13 +935,14 @@ static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain)
}
/* Add certificate chain to provided WPACKET */
static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
static int ssl_add_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, CERT_PKEY *cpk)
{
int i, chain_count;
X509 *x;
STACK_OF(X509) *extra_certs;
STACK_OF(X509) *chain = NULL;
X509_STORE *chain_store;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (cpk == NULL || cpk->x509 == NULL)
return 1;
@ -939,18 +955,18 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
if (cpk->chain != NULL)
extra_certs = cpk->chain;
else
extra_certs = s->ctx->extra_certs;
extra_certs = sctx->extra_certs;
if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs)
chain_store = NULL;
else if (s->cert->chain_store)
chain_store = s->cert->chain_store;
else
chain_store = s->ctx->cert_store;
chain_store = sctx->cert_store;
if (chain_store != NULL) {
X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(s->ctx->libctx,
s->ctx->propq);
X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(sctx->libctx,
sctx->propq);
if (xs_ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
@ -1015,7 +1031,8 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
return 1;
}
unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
unsigned long ssl3_output_cert_chain(SSL_CONNECTION *s, WPACKET *pkt,
CERT_PKEY *cpk)
{
if (!WPACKET_start_sub_packet_u24(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -1038,14 +1055,16 @@ unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
* in NBIO events. If |clearbufs| is set then init_buf and the wbio buffer is
* freed up as well.
*/
WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst,
int clearbufs, int stop)
{
void (*cb) (const SSL *ssl, int type, int val) = NULL;
int cleanuphand = s->statem.cleanuphand;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (clearbufs) {
if (!SSL_IS_DTLS(s)
if (!SSL_CONNECTION_IS_DTLS(s)
#ifndef OPENSSL_NO_SCTP
/*
* RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS
@ -1053,7 +1072,7 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
* MUST NOT be used.
* Hence the init_buf can be cleared when DTLS over SCTP as transport is used.
*/
|| BIO_dgram_is_sctp(SSL_get_wbio(s))
|| BIO_dgram_is_sctp(SSL_get_wbio(ssl))
#endif
) {
/*
@ -1071,7 +1090,7 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
s->init_num = 0;
}
if (SSL_IS_TLS13(s) && !s->server
if (SSL_CONNECTION_IS_TLS13(s) && !s->server
&& s->post_handshake_auth == SSL_PHA_REQUESTED)
s->post_handshake_auth = SSL_PHA_EXT_SENT;
@ -1093,14 +1112,14 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
* In TLSv1.3 we update the cache as part of constructing the
* NewSessionTicket
*/
if (!SSL_IS_TLS13(s))
if (!SSL_CONNECTION_IS_TLS13(s))
ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
/* N.B. s->ctx may not equal s->session_ctx */
ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept_good);
ssl_tsan_counter(sctx, &sctx->stats.sess_accept_good);
s->handshake_func = ossl_statem_accept;
} else {
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
/*
* We encourage applications to only use TLSv1.3 tickets once,
* so we remove this one from the cache.
@ -1124,7 +1143,7 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
&s->session_ctx->stats.sess_connect_good);
}
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
/* done with handshaking */
s->d1->handshake_read_seq = 0;
s->d1->handshake_write_seq = 0;
@ -1135,17 +1154,17 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
if (s->info_callback != NULL)
cb = s->info_callback;
else if (s->ctx->info_callback != NULL)
cb = s->ctx->info_callback;
else if (sctx->info_callback != NULL)
cb = sctx->info_callback;
/* The callback may expect us to not be in init at handshake done */
ossl_statem_set_in_init(s, 0);
if (cb != NULL) {
if (cleanuphand
|| !SSL_IS_TLS13(s)
|| !SSL_CONNECTION_IS_TLS13(s)
|| SSL_IS_FIRST_HANDSHAKE(s))
cb(s, SSL_CB_HANDSHAKE_DONE, 1);
cb(ssl, SSL_CB_HANDSHAKE_DONE, 1);
}
if (!stop) {
@ -1157,21 +1176,22 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
return WORK_FINISHED_STOP;
}
int tls_get_message_header(SSL *s, int *mt)
int tls_get_message_header(SSL_CONNECTION *s, int *mt)
{
/* s->init_num < SSL3_HM_HEADER_LENGTH */
int skip_message, i, recvd_type;
unsigned char *p;
size_t l, readbytes;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
p = (unsigned char *)s->init_buf->data;
do {
while (s->init_num < SSL3_HM_HEADER_LENGTH) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
&p[s->init_num],
SSL3_HM_HEADER_LENGTH - s->init_num,
0, &readbytes);
i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, &recvd_type,
&p[s->init_num],
SSL3_HM_HEADER_LENGTH - s->init_num,
0, &readbytes);
if (i <= 0) {
s->rwstate = SSL_READING;
return 0;
@ -1226,7 +1246,7 @@ int tls_get_message_header(SSL *s, int *mt)
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
p, SSL3_HM_HEADER_LENGTH, s,
p, SSL3_HM_HEADER_LENGTH, ssl,
s->msg_callback_arg);
}
} while (skip_message);
@ -1266,11 +1286,12 @@ int tls_get_message_header(SSL *s, int *mt)
return 1;
}
int tls_get_message_body(SSL *s, size_t *len)
int tls_get_message_body(SSL_CONNECTION *s, size_t *len)
{
size_t n, readbytes;
unsigned char *p;
int i;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) {
/* We've already read everything in */
@ -1281,8 +1302,8 @@ int tls_get_message_body(SSL *s, size_t *len)
p = s->init_msg;
n = s->s3.tmp.message_size - s->init_num;
while (n > 0) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
&p[s->init_num], n, 0, &readbytes);
i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
&p[s->init_num], n, 0, &readbytes);
if (i <= 0) {
s->rwstate = SSL_READING;
*len = 0;
@ -1312,7 +1333,7 @@ int tls_get_message_body(SSL *s, size_t *len)
}
if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
(size_t)s->init_num, s, s->msg_callback_arg);
(size_t)s->init_num, ssl, s->msg_callback_arg);
} else {
/*
* We defer feeding in the HRR until later. We'll do it as part of
@ -1322,8 +1343,9 @@ int tls_get_message_body(SSL *s, size_t *len)
*/
#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2)
/* KeyUpdate and NewSessionTicket do not need to be added */
if (!SSL_IS_TLS13(s) || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET
&& s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) {
if (!SSL_CONNECTION_IS_TLS13(s)
|| (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET
&& s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) {
if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO
|| s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE
|| memcmp(hrrrandom,
@ -1339,7 +1361,7 @@ int tls_get_message_body(SSL *s, size_t *len)
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
(size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
(size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ssl,
s->msg_callback_arg);
}
@ -1403,16 +1425,16 @@ int ssl_x509err2alert(int x509err)
return tp->alert;
}
int ssl_allow_compression(SSL *s)
int ssl_allow_compression(SSL_CONNECTION *s)
{
if (s->options & SSL_OP_NO_COMPRESSION)
return 0;
return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
}
static int version_cmp(const SSL *s, int a, int b)
static int version_cmp(const SSL_CONNECTION *s, int a, int b)
{
int dtls = SSL_IS_DTLS(s);
int dtls = SSL_CONNECTION_IS_DTLS(s);
if (a == b)
return 0;
@ -1490,7 +1512,7 @@ static const version_info dtls_version_table[] = {
*
* Returns 0 on success, or an SSL error reason on failure.
*/
static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
static int ssl_method_error(const SSL_CONNECTION *s, const SSL_METHOD *method)
{
int version = method->version;
@ -1516,19 +1538,20 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
* certificate type, or has PSK or a certificate callback configured, or has
* a servername callback configure. Otherwise returns 0.
*/
static int is_tls13_capable(const SSL *s)
static int is_tls13_capable(const SSL_CONNECTION *s)
{
int i;
int curve;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
if (!ossl_assert(sctx != NULL) || !ossl_assert(s->session_ctx != NULL))
return 0;
/*
* A servername callback can change the available certs, so if a servername
* cb is set then we just assume TLSv1.3 will be ok
*/
if (s->ctx->ext.servername_cb != NULL
if (sctx->ext.servername_cb != NULL
|| s->session_ctx->ext.servername_cb != NULL)
return 1;
@ -1577,12 +1600,13 @@ static int is_tls13_capable(const SSL *s)
*
* Returns 1 when supported, otherwise 0
*/
int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth)
int ssl_version_supported(const SSL_CONNECTION *s, int version,
const SSL_METHOD **meth)
{
const version_info *vent;
const version_info *table;
switch (s->method->version) {
switch (SSL_CONNECTION_GET_SSL(s)->method->version) {
default:
/* Version should match method version for non-ANY method */
return version_cmp(s, version, s->version) == 0;
@ -1620,26 +1644,27 @@ int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth)
*
* Returns 1 when using the highest enabled version, 0 otherwise.
*/
int ssl_check_version_downgrade(SSL *s)
int ssl_check_version_downgrade(SSL_CONNECTION *s)
{
const version_info *vent;
const version_info *table;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/*
* Check that the current protocol is the highest enabled version
* (according to s->ctx->method, as version negotiation may have changed
* s->method).
*/
if (s->version == s->ctx->method->version)
if (s->version == sctx->method->version)
return 1;
/*
* Apparently we're using a version-flexible SSL_METHOD (not at its
* highest protocol version).
*/
if (s->ctx->method->version == TLS_method()->version)
if (sctx->method->version == TLS_method()->version)
table = tls_version_table;
else if (s->ctx->method->version == DTLS_method()->version)
else if (sctx->method->version == DTLS_method()->version)
table = dtls_version_table;
else {
/* Unexpected state; fail closed. */
@ -1714,12 +1739,12 @@ int ssl_set_version_bound(int method_version, int version, int *bound)
return 1;
}
static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd)
static void check_for_downgrade(SSL_CONNECTION *s, int vers, DOWNGRADE *dgrd)
{
if (vers == TLS1_2_VERSION
&& ssl_version_supported(s, TLS1_3_VERSION, NULL)) {
*dgrd = DOWNGRADE_TO_1_2;
} else if (!SSL_IS_DTLS(s)
} else if (!SSL_CONNECTION_IS_DTLS(s)
&& vers < TLS1_2_VERSION
/*
* We need to ensure that a server that disables TLSv1.2
@ -1744,7 +1769,8 @@ static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd)
*
* Returns 0 on success or an SSL error reason number on failure.
*/
int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello,
DOWNGRADE *dgrd)
{
/*-
* With version-flexible methods we have an initial state with:
@ -1755,7 +1781,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
* So we detect version-flexible methods via the method version, not the
* handle version.
*/
int server_version = s->method->version;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
int server_version = ssl->method->version;
int client_version = hello->legacy_version;
const version_info *vent;
const version_info *table;
@ -1766,7 +1793,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
switch (server_version) {
default:
if (!SSL_IS_TLS13(s)) {
if (!SSL_CONNECTION_IS_TLS13(s)) {
if (version_cmp(s, client_version, s->version) < 0)
return SSL_R_WRONG_SSL_VERSION;
*dgrd = DOWNGRADE_NONE;
@ -1798,7 +1825,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
if (!suppversions->present && s->hello_retry_request != SSL_HRR_NONE)
return SSL_R_UNSUPPORTED_PROTOCOL;
if (suppversions->present && !SSL_IS_DTLS(s)) {
if (suppversions->present && !SSL_CONNECTION_IS_DTLS(s)) {
unsigned int candidate_vers = 0;
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
@ -1846,7 +1873,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
s->method = best_method;
ssl->method = best_method;
return 0;
}
return SSL_R_UNSUPPORTED_PROTOCOL;
@ -1873,7 +1900,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
if (ssl_method_error(s, method) == 0) {
check_for_downgrade(s, vent->version, dgrd);
s->version = vent->version;
s->method = method;
ssl->method = method;
return 0;
}
disabled = 1;
@ -1892,11 +1919,13 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
*
* Returns 1 on success or 0 on error.
*/
int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
int ssl_choose_client_version(SSL_CONNECTION *s, int version,
RAW_EXTENSION *extensions)
{
const version_info *vent;
const version_info *table;
int ret, ver_min, ver_max, real_max, origv;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
origv = s->version;
s->version = version;
@ -1917,9 +1946,9 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
return 0;
}
switch (s->method->version) {
switch (ssl->method->version) {
default:
if (s->version != s->method->version) {
if (s->version != ssl->method->version) {
s->version = origv;
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION);
return 0;
@ -1946,13 +1975,13 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, ret);
return 0;
}
if (SSL_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min)
: s->version < ver_min) {
if (SSL_CONNECTION_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min)
: s->version < ver_min) {
s->version = origv;
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
return 0;
} else if (SSL_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max)
: s->version > ver_max) {
} else if (SSL_CONNECTION_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max)
: s->version > ver_max) {
s->version = origv;
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
return 0;
@ -1972,7 +2001,7 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
SSL_R_INAPPROPRIATE_FALLBACK);
return 0;
}
} else if (!SSL_IS_DTLS(s)
} else if (!SSL_CONNECTION_IS_DTLS(s)
&& s->version < TLS1_2_VERSION
&& real_max > s->version) {
if (memcmp(tls11downgrade,
@ -1990,7 +2019,7 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
if (vent->cmeth == NULL || s->version != vent->version)
continue;
s->method = vent->cmeth();
ssl->method = vent->cmeth();
return 1;
}
@ -2021,8 +2050,8 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
* Returns 0 on success or an SSL error reason number on failure. On failure
* min_version and max_version will also be set to 0.
*/
int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version,
int *real_max)
int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version,
int *max_version, int *real_max)
{
int version, tmp_real_max;
int hole;
@ -2030,8 +2059,9 @@ int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version,
const SSL_METHOD *method;
const version_info *table;
const version_info *vent;
const SSL *ssl = SSL_CONNECTION_GET_SSL(s);
switch (s->method->version) {
switch (ssl->method->version) {
default:
/*
* If this SSL handle is not from a version flexible method we don't
@ -2128,7 +2158,7 @@ int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version,
*
* Returns 0 on success or an SSL error reason number on failure.
*/
int ssl_set_client_hello_version(SSL *s)
int ssl_set_client_hello_version(SSL_CONNECTION *s)
{
int ver_min, ver_max, ret;
@ -2147,7 +2177,7 @@ int ssl_set_client_hello_version(SSL *s)
s->version = ver_max;
/* TLS1.3 always uses TLS1.2 in the legacy_version field */
if (!SSL_IS_DTLS(s) && ver_max > TLS1_2_VERSION)
if (!SSL_CONNECTION_IS_DTLS(s) && ver_max > TLS1_2_VERSION)
ver_max = TLS1_2_VERSION;
s->client_version = ver_max;
@ -2160,7 +2190,7 @@ int ssl_set_client_hello_version(SSL *s)
* used. Returns 1 if the group is in the list (and allowed if |checkallow| is
* 1) or 0 otherwise.
*/
int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups,
size_t num_groups, int checkallow)
{
size_t i;
@ -2188,7 +2218,8 @@ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
}
/* Replace ClientHello1 in the transcript hash with a synthetic message */
int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
int create_synthetic_message_hash(SSL_CONNECTION *s,
const unsigned char *hashval,
size_t hashlen, const unsigned char *hrr,
size_t hrrlen)
{
@ -2246,7 +2277,7 @@ static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
return X509_NAME_cmp(*a, *b);
}
int parse_ca_names(SSL *s, PACKET *pkt)
int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt)
{
STACK_OF(X509_NAME) *ca_sk = sk_X509_NAME_new(ca_dn_cmp);
X509_NAME *xn = NULL;
@ -2300,23 +2331,25 @@ int parse_ca_names(SSL *s, PACKET *pkt)
return 0;
}
const STACK_OF(X509_NAME) *get_ca_names(SSL *s)
const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s)
{
const STACK_OF(X509_NAME) *ca_sk = NULL;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->server) {
ca_sk = SSL_get_client_CA_list(s);
ca_sk = SSL_get_client_CA_list(ssl);
if (ca_sk != NULL && sk_X509_NAME_num(ca_sk) == 0)
ca_sk = NULL;
}
if (ca_sk == NULL)
ca_sk = SSL_get0_CA_list(s);
ca_sk = SSL_get0_CA_list(ssl);
return ca_sk;
}
int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt)
int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk,
WPACKET *pkt)
{
/* Start sub-packet for client CA list */
if (!WPACKET_start_sub_packet_u16(pkt)) {
@ -2352,7 +2385,7 @@ int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt)
}
/* Create a buffer containing data to be signed for server key exchange */
size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs,
const void *param, size_t paramlen)
{
size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen;
@ -2375,7 +2408,7 @@ size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
* Saves the current handshake digest for Post-Handshake Auth,
* Done after ClientFinished is processed, done exactly once
*/
int tls13_save_handshake_digest_for_pha(SSL *s)
int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s)
{
if (s->pha_dgst == NULL) {
if (!ssl3_digest_cached_records(s, 1))
@ -2402,7 +2435,7 @@ int tls13_save_handshake_digest_for_pha(SSL *s)
* Restores the Post-Handshake Auth handshake digest
* Done just before sending/processing the Cert Request
*/
int tls13_restore_handshake_digest_for_pha(SSL *s)
int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s)
{
if (s->pha_dgst == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);

451
ssl/statem/statem_local.h
View File

@ -54,116 +54,142 @@ typedef enum {
MSG_PROCESS_CONTINUE_READING
} MSG_PROCESS_RETURN;
typedef int (*confunc_f) (SSL *s, WPACKET *pkt);
typedef int (*confunc_f) (SSL_CONNECTION *s, WPACKET *pkt);
int ssl3_take_mac(SSL *s);
int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
int ssl3_take_mac(SSL_CONNECTION *s);
int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups,
size_t num_groups, int checkallow);
int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
int create_synthetic_message_hash(SSL_CONNECTION *s,
const unsigned char *hashval,
size_t hashlen, const unsigned char *hrr,
size_t hrrlen);
int parse_ca_names(SSL *s, PACKET *pkt);
const STACK_OF(X509_NAME) *get_ca_names(SSL *s);
int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt);
size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt);
const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s);
int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk,
WPACKET *pkt);
size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs,
const void *param, size_t paramlen);
/*
* TLS/DTLS client state machine functions
*/
int ossl_statem_client_read_transition(SSL *s, int mt);
WRITE_TRAN ossl_statem_client_write_transition(SSL *s);
WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst);
WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst);
int ossl_statem_client_construct_message(SSL *s,
int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt);
WRITE_TRAN ossl_statem_client_write_transition(SSL_CONNECTION *s);
WORK_STATE ossl_statem_client_pre_work(SSL_CONNECTION *s, WORK_STATE wst);
WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst);
int ossl_statem_client_construct_message(SSL_CONNECTION *s,
confunc_f *confunc, int *mt);
size_t ossl_statem_client_max_message_size(SSL *s);
MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt);
WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst);
size_t ossl_statem_client_max_message_size(SSL_CONNECTION *s);
MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL_CONNECTION *s,
PACKET *pkt);
WORK_STATE ossl_statem_client_post_process_message(SSL_CONNECTION *s,
WORK_STATE wst);
/*
* TLS/DTLS server state machine functions
*/
int ossl_statem_server_read_transition(SSL *s, int mt);
WRITE_TRAN ossl_statem_server_write_transition(SSL *s);
WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst);
WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst);
int ossl_statem_server_construct_message(SSL *s,
int ossl_statem_server_read_transition(SSL_CONNECTION *s, int mt);
WRITE_TRAN ossl_statem_server_write_transition(SSL_CONNECTION *s);
WORK_STATE ossl_statem_server_pre_work(SSL_CONNECTION *s, WORK_STATE wst);
WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst);
int ossl_statem_server_construct_message(SSL_CONNECTION *s,
confunc_f *confunc,int *mt);
size_t ossl_statem_server_max_message_size(SSL *s);
MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt);
WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst);
size_t ossl_statem_server_max_message_size(SSL_CONNECTION *s);
MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL_CONNECTION *s,
PACKET *pkt);
WORK_STATE ossl_statem_server_post_process_message(SSL_CONNECTION *s,
WORK_STATE wst);
/* Functions for getting new message data */
__owur int tls_get_message_header(SSL *s, int *mt);
__owur int tls_get_message_body(SSL *s, size_t *len);
__owur int dtls_get_message(SSL *s, int *mt);
__owur int dtls_get_message_body(SSL *s, size_t *len);
__owur int tls_get_message_header(SSL_CONNECTION *s, int *mt);
__owur int tls_get_message_body(SSL_CONNECTION *s, size_t *len);
__owur int dtls_get_message(SSL_CONNECTION *s, int *mt);
__owur int dtls_get_message_body(SSL_CONNECTION *s, size_t *len);
/* Message construction and processing functions */
__owur int tls_process_initial_server_flight(SSL *s);
__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt);
__owur int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt);
__owur int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt);
__owur int tls_process_initial_server_flight(SSL_CONNECTION *s);
__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt);
__owur int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt);
__owur int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_finished(SSL *s, WPACKET *pkt);
__owur int tls_construct_key_update(SSL *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt);
__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs,
int stop);
__owur WORK_STATE dtls_wait_for_dry(SSL *s);
__owur int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s,
PACKET *pkt);
__owur WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, WORK_STATE wst,
int clearbufs, int stop);
__owur WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s);
/* some client-only functions */
__owur int tls_construct_client_hello(SSL *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt);
__owur int tls_process_cert_status_body(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt);
__owur int tls_construct_cert_verify(SSL *s, WPACKET *pkt);
__owur WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst);
__owur int tls_construct_client_certificate(SSL *s, WPACKET *pkt);
__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
__owur int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt);
__owur int tls_client_key_exchange_post_work(SSL *s);
__owur int tls_construct_cert_status_body(SSL *s, WPACKET *pkt);
__owur int tls_construct_cert_status(SSL *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt);
__owur WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst);
__owur int ssl3_check_cert_and_algorithm(SSL *s);
__owur int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s,
PACKET *pkt);
__owur int tls_process_cert_status_body(SSL_CONNECTION *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_done(SSL_CONNECTION *s,
PACKET *pkt);
__owur int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt);
__owur WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s,
WORK_STATE wst);
__owur int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt);
__owur int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509,
EVP_PKEY **ppkey);
__owur int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_client_key_exchange_post_work(SSL_CONNECTION *s);
__owur int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s,
PACKET *pkt);
__owur WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s,
WORK_STATE wst);
__owur int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s);
#ifndef OPENSSL_NO_NEXTPROTONEG
__owur int tls_construct_next_proto(SSL *s, WPACKET *pkt);
__owur int tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt);
#endif
__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt);
__owur int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL_CONNECTION *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt);
__owur int tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt);
/* some server-only functions */
__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt);
__owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst);
__owur int tls_construct_server_hello(SSL *s, WPACKET *pkt);
__owur int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt);
__owur int tls_construct_server_certificate(SSL *s, WPACKET *pkt);
__owur int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt);
__owur int tls_construct_certificate_request(SSL *s, WPACKET *pkt);
__owur int tls_construct_server_done(SSL *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt);
__owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst);
__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s,
PACKET *pkt);
__owur WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s,
WORK_STATE wst);
__owur int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt);
__owur int dtls_construct_hello_verify_request(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s,
PACKET *pkt);
__owur WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s,
WORK_STATE wst);
__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s,
PACKET *pkt);
#ifndef OPENSSL_NO_NEXTPROTONEG
__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s,
PACKET *pkt);
#endif
__owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt);
MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt);
__owur int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt);
MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s,
PACKET *pkt);
#ifndef OPENSSL_NO_GOST
/* These functions are used in GOST18 CKE, both for client and server */
int ossl_gost18_cke_cipher_nid(const SSL *s);
int ossl_gost_ukm(const SSL *s, unsigned char *dgst_buf);
int ossl_gost18_cke_cipher_nid(const SSL_CONNECTION *s);
int ossl_gost_ukm(const SSL_CONNECTION *s, unsigned char *dgst_buf);
#endif
/* Extension processing */
@ -174,252 +200,293 @@ typedef enum ext_return_en {
EXT_RETURN_NOT_SENT
} EXT_RETURN;
__owur int tls_validate_all_contexts(SSL *s, unsigned int thisctx,
__owur int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx,
RAW_EXTENSION *exts);
__owur int extension_is_relevant(SSL *s, unsigned int extctx,
__owur int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx,
unsigned int thisctx);
__owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
__owur int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
unsigned int context,
RAW_EXTENSION **res, size_t *len, int init);
__owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
__owur int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context,
RAW_EXTENSION *exts, X509 *x, size_t chainidx);
__owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts,
__owur int tls_parse_all_extensions(SSL_CONNECTION *s, int context,
RAW_EXTENSION *exts,
X509 *x, size_t chainidx, int fin);
__owur int should_add_extension(SSL *s, unsigned int extctx,
__owur int should_add_extension(SSL_CONNECTION *s, unsigned int extctx,
unsigned int thisctx, int max_version);
__owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
__owur int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
__owur int tls_psk_do_binder(SSL *s, const EVP_MD *md,
__owur int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *msgstart,
size_t binderoffset, const unsigned char *binderin,
unsigned char *binderout,
SSL_SESSION *sess, int sign, int external);
/* Server Extension processing */
int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRP
int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
#endif
int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidxl);
int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_OCSP
int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
#endif
int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRTP
int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, size_t chainidx);
#endif
int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, size_t chainidx);
int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context,
int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
#ifndef OPENSSL_NO_OCSP
EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
#endif
EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRTP
EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#endif
EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
/*
* Not in public headers as this is not an official extension. Only used when
* SSL_OP_CRYPTOPRO_TLSEXT_BUG is set.
*/
#define TLSEXT_TYPE_cryptopro_bug 0xfde8
EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
/* Client Extension processing */
EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRP
EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_ctos_srp(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
#endif
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
#ifndef OPENSSL_NO_OCSP
EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#endif
EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRTP
EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#endif
EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_CT
EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#endif
EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_OCSP
int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
#endif
#ifndef OPENSSL_NO_CT
int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
#endif
int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRTP
int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, size_t chainidx);
#endif
int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
int tls_parse_stoc_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx);
int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, size_t chainidx);
int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
int tls_handle_alpn(SSL *s);
int tls_handle_alpn(SSL_CONNECTION *s);
int tls13_save_handshake_digest_for_pha(SSL *s);
int tls13_restore_handshake_digest_for_pha(SSL *s);
int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s);
int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s);

391
ssl/statem/statem_srvr.c
View File

File diff suppressed because it is too large Load Diff

53
ssl/t1_enc.c
View File

@ -22,7 +22,7 @@
#include <openssl/trace.h>
/* seed1 through seed5 are concatenated */
static int tls1_PRF(SSL *s,
static int tls1_PRF(SSL_CONNECTION *s,
const void *seed1, size_t seed1_len,
const void *seed2, size_t seed2_len,
const void *seed3, size_t seed3_len,
@ -45,7 +45,9 @@ static int tls1_PRF(SSL *s,
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_PRF, s->ctx->propq);
kdf = EVP_KDF_fetch(SSL_CONNECTION_GET_CTX(s)->libctx,
OSSL_KDF_NAME_TLS1_PRF,
SSL_CONNECTION_GET_CTX(s)->propq);
if (kdf == NULL)
goto err;
kctx = EVP_KDF_CTX_new(kdf);
@ -83,7 +85,8 @@ static int tls1_PRF(SSL *s,
return 0;
}
static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num)
static int tls1_generate_key_block(SSL_CONNECTION *s, unsigned char *km,
size_t num)
{
int ret;
@ -98,7 +101,7 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num)
return ret;
}
int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx,
int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *ciph,
const EVP_MD *md)
{
@ -147,7 +150,7 @@ static int tls_iv_length_within_key_block(const EVP_CIPHER *c)
return EVP_CIPHER_get_iv_length(c);
}
int tls1_change_cipher_state(SSL *s, int which)
int tls1_change_cipher_state(SSL_CONNECTION *s, int which)
{
unsigned char *p, *mac_secret;
unsigned char *ms, *key, *iv;
@ -224,7 +227,7 @@ int tls1_change_cipher_state(SSL *s, int which)
/*
* this is done by dtls1_reset_seq_numbers for DTLS
*/
if (!SSL_IS_DTLS(s))
if (!SSL_CONNECTION_IS_DTLS(s))
RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3.read_mac_secret[0]);
mac_secret_size = &(s->s3.read_mac_secret_size);
@ -244,14 +247,14 @@ int tls1_change_cipher_state(SSL *s, int which)
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_TLSTREE;
else
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_TLSTREE;
if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) {
if (s->enc_write_ctx != NULL && !SSL_CONNECTION_IS_DTLS(s)) {
reuse_dd = 1;
} else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
dd = s->enc_write_ctx;
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
mac_ctx = EVP_MD_CTX_new();
if (mac_ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
@ -280,7 +283,7 @@ int tls1_change_cipher_state(SSL *s, int which)
/*
* this is done by dtls1_reset_seq_numbers for DTLS
*/
if (!SSL_IS_DTLS(s))
if (!SSL_CONNECTION_IS_DTLS(s))
RECORD_LAYER_reset_write_sequence(&s->rlayer);
mac_secret = &(s->s3.write_mac_secret[0]);
mac_secret_size = &(s->s3.write_mac_secret_size);
@ -321,9 +324,11 @@ int tls1_change_cipher_state(SSL *s, int which)
memcpy(mac_secret, ms, i);
if (!(EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (mac_type == EVP_PKEY_HMAC) {
mac_key = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC",
s->ctx->propq, mac_secret,
mac_key = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC",
sctx->propq, mac_secret,
*mac_secret_size);
} else {
/*
@ -336,7 +341,7 @@ int tls1_change_cipher_state(SSL *s, int which)
}
if (mac_key == NULL
|| EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_get0_name(m),
s->ctx->libctx, s->ctx->propq, mac_key,
sctx->libctx, sctx->propq, mac_key,
NULL) <= 0) {
EVP_PKEY_free(mac_key);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -441,7 +446,7 @@ int tls1_change_cipher_state(SSL *s, int which)
if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) {
if (which & SSL3_CC_WRITE)
ssl3_release_write_buffer(s);
SSL_set_options(s, SSL_OP_NO_RENEGOTIATION);
SSL_set_options(SSL_CONNECTION_GET_SSL(s), SSL_OP_NO_RENEGOTIATION);
}
skip_ktls:
@ -460,7 +465,7 @@ int tls1_change_cipher_state(SSL *s, int which)
return 0;
}
int tls1_setup_key_block(SSL *s)
int tls1_setup_key_block(SSL_CONNECTION *s)
{
unsigned char *p;
const EVP_CIPHER *c;
@ -473,8 +478,9 @@ int tls1_setup_key_block(SSL *s)
if (s->s3.tmp.key_block_length != 0)
return 1;
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type,
&mac_secret_size, &comp, s->ext.use_etm)) {
if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash,
&mac_type, &mac_secret_size, &comp,
s->ext.use_etm)) {
/* Error is already recorded */
SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
return 0;
@ -523,7 +529,7 @@ int tls1_setup_key_block(SSL *s)
} OSSL_TRACE_END(TLS);
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
&& s->method->version <= TLS1_VERSION) {
&& SSL_CONNECTION_GET_SSL(s)->method->version <= TLS1_VERSION) {
/*
* enable vulnerability countermeasure for CBC ciphers with known-IV
* problem (http://www.openssl.org/~bodo/tls-cbc.txt)
@ -544,8 +550,8 @@ int tls1_setup_key_block(SSL *s)
return ret;
}
size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
unsigned char *out)
size_t tls1_final_finish_mac(SSL_CONNECTION *s, const char *str,
size_t slen, unsigned char *out)
{
size_t hashlen;
unsigned char hash[EVP_MAX_MD_SIZE];
@ -574,8 +580,9 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
return finished_size;
}
int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
size_t len, size_t *secret_size)
int tls1_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
unsigned char *p, size_t len,
size_t *secret_size)
{
if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
unsigned char hash[EVP_MAX_MD_SIZE * 2];
@ -637,8 +644,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
return 1;
}
int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen,
int tls1_export_keying_material(SSL_CONNECTION *s, unsigned char *out,
size_t olen, const char *label, size_t llen,
const unsigned char *context,
size_t contextlen, int use_context)
{

316
ssl/t1_lib.c
View File

@ -26,8 +26,8 @@
#include "ssl_local.h"
#include <openssl/ct.h>
static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
static const SIGALG_LOOKUP *find_sig_alg(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pkey);
static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op, const SIGALG_LOOKUP *lu);
SSL3_ENC_METHOD const TLSv1_enc_data = {
tls1_enc,
@ -119,19 +119,29 @@ int tls1_new(SSL *s)
void tls1_free(SSL *s)
{
OPENSSL_free(s->ext.session_ticket);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return;
OPENSSL_free(sc->ext.session_ticket);
ssl3_free(s);
}
int tls1_clear(SSL *s)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
if (!ssl3_clear(s))
return 0;
if (s->method->version == TLS_ANY_VERSION)
s->version = TLS_MAX_VERSION_INTERNAL;
sc->version = TLS_MAX_VERSION_INTERNAL;
else
s->version = s->method->version;
sc->version = s->method->version;
return 1;
}
@ -525,9 +535,11 @@ uint16_t tls1_nid2group_id(int nid)
* Set *pgroups to the supported groups list and *pgroupslen to
* the number of groups supported.
*/
void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
void tls1_get_supported_groups(SSL_CONNECTION *s, const uint16_t **pgroups,
size_t *pgroupslen)
{
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* For Suite B mode only include P-256, P-384 */
switch (tls1_suiteb(s)) {
case SSL_CERT_FLAG_SUITEB_128_LOS:
@ -547,8 +559,8 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
default:
if (s->ext.supportedgroups == NULL) {
*pgroups = s->ctx->ext.supported_groups_default;
*pgroupslen = s->ctx->ext.supported_groups_default_len;
*pgroups = sctx->ext.supported_groups_default;
*pgroupslen = sctx->ext.supported_groups_default_len;
} else {
*pgroups = s->ext.supportedgroups;
*pgroupslen = s->ext.supportedgroups_len;
@ -557,10 +569,12 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
}
}
int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion,
int tls_valid_group(SSL_CONNECTION *s, uint16_t group_id,
int minversion, int maxversion,
int isec, int *okfortls13)
{
const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group_id);
const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s),
group_id);
int ret;
if (okfortls13 != NULL)
@ -569,7 +583,7 @@ int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion,
if (ginfo == NULL)
return 0;
if (SSL_IS_DTLS(s)) {
if (SSL_CONNECTION_IS_DTLS(s)) {
if (ginfo->mindtls < 0 || ginfo->maxdtls < 0)
return 0;
if (ginfo->maxdtls == 0)
@ -600,9 +614,10 @@ int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion,
}
/* See if group is allowed by security callback */
int tls_group_allowed(SSL *s, uint16_t group, int op)
int tls_group_allowed(SSL_CONNECTION *s, uint16_t group, int op)
{
const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group);
const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s),
group);
unsigned char gtmp[2];
if (ginfo == NULL)
@ -631,7 +646,7 @@ static int tls1_in_list(uint16_t id, const uint16_t *list, size_t listlen)
* For nmatch == -2, return the id of the group to use for
* a tmp key, or 0 if there is no match.
*/
uint16_t tls1_shared_group(SSL *s, int nmatch)
uint16_t tls1_shared_group(SSL_CONNECTION *s, int nmatch)
{
const uint16_t *pref, *supp;
size_t num_pref, num_supp, i;
@ -674,7 +689,7 @@ uint16_t tls1_shared_group(SSL *s, int nmatch)
uint16_t id = pref[i];
uint16_t cid = id;
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
cid = ssl_group_id_internal_to_tls13(id);
else
@ -817,7 +832,8 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen,
}
/* Check a group id matches preferences */
int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
int tls1_check_group_id(SSL_CONNECTION *s, uint16_t group_id,
int check_own_groups)
{
const uint16_t *groups;
size_t groups_len;
@ -869,7 +885,7 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
return tls1_in_list(group_id, groups, groups_len);
}
void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
void tls1_get_formatlist(SSL_CONNECTION *s, const unsigned char **pformats,
size_t *num_formats)
{
/*
@ -889,7 +905,7 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
}
/* Check a key is compatible with compression extension */
static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
static int tls1_check_pkey_comp(SSL_CONNECTION *s, EVP_PKEY *pkey)
{
unsigned char comp_id;
size_t i;
@ -906,7 +922,7 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
return 0;
if (point_conv == POINT_CONVERSION_UNCOMPRESSED) {
comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
} else if (SSL_IS_TLS13(s)) {
} else if (SSL_CONNECTION_IS_TLS13(s)) {
/*
* ec_point_formats extension is not used in TLSv1.3 so we ignore
* this check.
@ -950,7 +966,7 @@ static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
* Check cert parameters compatible with extensions: currently just checks EC
* certificates have compatible curves and compression.
*/
static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md)
static int tls1_check_cert_param(SSL_CONNECTION *s, X509 *x, int check_ee_md)
{
uint16_t group_id;
EVP_PKEY *pkey;
@ -1004,7 +1020,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md)
*
* Returns 0 when the cipher can't be used or 1 when it can.
*/
int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
int tls1_check_ec_tmp_key(SSL_CONNECTION *s, unsigned long cid)
{
/* If not Suite B just need a shared group */
if (!tls1_suiteb(s))
@ -1252,12 +1268,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
}
/* Lookup TLS signature algorithm */
static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL *s, uint16_t sigalg)
static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL_CONNECTION *s,
uint16_t sigalg)
{
size_t i;
const SIGALG_LOOKUP *lu;
for (i = 0, lu = s->ctx->sigalg_lookup_cache;
for (i = 0, lu = SSL_CONNECTION_GET_CTX(s)->sigalg_lookup_cache;
/* cache should have the same number of elements as sigalg_lookup_tbl */
i < OSSL_NELEM(sigalg_lookup_tbl);
lu++, i++) {
@ -1273,6 +1290,7 @@ static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL *s, uint16_t sigalg)
int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
{
const EVP_MD *md;
if (lu == NULL)
return 0;
/* lu->hash == NID_undef means no associated digest */
@ -1317,7 +1335,8 @@ static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey,
* certificate type from |s| will be used.
* Returns the signature algorithm to use, or NULL on error.
*/
static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL_CONNECTION *s,
int idx)
{
if (idx == -1) {
if (s->server) {
@ -1375,7 +1394,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
if (lu == NULL)
return NULL;
if (!tls1_lookup_md(s->ctx, lu, NULL))
if (!tls1_lookup_md(SSL_CONNECTION_GET_CTX(s), lu, NULL))
return NULL;
if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
return NULL;
@ -1386,7 +1405,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
return &legacy_rsa_sigalg;
}
/* Set peer sigalg based key type */
int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey)
int tls1_set_peer_legacy_sigalg(SSL_CONNECTION *s, const EVP_PKEY *pkey)
{
size_t idx;
const SIGALG_LOOKUP *lu;
@ -1400,7 +1419,7 @@ int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey)
return 1;
}
size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
size_t tls12_get_psigalgs(SSL_CONNECTION *s, int sent, const uint16_t **psigs)
{
/*
* If Suite B mode use Suite B sigalgs only, ignore any other
@ -1440,7 +1459,7 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
* Called by servers only. Checks that we have a sig alg that supports the
* specified EC curve.
*/
int tls_check_sigalg_curve(const SSL *s, int curve)
int tls_check_sigalg_curve(const SSL_CONNECTION *s, int curve)
{
const uint16_t *sigs;
size_t siglen, i;
@ -1515,7 +1534,7 @@ static int sigalg_security_bits(SSL_CTX *ctx, const SIGALG_LOOKUP *lu)
* algorithms and if so set relevant digest and signature scheme in
* s.
*/
int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t sig, EVP_PKEY *pkey)
{
const uint16_t *sent_sigs;
const EVP_MD *md = NULL;
@ -1529,7 +1548,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
/* Should never happen */
if (pkeyid == -1)
return -1;
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
/* Disallow DSA for TLS 1.3 */
if (pkeyid == EVP_PKEY_DSA) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE);
@ -1545,7 +1564,8 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
* is consistent with signature: RSA keys can be used for RSA-PSS
*/
if (lu == NULL
|| (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224))
|| (SSL_CONNECTION_IS_TLS13(s)
&& (lu->hash == NID_sha1 || lu->hash == NID_sha224))
|| (pkeyid != lu->sig
&& (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE);
@ -1568,7 +1588,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
}
/* For TLS 1.3 or Suite B check curve matches signature algorithm */
if (SSL_IS_TLS13(s) || tls1_suiteb(s)) {
if (SSL_CONNECTION_IS_TLS13(s) || tls1_suiteb(s)) {
int curve = ssl_get_EC_curve_nid(pkey);
if (lu->curve != NID_undef && curve != lu->curve) {
@ -1576,7 +1596,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
return 0;
}
}
if (!SSL_IS_TLS13(s)) {
if (!SSL_CONNECTION_IS_TLS13(s)) {
/* Check curve matches extensions */
if (!tls1_check_group_id(s, tls1_get_group_id(pkey), 1)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CURVE);
@ -1609,7 +1629,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}
if (!tls1_lookup_md(s->ctx, lu, &md)) {
if (!tls1_lookup_md(SSL_CONNECTION_GET_CTX(s), lu, &md)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
return 0;
}
@ -1619,7 +1639,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
*/
sigalgstr[0] = (sig >> 8) & 0xff;
sigalgstr[1] = sig & 0xff;
secbits = sigalg_security_bits(s->ctx, lu);
secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu);
if (secbits == 0 ||
!ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
md != NULL ? EVP_MD_get_type(md) : NID_undef,
@ -1634,17 +1654,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid)
{
if (s->s3.tmp.peer_sigalg == NULL)
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return 0;
*pnid = s->s3.tmp.peer_sigalg->sig;
if (sc->s3.tmp.peer_sigalg == NULL)
return 0;
*pnid = sc->s3.tmp.peer_sigalg->sig;
return 1;
}
int SSL_get_signature_type_nid(const SSL *s, int *pnid)
{
if (s->s3.tmp.sigalg == NULL)
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return 0;
*pnid = s->s3.tmp.sigalg->sig;
if (sc->s3.tmp.sigalg == NULL)
return 0;
*pnid = sc->s3.tmp.sigalg->sig;
return 1;
}
@ -1658,7 +1688,7 @@ int SSL_get_signature_type_nid(const SSL *s, int *pnid)
*
* Call ssl_cipher_disabled() to check that it's enabled or not.
*/
int ssl_set_client_disabled(SSL *s)
int ssl_set_client_disabled(SSL_CONNECTION *s)
{
s->s3.tmp.mask_a = 0;
s->s3.tmp.mask_k = 0;
@ -1691,14 +1721,15 @@ int ssl_set_client_disabled(SSL *s)
*
* Returns 1 when it's disabled, 0 when enabled.
*/
int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
int ssl_cipher_disabled(const SSL_CONNECTION *s, const SSL_CIPHER *c,
int op, int ecdhe)
{
if (c->algorithm_mkey & s->s3.tmp.mask_k
|| c->algorithm_auth & s->s3.tmp.mask_a)
return 1;
if (s->s3.tmp.max_ver == 0)
return 1;
if (!SSL_IS_DTLS(s)) {
if (!SSL_CONNECTION_IS_DTLS(s)) {
int min_tls = c->min_tls;
/*
@ -1712,21 +1743,22 @@ int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
if ((min_tls > s->s3.tmp.max_ver) || (c->max_tls < s->s3.tmp.min_ver))
return 1;
}
if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver)
|| DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver)))
if (SSL_CONNECTION_IS_DTLS(s)
&& (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver)
|| DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver)))
return 1;
return !ssl_security(s, op, c->strength_bits, 0, (void *)c);
}
int tls_use_ticket(SSL *s)
int tls_use_ticket(SSL_CONNECTION *s)
{
if ((s->options & SSL_OP_NO_TICKET))
return 0;
return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
}
int tls1_set_server_sigalgs(SSL *s)
int tls1_set_server_sigalgs(SSL_CONNECTION *s)
{
size_t i;
@ -1783,7 +1815,8 @@ int tls1_set_server_sigalgs(SSL *s)
* ret: (output) on return, if a ticket was decrypted, then this is set to
* point to the resulting session.
*/
SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
SSL_TICKET_STATUS tls_get_ticket_from_client(SSL_CONNECTION *s,
CLIENTHELLO_MSG *hello,
SSL_SESSION **ret)
{
size_t size;
@ -1833,8 +1866,10 @@ SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
* psess: (output) on return, if a ticket was decrypted, then this is set to
* point to the resulting session.
*/
SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
size_t eticklen, const unsigned char *sess_id,
SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s,
const unsigned char *etick,
size_t eticklen,
const unsigned char *sess_id,
size_t sesslen, SSL_SESSION **psess)
{
SSL_SESSION *sess = NULL;
@ -1856,7 +1891,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
ret = SSL_TICKET_EMPTY;
goto end;
}
if (!SSL_IS_TLS13(s) && s->ext.session_secret_cb) {
if (!SSL_CONNECTION_IS_TLS13(s) && s->ext.session_secret_cb) {
/*
* Indicate that the ticket couldn't be decrypted rather than
* generating the session from ticket now, trigger
@ -1894,7 +1929,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
int rv = 0;
if (tctx->ext.ticket_key_evp_cb != NULL)
rv = tctx->ext.ticket_key_evp_cb(s, nctick,
rv = tctx->ext.ticket_key_evp_cb(SSL_CONNECTION_GET_SSL(s), nctick,
nctick + TLSEXT_KEYNAME_LENGTH,
ctx,
ssl_hmac_get0_EVP_MAC_CTX(hctx),
@ -1902,7 +1937,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
#ifndef OPENSSL_NO_DEPRECATED_3_0
else if (tctx->ext.ticket_key_cb != NULL)
/* if 0 is returned, write an empty ticket */
rv = tctx->ext.ticket_key_cb(s, nctick,
rv = tctx->ext.ticket_key_cb(SSL_CONNECTION_GET_SSL(s), nctick,
nctick + TLSEXT_KEYNAME_LENGTH,
ctx, ssl_hmac_get0_HMAC_CTX(hctx), 0);
#endif
@ -1918,6 +1953,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
renew_ticket = 1;
} else {
EVP_CIPHER *aes256cbc = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* Check key name matches */
if (memcmp(etick, tctx->ext.tick_key_name,
@ -1926,8 +1962,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
goto end;
}
aes256cbc = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC",
s->ctx->propq);
aes256cbc = EVP_CIPHER_fetch(sctx->libctx, "AES-256-CBC",
sctx->propq);
if (aes256cbc == NULL
|| ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key,
sizeof(tctx->ext.secure->tick_hmac_key),
@ -1940,7 +1976,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
goto end;
}
EVP_CIPHER_free(aes256cbc);
if (SSL_IS_TLS13(s))
if (SSL_CONNECTION_IS_TLS13(s))
renew_ticket = 1;
}
/*
@ -2042,7 +2078,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
if (keyname_len > TLSEXT_KEYNAME_LENGTH)
keyname_len = TLSEXT_KEYNAME_LENGTH;
retcb = s->session_ctx->decrypt_ticket_cb(s, sess, etick, keyname_len,
retcb = s->session_ctx->decrypt_ticket_cb(SSL_CONNECTION_GET_SSL(s),
sess, etick, keyname_len,
ret,
s->session_ctx->ticket_cb_data);
switch (retcb) {
@ -2080,7 +2117,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
}
}
if (s->ext.session_secret_cb == NULL || SSL_IS_TLS13(s)) {
if (s->ext.session_secret_cb == NULL || SSL_CONNECTION_IS_TLS13(s)) {
switch (ret) {
case SSL_TICKET_NO_DECRYPT:
case SSL_TICKET_SUCCESS_RENEW:
@ -2095,7 +2132,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
}
/* Check to see if a signature algorithm is allowed */
static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op,
const SIGALG_LOOKUP *lu)
{
unsigned char sigalgstr[2];
int secbits;
@ -2103,30 +2141,31 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
if (lu == NULL || !lu->enabled)
return 0;
/* DSA is not allowed in TLS 1.3 */
if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
if (SSL_CONNECTION_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
return 0;
/*
* At some point we should fully axe DSA/etc. in ClientHello as per TLS 1.3
* spec
*/
if (!s->server && !SSL_IS_DTLS(s) && s->s3.tmp.min_ver >= TLS1_3_VERSION
if (!s->server && !SSL_CONNECTION_IS_DTLS(s)
&& s->s3.tmp.min_ver >= TLS1_3_VERSION
&& (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX
|| lu->hash_idx == SSL_MD_MD5_IDX
|| lu->hash_idx == SSL_MD_SHA224_IDX))
return 0;
/* See if public key algorithm allowed */
if (ssl_cert_is_disabled(s->ctx, lu->sig_idx))
if (ssl_cert_is_disabled(SSL_CONNECTION_GET_CTX(s), lu->sig_idx))
return 0;
if (lu->sig == NID_id_GostR3410_2012_256
|| lu->sig == NID_id_GostR3410_2012_512
|| lu->sig == NID_id_GostR3410_2001) {
/* We never allow GOST sig algs on the server with TLSv1.3 */
if (s->server && SSL_IS_TLS13(s))
if (s->server && SSL_CONNECTION_IS_TLS13(s))
return 0;
if (!s->server
&& s->method->version == TLS_ANY_VERSION
&& SSL_CONNECTION_GET_SSL(s)->method->version == TLS_ANY_VERSION
&& s->s3.tmp.max_ver >= TLS1_3_VERSION) {
int i, num;
STACK_OF(SSL_CIPHER) *sk;
@ -2140,7 +2179,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
if (s->s3.tmp.min_ver >= TLS1_3_VERSION)
return 0;
sk = SSL_get_ciphers(s);
sk = SSL_get_ciphers(SSL_CONNECTION_GET_SSL(s));
num = sk != NULL ? sk_SSL_CIPHER_num(sk) : 0;
for (i = 0; i < num; i++) {
const SSL_CIPHER *c;
@ -2159,7 +2198,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
}
/* Finally see if security callback allows it */
secbits = sigalg_security_bits(s->ctx, lu);
secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu);
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
sigalgstr[1] = lu->sigalg & 0xff;
return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr);
@ -2171,7 +2210,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
* disabled.
*/
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op)
{
const uint16_t *sigalgs;
size_t i, sigalgslen;
@ -2200,7 +2239,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
*pmask_a |= disabled_mask;
}
int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
int tls12_copy_sigalgs(SSL_CONNECTION *s, WPACKET *pkt,
const uint16_t *psig, size_t psiglen)
{
size_t i;
@ -2218,7 +2257,7 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
* If TLS 1.3 must have at least one valid TLS 1.3 message
* signing algorithm: i.e. neither RSA nor SHA1/SHA224
*/
if (rv == 0 && (!SSL_IS_TLS13(s)
if (rv == 0 && (!SSL_CONNECTION_IS_TLS13(s)
|| (lu->sig != EVP_PKEY_RSA
&& lu->hash != NID_sha1
&& lu->hash != NID_sha224)))
@ -2230,7 +2269,8 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
}
/* Given preference and allowed sigalgs set shared sigalgs */
static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig,
static size_t tls12_shared_sigalgs(SSL_CONNECTION *s,
const SIGALG_LOOKUP **shsig,
const uint16_t *pref, size_t preflen,
const uint16_t *allow, size_t allowlen)
{
@ -2256,7 +2296,7 @@ static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig,
}
/* Set shared signature algorithms for SSL structures */
static int tls1_set_shared_sigalgs(SSL *s)
static int tls1_set_shared_sigalgs(SSL_CONNECTION *s)
{
const uint16_t *pref, *allow, *conf;
size_t preflen, allowlen, conflen;
@ -2336,7 +2376,7 @@ int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen)
return 1;
}
int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert)
int tls1_save_sigalgs(SSL_CONNECTION *s, PACKET *pkt, int cert)
{
/* Extension ignored for inappropriate versions */
if (!SSL_USE_SIGALGS(s))
@ -2356,7 +2396,7 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert)
/* Set preferred digest for each key type */
int tls1_process_sigalgs(SSL *s)
int tls1_process_sigalgs(SSL_CONNECTION *s)
{
size_t i;
uint32_t *pvalid = s->s3.tmp.valid_flags;
@ -2372,10 +2412,11 @@ int tls1_process_sigalgs(SSL *s)
int idx = sigptr->sig_idx;
/* Ignore PKCS1 based sig algs in TLSv1.3 */
if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA)
if (SSL_CONNECTION_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA)
continue;
/* If not disabled indicate we can explicitly sign */
if (pvalid[idx] == 0 && !ssl_cert_is_disabled(s->ctx, idx))
if (pvalid[idx] == 0
&& !ssl_cert_is_disabled(SSL_CONNECTION_GET_CTX(s), idx))
pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
}
return 1;
@ -2385,8 +2426,16 @@ int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignhash,
unsigned char *rsig, unsigned char *rhash)
{
uint16_t *psig = s->s3.tmp.peer_sigalgs;
size_t numsigalgs = s->s3.tmp.peer_sigalgslen;
uint16_t *psig;
size_t numsigalgs;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
psig = sc->s3.tmp.peer_sigalgs;
numsigalgs = sc->s3.tmp.peer_sigalgslen;
if (psig == NULL || numsigalgs > INT_MAX)
return 0;
if (idx >= 0) {
@ -2399,7 +2448,7 @@ int SSL_get_sigalgs(SSL *s, int idx,
*rhash = (unsigned char)((*psig >> 8) & 0xff);
if (rsig != NULL)
*rsig = (unsigned char)(*psig & 0xff);
lu = tls1_lookup_sigalg(s, *psig);
lu = tls1_lookup_sigalg(sc, *psig);
if (psign != NULL)
*psign = lu != NULL ? lu->sig : NID_undef;
if (phash != NULL)
@ -2415,12 +2464,17 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
unsigned char *rsig, unsigned char *rhash)
{
const SIGALG_LOOKUP *shsigalgs;
if (s->shared_sigalgs == NULL
|| idx < 0
|| idx >= (int)s->shared_sigalgslen
|| s->shared_sigalgslen > INT_MAX)
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
shsigalgs = s->shared_sigalgs[idx];
if (sc->shared_sigalgs == NULL
|| idx < 0
|| idx >= (int)sc->shared_sigalgslen
|| sc->shared_sigalgslen > INT_MAX)
return 0;
shsigalgs = sc->shared_sigalgs[idx];
if (phash != NULL)
*phash = shsigalgs->hash;
if (psign != NULL)
@ -2431,7 +2485,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
*rsig = (unsigned char)(shsigalgs->sigalg & 0xff);
if (rhash != NULL)
*rhash = (unsigned char)((shsigalgs->sigalg >> 8) & 0xff);
return (int)s->shared_sigalgslen;
return (int)sc->shared_sigalgslen;
}
/* Maximum possible number of unique entries in sigalgs array */
@ -2612,19 +2666,20 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
return 0;
}
static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
static int tls1_check_sig_alg(SSL_CONNECTION *s, X509 *x, int default_nid)
{
int sig_nid, use_pc_sigalgs = 0;
size_t i;
const SIGALG_LOOKUP *sigalg;
size_t sigalgslen;
if (default_nid == -1)
return 1;
sig_nid = X509_get_signature_nid(x);
if (default_nid)
return sig_nid == default_nid ? 1 : 0;
if (SSL_IS_TLS13(s) && s->s3.tmp.peer_cert_sigalgs != NULL) {
if (SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.peer_cert_sigalgs != NULL) {
/*
* If we're in TLSv1.3 then we only get here if we're checking the
* chain. If the peer has specified peer_cert_sigalgs then we use them
@ -2674,8 +2729,8 @@ static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x)
(CERT_PKEY_VALID_FLAGS|CERT_PKEY_CA_SIGNATURE|CERT_PKEY_CA_PARAM \
| CERT_PKEY_ISSUER_NAME|CERT_PKEY_CERT_TYPE)
int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
int idx)
int tls1_check_chain(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pk,
STACK_OF(X509) *chain, int idx)
{
int i;
int rv = 0;
@ -2684,6 +2739,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
CERT *c = s->cert;
uint32_t *pvalid;
unsigned int suiteb_flags = tls1_suiteb(s);
/* idx == -1 means checking server chains */
if (idx != -1) {
/* idx == -2 means checking client certificate chains */
@ -2733,9 +2789,11 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
* Check all signature algorithms are consistent with signature
* algorithms extension if TLS 1.2 or later and strict mode.
*/
if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) {
if (TLS1_get_version(SSL_CONNECTION_GET_SSL(s)) >= TLS1_2_VERSION
&& strict_mode) {
int default_nid;
int rsign = 0;
if (s->s3.tmp.peer_cert_sigalgs != NULL
|| s->s3.tmp.peer_sigalgs != NULL) {
default_nid = 0;
@ -2798,7 +2856,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
}
}
/* Check signature algorithm of each cert in chain */
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
/*
* We only get here if the application has called SSL_check_chain(),
* so check_flags is always set.
@ -2899,7 +2957,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
end:
if (TLS1_get_version(s) >= TLS1_2_VERSION)
if (TLS1_get_version(SSL_CONNECTION_GET_SSL(s)) >= TLS1_2_VERSION)
rv |= *pvalid & (CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN);
else
rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN;
@ -2921,7 +2979,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
}
/* Set validity of certificates in an SSL structure */
void tls1_set_cert_validity(SSL *s)
void tls1_set_cert_validity(SSL_CONNECTION *s)
{
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_PSS_SIGN);
@ -2937,10 +2995,15 @@ void tls1_set_cert_validity(SSL *s)
/* User level utility function to check a chain is suitable */
int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
{
return tls1_check_chain(s, x, pk, chain, -1);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
return tls1_check_chain(sc, x, pk, chain, -1);
}
EVP_PKEY *ssl_get_auto_dh(SSL *s)
EVP_PKEY *ssl_get_auto_dh(SSL_CONNECTION *s)
{
EVP_PKEY *dhp = NULL;
BIGNUM *p;
@ -2948,6 +3011,7 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s)
EVP_PKEY_CTX *pctx = NULL;
OSSL_PARAM_BLD *tmpl = NULL;
OSSL_PARAM *params = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (s->cert->dh_tmp_auto != 2) {
if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
@ -2963,7 +3027,8 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s)
}
/* Do not pick a prime that is too weak for the current security level */
sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL);
sec_level_bits = ssl_get_security_level_bits(SSL_CONNECTION_GET_SSL(s),
NULL, NULL);
if (dh_secbits < sec_level_bits)
dh_secbits = sec_level_bits;
@ -2980,7 +3045,7 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s)
if (p == NULL)
goto err;
pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq);
pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, "DH", sctx->propq);
if (pctx == NULL
|| EVP_PKEY_fromdata_init(pctx) != 1)
goto err;
@ -3004,10 +3069,12 @@ err:
return dhp;
}
static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op)
static int ssl_security_cert_key(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x,
int op)
{
int secbits = -1;
EVP_PKEY *pkey = X509_get0_pubkey(x);
if (pkey) {
/*
* If no parameters this will return -1 and fail using the default
@ -3017,16 +3084,18 @@ static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op)
*/
secbits = EVP_PKEY_get_security_bits(pkey);
}
if (s)
if (s != NULL)
return ssl_security(s, op, secbits, 0, x);
else
return ssl_ctx_security(ctx, op, secbits, 0, x);
}
static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
static int ssl_security_cert_sig(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x,
int op)
{
/* Lookup signature algorithm digest */
int secbits, nid, pknid;
/* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
return 1;
@ -3035,13 +3104,14 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
/* If digest NID not defined use signature NID */
if (nid == NID_undef)
nid = pknid;
if (s)
if (s != NULL)
return ssl_security(s, op, secbits, nid, x);
else
return ssl_ctx_security(ctx, op, secbits, nid, x);
}
int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)
int ssl_security_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, int vfy,
int is_ee)
{
if (vfy)
vfy = SSL_SECOP_PEER;
@ -3063,9 +3133,11 @@ int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)
* one to the peer. Return values: 1 if ok otherwise error code to use
*/
int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
int ssl_security_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk,
X509 *x, int vfy)
{
int rv, start_idx, i;
if (x == NULL) {
x = sk_X509_value(sk, 0);
if (x == NULL)
@ -3092,7 +3164,8 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
* with the signature algorithm "lu" and return index of certificate.
*/
static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
static int tls12_get_cert_sigalg_idx(const SSL_CONNECTION *s,
const SIGALG_LOOKUP *lu)
{
int sig_idx = lu->sig_idx;
const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(sig_idx);
@ -3113,13 +3186,14 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
* the key.
* Returns true if the cert is usable and false otherwise.
*/
static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
EVP_PKEY *pkey)
static int check_cert_usable(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig,
X509 *x, EVP_PKEY *pkey)
{
const SIGALG_LOOKUP *lu;
int mdnid, pknid, supported;
size_t i;
const char *mdname = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/*
* If the given EVP_PKEY cannot support signing with this digest,
@ -3127,9 +3201,9 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
*/
if (sig->hash != NID_undef)
mdname = OBJ_nid2sn(sig->hash);
supported = EVP_PKEY_digestsign_supports_digest(pkey, s->ctx->libctx,
supported = EVP_PKEY_digestsign_supports_digest(pkey, sctx->libctx,
mdname,
s->ctx->propq);
sctx->propq);
if (supported <= 0)
return 0;
@ -3171,7 +3245,7 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
* the signature_algorithm_cert restrictions sent by the peer (if any).
* Returns false if no usable certificate is found.
*/
static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
static int has_usable_cert(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig, int idx)
{
/* TLS 1.2 callers can override sig->sig_idx, but not TLS 1.3 callers. */
if (idx == -1)
@ -3187,7 +3261,7 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
* Returns true if the supplied cert |x| and key |pkey| is usable with the
* specified signature scheme |sig|, or false otherwise.
*/
static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
static int is_cert_usable(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig, X509 *x,
EVP_PKEY *pkey)
{
size_t idx;
@ -3207,12 +3281,14 @@ static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
* |pkey|. |x| and |pkey| may be NULL in which case we additionally look at our
* available certs/keys to find one that works.
*/
static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
static const SIGALG_LOOKUP *find_sig_alg(SSL_CONNECTION *s, X509 *x,
EVP_PKEY *pkey)
{
const SIGALG_LOOKUP *lu = NULL;
size_t i;
int curve = -1;
EVP_PKEY *tmppkey;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* Look for a shared sigalgs matching possible certificates */
for (i = 0; i < s->shared_sigalgslen; i++) {
@ -3225,7 +3301,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
|| lu->sig == EVP_PKEY_RSA)
continue;
/* Check that we have a cert, and signature_algorithms_cert */
if (!tls1_lookup_md(s->ctx, lu, NULL))
if (!tls1_lookup_md(sctx, lu, NULL))
continue;
if ((pkey == NULL && !has_usable_cert(s, lu, -1))
|| (pkey != NULL && !is_cert_usable(s, lu, x, pkey)))
@ -3241,7 +3317,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
continue;
} else if (lu->sig == EVP_PKEY_RSA_PSS) {
/* validate that key is large enough for the signature algorithm */
if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu))
if (!rsa_pss_check_min_key_size(sctx, tmppkey, lu))
continue;
}
break;
@ -3264,7 +3340,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
* a fatal error: we will either try another certificate or not present one
* to the server. In this case no error is set.
*/
int tls_choose_sigalg(SSL *s, int fatalerrs)
int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs)
{
const SIGALG_LOOKUP *lu = NULL;
int sig_idx = -1;
@ -3272,7 +3348,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
s->s3.tmp.cert = NULL;
s->s3.tmp.sigalg = NULL;
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
lu = find_sig_alg(s, NULL, NULL);
if (lu == NULL) {
if (!fatalerrs)
@ -3292,6 +3368,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
size_t i;
if (s->s3.tmp.peer_sigalgs != NULL) {
int curve = -1;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* For Suite B need to match signature algorithm to curve */
if (tls1_suiteb(s))
@ -3322,7 +3399,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
/* validate that key is large enough for the signature algorithm */
EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey;
if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu))
if (!rsa_pss_check_min_key_size(sctx, pkey, lu))
continue;
}
if (curve == -1 || lu->curve == curve)
@ -3334,7 +3411,9 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
* in supported_algorithms extension, so when we have GOST-based ciphersuite,
* we have to assume GOST support.
*/
if (i == s->shared_sigalgslen && s->s3.tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) {
if (i == s->shared_sigalgslen
&& (s->s3.tmp.new_cipher->algorithm_auth
& (SSL_aGOST01 | SSL_aGOST12)) != 0) {
if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
if (!fatalerrs)
return 1;
@ -3416,13 +3495,18 @@ int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode)
int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
if (mode != TLSEXT_max_fragment_length_DISABLED
&& !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}
ssl->ext.max_fragment_len_mode = mode;
sc->ext.max_fragment_len_mode = mode;
return 1;
}

72
ssl/t1_trce.c
View File

@ -688,12 +688,12 @@ static int ssl_print_random(BIO *bio, int indent,
return 1;
}
static int ssl_print_signature(BIO *bio, int indent, const SSL *ssl,
static int ssl_print_signature(BIO *bio, int indent, const SSL_CONNECTION *sc,
const unsigned char **pmsg, size_t *pmsglen)
{
if (*pmsglen < 2)
return 0;
if (SSL_USE_SIGALGS(ssl)) {
if (SSL_USE_SIGALGS(sc)) {
const unsigned char *p = *pmsg;
unsigned int sigalg = (p[0] << 8) | p[1];
@ -948,7 +948,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
return 1;
}
static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent,
static int ssl_print_client_hello(BIO *bio, const SSL_CONNECTION *sc, int indent,
const unsigned char *msg, size_t msglen)
{
size_t len;
@ -960,7 +960,7 @@ static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent,
return 0;
if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
return 0;
if (SSL_IS_DTLS(ssl)) {
if (SSL_CONNECTION_IS_DTLS(sc)) {
if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
return 0;
}
@ -1051,9 +1051,9 @@ static int ssl_print_server_hello(BIO *bio, int indent,
return 1;
}
static int ssl_get_keyex(const char **pname, const SSL *ssl)
static int ssl_get_keyex(const char **pname, const SSL_CONNECTION *sc)
{
unsigned long alg_k = ssl->s3.tmp.new_cipher->algorithm_mkey;
unsigned long alg_k = sc->s3.tmp.new_cipher->algorithm_mkey;
if (alg_k & SSL_kRSA) {
*pname = "rsa";
@ -1099,11 +1099,11 @@ static int ssl_get_keyex(const char **pname, const SSL *ssl)
return 0;
}
static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl,
static int ssl_print_client_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc,
const unsigned char *msg, size_t msglen)
{
const char *algname;
int id = ssl_get_keyex(&algname, ssl);
int id = ssl_get_keyex(&algname, sc);
BIO_indent(bio, indent, 80);
BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
@ -1116,7 +1116,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl,
case SSL_kRSA:
case SSL_kRSAPSK:
if (TLS1_get_version(ssl) == SSL3_VERSION) {
if (TLS1_get_version(SSL_CONNECTION_GET_SSL(sc)) == SSL3_VERSION) {
ssl_print_hex(bio, indent + 2,
"EncryptedPreMasterSecret", msg, msglen);
} else {
@ -1151,11 +1151,11 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl,
return !msglen;
}
static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl,
static int ssl_print_server_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc,
const unsigned char *msg, size_t msglen)
{
const char *algname;
int id = ssl_get_keyex(&algname, ssl);
int id = ssl_get_keyex(&algname, sc);
BIO_indent(bio, indent, 80);
BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
@ -1215,7 +1215,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl,
break;
}
if (!(id & SSL_PSK))
ssl_print_signature(bio, indent, ssl, &msg, &msglen);
ssl_print_signature(bio, indent, sc, &msg, &msglen);
return !msglen;
}
@ -1254,13 +1254,13 @@ static int ssl_print_certificate(BIO *bio, int indent,
return 1;
}
static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
static int ssl_print_certificates(BIO *bio, const SSL_CONNECTION *sc, int server,
int indent, const unsigned char *msg,
size_t msglen)
{
size_t clen;
if (SSL_IS_TLS13(ssl)
if (SSL_CONNECTION_IS_TLS13(sc)
&& !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen))
return 0;
@ -1275,7 +1275,7 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
while (clen > 0) {
if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
return 0;
if (SSL_IS_TLS13(ssl)
if (SSL_CONNECTION_IS_TLS13(sc)
&& !ssl_print_extensions(bio, indent + 2, server,
SSL3_MT_CERTIFICATE, &msg, &clen))
return 0;
@ -1284,13 +1284,13 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
return 1;
}
static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl,
static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc,
const unsigned char *msg, size_t msglen)
{
size_t xlen;
unsigned int sigalg;
if (SSL_IS_TLS13(ssl)) {
if (SSL_CONNECTION_IS_TLS13(sc)) {
if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen))
return 0;
if (!ssl_print_extensions(bio, indent, 1,
@ -1311,7 +1311,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl,
msg += xlen;
msglen -= xlen + 1;
}
if (SSL_USE_SIGALGS(ssl)) {
if (SSL_USE_SIGALGS(sc)) {
if (msglen < 2)
return 0;
xlen = (msg[0] << 8) | msg[1];
@ -1365,7 +1365,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl,
xlen -= dlen + 2;
msg += dlen;
}
if (SSL_IS_TLS13(ssl)) {
if (SSL_CONNECTION_IS_TLS13(sc)) {
if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2,
&msg, &msglen))
return 0;
@ -1373,7 +1373,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl,
return msglen == 0;
}
static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
static int ssl_print_ticket(BIO *bio, int indent, const SSL_CONNECTION *sc,
const unsigned char *msg, size_t msglen)
{
unsigned int tick_life;
@ -1393,7 +1393,7 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
msg += 4;
BIO_indent(bio, indent + 2, 80);
BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life);
if (SSL_IS_TLS13(ssl)) {
if (SSL_CONNECTION_IS_TLS13(sc)) {
unsigned int ticket_age_add;
if (msglen < 4)
@ -1413,7 +1413,7 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
}
if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen))
return 0;
if (SSL_IS_TLS13(ssl)
if (SSL_CONNECTION_IS_TLS13(sc)
&& !ssl_print_extensions(bio, indent + 2, 0,
SSL3_MT_NEWSESSION_TICKET, &msg, &msglen))
return 0;
@ -1422,7 +1422,7 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
return 1;
}
static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
static int ssl_print_handshake(BIO *bio, const SSL_CONNECTION *sc, int server,
const unsigned char *msg, size_t msglen,
int indent)
{
@ -1438,7 +1438,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen);
msg += 4;
msglen -= 4;
if (SSL_IS_DTLS(ssl)) {
if (SSL_CONNECTION_IS_DTLS(sc)) {
if (msglen < 8)
return 0;
BIO_indent(bio, indent, 80);
@ -1454,7 +1454,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
return 0;
switch (htype) {
case SSL3_MT_CLIENT_HELLO:
if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen))
if (!ssl_print_client_hello(bio, sc, indent + 2, msg, msglen))
return 0;
break;
@ -1469,27 +1469,27 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
break;
case SSL3_MT_SERVER_KEY_EXCHANGE:
if (!ssl_print_server_keyex(bio, indent + 2, ssl, msg, msglen))
if (!ssl_print_server_keyex(bio, indent + 2, sc, msg, msglen))
return 0;
break;
case SSL3_MT_CLIENT_KEY_EXCHANGE:
if (!ssl_print_client_keyex(bio, indent + 2, ssl, msg, msglen))
if (!ssl_print_client_keyex(bio, indent + 2, sc, msg, msglen))
return 0;
break;
case SSL3_MT_CERTIFICATE:
if (!ssl_print_certificates(bio, ssl, server, indent + 2, msg, msglen))
if (!ssl_print_certificates(bio, sc, server, indent + 2, msg, msglen))
return 0;
break;
case SSL3_MT_CERTIFICATE_VERIFY:
if (!ssl_print_signature(bio, indent + 2, ssl, &msg, &msglen))
if (!ssl_print_signature(bio, indent + 2, sc, &msg, &msglen))
return 0;
break;
case SSL3_MT_CERTIFICATE_REQUEST:
if (!ssl_print_cert_request(bio, indent + 2, ssl, msg, msglen))
if (!ssl_print_cert_request(bio, indent + 2, sc, msg, msglen))
return 0;
break;
@ -1503,7 +1503,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
break;
case SSL3_MT_NEWSESSION_TICKET:
if (!ssl_print_ticket(bio, indent + 2, ssl, msg, msglen))
if (!ssl_print_ticket(bio, indent + 2, sc, msg, msglen))
return 0;
break;
@ -1536,6 +1536,10 @@ void SSL_trace(int write_p, int version, int content_type,
{
const unsigned char *msg = buf;
BIO *bio = arg;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return;
switch (content_type) {
case SSL3_RT_HEADER:
@ -1543,7 +1547,7 @@ void SSL_trace(int write_p, int version, int content_type,
int hvers;
/* avoid overlapping with length at the end of buffer */
if (msglen < (size_t)(SSL_IS_DTLS(ssl) ?
if (msglen < (size_t)(SSL_CONNECTION_IS_DTLS(sc) ?
DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) {
BIO_puts(bio, write_p ? "Sent" : "Received");
ssl_print_hex(bio, 0, " too short message", msg, msglen);
@ -1553,7 +1557,7 @@ void SSL_trace(int write_p, int version, int content_type,
BIO_puts(bio, write_p ? "Sent" : "Received");
BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n",
ssl_trace_str(hvers, ssl_version_tbl), hvers);
if (SSL_IS_DTLS(ssl)) {
if (SSL_CONNECTION_IS_DTLS(sc)) {
BIO_printf(bio,
" epoch=%d, sequence_number=%04x%04x%04x\n",
(msg[3] << 8 | msg[4]),
@ -1573,7 +1577,7 @@ void SSL_trace(int write_p, int version, int content_type,
break;
case SSL3_RT_HANDSHAKE:
if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p,
if (!ssl_print_handshake(bio, sc, sc->server ? write_p : !write_p,
msg, msglen, 4))
BIO_printf(bio, "Message length parse error!\n");
break;

65
ssl/tls13_enc.c
View File

@ -31,13 +31,15 @@ static const unsigned char label_prefix[] = "tls13 ";
* The |data| value may be zero length. Any errors will be treated as fatal if
* |fatal| is set. Returns 1 on success 0 on failure.
*/
int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
int tls13_hkdf_expand(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret,
const unsigned char *label, size_t labellen,
const unsigned char *data, size_t datalen,
unsigned char *out, size_t outlen, int fatal)
{
EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF,
s->ctx->propq);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
EVP_KDF *kdf = EVP_KDF_fetch(sctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF,
sctx->propq);
EVP_KDF_CTX *kctx;
OSSL_PARAM params[7], *p = params;
int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
@ -107,7 +109,8 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
* Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on
* success 0 on failure.
*/
int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
int tls13_derive_key(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret,
unsigned char *key, size_t keylen)
{
#ifdef CHARSET_EBCDIC
@ -124,7 +127,8 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
* Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on
* success 0 on failure.
*/
int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret,
int tls13_derive_iv(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret,
unsigned char *iv, size_t ivlen)
{
#ifdef CHARSET_EBCDIC
@ -137,7 +141,7 @@ int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret,
NULL, 0, iv, ivlen, 1);
}
int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
int tls13_derive_finishedkey(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret,
unsigned char *fin, size_t finlen)
{
@ -156,7 +160,7 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
* length |insecretlen|, generate a new secret and store it in the location
* pointed to by |outsecret|. Returns 1 on success 0 on failure.
*/
int tls13_generate_secret(SSL *s, const EVP_MD *md,
int tls13_generate_secret(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *prevsecret,
const unsigned char *insecret,
size_t insecretlen,
@ -175,8 +179,9 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
#else
static const char derived_secret_label[] = "derived";
#endif
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, s->ctx->propq);
kdf = EVP_KDF_fetch(sctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, sctx->propq);
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL) {
@ -225,8 +230,9 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
* handshake secret. This requires the early secret to already have been
* generated. Returns 1 on success 0 on failure.
*/
int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret,
size_t insecretlen)
int tls13_generate_handshake_secret(SSL_CONNECTION *s,
const unsigned char *insecret,
size_t insecretlen)
{
/* Calls SSLfatal() if required */
return tls13_generate_secret(s, ssl_handshake_md(s), s->early_secret,
@ -239,7 +245,7 @@ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret,
* secret and store its length in |*secret_size|. Returns 1 on success 0 on
* failure.
*/
int tls13_generate_master_secret(SSL *s, unsigned char *out,
int tls13_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
unsigned char *prev, size_t prevlen,
size_t *secret_size)
{
@ -254,7 +260,7 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out,
* Generates the mac for the Finished message. Returns the length of the MAC or
* 0 on error.
*/
size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
size_t tls13_final_finish_mac(SSL_CONNECTION *s, const char *str, size_t slen,
unsigned char *out)
{
const EVP_MD *md = ssl_handshake_md(s);
@ -264,14 +270,15 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
unsigned char *key = NULL;
size_t len = 0, hashlen;
OSSL_PARAM params[2], *p = params;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (md == NULL)
return 0;
/* Safe to cast away const here since we're not "getting" any data */
if (s->ctx->propq != NULL)
if (sctx->propq != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES,
(char *)s->ctx->propq,
(char *)sctx->propq,
0);
*p = OSSL_PARAM_construct_end();
@ -280,7 +287,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
goto err;
}
if (str == s->method->ssl3_enc->server_finished_label) {
if (str == SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->server_finished_label) {
key = s->server_finished_secret;
} else if (SSL_IS_FIRST_HANDSHAKE(s)) {
key = s->client_finished_secret;
@ -292,7 +299,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
key = finsecret;
}
if (!EVP_Q_mac(s->ctx->libctx, "HMAC", s->ctx->propq, mdname,
if (!EVP_Q_mac(sctx->libctx, "HMAC", sctx->propq, mdname,
params, key, hashlen, hash, hashlen,
/* outsize as per sizeof(peer_finish_md) */
out, EVP_MAX_MD_SIZE * 2, &len)) {
@ -309,14 +316,14 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
* There isn't really a key block in TLSv1.3, but we still need this function
* for initialising the cipher and hash. Returns 1 on success or 0 on failure.
*/
int tls13_setup_key_block(SSL *s)
int tls13_setup_key_block(SSL_CONNECTION *s)
{
const EVP_CIPHER *c;
const EVP_MD *hash;
s->session->cipher = s->s3.tmp.new_cipher;
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, NULL,
0)) {
if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash,
NULL, NULL, NULL, 0)) {
/* Error is already recorded */
SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
return 0;
@ -330,7 +337,8 @@ int tls13_setup_key_block(SSL *s)
return 1;
}
static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
static int derive_secret_key_and_iv(SSL_CONNECTION *s, int sending,
const EVP_MD *md,
const EVP_CIPHER *ciph,
const unsigned char *insecret,
const unsigned char *hash,
@ -400,7 +408,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
return 1;
}
int tls13_change_cipher_state(SSL *s, int which)
int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
{
#ifdef CHARSET_EBCDIC
static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
@ -436,6 +444,7 @@ int tls13_change_cipher_state(SSL *s, int which)
int ret = 0;
const EVP_MD *md = NULL;
const EVP_CIPHER *cipher = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
#if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13)
ktls_crypto_info_t crypto_info;
void *rl_sequence;
@ -529,14 +538,14 @@ int tls13_change_cipher_state(SSL *s, int which)
* This ups the ref count on cipher so we better make sure we free
* it again
*/
if (!ssl_cipher_get_evp_cipher(s->ctx, sslcipher, &cipher)) {
if (!ssl_cipher_get_evp_cipher(sctx, sslcipher, &cipher)) {
/* Error is already recorded */
SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
EVP_MD_CTX_free(mdctx);
goto err;
}
md = ssl_md(s->ctx, sslcipher->algorithm2);
md = ssl_md(sctx, sslcipher->algorithm2);
if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL)
|| !EVP_DigestUpdate(mdctx, hdata, handlen)
|| !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) {
@ -754,7 +763,7 @@ skip_ktls:
return ret;
}
int tls13_update_key(SSL *s, int sending)
int tls13_update_key(SSL_CONNECTION *s, int sending)
{
#ifdef CHARSET_EBCDIC
static const unsigned char application_traffic[] = { 0x74, 0x72 ,0x61 ,0x66 ,0x66 ,0x69 ,0x63 ,0x20 ,0x75 ,0x70 ,0x64, 0x00};
@ -813,7 +822,8 @@ int tls13_alert_code(int code)
return tls1_alert_code(code);
}
int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
int tls13_export_keying_material(SSL_CONNECTION *s,
unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *context,
size_t contextlen, int use_context)
@ -855,7 +865,8 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
return ret;
}
int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
int tls13_export_keying_material_early(SSL_CONNECTION *s,
unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *context,
size_t contextlen)
@ -882,7 +893,7 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
else
sslcipher = SSL_SESSION_get0_cipher(s->session);
md = ssl_md(s->ctx, sslcipher->algorithm2);
md = ssl_md(SSL_CONNECTION_GET_CTX(s), sslcipher->algorithm2);
/*
* Calculate the hash value and store it in |data|. The reason why

10
ssl/tls_depr.c
View File

@ -64,10 +64,14 @@ const EVP_MD *tls_get_digest_from_engine(int nid)
}
#ifndef OPENSSL_NO_ENGINE
int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey)
int tls_engine_load_ssl_client_cert(SSL_CONNECTION *s, X509 **px509,
EVP_PKEY **ppkey)
{
return ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
SSL_get_client_CA_list(s),
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
return ENGINE_load_ssl_client_cert(SSL_CONNECTION_GET_CTX(s)->client_cert_engine,
ssl,
SSL_get_client_CA_list(ssl),
px509, ppkey, NULL, NULL, NULL);
}
#endif

188
ssl/tls_srp.c
View File

@ -57,7 +57,7 @@ int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx)
* The public API SSL_SRP_CTX_free() is deprecated so we use
* ssl_srp_ctx_free_intern() internally.
*/
int ssl_srp_ctx_free_intern(SSL *s)
int ssl_srp_ctx_free_intern(SSL_CONNECTION *s)
{
if (s == NULL)
return 0;
@ -78,18 +78,21 @@ int ssl_srp_ctx_free_intern(SSL *s)
int SSL_SRP_CTX_free(SSL *s)
{
return ssl_srp_ctx_free_intern(s);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
/* the call works with NULL sc */
return ssl_srp_ctx_free_intern(sc);
}
/*
* The public API SSL_SRP_CTX_init() is deprecated so we use
* ssl_srp_ctx_init_intern() internally.
*/
int ssl_srp_ctx_init_intern(SSL *s)
int ssl_srp_ctx_init_intern(SSL_CONNECTION *s)
{
SSL_CTX *ctx;
SSL_CTX *ctx = SSL_CONNECTION_GET_CTX(s);
if ((s == NULL) || ((ctx = s->ctx) == NULL))
if (s == NULL || ctx == NULL)
return 0;
memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
@ -156,7 +159,10 @@ int ssl_srp_ctx_init_intern(SSL *s)
int SSL_SRP_CTX_init(SSL *s)
{
return ssl_srp_ctx_init_intern(s);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
/* the call works with NULL sc */
return ssl_srp_ctx_init_intern(sc);
}
/*
@ -184,15 +190,17 @@ int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx)
* The public API SSL_srp_server_param_with_username() is deprecated so we use
* ssl_srp_server_param_with_username_intern() internally.
*/
int ssl_srp_server_param_with_username_intern(SSL *s, int *ad)
int ssl_srp_server_param_with_username_intern(SSL_CONNECTION *s, int *ad)
{
unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
int al;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
*ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) &&
((al =
s->srp_ctx.TLS_ext_srp_username_callback(s, ad,
s->srp_ctx.TLS_ext_srp_username_callback(SSL_CONNECTION_GET_SSL(s),
ad,
s->srp_ctx.SRP_cb_arg)) !=
SSL_ERROR_NONE))
return al;
@ -203,7 +211,8 @@ int ssl_srp_server_param_with_username_intern(SSL *s, int *ad)
(s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
return SSL3_AL_FATAL;
if (RAND_priv_bytes_ex(s->ctx->libctx, b, sizeof(b), 0) <= 0)
if (RAND_priv_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, b, sizeof(b),
0) <= 0)
return SSL3_AL_FATAL;
s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
OPENSSL_cleanse(b, sizeof(b));
@ -212,13 +221,18 @@ int ssl_srp_server_param_with_username_intern(SSL *s, int *ad)
return ((s->srp_ctx.B =
SRP_Calc_B_ex(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g,
s->srp_ctx.v, s->ctx->libctx, s->ctx->propq)) !=
s->srp_ctx.v, sctx->libctx, sctx->propq)) !=
NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL;
}
int SSL_srp_server_param_with_username(SSL *s, int *ad)
{
return ssl_srp_server_param_with_username_intern(s, ad);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return SSL3_AL_FATAL;
return ssl_srp_server_param_with_username_intern(sc, ad);
}
/*
@ -228,17 +242,23 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
const char *grp)
{
SRP_gN *GN = SRP_get_default_gN(grp);
SRP_gN *GN;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return -1;
GN = SRP_get_default_gN(grp);
if (GN == NULL)
return -1;
s->srp_ctx.N = BN_dup(GN->N);
s->srp_ctx.g = BN_dup(GN->g);
BN_clear_free(s->srp_ctx.v);
s->srp_ctx.v = NULL;
BN_clear_free(s->srp_ctx.s);
s->srp_ctx.s = NULL;
if (!SRP_create_verifier_BN_ex(user, pass, &s->srp_ctx.s, &s->srp_ctx.v,
s->srp_ctx.N, s->srp_ctx.g, s->ctx->libctx,
sc->srp_ctx.N = BN_dup(GN->N);
sc->srp_ctx.g = BN_dup(GN->g);
BN_clear_free(sc->srp_ctx.v);
sc->srp_ctx.v = NULL;
BN_clear_free(sc->srp_ctx.s);
sc->srp_ctx.s = NULL;
if (!SRP_create_verifier_BN_ex(user, pass, &sc->srp_ctx.s, &sc->srp_ctx.v,
sc->srp_ctx.N, sc->srp_ctx.g, s->ctx->libctx,
s->ctx->propq))
return -1;
@ -248,66 +268,72 @@ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
BIGNUM *sa, BIGNUM *v, char *info)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return -1;
if (N != NULL) {
if (s->srp_ctx.N != NULL) {
if (!BN_copy(s->srp_ctx.N, N)) {
BN_free(s->srp_ctx.N);
s->srp_ctx.N = NULL;
if (sc->srp_ctx.N != NULL) {
if (!BN_copy(sc->srp_ctx.N, N)) {
BN_free(sc->srp_ctx.N);
sc->srp_ctx.N = NULL;
}
} else
s->srp_ctx.N = BN_dup(N);
sc->srp_ctx.N = BN_dup(N);
}
if (g != NULL) {
if (s->srp_ctx.g != NULL) {
if (!BN_copy(s->srp_ctx.g, g)) {
BN_free(s->srp_ctx.g);
s->srp_ctx.g = NULL;
if (sc->srp_ctx.g != NULL) {
if (!BN_copy(sc->srp_ctx.g, g)) {
BN_free(sc->srp_ctx.g);
sc->srp_ctx.g = NULL;
}
} else
s->srp_ctx.g = BN_dup(g);
sc->srp_ctx.g = BN_dup(g);
}
if (sa != NULL) {
if (s->srp_ctx.s != NULL) {
if (!BN_copy(s->srp_ctx.s, sa)) {
BN_free(s->srp_ctx.s);
s->srp_ctx.s = NULL;
if (sc->srp_ctx.s != NULL) {
if (!BN_copy(sc->srp_ctx.s, sa)) {
BN_free(sc->srp_ctx.s);
sc->srp_ctx.s = NULL;
}
} else
s->srp_ctx.s = BN_dup(sa);
sc->srp_ctx.s = BN_dup(sa);
}
if (v != NULL) {
if (s->srp_ctx.v != NULL) {
if (!BN_copy(s->srp_ctx.v, v)) {
BN_free(s->srp_ctx.v);
s->srp_ctx.v = NULL;
if (sc->srp_ctx.v != NULL) {
if (!BN_copy(sc->srp_ctx.v, v)) {
BN_free(sc->srp_ctx.v);
sc->srp_ctx.v = NULL;
}
} else
s->srp_ctx.v = BN_dup(v);
sc->srp_ctx.v = BN_dup(v);
}
if (info != NULL) {
if (s->srp_ctx.info)
OPENSSL_free(s->srp_ctx.info);
if ((s->srp_ctx.info = OPENSSL_strdup(info)) == NULL)
if (sc->srp_ctx.info)
OPENSSL_free(sc->srp_ctx.info);
if ((sc->srp_ctx.info = OPENSSL_strdup(info)) == NULL)
return -1;
}
if (!(s->srp_ctx.N) ||
!(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v))
if (!(sc->srp_ctx.N) ||
!(sc->srp_ctx.g) || !(sc->srp_ctx.s) || !(sc->srp_ctx.v))
return -1;
return 1;
}
int srp_generate_server_master_secret(SSL *s)
int srp_generate_server_master_secret(SSL_CONNECTION *s)
{
BIGNUM *K = NULL, *u = NULL;
int ret = 0, tmp_len = 0;
unsigned char *tmp = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
goto err;
if ((u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N,
s->ctx->libctx, s->ctx->propq)) == NULL)
sctx->libctx, sctx->propq)) == NULL)
goto err;
if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b,
s->srp_ctx.N)) == NULL)
@ -328,37 +354,38 @@ int srp_generate_server_master_secret(SSL *s)
}
/* client side */
int srp_generate_client_master_secret(SSL *s)
int srp_generate_client_master_secret(SSL_CONNECTION *s)
{
BIGNUM *x = NULL, *u = NULL, *K = NULL;
int ret = 0, tmp_len = 0;
char *passwd = NULL;
unsigned char *tmp = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/*
* Checks if b % n == 0
*/
if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0
|| (u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N,
s->ctx->libctx, s->ctx->propq))
sctx->libctx, sctx->propq))
== NULL
|| s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
s->srp_ctx.SRP_cb_arg))
if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(SSL_CONNECTION_GET_SSL(s),
s->srp_ctx.SRP_cb_arg))
== NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED);
goto err;
}
if ((x = SRP_Calc_x_ex(s->srp_ctx.s, s->srp_ctx.login, passwd,
s->ctx->libctx, s->ctx->propq)) == NULL
sctx->libctx, sctx->propq)) == NULL
|| (K = SRP_Calc_client_key_ex(s->srp_ctx.N, s->srp_ctx.B,
s->srp_ctx.g, x,
s->srp_ctx.a, u,
s->ctx->libctx,
s->ctx->propq)) == NULL) {
sctx->libctx,
sctx->propq)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@ -380,7 +407,7 @@ int srp_generate_client_master_secret(SSL *s)
return ret;
}
int srp_verify_server_param(SSL *s)
int srp_verify_server_param(SSL_CONNECTION *s)
{
SRP_CTX *srp = &s->srp_ctx;
/*
@ -399,7 +426,8 @@ int srp_verify_server_param(SSL *s)
}
if (srp->SRP_verify_param_callback) {
if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) {
if (srp->SRP_verify_param_callback(SSL_CONNECTION_GET_SSL(s),
srp->SRP_cb_arg) <= 0) {
SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_R_CALLBACK_FAILED);
return 0;
}
@ -416,11 +444,12 @@ int srp_verify_server_param(SSL *s)
* The public API SRP_Calc_A_param() is deprecated so we use
* ssl_srp_calc_a_param_intern() internally.
*/
int ssl_srp_calc_a_param_intern(SSL *s)
int ssl_srp_calc_a_param_intern(SSL_CONNECTION *s)
{
unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
if (RAND_priv_bytes_ex(s->ctx->libctx, rnd, sizeof(rnd), 0) <= 0)
if (RAND_priv_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
rnd, sizeof(rnd), 0) <= 0)
return 0;
s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
OPENSSL_cleanse(rnd, sizeof(rnd));
@ -433,34 +462,59 @@ int ssl_srp_calc_a_param_intern(SSL *s)
int SRP_Calc_A_param(SSL *s)
{
return ssl_srp_calc_a_param_intern(s);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
return ssl_srp_calc_a_param_intern(sc);
}
BIGNUM *SSL_get_srp_g(SSL *s)
{
if (s->srp_ctx.g != NULL)
return s->srp_ctx.g;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return NULL;
if (sc->srp_ctx.g != NULL)
return sc->srp_ctx.g;
return s->ctx->srp_ctx.g;
}
BIGNUM *SSL_get_srp_N(SSL *s)
{
if (s->srp_ctx.N != NULL)
return s->srp_ctx.N;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return NULL;
if (sc->srp_ctx.N != NULL)
return sc->srp_ctx.N;
return s->ctx->srp_ctx.N;
}
char *SSL_get_srp_username(SSL *s)
{
if (s->srp_ctx.login != NULL)
return s->srp_ctx.login;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return NULL;
if (sc->srp_ctx.login != NULL)
return sc->srp_ctx.login;
return s->ctx->srp_ctx.login;
}
char *SSL_get_srp_userinfo(SSL *s)
{
if (s->srp_ctx.info != NULL)
return s->srp_ctx.info;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return NULL;
if (sc->srp_ctx.info != NULL)
return sc->srp_ctx.info;
return s->ctx->srp_ctx.info;
}

5
test/dtls_mtu_test.c
View File

@ -55,6 +55,7 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm)
size_t mtus[30];
unsigned char buf[600];
int rv = 0;
SSL_CONNECTION *clnt_sc;
memset(buf, 0x5a, sizeof(buf));
@ -132,8 +133,10 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm)
}
}
}
if (!TEST_ptr(clnt_sc = SSL_CONNECTION_FROM_SSL_ONLY(clnt_ssl)))
goto end;
rv = 1;
if (SSL_READ_ETM(clnt_ssl))
if (SSL_READ_ETM(clnt_sc))
rv = 2;
end:
SSL_free(clnt_ssl);

8
test/helpers/handshake.c
View File

@ -978,9 +978,15 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer)
return;
} else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH) {
if (SSL_is_server(peer->ssl)) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(peer->ssl);
if (sc == NULL) {
peer->status = PEER_ERROR;
return;
}
/* Make the server believe it's received the extension */
if (test_ctx->extra.server.force_pha)
peer->ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
sc->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
ret = SSL_verify_client_post_handshake(peer->ssl);
if (!ret) {
peer->status = PEER_ERROR;

61
test/sslapitest.c
View File

@ -1079,12 +1079,17 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
char srec_wseq_after[SEQ_NUM_SIZE];
char srec_rseq_before[SEQ_NUM_SIZE];
char srec_rseq_after[SEQ_NUM_SIZE];
SSL_CONNECTION *clientsc, *serversc;
if (!TEST_ptr(clientsc = SSL_CONNECTION_FROM_SSL_ONLY(clientssl))
|| !TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
goto end;
cbuf[0] = count++;
memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_before, &clientsc->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_before, &serversc->rlayer.read_sequence, SEQ_NUM_SIZE);
if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf)))
goto end;
@ -1104,10 +1109,10 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
}
}
memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_after, &clientsc->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_after, &serversc->rlayer.read_sequence, SEQ_NUM_SIZE);
/* verify the payload */
if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf)))
@ -1117,7 +1122,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
* If ktls is used then kernel sequences are used instead of
* OpenSSL sequences
*/
if (!BIO_get_ktls_send(clientssl->wbio)) {
if (!BIO_get_ktls_send(clientsc->wbio)) {
if (!TEST_mem_ne(crec_wseq_before, SEQ_NUM_SIZE,
crec_wseq_after, SEQ_NUM_SIZE))
goto end;
@ -1127,7 +1132,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
goto end;
}
if (!BIO_get_ktls_send(serverssl->wbio)) {
if (!BIO_get_ktls_send(serversc->wbio)) {
if (!TEST_mem_ne(srec_wseq_before, SEQ_NUM_SIZE,
srec_wseq_after, SEQ_NUM_SIZE))
goto end;
@ -1137,7 +1142,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
goto end;
}
if (!BIO_get_ktls_recv(clientssl->wbio)) {
if (!BIO_get_ktls_recv(clientsc->wbio)) {
if (!TEST_mem_ne(crec_rseq_before, SEQ_NUM_SIZE,
crec_rseq_after, SEQ_NUM_SIZE))
goto end;
@ -1147,7 +1152,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
goto end;
}
if (!BIO_get_ktls_recv(serverssl->wbio)) {
if (!BIO_get_ktls_recv(serversc->wbio)) {
if (!TEST_mem_ne(srec_rseq_before, SEQ_NUM_SIZE,
srec_rseq_after, SEQ_NUM_SIZE))
goto end;
@ -1170,6 +1175,7 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
int ktls_used = 0, testresult = 0;
int cfd = -1, sfd = -1;
int rx_supported;
SSL_CONNECTION *clientsc, *serversc;
if (!TEST_true(create_test_sockets(&cfd, &sfd)))
goto end;
@ -1206,6 +1212,10 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
&clientssl, sfd, cfd)))
goto end;
if (!TEST_ptr(clientsc = SSL_CONNECTION_FROM_SSL_ONLY(clientssl))
|| !TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
goto end;
if (cis_ktls) {
if (!TEST_true(SSL_set_options(clientssl, SSL_OP_ENABLE_KTLS)))
goto end;
@ -1225,18 +1235,18 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
* isn't enabled.
*/
if (!cis_ktls) {
if (!TEST_false(BIO_get_ktls_send(clientssl->wbio)))
if (!TEST_false(BIO_get_ktls_send(clientsc->wbio)))
goto end;
} else {
if (BIO_get_ktls_send(clientssl->wbio))
if (BIO_get_ktls_send(clientsc->wbio))
ktls_used = 1;
}
if (!sis_ktls) {
if (!TEST_false(BIO_get_ktls_send(serverssl->wbio)))
if (!TEST_false(BIO_get_ktls_send(serversc->wbio)))
goto end;
} else {
if (BIO_get_ktls_send(serverssl->wbio))
if (BIO_get_ktls_send(serversc->wbio))
ktls_used = 1;
}
@ -1246,18 +1256,18 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
rx_supported = 1;
#endif
if (!cis_ktls || !rx_supported) {
if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio)))
if (!TEST_false(BIO_get_ktls_recv(clientsc->rbio)))
goto end;
} else {
if (BIO_get_ktls_send(clientssl->rbio))
if (BIO_get_ktls_send(clientsc->rbio))
ktls_used = 1;
}
if (!sis_ktls || !rx_supported) {
if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio)))
if (!TEST_false(BIO_get_ktls_recv(serversc->rbio)))
goto end;
} else {
if (BIO_get_ktls_send(serverssl->rbio))
if (BIO_get_ktls_send(serversc->rbio))
ktls_used = 1;
}
@ -1306,6 +1316,7 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
off_t chunk_off = 0;
int testresult = 0;
FILE *ffdp;
SSL_CONNECTION *serversc;
buf = OPENSSL_zalloc(SENDFILE_SZ);
buf_dst = OPENSSL_zalloc(SENDFILE_SZ);
@ -1345,6 +1356,9 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
&clientssl, sfd, cfd)))
goto end;
if (!TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
goto end;
if (!TEST_true(SSL_set_options(serverssl, SSL_OP_ENABLE_KTLS)))
goto end;
@ -1352,7 +1366,7 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
SSL_ERROR_NONE)))
goto end;
if (!BIO_get_ktls_send(serverssl->wbio)) {
if (!BIO_get_ktls_send(serversc->wbio)) {
testresult = TEST_skip("Failed to enable KTLS for %s cipher %s",
tls_version == TLS1_3_VERSION ? "TLS 1.3" :
"TLS 1.2", cipher);
@ -1529,6 +1543,7 @@ static int execute_cleanse_plaintext(const SSL_METHOD *smeth,
int testresult = 0;
SSL3_RECORD *rr;
void *zbuf;
SSL_CONNECTION *serversc;
static unsigned char cbuf[16000];
static unsigned char sbuf[16000];
@ -1589,7 +1604,9 @@ static int execute_cleanse_plaintext(const SSL_METHOD *smeth,
* layer is a plaintext record. We can gather the pointer to check
* for zeroization after SSL_read().
*/
rr = serverssl->rlayer.rrec;
if (!TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
goto end;
rr = serversc->rlayer.rrec;
zbuf = &rr->data[rr->off];
if (!TEST_int_eq(rr->length, sizeof(cbuf)))
goto end;

11
test/tls13encryptiontest.c
View File

@ -304,12 +304,13 @@ static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc)
static int test_tls13_encryption(void)
{
SSL_CTX *ctx = NULL;
SSL *s = NULL;
SSL *ssl = NULL;
SSL3_RECORD rec;
unsigned char *key = NULL, *iv = NULL, *seq = NULL;
const EVP_CIPHER *ciph = EVP_aes_128_gcm();
int ret = 0;
size_t ivlen, ctr;
SSL_CONNECTION *s;
/*
* Encrypted TLSv1.3 records always have an outer content type of
@ -325,8 +326,8 @@ static int test_tls13_encryption(void)
goto err;
}
s = SSL_new(ctx);
if (!TEST_ptr(s)) {
ssl = SSL_new(ctx);
if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl))) {
TEST_info("Failed creating SSL");
goto err;
}
@ -339,7 +340,7 @@ static int test_tls13_encryption(void)
if (!TEST_ptr(s->enc_write_ctx))
goto err;
s->s3.tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES);
s->s3.tmp.new_cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES);
if (!TEST_ptr(s->s3.tmp.new_cipher)) {
TEST_info("Failed to find cipher");
goto err;
@ -405,7 +406,7 @@ static int test_tls13_encryption(void)
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
SSL_free(s);
SSL_free(ssl);
SSL_CTX_free(ctx);
return ret;
}

28
test/tls13secretstest.c
View File

@ -126,7 +126,7 @@ static unsigned char server_ats_iv[] = {
};
/* Mocked out implementations of various functions */
int ssl3_digest_cached_records(SSL *s, int keep)
int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep)
{
return 1;
}
@ -134,7 +134,7 @@ int ssl3_digest_cached_records(SSL *s, int keep)
static int full_hash = 0;
/* Give a hash of the currently set handshake */
int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
int ssl_handshake_hash(SSL_CONNECTION *s, unsigned char *out, size_t outlen,
size_t *hashlen)
{
if (sizeof(hs_start_hash) > outlen
@ -152,7 +152,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
return 1;
}
const EVP_MD *ssl_handshake_md(SSL *s)
const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s)
{
return EVP_sha256();
}
@ -185,7 +185,7 @@ int tls1_alert_code(int code)
return code;
}
int ssl_log_secret(SSL *ssl,
int ssl_log_secret(SSL_CONNECTION *sc,
const char *label,
const uint8_t *secret,
size_t secret_len)
@ -198,20 +198,21 @@ const EVP_MD *ssl_md(SSL_CTX *ctx, int idx)
return EVP_sha256();
}
void ossl_statem_send_fatal(SSL *s, int al)
void ossl_statem_send_fatal(SSL_CONNECTION *s, int al)
{
}
void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason,
const char *fmt, ...)
{
}
int ossl_statem_export_allowed(SSL *s)
int ossl_statem_export_allowed(SSL_CONNECTION *s)
{
return 1;
}
int ossl_statem_export_early_allowed(SSL *s)
int ossl_statem_export_early_allowed(SSL_CONNECTION *s)
{
return 1;
}
@ -226,7 +227,7 @@ void ssl_evp_md_free(const EVP_MD *md)
/* End of mocked out code */
static int test_secret(SSL *s, unsigned char *prk,
static int test_secret(SSL_CONNECTION *s, unsigned char *prk,
const unsigned char *label, size_t labellen,
const unsigned char *ref_secret,
const unsigned char *ref_key, const unsigned char *ref_iv)
@ -274,7 +275,8 @@ static int test_secret(SSL *s, unsigned char *prk,
static int test_handshake_secrets(void)
{
SSL_CTX *ctx = NULL;
SSL *s = NULL;
SSL *ssl = NULL;
SSL_CONNECTION *s;
int ret = 0;
size_t hashsize;
unsigned char out_master_secret[EVP_MAX_MD_SIZE];
@ -284,8 +286,8 @@ static int test_handshake_secrets(void)
if (!TEST_ptr(ctx))
goto err;
s = SSL_new(ctx);
if (!TEST_ptr(s ))
ssl = SSL_new(ctx);
if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl)))
goto err;
s->session = SSL_SESSION_new();
@ -396,7 +398,7 @@ static int test_handshake_secrets(void)
ret = 1;
err:
SSL_free(s);
SSL_free(ssl);
SSL_CTX_free(ctx);
return ret;
}