mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-19 16:33:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

SSL object refactoring using SSL_CONNECTION object

Browse Source 
Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented a QUIC stream.

It requires adding if after every SSL_CONNECTION_FROM_SSL() call
which itself has to be added to almost every public SSL_ API call.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18612)
This commit is contained in:
Tomas Mraz 2022-06-20 17:11:28 +02:00 committed by Hugo Landau
parent ce602bb0a2
commit 38b051a1fe
49 changed files with 4815 additions and 2939 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ssl/bio_ssl.c
View File

@ -227,19 +227,23 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO *dbio, *bio; BIO *dbio, *bio;
long ret = 1; long ret = 1;
BIO *next; BIO *next;
SSL_CONNECTION *sc = NULL;
bs = BIO_get_data(b); bs = BIO_get_data(b);
next = BIO_next(b); next = BIO_next(b);
ssl = bs->ssl; ssl = bs->ssl;
if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) if ((ssl == NULL
|| (sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL)
&& cmd != BIO_C_SET_SSL)
return 0; return 0;
/* TODO(QUIC): The rbio/wbio might be from QUIC_CONNECTION instead */
switch (cmd) { switch (cmd) {
case BIO_CTRL_RESET: case BIO_CTRL_RESET:
SSL_shutdown(ssl); SSL_shutdown(ssl);
if (ssl->handshake_func == ssl->method->ssl_connect) if (sc->handshake_func == ssl->method->ssl_connect)
SSL_set_connect_state(ssl); SSL_set_connect_state(ssl);
else if (ssl->handshake_func == ssl->method->ssl_accept) else if (sc->handshake_func == ssl->method->ssl_accept)
SSL_set_accept_state(ssl); SSL_set_accept_state(ssl);
if (!SSL_clear(ssl)) { if (!SSL_clear(ssl)) {
@ -249,8 +253,8 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
if (next != NULL) if (next != NULL)
ret = BIO_ctrl(next, cmd, num, ptr); ret = BIO_ctrl(next, cmd, num, ptr);
else if (ssl->rbio != NULL) else if (sc->rbio != NULL)
ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); ret = BIO_ctrl(sc->rbio, cmd, num, ptr);
else else
ret = 1; ret = 1;
break; break;
@ -311,20 +315,20 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_set_shutdown(b, (int)num); BIO_set_shutdown(b, (int)num);
break; break;
case BIO_CTRL_WPENDING: case BIO_CTRL_WPENDING:
ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); ret = BIO_ctrl(sc->wbio, cmd, num, ptr);
break; break;
case BIO_CTRL_PENDING: case BIO_CTRL_PENDING:
ret = SSL_pending(ssl); ret = SSL_pending(ssl);
if (ret == 0) if (ret == 0)
ret = BIO_pending(ssl->rbio); ret = BIO_pending(sc->rbio);
break; break;
case BIO_CTRL_FLUSH: case BIO_CTRL_FLUSH:
BIO_clear_retry_flags(b); BIO_clear_retry_flags(b);
ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); ret = BIO_ctrl(sc->wbio, cmd, num, ptr);
BIO_copy_next_retry(b); BIO_copy_next_retry(b);
break; break;
case BIO_CTRL_PUSH: case BIO_CTRL_PUSH:
if ((next != NULL) && (next != ssl->rbio)) { if ((next != NULL) && (next != sc->rbio)) {
/* /*
* We are going to pass ownership of next to the SSL object...but * We are going to pass ownership of next to the SSL object...but
* we don't own a reference to pass yet - so up ref * we don't own a reference to pass yet - so up ref
@ -378,13 +382,13 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = (dbs->ssl != NULL); ret = (dbs->ssl != NULL);
break; break;
case BIO_C_GET_FD: case BIO_C_GET_FD:
ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); ret = BIO_ctrl(sc->rbio, cmd, num, ptr);
break; break;
case BIO_CTRL_SET_CALLBACK: case BIO_CTRL_SET_CALLBACK:
ret = 0; /* use callback ctrl */ ret = 0; /* use callback ctrl */
break; break;
default: default:
ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); ret = BIO_ctrl(sc->rbio, cmd, num, ptr);
break; break;
} }
return ret; return ret;
@ -400,7 +404,7 @@ static long ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
ssl = bs->ssl; ssl = bs->ssl;
switch (cmd) { switch (cmd) {
case BIO_CTRL_SET_CALLBACK: case BIO_CTRL_SET_CALLBACK:
ret = BIO_callback_ctrl(ssl->rbio, cmd, fp); ret = BIO_callback_ctrl(SSL_get_rbio(ssl), cmd, fp);
break; break;
default: default:
ret = 0; ret = 0;

169
ssl/d1_lib.c
View File

@ -15,7 +15,7 @@
#include "internal/time.h" #include "internal/time.h"
static void get_current_time(struct timeval *t); static void get_current_time(struct timeval *t);
static int dtls1_handshake_write(SSL *s); static int dtls1_handshake_write(SSL_CONNECTION *s);
static size_t dtls1_link_min_mtu(void); static size_t dtls1_link_min_mtu(void);
/* XDTLS: figure out the right values */ /* XDTLS: figure out the right values */
@ -65,18 +65,22 @@ long dtls1_default_timeout(void)
return (60 * 60 * 2); return (60 * 60 * 2);
} }
int dtls1_new(SSL *s) int dtls1_new(SSL *ssl)
{ {
DTLS1_STATE *d1; DTLS1_STATE *d1;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return 0;
if (!DTLS_RECORD_LAYER_new(&s->rlayer)) { if (!DTLS_RECORD_LAYER_new(&s->rlayer)) {
return 0; return 0;
} }
if (!ssl3_new(s)) if (!ssl3_new(ssl))
return 0; return 0;
if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) { if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) {
ssl3_free(s); ssl3_free(ssl);
return 0; return 0;
} }
@ -94,25 +98,25 @@ int dtls1_new(SSL *s)
pqueue_free(d1->buffered_messages); pqueue_free(d1->buffered_messages);
pqueue_free(d1->sent_messages); pqueue_free(d1->sent_messages);
OPENSSL_free(d1); OPENSSL_free(d1);
ssl3_free(s); ssl3_free(ssl);
return 0; return 0;
} }
s->d1 = d1; s->d1 = d1;
if (!s->method->ssl_clear(s)) if (!ssl->method->ssl_clear(ssl))
return 0; return 0;
return 1; return 1;
} }
static void dtls1_clear_queues(SSL *s) static void dtls1_clear_queues(SSL_CONNECTION *s)
{ {
dtls1_clear_received_buffer(s); dtls1_clear_received_buffer(s);
dtls1_clear_sent_buffer(s); dtls1_clear_sent_buffer(s);
} }
void dtls1_clear_received_buffer(SSL *s) void dtls1_clear_received_buffer(SSL_CONNECTION *s)
{ {
pitem *item = NULL; pitem *item = NULL;
hm_fragment *frag = NULL; hm_fragment *frag = NULL;
@ -124,7 +128,7 @@ void dtls1_clear_received_buffer(SSL *s)
} }
} }
void dtls1_clear_sent_buffer(SSL *s) void dtls1_clear_sent_buffer(SSL_CONNECTION *s)
{ {
pitem *item = NULL; pitem *item = NULL;
hm_fragment *frag = NULL; hm_fragment *frag = NULL;
@ -137,11 +141,16 @@ void dtls1_clear_sent_buffer(SSL *s)
} }
void dtls1_free(SSL *s) void dtls1_free(SSL *ssl)
{ {
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return;
DTLS_RECORD_LAYER_free(&s->rlayer); DTLS_RECORD_LAYER_free(&s->rlayer);
ssl3_free(s); ssl3_free(ssl);
if (s->d1 != NULL) { if (s->d1 != NULL) {
dtls1_clear_queues(s); dtls1_clear_queues(s);
@ -153,13 +162,18 @@ void dtls1_free(SSL *s)
s->d1 = NULL; s->d1 = NULL;
} }
int dtls1_clear(SSL *s) int dtls1_clear(SSL *ssl)
{ {
pqueue *buffered_messages; pqueue *buffered_messages;
pqueue *sent_messages; pqueue *sent_messages;
size_t mtu; size_t mtu;
size_t link_mtu; size_t link_mtu;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return 0;
DTLS_RECORD_LAYER_clear(&s->rlayer); DTLS_RECORD_LAYER_clear(&s->rlayer);
if (s->d1) { if (s->d1) {
@ -181,7 +195,7 @@ int dtls1_clear(SSL *s)
s->d1->cookie_len = sizeof(s->d1->cookie); s->d1->cookie_len = sizeof(s->d1->cookie);
} }
if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { if (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU) {
s->d1->mtu = mtu; s->d1->mtu = mtu;
s->d1->link_mtu = link_mtu; s->d1->link_mtu = link_mtu;
} }
@ -190,24 +204,28 @@ int dtls1_clear(SSL *s)
s->d1->sent_messages = sent_messages; s->d1->sent_messages = sent_messages;
} }
if (!ssl3_clear(s)) if (!ssl3_clear(ssl))
return 0; return 0;
if (s->method->version == DTLS_ANY_VERSION) if (ssl->method->version == DTLS_ANY_VERSION)
s->version = DTLS_MAX_VERSION_INTERNAL; s->version = DTLS_MAX_VERSION_INTERNAL;
#ifndef OPENSSL_NO_DTLS1_METHOD #ifndef OPENSSL_NO_DTLS1_METHOD
else if (s->options & SSL_OP_CISCO_ANYCONNECT) else if (s->options & SSL_OP_CISCO_ANYCONNECT)
s->client_version = s->version = DTLS1_BAD_VER; s->client_version = s->version = DTLS1_BAD_VER;
#endif #endif
else else
s->version = s->method->version; s->version = ssl->method->version;
return 1; return 1;
} }
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) long dtls1_ctrl(SSL *ssl, int cmd, long larg, void *parg)
{ {
int ret = 0; int ret = 0;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return 0;
switch (cmd) { switch (cmd) {
case DTLS_CTRL_GET_TIMEOUT: case DTLS_CTRL_GET_TIMEOUT:
@ -235,19 +253,20 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
s->d1->mtu = larg; s->d1->mtu = larg;
return larg; return larg;
default: default:
ret = ssl3_ctrl(s, cmd, larg, parg); ret = ssl3_ctrl(ssl, cmd, larg, parg);
break; break;
} }
return ret; return ret;
} }
void dtls1_start_timer(SSL *s) void dtls1_start_timer(SSL_CONNECTION *s)
{ {
unsigned int sec, usec; unsigned int sec, usec;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
/* Disable timer for SCTP */ /* Disable timer for SCTP */
if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { if (BIO_dgram_is_sctp(SSL_get_wbio(ssl))) {
memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout)); memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
return; return;
} }
@ -260,7 +279,7 @@ void dtls1_start_timer(SSL *s)
if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
if (s->d1->timer_cb != NULL) if (s->d1->timer_cb != NULL)
s->d1->timeout_duration_us = s->d1->timer_cb(s, 0); s->d1->timeout_duration_us = s->d1->timer_cb(ssl, 0);
else else
s->d1->timeout_duration_us = 1000000; s->d1->timeout_duration_us = 1000000;
} }
@ -281,11 +300,11 @@ void dtls1_start_timer(SSL *s)
s->d1->next_timeout.tv_usec -= 1000000; s->d1->next_timeout.tv_usec -= 1000000;
} }
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
&(s->d1->next_timeout)); &(s->d1->next_timeout));
} }
struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft) struct timeval *dtls1_get_timeout(SSL_CONNECTION *s, struct timeval *timeleft)
{ {
struct timeval timenow; struct timeval timenow;
@ -325,7 +344,7 @@ struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
return timeleft; return timeleft;
} }
int dtls1_is_timer_expired(SSL *s) int dtls1_is_timer_expired(SSL_CONNECTION *s)
{ {
struct timeval timeleft; struct timeval timeleft;
@ -343,36 +362,37 @@ int dtls1_is_timer_expired(SSL *s)
return 1; return 1;
} }
static void dtls1_double_timeout(SSL *s) static void dtls1_double_timeout(SSL_CONNECTION *s)
{ {
s->d1->timeout_duration_us *= 2; s->d1->timeout_duration_us *= 2;
if (s->d1->timeout_duration_us > 60000000) if (s->d1->timeout_duration_us > 60000000)
s->d1->timeout_duration_us = 60000000; s->d1->timeout_duration_us = 60000000;
} }
void dtls1_stop_timer(SSL *s) void dtls1_stop_timer(SSL_CONNECTION *s)
{ {
/* Reset everything */ /* Reset everything */
s->d1->timeout_num_alerts = 0; s->d1->timeout_num_alerts = 0;
memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout)); memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
s->d1->timeout_duration_us = 1000000; s->d1->timeout_duration_us = 1000000;
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
&(s->d1->next_timeout)); &(s->d1->next_timeout));
/* Clear retransmission buffer */ /* Clear retransmission buffer */
dtls1_clear_sent_buffer(s); dtls1_clear_sent_buffer(s);
} }
int dtls1_check_timeout_num(SSL *s) int dtls1_check_timeout_num(SSL_CONNECTION *s)
{ {
size_t mtu; size_t mtu;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
s->d1->timeout_num_alerts++; s->d1->timeout_num_alerts++;
/* Reduce MTU after 2 unsuccessful retransmissions */ /* Reduce MTU after 2 unsuccessful retransmissions */
if (s->d1->timeout_num_alerts > 2 if (s->d1->timeout_num_alerts > 2
&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { && !(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
mtu = mtu =
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
if (mtu < s->d1->mtu) if (mtu < s->d1->mtu)
s->d1->mtu = mtu; s->d1->mtu = mtu;
} }
@ -386,7 +406,7 @@ int dtls1_check_timeout_num(SSL *s)
return 0; return 0;
} }
int dtls1_handle_timeout(SSL *s) int dtls1_handle_timeout(SSL_CONNECTION *s)
{ {
/* if no timer is expired, don't do anything */ /* if no timer is expired, don't do anything */
if (!dtls1_is_timer_expired(s)) { if (!dtls1_is_timer_expired(s)) {
@ -394,7 +414,8 @@ int dtls1_handle_timeout(SSL *s)
} }
if (s->d1->timer_cb != NULL) if (s->d1->timer_cb != NULL)
s->d1->timeout_duration_us = s->d1->timer_cb(s, s->d1->timeout_duration_us); s->d1->timeout_duration_us = s->d1->timer_cb(SSL_CONNECTION_GET_SSL(s),
s->d1->timeout_duration_us);
else else
dtls1_double_timeout(s); dtls1_double_timeout(s);
@ -417,7 +438,7 @@ static void get_current_time(struct timeval *t)
#define LISTEN_SEND_VERIFY_REQUEST 1 #define LISTEN_SEND_VERIFY_REQUEST 1
#ifndef OPENSSL_NO_SOCK #ifndef OPENSSL_NO_SOCK
int DTLSv1_listen(SSL *s, BIO_ADDR *client) int DTLSv1_listen(SSL *ssl, BIO_ADDR *client)
{ {
int next, n, ret = 0; int next, n, ret = 0;
unsigned char cookie[DTLS1_COOKIE_LENGTH]; unsigned char cookie[DTLS1_COOKIE_LENGTH];
@ -429,20 +450,24 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
BIO *rbio, *wbio; BIO *rbio, *wbio;
BIO_ADDR *tmpclient = NULL; BIO_ADDR *tmpclient = NULL;
PACKET pkt, msgpkt, msgpayload, session, cookiepkt; PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return -1;
if (s->handshake_func == NULL) { if (s->handshake_func == NULL) {
/* Not properly initialized yet */ /* Not properly initialized yet */
SSL_set_accept_state(s); SSL_set_accept_state(ssl);
} }
/* Ensure there is no state left over from a previous invocation */ /* Ensure there is no state left over from a previous invocation */
if (!SSL_clear(s)) if (!SSL_clear(ssl))
return -1; return -1;
ERR_clear_error(); ERR_clear_error();
rbio = SSL_get_rbio(s); rbio = SSL_get_rbio(ssl);
wbio = SSL_get_wbio(s); wbio = SSL_get_wbio(ssl);
if (!rbio || !wbio) { if (!rbio || !wbio) {
ERR_raise(ERR_LIB_SSL, SSL_R_BIO_NOT_SET); ERR_raise(ERR_LIB_SSL, SSL_R_BIO_NOT_SET);
@ -517,7 +542,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, 0, SSL3_RT_HEADER, buf, s->msg_callback(0, 0, SSL3_RT_HEADER, buf,
DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); DTLS1_RT_HEADER_LENGTH, ssl, s->msg_callback_arg);
/* Get the record header */ /* Get the record header */
if (!PACKET_get_1(&pkt, &rectype) if (!PACKET_get_1(&pkt, &rectype)
@ -600,7 +625,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, data, s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, data,
fraglen + DTLS1_HM_HEADER_LENGTH, s, fraglen + DTLS1_HM_HEADER_LENGTH, ssl,
s->msg_callback_arg); s->msg_callback_arg);
if (!PACKET_get_net_2(&msgpayload, &clientvers)) { if (!PACKET_get_net_2(&msgpayload, &clientvers)) {
@ -611,8 +636,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
/* /*
* Verify client version is supported * Verify client version is supported
*/ */
if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) && if (DTLS_VERSION_LT(clientvers, (unsigned int)ssl->method->version) &&
s->method->version != DTLS_ANY_VERSION) { ssl->method->version != DTLS_ANY_VERSION) {
ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_VERSION_NUMBER); ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_VERSION_NUMBER);
goto end; goto end;
} }
@ -638,12 +663,12 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
/* /*
* We have a cookie, so lets check it. * We have a cookie, so lets check it.
*/ */
if (s->ctx->app_verify_cookie_cb == NULL) { if (ssl->ctx->app_verify_cookie_cb == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_NO_VERIFY_COOKIE_CALLBACK); ERR_raise(ERR_LIB_SSL, SSL_R_NO_VERIFY_COOKIE_CALLBACK);
/* This is fatal */ /* This is fatal */
return -1; return -1;
} }
if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt), if (ssl->ctx->app_verify_cookie_cb(ssl, PACKET_data(&cookiepkt),
(unsigned int)PACKET_remaining(&cookiepkt)) == 0) { (unsigned int)PACKET_remaining(&cookiepkt)) == 0) {
/* /*
* We treat invalid cookies in the same was as no cookie as * We treat invalid cookies in the same was as no cookie as
@ -668,8 +693,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
*/ */
/* Generate the cookie */ /* Generate the cookie */
if (s->ctx->app_gen_cookie_cb == NULL || if (ssl->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 || ssl->ctx->app_gen_cookie_cb(ssl, cookie, &cookielen) == 0 ||
cookielen > 255) { cookielen > 255) {
ERR_raise(ERR_LIB_SSL, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); ERR_raise(ERR_LIB_SSL, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
/* This is fatal */ /* This is fatal */
@ -681,8 +706,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* haven't decided which version to use yet send back using version * haven't decided which version to use yet send back using version
* 1.0 header: otherwise some clients will ignore it. * 1.0 header: otherwise some clients will ignore it.
*/ */
version = (s->method->version == DTLS_ANY_VERSION) ? DTLS1_VERSION version = (ssl->method->version == DTLS_ANY_VERSION) ? DTLS1_VERSION
: s->version; : s->version;
/* Construct the record and message headers */ /* Construct the record and message headers */
if (!WPACKET_init_static_len(&wpkt, if (!WPACKET_init_static_len(&wpkt,
@ -753,7 +778,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(1, 0, SSL3_RT_HEADER, buf, s->msg_callback(1, 0, SSL3_RT_HEADER, buf,
DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); DTLS1_RT_HEADER_LENGTH, ssl,
s->msg_callback_arg);
if ((tmpclient = BIO_ADDR_new()) == NULL) { if ((tmpclient = BIO_ADDR_new()) == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
@ -807,7 +833,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* We are doing cookie exchange, so make sure we set that option in the * We are doing cookie exchange, so make sure we set that option in the
* SSL object * SSL object
*/ */
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE);
/* /*
* Tell the state machine that we've done the initial hello verify * Tell the state machine that we've done the initial hello verify
@ -832,7 +858,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
} }
#endif #endif
static int dtls1_handshake_write(SSL *s) static int dtls1_handshake_write(SSL_CONNECTION *s)
{ {
return dtls1_do_write(s, SSL3_RT_HANDSHAKE); return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
} }
@ -842,10 +868,14 @@ int dtls1_shutdown(SSL *s)
int ret; int ret;
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
BIO *wbio; BIO *wbio;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (s == NULL)
return -1;
wbio = SSL_get_wbio(s); wbio = SSL_get_wbio(s);
if (wbio != NULL && BIO_dgram_is_sctp(wbio) && if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
!(s->shutdown & SSL_SENT_SHUTDOWN)) { !(sc->shutdown & SSL_SENT_SHUTDOWN)) {
ret = BIO_dgram_sctp_wait_for_dry(wbio); ret = BIO_dgram_sctp_wait_for_dry(wbio);
if (ret < 0) if (ret < 0)
return -1; return -1;
@ -862,19 +892,21 @@ int dtls1_shutdown(SSL *s)
return ret; return ret;
} }
int dtls1_query_mtu(SSL *s) int dtls1_query_mtu(SSL_CONNECTION *s)
{ {
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->d1->link_mtu) { if (s->d1->link_mtu) {
s->d1->mtu = s->d1->mtu =
s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(ssl));
s->d1->link_mtu = 0; s->d1->link_mtu = 0;
} }
/* AHA! Figure out the MTU, and stick to the right size */ /* AHA! Figure out the MTU, and stick to the right size */
if (s->d1->mtu < dtls1_min_mtu(s)) { if (s->d1->mtu < dtls1_min_mtu(s)) {
if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { if (!(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
s->d1->mtu = s->d1->mtu =
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
/* /*
* I've seen the kernel return bogus numbers when it doesn't know * I've seen the kernel return bogus numbers when it doesn't know
@ -883,7 +915,7 @@ int dtls1_query_mtu(SSL *s)
if (s->d1->mtu < dtls1_min_mtu(s)) { if (s->d1->mtu < dtls1_min_mtu(s)) {
/* Set to min mtu */ /* Set to min mtu */
s->d1->mtu = dtls1_min_mtu(s); s->d1->mtu = dtls1_min_mtu(s);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SET_MTU,
(long)s->d1->mtu, NULL); (long)s->d1->mtu, NULL);
} }
} else } else
@ -898,16 +930,24 @@ static size_t dtls1_link_min_mtu(void)
sizeof(g_probable_mtu[0])) - 1]); sizeof(g_probable_mtu[0])) - 1]);
} }
size_t dtls1_min_mtu(SSL *s) size_t dtls1_min_mtu(SSL_CONNECTION *s)
{ {
return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); SSL *ssl = SSL_CONNECTION_GET_SSL(s);
return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(ssl));
} }
size_t DTLS_get_data_mtu(const SSL *s) size_t DTLS_get_data_mtu(const SSL *ssl)
{ {
size_t mac_overhead, int_overhead, blocksize, ext_overhead; size_t mac_overhead, int_overhead, blocksize, ext_overhead;
const SSL_CIPHER *ciph = SSL_get_current_cipher(s); const SSL_CIPHER *ciph = SSL_get_current_cipher(ssl);
size_t mtu = s->d1->mtu; size_t mtu;
const SSL_CONNECTION *s = SSL_CONNECTION_FROM_CONST_SSL_ONLY(ssl);
if (s == NULL)
return 0;
mtu = s->d1->mtu;
if (ciph == NULL) if (ciph == NULL)
return 0; return 0;
@ -939,7 +979,12 @@ size_t DTLS_get_data_mtu(const SSL *s)
return mtu; return mtu;
} }
void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb) void DTLS_set_timer_cb(SSL *ssl, DTLS_timer_cb cb)
{ {
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return;
s->d1->timer_cb = cb; s->d1->timer_cb = cb;
} }

24
ssl/d1_msg.c
View File

@ -13,9 +13,13 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
size_t *written) size_t *written)
{ {
int i; int i;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { if (sc == NULL)
i = s->handshake_func(s); return -1;
if (SSL_in_init(s) && !ossl_statem_get_in_handshake(sc)) {
i = sc->handshake_func(s);
if (i < 0) if (i < 0)
return i; return i;
if (i == 0) { if (i == 0) {
@ -29,16 +33,20 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
return -1; return -1;
} }
return dtls1_write_bytes(s, type, buf_, len, written); return dtls1_write_bytes(sc, type, buf_, len, written);
} }
int dtls1_dispatch_alert(SSL *s) int dtls1_dispatch_alert(SSL *ssl)
{ {
int i, j; int i, j;
void (*cb) (const SSL *ssl, int type, int val) = NULL; void (*cb) (const SSL *ssl, int type, int val) = NULL;
unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char buf[DTLS1_AL_HEADER_LENGTH];
unsigned char *ptr = &buf[0]; unsigned char *ptr = &buf[0];
size_t written; size_t written;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return 0;
s->s3.alert_dispatch = 0; s->s3.alert_dispatch = 0;
@ -55,16 +63,16 @@ int dtls1_dispatch_alert(SSL *s)
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert, s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert,
2, s, s->msg_callback_arg); 2, ssl, s->msg_callback_arg);
if (s->info_callback != NULL) if (s->info_callback != NULL)
cb = s->info_callback; cb = s->info_callback;
else if (s->ctx->info_callback != NULL) else if (ssl->ctx->info_callback != NULL)
cb = s->ctx->info_callback; cb = ssl->ctx->info_callback;
if (cb != NULL) { if (cb != NULL) {
j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1]; j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1];
cb(s, SSL_CB_WRITE_ALERT, j); cb(ssl, SSL_CB_WRITE_ALERT, j);
} }
} }
return i; return i;

22
ssl/d1_srtp.c
View File

@ -144,14 +144,21 @@ int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
{ {
return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (sc == NULL)
return 0;
return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles);
} }
STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s) STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
{ {
if (s != NULL) { SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (s->srtp_profiles != NULL) {
return s->srtp_profiles; if (sc != NULL) {
if (sc->srtp_profiles != NULL) {
return sc->srtp_profiles;
} else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) { } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
return s->ctx->srtp_profiles; return s->ctx->srtp_profiles;
} }
@ -162,6 +169,11 @@ STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
{ {
return s->srtp_profile; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (sc == NULL)
return 0;
return sc->srtp_profile;
} }
#endif #endif

14
ssl/ktls.c
View File

@ -18,7 +18,7 @@
* record layer. If read_ahead is enabled, then this might be false and this * record layer. If read_ahead is enabled, then this might be false and this
* function will fail. * function will fail.
*/ */
static int count_unprocessed_records(SSL *s) static int count_unprocessed_records(SSL_CONNECTION *s)
{ {
SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
PACKET pkt, subpkt; PACKET pkt, subpkt;
@ -48,7 +48,7 @@ static int count_unprocessed_records(SSL *s)
* partial record, fail and return 0. Otherwise, update the sequence * partial record, fail and return 0. Otherwise, update the sequence
* number at *rec_seq for the count of unprocessed records and return 1. * number at *rec_seq for the count of unprocessed records and return 1.
*/ */
static int check_rx_read_ahead(SSL *s, unsigned char *rec_seq) static int check_rx_read_ahead(SSL_CONNECTION *s, unsigned char *rec_seq)
{ {
int bit, count_unprocessed; int bit, count_unprocessed;
@ -80,7 +80,7 @@ static int check_rx_read_ahead(SSL *s, unsigned char *rec_seq)
* provider is found, but this checks if the socket option * provider is found, but this checks if the socket option
* supports the cipher suite used at all. * supports the cipher suite used at all.
*/ */
int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c,
const EVP_CIPHER_CTX *dd) const EVP_CIPHER_CTX *dd)
{ {
@ -120,7 +120,8 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
} }
/* Function to configure kernel TLS structure */ /* Function to configure kernel TLS structure */
int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c,
EVP_CIPHER_CTX *dd,
void *rl_sequence, ktls_crypto_info_t *crypto_info, void *rl_sequence, ktls_crypto_info_t *crypto_info,
int is_tx, unsigned char *iv, int is_tx, unsigned char *iv,
unsigned char *key, unsigned char *mac_key, unsigned char *key, unsigned char *mac_key,
@ -186,7 +187,7 @@ int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
#if defined(OPENSSL_SYS_LINUX) #if defined(OPENSSL_SYS_LINUX)
/* Function to check supported ciphers in Linux */ /* Function to check supported ciphers in Linux */
int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c,
const EVP_CIPHER_CTX *dd) const EVP_CIPHER_CTX *dd)
{ {
switch (s->version) { switch (s->version) {
@ -225,7 +226,8 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
} }
/* Function to configure kernel TLS structure */ /* Function to configure kernel TLS structure */
int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c,
EVP_CIPHER_CTX *dd,
void *rl_sequence, ktls_crypto_info_t *crypto_info, void *rl_sequence, ktls_crypto_info_t *crypto_info,
int is_tx, unsigned char *iv, int is_tx, unsigned char *iv,
unsigned char *key, unsigned char *mac_key, unsigned char *key, unsigned char *mac_key,

2
ssl/priority_queue.c
View File

@ -356,7 +356,7 @@ void ossl_pqueue_free(OSSL_PQUEUE *pq)
OPENSSL_free(pq->heap); OPENSSL_free(pq->heap);
OPENSSL_free(pq->elements); OPENSSL_free(pq->elements);
OPENSSL_free(pq); OPENSSL_free(pq);
} }
} }
void ossl_pqueue_pop_free(OSSL_PQUEUE *pq, void (*freefunc)(void *)) void ossl_pqueue_pop_free(OSSL_PQUEUE *pq, void (*freefunc)(void *))

99
ssl/quic/quic_impl.c
View File

@ -11,16 +11,74 @@
#include <openssl/objects.h> #include <openssl/objects.h>
#include "quic_local.h" #include "quic_local.h"
int ossl_quic_new(SSL *s) SSL *ossl_quic_new(SSL_CTX *ctx)
{
QUIC_CONNECTION *qc;
SSL *ssl = NULL;
SSL_CONNECTION *sc;
qc = OPENSSL_zalloc(sizeof(*qc));
if (qc == NULL)
goto err;
ssl = &qc->ssl;
if (!ossl_ssl_init(ssl, ctx, SSL_TYPE_QUIC_CONNECTION)) {
OPENSSL_free(qc);
ssl = NULL;
goto err;
}
qc->tls = ossl_ssl_connection_new(ctx);
if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
goto err;
/* override the user_ssl of the inner connection */
sc->user_ssl = ssl;
/* We'll need to set proper TLS method on qc->tls here */
return ssl;
err:
ossl_quic_free(ssl);
return NULL;
}
int ossl_quic_init(SSL *s)
{ {
return s->method->ssl_clear(s); return s->method->ssl_clear(s);
} }
void ossl_quic_free(SSL *s) void ossl_quic_deinit(SSL *s)
{ {
return; return;
} }
void ossl_quic_free(SSL *s)
{
QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
if (qc == NULL) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
if (sc != NULL)
ossl_ssl_connection_free(s);
return;
}
SSL_free(qc->tls);
return;
}
int ossl_quic_reset(SSL *s)
{
QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
if (qc == NULL) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
return sc != NULL ? ossl_ssl_connection_reset(s) : 0;
}
return ossl_ssl_connection_reset(qc->tls);
}
int ossl_quic_clear(SSL *s) int ossl_quic_clear(SSL *s)
{ {
return 1; return 1;
@ -28,13 +86,23 @@ int ossl_quic_clear(SSL *s)
int ossl_quic_accept(SSL *s) int ossl_quic_accept(SSL *s)
{ {
s->statem.in_init = 0; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
if (sc == NULL)
return 0;
sc->statem.in_init = 0;
return 1; return 1;
} }
int ossl_quic_connect(SSL *s) int ossl_quic_connect(SSL *s)
{ {
s->statem.in_init = 0; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
if (sc == NULL)
return 0;
sc->statem.in_init = 0;
return 1; return 1;
} }
@ -42,14 +110,15 @@ int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes)
{ {
int ret; int ret;
BIO *rbio = SSL_get_rbio(s); BIO *rbio = SSL_get_rbio(s);
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
if (rbio == NULL) if (sc == NULL || rbio == NULL)
return 0; return 0;
s->rwstate = SSL_READING; sc->rwstate = SSL_READING;
ret = BIO_read_ex(rbio, buf, len, readbytes); ret = BIO_read_ex(rbio, buf, len, readbytes);
if (ret > 0 || !BIO_should_retry(rbio)) if (ret > 0 || !BIO_should_retry(rbio))
s->rwstate = SSL_NOTHING; sc->rwstate = SSL_NOTHING;
return ret <= 0 ? -1 : ret; return ret <= 0 ? -1 : ret;
} }
@ -62,14 +131,15 @@ int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
{ {
BIO *wbio = SSL_get_wbio(s); BIO *wbio = SSL_get_wbio(s);
int ret; int ret;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
if (wbio == NULL) if (sc == NULL || wbio == NULL)
return 0; return 0;
s->rwstate = SSL_WRITING; sc->rwstate = SSL_WRITING;
ret = BIO_write_ex(wbio, buf, len, written); ret = BIO_write_ex(wbio, buf, len, written);
if (ret > 0 || !BIO_should_retry(wbio)) if (ret > 0 || !BIO_should_retry(wbio))
s->rwstate = SSL_NOTHING; sc->rwstate = SSL_NOTHING;
return ret; return ret;
} }
@ -80,12 +150,17 @@ int ossl_quic_shutdown(SSL *s)
long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg) long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
{ {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
if (sc == NULL)
return 0;
switch(cmd) { switch(cmd) {
case SSL_CTRL_CHAIN: case SSL_CTRL_CHAIN:
if (larg) if (larg)
return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg); return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
else else
return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg); return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
} }
return 0; return 0;
} }

44
ssl/quic/quic_local.h
View File

@ -13,6 +13,36 @@
# include <openssl/ssl.h> # include <openssl/ssl.h>
# include "../ssl_local.h" # include "../ssl_local.h"
typedef struct quic_conn_st {
/* type identifier and common data */
struct ssl_st ssl;
/* the associated tls-1.3 connection data */
SSL *tls;
/* just an example member */
uint64_t conn_id;
} QUIC_CONNECTION;
# define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \
((ssl) == NULL ? NULL \
: ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
? (c QUIC_CONNECTION *)(ssl) \
: NULL))
# define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) \
((ssl) == NULL ? NULL \
: ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \
: NULL))
# define QUIC_CONNECTION_FROM_SSL(ssl) \
QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
# define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \
QUIC_CONNECTION_FROM_SSL_int(ssl, const)
# define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \
SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
# define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \
SSL_CONNECTION_FROM_CONST_QUIC_SSL_int(ssl, const)
# define OSSL_QUIC_ANY_VERSION 0xFFFFF # define OSSL_QUIC_ANY_VERSION 0xFFFFF
# define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \ # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \
@ -24,8 +54,11 @@ const SSL_METHOD *func_name(void) \
0, \ 0, \
0, \ 0, \
ossl_quic_new, \ ossl_quic_new, \
ossl_quic_clear, \
ossl_quic_free, \ ossl_quic_free, \
ossl_quic_reset, \
ossl_quic_init, \
ossl_quic_clear, \
ossl_quic_deinit, \
q_accept, \ q_accept, \
q_connect, \ q_connect, \
ossl_quic_read, \ ossl_quic_read, \
@ -53,8 +86,11 @@ const SSL_METHOD *func_name(void) \
return &func_name##_data; \ return &func_name##_data; \
} }
__owur int ossl_quic_new(SSL *s); __owur SSL *ossl_quic_new(SSL_CTX *ctx);
__owur int ossl_quic_init(SSL *s);
void ossl_quic_deinit(SSL *s);
void ossl_quic_free(SSL *s); void ossl_quic_free(SSL *s);
int ossl_quic_reset(SSL *s);
int ossl_quic_clear(SSL *s); int ossl_quic_clear(SSL *s);
__owur int ossl_quic_accept(SSL *s); __owur int ossl_quic_accept(SSL *s);
__owur int ossl_quic_connect(SSL *s); __owur int ossl_quic_connect(SSL *s);
@ -63,9 +99,9 @@ __owur int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes);
__owur int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written); __owur int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written);
__owur int ossl_quic_shutdown(SSL *s); __owur int ossl_quic_shutdown(SSL *s);
__owur long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg); __owur long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg);
__owur long ossl_quic_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); __owur long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
__owur long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); __owur long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur long ossl_quic_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void)); __owur long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void));
__owur size_t ossl_quic_pending(const SSL *s); __owur size_t ossl_quic_pending(const SSL *s);
__owur long ossl_quic_default_timeout(void); __owur long ossl_quic_default_timeout(void);
__owur int ossl_quic_num_ciphers(void); __owur int ossl_quic_num_ciphers(void);

4
ssl/record/dtls1_bitmap.c
View File

@ -35,7 +35,7 @@ static int satsub64be(const unsigned char *v1, const unsigned char *v2)
return (int)ret; return (int)ret;
} }
int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) int dtls1_record_replay_check(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap)
{ {
int cmp; int cmp;
unsigned int shift; unsigned int shift;
@ -56,7 +56,7 @@ int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
return 1; return 1;
} }
void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) void dtls1_record_bitmap_update(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap)
{ {
int cmp; int cmp;
unsigned int shift; unsigned int shift;

253
ssl/record/rec_layer_d1.c
View File

@ -124,7 +124,7 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
} }
/* copy buffered record into SSL structure */ /* copy buffered record into SSL structure */
static int dtls1_copy_record(SSL *s, pitem *item) static int dtls1_copy_record(SSL_CONNECTION *s, pitem *item)
{ {
DTLS1_RECORD_DATA *rdata; DTLS1_RECORD_DATA *rdata;
@ -143,10 +143,14 @@ static int dtls1_copy_record(SSL *s, pitem *item)
return 1; return 1;
} }
int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) int dtls1_buffer_record(SSL_CONNECTION *s, record_pqueue *queue,
unsigned char *priority)
{ {
DTLS1_RECORD_DATA *rdata; DTLS1_RECORD_DATA *rdata;
pitem *item; pitem *item;
#ifndef OPENSSL_NO_SCTP
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
#endif
/* Limit the size of the queue to prevent DOS attacks */ /* Limit the size of the queue to prevent DOS attacks */
if (pqueue_size(queue->q) >= 100) if (pqueue_size(queue->q) >= 100)
@ -170,10 +174,10 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
/* Store bio_dgram_sctp_rcvinfo struct */ /* Store bio_dgram_sctp_rcvinfo struct */
if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && if (BIO_dgram_is_sctp(SSL_get_rbio(ssl)) &&
(SSL_get_state(s) == TLS_ST_SR_FINISHED (SSL_get_state(ssl) == TLS_ST_SR_FINISHED
|| SSL_get_state(s) == TLS_ST_CR_FINISHED)) { || SSL_get_state(ssl) == TLS_ST_CR_FINISHED)) {
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, BIO_ctrl(SSL_get_rbio(ssl), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
sizeof(rdata->recordinfo), &rdata->recordinfo); sizeof(rdata->recordinfo), &rdata->recordinfo);
} }
#endif #endif
@ -201,7 +205,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
return 1; return 1;
} }
int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) int dtls1_retrieve_buffered_record(SSL_CONNECTION *s, record_pqueue *queue)
{ {
pitem *item; pitem *item;
@ -226,7 +230,7 @@ int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
dtls1_retrieve_buffered_record((s), \ dtls1_retrieve_buffered_record((s), \
&((s)->rlayer.d->unprocessed_rcds)) &((s)->rlayer.d->unprocessed_rcds))
int dtls1_process_buffered_records(SSL *s) int dtls1_process_buffered_records(SSL_CONNECTION *s)
{ {
pitem *item; pitem *item;
SSL3_BUFFER *rb; SSL3_BUFFER *rb;
@ -270,7 +274,7 @@ int dtls1_process_buffered_records(SSL *s)
} }
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
/* Only do replay check if no SCTP bio */ /* Only do replay check if no SCTP bio */
if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) if (!BIO_dgram_is_sctp(SSL_get_rbio(SSL_CONNECTION_GET_SSL(s))))
#endif #endif
{ {
/* /*
@ -347,10 +351,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
size_t n; size_t n;
SSL3_RECORD *rr; SSL3_RECORD *rr;
void (*cb) (const SSL *ssl, int type2, int val) = NULL; void (*cb) (const SSL *ssl, int type2, int val) = NULL;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) { if (sc == NULL)
return -1;
if (!SSL3_BUFFER_is_initialised(&sc->rlayer.rbuf)) {
/* Not initialized yet */ /* Not initialized yet */
if (!ssl3_setup_buffers(s)) { if (!ssl3_setup_buffers(sc)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return -1; return -1;
} }
@ -359,13 +367,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if ((type && (type != SSL3_RT_APPLICATION_DATA) && if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
(type != SSL3_RT_HANDSHAKE)) || (type != SSL3_RT_HANDSHAKE)) ||
(peek && (type != SSL3_RT_APPLICATION_DATA))) { (peek && (type != SSL3_RT_APPLICATION_DATA))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }
if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) { if (!ossl_statem_get_in_handshake(sc) && SSL_in_init(s)) {
/* type == SSL3_RT_APPLICATION_DATA */ /* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s); i = sc->handshake_func(s);
/* SSLfatal() already called if appropriate */ /* SSLfatal() already called if appropriate */
if (i < 0) if (i < 0)
return i; return i;
@ -374,7 +382,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
} }
start: start:
s->rwstate = SSL_NOTHING; sc->rwstate = SSL_NOTHING;
/*- /*-
* s->s3.rrec.type - is the type of record * s->s3.rrec.type - is the type of record
@ -382,7 +390,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* s->s3.rrec.off, - offset into 'data' for next read * s->s3.rrec.off, - offset into 'data' for next read
* s->s3.rrec.length, - number of bytes. * s->s3.rrec.length, - number of bytes.
*/ */
rr = s->rlayer.rrec; rr = sc->rlayer.rrec;
/* /*
* We are not handshaking and have no data yet, so process data buffered * We are not handshaking and have no data yet, so process data buffered
@ -390,7 +398,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/ */
if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) { if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) {
pitem *item; pitem *item;
item = pqueue_pop(s->rlayer.d->buffered_app_data.q); item = pqueue_pop(sc->rlayer.d->buffered_app_data.q);
if (item) { if (item) {
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
/* Restore bio_dgram_sctp_rcvinfo struct */ /* Restore bio_dgram_sctp_rcvinfo struct */
@ -401,7 +409,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
} }
#endif #endif
dtls1_copy_record(s, item); dtls1_copy_record(sc, item);
OPENSSL_free(item->data); OPENSSL_free(item->data);
pitem_free(item); pitem_free(item);
@ -409,20 +417,20 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
} }
/* Check for timeout */ /* Check for timeout */
if (dtls1_handle_timeout(s) > 0) { if (dtls1_handle_timeout(sc) > 0) {
goto start; goto start;
} else if (ossl_statem_in_error(s)) { } else if (ossl_statem_in_error(sc)) {
/* dtls1_handle_timeout() has failed with a fatal error */ /* dtls1_handle_timeout() has failed with a fatal error */
return -1; return -1;
} }
/* get new packet if necessary */ /* get new packet if necessary */
if ((SSL3_RECORD_get_length(rr) == 0) if ((SSL3_RECORD_get_length(rr) == 0)
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) { || (sc->rlayer.rstate == SSL_ST_READ_BODY)) {
RECORD_LAYER_set_numrpipes(&s->rlayer, 0); RECORD_LAYER_set_numrpipes(&sc->rlayer, 0);
iret = dtls1_get_record(s); iret = dtls1_get_record(sc);
if (iret <= 0) { if (iret <= 0) {
iret = dtls1_read_failed(s, iret); iret = dtls1_read_failed(sc, iret);
/* /*
* Anything other than a timeout is an error. SSLfatal() already * Anything other than a timeout is an error. SSLfatal() already
* called if appropriate. * called if appropriate.
@ -432,7 +440,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
else else
goto start; goto start;
} }
RECORD_LAYER_set_numrpipes(&s->rlayer, 1); RECORD_LAYER_set_numrpipes(&sc->rlayer, 1);
} }
/* /*
@ -441,11 +449,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/ */
if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
&& SSL3_RECORD_get_length(rr) != 0) && SSL3_RECORD_get_length(rr) != 0)
s->rlayer.alert_count = 0; sc->rlayer.alert_count = 0;
/* we now have a packet which can be read and processed */ /* we now have a packet which can be read and processed */
if (s->s3.change_cipher_spec /* set when we receive ChangeCipherSpec, if (sc->s3.change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */ * reset by ssl3_get_finished */
&& (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) { && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
/* /*
@ -453,7 +461,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* the packets were reordered on their way, so buffer the application * the packets were reordered on their way, so buffer the application
* data for later processing rather than dropping the connection. * data for later processing rather than dropping the connection.
*/ */
if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data), if (dtls1_buffer_record(sc, &(sc->rlayer.d->buffered_app_data),
SSL3_RECORD_get_seq_num(rr)) < 0) { SSL3_RECORD_get_seq_num(rr)) < 0) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return -1; return -1;
@ -467,10 +475,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* If the other end has shut down, throw anything we read away (even in * If the other end has shut down, throw anything we read away (even in
* 'peek' mode) * 'peek' mode)
*/ */
if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr); SSL3_RECORD_set_read(rr);
s->rwstate = SSL_NOTHING; sc->rwstate = SSL_NOTHING;
return 0; return 0;
} }
@ -487,8 +495,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* doing a handshake for the first time * doing a handshake for the first time
*/ */
if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
(s->enc_read_ctx == NULL)) { (sc->enc_read_ctx == NULL)) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE,
SSL_R_APP_DATA_IN_HANDSHAKE); SSL_R_APP_DATA_IN_HANDSHAKE);
return -1; return -1;
} }
@ -517,12 +525,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (SSL3_RECORD_get_length(rr) == 0) if (SSL3_RECORD_get_length(rr) == 0)
SSL3_RECORD_set_read(rr); SSL3_RECORD_set_read(rr);
} else { } else {
if (s->options & SSL_OP_CLEANSE_PLAINTEXT) if (sc->options & SSL_OP_CLEANSE_PLAINTEXT)
OPENSSL_cleanse(&(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n); OPENSSL_cleanse(&(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
SSL3_RECORD_sub_length(rr, n); SSL3_RECORD_sub_length(rr, n);
SSL3_RECORD_add_off(rr, n); SSL3_RECORD_add_off(rr, n);
if (SSL3_RECORD_get_length(rr) == 0) { if (SSL3_RECORD_get_length(rr) == 0) {
s->rlayer.rstate = SSL_ST_READ_HEADER; sc->rlayer.rstate = SSL_ST_READ_HEADER;
SSL3_RECORD_set_off(rr, 0); SSL3_RECORD_set_off(rr, 0);
SSL3_RECORD_set_read(rr); SSL3_RECORD_set_read(rr);
} }
@ -534,9 +542,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* anymore, finally set shutdown. * anymore, finally set shutdown.
*/ */
if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
s->d1->shutdown_received sc->d1->shutdown_received
&& BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) { && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) {
s->shutdown |= SSL_RECEIVED_SHUTDOWN; sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
return 0; return 0;
} }
#endif #endif
@ -559,16 +567,16 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|| !PACKET_get_1(&alert, &alert_level) || !PACKET_get_1(&alert, &alert_level)
|| !PACKET_get_1(&alert, &alert_descr) || !PACKET_get_1(&alert, &alert_descr)
|| PACKET_remaining(&alert) != 0) { || PACKET_remaining(&alert) != 0) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT); SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT);
return -1; return -1;
} }
if (s->msg_callback) if (sc->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s, sc->msg_callback(0, sc->version, SSL3_RT_ALERT, alert_bytes, 2, s,
s->msg_callback_arg); sc->msg_callback_arg);
if (s->info_callback != NULL) if (sc->info_callback != NULL)
cb = s->info_callback; cb = sc->info_callback;
else if (s->ctx->info_callback != NULL) else if (s->ctx->info_callback != NULL)
cb = s->ctx->info_callback; cb = s->ctx->info_callback;
@ -578,12 +586,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
} }
if (alert_level == SSL3_AL_WARNING) { if (alert_level == SSL3_AL_WARNING) {
s->s3.warn_alert = alert_descr; sc->s3.warn_alert = alert_descr;
SSL3_RECORD_set_read(rr); SSL3_RECORD_set_read(rr);
s->rlayer.alert_count++; sc->rlayer.alert_count++;
if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { if (sc->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE,
SSL_R_TOO_MANY_WARN_ALERTS); SSL_R_TOO_MANY_WARN_ALERTS);
return -1; return -1;
} }
@ -597,37 +605,37 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/ */
if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) { BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) {
s->d1->shutdown_received = 1; sc->d1->shutdown_received = 1;
s->rwstate = SSL_READING; sc->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s));
return -1; return -1;
} }
#endif #endif
s->shutdown |= SSL_RECEIVED_SHUTDOWN; sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
return 0; return 0;
} }
} else if (alert_level == SSL3_AL_FATAL) { } else if (alert_level == SSL3_AL_FATAL) {
s->rwstate = SSL_NOTHING; sc->rwstate = SSL_NOTHING;
s->s3.fatal_alert = alert_descr; sc->s3.fatal_alert = alert_descr;
SSLfatal_data(s, SSL_AD_NO_ALERT, SSLfatal_data(sc, SSL_AD_NO_ALERT,
SSL_AD_REASON_OFFSET + alert_descr, SSL_AD_REASON_OFFSET + alert_descr,
"SSL alert number %d", alert_descr); "SSL alert number %d", alert_descr);
s->shutdown |= SSL_RECEIVED_SHUTDOWN; sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL3_RECORD_set_read(rr); SSL3_RECORD_set_read(rr);
SSL_CTX_remove_session(s->session_ctx, s->session); SSL_CTX_remove_session(sc->session_ctx, sc->session);
return 0; return 0;
} else { } else {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE); SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE);
return -1; return -1;
} }
goto start; goto start;
} }
if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a if (sc->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
* shutdown */ * shutdown */
s->rwstate = SSL_NOTHING; sc->rwstate = SSL_NOTHING;
SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr); SSL3_RECORD_set_read(rr);
return 0; return 0;
@ -647,14 +655,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* Unexpected handshake message (Client Hello, or protocol violation) * Unexpected handshake message (Client Hello, or protocol violation)
*/ */
if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) && if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) &&
!ossl_statem_get_in_handshake(s)) { !ossl_statem_get_in_handshake(sc)) {
struct hm_header_st msg_hdr; struct hm_header_st msg_hdr;
/* /*
* This may just be a stale retransmit. Also sanity check that we have * This may just be a stale retransmit. Also sanity check that we have
* at least enough record bytes for a message header * at least enough record bytes for a message header
*/ */
if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch if (SSL3_RECORD_get_epoch(rr) != sc->rlayer.d->r_epoch
|| SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) { || SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) {
SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr); SSL3_RECORD_set_read(rr);
@ -668,24 +676,24 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* here, then retransmit our CCS and FINISHED. * here, then retransmit our CCS and FINISHED.
*/ */
if (msg_hdr.type == SSL3_MT_FINISHED) { if (msg_hdr.type == SSL3_MT_FINISHED) {
if (dtls1_check_timeout_num(s) < 0) { if (dtls1_check_timeout_num(sc) < 0) {
/* SSLfatal) already called */ /* SSLfatal) already called */
return -1; return -1;
} }
if (dtls1_retransmit_buffered_messages(s) <= 0) { if (dtls1_retransmit_buffered_messages(sc) <= 0) {
/* Fail if we encountered a fatal error */ /* Fail if we encountered a fatal error */
if (ossl_statem_in_error(s)) if (ossl_statem_in_error(sc))
return -1; return -1;
} }
SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr); SSL3_RECORD_set_read(rr);
if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (!(sc->mode & SSL_MODE_AUTO_RETRY)) {
if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) { if (SSL3_BUFFER_get_left(&sc->rlayer.rbuf) == 0) {
/* no read-ahead left? */ /* no read-ahead left? */
BIO *bio; BIO *bio;
s->rwstate = SSL_READING; sc->rwstate = SSL_READING;
bio = SSL_get_rbio(s); bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio); BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio); BIO_set_retry_read(bio);
@ -702,22 +710,22 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* finished * finished
*/ */
if (!ossl_assert(SSL_is_init_finished(s))) { if (!ossl_assert(SSL_is_init_finished(s))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }
/* We found handshake data, so we're going back into init */ /* We found handshake data, so we're going back into init */
ossl_statem_set_in_init(s, 1); ossl_statem_set_in_init(sc, 1);
i = s->handshake_func(s); i = sc->handshake_func(s);
/* SSLfatal() called if appropriate */ /* SSLfatal() called if appropriate */
if (i < 0) if (i < 0)
return i; return i;
if (i == 0) if (i == 0)
return -1; return -1;
if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (!(sc->mode & SSL_MODE_AUTO_RETRY)) {
if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) { if (SSL3_BUFFER_get_left(&sc->rlayer.rbuf) == 0) {
/* no read-ahead left? */ /* no read-ahead left? */
BIO *bio; BIO *bio;
/* /*
@ -726,7 +734,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* option set. Otherwise renegotiation may cause nasty * option set. Otherwise renegotiation may cause nasty
* problems in the blocking world * problems in the blocking world
*/ */
s->rwstate = SSL_READING; sc->rwstate = SSL_READING;
bio = SSL_get_rbio(s); bio = SSL_get_rbio(s);
BIO_clear_retry_flags(bio); BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio); BIO_set_retry_read(bio);
@ -738,7 +746,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
switch (SSL3_RECORD_get_type(rr)) { switch (SSL3_RECORD_get_type(rr)) {
default: default:
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
return -1; return -1;
case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_CHANGE_CIPHER_SPEC:
case SSL3_RT_ALERT: case SSL3_RT_ALERT:
@ -748,7 +756,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
* that should not happen when type != rr->type * that should not happen when type != rr->type
*/ */
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR); SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR);
return -1; return -1;
case SSL3_RT_APPLICATION_DATA: case SSL3_RT_APPLICATION_DATA:
/* /*
@ -758,13 +766,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* application data at this point (session renegotiation not yet * application data at this point (session renegotiation not yet
* started), we will indulge it. * started), we will indulge it.
*/ */
if (s->s3.in_read_app_data && if (sc->s3.in_read_app_data &&
(s->s3.total_renegotiations != 0) && (sc->s3.total_renegotiations != 0) &&
ossl_statem_app_data_allowed(s)) { ossl_statem_app_data_allowed(sc)) {
s->s3.in_read_app_data = 2; sc->s3.in_read_app_data = 2;
return -1; return -1;
} else { } else {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
return -1; return -1;
} }
} }
@ -775,8 +783,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* Call this to write data in records of type 'type' It will return <= 0 if * Call this to write data in records of type 'type' It will return <= 0 if
* not all data has been sent or non-blocking IO. * not all data has been sent or non-blocking IO.
*/ */
int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, int dtls1_write_bytes(SSL_CONNECTION *s, int type, const void *buf,
size_t *written) size_t len, size_t *written)
{ {
int i; int i;
@ -789,7 +797,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
return i; return i;
} }
int do_dtls1_write(SSL *s, int type, const unsigned char *buf, int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,
size_t len, int create_empty_fragment, size_t *written) size_t len, int create_empty_fragment, size_t *written)
{ {
unsigned char *p, *pseq; unsigned char *p, *pseq;
@ -799,20 +807,21 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
SSL3_RECORD wr; SSL3_RECORD wr;
SSL3_BUFFER *wb; SSL3_BUFFER *wb;
SSL_SESSION *sess; SSL_SESSION *sess;
SSL *s = SSL_CONNECTION_GET_SSL(sc);
wb = &s->rlayer.wbuf[0]; wb = &sc->rlayer.wbuf[0];
/* /*
* DTLS writes whole datagrams, so there can't be anything left in * DTLS writes whole datagrams, so there can't be anything left in
* the buffer. * the buffer.
*/ */
if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) { if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
/* If we have an alert to send, lets send it */ /* If we have an alert to send, lets send it */
if (s->s3.alert_dispatch) { if (sc->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s); i = s->method->ssl_dispatch_alert(s);
if (i <= 0) if (i <= 0)
return i; return i;
@ -822,24 +831,24 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
if (len == 0 && !create_empty_fragment) if (len == 0 && !create_empty_fragment)
return 0; return 0;
if (len > ssl_get_max_send_fragment(s)) { if (len > ssl_get_max_send_fragment(sc)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
return 0; return 0;
} }
sess = s->session; sess = sc->session;
if ((sess == NULL) if ((sess == NULL)
|| (s->enc_write_ctx == NULL) || (sc->enc_write_ctx == NULL)
|| (EVP_MD_CTX_get0_md(s->write_hash) == NULL)) || (EVP_MD_CTX_get0_md(sc->write_hash) == NULL))
clear = 1; clear = 1;
if (clear) if (clear)
mac_size = 0; mac_size = 0;
else { else {
mac_size = EVP_MD_CTX_get_size(s->write_hash); mac_size = EVP_MD_CTX_get_size(sc->write_hash);
if (mac_size < 0) { if (mac_size < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(sc, SSL_AD_INTERNAL_ERROR,
SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
return -1; return -1;
} }
@ -857,12 +866,12 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
* header: otherwise some clients will ignore it. * header: otherwise some clients will ignore it.
*/ */
if (s->method->version == DTLS_ANY_VERSION && if (s->method->version == DTLS_ANY_VERSION &&
s->max_proto_version != DTLS1_BAD_VER) { sc->max_proto_version != DTLS1_BAD_VER) {
*(p++) = DTLS1_VERSION >> 8; *(p++) = DTLS1_VERSION >> 8;
*(p++) = DTLS1_VERSION & 0xff; *(p++) = DTLS1_VERSION & 0xff;
} else { } else {
*(p++) = s->version >> 8; *(p++) = sc->version >> 8;
*(p++) = s->version & 0xff; *(p++) = sc->version & 0xff;
} }
/* field where we are to write out packet epoch, seq num and len */ /* field where we are to write out packet epoch, seq num and len */
@ -870,10 +879,10 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
p += 10; p += 10;
/* Explicit IV length, block ciphers appropriate version flag */ /* Explicit IV length, block ciphers appropriate version flag */
if (s->enc_write_ctx) { if (sc->enc_write_ctx) {
int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); int mode = EVP_CIPHER_CTX_get_mode(sc->enc_write_ctx);
if (mode == EVP_CIPH_CBC_MODE) { if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); eivlen = EVP_CIPHER_CTX_get_iv_length(sc->enc_write_ctx);
if (eivlen <= 1) if (eivlen <= 1)
eivlen = 0; eivlen = 0;
} }
@ -897,9 +906,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
*/ */
/* first we compress */ /* first we compress */
if (s->compress != NULL) { if (sc->compress != NULL) {
if (!ssl3_do_compress(s, &wr)) { if (!ssl3_do_compress(sc, &wr)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE); SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE);
return -1; return -1;
} }
} else { } else {
@ -914,11 +923,11 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
* wb->buf * wb->buf
*/ */
if (!SSL_WRITE_ETM(s) && mac_size != 0) { if (!SSL_WRITE_ETM(sc) && mac_size != 0) {
if (!s->method->ssl3_enc->mac(s, &wr, if (!s->method->ssl3_enc->mac(sc, &wr,
&(p[SSL3_RECORD_get_length(&wr) + eivlen]), &(p[SSL3_RECORD_get_length(&wr) + eivlen]),
1)) { 1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }
SSL3_RECORD_add_length(&wr, mac_size); SSL3_RECORD_add_length(&wr, mac_size);
@ -931,17 +940,17 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
if (eivlen) if (eivlen)
SSL3_RECORD_add_length(&wr, eivlen); SSL3_RECORD_add_length(&wr, eivlen);
if (s->method->ssl3_enc->enc(s, &wr, 1, 1, NULL, mac_size) < 1) { if (s->method->ssl3_enc->enc(sc, &wr, 1, 1, NULL, mac_size) < 1) {
if (!ossl_statem_in_error(s)) { if (!ossl_statem_in_error(sc)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
} }
return -1; return -1;
} }
if (SSL_WRITE_ETM(s) && mac_size != 0) { if (SSL_WRITE_ETM(sc) && mac_size != 0) {
if (!s->method->ssl3_enc->mac(s, &wr, if (!s->method->ssl3_enc->mac(sc, &wr,
&(p[SSL3_RECORD_get_length(&wr)]), 1)) { &(p[SSL3_RECORD_get_length(&wr)]), 1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }
SSL3_RECORD_add_length(&wr, mac_size); SSL3_RECORD_add_length(&wr, mac_size);
@ -951,15 +960,15 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
/* there's only one epoch between handshake and app data */ /* there's only one epoch between handshake and app data */
s2n(s->rlayer.d->w_epoch, pseq); s2n(sc->rlayer.d->w_epoch, pseq);
memcpy(pseq, &(s->rlayer.write_sequence[2]), 6); memcpy(pseq, &(sc->rlayer.write_sequence[2]), 6);
pseq += 6; pseq += 6;
s2n(SSL3_RECORD_get_length(&wr), pseq); s2n(SSL3_RECORD_get_length(&wr), pseq);
if (s->msg_callback) if (sc->msg_callback)
s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, sc->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH,
DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); DTLS1_RT_HEADER_LENGTH, s, sc->msg_callback_arg);
/* /*
* we should now have wr.data pointing to the encrypted data, which is * we should now have wr.data pointing to the encrypted data, which is
@ -968,7 +977,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
SSL3_RECORD_set_type(&wr, type); /* not needed but helps for debugging */ SSL3_RECORD_set_type(&wr, type); /* not needed but helps for debugging */
SSL3_RECORD_add_length(&wr, DTLS1_RT_HEADER_LENGTH); SSL3_RECORD_add_length(&wr, DTLS1_RT_HEADER_LENGTH);
ssl3_record_sequence_update(&(s->rlayer.write_sequence[0])); ssl3_record_sequence_update(&(sc->rlayer.write_sequence[0]));
if (create_empty_fragment) { if (create_empty_fragment) {
/* /*
@ -987,16 +996,16 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
* memorize arguments so that ssl3_write_pending can detect bad write * memorize arguments so that ssl3_write_pending can detect bad write
* retries later * retries later
*/ */
s->rlayer.wpend_tot = len; sc->rlayer.wpend_tot = len;
s->rlayer.wpend_buf = buf; sc->rlayer.wpend_buf = buf;
s->rlayer.wpend_type = type; sc->rlayer.wpend_type = type;
s->rlayer.wpend_ret = len; sc->rlayer.wpend_ret = len;
/* we now just need to write the buffer. Calls SSLfatal() as required. */ /* we now just need to write the buffer. Calls SSLfatal() as required. */
return ssl3_write_pending(s, type, buf, len, written); return ssl3_write_pending(sc, type, buf, len, written);
} }
DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, DTLS1_BITMAP *dtls1_get_bitmap(SSL_CONNECTION *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch) unsigned int *is_next_epoch)
{ {
@ -1021,7 +1030,7 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
return NULL; return NULL;
} }
void dtls1_reset_seq_numbers(SSL *s, int rw) void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw)
{ {
unsigned char *seq; unsigned char *seq;
unsigned int seq_bytes = sizeof(s->rlayer.read_sequence); unsigned int seq_bytes = sizeof(s->rlayer.read_sequence);

147
ssl/record/rec_layer_s3.c
View File

@ -26,7 +26,7 @@
# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 # define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
#endif #endif
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s) void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s)
{ {
rl->s = s; rl->s = s;
RECORD_LAYER_set_first_record(&s->rlayer); RECORD_LAYER_set_first_record(&s->rlayer);
@ -111,15 +111,19 @@ void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
size_t ssl3_pending(const SSL *s) size_t ssl3_pending(const SSL *s)
{ {
size_t i, num = 0; size_t i, num = 0;
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (s->rlayer.rstate == SSL_ST_READ_BODY) if (sc == NULL)
return 0; return 0;
for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) { if (sc->rlayer.rstate == SSL_ST_READ_BODY)
if (SSL3_RECORD_get_type(&s->rlayer.rrec[i]) return 0;
for (i = 0; i < RECORD_LAYER_get_numrpipes(&sc->rlayer); i++) {
if (SSL3_RECORD_get_type(&sc->rlayer.rrec[i])
!= SSL3_RT_APPLICATION_DATA) != SSL3_RT_APPLICATION_DATA)
return 0; return 0;
num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]); num += SSL3_RECORD_get_length(&sc->rlayer.rrec[i]);
} }
return num; return num;
@ -132,12 +136,22 @@ void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
void SSL_set_default_read_buffer_len(SSL *s, size_t len) void SSL_set_default_read_buffer_len(SSL *s, size_t len)
{ {
SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&s->rlayer), len); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return;
SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&sc->rlayer), len);
} }
const char *SSL_rstate_string_long(const SSL *s) const char *SSL_rstate_string_long(const SSL *s)
{ {
switch (s->rlayer.rstate) { const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return NULL;
switch (sc->rlayer.rstate) {
case SSL_ST_READ_HEADER: case SSL_ST_READ_HEADER:
return "read header"; return "read header";
case SSL_ST_READ_BODY: case SSL_ST_READ_BODY:
@ -151,7 +165,12 @@ const char *SSL_rstate_string_long(const SSL *s)
const char *SSL_rstate_string(const SSL *s) const char *SSL_rstate_string(const SSL *s)
{ {
switch (s->rlayer.rstate) { const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return NULL;
switch (sc->rlayer.rstate) {
case SSL_ST_READ_HEADER: case SSL_ST_READ_HEADER:
return "RH"; return "RH";
case SSL_ST_READ_BODY: case SSL_ST_READ_BODY:
@ -166,8 +185,8 @@ const char *SSL_rstate_string(const SSL *s)
/* /*
* Return values are as per SSL_read() * Return values are as per SSL_read()
*/ */
int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, int ssl3_read_n(SSL_CONNECTION *s, size_t n, size_t max, int extend,
size_t *readbytes) int clearold, size_t *readbytes)
{ {
/* /*
* If extend == 0, obtain new n-byte packet; if extend == 1, increase * If extend == 0, obtain new n-byte packet; if extend == 1, increase
@ -243,7 +262,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
* operation returns the whole packet at once (as long as it fits into * operation returns the whole packet at once (as long as it fits into
* the buffer). * the buffer).
*/ */
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
if (left == 0 && extend) if (left == 0 && extend)
return 0; return 0;
if (left > 0 && n > left) if (left > 0 && n > left)
@ -272,7 +291,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
* Also, we always act like read_ahead is set for DTLS. * Also, we always act like read_ahead is set for DTLS.
*/ */
if (!BIO_get_ktls_recv(s->rbio) && !s->rlayer.read_ahead if (!BIO_get_ktls_recv(s->rbio) && !s->rlayer.read_ahead
&& !SSL_IS_DTLS(s)) { && !SSL_CONNECTION_IS_DTLS(s)) {
/* ignore max parameter */ /* ignore max parameter */
max = n; max = n;
} else { } else {
@ -302,7 +321,8 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
&& !BIO_should_retry(s->rbio) && !BIO_should_retry(s->rbio)
&& BIO_eof(s->rbio)) { && BIO_eof(s->rbio)) {
if (s->options & SSL_OP_IGNORE_UNEXPECTED_EOF) { if (s->options & SSL_OP_IGNORE_UNEXPECTED_EOF) {
SSL_set_shutdown(s, SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown(SSL_CONNECTION_GET_SSL(s),
SSL_RECEIVED_SHUTDOWN);
s->s3.warn_alert = SSL_AD_CLOSE_NOTIFY; s->s3.warn_alert = SSL_AD_CLOSE_NOTIFY;
} else { } else {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSLfatal(s, SSL_AD_DECODE_ERROR,
@ -316,7 +336,8 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
if (ret <= 0) { if (ret <= 0) {
rb->left = left; rb->left = left;
if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) if ((s->mode & SSL_MODE_RELEASE_BUFFERS) != 0
&& !SSL_CONNECTION_IS_DTLS(s))
if (len + left == 0) if (len + left == 0)
ssl3_release_read_buffer(s); ssl3_release_read_buffer(s);
return ret; return ret;
@ -327,7 +348,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
* underlying transport protocol is message oriented as opposed to * underlying transport protocol is message oriented as opposed to
* byte oriented as in the TLS case. * byte oriented as in the TLS case.
*/ */
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
if (n > left) if (n > left)
n = left; /* makes the while condition false */ n = left; /* makes the while condition false */
} }
@ -346,7 +367,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
* Call this to write data in records of type 'type' It will return <= 0 if * Call this to write data in records of type 'type' It will return <= 0 if
* not all data has been sent or non-blocking IO. * not all data has been sent or non-blocking IO.
*/ */
int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, int ssl3_write_bytes(SSL *ssl, int type, const void *buf_, size_t len,
size_t *written) size_t *written)
{ {
const unsigned char *buf = buf_; const unsigned char *buf = buf_;
@ -355,10 +376,15 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
size_t nw; size_t nw;
#endif #endif
SSL3_BUFFER *wb = &s->rlayer.wbuf[0]; SSL3_BUFFER *wb;
int i; int i;
size_t tmpwrit; size_t tmpwrit;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
if (s == NULL)
return -1;
wb = &s->rlayer.wbuf[0];
s->rwstate = SSL_NOTHING; s->rwstate = SSL_NOTHING;
tot = s->rlayer.wnum; tot = s->rlayer.wnum;
/* /*
@ -377,7 +403,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
} }
if (s->early_data_state == SSL_EARLY_DATA_WRITING if (s->early_data_state == SSL_EARLY_DATA_WRITING
&& !early_data_count_ok(s, len, 0, 1)) { && !ossl_early_data_count_ok(s, len, 0, 1)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return -1; return -1;
} }
@ -398,9 +424,9 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
* between receiving the EoED and the CF - but we don't want to handle those * between receiving the EoED and the CF - but we don't want to handle those
* messages yet. * messages yet.
*/ */
if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s) if (SSL_in_init(ssl) && !ossl_statem_get_in_handshake(s)
&& s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) { && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
i = s->handshake_func(s); i = s->handshake_func(ssl);
/* SSLfatal() already called */ /* SSLfatal() already called */
if (i < 0) if (i < 0)
return i; return i;
@ -481,7 +507,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
} }
if (s->s3.alert_dispatch) { if (s->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s); i = ssl->method->ssl_dispatch_alert(ssl);
if (i <= 0) { if (i <= 0) {
/* SSLfatal() already called if appropriate */ /* SSLfatal() already called if appropriate */
s->rlayer.wnum = tot; s->rlayer.wnum = tot;
@ -559,7 +585,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
} else } else
#endif /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */ #endif /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */
if (tot == len) { /* done? */ if (tot == len) { /* done? */
if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_CONNECTION_IS_DTLS(s))
ssl3_release_write_buffer(s); ssl3_release_write_buffer(s);
*written = tot; *written = tot;
@ -652,7 +678,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
if (tmpwrit == n if (tmpwrit == n
&& (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0 && (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0
&& !SSL_IS_DTLS(s)) && !SSL_CONNECTION_IS_DTLS(s))
ssl3_release_write_buffer(s); ssl3_release_write_buffer(s);
*written = tot + tmpwrit; *written = tot + tmpwrit;
@ -664,7 +690,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
} }
} }
int do_ssl3_write(SSL *s, int type, const unsigned char *buf, int do_ssl3_write(SSL_CONNECTION *s, int type, const unsigned char *buf,
size_t *pipelens, size_t numpipes, size_t *pipelens, size_t numpipes,
int create_empty_fragment, size_t *written) int create_empty_fragment, size_t *written)
{ {
@ -682,6 +708,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
size_t totlen = 0, len, wpinited = 0; size_t totlen = 0, len, wpinited = 0;
size_t j; size_t j;
int using_ktls; int using_ktls;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
for (j = 0; j < numpipes; j++) for (j = 0; j < numpipes; j++)
totlen += pipelens[j]; totlen += pipelens[j];
@ -696,7 +723,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* If we have an alert to send, lets send it */ /* If we have an alert to send, lets send it */
if (s->s3.alert_dispatch) { if (s->s3.alert_dispatch) {
i = s->method->ssl_dispatch_alert(s); i = ssl->method->ssl_dispatch_alert(ssl);
if (i <= 0) { if (i <= 0) {
/* SSLfatal() already called if appropriate */ /* SSLfatal() already called if appropriate */
return i; return i;
@ -830,7 +857,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
} }
/* Explicit IV length, block ciphers appropriate version flag */ /* Explicit IV length, block ciphers appropriate version flag */
if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) { if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)
&& !SSL_CONNECTION_TREAT_AS_TLS13(s)) {
int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx);
if (mode == EVP_CIPH_CBC_MODE) { if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx);
@ -863,7 +891,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* In TLSv1.3, once encrypting, we always use application data for the * In TLSv1.3, once encrypting, we always use application data for the
* record type * record type
*/ */
if (SSL_TREAT_AS_TLS13(s) if (SSL_CONNECTION_TREAT_AS_TLS13(s)
&& s->enc_write_ctx != NULL && s->enc_write_ctx != NULL
&& (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
|| type != SSL3_RT_ALERT)) || type != SSL3_RT_ALERT))
@ -876,9 +904,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* Some servers hang if initial client hello is larger than 256 bytes * Some servers hang if initial client hello is larger than 256 bytes
* and record version number > TLS 1.0 * and record version number > TLS 1.0
*/ */
if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO if (SSL_get_state(ssl) == TLS_ST_CW_CLNT_HELLO
&& !s->renegotiate && !s->renegotiate
&& TLS1_get_version(s) > TLS1_VERSION && TLS1_get_version(ssl) > TLS1_VERSION
&& s->hello_retry_request == SSL_HRR_NONE) && s->hello_retry_request == SSL_HRR_NONE)
version = TLS1_VERSION; version = TLS1_VERSION;
SSL3_RECORD_set_rec_version(thiswr, version); SSL3_RECORD_set_rec_version(thiswr, version);
@ -934,7 +962,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
} }
} }
if (SSL_TREAT_AS_TLS13(s) if (SSL_CONNECTION_TREAT_AS_TLS13(s)
&& !using_ktls && !using_ktls
&& s->enc_write_ctx != NULL && s->enc_write_ctx != NULL
&& (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
@ -954,7 +982,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
size_t padding = 0; size_t padding = 0;
size_t max_padding = max_send_fragment - rlen; size_t max_padding = max_send_fragment - rlen;
if (s->record_padding_cb != NULL) { if (s->record_padding_cb != NULL) {
padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg); padding = s->record_padding_cb(ssl, type, rlen, s->record_padding_arg);
} else if (s->block_padding > 0) { } else if (s->block_padding > 0) {
size_t mask = s->block_padding - 1; size_t mask = s->block_padding - 1;
size_t remainder; size_t remainder;
@ -994,7 +1022,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned char *mac; unsigned char *mac;
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { || !ssl->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
@ -1039,7 +1067,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
} }
} else { } else {
if (!using_ktls) { if (!using_ktls) {
if (s->method->ssl3_enc->enc(s, wr, numpipes, 1, NULL, if (ssl->method->ssl3_enc->enc(s, wr, numpipes, 1, NULL,
mac_size) < 1) { mac_size) < 1) {
if (!ossl_statem_in_error(s)) { if (!ossl_statem_in_error(s)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -1073,7 +1101,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned char *mac; unsigned char *mac;
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { || !ssl->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
@ -1090,14 +1118,14 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
recordstart = WPACKET_get_curr(thispkt) - len recordstart = WPACKET_get_curr(thispkt) - len
- SSL3_RT_HEADER_LENGTH; - SSL3_RT_HEADER_LENGTH;
s->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart, s->msg_callback(1, thiswr->rec_version, SSL3_RT_HEADER, recordstart,
SSL3_RT_HEADER_LENGTH, s, SSL3_RT_HEADER_LENGTH, ssl,
s->msg_callback_arg); s->msg_callback_arg);
if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) { if (SSL_CONNECTION_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) {
unsigned char ctype = type; unsigned char ctype = type;
s->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE, s->msg_callback(1, thiswr->rec_version, SSL3_RT_INNER_CONTENT_TYPE,
&ctype, 1, s, s->msg_callback_arg); &ctype, 1, ssl, s->msg_callback_arg);
} }
} }
@ -1157,8 +1185,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* *
* Return values are as per SSL_write() * Return values are as per SSL_write()
*/ */
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, int ssl3_write_pending(SSL_CONNECTION *s, int type, const unsigned char *buf,
size_t *written) size_t len, size_t *written)
{ {
int i; int i;
SSL3_BUFFER *wb = s->rlayer.wbuf; SSL3_BUFFER *wb = s->rlayer.wbuf;
@ -1221,7 +1249,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
*written = s->rlayer.wpend_ret; *written = s->rlayer.wpend_ret;
return 1; return 1;
} else if (i <= 0) { } else if (i <= 0) {
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
/* /*
* For DTLS, just drop it. That's kind of the whole point in * For DTLS, just drop it. That's kind of the whole point in
* using a datagram service * using a datagram service
@ -1264,7 +1292,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
* Application data protocol * Application data protocol
* none of our business * none of our business
*/ */
int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, int ssl3_read_bytes(SSL *ssl, int type, int *recvd_type, unsigned char *buf,
size_t len, int peek, size_t *readbytes) size_t len, int peek, size_t *readbytes)
{ {
int i, j, ret; int i, j, ret;
@ -1272,7 +1300,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
SSL3_RECORD *rr; SSL3_RECORD *rr;
SSL3_BUFFER *rbuf; SSL3_BUFFER *rbuf;
void (*cb) (const SSL *ssl, int type2, int val) = NULL; void (*cb) (const SSL *ssl, int type2, int val) = NULL;
int is_tls13 = SSL_IS_TLS13(s); int is_tls13;
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
is_tls13 = SSL_CONNECTION_IS_TLS13(s);
rbuf = &s->rlayer.rbuf; rbuf = &s->rlayer.rbuf;
@ -1322,9 +1353,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* Now s->rlayer.handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. * Now s->rlayer.handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
*/ */
if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) { if (!ossl_statem_get_in_handshake(s) && SSL_in_init(ssl)) {
/* type == SSL3_RT_APPLICATION_DATA */ /* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s); i = s->handshake_func(ssl);
/* SSLfatal() already called */ /* SSLfatal() already called */
if (i < 0) if (i < 0)
return i; return i;
@ -1373,7 +1404,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (s->rlayer.handshake_fragment_len > 0 if (s->rlayer.handshake_fragment_len > 0
&& SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
&& SSL_IS_TLS13(s)) { && SSL_CONNECTION_IS_TLS13(s)) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA); SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA);
return -1; return -1;
@ -1420,8 +1451,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* make sure that we are not getting application data when we are * make sure that we are not getting application data when we are
* doing a handshake for the first time * doing a handshake for the first time
*/ */
if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && if (SSL_in_init(ssl) && type == SSL3_RT_APPLICATION_DATA
(s->enc_read_ctx == NULL)) { && s->enc_read_ctx == NULL) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_APP_DATA_IN_HANDSHAKE); SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_APP_DATA_IN_HANDSHAKE);
return -1; return -1;
} }
@ -1511,7 +1542,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
return -1; return -1;
} }
if (s->method->version == TLS_ANY_VERSION if (ssl->method->version == TLS_ANY_VERSION
&& (s->server || rr->type != SSL3_RT_ALERT)) { && (s->server || rr->type != SSL3_RT_ALERT)) {
/* /*
* If we've got this far and still haven't decided on what version * If we've got this far and still haven't decided on what version
@ -1544,17 +1575,17 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
} }
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s, s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, ssl,
s->msg_callback_arg); s->msg_callback_arg);
if (s->info_callback != NULL) if (s->info_callback != NULL)
cb = s->info_callback; cb = s->info_callback;
else if (s->ctx->info_callback != NULL) else if (ssl->ctx->info_callback != NULL)
cb = s->ctx->info_callback; cb = ssl->ctx->info_callback;
if (cb != NULL) { if (cb != NULL) {
j = (alert_level << 8) | alert_descr; j = (alert_level << 8) | alert_descr;
cb(s, SSL_CB_READ_ALERT, j); cb(ssl, SSL_CB_READ_ALERT, j);
} }
if (alert_level == SSL3_AL_WARNING if (alert_level == SSL3_AL_WARNING
@ -1621,7 +1652,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* because we are unable to write any response due to having already * because we are unable to write any response due to having already
* sent close_notify. * sent close_notify.
*/ */
if (!SSL_IS_TLS13(s)) { if (!SSL_CONNECTION_IS_TLS13(s)) {
SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_length(rr, 0);
SSL3_RECORD_set_read(rr); SSL3_RECORD_set_read(rr);
@ -1629,7 +1660,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
goto start; goto start;
s->rwstate = SSL_READING; s->rwstate = SSL_READING;
rbio = SSL_get_rbio(s); rbio = SSL_get_rbio(ssl);
BIO_clear_retry_flags(rbio); BIO_clear_retry_flags(rbio);
BIO_set_retry_read(rbio); BIO_set_retry_read(rbio);
return -1; return -1;
@ -1694,7 +1725,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* We found handshake data, so we're going back into init */ /* We found handshake data, so we're going back into init */
ossl_statem_set_in_init(s, 1); ossl_statem_set_in_init(s, 1);
i = s->handshake_func(s); i = s->handshake_func(ssl);
/* SSLfatal() already called if appropriate */ /* SSLfatal() already called if appropriate */
if (i < 0) if (i < 0)
return i; return i;
@ -1721,7 +1752,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* problems in the blocking world * problems in the blocking world
*/ */
s->rwstate = SSL_READING; s->rwstate = SSL_READING;
bio = SSL_get_rbio(s); bio = SSL_get_rbio(ssl);
BIO_clear_retry_flags(bio); BIO_clear_retry_flags(bio);
BIO_set_retry_read(bio); BIO_set_retry_read(bio);
return -1; return -1;
@ -1772,8 +1803,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* decryption was applied. We just skip it and move on to the next * decryption was applied. We just skip it and move on to the next
* record. * record.
*/ */
if (!early_data_count_ok(s, rr->length, if (!ossl_early_data_count_ok(s, rr->length,
EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return -1; return -1;
} }

43
ssl/record/record.h
View File

@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
typedef struct ssl_connection_st SSL_CONNECTION;
/***************************************************************************** /*****************************************************************************
* * * *
* These structures should be considered PRIVATE to the record layer. No * * These structures should be considered PRIVATE to the record layer. No *
@ -127,8 +129,8 @@ typedef struct dtls_record_layer_st {
*****************************************************************************/ *****************************************************************************/
typedef struct record_layer_st { typedef struct record_layer_st {
/* The parent SSL structure */ /* The parent SSL_CONNECTION structure */
SSL *s; SSL_CONNECTION *s;
/* /*
* Read as many input bytes as possible (for * Read as many input bytes as possible (for
* non-blocking reads) * non-blocking reads)
@ -199,7 +201,7 @@ typedef struct ssl_mac_buf_st SSL_MAC_BUF;
#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) #define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf) #define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf)
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s); void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s);
void RECORD_LAYER_clear(RECORD_LAYER *rl); void RECORD_LAYER_clear(RECORD_LAYER *rl);
void RECORD_LAYER_release(RECORD_LAYER *rl); void RECORD_LAYER_release(RECORD_LAYER *rl);
int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
@ -212,23 +214,26 @@ size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
__owur size_t ssl3_pending(const SSL *s); __owur size_t ssl3_pending(const SSL *s);
__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len, __owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len,
size_t *written); size_t *written);
int do_ssl3_write(SSL *s, int type, const unsigned char *buf, int do_ssl3_write(SSL_CONNECTION *s, int type, const unsigned char *buf,
size_t *pipelens, size_t numpipes, size_t *pipelens, size_t numpipes,
int create_empty_fragment, size_t *written); int create_empty_fragment, size_t *written);
__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type, __owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, size_t len, int peek, unsigned char *buf, size_t len, int peek,
size_t *readbytes); size_t *readbytes);
__owur int ssl3_setup_buffers(SSL *s); __owur int ssl3_setup_buffers(SSL_CONNECTION *s);
__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send, __owur int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs,
SSL_MAC_BUF *mac, size_t macsize); int send, SSL_MAC_BUF *mac, size_t macsize);
__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); __owur int n_ssl3_mac(SSL_CONNECTION *s, SSL3_RECORD *rec, unsigned char *md,
__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, int send);
__owur int ssl3_write_pending(SSL_CONNECTION *s, int type,
const unsigned char *buf, size_t len,
size_t *written); size_t *written);
__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, __owur int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs,
SSL_MAC_BUF *mac, size_t macsize); int sending, SSL_MAC_BUF *mac, size_t macsize);
__owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); __owur int tls1_mac(SSL_CONNECTION *s, SSL3_RECORD *rec, unsigned char *md,
__owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send, int send);
SSL_MAC_BUF *mac, size_t macsize); __owur int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs,
int send, SSL_MAC_BUF *mac, size_t macsize);
int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl); int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
@ -238,10 +243,10 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type, __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, size_t len, int peek, unsigned char *buf, size_t len, int peek,
size_t *readbytes); size_t *readbytes);
__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, __owur int dtls1_write_bytes(SSL_CONNECTION *s, int type, const void *buf,
size_t *written); size_t len, size_t *written);
int do_dtls1_write(SSL *s, int type, const unsigned char *buf, int do_dtls1_write(SSL_CONNECTION *s, int type, const unsigned char *buf,
size_t len, int create_empty_fragment, size_t *written); size_t len, int create_empty_fragment, size_t *written);
void dtls1_reset_seq_numbers(SSL *s, int rw); void dtls1_reset_seq_numbers(SSL_CONNECTION *s, int rw);
int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, int dtls_buffer_listen_record(SSL_CONNECTION *s, size_t len, unsigned char *seq,
size_t off); size_t off);

39
ssl/record/record_local.h
View File

@ -36,20 +36,21 @@
#define RECORD_LAYER_clear_first_record(rl) ((rl)->is_first_record = 0) #define RECORD_LAYER_clear_first_record(rl) ((rl)->is_first_record = 0)
#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch) #define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch)
__owur int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, __owur int ssl3_read_n(SSL_CONNECTION *s, size_t n, size_t max, int extend,
size_t *readbytes); int clearold, size_t *readbytes);
DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, DTLS1_BITMAP *dtls1_get_bitmap(SSL_CONNECTION *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch); unsigned int *is_next_epoch);
int dtls1_process_buffered_records(SSL *s); int dtls1_process_buffered_records(SSL_CONNECTION *s);
int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue); int dtls1_retrieve_buffered_record(SSL_CONNECTION *s, record_pqueue *queue);
int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority); int dtls1_buffer_record(SSL_CONNECTION *s, record_pqueue *q,
unsigned char *priority);
void ssl3_record_sequence_update(unsigned char *seq); void ssl3_record_sequence_update(unsigned char *seq);
/* Functions provided by the DTLS1_BITMAP component */ /* Functions provided by the DTLS1_BITMAP component */
int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); int dtls1_record_replay_check(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap);
void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); void dtls1_record_bitmap_update(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap);
/* Macros/functions provided by the SSL3_BUFFER component */ /* Macros/functions provided by the SSL3_BUFFER component */
@ -71,10 +72,11 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
void SSL3_BUFFER_clear(SSL3_BUFFER *b); void SSL3_BUFFER_clear(SSL3_BUFFER *b);
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n); void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n);
void SSL3_BUFFER_release(SSL3_BUFFER *b); void SSL3_BUFFER_release(SSL3_BUFFER *b);
__owur int ssl3_setup_read_buffer(SSL *s); __owur int ssl3_setup_read_buffer(SSL_CONNECTION *s);
__owur int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len); __owur int ssl3_setup_write_buffer(SSL_CONNECTION *s, size_t numwpipes,
int ssl3_release_read_buffer(SSL *s); size_t len);
int ssl3_release_write_buffer(SSL *s); int ssl3_release_read_buffer(SSL_CONNECTION *s);
int ssl3_release_write_buffer(SSL_CONNECTION *s);
/* Macros/functions provided by the SSL3_RECORD component */ /* Macros/functions provided by the SSL3_RECORD component */
@ -104,9 +106,9 @@ int ssl3_release_write_buffer(SSL *s);
void SSL3_RECORD_clear(SSL3_RECORD *r, size_t); void SSL3_RECORD_clear(SSL3_RECORD *r, size_t);
void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs); void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs);
void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num); void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);
int ssl3_get_record(SSL *s); int ssl3_get_record(SSL_CONNECTION *s);
__owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr); __owur int ssl3_do_compress(SSL_CONNECTION *ssl, SSL3_RECORD *wr);
__owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr); __owur int ssl3_do_uncompress(SSL_CONNECTION *ssl, SSL3_RECORD *rr);
__owur int ssl3_cbc_remove_padding_and_mac(size_t *reclen, __owur int ssl3_cbc_remove_padding_and_mac(size_t *reclen,
size_t origreclen, size_t origreclen,
unsigned char *recdata, unsigned char *recdata,
@ -122,6 +124,7 @@ __owur int tls1_cbc_remove_padding_and_mac(size_t *reclen,
size_t block_size, size_t mac_size, size_t block_size, size_t mac_size,
int aead, int aead,
OSSL_LIB_CTX *libctx); OSSL_LIB_CTX *libctx);
int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap); int dtls1_process_record(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap);
__owur int dtls1_get_record(SSL *s); __owur int dtls1_get_record(SSL_CONNECTION *s);
int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send); int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length,
size_t overhead, int send);

15
ssl/record/ssl3_buffer.c
View File

@ -34,7 +34,7 @@ void SSL3_BUFFER_release(SSL3_BUFFER *b)
b->buf = NULL; b->buf = NULL;
} }
int ssl3_setup_read_buffer(SSL *s) int ssl3_setup_read_buffer(SSL_CONNECTION *s)
{ {
unsigned char *p; unsigned char *p;
size_t len, align = 0, headerlen; size_t len, align = 0, headerlen;
@ -42,7 +42,7 @@ int ssl3_setup_read_buffer(SSL *s)
b = RECORD_LAYER_get_rbuf(&s->rlayer); b = RECORD_LAYER_get_rbuf(&s->rlayer);
if (SSL_IS_DTLS(s)) if (SSL_CONNECTION_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH; headerlen = DTLS1_RT_HEADER_LENGTH;
else else
headerlen = SSL3_RT_HEADER_LENGTH; headerlen = SSL3_RT_HEADER_LENGTH;
@ -76,7 +76,8 @@ int ssl3_setup_read_buffer(SSL *s)
return 1; return 1;
} }
int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) int ssl3_setup_write_buffer(SSL_CONNECTION *s, size_t numwpipes,
size_t len)
{ {
unsigned char *p; unsigned char *p;
size_t align = 0, headerlen; size_t align = 0, headerlen;
@ -86,7 +87,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
s->rlayer.numwpipes = numwpipes; s->rlayer.numwpipes = numwpipes;
if (len == 0) { if (len == 0) {
if (SSL_IS_DTLS(s)) if (SSL_CONNECTION_IS_DTLS(s))
headerlen = DTLS1_RT_HEADER_LENGTH + 1; headerlen = DTLS1_RT_HEADER_LENGTH + 1;
else else
headerlen = SSL3_RT_HEADER_LENGTH; headerlen = SSL3_RT_HEADER_LENGTH;
@ -139,7 +140,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
return 1; return 1;
} }
int ssl3_setup_buffers(SSL *s) int ssl3_setup_buffers(SSL_CONNECTION *s)
{ {
if (!ssl3_setup_read_buffer(s)) { if (!ssl3_setup_read_buffer(s)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
@ -152,7 +153,7 @@ int ssl3_setup_buffers(SSL *s)
return 1; return 1;
} }
int ssl3_release_write_buffer(SSL *s) int ssl3_release_write_buffer(SSL_CONNECTION *s)
{ {
SSL3_BUFFER *wb; SSL3_BUFFER *wb;
size_t pipes; size_t pipes;
@ -172,7 +173,7 @@ int ssl3_release_write_buffer(SSL *s)
return 1; return 1;
} }
int ssl3_release_read_buffer(SSL *s) int ssl3_release_read_buffer(SSL_CONNECTION *s)
{ {
SSL3_BUFFER *b; SSL3_BUFFER *b;

138
ssl/record/ssl3_record.c
View File

@ -67,7 +67,7 @@ void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
* Peeks ahead into "read_ahead" data to see if we have a whole record waiting * Peeks ahead into "read_ahead" data to see if we have a whole record waiting
* for us in the buffer. * for us in the buffer.
*/ */
static int ssl3_record_app_data_waiting(SSL *s) static int ssl3_record_app_data_waiting(SSL_CONNECTION *s)
{ {
SSL3_BUFFER *rbuf; SSL3_BUFFER *rbuf;
size_t left, len; size_t left, len;
@ -102,7 +102,8 @@ static int ssl3_record_app_data_waiting(SSL *s)
return 1; return 1;
} }
int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send) int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length,
size_t overhead, int send)
{ {
uint32_t max_early_data; uint32_t max_early_data;
SSL_SESSION *sess = s->session; SSL_SESSION *sess = s->session;
@ -170,7 +171,7 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send)
* |max_pipelines| * |max_pipelines|
*/ */
/* used only by ssl3_read_bytes */ /* used only by ssl3_read_bytes */
int ssl3_get_record(SSL *s) int ssl3_get_record(SSL_CONNECTION *s)
{ {
int enc_err, rret; int enc_err, rret;
int i; int i;
@ -188,6 +189,7 @@ int ssl3_get_record(SSL *s)
int using_ktls; int using_ktls;
SSL_MAC_BUF *macbufs = NULL; SSL_MAC_BUF *macbufs = NULL;
int ret = -1; int ret = -1;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
rr = RECORD_LAYER_get_rrec(&s->rlayer); rr = RECORD_LAYER_get_rrec(&s->rlayer);
rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
@ -291,7 +293,7 @@ int ssl3_get_record(SSL *s)
|| !PACKET_get_net_2(&pkt, &version) || !PACKET_get_net_2(&pkt, &version)
|| !PACKET_get_net_2_len(&pkt, &thisrr->length)) { || !PACKET_get_net_2_len(&pkt, &thisrr->length)) {
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s, s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, ssl,
s->msg_callback_arg); s->msg_callback_arg);
SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR);
return -1; return -1;
@ -300,7 +302,7 @@ int ssl3_get_record(SSL *s)
thisrr->rec_version = version; thisrr->rec_version = version;
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, s, s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, ssl,
s->msg_callback_arg); s->msg_callback_arg);
/* /*
@ -310,7 +312,7 @@ int ssl3_get_record(SSL *s)
* yet, but we still treat it as TLSv1.3, so we must check for * yet, but we still treat it as TLSv1.3, so we must check for
* that explicitly * that explicitly
*/ */
if (!s->first_packet && !SSL_IS_TLS13(s) if (!s->first_packet && !SSL_CONNECTION_IS_TLS13(s)
&& s->hello_retry_request != SSL_HRR_PENDING && s->hello_retry_request != SSL_HRR_PENDING
&& version != (unsigned int)s->version) { && version != (unsigned int)s->version) {
if ((s->version & 0xFF00) == (version & 0xFF00) if ((s->version & 0xFF00) == (version & 0xFF00)
@ -366,7 +368,7 @@ int ssl3_get_record(SSL *s)
} }
} }
if (SSL_IS_TLS13(s) if (SSL_CONNECTION_IS_TLS13(s)
&& s->enc_read_ctx != NULL && s->enc_read_ctx != NULL
&& !using_ktls) { && !using_ktls) {
if (thisrr->type != SSL3_RT_APPLICATION_DATA if (thisrr->type != SSL3_RT_APPLICATION_DATA
@ -397,7 +399,7 @@ int ssl3_get_record(SSL *s)
/* now s->rlayer.rstate == SSL_ST_READ_BODY */ /* now s->rlayer.rstate == SSL_ST_READ_BODY */
} }
if (SSL_IS_TLS13(s)) { if (SSL_CONNECTION_IS_TLS13(s)) {
size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH; size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH;
/* KTLS strips the inner record type. */ /* KTLS strips the inner record type. */
@ -503,7 +505,8 @@ int ssl3_get_record(SSL *s)
if (num_recs == 1 if (num_recs == 1
&& thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC
&& (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE) && (SSL_CONNECTION_IS_TLS13(s)
|| s->hello_retry_request != SSL_HRR_NONE)
&& SSL_IS_FIRST_HANDSHAKE(s)) { && SSL_IS_FIRST_HANDSHAKE(s)) {
/* /*
* CCS messages must be exactly 1 byte long, containing the value 0x01 * CCS messages must be exactly 1 byte long, containing the value 0x01
@ -563,7 +566,7 @@ int ssl3_get_record(SSL *s)
} }
thisrr->length -= mac_size; thisrr->length -= mac_size;
mac = thisrr->data + thisrr->length; mac = thisrr->data + thisrr->length;
i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); i = ssl->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) { if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) {
SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSLfatal(s, SSL_AD_BAD_RECORD_MAC,
SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
@ -585,7 +588,7 @@ int ssl3_get_record(SSL *s)
} }
} }
enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0, macbufs, mac_size); enc_err = ssl->method->ssl3_enc->enc(s, rr, num_recs, 0, macbufs, mac_size);
/*- /*-
* enc_err is: * enc_err is:
@ -606,8 +609,8 @@ int ssl3_get_record(SSL *s)
thisrr = &rr[0]; thisrr = &rr[0];
if (!early_data_count_ok(s, thisrr->length, if (!ossl_early_data_count_ok(s, thisrr->length,
EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
goto end; goto end;
} }
@ -638,7 +641,7 @@ int ssl3_get_record(SSL *s)
SSL_MAC_BUF *thismb = &macbufs[j]; SSL_MAC_BUF *thismb = &macbufs[j];
thisrr = &rr[j]; thisrr = &rr[j];
i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); i = ssl->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
if (i == 0 || thismb == NULL || thismb->mac == NULL if (i == 0 || thismb == NULL || thismb->mac == NULL
|| CRYPTO_memcmp(md, thismb->mac, (size_t)mac_size) != 0) || CRYPTO_memcmp(md, thismb->mac, (size_t)mac_size) != 0)
enc_err = 0; enc_err = 0;
@ -683,7 +686,7 @@ int ssl3_get_record(SSL *s)
} }
} }
if (SSL_IS_TLS13(s) if (SSL_CONNECTION_IS_TLS13(s)
&& s->enc_read_ctx != NULL && s->enc_read_ctx != NULL
&& thisrr->type != SSL3_RT_ALERT) { && thisrr->type != SSL3_RT_ALERT) {
/* /*
@ -717,14 +720,14 @@ int ssl3_get_record(SSL *s)
} }
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE,
&thisrr->type, 1, s, s->msg_callback_arg); &thisrr->type, 1, ssl, s->msg_callback_arg);
} }
/* /*
* TLSv1.3 alert and handshake records are required to be non-zero in * TLSv1.3 alert and handshake records are required to be non-zero in
* length. * length.
*/ */
if (SSL_IS_TLS13(s) if (SSL_CONNECTION_IS_TLS13(s)
&& (thisrr->type == SSL3_RT_HANDSHAKE && (thisrr->type == SSL3_RT_HANDSHAKE
|| thisrr->type == SSL3_RT_ALERT) || thisrr->type == SSL3_RT_ALERT)
&& thisrr->length == 0) { && thisrr->length == 0) {
@ -781,7 +784,7 @@ int ssl3_get_record(SSL *s)
if (s->early_data_state == SSL_EARLY_DATA_READING) { if (s->early_data_state == SSL_EARLY_DATA_READING) {
thisrr = &rr[0]; thisrr = &rr[0];
if (thisrr->type == SSL3_RT_APPLICATION_DATA if (thisrr->type == SSL3_RT_APPLICATION_DATA
&& !early_data_count_ok(s, thisrr->length, 0, 0)) { && !ossl_early_data_count_ok(s, thisrr->length, 0, 0)) {
/* SSLfatal already called */ /* SSLfatal already called */
goto end; goto end;
} }
@ -800,7 +803,7 @@ int ssl3_get_record(SSL *s)
return ret; return ret;
} }
int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) int ssl3_do_uncompress(SSL_CONNECTION *sc, SSL3_RECORD *rr)
{ {
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
int i; int i;
@ -812,7 +815,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
if (rr->comp == NULL) if (rr->comp == NULL)
return 0; return 0;
i = COMP_expand_block(ssl->expand, rr->comp, i = COMP_expand_block(sc->expand, rr->comp,
SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
if (i < 0) if (i < 0)
return 0; return 0;
@ -823,12 +826,12 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
return 1; return 1;
} }
int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) int ssl3_do_compress(SSL_CONNECTION *sc, SSL3_RECORD *wr)
{ {
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
int i; int i;
i = COMP_compress_block(ssl->compress, wr->data, i = COMP_compress_block(sc->compress, wr->data,
(int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD), (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD),
wr->input, (int)wr->length); wr->input, (int)wr->length);
if (i < 0) if (i < 0)
@ -850,7 +853,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
* 0: if the record is publicly invalid, or an internal error * 0: if the record is publicly invalid, or an internal error
* 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised) * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised)
*/ */
int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, int ssl3_enc(SSL_CONNECTION *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
SSL_MAC_BUF *mac, size_t macsize) SSL_MAC_BUF *mac, size_t macsize)
{ {
SSL3_RECORD *rec; SSL3_RECORD *rec;
@ -957,7 +960,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
(mac != NULL) ? &mac->alloced : NULL, (mac != NULL) ? &mac->alloced : NULL,
bs, bs,
macsize, macsize,
s->ctx->libctx); SSL_CONNECTION_GET_CTX(s)->libctx);
} }
} }
return 1; return 1;
@ -974,7 +977,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending,
* decryption failed, or Encrypt-then-mac decryption failed. * decryption failed, or Encrypt-then-mac decryption failed.
* 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised) * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised)
*/ */
int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, int tls1_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
SSL_MAC_BUF *macs, size_t macsize) SSL_MAC_BUF *macs, size_t macsize)
{ {
EVP_CIPHER_CTX *ds; EVP_CIPHER_CTX *ds;
@ -1022,7 +1025,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
*/ */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0; return 0;
} else if (RAND_bytes_ex(s->ctx->libctx, recs[ctr].input, } else if (RAND_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
recs[ctr].input,
ivlen, 0) <= 0) { ivlen, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0; return 0;
@ -1076,7 +1080,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer) seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
: RECORD_LAYER_get_read_sequence(&s->rlayer); : RECORD_LAYER_get_read_sequence(&s->rlayer);
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
/* DTLS does not support pipelining */ /* DTLS does not support pipelining */
unsigned char dtlsseq[8], *p = dtlsseq; unsigned char dtlsseq[8], *p = dtlsseq;
@ -1163,7 +1167,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
} }
} }
if (!SSL_IS_DTLS(s) && tlstree_enc) { if (!SSL_CONNECTION_IS_DTLS(s) && tlstree_enc) {
unsigned char *seq; unsigned char *seq;
int decrement_seq = 0; int decrement_seq = 0;
@ -1282,7 +1286,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
pad ? (size_t)pad : macsize, pad ? (size_t)pad : macsize,
(EVP_CIPHER_get_flags(enc) (EVP_CIPHER_get_flags(enc)
& EVP_CIPH_FLAG_AEAD_CIPHER) != 0, & EVP_CIPH_FLAG_AEAD_CIPHER) != 0,
s->ctx->libctx)) SSL_CONNECTION_GET_CTX(s)->libctx))
return 0; return 0;
} }
} }
@ -1310,7 +1314,8 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
} }
} }
int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) int n_ssl3_mac(SSL_CONNECTION *sc, SSL3_RECORD *rec, unsigned char *md,
int sending)
{ {
unsigned char *mac_sec, *seq; unsigned char *mac_sec, *seq;
const EVP_MD_CTX *hash; const EVP_MD_CTX *hash;
@ -1320,13 +1325,13 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
int t; int t;
if (sending) { if (sending) {
mac_sec = &(ssl->s3.write_mac_secret[0]); mac_sec = &(sc->s3.write_mac_secret[0]);
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer); seq = RECORD_LAYER_get_write_sequence(&sc->rlayer);
hash = ssl->write_hash; hash = sc->write_hash;
} else { } else {
mac_sec = &(ssl->s3.read_mac_secret[0]); mac_sec = &(sc->s3.read_mac_secret[0]);
seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer); seq = RECORD_LAYER_get_read_sequence(&sc->rlayer);
hash = ssl->read_hash; hash = sc->read_hash;
} }
t = EVP_MD_CTX_get_size(hash); t = EVP_MD_CTX_get_size(hash);
@ -1336,7 +1341,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
npad = (48 / md_size) * md_size; npad = (48 / md_size) * md_size;
if (!sending if (!sending
&& EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && EVP_CIPHER_CTX_get_mode(sc->enc_read_ctx) == EVP_CIPH_CBC_MODE
&& ssl3_cbc_record_digest_supported(hash)) { && ssl3_cbc_record_digest_supported(hash)) {
#ifdef OPENSSL_NO_DEPRECATED_3_0 #ifdef OPENSSL_NO_DEPRECATED_3_0
return 0; return 0;
@ -1410,7 +1415,8 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
return 1; return 1;
} }
int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) int tls1_mac(SSL_CONNECTION *sc, SSL3_RECORD *rec, unsigned char *md,
int sending)
{ {
unsigned char *seq; unsigned char *seq;
EVP_MD_CTX *hash; EVP_MD_CTX *hash;
@ -1418,19 +1424,19 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
int i; int i;
EVP_MD_CTX *hmac = NULL, *mac_ctx; EVP_MD_CTX *hmac = NULL, *mac_ctx;
unsigned char header[13]; unsigned char header[13];
int stream_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) int stream_mac = sending ? (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
: (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM); : (sc->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM);
int tlstree_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE) int tlstree_mac = sending ? (sc->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE)
: (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE); : (sc->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE);
int t; int t;
int ret = 0; int ret = 0;
if (sending) { if (sending) {
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer); seq = RECORD_LAYER_get_write_sequence(&sc->rlayer);
hash = ssl->write_hash; hash = sc->write_hash;
} else { } else {
seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer); seq = RECORD_LAYER_get_read_sequence(&sc->rlayer);
hash = ssl->read_hash; hash = sc->read_hash;
} }
t = EVP_MD_CTX_get_size(hash); t = EVP_MD_CTX_get_size(hash);
@ -1449,15 +1455,16 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
mac_ctx = hmac; mac_ctx = hmac;
} }
if (!SSL_IS_DTLS(ssl) && tlstree_mac && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) { if (!SSL_CONNECTION_IS_DTLS(sc) && tlstree_mac
&& EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) {
goto end; goto end;
} }
if (SSL_IS_DTLS(ssl)) { if (SSL_CONNECTION_IS_DTLS(sc)) {
unsigned char dtlsseq[8], *p = dtlsseq; unsigned char dtlsseq[8], *p = dtlsseq;
s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) : s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&sc->rlayer) :
DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p); DTLS_RECORD_LAYER_get_r_epoch(&sc->rlayer), p);
memcpy(p, &seq[2], 6); memcpy(p, &seq[2], 6);
memcpy(header, dtlsseq, 8); memcpy(header, dtlsseq, 8);
@ -1465,13 +1472,13 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
memcpy(header, seq, 8); memcpy(header, seq, 8);
header[8] = rec->type; header[8] = rec->type;
header[9] = (unsigned char)(ssl->version >> 8); header[9] = (unsigned char)(sc->version >> 8);
header[10] = (unsigned char)(ssl->version); header[10] = (unsigned char)(sc->version);
header[11] = (unsigned char)(rec->length >> 8); header[11] = (unsigned char)(rec->length >> 8);
header[12] = (unsigned char)(rec->length & 0xff); header[12] = (unsigned char)(rec->length & 0xff);
if (!sending && !SSL_READ_ETM(ssl) if (!sending && !SSL_READ_ETM(sc)
&& EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && EVP_CIPHER_CTX_get_mode(sc->enc_read_ctx) == EVP_CIPH_CBC_MODE
&& ssl3_cbc_record_digest_supported(mac_ctx)) { && ssl3_cbc_record_digest_supported(mac_ctx)) {
OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params; OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params;
@ -1498,7 +1505,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
BIO_dump_indent(trc_out, rec->data, rec->length, 4); BIO_dump_indent(trc_out, rec->data, rec->length, 4);
} OSSL_TRACE_END(TLS); } OSSL_TRACE_END(TLS);
if (!SSL_IS_DTLS(ssl)) { if (!SSL_CONNECTION_IS_DTLS(sc)) {
for (i = 7; i >= 0; i--) { for (i = 7; i >= 0; i--) {
++seq[i]; ++seq[i];
if (seq[i] != 0) if (seq[i] != 0)
@ -1515,7 +1522,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
return ret; return ret;
} }
int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) int dtls1_process_record(SSL_CONNECTION *s, DTLS1_BITMAP *bitmap)
{ {
int i; int i;
int enc_err; int enc_err;
@ -1527,6 +1534,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH; size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH;
SSL_MAC_BUF macbuf = { NULL, 0 }; SSL_MAC_BUF macbuf = { NULL, 0 };
int ret = 0; int ret = 0;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
rr = RECORD_LAYER_get_rrec(&s->rlayer); rr = RECORD_LAYER_get_rrec(&s->rlayer);
sess = s->session; sess = s->session;
@ -1581,7 +1589,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
} }
rr->length -= mac_size; rr->length -= mac_size;
mac = rr->data + rr->length; mac = rr->data + rr->length;
i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); i = ssl->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) { if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) {
SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSLfatal(s, SSL_AD_BAD_RECORD_MAC,
SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
@ -1600,7 +1608,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
* errors in the queue from processing bogus junk that we ignored. * errors in the queue from processing bogus junk that we ignored.
*/ */
ERR_set_mark(); ERR_set_mark();
enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0, &macbuf, mac_size); enc_err = ssl->method->ssl3_enc->enc(s, rr, 1, 0, &macbuf, mac_size);
/*- /*-
* enc_err is: * enc_err is:
@ -1632,7 +1640,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
&& (EVP_MD_CTX_get0_md(s->read_hash) != NULL)) { && (EVP_MD_CTX_get0_md(s->read_hash) != NULL)) {
/* s->read_hash != NULL => mac_size != -1 */ /* s->read_hash != NULL => mac_size != -1 */
i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); i = ssl->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
if (i == 0 || macbuf.mac == NULL if (i == 0 || macbuf.mac == NULL
|| CRYPTO_memcmp(md, macbuf.mac, mac_size) != 0) || CRYPTO_memcmp(md, macbuf.mac, mac_size) != 0)
enc_err = 0; enc_err = 0;
@ -1710,7 +1718,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
* ssl->s3.rrec.length - number of bytes * ssl->s3.rrec.length - number of bytes
*/ */
/* used only by dtls1_read_bytes */ /* used only by dtls1_read_bytes */
int dtls1_get_record(SSL *s) int dtls1_get_record(SSL_CONNECTION *s)
{ {
int ssl_major, ssl_minor; int ssl_major, ssl_minor;
int rret; int rret;
@ -1720,6 +1728,7 @@ int dtls1_get_record(SSL *s)
unsigned short version; unsigned short version;
DTLS1_BITMAP *bitmap; DTLS1_BITMAP *bitmap;
unsigned int is_next_epoch; unsigned int is_next_epoch;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
rr = RECORD_LAYER_get_rrec(&s->rlayer); rr = RECORD_LAYER_get_rrec(&s->rlayer);
@ -1763,7 +1772,7 @@ int dtls1_get_record(SSL *s)
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH,
s, s->msg_callback_arg); ssl, s->msg_callback_arg);
/* Pull apart the header into the DTLS1_RECORD */ /* Pull apart the header into the DTLS1_RECORD */
rr->type = *(p++); rr->type = *(p++);
@ -1859,7 +1868,7 @@ int dtls1_get_record(SSL *s)
} }
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
/* Only do replay check if no SCTP bio */ /* Only do replay check if no SCTP bio */
if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) { if (!BIO_dgram_is_sctp(SSL_get_rbio(ssl))) {
#endif #endif
/* Check whether this is a repeat, or aged record. */ /* Check whether this is a repeat, or aged record. */
if (!dtls1_record_replay_check(s, bitmap)) { if (!dtls1_record_replay_check(s, bitmap)) {
@ -1884,7 +1893,7 @@ int dtls1_get_record(SSL *s)
* processed at this time. * processed at this time.
*/ */
if (is_next_epoch) { if (is_next_epoch) {
if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) { if ((SSL_in_init(ssl) || ossl_statem_get_in_handshake(s))) {
if (dtls1_buffer_record (s, if (dtls1_buffer_record (s,
&(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)), &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),
rr->seq_num) < 0) { rr->seq_num) < 0) {
@ -1913,7 +1922,8 @@ int dtls1_get_record(SSL *s)
} }
int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off) int dtls_buffer_listen_record(SSL_CONNECTION *s, size_t len, unsigned char *seq,
size_t off)
{ {
SSL3_RECORD *rr; SSL3_RECORD *rr;

6
ssl/record/ssl3_record_tls13.c
View File

@ -20,7 +20,7 @@
* 0: On failure * 0: On failure
* 1: if the record encryption/decryption was successful. * 1: if the record encryption/decryption was successful.
*/ */
int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, int tls13_enc(SSL_CONNECTION *s, SSL3_RECORD *recs, size_t n_recs, int sending,
ossl_unused SSL_MAC_BUF *mac, ossl_unused size_t macsize) ossl_unused SSL_MAC_BUF *mac, ossl_unused size_t macsize)
{ {
EVP_CIPHER_CTX *ctx; EVP_CIPHER_CTX *ctx;
@ -140,8 +140,8 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0 if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0
|| (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
taglen, taglen,
rec->data + rec->length) <= 0)) { rec->data + rec->length) <= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }

34
ssl/s3_enc.c
View File

@ -15,7 +15,7 @@
#include <openssl/core_names.h> #include <openssl/core_names.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) static int ssl3_generate_key_block(SSL_CONNECTION *s, unsigned char *km, int num)
{ {
const EVP_MD *md5 = NULL, *sha1 = NULL; const EVP_MD *md5 = NULL, *sha1 = NULL;
EVP_MD_CTX *m5; EVP_MD_CTX *m5;
@ -24,13 +24,14 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
unsigned char c = 'A'; unsigned char c = 'A';
unsigned int i, k; unsigned int i, k;
int ret = 0; int ret = 0;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC
c = os_toascii[c]; /* 'A' in ASCII */ c = os_toascii[c]; /* 'A' in ASCII */
#endif #endif
k = 0; k = 0;
md5 = ssl_evp_md_fetch(s->ctx->libctx, NID_md5, s->ctx->propq); md5 = ssl_evp_md_fetch(sctx->libctx, NID_md5, sctx->propq);
sha1 = ssl_evp_md_fetch(s->ctx->libctx, NID_sha1, s->ctx->propq); sha1 = ssl_evp_md_fetch(sctx->libctx, NID_sha1, sctx->propq);
m5 = EVP_MD_CTX_new(); m5 = EVP_MD_CTX_new();
s1 = EVP_MD_CTX_new(); s1 = EVP_MD_CTX_new();
if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) { if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) {
@ -86,7 +87,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
return ret; return ret;
} }
int ssl3_change_cipher_state(SSL *s, int which) int ssl3_change_cipher_state(SSL_CONNECTION *s, int which)
{ {
unsigned char *p, *mac_secret; unsigned char *p, *mac_secret;
unsigned char *ms, *key, *iv; unsigned char *ms, *key, *iv;
@ -237,7 +238,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
return 0; return 0;
} }
int ssl3_setup_key_block(SSL *s) int ssl3_setup_key_block(SSL_CONNECTION *s)
{ {
unsigned char *p; unsigned char *p;
const EVP_CIPHER *c; const EVP_CIPHER *c;
@ -249,8 +250,8 @@ int ssl3_setup_key_block(SSL *s)
if (s->s3.tmp.key_block_length != 0) if (s->s3.tmp.key_block_length != 0)
return 1; return 1;
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp, if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash,
0)) { NULL, NULL, &comp, 0)) {
/* Error is already recorded */ /* Error is already recorded */
SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
return 0; return 0;
@ -305,14 +306,14 @@ int ssl3_setup_key_block(SSL *s)
return ret; return ret;
} }
void ssl3_cleanup_key_block(SSL *s) void ssl3_cleanup_key_block(SSL_CONNECTION *s)
{ {
OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length); OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length);
s->s3.tmp.key_block = NULL; s->s3.tmp.key_block = NULL;
s->s3.tmp.key_block_length = 0; s->s3.tmp.key_block_length = 0;
} }
int ssl3_init_finished_mac(SSL *s) int ssl3_init_finished_mac(SSL_CONNECTION *s)
{ {
BIO *buf = BIO_new(BIO_s_mem()); BIO *buf = BIO_new(BIO_s_mem());
@ -331,7 +332,7 @@ int ssl3_init_finished_mac(SSL *s)
* together. * together.
*/ */
void ssl3_free_digest_list(SSL *s) void ssl3_free_digest_list(SSL_CONNECTION *s)
{ {
BIO_free(s->s3.handshake_buffer); BIO_free(s->s3.handshake_buffer);
s->s3.handshake_buffer = NULL; s->s3.handshake_buffer = NULL;
@ -339,7 +340,7 @@ void ssl3_free_digest_list(SSL *s)
s->s3.handshake_dgst = NULL; s->s3.handshake_dgst = NULL;
} }
int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) int ssl3_finish_mac(SSL_CONNECTION *s, const unsigned char *buf, size_t len)
{ {
int ret; int ret;
@ -364,7 +365,7 @@ int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len)
return 1; return 1;
} }
int ssl3_digest_cached_records(SSL *s, int keep) int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep)
{ {
const EVP_MD *md; const EVP_MD *md;
long hdatalen; long hdatalen;
@ -413,7 +414,7 @@ void ssl3_digest_master_key_set_params(const SSL_SESSION *session,
params[n++] = OSSL_PARAM_construct_end(); params[n++] = OSSL_PARAM_construct_end();
} }
size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender, size_t len,
unsigned char *p) unsigned char *p)
{ {
int ret; int ret;
@ -466,7 +467,8 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
return ret; return ret;
} }
int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
unsigned char *p,
size_t len, size_t *secret_size) size_t len, size_t *secret_size)
{ {
static const unsigned char *salt[3] = { static const unsigned char *salt[3] = {
@ -491,7 +493,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
return 0; return 0;
} }
for (i = 0; i < 3; i++) { for (i = 0; i < 3; i++) {
if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 if (EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->sha1, NULL) <= 0
|| EVP_DigestUpdate(ctx, salt[i], || EVP_DigestUpdate(ctx, salt[i],
strlen((const char *)salt[i])) <= 0 strlen((const char *)salt[i])) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0
@ -500,7 +502,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
|| EVP_DigestUpdate(ctx, &(s->s3.server_random[0]), || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(ctx, buf, &n) <= 0 || EVP_DigestFinal_ex(ctx, buf, &n) <= 0
|| EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 || EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->md5, NULL) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, buf, n) <= 0 || EVP_DigestUpdate(ctx, buf, n) <= 0
|| EVP_DigestFinal_ex(ctx, out, &n) <= 0) { || EVP_DigestFinal_ex(ctx, out, &n) <= 0) {

452
ssl/s3_lib.c
View File

File diff suppressed because it is too large Load Diff

41
ssl/s3_msg.c
View File

@ -9,9 +9,10 @@
#include "ssl_local.h" #include "ssl_local.h"
int ssl3_do_change_cipher_spec(SSL *s) int ssl3_do_change_cipher_spec(SSL_CONNECTION *s)
{ {
int i; int i;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->server) if (s->server)
i = SSL3_CHANGE_CIPHER_SERVER_READ; i = SSL3_CHANGE_CIPHER_SERVER_READ;
@ -26,13 +27,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
} }
s->session->cipher = s->s3.tmp.new_cipher; s->session->cipher = s->s3.tmp.new_cipher;
if (!s->method->ssl3_enc->setup_key_block(s)) { if (!ssl->method->ssl3_enc->setup_key_block(s)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
} }
} }
if (!s->method->ssl3_enc->change_cipher_state(s, i)) { if (!ssl->method->ssl3_enc->change_cipher_state(s, i)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
} }
@ -40,13 +41,15 @@ int ssl3_do_change_cipher_spec(SSL *s)
return 1; return 1;
} }
int ssl3_send_alert(SSL *s, int level, int desc) int ssl3_send_alert(SSL_CONNECTION *s, int level, int desc)
{ {
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* Map tls/ssl alert value to correct one */ /* Map tls/ssl alert value to correct one */
if (SSL_TREAT_AS_TLS13(s)) if (SSL_CONNECTION_TREAT_AS_TLS13(s))
desc = tls13_alert_code(desc); desc = tls13_alert_code(desc);
else else
desc = s->method->ssl3_enc->alert_value(desc); desc = ssl->method->ssl3_enc->alert_value(desc);
if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
* protocol_version alerts */ * protocol_version alerts */
@ -63,7 +66,7 @@ int ssl3_send_alert(SSL *s, int level, int desc)
s->s3.send_alert[1] = desc; s->s3.send_alert[1] = desc;
if (!RECORD_LAYER_write_pending(&s->rlayer)) { if (!RECORD_LAYER_write_pending(&s->rlayer)) {
/* data still being written out? */ /* data still being written out? */
return s->method->ssl_dispatch_alert(s); return ssl->method->ssl_dispatch_alert(ssl);
} }
/* /*
* else data is still being written out, we will get written some time in * else data is still being written out, we will get written some time in
@ -78,31 +81,35 @@ int ssl3_dispatch_alert(SSL *s)
size_t alertlen; size_t alertlen;
void (*cb) (const SSL *ssl, int type, int val) = NULL; void (*cb) (const SSL *ssl, int type, int val) = NULL;
size_t written; size_t written;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
s->s3.alert_dispatch = 0; if (sc == NULL)
return -1;
sc->s3.alert_dispatch = 0;
alertlen = 2; alertlen = 2;
i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3.send_alert[0], &alertlen, 1, 0, i = do_ssl3_write(sc, SSL3_RT_ALERT, &sc->s3.send_alert[0], &alertlen, 1, 0,
&written); &written);
if (i <= 0) { if (i <= 0) {
s->s3.alert_dispatch = 1; sc->s3.alert_dispatch = 1;
} else { } else {
/* /*
* Alert sent to BIO - now flush. If the message does not get sent due * Alert sent to BIO - now flush. If the message does not get sent due
* to non-blocking IO, we will not worry too much. * to non-blocking IO, we will not worry too much.
*/ */
(void)BIO_flush(s->wbio); (void)BIO_flush(sc->wbio);
if (s->msg_callback) if (sc->msg_callback)
s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert, sc->msg_callback(1, sc->version, SSL3_RT_ALERT, sc->s3.send_alert,
2, s, s->msg_callback_arg); 2, s, sc->msg_callback_arg);
if (s->info_callback != NULL) if (sc->info_callback != NULL)
cb = s->info_callback; cb = sc->info_callback;
else if (s->ctx->info_callback != NULL) else if (s->ctx->info_callback != NULL)
cb = s->ctx->info_callback; cb = s->ctx->info_callback;
if (cb != NULL) { if (cb != NULL) {
j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1]; j = (sc->s3.send_alert[0] << 8) | sc->s3.send_alert[1];
cb(s, SSL_CB_WRITE_ALERT, j); cb(s, SSL_CB_WRITE_ALERT, j);
} }
} }

106
ssl/ssl_cert.c
View File

@ -248,7 +248,7 @@ void ssl_cert_free(CERT *c)
OPENSSL_free(c); OPENSSL_free(c);
} }
int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
{ {
int i, r; int i, r;
CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key; CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key;
@ -269,7 +269,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
return 1; return 1;
} }
int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
{ {
STACK_OF(X509) *dchain; STACK_OF(X509) *dchain;
if (!chain) if (!chain)
@ -284,7 +284,7 @@ int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
return 1; return 1;
} }
int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x) int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
{ {
int r; int r;
CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key; CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
@ -302,7 +302,7 @@ int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
return 1; return 1;
} }
int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x) int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x)
{ {
if (!ssl_cert_add0_chain_cert(s, ctx, x)) if (!ssl_cert_add0_chain_cert(s, ctx, x))
return 0; return 0;
@ -369,23 +369,25 @@ void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
* 0: Verify failure or error * 0: Verify failure or error
* -1: Retry required * -1: Retry required
*/ */
int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk)
{ {
X509 *x; X509 *x;
int i = 0; int i = 0;
X509_STORE *verify_store; X509_STORE *verify_store;
X509_STORE_CTX *ctx = NULL; X509_STORE_CTX *ctx = NULL;
X509_VERIFY_PARAM *param; X509_VERIFY_PARAM *param;
SSL_CTX *sctx;
if ((sk == NULL) || (sk_X509_num(sk) == 0)) if ((sk == NULL) || (sk_X509_num(sk) == 0))
return 0; return 0;
sctx = SSL_CONNECTION_GET_CTX(s);
if (s->cert->verify_store) if (s->cert->verify_store)
verify_store = s->cert->verify_store; verify_store = s->cert->verify_store;
else else
verify_store = s->ctx->cert_store; verify_store = sctx->cert_store;
ctx = X509_STORE_CTX_new_ex(s->ctx->libctx, s->ctx->propq); ctx = X509_STORE_CTX_new_ex(sctx->libctx, sctx->propq);
if (ctx == NULL) { if (ctx == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0; return 0;
@ -402,12 +404,13 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
* point, for now a single @SECLEVEL sets the same policy for TLS crypto * point, for now a single @SECLEVEL sets the same policy for TLS crypto
* and PKI authentication. * and PKI authentication.
*/ */
X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s)); X509_VERIFY_PARAM_set_auth_level(param,
SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)));
/* Set suite B flags if needed */ /* Set suite B flags if needed */
X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s)); X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
if (!X509_STORE_CTX_set_ex_data if (!X509_STORE_CTX_set_ex_data(ctx,
(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
goto end; goto end;
} }
@ -430,8 +433,8 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
if (s->verify_callback) if (s->verify_callback)
X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback); X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
if (s->ctx->app_verify_callback != NULL) { if (sctx->app_verify_callback != NULL) {
i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg); i = sctx->app_verify_callback(ctx, sctx->app_verify_arg);
} else { } else {
i = X509_verify_cert(ctx); i = X509_verify_cert(ctx);
/* We treat an error in the same way as a failure to verify */ /* We treat an error in the same way as a failure to verify */
@ -491,7 +494,12 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
{ {
set0_CA_list(&s->ca_names, name_list); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return;
set0_CA_list(&sc->ca_names, name_list);
} }
void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
@ -506,7 +514,12 @@ const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s) const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
{ {
return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names; const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return NULL;
return sc->ca_names != NULL ? sc->ca_names : s->ctx->ca_names;
} }
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
@ -521,20 +534,35 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
{ {
set0_CA_list(&s->client_ca_names, name_list); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return;
set0_CA_list(&sc->client_ca_names, name_list);
} }
const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s) const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
{ {
return s->s3.tmp.peer_ca_names; const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return NULL;
return sc->s3.tmp.peer_ca_names;
} }
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
{ {
if (!s->server) const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
return s->s3.tmp.peer_ca_names;
return s->client_ca_names != NULL ? s->client_ca_names if (sc == NULL)
: s->ctx->client_ca_names; return NULL;
if (!sc->server)
return sc->s3.tmp.peer_ca_names;
return sc->client_ca_names != NULL ? sc->client_ca_names
: s->ctx->client_ca_names;
} }
static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x) static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
@ -558,7 +586,12 @@ static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
int SSL_add1_to_CA_list(SSL *ssl, const X509 *x) int SSL_add1_to_CA_list(SSL *ssl, const X509 *x)
{ {
return add_ca_name(&ssl->ca_names, x); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
return add_ca_name(&sc->ca_names, x);
} }
int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x) int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
@ -572,7 +605,12 @@ int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
*/ */
int SSL_add_client_CA(SSL *ssl, X509 *x) int SSL_add_client_CA(SSL *ssl, X509 *x)
{ {
return add_ca_name(&ssl->client_ca_names, x); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
return add_ca_name(&sc->client_ca_names, x);
} }
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
@ -849,18 +887,18 @@ int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
} }
/* Build a certificate chain for current certificate */ /* Build a certificate chain for current certificate */
int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags)
{ {
CERT *c = s ? s->cert : ctx->cert; CERT *c = s != NULL ? s->cert : ctx->cert;
CERT_PKEY *cpk = c->key; CERT_PKEY *cpk = c->key;
X509_STORE *chain_store = NULL; X509_STORE *chain_store = NULL;
X509_STORE_CTX *xs_ctx = NULL; X509_STORE_CTX *xs_ctx = NULL;
STACK_OF(X509) *chain = NULL, *untrusted = NULL; STACK_OF(X509) *chain = NULL, *untrusted = NULL;
X509 *x; X509 *x;
SSL_CTX *real_ctx = (s == NULL) ? ctx : s->ctx; SSL_CTX *real_ctx = (s == NULL) ? ctx : SSL_CONNECTION_GET_CTX(s);
int i, rv = 0; int i, rv = 0;
if (!cpk->x509) { if (cpk->x509 == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET); ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET);
goto err; goto err;
} }
@ -878,12 +916,10 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
if (!X509_STORE_add_cert(chain_store, cpk->x509)) if (!X509_STORE_add_cert(chain_store, cpk->x509))
goto err; goto err;
} else { } else {
if (c->chain_store) if (c->chain_store != NULL)
chain_store = c->chain_store; chain_store = c->chain_store;
else if (s)
chain_store = s->ctx->cert_store;
else else
chain_store = ctx->cert_store; chain_store = real_ctx->cert_store;
if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED) if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
untrusted = cpk->chain; untrusted = cpk->chain;
@ -1008,6 +1044,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
void *ex) void *ex)
{ {
int level, minbits, pfs_mask; int level, minbits, pfs_mask;
const SSL_CONNECTION *sc;
minbits = ssl_get_security_level_bits(s, ctx, &level); minbits = ssl_get_security_level_bits(s, ctx, &level);
@ -1046,7 +1083,9 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
break; break;
} }
case SSL_SECOP_VERSION: case SSL_SECOP_VERSION:
if (!SSL_IS_DTLS(s)) { if ((sc = SSL_CONNECTION_FROM_CONST_SSL(s)) == NULL)
return 0;
if (!SSL_CONNECTION_IS_DTLS(sc)) {
/* SSLv3, TLS v1.0 and TLS v1.1 only allowed at level 0 */ /* SSLv3, TLS v1.0 and TLS v1.1 only allowed at level 0 */
if (nid <= TLS1_1_VERSION && level > 0) if (nid <= TLS1_1_VERSION && level > 0)
return 0; return 0;
@ -1072,9 +1111,10 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
return 1; return 1;
} }
int ssl_security(const SSL *s, int op, int bits, int nid, void *other) int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other)
{ {
return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex); return s->cert->sec_cb(SSL_CONNECTION_GET_SSL(s), NULL, op, bits, nid,
other, s->cert->sec_ex);
} }
int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other) int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)

33
ssl/ssl_ciph.c
View File

@ -625,14 +625,15 @@ const EVP_MD *ssl_md(SSL_CTX *ctx, int idx)
return ctx->ssl_digest_methods[idx]; return ctx->ssl_digest_methods[idx];
} }
const EVP_MD *ssl_handshake_md(SSL *s) const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s)
{ {
return ssl_md(s->ctx, ssl_get_algorithm2(s)); return ssl_md(SSL_CONNECTION_GET_CTX(s), ssl_get_algorithm2(s));
} }
const EVP_MD *ssl_prf_md(SSL *s) const EVP_MD *ssl_prf_md(SSL_CONNECTION *s)
{ {
return ssl_md(s->ctx, ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT); return ssl_md(SSL_CONNECTION_GET_CTX(s),
ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
} }
#define ITEM_SEP(a) \ #define ITEM_SEP(a) \
@ -1431,15 +1432,22 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
int SSL_set_ciphersuites(SSL *s, const char *str) int SSL_set_ciphersuites(SSL *s, const char *str)
{ {
STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list;
int ret = set_ciphersuites(&(s->tls13_ciphersuites), str); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
int ret;
if (s->cipher_list == NULL) { if (sc == NULL)
return 0;
ret = set_ciphersuites(&(sc->tls13_ciphersuites), str);
if (sc->cipher_list == NULL) {
if ((cipher_list = SSL_get_ciphers(s)) != NULL) if ((cipher_list = SSL_get_ciphers(s)) != NULL)
s->cipher_list = sk_SSL_CIPHER_dup(cipher_list); sc->cipher_list = sk_SSL_CIPHER_dup(cipher_list);
} }
if (ret && s->cipher_list != NULL) if (ret && sc->cipher_list != NULL)
return update_cipher_list(s->ctx, &s->cipher_list, &s->cipher_list_by_id, return update_cipher_list(s->ctx, &sc->cipher_list,
s->tls13_ciphersuites); &sc->cipher_list_by_id,
sc->tls13_ciphersuites);
return ret; return ret;
} }
@ -2096,10 +2104,11 @@ int SSL_COMP_get_id(const SSL_COMP *comp)
#endif #endif
} }
const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr, const SSL_CIPHER *ssl_get_cipher_by_char(SSL_CONNECTION *s,
const unsigned char *ptr,
int all) int all)
{ {
const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr); const SSL_CIPHER *c = SSL_CONNECTION_GET_SSL(s)->method->get_cipher_by_char(ptr);
if (c == NULL || (!all && c->valid == 0)) if (c == NULL || (!all && c->valid == 0))
return NULL; return NULL;

53
ssl/ssl_conf.c
View File

@ -431,16 +431,23 @@ static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
{ {
int rv = 1; int rv = 1;
CERT *c = NULL; CERT *c = NULL;
if (cctx->ctx) { if (cctx->ctx != NULL) {
rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value); rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value);
c = cctx->ctx->cert; c = cctx->ctx->cert;
} }
if (cctx->ssl) { if (cctx->ssl != NULL) {
rv = SSL_use_certificate_chain_file(cctx->ssl, value); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl);
c = cctx->ssl->cert;
if (sc != NULL) {
rv = SSL_use_certificate_chain_file(cctx->ssl, value);
c = sc->cert;
} else {
rv = 0;
}
} }
if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { if (rv > 0 && c != NULL && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
char **pfilename = &cctx->cert_filename[c->key - c->pkeys]; char **pfilename = &cctx->cert_filename[c->key - c->pkeys];
OPENSSL_free(*pfilename); OPENSSL_free(*pfilename);
*pfilename = OPENSSL_strdup(value); *pfilename = OPENSSL_strdup(value);
if (*pfilename == NULL) if (*pfilename == NULL)
@ -484,7 +491,12 @@ static int do_store(SSL_CONF_CTX *cctx,
cert = cctx->ctx->cert; cert = cctx->ctx->cert;
ctx = cctx->ctx; ctx = cctx->ctx;
} else if (cctx->ssl != NULL) { } else if (cctx->ssl != NULL) {
cert = cctx->ssl->cert; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl);
if (sc == NULL)
return 0;
cert = sc->cert;
ctx = cctx->ssl->ctx; ctx = cctx->ssl->ctx;
} else { } else {
return 1; return 1;
@ -977,11 +989,16 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
/* See if any certificates are missing private keys */ /* See if any certificates are missing private keys */
size_t i; size_t i;
CERT *c = NULL; CERT *c = NULL;
if (cctx->ctx)
if (cctx->ctx != NULL) {
c = cctx->ctx->cert; c = cctx->ctx->cert;
else if (cctx->ssl) } else if (cctx->ssl != NULL) {
c = cctx->ssl->cert; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(cctx->ssl);
if (c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
if (sc != NULL)
c = sc->cert;
}
if (c != NULL && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
for (i = 0; i < SSL_PKEY_NUM; i++) { for (i = 0; i < SSL_PKEY_NUM; i++) {
const char *p = cctx->cert_filename[i]; const char *p = cctx->cert_filename[i];
/* /*
@ -1050,12 +1067,16 @@ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl)
{ {
cctx->ssl = ssl; cctx->ssl = ssl;
cctx->ctx = NULL; cctx->ctx = NULL;
if (ssl) { if (ssl != NULL) {
cctx->poptions = &ssl->options; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
cctx->min_version = &ssl->min_proto_version;
cctx->max_version = &ssl->max_proto_version; if (sc == NULL)
cctx->pcert_flags = &ssl->cert->cert_flags; return;
cctx->pvfy_flags = &ssl->verify_mode; cctx->poptions = &sc->options;
cctx->min_version = &sc->min_proto_version;
cctx->max_version = &sc->max_proto_version;
cctx->pcert_flags = &sc->cert->cert_flags;
cctx->pvfy_flags = &sc->verify_mode;
} else { } else {
cctx->poptions = NULL; cctx->poptions = NULL;
cctx->min_version = NULL; cctx->min_version = NULL;

2040
ssl/ssl_lib.c
View File

File diff suppressed because it is too large Load Diff

483
ssl/ssl_local.h
View File

@ -338,45 +338,47 @@
# define SSL3_CK_CIPHERSUITE_FLAG 0x03000000 # define SSL3_CK_CIPHERSUITE_FLAG 0x03000000
/* Check if an SSL structure is using DTLS */ /* Check if an SSL structure is using DTLS */
# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) # define SSL_CONNECTION_IS_DTLS(s) \
(SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
/* Check if we are using TLSv1.3 */ /* Check if we are using TLSv1.3 */
# define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \ # define SSL_CONNECTION_IS_TLS13(s) (!SSL_CONNECTION_IS_DTLS(s) \
&& (s)->method->version >= TLS1_3_VERSION \ && SSL_CONNECTION_GET_SSL(s)->method->version >= TLS1_3_VERSION \
&& (s)->method->version != TLS_ANY_VERSION) && SSL_CONNECTION_GET_SSL(s)->method->version != TLS_ANY_VERSION)
# define SSL_TREAT_AS_TLS13(s) \ # define SSL_CONNECTION_TREAT_AS_TLS13(s) \
(SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \ (SSL_CONNECTION_IS_TLS13(s) \
|| (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
|| (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \ || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
|| (s)->early_data_state == SSL_EARLY_DATA_WRITING \ || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
|| (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \ || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \
|| (s)->hello_retry_request == SSL_HRR_PENDING) || (s)->hello_retry_request == SSL_HRR_PENDING)
# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3.tmp.finish_md_len == 0 \ # define SSL_IS_FIRST_HANDSHAKE(s) ((s)->s3.tmp.finish_md_len == 0 \
|| (s)->s3.tmp.peer_finish_md_len == 0) || (s)->s3.tmp.peer_finish_md_len == 0)
/* See if we need explicit IV */ /* See if we need explicit IV */
# define SSL_USE_EXPLICIT_IV(s) \ # define SSL_USE_EXPLICIT_IV(s) \
(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
/* /*
* See if we use signature algorithms extension and signature algorithm * See if we use signature algorithms extension and signature algorithm
* before signatures. * before signatures.
*/ */
# define SSL_USE_SIGALGS(s) \ # define SSL_USE_SIGALGS(s) \
(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
/* /*
* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may
* apply to others in future. * apply to others in future.
*/ */
# define SSL_USE_TLS1_2_CIPHERS(s) \ # define SSL_USE_TLS1_2_CIPHERS(s) \
(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
/* /*
* Determine if a client can use TLS 1.2 ciphersuites: can't rely on method * Determine if a client can use TLS 1.2 ciphersuites: can't rely on method
* flags because it may not be set to correct version yet. * flags because it may not be set to correct version yet.
*/ */
# define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \ # define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \
((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \ ((!SSL_CONNECTION_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \
(SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION))) (SSL_CONNECTION_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION)))
/* /*
* Determine if a client should send signature algorithms extension: * Determine if a client should send signature algorithms extension:
* as with TLS1.2 cipher we can't rely on method flags. * as with TLS1.2 cipher we can't rely on method flags.
@ -487,9 +489,12 @@ struct ssl_method_st {
int version; int version;
unsigned flags; unsigned flags;
unsigned long mask; unsigned long mask;
int (*ssl_new) (SSL *s); SSL *(*ssl_new) (SSL_CTX *ctx);
int (*ssl_clear) (SSL *s);
void (*ssl_free) (SSL *s); void (*ssl_free) (SSL *s);
int (*ssl_reset) (SSL *s);
int (*ssl_init) (SSL *s);
int (*ssl_clear) (SSL *s);
void (*ssl_deinit) (SSL *s);
int (*ssl_accept) (SSL *s); int (*ssl_accept) (SSL *s);
int (*ssl_connect) (SSL *s); int (*ssl_connect) (SSL *s);
int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes); int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes);
@ -1209,14 +1214,32 @@ struct ssl_ctx_st {
typedef struct cert_pkey_st CERT_PKEY; typedef struct cert_pkey_st CERT_PKEY;
#define SSL_TYPE_SSL_CONNECTION 0
#define SSL_TYPE_QUIC_CONNECTION 1
#define SSL_TYPE_QUIC_STREAM 2
struct ssl_st { struct ssl_st {
int type;
SSL_CTX *ctx;
const SSL_METHOD *method;
CRYPTO_REF_COUNT references;
CRYPTO_RWLOCK *lock;
/* extra application data */
CRYPTO_EX_DATA ex_data;
};
struct ssl_connection_st {
/* type identifier and common data */
struct ssl_st ssl;
#ifndef OPENSSL_NO_QUIC
/* pointer to parent SSL of QUIC_CONNECTION or self */
struct ssl_st *user_ssl;
#endif
/* /*
* protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
* DTLS1_VERSION) * DTLS1_VERSION)
*/ */
int version; int version;
/* SSLv3 */
const SSL_METHOD *method;
/* /*
* There are 2 BIO's even though they are normally both the same. This * There are 2 BIO's even though they are normally both the same. This
* is so data can be read and written to different handlers * is so data can be read and written to different handlers
@ -1535,12 +1558,9 @@ struct ssl_st {
SSL_psk_find_session_cb_func psk_find_session_cb; SSL_psk_find_session_cb_func psk_find_session_cb;
SSL_psk_use_session_cb_func psk_use_session_cb; SSL_psk_use_session_cb_func psk_use_session_cb;
SSL_CTX *ctx;
/* Verified chain of peer */ /* Verified chain of peer */
STACK_OF(X509) *verified_chain; STACK_OF(X509) *verified_chain;
long verify_result; long verify_result;
/* extra application data */
CRYPTO_EX_DATA ex_data;
/* /*
* What we put in certificate_authorities extension for TLS 1.3 * What we put in certificate_authorities extension for TLS 1.3
* (ClientHello and CertificateRequest) or just client cert requests for * (ClientHello and CertificateRequest) or just client cert requests for
@ -1549,7 +1569,6 @@ struct ssl_st {
*/ */
STACK_OF(X509_NAME) *ca_names; STACK_OF(X509_NAME) *ca_names;
STACK_OF(X509_NAME) *client_ca_names; STACK_OF(X509_NAME) *client_ca_names;
CRYPTO_REF_COUNT references;
/* protocol behaviour */ /* protocol behaviour */
uint64_t options; uint64_t options;
/* API behaviour */ /* API behaviour */
@ -1776,8 +1795,6 @@ struct ssl_st {
void *record_padding_arg; void *record_padding_arg;
size_t block_padding; size_t block_padding;
CRYPTO_RWLOCK *lock;
/* The number of TLS1.3 tickets to automatically send */ /* The number of TLS1.3 tickets to automatically send */
size_t num_tickets; size_t num_tickets;
/* The number of TLS1.3 tickets actually sent so far */ /* The number of TLS1.3 tickets actually sent so far */
@ -1801,6 +1818,39 @@ struct ssl_st {
size_t shared_sigalgslen; size_t shared_sigalgslen;
}; };
# define SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, c) \
((ssl) == NULL ? NULL \
: ((ssl)->type == SSL_TYPE_SSL_CONNECTION \
? (c SSL_CONNECTION *)(ssl) \
: NULL))
# define SSL_CONNECTION_NO_CONST
# define SSL_CONNECTION_FROM_SSL_ONLY(ssl) \
SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, SSL_CONNECTION_NO_CONST)
# define SSL_CONNECTION_FROM_CONST_SSL_ONLY(ssl) \
SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, const)
# define SSL_CONNECTION_GET_CTX(sc) ((sc)->ssl.ctx)
# ifndef OPENSSL_NO_QUIC
# include "quic/quic_local.h"
# define SSL_CONNECTION_FROM_SSL_int(ssl, c) \
((ssl) == NULL ? NULL \
: ((ssl)->type == SSL_TYPE_SSL_CONNECTION \
? (c SSL_CONNECTION *)(ssl) \
: ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \
: NULL)))
# define SSL_CONNECTION_FROM_SSL(ssl) \
SSL_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
# define SSL_CONNECTION_FROM_CONST_SSL(ssl) \
SSL_CONNECTION_FROM_SSL_int(ssl, const)
# define SSL_CONNECTION_GET_SSL(sc) ((sc)->user_ssl)
# else
# define SSL_CONNECTION_FROM_SSL(ssl) \
SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, SSL_CONNECTION_NO_CONST)
# define SSL_CONNECTION_FROM_CONST_SSL(ssl) \
SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, const)
# define SSL_CONNECTION_GET_SSL(sc) (&(sc)->ssl)
# endif
/* /*
* Structure containing table entry of values associated with the signature * Structure containing table entry of values associated with the signature
* algorithms (signature scheme) extension * algorithms (signature scheme) extension
@ -2075,37 +2125,39 @@ typedef struct cert_st {
* of a mess of functions, but hell, think of it as an opaque structure :-) * of a mess of functions, but hell, think of it as an opaque structure :-)
*/ */
typedef struct ssl3_enc_method { typedef struct ssl3_enc_method {
int (*enc) (SSL *, SSL3_RECORD *, size_t, int, SSL_MAC_BUF *, size_t); int (*enc) (SSL_CONNECTION *, SSL3_RECORD *, size_t, int,
int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int); SSL_MAC_BUF *, size_t);
int (*setup_key_block) (SSL *); int (*mac) (SSL_CONNECTION *, SSL3_RECORD *, unsigned char *, int);
int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *, int (*setup_key_block) (SSL_CONNECTION *);
size_t, size_t *); int (*generate_master_secret) (SSL_CONNECTION *, unsigned char *,
int (*change_cipher_state) (SSL *, int); unsigned char *, size_t, size_t *);
size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *); int (*change_cipher_state) (SSL_CONNECTION *, int);
size_t (*final_finish_mac) (SSL_CONNECTION *, const char *, size_t,
unsigned char *);
const char *client_finished_label; const char *client_finished_label;
size_t client_finished_label_len; size_t client_finished_label_len;
const char *server_finished_label; const char *server_finished_label;
size_t server_finished_label_len; size_t server_finished_label_len;
int (*alert_value) (int); int (*alert_value) (int);
int (*export_keying_material) (SSL *, unsigned char *, size_t, int (*export_keying_material) (SSL_CONNECTION *, unsigned char *, size_t,
const char *, size_t, const char *, size_t,
const unsigned char *, size_t, const unsigned char *, size_t,
int use_context); int use_context);
/* Various flags indicating protocol version requirements */ /* Various flags indicating protocol version requirements */
uint32_t enc_flags; uint32_t enc_flags;
/* Set the handshake header */ /* Set the handshake header */
int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type); int (*set_handshake_header) (SSL_CONNECTION *s, WPACKET *pkt, int type);
/* Close construction of the handshake message */ /* Close construction of the handshake message */
int (*close_construct_packet) (SSL *s, WPACKET *pkt, int htype); int (*close_construct_packet) (SSL_CONNECTION *s, WPACKET *pkt, int htype);
/* Write out handshake message */ /* Write out handshake message */
int (*do_write) (SSL *s); int (*do_write) (SSL_CONNECTION *s);
} SSL3_ENC_METHOD; } SSL3_ENC_METHOD;
# define ssl_set_handshake_header(s, pkt, htype) \ # define ssl_set_handshake_header(s, pkt, htype) \
s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype)) SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->set_handshake_header((s), (pkt), (htype))
# define ssl_close_construct_packet(s, pkt, htype) \ # define ssl_close_construct_packet(s, pkt, htype) \
s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype)) SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->close_construct_packet((s), (pkt), (htype))
# define ssl_do_write(s) s->method->ssl3_enc->do_write(s) # define ssl_do_write(s) SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->do_write(s)
/* Values for enc_flags */ /* Values for enc_flags */
@ -2248,6 +2300,9 @@ const SSL_METHOD *func_name(void) \
version, \ version, \
flags, \ flags, \
mask, \ mask, \
ossl_ssl_connection_new, \
ossl_ssl_connection_free, \
ossl_ssl_connection_reset, \
tls1_new, \ tls1_new, \
tls1_clear, \ tls1_clear, \
tls1_free, \ tls1_free, \
@ -2285,6 +2340,9 @@ const SSL_METHOD *func_name(void) \
SSL3_VERSION, \ SSL3_VERSION, \
SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \ SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \
SSL_OP_NO_SSLv3, \ SSL_OP_NO_SSLv3, \
ossl_ssl_connection_new, \
ossl_ssl_connection_free, \
ossl_ssl_connection_reset, \
ssl3_new, \ ssl3_new, \
ssl3_clear, \ ssl3_clear, \
ssl3_free, \ ssl3_free, \
@ -2323,6 +2381,9 @@ const SSL_METHOD *func_name(void) \
version, \ version, \
flags, \ flags, \
mask, \ mask, \
ossl_ssl_connection_new, \
ossl_ssl_connection_free, \
ossl_ssl_connection_reset, \
dtls1_new, \ dtls1_new, \
dtls1_clear, \ dtls1_clear, \
dtls1_free, \ dtls1_free, \
@ -2354,14 +2415,14 @@ const SSL_METHOD *func_name(void) \
} }
struct openssl_ssl_test_functions { struct openssl_ssl_test_functions {
int (*p_ssl_init_wbio_buffer) (SSL *s); int (*p_ssl_init_wbio_buffer) (SSL_CONNECTION *s);
int (*p_ssl3_setup_buffers) (SSL *s); int (*p_ssl3_setup_buffers) (SSL_CONNECTION *s);
}; };
const char *ssl_protocol_to_string(int version); const char *ssl_protocol_to_string(int version);
/* Returns true if certificate and private key for 'idx' are present */ /* Returns true if certificate and private key for 'idx' are present */
static ossl_inline int ssl_has_cert(const SSL *s, int idx) static ossl_inline int ssl_has_cert(const SSL_CONNECTION *s, int idx)
{ {
if (idx < 0 || idx >= SSL_PKEY_NUM) if (idx < 0 || idx >= SSL_PKEY_NUM)
return 0; return 0;
@ -2369,7 +2430,8 @@ static ossl_inline int ssl_has_cert(const SSL *s, int idx)
&& s->cert->pkeys[idx].privatekey != NULL; && s->cert->pkeys[idx].privatekey != NULL;
} }
static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups, static ossl_inline void tls1_get_peer_groups(SSL_CONNECTION *s,
const uint16_t **pgroups,
size_t *pgroupslen) size_t *pgroupslen)
{ {
*pgroups = s->ext.peer_supportedgroups; *pgroups = s->ext.peer_supportedgroups;
@ -2378,19 +2440,25 @@ static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups,
# ifndef OPENSSL_UNIT_TEST # ifndef OPENSSL_UNIT_TEST
__owur int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, int type);
__owur SSL *ossl_ssl_connection_new(SSL_CTX *ctx);
void ossl_ssl_connection_free(SSL *ssl);
__owur int ossl_ssl_connection_reset(SSL *ssl);
__owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes); __owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes);
__owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written); __owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written);
void ssl_clear_cipher_ctx(SSL *s); void ssl_clear_cipher_ctx(SSL_CONNECTION *s);
int ssl_clear_bad_session(SSL *s); int ssl_clear_bad_session(SSL_CONNECTION *s);
__owur CERT *ssl_cert_new(void); __owur CERT *ssl_cert_new(void);
__owur CERT *ssl_cert_dup(CERT *cert); __owur CERT *ssl_cert_dup(CERT *cert);
void ssl_cert_clear_certs(CERT *c); void ssl_cert_clear_certs(CERT *c);
void ssl_cert_free(CERT *c); void ssl_cert_free(CERT *c);
__owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss); __owur int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss);
__owur int ssl_get_new_session(SSL *s, int session); __owur int ssl_get_new_session(SSL_CONNECTION *s, int session);
__owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, __owur SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
const unsigned char *sess_id,
size_t sess_id_len); size_t sess_id_len);
__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); __owur int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello);
__owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket); __owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket);
__owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
@ -2402,12 +2470,13 @@ __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
STACK_OF(SSL_CIPHER) **cipher_list_by_id, STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str, const char *rule_str,
CERT *c); CERT *c);
__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format); __owur int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites,
__owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, int sslv2format);
STACK_OF(SSL_CIPHER) **skp, __owur int ossl_bytes_to_cipher_list(SSL_CONNECTION *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, STACK_OF(SSL_CIPHER) **skp,
int fatal); STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
void ssl_update_cache(SSL *s, int mode); int fatal);
void ssl_update_cache(SSL_CONNECTION *s, int mode);
__owur int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, __owur int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc,
const EVP_CIPHER **enc); const EVP_CIPHER **enc);
__owur int ssl_cipher_get_evp(SSL_CTX *ctxc, const SSL_SESSION *s, __owur int ssl_cipher_get_evp(SSL_CTX *ctxc, const SSL_SESSION *s,
@ -2418,24 +2487,27 @@ __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
size_t *int_overhead, size_t *blocksize, size_t *int_overhead, size_t *blocksize,
size_t *ext_overhead); size_t *ext_overhead);
__owur int ssl_cert_is_disabled(SSL_CTX *ctx, size_t idx); __owur int ssl_cert_is_disabled(SSL_CTX *ctx, size_t idx);
__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL_CONNECTION *ssl,
const unsigned char *ptr, const unsigned char *ptr,
int all); int all);
__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); __owur int ssl_cert_set0_chain(SSL_CONNECTION *s, SSL_CTX *ctx,
__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); STACK_OF(X509) *chain);
__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_set1_chain(SSL_CONNECTION *s, SSL_CTX *ctx,
__owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); STACK_OF(X509) *chain);
__owur int ssl_cert_add0_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x);
__owur int ssl_cert_add1_chain_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x);
__owur int ssl_cert_select_current(CERT *c, X509 *x); __owur int ssl_cert_select_current(CERT *c, X509 *x);
__owur int ssl_cert_set_current(CERT *c, long arg); __owur int ssl_cert_set_current(CERT *c, long arg);
void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg); void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg);
__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); __owur int ssl_verify_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk);
__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); __owur int ssl_build_cert_chain(SSL_CONNECTION *s, SSL_CTX *ctx, int flags);
__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
int ref); int ref);
__owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain); __owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain);
__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid,
void *other);
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
void *other); void *other);
int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp); int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp);
@ -2448,51 +2520,52 @@ __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx);
int ssl_undefined_function(SSL *s); int ssl_undefined_function(SSL *s);
__owur int ssl_undefined_void_function(void); __owur int ssl_undefined_void_function(void);
__owur int ssl_undefined_const_function(const SSL *s); __owur int ssl_undefined_const_function(const SSL *s);
__owur int ssl_get_server_cert_serverinfo(SSL *s, __owur int ssl_get_server_cert_serverinfo(SSL_CONNECTION *s,
const unsigned char **serverinfo, const unsigned char **serverinfo,
size_t *serverinfo_length); size_t *serverinfo_length);
void ssl_set_masks(SSL *s); void ssl_set_masks(SSL_CONNECTION *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL_CONNECTION *sc);
__owur int ssl_x509err2alert(int type); __owur int ssl_x509err2alert(int type);
void ssl_sort_cipher_list(void); void ssl_sort_cipher_list(void);
int ssl_load_ciphers(SSL_CTX *ctx); int ssl_load_ciphers(SSL_CTX *ctx);
__owur int ssl_setup_sig_algs(SSL_CTX *ctx); __owur int ssl_setup_sig_algs(SSL_CTX *ctx);
int ssl_load_groups(SSL_CTX *ctx); int ssl_load_groups(SSL_CTX *ctx);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, __owur int ssl_fill_hello_random(SSL_CONNECTION *s, int server,
size_t len, DOWNGRADE dgrd); unsigned char *field, size_t len,
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, DOWNGRADE dgrd);
int free_pms); __owur int ssl_generate_master_secret(SSL_CONNECTION *s, unsigned char *pms,
__owur EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm); size_t pmslen, int free_pms);
__owur int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen); __owur EVP_PKEY *ssl_generate_pkey(SSL_CONNECTION *s, EVP_PKEY *pm);
__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, __owur int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen);
__owur int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey,
int genmaster); int genmaster);
__owur int ssl_decapsulate(SSL *s, EVP_PKEY *privkey, __owur int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey,
const unsigned char *ct, size_t ctlen, const unsigned char *ct, size_t ctlen,
int gensecret); int gensecret);
__owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey, __owur int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey,
unsigned char **ctp, size_t *ctlenp, unsigned char **ctp, size_t *ctlenp,
int gensecret); int gensecret);
__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
__owur int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen, __owur int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
void *key); void *key);
__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl); __owur unsigned int ssl_get_max_send_fragment(const SSL_CONNECTION *sc);
__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl); __owur unsigned int ssl_get_split_send_fragment(const SSL_CONNECTION *sc);
__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id); __owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);
__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname); __owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname);
__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
size_t *len); size_t *len);
int ssl3_init_finished_mac(SSL *s); int ssl3_init_finished_mac(SSL_CONNECTION *s);
__owur int ssl3_setup_key_block(SSL *s); __owur int ssl3_setup_key_block(SSL_CONNECTION *s);
__owur int ssl3_change_cipher_state(SSL *s, int which); __owur int ssl3_change_cipher_state(SSL_CONNECTION *s, int which);
void ssl3_cleanup_key_block(SSL *s); void ssl3_cleanup_key_block(SSL_CONNECTION *s);
__owur int ssl3_do_write(SSL *s, int type); __owur int ssl3_do_write(SSL_CONNECTION *s, int type);
int ssl3_send_alert(SSL *s, int level, int desc); int ssl3_send_alert(SSL_CONNECTION *s, int level, int desc);
__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out, __owur int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
unsigned char *p, size_t len, unsigned char *p, size_t len,
size_t *secret_size); size_t *secret_size);
__owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt); __owur int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt);
__owur int ssl3_num_ciphers(void); __owur int ssl3_num_ciphers(void);
__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u); __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate(SSL *ssl);
@ -2500,16 +2573,17 @@ int ssl3_renegotiate_check(SSL *ssl, int initok);
void ssl3_digest_master_key_set_params(const SSL_SESSION *session, void ssl3_digest_master_key_set_params(const SSL_SESSION *session,
OSSL_PARAM params[]); OSSL_PARAM params[]);
__owur int ssl3_dispatch_alert(SSL *s); __owur int ssl3_dispatch_alert(SSL *s);
__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen, __owur size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender,
unsigned char *p); size_t slen, unsigned char *p);
__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len); __owur int ssl3_finish_mac(SSL_CONNECTION *s, const unsigned char *buf,
void ssl3_free_digest_list(SSL *s); size_t len);
__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, void ssl3_free_digest_list(SSL_CONNECTION *s);
__owur unsigned long ssl3_output_cert_chain(SSL_CONNECTION *s, WPACKET *pkt,
CERT_PKEY *cpk); CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, __owur const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s,
STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *srvr); STACK_OF(SSL_CIPHER) *srvr);
__owur int ssl3_digest_cached_records(SSL *s, int keep); __owur int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep);
__owur int ssl3_new(SSL *s); __owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s); void ssl3_free(SSL *s);
__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes); __owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes);
@ -2522,34 +2596,35 @@ __owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); __owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void)); __owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
__owur int ssl3_do_change_cipher_spec(SSL *ssl); __owur int ssl3_do_change_cipher_spec(SSL_CONNECTION *s);
__owur long ssl3_default_timeout(void); __owur long ssl3_default_timeout(void);
__owur int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype); __owur int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt,
__owur int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype); int htype);
__owur int tls_setup_handshake(SSL *s); __owur int tls_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype);
__owur int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype); __owur int tls_setup_handshake(SSL_CONNECTION *s);
__owur int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype); __owur int dtls1_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype);
__owur int ssl3_handshake_write(SSL *s); __owur int dtls1_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype);
__owur int ssl3_handshake_write(SSL_CONNECTION *s);
__owur int ssl_allow_compression(SSL *s); __owur int ssl_allow_compression(SSL_CONNECTION *s);
__owur int ssl_version_supported(const SSL *s, int version, __owur int ssl_version_supported(const SSL_CONNECTION *s, int version,
const SSL_METHOD **meth); const SSL_METHOD **meth);
__owur int ssl_set_client_hello_version(SSL *s); __owur int ssl_set_client_hello_version(SSL_CONNECTION *s);
__owur int ssl_check_version_downgrade(SSL *s); __owur int ssl_check_version_downgrade(SSL_CONNECTION *s);
__owur int ssl_set_version_bound(int method_version, int version, int *bound); __owur int ssl_set_version_bound(int method_version, int version, int *bound);
__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, __owur int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello,
DOWNGRADE *dgrd); DOWNGRADE *dgrd);
__owur int ssl_choose_client_version(SSL *s, int version, __owur int ssl_choose_client_version(SSL_CONNECTION *s, int version,
RAW_EXTENSION *extensions); RAW_EXTENSION *extensions);
__owur int ssl_get_min_max_version(const SSL *s, int *min_version, __owur int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version,
int *max_version, int *real_max); int *max_version, int *real_max);
__owur long tls1_default_timeout(void); __owur long tls1_default_timeout(void);
__owur int dtls1_do_write(SSL *s, int type); __owur int dtls1_do_write(SSL_CONNECTION *s, int type);
void dtls1_set_message_header(SSL *s, void dtls1_set_message_header(SSL_CONNECTION *s,
unsigned char mt, unsigned char mt,
size_t len, size_t len,
size_t frag_off, size_t frag_len); size_t frag_off, size_t frag_len);
@ -2557,27 +2632,29 @@ void dtls1_set_message_header(SSL *s,
int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
size_t *written); size_t *written);
__owur int dtls1_read_failed(SSL *s, int code); __owur int dtls1_read_failed(SSL_CONNECTION *s, int code);
__owur int dtls1_buffer_message(SSL *s, int ccs); __owur int dtls1_buffer_message(SSL_CONNECTION *s, int ccs);
__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found); __owur int dtls1_retransmit_message(SSL_CONNECTION *s, unsigned short seq,
int *found);
__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs); __owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
int dtls1_retransmit_buffered_messages(SSL *s); int dtls1_retransmit_buffered_messages(SSL_CONNECTION *s);
void dtls1_clear_received_buffer(SSL *s); void dtls1_clear_received_buffer(SSL_CONNECTION *s);
void dtls1_clear_sent_buffer(SSL *s); void dtls1_clear_sent_buffer(SSL_CONNECTION *s);
void dtls1_get_message_header(unsigned char *data, void dtls1_get_message_header(unsigned char *data,
struct hm_header_st *msg_hdr); struct hm_header_st *msg_hdr);
__owur long dtls1_default_timeout(void); __owur long dtls1_default_timeout(void);
__owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft); __owur struct timeval *dtls1_get_timeout(SSL_CONNECTION *s,
__owur int dtls1_check_timeout_num(SSL *s); struct timeval *timeleft);
__owur int dtls1_handle_timeout(SSL *s); __owur int dtls1_check_timeout_num(SSL_CONNECTION *s);
void dtls1_start_timer(SSL *s); __owur int dtls1_handle_timeout(SSL_CONNECTION *s);
void dtls1_stop_timer(SSL *s); void dtls1_start_timer(SSL_CONNECTION *s);
__owur int dtls1_is_timer_expired(SSL *s); void dtls1_stop_timer(SSL_CONNECTION *s);
__owur int dtls1_is_timer_expired(SSL_CONNECTION *s);
__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
size_t cookie_len); size_t cookie_len);
__owur size_t dtls1_min_mtu(SSL *s); __owur size_t dtls1_min_mtu(SSL_CONNECTION *s);
void dtls1_hm_fragment_free(hm_fragment *frag); void dtls1_hm_fragment_free(hm_fragment *frag);
__owur int dtls1_query_mtu(SSL *s); __owur int dtls1_query_mtu(SSL_CONNECTION *s);
__owur int tls1_new(SSL *s); __owur int tls1_new(SSL *s);
void tls1_free(SSL *s); void tls1_free(SSL *s);
@ -2591,64 +2668,66 @@ __owur int dtls1_shutdown(SSL *s);
__owur int dtls1_dispatch_alert(SSL *s); __owur int dtls1_dispatch_alert(SSL *s);
__owur int ssl_init_wbio_buffer(SSL *s); __owur int ssl_init_wbio_buffer(SSL_CONNECTION *s);
int ssl_free_wbio_buffer(SSL *s); int ssl_free_wbio_buffer(SSL_CONNECTION *s);
__owur int tls1_change_cipher_state(SSL *s, int which); __owur int tls1_change_cipher_state(SSL_CONNECTION *s, int which);
__owur int tls1_setup_key_block(SSL *s); __owur int tls1_setup_key_block(SSL_CONNECTION *s);
__owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, __owur size_t tls1_final_finish_mac(SSL_CONNECTION *s, const char *str,
unsigned char *p); size_t slen, unsigned char *p);
__owur int tls1_generate_master_secret(SSL *s, unsigned char *out, __owur int tls1_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
unsigned char *p, size_t len, unsigned char *p, size_t len,
size_t *secret_size); size_t *secret_size);
__owur int tls13_setup_key_block(SSL *s); __owur int tls13_setup_key_block(SSL_CONNECTION *s);
__owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, __owur size_t tls13_final_finish_mac(SSL_CONNECTION *s, const char *str, size_t slen,
unsigned char *p); unsigned char *p);
__owur int tls13_change_cipher_state(SSL *s, int which); __owur int tls13_change_cipher_state(SSL_CONNECTION *s, int which);
__owur int tls13_update_key(SSL *s, int send); __owur int tls13_update_key(SSL_CONNECTION *s, int send);
__owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md, __owur int tls13_hkdf_expand(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret, const unsigned char *secret,
const unsigned char *label, size_t labellen, const unsigned char *label, size_t labellen,
const unsigned char *data, size_t datalen, const unsigned char *data, size_t datalen,
unsigned char *out, size_t outlen, int fatal); unsigned char *out, size_t outlen, int fatal);
__owur int tls13_derive_key(SSL *s, const EVP_MD *md, __owur int tls13_derive_key(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret, unsigned char *key, const unsigned char *secret, unsigned char *key,
size_t keylen); size_t keylen);
__owur int tls13_derive_iv(SSL *s, const EVP_MD *md, __owur int tls13_derive_iv(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret, unsigned char *iv, const unsigned char *secret, unsigned char *iv,
size_t ivlen); size_t ivlen);
__owur int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, __owur int tls13_derive_finishedkey(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret, const unsigned char *secret,
unsigned char *fin, size_t finlen); unsigned char *fin, size_t finlen);
int tls13_generate_secret(SSL *s, const EVP_MD *md, int tls13_generate_secret(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *prevsecret, const unsigned char *prevsecret,
const unsigned char *insecret, const unsigned char *insecret,
size_t insecretlen, size_t insecretlen,
unsigned char *outsecret); unsigned char *outsecret);
__owur int tls13_generate_handshake_secret(SSL *s, __owur int tls13_generate_handshake_secret(SSL_CONNECTION *s,
const unsigned char *insecret, const unsigned char *insecret,
size_t insecretlen); size_t insecretlen);
__owur int tls13_generate_master_secret(SSL *s, unsigned char *out, __owur int tls13_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
unsigned char *prev, size_t prevlen, unsigned char *prev, size_t prevlen,
size_t *secret_size); size_t *secret_size);
__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, __owur int tls1_export_keying_material(SSL_CONNECTION *s,
unsigned char *out, size_t olen,
const char *label, size_t llen, const char *label, size_t llen,
const unsigned char *p, size_t plen, const unsigned char *p, size_t plen,
int use_context); int use_context);
__owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, __owur int tls13_export_keying_material(SSL_CONNECTION *s,
unsigned char *out, size_t olen,
const char *label, size_t llen, const char *label, size_t llen,
const unsigned char *context, const unsigned char *context,
size_t contextlen, int use_context); size_t contextlen, int use_context);
__owur int tls13_export_keying_material_early(SSL *s, unsigned char *out, __owur int tls13_export_keying_material_early(SSL_CONNECTION *s,
size_t olen, const char *label, unsigned char *out, size_t olen,
size_t llen, const char *label, size_t llen,
const unsigned char *context, const unsigned char *context,
size_t contextlen); size_t contextlen);
__owur int tls1_alert_code(int code); __owur int tls1_alert_code(int code);
__owur int tls13_alert_code(int code); __owur int tls13_alert_code(int code);
__owur int ssl3_alert_code(int code); __owur int ssl3_alert_code(int code);
__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CONNECTION *s);
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
@ -2657,80 +2736,87 @@ __owur uint16_t ssl_group_id_tls13_to_internal(uint16_t curve_id);
__owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id); __owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id);
__owur int tls1_group_id2nid(uint16_t group_id, int include_unknown); __owur int tls1_group_id2nid(uint16_t group_id, int include_unknown);
__owur uint16_t tls1_nid2group_id(int nid); __owur uint16_t tls1_nid2group_id(int nid);
__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves); __owur int tls1_check_group_id(SSL_CONNECTION *s, uint16_t group_id,
__owur uint16_t tls1_shared_group(SSL *s, int nmatch); int check_own_curves);
__owur uint16_t tls1_shared_group(SSL_CONNECTION *s, int nmatch);
__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen, __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
int *curves, size_t ncurves); int *curves, size_t ncurves);
__owur int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, __owur int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen,
const char *str); const char *str);
__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id); __owur EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id);
__owur int tls_valid_group(SSL *s, uint16_t group_id, int minversion, __owur int tls_valid_group(SSL_CONNECTION *s, uint16_t group_id, int minversion,
int maxversion, int isec, int *okfortls13); int maxversion, int isec, int *okfortls13);
__owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id); __owur EVP_PKEY *ssl_generate_param_group(SSL_CONNECTION *s, uint16_t id);
void tls1_get_formatlist(SSL *s, const unsigned char **pformats, void tls1_get_formatlist(SSL_CONNECTION *s, const unsigned char **pformats,
size_t *num_formats); size_t *num_formats);
__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur int tls1_check_ec_tmp_key(SSL_CONNECTION *s, unsigned long id);
__owur int tls_group_allowed(SSL *s, uint16_t curve, int op); __owur int tls_group_allowed(SSL_CONNECTION *s, uint16_t curve, int op);
void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, void tls1_get_supported_groups(SSL_CONNECTION *s, const uint16_t **pgroups,
size_t *pgroupslen); size_t *pgroupslen);
__owur int tls1_set_server_sigalgs(SSL *s); __owur int tls1_set_server_sigalgs(SSL_CONNECTION *s);
__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, __owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL_CONNECTION *s,
CLIENTHELLO_MSG *hello,
SSL_SESSION **ret); SSL_SESSION **ret);
__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, __owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s,
const unsigned char *etick,
size_t eticklen, size_t eticklen,
const unsigned char *sess_id, const unsigned char *sess_id,
size_t sesslen, SSL_SESSION **psess); size_t sesslen, SSL_SESSION **psess);
__owur int tls_use_ticket(SSL *s); __owur int tls_use_ticket(SSL_CONNECTION *s);
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op); void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op);
__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
__owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, __owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
int client); int client);
__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen,
int client); int client);
int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, int tls1_check_chain(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pk,
int idx); STACK_OF(X509) *chain, int idx);
void tls1_set_cert_validity(SSL *s); void tls1_set_cert_validity(SSL_CONNECTION *s);
# ifndef OPENSSL_NO_CT # ifndef OPENSSL_NO_CT
__owur int ssl_validate_ct(SSL *s); __owur int ssl_validate_ct(SSL_CONNECTION *s);
# endif # endif
__owur EVP_PKEY *ssl_get_auto_dh(SSL *s); __owur EVP_PKEY *ssl_get_auto_dh(SSL_CONNECTION *s);
__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee); __owur int ssl_security_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, int vfy,
__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, int is_ee);
int vfy); __owur int ssl_security_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk,
X509 *ex, int vfy);
int tls_choose_sigalg(SSL *s, int fatalerrs); int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs);
__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); __owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
void ssl_clear_hash_ctx(EVP_MD_CTX **hash); void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
__owur long ssl_get_algorithm2(SSL *s); __owur long ssl_get_algorithm2(SSL_CONNECTION *s);
__owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, __owur int tls12_copy_sigalgs(SSL_CONNECTION *s, WPACKET *pkt,
const uint16_t *psig, size_t psiglen); const uint16_t *psig, size_t psiglen);
__owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen); __owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen);
__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert); __owur int tls1_save_sigalgs(SSL_CONNECTION *s, PACKET *pkt, int cert);
__owur int tls1_process_sigalgs(SSL *s); __owur int tls1_process_sigalgs(SSL_CONNECTION *s);
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); __owur int tls1_set_peer_legacy_sigalg(SSL_CONNECTION *s, const EVP_PKEY *pkey);
__owur int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, __owur int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu,
const EVP_MD **pmd); const EVP_MD **pmd);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); __owur size_t tls12_get_psigalgs(SSL_CONNECTION *s, int sent,
__owur int tls_check_sigalg_curve(const SSL *s, int curve); const uint16_t **psigs);
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey); __owur int tls_check_sigalg_curve(const SSL_CONNECTION *s, int curve);
__owur int ssl_set_client_disabled(SSL *s); __owur int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t, EVP_PKEY *pkey);
__owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde); __owur int ssl_set_client_disabled(SSL_CONNECTION *s);
__owur int ssl_cipher_disabled(const SSL_CONNECTION *s, const SSL_CIPHER *c,
int op, int echde);
__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, __owur int ssl_handshake_hash(SSL_CONNECTION *s,
size_t *hashlen); unsigned char *out, size_t outlen,
size_t *hashlen);
__owur const EVP_MD *ssl_md(SSL_CTX *ctx, int idx); __owur const EVP_MD *ssl_md(SSL_CTX *ctx, int idx);
__owur const EVP_MD *ssl_handshake_md(SSL *s); __owur const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s);
__owur const EVP_MD *ssl_prf_md(SSL *s); __owur const EVP_MD *ssl_prf_md(SSL_CONNECTION *s);
/* /*
* ssl_log_rsa_client_key_exchange logs |premaster| to the SSL_CTX associated * ssl_log_rsa_client_key_exchange logs |premaster| to the SSL_CTX associated
@ -2738,7 +2824,7 @@ __owur const EVP_MD *ssl_prf_md(SSL *s);
* failure. The entry is identified by the first 8 bytes of * failure. The entry is identified by the first 8 bytes of
* |encrypted_premaster|. * |encrypted_premaster|.
*/ */
__owur int ssl_log_rsa_client_key_exchange(SSL *ssl, __owur int ssl_log_rsa_client_key_exchange(SSL_CONNECTION *s,
const uint8_t *encrypted_premaster, const uint8_t *encrypted_premaster,
size_t encrypted_premaster_len, size_t encrypted_premaster_len,
const uint8_t *premaster, const uint8_t *premaster,
@ -2749,7 +2835,7 @@ __owur int ssl_log_rsa_client_key_exchange(SSL *ssl,
* logging is available. It returns one on success and zero on failure. It tags * logging is available. It returns one on success and zero on failure. It tags
* the entry with |label|. * the entry with |label|.
*/ */
__owur int ssl_log_secret(SSL *ssl, const char *label, __owur int ssl_log_secret(SSL_CONNECTION *s, const char *label,
const uint8_t *secret, size_t secret_len); const uint8_t *secret, size_t secret_len);
#define MASTER_SECRET_LABEL "CLIENT_RANDOM" #define MASTER_SECRET_LABEL "CLIENT_RANDOM"
@ -2763,9 +2849,10 @@ __owur int ssl_log_secret(SSL *ssl, const char *label,
# ifndef OPENSSL_NO_KTLS # ifndef OPENSSL_NO_KTLS
/* ktls.c */ /* ktls.c */
int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, int ktls_check_supported_cipher(const SSL_CONNECTION *s, const EVP_CIPHER *c,
const EVP_CIPHER_CTX *dd); const EVP_CIPHER_CTX *dd);
int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, int ktls_configure_crypto(SSL_CONNECTION *s, const EVP_CIPHER *c,
EVP_CIPHER_CTX *dd,
void *rl_sequence, ktls_crypto_info_t *crypto_info, void *rl_sequence, ktls_crypto_info_t *crypto_info,
int is_tx, unsigned char *iv, int is_tx, unsigned char *iv,
unsigned char *key, unsigned char *mac_key, unsigned char *key, unsigned char *mac_key,
@ -2784,13 +2871,13 @@ __owur int ssl3_cbc_digest_record(const EVP_MD *md,
const unsigned char *mac_secret, const unsigned char *mac_secret,
size_t mac_secret_length, char is_sslv3); size_t mac_secret_length, char is_sslv3);
__owur int srp_generate_server_master_secret(SSL *s); __owur int srp_generate_server_master_secret(SSL_CONNECTION *s);
__owur int srp_generate_client_master_secret(SSL *s); __owur int srp_generate_client_master_secret(SSL_CONNECTION *s);
__owur int srp_verify_server_param(SSL *s); __owur int srp_verify_server_param(SSL_CONNECTION *s);
/* statem/statem_srvr.c */ /* statem/statem_srvr.c */
__owur int send_certificate_request(SSL *s); __owur int send_certificate_request(SSL_CONNECTION *s);
/* statem/extensions_cust.c */ /* statem/extensions_cust.c */
@ -2800,10 +2887,11 @@ custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
void custom_ext_init(custom_ext_methods *meths); void custom_ext_init(custom_ext_methods *meths);
__owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, __owur int custom_ext_parse(SSL_CONNECTION *s, unsigned int context,
unsigned int ext_type,
const unsigned char *ext_data, size_t ext_size, const unsigned char *ext_data, size_t ext_size,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
__owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, __owur int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x,
size_t chainidx, int maxversion); size_t chainidx, int maxversion);
__owur int custom_exts_copy(custom_ext_methods *dst, __owur int custom_exts_copy(custom_ext_methods *dst,
@ -2828,14 +2916,15 @@ const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx,
int ssl_evp_md_up_ref(const EVP_MD *md); int ssl_evp_md_up_ref(const EVP_MD *md);
void ssl_evp_md_free(const EVP_MD *md); void ssl_evp_md_free(const EVP_MD *md);
int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *ciph, const EVP_CIPHER *ciph,
const EVP_MD *md); const EVP_MD *md);
void tls_engine_finish(ENGINE *e); void tls_engine_finish(ENGINE *e);
const EVP_CIPHER *tls_get_cipher_from_engine(int nid); const EVP_CIPHER *tls_get_cipher_from_engine(int nid);
const EVP_MD *tls_get_digest_from_engine(int nid); const EVP_MD *tls_get_digest_from_engine(int nid);
int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey); int tls_engine_load_ssl_client_cert(SSL_CONNECTION *s, X509 **px509,
EVP_PKEY **ppkey);
int ssl_hmac_old_new(SSL_HMAC *ret); int ssl_hmac_old_new(SSL_HMAC *ret);
void ssl_hmac_old_free(SSL_HMAC *ctx); void ssl_hmac_old_free(SSL_HMAC *ctx);
int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md); int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md);
@ -2845,13 +2934,13 @@ size_t ssl_hmac_old_size(const SSL_HMAC *ctx);
int ssl_ctx_srp_ctx_free_intern(SSL_CTX *ctx); int ssl_ctx_srp_ctx_free_intern(SSL_CTX *ctx);
int ssl_ctx_srp_ctx_init_intern(SSL_CTX *ctx); int ssl_ctx_srp_ctx_init_intern(SSL_CTX *ctx);
int ssl_srp_ctx_free_intern(SSL *s); int ssl_srp_ctx_free_intern(SSL_CONNECTION *s);
int ssl_srp_ctx_init_intern(SSL *s); int ssl_srp_ctx_init_intern(SSL_CONNECTION *s);
int ssl_srp_calc_a_param_intern(SSL *s); int ssl_srp_calc_a_param_intern(SSL_CONNECTION *s);
int ssl_srp_server_param_with_username_intern(SSL *s, int *ad); int ssl_srp_server_param_with_username_intern(SSL_CONNECTION *s, int *ad);
void ssl_session_calculate_timeout(SSL_SESSION* ss); void ssl_session_calculate_timeout(SSL_SESSION *ss);
# else /* OPENSSL_UNIT_TEST */ # else /* OPENSSL_UNIT_TEST */

62
ssl/ssl_rsa.c
View File

@ -31,18 +31,23 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
int SSL_use_certificate(SSL *ssl, X509 *x) int SSL_use_certificate(SSL *ssl, X509 *x)
{ {
int rv; int rv;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
if (x == NULL) { if (x == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0; return 0;
} }
rv = ssl_security_cert(ssl, NULL, x, 0, 1); rv = ssl_security_cert(sc, NULL, x, 0, 1);
if (rv != 1) { if (rv != 1) {
ERR_raise(ERR_LIB_SSL, rv); ERR_raise(ERR_LIB_SSL, rv);
return 0; return 0;
} }
return ssl_set_cert(ssl->cert, x); return ssl_set_cert(sc->cert, x);
} }
int SSL_use_certificate_file(SSL *ssl, const char *file, int type) int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
@ -76,9 +81,14 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
j = ERR_R_ASN1_LIB; j = ERR_R_ASN1_LIB;
cert = d2i_X509_bio(in, &x); cert = d2i_X509_bio(in, &x);
} else if (type == SSL_FILETYPE_PEM) { } else if (type == SSL_FILETYPE_PEM) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
goto end;
j = ERR_R_PEM_LIB; j = ERR_R_PEM_LIB;
cert = PEM_read_bio_X509(in, &x, ssl->default_passwd_callback, cert = PEM_read_bio_X509(in, &x, sc->default_passwd_callback,
ssl->default_passwd_callback_userdata); sc->default_passwd_callback_userdata);
} else { } else {
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE); ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
goto end; goto end;
@ -141,12 +151,16 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
{ {
int ret; int ret;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
if (pkey == NULL) { if (pkey == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0; return 0;
} }
ret = ssl_set_pkey(ssl->cert, pkey); ret = ssl_set_pkey(sc->cert, pkey);
return ret; return ret;
} }
@ -167,10 +181,15 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
goto end; goto end;
} }
if (type == SSL_FILETYPE_PEM) { if (type == SSL_FILETYPE_PEM) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
goto end;
j = ERR_R_PEM_LIB; j = ERR_R_PEM_LIB;
pkey = PEM_read_bio_PrivateKey_ex(in, NULL, pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
ssl->default_passwd_callback, sc->default_passwd_callback,
ssl->default_passwd_callback_userdata, sc->default_passwd_callback_userdata,
ssl->ctx->libctx, ssl->ctx->libctx,
ssl->ctx->propq); ssl->ctx->propq);
} else if (type == SSL_FILETYPE_ASN1) { } else if (type == SSL_FILETYPE_ASN1) {
@ -438,8 +457,13 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
passwd_callback = ctx->default_passwd_callback; passwd_callback = ctx->default_passwd_callback;
passwd_callback_userdata = ctx->default_passwd_callback_userdata; passwd_callback_userdata = ctx->default_passwd_callback_userdata;
} else { } else {
passwd_callback = ssl->default_passwd_callback; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
passwd_callback_userdata = ssl->default_passwd_callback_userdata;
if (sc == NULL)
return 0;
passwd_callback = sc->default_passwd_callback;
passwd_callback_userdata = sc->default_passwd_callback_userdata;
} }
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
@ -612,13 +636,19 @@ static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
{ {
const unsigned char *serverinfo = NULL; const unsigned char *serverinfo = NULL;
size_t serverinfo_length = 0; size_t serverinfo_length = 0;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
return -1;
}
/* We only support extensions for the first Certificate */ /* We only support extensions for the first Certificate */
if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0) if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
return 0; return 0;
/* Is there serverinfo data for the chosen server cert? */ /* Is there serverinfo data for the chosen server cert? */
if ((ssl_get_server_cert_serverinfo(s, &serverinfo, if ((ssl_get_server_cert_serverinfo(sc, &serverinfo,
&serverinfo_length)) != 0) { &serverinfo_length)) != 0) {
/* Find the relevant extension from the serverinfo */ /* Find the relevant extension from the serverinfo */
int retval = serverinfo_find_extension(serverinfo, serverinfo_length, int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
@ -890,18 +920,24 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
size_t i; size_t i;
int j; int j;
int rv; int rv;
CERT *c = ssl != NULL ? ssl->cert : ctx->cert; CERT *c;
STACK_OF(X509) *dup_chain = NULL; STACK_OF(X509) *dup_chain = NULL;
EVP_PKEY *pubkey = NULL; EVP_PKEY *pubkey = NULL;
SSL_CONNECTION *sc = NULL;
if (ctx == NULL &&
(sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL)
return 0;
c = sc != NULL ? sc->cert : ctx->cert;
/* Do all security checks before anything else */ /* Do all security checks before anything else */
rv = ssl_security_cert(ssl, ctx, x509, 0, 1); rv = ssl_security_cert(sc, ctx, x509, 0, 1);
if (rv != 1) { if (rv != 1) {
ERR_raise(ERR_LIB_SSL, rv); ERR_raise(ERR_LIB_SSL, rv);
goto out; goto out;
} }
for (j = 0; j < sk_X509_num(chain); j++) { for (j = 0; j < sk_X509_num(chain); j++) {
rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0); rv = ssl_security_cert(sc, ctx, sk_X509_value(chain, j), 0, 0);
if (rv != 1) { if (rv != 1) {
ERR_raise(ERR_LIB_SSL, rv); ERR_raise(ERR_LIB_SSL, rv);
goto out; goto out;

108
ssl/ssl_sess.c
View File

@ -88,13 +88,19 @@ void ssl_session_calculate_timeout(SSL_SESSION *ss)
SSL_SESSION *SSL_get_session(const SSL *ssl) SSL_SESSION *SSL_get_session(const SSL *ssl)
/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
{ {
return ssl->session; const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return NULL;
return sc->session;
} }
SSL_SESSION *SSL_get1_session(SSL *ssl) SSL_SESSION *SSL_get1_session(SSL *ssl)
/* variant of SSL_get_session: caller really gets something */ /* variant of SSL_get_session: caller really gets something */
{ {
SSL_SESSION *sess; SSL_SESSION *sess;
/* /*
* Need to lock this all up rather than just use CRYPTO_add so that * Need to lock this all up rather than just use CRYPTO_add so that
* somebody doesn't free ssl->session between when we check it's non-null * somebody doesn't free ssl->session between when we check it's non-null
@ -102,8 +108,8 @@ SSL_SESSION *SSL_get1_session(SSL *ssl)
*/ */
if (!CRYPTO_THREAD_read_lock(ssl->lock)) if (!CRYPTO_THREAD_read_lock(ssl->lock))
return NULL; return NULL;
sess = ssl->session; sess = SSL_get_session(ssl);
if (sess) if (sess != NULL)
SSL_SESSION_up_ref(sess); SSL_SESSION_up_ref(sess);
CRYPTO_THREAD_unlock(ssl->lock); CRYPTO_THREAD_unlock(ssl->lock);
return sess; return sess;
@ -335,10 +341,11 @@ static int def_generate_session_id(SSL *ssl, unsigned char *id,
return 0; return 0;
} }
int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss)
{ {
unsigned int tmp; unsigned int tmp;
GEN_SESSION_CB cb = def_generate_session_id; GEN_SESSION_CB cb = def_generate_session_id;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
switch (s->version) { switch (s->version) {
case SSL3_VERSION: case SSL3_VERSION:
@ -377,10 +384,10 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
} }
/* Choose which callback will set the session ID */ /* Choose which callback will set the session ID */
if (!CRYPTO_THREAD_read_lock(s->lock)) if (!CRYPTO_THREAD_read_lock(SSL_CONNECTION_GET_SSL(s)->lock))
return 0; return 0;
if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) { if (!CRYPTO_THREAD_read_lock(s->session_ctx->lock)) {
CRYPTO_THREAD_unlock(s->lock); CRYPTO_THREAD_unlock(ssl->lock);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
return 0; return 0;
@ -390,11 +397,11 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
else if (s->session_ctx->generate_session_id) else if (s->session_ctx->generate_session_id)
cb = s->session_ctx->generate_session_id; cb = s->session_ctx->generate_session_id;
CRYPTO_THREAD_unlock(s->session_ctx->lock); CRYPTO_THREAD_unlock(s->session_ctx->lock);
CRYPTO_THREAD_unlock(s->lock); CRYPTO_THREAD_unlock(ssl->lock);
/* Choose a session ID */ /* Choose a session ID */
memset(ss->session_id, 0, ss->session_id_length); memset(ss->session_id, 0, ss->session_id_length);
tmp = (int)ss->session_id_length; tmp = (int)ss->session_id_length;
if (!cb(s, ss->session_id, &tmp)) { if (!cb(ssl, ss->session_id, &tmp)) {
/* The callback failed */ /* The callback failed */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
@ -412,7 +419,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
} }
ss->session_id_length = tmp; ss->session_id_length = tmp;
/* Finally, check for a conflict */ /* Finally, check for a conflict */
if (SSL_has_matching_session_id(s, ss->session_id, if (SSL_has_matching_session_id(ssl, ss->session_id,
(unsigned int)ss->session_id_length)) { (unsigned int)ss->session_id_length)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
return 0; return 0;
@ -421,7 +428,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
return 1; return 1;
} }
int ssl_get_new_session(SSL *s, int session) int ssl_get_new_session(SSL_CONNECTION *s, int session)
{ {
/* This gets used by clients and servers. */ /* This gets used by clients and servers. */
@ -434,7 +441,7 @@ int ssl_get_new_session(SSL *s, int session)
/* If the context has a default timeout, use it */ /* If the context has a default timeout, use it */
if (s->session_ctx->session_timeout == 0) if (s->session_ctx->session_timeout == 0)
ss->timeout = SSL_get_default_timeout(s); ss->timeout = SSL_get_default_timeout(SSL_CONNECTION_GET_SSL(s));
else else
ss->timeout = s->session_ctx->session_timeout; ss->timeout = s->session_ctx->session_timeout;
ssl_session_calculate_timeout(ss); ssl_session_calculate_timeout(ss);
@ -443,7 +450,7 @@ int ssl_get_new_session(SSL *s, int session)
s->session = NULL; s->session = NULL;
if (session) { if (session) {
if (SSL_IS_TLS13(s)) { if (SSL_CONNECTION_IS_TLS13(s)) {
/* /*
* We generate the session id while constructing the * We generate the session id while constructing the
* NewSessionTicket in TLSv1.3. * NewSessionTicket in TLSv1.3.
@ -477,7 +484,8 @@ int ssl_get_new_session(SSL *s, int session)
return 1; return 1;
} }
SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
const unsigned char *sess_id,
size_t sess_id_len) size_t sess_id_len)
{ {
SSL_SESSION *ret = NULL; SSL_SESSION *ret = NULL;
@ -508,7 +516,8 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
if (ret == NULL && s->session_ctx->get_session_cb != NULL) { if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
int copy = 1; int copy = 1;
ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, &copy); ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_SSL(s),
sess_id, sess_id_len, &copy);
if (ret != NULL) { if (ret != NULL) {
ssl_tsan_counter(s->session_ctx, ssl_tsan_counter(s->session_ctx,
@ -560,7 +569,7 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
* - Both for new and resumed sessions, s->ext.ticket_expected is set to 1 * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
* if the server should issue a new session ticket (to 0 otherwise). * if the server should issue a new session ticket (to 0 otherwise).
*/ */
int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
{ {
/* This is used only by servers. */ /* This is used only by servers. */
@ -569,7 +578,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
int try_session_cache = 0; int try_session_cache = 0;
SSL_TICKET_STATUS r; SSL_TICKET_STATUS r;
if (SSL_IS_TLS13(s)) { if (SSL_CONNECTION_IS_TLS13(s)) {
/* /*
* By default we will send a new ticket. This can be overridden in the * By default we will send a new ticket. This can be overridden in the
* ticket processing. * ticket processing.
@ -664,7 +673,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
goto err; goto err;
} }
if (!SSL_IS_TLS13(s)) { if (!SSL_CONNECTION_IS_TLS13(s)) {
/* We already did this for TLS1.3 */ /* We already did this for TLS1.3 */
SSL_SESSION_free(s->session); SSL_SESSION_free(s->session);
s->session = ret; s->session = ret;
@ -678,7 +687,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
if (ret != NULL) { if (ret != NULL) {
SSL_SESSION_free(ret); SSL_SESSION_free(ret);
/* In TLSv1.3 s->session was already set to ret, so we NULL it out */ /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
if (SSL_IS_TLS13(s)) if (SSL_CONNECTION_IS_TLS13(s))
s->session = NULL; s->session = NULL;
if (!try_session_cache) { if (!try_session_cache) {
@ -859,7 +868,12 @@ int SSL_SESSION_up_ref(SSL_SESSION *ss)
int SSL_set_session(SSL *s, SSL_SESSION *session) int SSL_set_session(SSL *s, SSL_SESSION *session)
{ {
ssl_clear_bad_session(s); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
ssl_clear_bad_session(sc);
if (s->ctx->method != s->method) { if (s->ctx->method != s->method) {
if (!SSL_set_ssl_method(s, s->ctx->method)) if (!SSL_set_ssl_method(s, s->ctx->method))
return 0; return 0;
@ -867,10 +881,10 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
if (session != NULL) { if (session != NULL) {
SSL_SESSION_up_ref(session); SSL_SESSION_up_ref(session);
s->verify_result = session->verify_result; sc->verify_result = session->verify_result;
} }
SSL_SESSION_free(s->session); SSL_SESSION_free(sc->session);
s->session = session; sc->session = session;
return 1; return 1;
} }
@ -1088,42 +1102,53 @@ int SSL_set_session_secret_cb(SSL *s,
tls_session_secret_cb_fn tls_session_secret_cb, tls_session_secret_cb_fn tls_session_secret_cb,
void *arg) void *arg)
{ {
if (s == NULL) SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0; return 0;
s->ext.session_secret_cb = tls_session_secret_cb;
s->ext.session_secret_cb_arg = arg; sc->ext.session_secret_cb = tls_session_secret_cb;
sc->ext.session_secret_cb_arg = arg;
return 1; return 1;
} }
int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
void *arg) void *arg)
{ {
if (s == NULL) SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0; return 0;
s->ext.session_ticket_cb = cb;
s->ext.session_ticket_cb_arg = arg; sc->ext.session_ticket_cb = cb;
sc->ext.session_ticket_cb_arg = arg;
return 1; return 1;
} }
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
{ {
if (s->version >= TLS1_VERSION) { SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
OPENSSL_free(s->ext.session_ticket);
s->ext.session_ticket = NULL; if (sc == NULL)
s->ext.session_ticket = return 0;
if (sc->version >= TLS1_VERSION) {
OPENSSL_free(sc->ext.session_ticket);
sc->ext.session_ticket = NULL;
sc->ext.session_ticket =
OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
if (s->ext.session_ticket == NULL) { if (sc->ext.session_ticket == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
if (ext_data != NULL) { if (ext_data != NULL) {
s->ext.session_ticket->length = ext_len; sc->ext.session_ticket->length = ext_len;
s->ext.session_ticket->data = s->ext.session_ticket + 1; sc->ext.session_ticket->data = sc->ext.session_ticket + 1;
memcpy(s->ext.session_ticket->data, ext_data, ext_len); memcpy(sc->ext.session_ticket->data, ext_data, ext_len);
} else { } else {
s->ext.session_ticket->length = 0; sc->ext.session_ticket->length = 0;
s->ext.session_ticket->data = NULL; sc->ext.session_ticket->data = NULL;
} }
return 1; return 1;
@ -1180,11 +1205,12 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free); sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free);
} }
int ssl_clear_bad_session(SSL *s) int ssl_clear_bad_session(SSL_CONNECTION *s)
{ {
if ((s->session != NULL) && if ((s->session != NULL) &&
!(s->shutdown & SSL_SENT_SHUTDOWN) && !(s->shutdown & SSL_SENT_SHUTDOWN) &&
!(SSL_in_init(s) || SSL_in_before(s))) { !(SSL_in_init(SSL_CONNECTION_GET_SSL(s))
|| SSL_in_before(SSL_CONNECTION_GET_SSL(s)))) {
SSL_CTX_remove_session(s->session_ctx, s->session); SSL_CTX_remove_session(s->session_ctx, s->session);
return 1; return 1;
} else } else
@ -1293,7 +1319,7 @@ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
} }
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
SSL_SESSION *(*cb) (struct ssl_st *ssl, SSL_SESSION *(*cb) (SSL *ssl,
const unsigned char *data, const unsigned char *data,
int len, int *copy)) int len, int *copy))
{ {

8
ssl/ssl_stat.c
View File

@ -13,7 +13,9 @@
const char *SSL_state_string_long(const SSL *s) const char *SSL_state_string_long(const SSL *s)
{ {
if (ossl_statem_in_error(s)) const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL || ossl_statem_in_error(sc))
return "error"; return "error";
switch (SSL_get_state(s)) { switch (SSL_get_state(s)) {
@ -120,7 +122,9 @@ const char *SSL_state_string_long(const SSL *s)
const char *SSL_state_string(const SSL *s) const char *SSL_state_string(const SSL *s)
{ {
if (ossl_statem_in_error(s)) const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL || ossl_statem_in_error(sc))
return "SSLERR"; return "SSLERR";
switch (SSL_get_state(s)) { switch (SSL_get_state(s)) {

226
ssl/statem/extensions.c
View File

@ -18,46 +18,50 @@
#include "../ssl_local.h" #include "../ssl_local.h"
#include "statem_local.h" #include "statem_local.h"
static int final_renegotiate(SSL *s, unsigned int context, int sent); static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent);
static int init_server_name(SSL *s, unsigned int context); static int init_server_name(SSL_CONNECTION *s, unsigned int context);
static int final_server_name(SSL *s, unsigned int context, int sent); static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent);
static int final_ec_pt_formats(SSL *s, unsigned int context, int sent); static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context,
static int init_session_ticket(SSL *s, unsigned int context); int sent);
static int init_session_ticket(SSL_CONNECTION *s, unsigned int context);
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
static int init_status_request(SSL *s, unsigned int context); static int init_status_request(SSL_CONNECTION *s, unsigned int context);
#endif #endif
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
static int init_npn(SSL *s, unsigned int context); static int init_npn(SSL_CONNECTION *s, unsigned int context);
#endif #endif
static int init_alpn(SSL *s, unsigned int context); static int init_alpn(SSL_CONNECTION *s, unsigned int context);
static int final_alpn(SSL *s, unsigned int context, int sent); static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent);
static int init_sig_algs_cert(SSL *s, unsigned int context); static int init_sig_algs_cert(SSL_CONNECTION *s, unsigned int context);
static int init_sig_algs(SSL *s, unsigned int context); static int init_sig_algs(SSL_CONNECTION *s, unsigned int context);
static int init_certificate_authorities(SSL *s, unsigned int context); static int init_certificate_authorities(SSL_CONNECTION *s,
static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, unsigned int context);
static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s,
WPACKET *pkt,
unsigned int context, unsigned int context,
X509 *x, X509 *x,
size_t chainidx); size_t chainidx);
static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
static int init_srp(SSL *s, unsigned int context); static int init_srp(SSL_CONNECTION *s, unsigned int context);
#endif #endif
static int init_ec_point_formats(SSL *s, unsigned int context); static int init_ec_point_formats(SSL_CONNECTION *s, unsigned int context);
static int init_etm(SSL *s, unsigned int context); static int init_etm(SSL_CONNECTION *s, unsigned int context);
static int init_ems(SSL *s, unsigned int context); static int init_ems(SSL_CONNECTION *s, unsigned int context);
static int final_ems(SSL *s, unsigned int context, int sent); static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent);
static int init_psk_kex_modes(SSL *s, unsigned int context); static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context);
static int final_key_share(SSL *s, unsigned int context, int sent); static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent);
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
static int init_srtp(SSL *s, unsigned int context); static int init_srtp(SSL_CONNECTION *s, unsigned int context);
#endif #endif
static int final_sig_algs(SSL *s, unsigned int context, int sent); static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent);
static int final_early_data(SSL *s, unsigned int context, int sent); static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent);
static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
static int init_post_handshake_auth(SSL *s, unsigned int context); int sent);
static int final_psk(SSL *s, unsigned int context, int sent); static int init_post_handshake_auth(SSL_CONNECTION *s, unsigned int context);
static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent);
/* Structure to define a built-in extension */ /* Structure to define a built-in extension */
typedef struct extensions_definition_st { typedef struct extensions_definition_st {
@ -72,25 +76,27 @@ typedef struct extensions_definition_st {
* Initialise extension before parsing. Always called for relevant contexts * Initialise extension before parsing. Always called for relevant contexts
* even if extension not present * even if extension not present
*/ */
int (*init)(SSL *s, unsigned int context); int (*init)(SSL_CONNECTION *s, unsigned int context);
/* Parse extension sent from client to server */ /* Parse extension sent from client to server */
int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int (*parse_ctos)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
/* Parse extension send from server to client */ /* Parse extension send from server to client */
int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int (*parse_stoc)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
/* Construct extension sent from server to client */ /* Construct extension sent from server to client */
EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN (*construct_stoc)(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
/* Construct extension sent from client to server */ /* Construct extension sent from client to server */
EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN (*construct_ctos)(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
/* /*
* Finalise extension after parsing. Always called where an extensions was * Finalise extension after parsing. Always called where an extensions was
* initialised even if the extension was not present. |sent| is set to 1 if * initialised even if the extension was not present. |sent| is set to 1 if
* the extension was seen, or 0 otherwise. * the extension was seen, or 0 otherwise.
*/ */
int (*final)(SSL *s, unsigned int context, int sent); int (*final)(SSL_CONNECTION *s, unsigned int context, int sent);
} EXTENSION_DEFINITION; } EXTENSION_DEFINITION;
/* /*
@ -385,13 +391,14 @@ static const EXTENSION_DEFINITION ext_defs[] = {
}; };
/* Check whether an extension's context matches the current context */ /* Check whether an extension's context matches the current context */
static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx) static int validate_context(SSL_CONNECTION *s, unsigned int extctx,
unsigned int thisctx)
{ {
/* Check we're allowed to use this extension in this context */ /* Check we're allowed to use this extension in this context */
if ((thisctx & extctx) == 0) if ((thisctx & extctx) == 0)
return 0; return 0;
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
if ((extctx & SSL_EXT_TLS_ONLY) != 0) if ((extctx & SSL_EXT_TLS_ONLY) != 0)
return 0; return 0;
} else if ((extctx & SSL_EXT_DTLS_ONLY) != 0) { } else if ((extctx & SSL_EXT_DTLS_ONLY) != 0) {
@ -401,7 +408,8 @@ static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx)
return 1; return 1;
} }
int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts) int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx,
RAW_EXTENSION *exts)
{ {
size_t i, num_exts, builtin_num = OSSL_NELEM(ext_defs), offset; size_t i, num_exts, builtin_num = OSSL_NELEM(ext_defs), offset;
RAW_EXTENSION *thisext; RAW_EXTENSION *thisext;
@ -445,9 +453,9 @@ int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts)
* indicate the extension is not allowed. If returning 1 then |*found| is set to * indicate the extension is not allowed. If returning 1 then |*found| is set to
* the definition for the extension we found. * the definition for the extension we found.
*/ */
static int verify_extension(SSL *s, unsigned int context, unsigned int type, static int verify_extension(SSL_CONNECTION *s, unsigned int context,
custom_ext_methods *meths, RAW_EXTENSION *rawexlist, unsigned int type, custom_ext_methods *meths,
RAW_EXTENSION **found) RAW_EXTENSION *rawexlist, RAW_EXTENSION **found)
{ {
size_t i; size_t i;
size_t builtin_num = OSSL_NELEM(ext_defs); size_t builtin_num = OSSL_NELEM(ext_defs);
@ -493,7 +501,8 @@ static int verify_extension(SSL *s, unsigned int context, unsigned int type,
* the extension is relevant for the current context |thisctx| or not. Returns * the extension is relevant for the current context |thisctx| or not. Returns
* 1 if the extension is relevant for this context, and 0 otherwise * 1 if the extension is relevant for this context, and 0 otherwise
*/ */
int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx) int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx,
unsigned int thisctx)
{ {
int is_tls13; int is_tls13;
@ -504,9 +513,9 @@ int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx)
if ((thisctx & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) if ((thisctx & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)
is_tls13 = 1; is_tls13 = 1;
else else
is_tls13 = SSL_IS_TLS13(s); is_tls13 = SSL_CONNECTION_IS_TLS13(s);
if ((SSL_IS_DTLS(s) if ((SSL_CONNECTION_IS_DTLS(s)
&& (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0)
|| (s->version == SSL3_VERSION || (s->version == SSL3_VERSION
&& (extctx & SSL_EXT_SSL3_ALLOWED) == 0) && (extctx & SSL_EXT_SSL3_ALLOWED) == 0)
@ -543,7 +552,8 @@ int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx)
* found, or an internal error occurred. We only check duplicates for * found, or an internal error occurred. We only check duplicates for
* extensions that we know about. We ignore others. * extensions that we know about. We ignore others.
*/ */
int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
unsigned int context,
RAW_EXTENSION **res, size_t *len, int init) RAW_EXTENSION **res, size_t *len, int init)
{ {
PACKET extensions = *packet; PACKET extensions = *packet;
@ -631,8 +641,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
thisex->type = type; thisex->type = type;
thisex->received_order = i++; thisex->received_order = i++;
if (s->ext.debug_cb) if (s->ext.debug_cb)
s->ext.debug_cb(s, !s->server, thisex->type, s->ext.debug_cb(SSL_CONNECTION_GET_SSL(s), !s->server,
PACKET_data(&thisex->data), thisex->type, PACKET_data(&thisex->data),
PACKET_remaining(&thisex->data), PACKET_remaining(&thisex->data),
s->ext.debug_arg); s->ext.debug_arg);
} }
@ -674,11 +684,11 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
* Certificate. Returns 1 on success or 0 on failure. If an extension is not * Certificate. Returns 1 on success or 0 on failure. If an extension is not
* present this counted as success. * present this counted as success.
*/ */
int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context,
RAW_EXTENSION *exts, X509 *x, size_t chainidx) RAW_EXTENSION *exts, X509 *x, size_t chainidx)
{ {
RAW_EXTENSION *currext = &exts[idx]; RAW_EXTENSION *currext = &exts[idx];
int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int (*parser)(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx) = NULL; size_t chainidx) = NULL;
/* Skip if the extension is not present */ /* Skip if the extension is not present */
@ -724,7 +734,8 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
* working on a Certificate message then we also pass the Certificate |x| and * working on a Certificate message then we also pass the Certificate |x| and
* its position in the |chainidx|, with 0 being the first certificate. * its position in the |chainidx|, with 0 being the first certificate.
*/ */
int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, int tls_parse_all_extensions(SSL_CONNECTION *s, int context,
RAW_EXTENSION *exts, X509 *x,
size_t chainidx, int fin) size_t chainidx, int fin)
{ {
size_t i, numexts = OSSL_NELEM(ext_defs); size_t i, numexts = OSSL_NELEM(ext_defs);
@ -759,8 +770,8 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,
return 1; return 1;
} }
int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, int should_add_extension(SSL_CONNECTION *s, unsigned int extctx,
int max_version) unsigned int thisctx, int max_version)
{ {
/* Skip if not relevant for our context */ /* Skip if not relevant for our context */
if ((extctx & thisctx) == 0) if ((extctx & thisctx) == 0)
@ -770,7 +781,7 @@ int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx,
if (!extension_is_relevant(s, extctx, thisctx) if (!extension_is_relevant(s, extctx, thisctx)
|| ((extctx & SSL_EXT_TLS1_3_ONLY) != 0 || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0
&& (thisctx & SSL_EXT_CLIENT_HELLO) != 0 && (thisctx & SSL_EXT_CLIENT_HELLO) != 0
&& (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))) && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION)))
return 0; return 0;
return 1; return 1;
@ -784,7 +795,8 @@ int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx,
* 0 being the first in the chain). Returns 1 on success or 0 on failure. On a * 0 being the first in the chain). Returns 1 on success or 0 on failure. On a
* failure construction stops at the first extension to fail to construct. * failure construction stops at the first extension to fail to construct.
*/ */
int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
size_t i; size_t i;
@ -824,7 +836,8 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
} }
for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) { for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) {
EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN (*construct)(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
EXT_RETURN ret; EXT_RETURN ret;
@ -865,7 +878,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
* otherwise. These functions return 1 on success or 0 on failure. * otherwise. These functions return 1 on success or 0 on failure.
*/ */
static int final_renegotiate(SSL *s, unsigned int context, int sent) static int final_renegotiate(SSL_CONNECTION *s, unsigned int context, int sent)
{ {
if (!s->server) { if (!s->server) {
/* /*
@ -905,7 +918,7 @@ static ossl_inline void ssl_tsan_decr(const SSL_CTX *ctx,
} }
} }
static int init_server_name(SSL *s, unsigned int context) static int init_server_name(SSL_CONNECTION *s, unsigned int context)
{ {
if (s->server) { if (s->server) {
s->servername_done = 0; s->servername_done = 0;
@ -917,22 +930,24 @@ static int init_server_name(SSL *s, unsigned int context)
return 1; return 1;
} }
static int final_server_name(SSL *s, unsigned int context, int sent) static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent)
{ {
int ret = SSL_TLSEXT_ERR_NOACK; int ret = SSL_TLSEXT_ERR_NOACK;
int altmp = SSL_AD_UNRECOGNIZED_NAME; int altmp = SSL_AD_UNRECOGNIZED_NAME;
int was_ticket = (SSL_get_options(s) & SSL_OP_NO_TICKET) == 0; SSL *ssl = SSL_CONNECTION_GET_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
int was_ticket = (SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0;
if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) { if (!ossl_assert(sctx != NULL) || !ossl_assert(s->session_ctx != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
if (s->ctx->ext.servername_cb != NULL) if (sctx->ext.servername_cb != NULL)
ret = s->ctx->ext.servername_cb(s, &altmp, ret = sctx->ext.servername_cb(ssl, &altmp,
s->ctx->ext.servername_arg); sctx->ext.servername_arg);
else if (s->session_ctx->ext.servername_cb != NULL) else if (s->session_ctx->ext.servername_cb != NULL)
ret = s->session_ctx->ext.servername_cb(s, &altmp, ret = s->session_ctx->ext.servername_cb(ssl, &altmp,
s->session_ctx->ext.servername_arg); s->session_ctx->ext.servername_arg);
/* /*
@ -960,9 +975,9 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
* context, to avoid the confusing situation of having sess_accept_good * context, to avoid the confusing situation of having sess_accept_good
* exceed sess_accept (zero) for the new context. * exceed sess_accept (zero) for the new context.
*/ */
if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx if (SSL_IS_FIRST_HANDSHAKE(s) && sctx != s->session_ctx
&& s->hello_retry_request == SSL_HRR_NONE) { && s->hello_retry_request == SSL_HRR_NONE) {
ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept); ssl_tsan_counter(sctx, &sctx->stats.sess_accept);
ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept); ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept);
} }
@ -972,10 +987,10 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
* Also, if this is not a resumption, create a new session ID * Also, if this is not a resumption, create a new session ID
*/ */
if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected
&& was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) { && was_ticket && (SSL_get_options(ssl) & SSL_OP_NO_TICKET) != 0) {
s->ext.ticket_expected = 0; s->ext.ticket_expected = 0;
if (!s->hit) { if (!s->hit) {
SSL_SESSION* ss = SSL_get_session(s); SSL_SESSION* ss = SSL_get_session(ssl);
if (ss != NULL) { if (ss != NULL) {
OPENSSL_free(ss->ext.tick); OPENSSL_free(ss->ext.tick);
@ -1001,7 +1016,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
case SSL_TLSEXT_ERR_ALERT_WARNING: case SSL_TLSEXT_ERR_ALERT_WARNING:
/* TLSv1.3 doesn't have warning alerts so we suppress this */ /* TLSv1.3 doesn't have warning alerts so we suppress this */
if (!SSL_IS_TLS13(s)) if (!SSL_CONNECTION_IS_TLS13(s))
ssl3_send_alert(s, SSL3_AL_WARNING, altmp); ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
s->servername_done = 0; s->servername_done = 0;
return 1; return 1;
@ -1015,7 +1030,8 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
} }
} }
static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) static int final_ec_pt_formats(SSL_CONNECTION *s, unsigned int context,
int sent)
{ {
unsigned long alg_k, alg_a; unsigned long alg_k, alg_a;
@ -1053,7 +1069,7 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
return 1; return 1;
} }
static int init_session_ticket(SSL *s, unsigned int context) static int init_session_ticket(SSL_CONNECTION *s, unsigned int context)
{ {
if (!s->server) if (!s->server)
s->ext.ticket_expected = 0; s->ext.ticket_expected = 0;
@ -1062,7 +1078,7 @@ static int init_session_ticket(SSL *s, unsigned int context)
} }
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
static int init_status_request(SSL *s, unsigned int context) static int init_status_request(SSL_CONNECTION *s, unsigned int context)
{ {
if (s->server) { if (s->server) {
s->ext.status_type = TLSEXT_STATUSTYPE_nothing; s->ext.status_type = TLSEXT_STATUSTYPE_nothing;
@ -1081,7 +1097,7 @@ static int init_status_request(SSL *s, unsigned int context)
#endif #endif
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
static int init_npn(SSL *s, unsigned int context) static int init_npn(SSL_CONNECTION *s, unsigned int context)
{ {
s->s3.npn_seen = 0; s->s3.npn_seen = 0;
@ -1089,7 +1105,7 @@ static int init_npn(SSL *s, unsigned int context)
} }
#endif #endif
static int init_alpn(SSL *s, unsigned int context) static int init_alpn(SSL_CONNECTION *s, unsigned int context)
{ {
OPENSSL_free(s->s3.alpn_selected); OPENSSL_free(s->s3.alpn_selected);
s->s3.alpn_selected = NULL; s->s3.alpn_selected = NULL;
@ -1102,12 +1118,12 @@ static int init_alpn(SSL *s, unsigned int context)
return 1; return 1;
} }
static int final_alpn(SSL *s, unsigned int context, int sent) static int final_alpn(SSL_CONNECTION *s, unsigned int context, int sent)
{ {
if (!s->server && !sent && s->session->ext.alpn_selected != NULL) if (!s->server && !sent && s->session->ext.alpn_selected != NULL)
s->ext.early_data_ok = 0; s->ext.early_data_ok = 0;
if (!s->server || !SSL_IS_TLS13(s)) if (!s->server || !SSL_CONNECTION_IS_TLS13(s))
return 1; return 1;
/* /*
@ -1122,7 +1138,7 @@ static int final_alpn(SSL *s, unsigned int context, int sent)
return tls_handle_alpn(s); return tls_handle_alpn(s);
} }
static int init_sig_algs(SSL *s, unsigned int context) static int init_sig_algs(SSL_CONNECTION *s, unsigned int context)
{ {
/* Clear any signature algorithms extension received */ /* Clear any signature algorithms extension received */
OPENSSL_free(s->s3.tmp.peer_sigalgs); OPENSSL_free(s->s3.tmp.peer_sigalgs);
@ -1132,7 +1148,8 @@ static int init_sig_algs(SSL *s, unsigned int context)
return 1; return 1;
} }
static int init_sig_algs_cert(SSL *s, ossl_unused unsigned int context) static int init_sig_algs_cert(SSL_CONNECTION *s,
ossl_unused unsigned int context)
{ {
/* Clear any signature algorithms extension received */ /* Clear any signature algorithms extension received */
OPENSSL_free(s->s3.tmp.peer_cert_sigalgs); OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
@ -1143,7 +1160,7 @@ static int init_sig_algs_cert(SSL *s, ossl_unused unsigned int context)
} }
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
static int init_srp(SSL *s, unsigned int context) static int init_srp(SSL_CONNECTION *s, unsigned int context)
{ {
OPENSSL_free(s->srp_ctx.login); OPENSSL_free(s->srp_ctx.login);
s->srp_ctx.login = NULL; s->srp_ctx.login = NULL;
@ -1152,7 +1169,7 @@ static int init_srp(SSL *s, unsigned int context)
} }
#endif #endif
static int init_ec_point_formats(SSL *s, unsigned int context) static int init_ec_point_formats(SSL_CONNECTION *s, unsigned int context)
{ {
OPENSSL_free(s->ext.peer_ecpointformats); OPENSSL_free(s->ext.peer_ecpointformats);
s->ext.peer_ecpointformats = NULL; s->ext.peer_ecpointformats = NULL;
@ -1161,14 +1178,14 @@ static int init_ec_point_formats(SSL *s, unsigned int context)
return 1; return 1;
} }
static int init_etm(SSL *s, unsigned int context) static int init_etm(SSL_CONNECTION *s, unsigned int context)
{ {
s->ext.use_etm = 0; s->ext.use_etm = 0;
return 1; return 1;
} }
static int init_ems(SSL *s, unsigned int context) static int init_ems(SSL_CONNECTION *s, unsigned int context)
{ {
if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) { if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
@ -1178,7 +1195,7 @@ static int init_ems(SSL *s, unsigned int context)
return 1; return 1;
} }
static int final_ems(SSL *s, unsigned int context, int sent) static int final_ems(SSL_CONNECTION *s, unsigned int context, int sent)
{ {
/* /*
* Check extended master secret extension is not dropped on * Check extended master secret extension is not dropped on
@ -1204,14 +1221,15 @@ static int final_ems(SSL *s, unsigned int context, int sent)
return 1; return 1;
} }
static int init_certificate_authorities(SSL *s, unsigned int context) static int init_certificate_authorities(SSL_CONNECTION *s, unsigned int context)
{ {
sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free); sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
s->s3.tmp.peer_ca_names = NULL; s->s3.tmp.peer_ca_names = NULL;
return 1; return 1;
} }
static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, static EXT_RETURN tls_construct_certificate_authorities(SSL_CONNECTION *s,
WPACKET *pkt,
unsigned int context, unsigned int context,
X509 *x, X509 *x,
size_t chainidx) size_t chainidx)
@ -1240,7 +1258,7 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, static int tls_parse_certificate_authorities(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1254,7 +1272,7 @@ static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
} }
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
static int init_srtp(SSL *s, unsigned int context) static int init_srtp(SSL_CONNECTION *s, unsigned int context)
{ {
if (s->server) if (s->server)
s->srtp_profile = NULL; s->srtp_profile = NULL;
@ -1263,9 +1281,9 @@ static int init_srtp(SSL *s, unsigned int context)
} }
#endif #endif
static int final_sig_algs(SSL *s, unsigned int context, int sent) static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent)
{ {
if (!sent && SSL_IS_TLS13(s) && !s->hit) { if (!sent && SSL_CONNECTION_IS_TLS13(s) && !s->hit) {
SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSLfatal(s, TLS13_AD_MISSING_EXTENSION,
SSL_R_MISSING_SIGALGS_EXTENSION); SSL_R_MISSING_SIGALGS_EXTENSION);
return 0; return 0;
@ -1274,10 +1292,10 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent)
return 1; return 1;
} }
static int final_key_share(SSL *s, unsigned int context, int sent) static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent)
{ {
#if !defined(OPENSSL_NO_TLS1_3) #if !defined(OPENSSL_NO_TLS1_3)
if (!SSL_IS_TLS13(s)) if (!SSL_CONNECTION_IS_TLS13(s))
return 1; return 1;
/* Nothing to do for key_share in an HRR */ /* Nothing to do for key_share in an HRR */
@ -1434,13 +1452,14 @@ static int final_key_share(SSL *s, unsigned int context, int sent)
return 1; return 1;
} }
static int init_psk_kex_modes(SSL *s, unsigned int context) static int init_psk_kex_modes(SSL_CONNECTION *s, unsigned int context)
{ {
s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE; s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE;
return 1; return 1;
} }
int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *msgstart,
size_t binderoffset, const unsigned char *binderin, size_t binderoffset, const unsigned char *binderin,
unsigned char *binderout, SSL_SESSION *sess, int sign, unsigned char *binderout, SSL_SESSION *sess, int sign,
int external) int external)
@ -1462,6 +1481,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
int hashsizei = EVP_MD_get_size(md); int hashsizei = EVP_MD_get_size(md);
int ret = -1; int ret = -1;
int usepskfored = 0; int usepskfored = 0;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* Ensure cast to size_t is safe */ /* Ensure cast to size_t is safe */
if (!ossl_assert(hashsizei >= 0)) { if (!ossl_assert(hashsizei >= 0)) {
@ -1581,8 +1601,8 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
goto err; goto err;
} }
mackey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", mackey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC",
s->ctx->propq, finishedkey, sctx->propq, finishedkey,
hashsize); hashsize);
if (mackey == NULL) { if (mackey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -1593,8 +1613,8 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
binderout = tmpbinder; binderout = tmpbinder;
bindersize = hashsize; bindersize = hashsize;
if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), s->ctx->libctx, if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), sctx->libctx,
s->ctx->propq, mackey, NULL) <= 0 sctx->propq, mackey, NULL) <= 0
|| EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
|| EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
|| bindersize != hashsize) { || bindersize != hashsize) {
@ -1620,7 +1640,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
return ret; return ret;
} }
static int final_early_data(SSL *s, unsigned int context, int sent) static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent)
{ {
if (!sent) if (!sent)
return 1; return 1;
@ -1647,7 +1667,7 @@ static int final_early_data(SSL *s, unsigned int context, int sent)
|| !s->ext.early_data_ok || !s->ext.early_data_ok
|| s->hello_retry_request != SSL_HRR_NONE || s->hello_retry_request != SSL_HRR_NONE
|| (s->allow_early_data_cb != NULL || (s->allow_early_data_cb != NULL
&& !s->allow_early_data_cb(s, && !s->allow_early_data_cb(SSL_CONNECTION_GET_SSL(s),
s->allow_early_data_cb_data))) { s->allow_early_data_cb_data))) {
s->ext.early_data = SSL_EARLY_DATA_REJECTED; s->ext.early_data = SSL_EARLY_DATA_REJECTED;
} else { } else {
@ -1663,7 +1683,8 @@ static int final_early_data(SSL *s, unsigned int context, int sent)
return 1; return 1;
} }
static int final_maxfragmentlen(SSL *s, unsigned int context, int sent) static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
int sent)
{ {
/* /*
* Session resumption on server-side with MFL extension active * Session resumption on server-side with MFL extension active
@ -1687,7 +1708,8 @@ static int final_maxfragmentlen(SSL *s, unsigned int context, int sent)
return 1; return 1;
} }
static int init_post_handshake_auth(SSL *s, ossl_unused unsigned int context) static int init_post_handshake_auth(SSL_CONNECTION *s,
ossl_unused unsigned int context)
{ {
s->post_handshake_auth = SSL_PHA_NONE; s->post_handshake_auth = SSL_PHA_NONE;
@ -1698,7 +1720,7 @@ static int init_post_handshake_auth(SSL *s, ossl_unused unsigned int context)
* If clients offer "pre_shared_key" without a "psk_key_exchange_modes" * If clients offer "pre_shared_key" without a "psk_key_exchange_modes"
* extension, servers MUST abort the handshake. * extension, servers MUST abort the handshake.
*/ */
static int final_psk(SSL *s, unsigned int context, int sent) static int final_psk(SSL_CONNECTION *s, unsigned int context, int sent)
{ {
if (s->server && sent && s->clienthello != NULL if (s->server && sent && s->clienthello != NULL
&& !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) {

173
ssl/statem/extensions_clnt.c
View File

@ -12,7 +12,7 @@
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include "statem_local.h" #include "statem_local.h"
EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -32,7 +32,7 @@ EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -58,7 +58,7 @@ EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt,
} }
/* Push a Max Fragment Len extension into ClientHello */ /* Push a Max Fragment Len extension into ClientHello */
EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -83,7 +83,8 @@ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt,
} }
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_srp(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
/* Add SRP username if there is one */ /* Add SRP username if there is one */
@ -108,19 +109,20 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context,
} }
#endif #endif
static int use_ecc(SSL *s, int min_version, int max_version) static int use_ecc(SSL_CONNECTION *s, int min_version, int max_version)
{ {
int i, end, ret = 0; int i, end, ret = 0;
unsigned long alg_k, alg_a; unsigned long alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = NULL; STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
const uint16_t *pgroups = NULL; const uint16_t *pgroups = NULL;
size_t num_groups, j; size_t num_groups, j;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* See if we support any ECC ciphersuites */ /* See if we support any ECC ciphersuites */
if (s->version == SSL3_VERSION) if (s->version == SSL3_VERSION)
return 0; return 0;
cipher_stack = SSL_get1_supported_ciphers(s); cipher_stack = SSL_get1_supported_ciphers(ssl);
end = sk_SSL_CIPHER_num(cipher_stack); end = sk_SSL_CIPHER_num(cipher_stack);
for (i = 0; i < end; i++) { for (i = 0; i < end; i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
@ -151,7 +153,7 @@ static int use_ecc(SSL *s, int min_version, int max_version)
return 0; return 0;
} }
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -182,7 +184,7 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -201,7 +203,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
* if we don't have EC support then we don't send this extension. * if we don't have EC support then we don't send this extension.
*/ */
if (!use_ecc(s, min_version, max_version) if (!use_ecc(s, min_version, max_version)
&& (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)) && (SSL_CONNECTION_IS_DTLS(s) || max_version < TLS1_3_VERSION))
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
/* /*
@ -266,7 +268,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -307,7 +309,7 @@ EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -334,7 +336,7 @@ EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
} }
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -399,10 +401,12 @@ EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt,
#endif #endif
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (s->ctx->ext.npn_select_cb == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) if (SSL_CONNECTION_GET_CTX(s)->ext.npn_select_cb == NULL
|| !SSL_IS_FIRST_HANDSHAKE(s))
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
/* /*
@ -419,7 +423,8 @@ EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
} }
#endif #endif
EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
s->s3.alpn_sent = 0; s->s3.alpn_sent = 0;
@ -443,11 +448,12 @@ EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s); SSL *ssl = SSL_CONNECTION_GET_SSL(s);
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(ssl);
int i, end; int i, end;
if (clnt == NULL) if (clnt == NULL)
@ -484,7 +490,8 @@ EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt,
} }
#endif #endif
EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
@ -500,7 +507,8 @@ EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context,
} }
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (s->ct_validation_callback == NULL) if (s->ct_validation_callback == NULL)
@ -520,7 +528,8 @@ EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context,
} }
#endif #endif
EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET)
@ -535,7 +544,7 @@ EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -578,7 +587,7 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
/* /*
* Construct a psk_kex_modes extension. * Construct a psk_kex_modes extension.
*/ */
EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -605,7 +614,7 @@ EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt,
} }
#ifndef OPENSSL_NO_TLS1_3 #ifndef OPENSSL_NO_TLS1_3
static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) static int add_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int curve_id)
{ {
unsigned char *encoded_point = NULL; unsigned char *encoded_point = NULL;
EVP_PKEY *key_share_key = NULL; EVP_PKEY *key_share_key = NULL;
@ -661,7 +670,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
} }
#endif #endif
EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -721,7 +730,8 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
#endif #endif
} }
EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
EXT_RETURN ret = EXT_RETURN_FAIL; EXT_RETURN ret = EXT_RETURN_FAIL;
@ -749,7 +759,7 @@ EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
return ret; return ret;
} }
EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -761,12 +771,13 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
SSL_SESSION *psksess = NULL; SSL_SESSION *psksess = NULL;
SSL_SESSION *edsess = NULL; SSL_SESSION *edsess = NULL;
const EVP_MD *handmd = NULL; const EVP_MD *handmd = NULL;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->hello_retry_request == SSL_HRR_PENDING) if (s->hello_retry_request == SSL_HRR_PENDING)
handmd = ssl_handshake_md(s); handmd = ssl_handshake_md(s);
if (s->psk_use_session_cb != NULL if (s->psk_use_session_cb != NULL
&& (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess) && (!s->psk_use_session_cb(ssl, handmd, &id, &idlen, &psksess)
|| (psksess != NULL || (psksess != NULL
&& psksess->ssl_version != TLS1_3_VERSION))) { && psksess->ssl_version != TLS1_3_VERSION))) {
SSL_SESSION_free(psksess); SSL_SESSION_free(psksess);
@ -780,7 +791,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
size_t psklen = 0; size_t psklen = 0;
memset(identity, 0, sizeof(identity)); memset(identity, 0, sizeof(identity));
psklen = s->psk_client_callback(s, NULL, identity, sizeof(identity) - 1, psklen = s->psk_client_callback(ssl, NULL,
identity, sizeof(identity) - 1,
psk, sizeof(psk)); psk, sizeof(psk));
if (psklen > PSK_MAX_PSK_LEN) { if (psklen > PSK_MAX_PSK_LEN) {
@ -801,7 +813,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
* We found a PSK using an old style callback. We don't know * We found a PSK using an old style callback. We don't know
* the digest so we default to SHA256 as per the TLSv1.3 spec * the digest so we default to SHA256 as per the TLSv1.3 spec
*/ */
cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
if (cipher == NULL) { if (cipher == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
@ -918,7 +930,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
*/ */
#define PSK_PRE_BINDER_OVERHEAD (2 + 2 + 2 + 2 + 4 + 2 + 1) #define PSK_PRE_BINDER_OVERHEAD (2 + 2 + 2 + 2 + 4 + 2 + 1)
EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -946,7 +958,8 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
if (s->session->ssl_version == TLS1_3_VERSION if (s->session->ssl_version == TLS1_3_VERSION
&& s->session->ext.ticklen != 0 && s->session->ext.ticklen != 0
&& s->session->cipher != NULL) { && s->session->cipher != NULL) {
const EVP_MD *md = ssl_md(s->ctx, s->session->cipher->algorithm2); const EVP_MD *md = ssl_md(SSL_CONNECTION_GET_CTX(s),
s->session->cipher->algorithm2);
if (md != NULL) { if (md != NULL) {
/* /*
@ -987,7 +1000,8 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
/* /*
* Construct the pre_shared_key extension * Construct the pre_shared_key extension
*/ */
EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
#ifndef OPENSSL_NO_TLS1_3 #ifndef OPENSSL_NO_TLS1_3
@ -996,6 +1010,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL; unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL;
const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL; const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
int dores = 0; int dores = 0;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
s->ext.tick_identity = 0; s->ext.tick_identity = 0;
@ -1022,7 +1037,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
} }
mdres = ssl_md(s->ctx, s->session->cipher->algorithm2); mdres = ssl_md(sctx, s->session->cipher->algorithm2);
if (mdres == NULL) { if (mdres == NULL) {
/* /*
* Don't recognize this cipher so we can't use the session. * Don't recognize this cipher so we can't use the session.
@ -1095,7 +1110,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
if (s->psksession != NULL) { if (s->psksession != NULL) {
mdpsk = ssl_md(s->ctx, s->psksession->cipher->algorithm2); mdpsk = ssl_md(sctx, s->psksession->cipher->algorithm2);
if (mdpsk == NULL) { if (mdpsk == NULL) {
/* /*
* Don't recognize this cipher so we can't use the session. * Don't recognize this cipher so we can't use the session.
@ -1185,7 +1200,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
#endif #endif
} }
EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pkt,
ossl_unused unsigned int context, ossl_unused unsigned int context,
ossl_unused X509 *x, ossl_unused X509 *x,
ossl_unused size_t chainidx) ossl_unused size_t chainidx)
@ -1214,7 +1229,8 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt,
/* /*
* Parse the server's renegotiation binding and abort if it's not right * Parse the server's renegotiation binding and abort if it's not right
*/ */
int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
size_t expected_len = s->s3.previous_client_finished_len size_t expected_len = s->s3.previous_client_finished_len
@ -1268,7 +1284,8 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
} }
/* Parse the server's max fragment len extension packet */ /* Parse the server's max fragment len extension packet */
int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
unsigned int value; unsigned int value;
@ -1306,7 +1323,8 @@ int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
return 1; return 1;
} }
int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (s->ext.hostname == NULL) { if (s->ext.hostname == NULL) {
@ -1334,7 +1352,8 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
return 1; return 1;
} }
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
size_t ecpointformats_len; size_t ecpointformats_len;
@ -1373,13 +1392,16 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
return 1; return 1;
} }
int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->ext.session_ticket_cb != NULL && if (s->ext.session_ticket_cb != NULL &&
!s->ext.session_ticket_cb(s, PACKET_data(pkt), !s->ext.session_ticket_cb(ssl, PACKET_data(pkt),
PACKET_remaining(pkt), PACKET_remaining(pkt),
s->ext.session_ticket_cb_arg)) { s->ext.session_ticket_cb_arg)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION);
return 0; return 0;
} }
@ -1399,7 +1421,8 @@ int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
} }
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
@ -1415,12 +1438,12 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
return 0; return 0;
} }
if (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0) { if (!SSL_CONNECTION_IS_TLS13(s) && PACKET_remaining(pkt) > 0) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
return 0; return 0;
} }
if (SSL_IS_TLS13(s)) { if (SSL_CONNECTION_IS_TLS13(s)) {
/* We only know how to handle this if it's for the first Certificate in /* We only know how to handle this if it's for the first Certificate in
* the chain. We ignore any other responses. * the chain. We ignore any other responses.
*/ */
@ -1440,8 +1463,8 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
/* We ignore this if the server sends it in a CertificateRequest */ /* We ignore this if the server sends it in a CertificateRequest */
@ -1508,7 +1531,7 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
* elements of zero length are allowed and the set of elements must exactly * elements of zero length are allowed and the set of elements must exactly
* fill the length of the block. Returns 1 on success or 0 on failure. * fill the length of the block. Returns 1 on success or 0 on failure.
*/ */
static int ssl_next_proto_validate(SSL *s, PACKET *pkt) static int ssl_next_proto_validate(SSL_CONNECTION *s, PACKET *pkt)
{ {
PACKET tmp_protocol; PACKET tmp_protocol;
@ -1523,19 +1546,20 @@ static int ssl_next_proto_validate(SSL *s, PACKET *pkt)
return 1; return 1;
} }
int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
unsigned char *selected; unsigned char *selected;
unsigned char selected_len; unsigned char selected_len;
PACKET tmppkt; PACKET tmppkt;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* Check if we are in a renegotiation. If so ignore this extension */ /* Check if we are in a renegotiation. If so ignore this extension */
if (!SSL_IS_FIRST_HANDSHAKE(s)) if (!SSL_IS_FIRST_HANDSHAKE(s))
return 1; return 1;
/* We must have requested it. */ /* We must have requested it. */
if (s->ctx->ext.npn_select_cb == NULL) { if (sctx->ext.npn_select_cb == NULL) {
SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION); SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
return 0; return 0;
} }
@ -1546,10 +1570,10 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
} }
if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len, if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_SSL(s),
PACKET_data(pkt), &selected, &selected_len,
PACKET_remaining(pkt), PACKET_data(pkt), PACKET_remaining(pkt),
s->ctx->ext.npn_select_cb_arg) != sctx->ext.npn_select_cb_arg) !=
SSL_TLSEXT_ERR_OK) { SSL_TLSEXT_ERR_OK) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION);
return 0; return 0;
@ -1575,8 +1599,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
#endif #endif
int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
size_t len; size_t len;
@ -1640,8 +1664,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt,
size_t chainidx) unsigned int context, X509 *x, size_t chainidx)
{ {
unsigned int id, ct, mki; unsigned int id, ct, mki;
int i; int i;
@ -1664,7 +1688,7 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
/* Throw an error if the server gave us an unsolicited extension */ /* Throw an error if the server gave us an unsolicited extension */
clnt = SSL_get_srtp_profiles(s); clnt = SSL_get_srtp_profiles(SSL_CONNECTION_GET_SSL(s));
if (clnt == NULL) { if (clnt == NULL) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_NO_SRTP_PROFILES); SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_NO_SRTP_PROFILES);
return 0; return 0;
@ -1689,8 +1713,8 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
#endif #endif
int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
/* Ignore if inappropriate ciphersuite */ /* Ignore if inappropriate ciphersuite */
if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
@ -1705,8 +1729,8 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1; return 1;
} }
int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET)
return 1; return 1;
@ -1717,7 +1741,8 @@ int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1; return 1;
} }
int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
unsigned int version; unsigned int version;
@ -1748,7 +1773,8 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
return 1; return 1;
} }
int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
#ifndef OPENSSL_NO_TLS1_3 #ifndef OPENSSL_NO_TLS1_3
@ -1836,7 +1862,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
s->session->kex_group = group_id; s->session->kex_group = group_id;
} }
if ((ginf = tls1_group_id_lookup(s->ctx, group_id)) == NULL) { if ((ginf = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s),
group_id)) == NULL) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
return 0; return 0;
} }
@ -1885,8 +1912,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1; return 1;
} }
int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
PACKET cookie; PACKET cookie;
@ -1900,7 +1927,8 @@ int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1; return 1;
} }
int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) {
@ -1938,7 +1966,8 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
return 1; return 1;
} }
int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
#ifndef OPENSSL_NO_TLS1_3 #ifndef OPENSSL_NO_TLS1_3

19
ssl/statem/extensions_cust.c
View File

@ -110,7 +110,8 @@ void custom_ext_init(custom_ext_methods *exts)
} }
/* Pass received custom extension data to the application for parsing. */ /* Pass received custom extension data to the application for parsing. */
int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, int custom_ext_parse(SSL_CONNECTION *s, unsigned int context,
unsigned int ext_type,
const unsigned char *ext_data, size_t ext_size, X509 *x, const unsigned char *ext_data, size_t ext_size, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -154,11 +155,11 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
meth->ext_flags |= SSL_EXT_FLAG_RECEIVED; meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
/* If no parse function set return success */ /* If no parse function set return success */
if (!meth->parse_cb) if (meth->parse_cb == NULL)
return 1; return 1;
if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx, if (meth->parse_cb(SSL_CONNECTION_GET_SSL(s), ext_type, context, ext_data,
&al, meth->parse_arg) <= 0) { ext_size, x, chainidx, &al, meth->parse_arg) <= 0) {
SSLfatal(s, al, SSL_R_BAD_EXTENSION); SSLfatal(s, al, SSL_R_BAD_EXTENSION);
return 0; return 0;
} }
@ -170,8 +171,8 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
* Request custom extension data from the application and add to the return * Request custom extension data from the application and add to the return
* buffer. * buffer.
*/ */
int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x,
int maxversion) size_t chainidx, int maxversion)
{ {
custom_ext_methods *exts = &s->cert->custext; custom_ext_methods *exts = &s->cert->custext;
custom_ext_method *meth; custom_ext_method *meth;
@ -204,7 +205,8 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
continue; continue;
if (meth->add_cb != NULL) { if (meth->add_cb != NULL) {
int cb_retval = meth->add_cb(s, meth->ext_type, context, &out, int cb_retval = meth->add_cb(SSL_CONNECTION_GET_SSL(s),
meth->ext_type, context, &out,
&outlen, x, chainidx, &al, &outlen, x, chainidx, &al,
meth->add_arg); meth->add_arg);
@ -239,7 +241,8 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
meth->ext_flags |= SSL_EXT_FLAG_SENT; meth->ext_flags |= SSL_EXT_FLAG_SENT;
} }
if (meth->free_cb != NULL) if (meth->free_cb != NULL)
meth->free_cb(s, meth->ext_type, context, out, meth->add_arg); meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context,
out, meth->add_arg);
} }
return 1; return 1;
} }

203
ssl/statem/extensions_srvr.c
View File

@ -38,7 +38,8 @@
/* /*
* Parse the client's renegotiation binding and abort if it's not right * Parse the client's renegotiation binding and abort if it's not right
*/ */
int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
unsigned int ilen; unsigned int ilen;
@ -91,8 +92,8 @@ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
* extension. * extension.
* - On session reconnect, the servername extension may be absent. * - On session reconnect, the servername extension may be absent.
*/ */
int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt,
X509 *x, size_t chainidx) unsigned int context, X509 *x, size_t chainidx)
{ {
unsigned int servname_type; unsigned int servname_type;
PACKET sni, hostname; PACKET sni, hostname;
@ -126,7 +127,7 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
* In TLSv1.2 and below the SNI is associated with the session. In TLSv1.3 * In TLSv1.2 and below the SNI is associated with the session. In TLSv1.3
* we always use the SNI value from the handshake. * we always use the SNI value from the handshake.
*/ */
if (!s->hit || SSL_IS_TLS13(s)) { if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) {
if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) { if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) {
SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, SSL_R_BAD_EXTENSION); SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, SSL_R_BAD_EXTENSION);
return 0; return 0;
@ -163,7 +164,8 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
return 1; return 1;
} }
int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
unsigned int value; unsigned int value;
@ -200,8 +202,8 @@ int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
} }
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
PACKET srp_I; PACKET srp_I;
@ -220,7 +222,8 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
#endif #endif
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
PACKET ec_point_format_list; PACKET ec_point_format_list;
@ -243,13 +246,14 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
return 1; return 1;
} }
int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (s->ext.session_ticket_cb && if (s->ext.session_ticket_cb &&
!s->ext.session_ticket_cb(s, PACKET_data(pkt), !s->ext.session_ticket_cb(SSL_CONNECTION_GET_SSL(s),
PACKET_remaining(pkt), PACKET_data(pkt), PACKET_remaining(pkt),
s->ext.session_ticket_cb_arg)) { s->ext.session_ticket_cb_arg)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
@ -257,7 +261,7 @@ int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
return 1; return 1;
} }
int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt,
ossl_unused unsigned int context, ossl_unused unsigned int context,
ossl_unused X509 *x, ossl_unused X509 *x,
ossl_unused size_t chainidx) ossl_unused size_t chainidx)
@ -278,8 +282,8 @@ int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt,
return 1; return 1;
} }
int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt,
size_t chainidx) unsigned int context, X509 *x, size_t chainidx)
{ {
PACKET supported_sig_algs; PACKET supported_sig_algs;
@ -298,7 +302,8 @@ int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
PACKET responder_id_list, exts; PACKET responder_id_list, exts;
@ -402,8 +407,8 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
#endif #endif
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
/* /*
* We shouldn't accept this extension on a * We shouldn't accept this extension on a
@ -420,8 +425,8 @@ int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
* Save the ALPN extension in a ClientHello.|pkt| holds the contents of the ALPN * Save the ALPN extension in a ClientHello.|pkt| holds the contents of the ALPN
* extension, not including type and length. Returns: 1 on success, 0 on error. * extension, not including type and length. Returns: 1 on success, 0 on error.
*/ */
int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
PACKET protocol_list, save_protocol_list, protocol; PACKET protocol_list, save_protocol_list, protocol;
@ -457,16 +462,17 @@ int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt,
size_t chainidx) unsigned int context, X509 *x, size_t chainidx)
{ {
STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
unsigned int ct, mki_len, id; unsigned int ct, mki_len, id;
int i, srtp_pref; int i, srtp_pref;
PACKET subpkt; PACKET subpkt;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* Ignore this if we have no SRTP profiles */ /* Ignore this if we have no SRTP profiles */
if (SSL_get_srtp_profiles(s) == NULL) if (SSL_get_srtp_profiles(ssl) == NULL)
return 1; return 1;
/* Pull off the length of the cipher suite list and check it is even */ /* Pull off the length of the cipher suite list and check it is even */
@ -477,7 +483,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 0; return 0;
} }
srvr = SSL_get_srtp_profiles(s); srvr = SSL_get_srtp_profiles(ssl);
s->srtp_profile = NULL; s->srtp_profile = NULL;
/* Search all profiles for a match initially */ /* Search all profiles for a match initially */
srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr); srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
@ -524,8 +530,8 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
#endif #endif
int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))
s->ext.use_etm = 1; s->ext.use_etm = 1;
@ -537,7 +543,8 @@ int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
* Process a psk_kex_modes extension received in the ClientHello. |pkt| contains * Process a psk_kex_modes extension received in the ClientHello. |pkt| contains
* the raw PACKET data for the extension. Returns 1 on success or 0 on failure. * the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
*/ */
int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
#ifndef OPENSSL_NO_TLS1_3 #ifndef OPENSSL_NO_TLS1_3
@ -566,8 +573,8 @@ int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
* Process a key_share extension received in the ClientHello. |pkt| contains * Process a key_share extension received in the ClientHello. |pkt| contains
* the raw PACKET data for the extension. Returns 1 on success or 0 on failure. * the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
*/ */
int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt,
size_t chainidx) unsigned int context, X509 *x, size_t chainidx)
{ {
#ifndef OPENSSL_NO_TLS1_3 #ifndef OPENSSL_NO_TLS1_3
unsigned int group_id; unsigned int group_id;
@ -679,8 +686,8 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1; return 1;
} }
int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
#ifndef OPENSSL_NO_TLS1_3 #ifndef OPENSSL_NO_TLS1_3
unsigned int format, version, key_share, group_id; unsigned int format, version, key_share, group_id;
@ -693,9 +700,11 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
unsigned char hrr[MAX_HRR_SIZE]; unsigned char hrr[MAX_HRR_SIZE];
size_t rawlen, hmaclen, hrrlen, ciphlen; size_t rawlen, hmaclen, hrrlen, ciphlen;
unsigned long tm, now; unsigned long tm, now;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* Ignore any cookie if we're not set up to verify it */ /* Ignore any cookie if we're not set up to verify it */
if (s->ctx->verify_stateless_cookie_cb == NULL if (sctx->verify_stateless_cookie_cb == NULL
|| (s->s3.flags & TLS1_FLAGS_STATELESS) == 0) || (s->s3.flags & TLS1_FLAGS_STATELESS) == 0)
return 1; return 1;
@ -716,8 +725,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
/* Verify the HMAC of the cookie */ /* Verify the HMAC of the cookie */
hctx = EVP_MD_CTX_create(); hctx = EVP_MD_CTX_create();
pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", pkey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC",
s->ctx->propq, sctx->propq,
s->session_ctx->ext.cookie_hmac_key, s->session_ctx->ext.cookie_hmac_key,
sizeof(s->session_ctx->ext.cookie_hmac_key)); sizeof(s->session_ctx->ext.cookie_hmac_key));
if (hctx == NULL || pkey == NULL) { if (hctx == NULL || pkey == NULL) {
@ -728,8 +737,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
hmaclen = SHA256_DIGEST_LENGTH; hmaclen = SHA256_DIGEST_LENGTH;
if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", sctx->libctx,
s->ctx->propq, pkey, NULL) <= 0 sctx->propq, pkey, NULL) <= 0
|| EVP_DigestSign(hctx, hmac, &hmaclen, data, || EVP_DigestSign(hctx, hmac, &hmaclen, data,
rawlen - SHA256_DIGEST_LENGTH) <= 0 rawlen - SHA256_DIGEST_LENGTH) <= 0
|| hmaclen != SHA256_DIGEST_LENGTH) { || hmaclen != SHA256_DIGEST_LENGTH) {
@ -809,8 +818,9 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
/* Verify the app cookie */ /* Verify the app cookie */
if (s->ctx->verify_stateless_cookie_cb(s, PACKET_data(&appcookie), if (sctx->verify_stateless_cookie_cb(ssl,
PACKET_remaining(&appcookie)) == 0) { PACKET_data(&appcookie),
PACKET_remaining(&appcookie)) == 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH); SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH);
return 0; return 0;
} }
@ -830,8 +840,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|| !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE) || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE)
|| !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id,
s->tmp_session_id_len) s->tmp_session_id_len)
|| !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt, || !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, &hrrpkt,
&ciphlen) &ciphlen)
|| !WPACKET_put_bytes_u8(&hrrpkt, 0) || !WPACKET_put_bytes_u8(&hrrpkt, 0)
|| !WPACKET_start_sub_packet_u16(&hrrpkt)) { || !WPACKET_start_sub_packet_u16(&hrrpkt)) {
WPACKET_cleanup(&hrrpkt); WPACKET_cleanup(&hrrpkt);
@ -886,7 +896,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1; return 1;
} }
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
PACKET supported_groups_list; PACKET supported_groups_list;
@ -899,7 +910,7 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
return 0; return 0;
} }
if (!s->hit || SSL_IS_TLS13(s)) { if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) {
OPENSSL_free(s->ext.peer_supportedgroups); OPENSSL_free(s->ext.peer_supportedgroups);
s->ext.peer_supportedgroups = NULL; s->ext.peer_supportedgroups = NULL;
s->ext.peer_supportedgroups_len = 0; s->ext.peer_supportedgroups_len = 0;
@ -914,8 +925,8 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
return 1; return 1;
} }
int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
/* The extension must always be empty */ /* The extension must always be empty */
if (PACKET_remaining(pkt) != 0) { if (PACKET_remaining(pkt) != 0) {
@ -932,7 +943,7 @@ int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (PACKET_remaining(pkt) != 0) { if (PACKET_remaining(pkt) != 0) {
@ -948,7 +959,7 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
return 1; return 1;
} }
static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL_CONNECTION *s, PACKET *tick,
SSL_SESSION **sess) SSL_SESSION **sess)
{ {
SSL_SESSION *tmpsess = NULL; SSL_SESSION *tmpsess = NULL;
@ -976,14 +987,16 @@ static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
return SSL_TICKET_SUCCESS; return SSL_TICKET_SUCCESS;
} }
int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx) X509 *x, size_t chainidx)
{ {
PACKET identities, binders, binder; PACKET identities, binders, binder;
size_t binderoffset, hashsize; size_t binderoffset, hashsize;
SSL_SESSION *sess = NULL; SSL_SESSION *sess = NULL;
unsigned int id, i, ext = 0; unsigned int id, i, ext = 0;
const EVP_MD *md = NULL; const EVP_MD *md = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* /*
* If we have no PSK kex mode that we recognise then we can't resume so * If we have no PSK kex mode that we recognise then we can't resume so
@ -1012,7 +1025,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
idlen = PACKET_remaining(&identity); idlen = PACKET_remaining(&identity);
if (s->psk_find_session_cb != NULL if (s->psk_find_session_cb != NULL
&& !s->psk_find_session_cb(s, PACKET_data(&identity), idlen, && !s->psk_find_session_cb(ssl, PACKET_data(&identity), idlen,
&sess)) { &sess)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION);
return 0; return 0;
@ -1030,7 +1043,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
pskdatalen = s->psk_server_callback(s, pskid, pskdata, pskdatalen = s->psk_server_callback(ssl, pskid, pskdata,
sizeof(pskdata)); sizeof(pskdata));
OPENSSL_free(pskid); OPENSSL_free(pskid);
if (pskdatalen > PSK_MAX_PSK_LEN) { if (pskdatalen > PSK_MAX_PSK_LEN) {
@ -1044,7 +1057,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
* We found a PSK using an old style callback. We don't know * We found a PSK using an old style callback. We don't know
* the digest so we default to SHA256 as per the TLSv1.3 spec * the digest so we default to SHA256 as per the TLSv1.3 spec
*/ */
cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
if (cipher == NULL) { if (cipher == NULL) {
OPENSSL_cleanse(pskdata, pskdatalen); OPENSSL_cleanse(pskdata, pskdatalen);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -1155,13 +1168,13 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
} }
} }
md = ssl_md(s->ctx, sess->cipher->algorithm2); md = ssl_md(sctx, sess->cipher->algorithm2);
if (md == NULL) { if (md == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
if (!EVP_MD_is_a(md, if (!EVP_MD_is_a(md,
EVP_MD_get0_name(ssl_md(s->ctx, EVP_MD_get0_name(ssl_md(sctx,
s->s3.tmp.new_cipher->algorithm2)))) { s->s3.tmp.new_cipher->algorithm2)))) {
/* The ciphersuite is not compatible with this session. */ /* The ciphersuite is not compatible with this session. */
SSL_SESSION_free(sess); SSL_SESSION_free(sess);
@ -1212,7 +1225,7 @@ err:
return 0; return 0;
} }
int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *s, PACKET *pkt,
ossl_unused unsigned int context, ossl_unused unsigned int context,
ossl_unused X509 *x, ossl_unused X509 *x,
ossl_unused size_t chainidx) ossl_unused size_t chainidx)
@ -1231,7 +1244,7 @@ int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt,
/* /*
* Add the server's renegotiation binding * Add the server's renegotiation binding
*/ */
EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1255,7 +1268,7 @@ EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1266,7 +1279,7 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
* Prior to TLSv1.3 we ignore any SNI in the current handshake if resuming. * Prior to TLSv1.3 we ignore any SNI in the current handshake if resuming.
* We just use the servername from the initial handshake. * We just use the servername from the initial handshake.
*/ */
if (s->hit && !SSL_IS_TLS13(s)) if (s->hit && !SSL_CONNECTION_IS_TLS13(s))
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
@ -1279,7 +1292,7 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
} }
/* Add/include the server's max fragment len extension into ServerHello */ /* Add/include the server's max fragment len extension into ServerHello */
EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1301,7 +1314,7 @@ EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1327,7 +1340,7 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1347,7 +1360,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
} }
/* Copy group ID if supported */ /* Copy group ID if supported */
version = SSL_version(s); version = SSL_version(SSL_CONNECTION_GET_SSL(s));
for (i = 0; i < numgroups; i++) { for (i = 0; i < numgroups; i++) {
uint16_t group = groups[i]; uint16_t group = groups[i];
@ -1387,7 +1400,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1406,7 +1419,7 @@ EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
} }
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1417,7 +1430,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
if (!s->ext.status_expected) if (!s->ext.status_expected)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
if (SSL_IS_TLS13(s) && chainidx != 0) if (SSL_CONNECTION_IS_TLS13(s) && chainidx != 0)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
@ -1431,7 +1444,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
* send back an empty extension, with the certificate status appearing as a * send back an empty extension, with the certificate status appearing as a
* separate message * separate message
*/ */
if (SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) { if (SSL_CONNECTION_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
} }
@ -1445,7 +1458,7 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
#endif #endif
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1453,13 +1466,14 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
unsigned int npalen; unsigned int npalen;
int ret; int ret;
int npn_seen = s->s3.npn_seen; int npn_seen = s->s3.npn_seen;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
s->s3.npn_seen = 0; s->s3.npn_seen = 0;
if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL) if (!npn_seen || sctx->ext.npn_advertised_cb == NULL)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen, ret = sctx->ext.npn_advertised_cb(SSL_CONNECTION_GET_SSL(s), &npa, &npalen,
s->ctx->ext.npn_advertised_cb_arg); sctx->ext.npn_advertised_cb_arg);
if (ret == SSL_TLSEXT_ERR_OK) { if (ret == SSL_TLSEXT_ERR_OK) {
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
|| !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) {
@ -1473,7 +1487,7 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
} }
#endif #endif
EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (s->s3.alpn_selected == NULL) if (s->s3.alpn_selected == NULL)
@ -1495,7 +1509,7 @@ EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
} }
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1516,7 +1530,8 @@ EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt,
} }
#endif #endif
EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (!s->ext.use_etm) if (!s->ext.use_etm)
@ -1545,7 +1560,8 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
@ -1560,11 +1576,11 @@ EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
if (!ossl_assert(SSL_IS_TLS13(s))) { if (!ossl_assert(SSL_CONNECTION_IS_TLS13(s))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
} }
@ -1580,7 +1596,7 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1630,7 +1646,8 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
} }
if ((ginf = tls1_group_id_lookup(s->ctx, s->s3.group_id)) == NULL) { if ((ginf = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s),
s->s3.group_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
} }
@ -1713,7 +1730,8 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
#endif #endif
} }
EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
#ifndef OPENSSL_NO_TLS1_3 #ifndef OPENSSL_NO_TLS1_3
@ -1723,11 +1741,13 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
EVP_MD_CTX *hctx; EVP_MD_CTX *hctx;
EVP_PKEY *pkey; EVP_PKEY *pkey;
int ret = EXT_RETURN_FAIL; int ret = EXT_RETURN_FAIL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0) if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
if (s->ctx->gen_stateless_cookie_cb == NULL) { if (sctx->gen_stateless_cookie_cb == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_COOKIE_CALLBACK_SET); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_COOKIE_CALLBACK_SET);
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
} }
@ -1740,8 +1760,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
|| !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION)
|| !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
|| !WPACKET_put_bytes_u16(pkt, s->s3.group_id) || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)
|| !s->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt, || !ssl->method->put_cipher_by_char(s->s3.tmp.new_cipher, pkt,
&ciphlen) &ciphlen)
/* Is there a key_share extension present in this HRR? */ /* Is there a key_share extension present in this HRR? */
|| !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL)
|| !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL)) || !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL))
@ -1772,7 +1792,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
} }
/* Generate the application cookie */ /* Generate the application cookie */
if (s->ctx->gen_stateless_cookie_cb(s, appcookie1, &appcookielen) == 0) { if (sctx->gen_stateless_cookie_cb(ssl, appcookie1,
&appcookielen) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
return EXT_RETURN_FAIL; return EXT_RETURN_FAIL;
} }
@ -1795,8 +1816,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
/* HMAC the cookie */ /* HMAC the cookie */
hctx = EVP_MD_CTX_create(); hctx = EVP_MD_CTX_create();
pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", pkey = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC",
s->ctx->propq, sctx->propq,
s->session_ctx->ext.cookie_hmac_key, s->session_ctx->ext.cookie_hmac_key,
sizeof(s->session_ctx->ext.cookie_hmac_key)); sizeof(s->session_ctx->ext.cookie_hmac_key));
if (hctx == NULL || pkey == NULL) { if (hctx == NULL || pkey == NULL) {
@ -1804,8 +1825,8 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
goto err; goto err;
} }
if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx, if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", sctx->libctx,
s->ctx->propq, pkey, NULL) <= 0 sctx->propq, pkey, NULL) <= 0
|| EVP_DigestSign(hctx, hmac, &hmaclen, cookie, || EVP_DigestSign(hctx, hmac, &hmaclen, cookie,
totcookielen) <= 0) { totcookielen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -1837,7 +1858,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
#endif #endif
} }
EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1852,7 +1873,8 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
if (((s->s3.tmp.new_cipher->id & 0xFFFF) != 0x80 if (((s->s3.tmp.new_cipher->id & 0xFFFF) != 0x80
&& (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81) && (s->s3.tmp.new_cipher->id & 0xFFFF) != 0x81)
|| (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) || (SSL_get_options(SSL_CONNECTION_GET_SSL(s))
& SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0)
return EXT_RETURN_NOT_SENT; return EXT_RETURN_NOT_SENT;
if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) { if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) {
@ -1863,7 +1885,7 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
@ -1895,7 +1917,8 @@ EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx) X509 *x, size_t chainidx)
{ {
if (!s->hit) if (!s->hit)

179
ssl/statem/statem.c
View File

@ -62,29 +62,49 @@ typedef enum {
SUB_STATE_END_HANDSHAKE SUB_STATE_END_HANDSHAKE
} SUB_STATE_RETURN; } SUB_STATE_RETURN;
static int state_machine(SSL *s, int server); static int state_machine(SSL_CONNECTION *s, int server);
static void init_read_state_machine(SSL *s); static void init_read_state_machine(SSL_CONNECTION *s);
static SUB_STATE_RETURN read_state_machine(SSL *s); static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s);
static void init_write_state_machine(SSL *s); static void init_write_state_machine(SSL_CONNECTION *s);
static SUB_STATE_RETURN write_state_machine(SSL *s); static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s);
OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
{ {
return ssl->statem.hand_state; const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(ssl);
if (sc == NULL)
return TLS_ST_BEFORE;
return sc->statem.hand_state;
} }
int SSL_in_init(const SSL *s) int SSL_in_init(const SSL *s)
{ {
return s->statem.in_init; const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return 0;
return sc->statem.in_init;
} }
int SSL_is_init_finished(const SSL *s) int SSL_is_init_finished(const SSL *s)
{ {
return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK); const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return 0;
return !(sc->statem.in_init) && (sc->statem.hand_state == TLS_ST_OK);
} }
int SSL_in_before(const SSL *s) int SSL_in_before(const SSL *s)
{ {
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return 0;
/* /*
* Historically being "in before" meant before anything had happened. In the * Historically being "in before" meant before anything had happened. In the
* current code though we remain in the "before" state for a while after we * current code though we remain in the "before" state for a while after we
@ -92,14 +112,14 @@ int SSL_in_before(const SSL *s)
* first message to arrive). There "in before" is taken to mean "in before" * first message to arrive). There "in before" is taken to mean "in before"
* and not started any handshake process yet. * and not started any handshake process yet.
*/ */
return (s->statem.hand_state == TLS_ST_BEFORE) return (sc->statem.hand_state == TLS_ST_BEFORE)
&& (s->statem.state == MSG_FLOW_UNINITED); && (sc->statem.state == MSG_FLOW_UNINITED);
} }
/* /*
* Clear the state machine state and reset back to MSG_FLOW_UNINITED * Clear the state machine state and reset back to MSG_FLOW_UNINITED
*/ */
void ossl_statem_clear(SSL *s) void ossl_statem_clear(SSL_CONNECTION *s)
{ {
s->statem.state = MSG_FLOW_UNINITED; s->statem.state = MSG_FLOW_UNINITED;
s->statem.hand_state = TLS_ST_BEFORE; s->statem.hand_state = TLS_ST_BEFORE;
@ -110,13 +130,13 @@ void ossl_statem_clear(SSL *s)
/* /*
* Set the state machine up ready for a renegotiation handshake * Set the state machine up ready for a renegotiation handshake
*/ */
void ossl_statem_set_renegotiate(SSL *s) void ossl_statem_set_renegotiate(SSL_CONNECTION *s)
{ {
s->statem.in_init = 1; s->statem.in_init = 1;
s->statem.request_state = TLS_ST_SW_HELLO_REQ; s->statem.request_state = TLS_ST_SW_HELLO_REQ;
} }
void ossl_statem_send_fatal(SSL *s, int al) void ossl_statem_send_fatal(SSL_CONNECTION *s, int al)
{ {
/* We shouldn't call SSLfatal() twice. Once is enough */ /* We shouldn't call SSLfatal() twice. Once is enough */
if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
@ -134,7 +154,8 @@ void ossl_statem_send_fatal(SSL *s, int al)
* into an error state and sends an alert if appropriate. * into an error state and sends an alert if appropriate.
* This is a permanent error for the current connection. * This is a permanent error for the current connection.
*/ */
void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...) void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason,
const char *fmt, ...)
{ {
va_list args; va_list args;
@ -164,7 +185,7 @@ void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
* 1: Yes * 1: Yes
* 0: No * 0: No
*/ */
int ossl_statem_in_error(const SSL *s) int ossl_statem_in_error(const SSL_CONNECTION *s)
{ {
if (s->statem.state == MSG_FLOW_ERROR) if (s->statem.state == MSG_FLOW_ERROR)
return 1; return 1;
@ -172,17 +193,17 @@ int ossl_statem_in_error(const SSL *s)
return 0; return 0;
} }
void ossl_statem_set_in_init(SSL *s, int init) void ossl_statem_set_in_init(SSL_CONNECTION *s, int init)
{ {
s->statem.in_init = init; s->statem.in_init = init;
} }
int ossl_statem_get_in_handshake(SSL *s) int ossl_statem_get_in_handshake(SSL_CONNECTION *s)
{ {
return s->statem.in_handshake; return s->statem.in_handshake;
} }
void ossl_statem_set_in_handshake(SSL *s, int inhand) void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand)
{ {
if (inhand) if (inhand)
s->statem.in_handshake++; s->statem.in_handshake++;
@ -191,7 +212,7 @@ void ossl_statem_set_in_handshake(SSL *s, int inhand)
} }
/* Are we in a sensible state to skip over unreadable early data? */ /* Are we in a sensible state to skip over unreadable early data? */
int ossl_statem_skip_early_data(SSL *s) int ossl_statem_skip_early_data(SSL_CONNECTION *s)
{ {
if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
return 0; return 0;
@ -212,7 +233,7 @@ int ossl_statem_skip_early_data(SSL *s)
* attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake() * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake()
* or similar. * or similar.
*/ */
void ossl_statem_check_finish_init(SSL *s, int sending) void ossl_statem_check_finish_init(SSL_CONNECTION *s, int sending)
{ {
if (sending == -1) { if (sending == -1) {
if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
@ -246,7 +267,7 @@ void ossl_statem_check_finish_init(SSL *s, int sending)
} }
} }
void ossl_statem_set_hello_verify_done(SSL *s) void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s)
{ {
s->statem.state = MSG_FLOW_UNINITED; s->statem.state = MSG_FLOW_UNINITED;
s->statem.in_init = 1; s->statem.in_init = 1;
@ -262,22 +283,34 @@ void ossl_statem_set_hello_verify_done(SSL *s)
int ossl_statem_connect(SSL *s) int ossl_statem_connect(SSL *s)
{ {
return state_machine(s, 0); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return -1;
return state_machine(sc, 0);
} }
int ossl_statem_accept(SSL *s) int ossl_statem_accept(SSL *s)
{ {
return state_machine(s, 1); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return -1;
return state_machine(sc, 1);
} }
typedef void (*info_cb) (const SSL *, int, int); typedef void (*info_cb) (const SSL *, int, int);
static info_cb get_callback(SSL *s) static info_cb get_callback(SSL_CONNECTION *s)
{ {
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (s->info_callback != NULL) if (s->info_callback != NULL)
return s->info_callback; return s->info_callback;
else if (s->ctx->info_callback != NULL) else if (sctx->info_callback != NULL)
return s->ctx->info_callback; return sctx->info_callback;
return NULL; return NULL;
} }
@ -310,13 +343,14 @@ static info_cb get_callback(SSL *s)
* 1: Success * 1: Success
* <=0: NBIO or error * <=0: NBIO or error
*/ */
static int state_machine(SSL *s, int server) static int state_machine(SSL_CONNECTION *s, int server)
{ {
BUF_MEM *buf = NULL; BUF_MEM *buf = NULL;
void (*cb) (const SSL *ssl, int type, int val) = NULL; void (*cb) (const SSL *ssl, int type, int val) = NULL;
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
int ret = -1; int ret = -1;
int ssret; int ssret;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (st->state == MSG_FLOW_ERROR) { if (st->state == MSG_FLOW_ERROR) {
/* Shouldn't have been called if we're already in the error state */ /* Shouldn't have been called if we're already in the error state */
@ -329,21 +363,21 @@ static int state_machine(SSL *s, int server)
cb = get_callback(s); cb = get_callback(s);
st->in_handshake++; st->in_handshake++;
if (!SSL_in_init(s) || SSL_in_before(s)) { if (!SSL_in_init(ssl) || SSL_in_before(ssl)) {
/* /*
* If we are stateless then we already called SSL_clear() - don't do * If we are stateless then we already called SSL_clear() - don't do
* it again and clear the STATELESS flag itself. * it again and clear the STATELESS flag itself.
*/ */
if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s)) if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(ssl))
return -1; return -1;
} }
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { if (SSL_CONNECTION_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(ssl))) {
/* /*
* Notify SCTP BIO socket to enter handshake mode and prevent stream * Notify SCTP BIO socket to enter handshake mode and prevent stream
* identifier other than 0. * identifier other than 0.
*/ */
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL); st->in_handshake, NULL);
} }
#endif #endif
@ -358,8 +392,8 @@ static int state_machine(SSL *s, int server)
s->server = server; s->server = server;
if (cb != NULL) { if (cb != NULL) {
if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_IS_TLS13(s)) if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_CONNECTION_IS_TLS13(s))
cb(s, SSL_CB_HANDSHAKE_START, 1); cb(ssl, SSL_CB_HANDSHAKE_START, 1);
} }
/* /*
@ -368,7 +402,7 @@ static int state_machine(SSL *s, int server)
* doomed to failure. * doomed to failure.
*/ */
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
(server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) {
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
@ -415,14 +449,14 @@ static int state_machine(SSL *s, int server)
* SCTP * SCTP
*/ */
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s))) if (!SSL_CONNECTION_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(ssl)))
#endif #endif
if (!ssl_init_wbio_buffer(s)) { if (!ssl_init_wbio_buffer(s)) {
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
goto end; goto end;
} }
if ((SSL_in_before(s)) if ((SSL_in_before(ssl))
|| s->renegotiate) { || s->renegotiate) {
if (!tls_setup_handshake(s)) { if (!tls_setup_handshake(s)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
@ -472,12 +506,12 @@ static int state_machine(SSL *s, int server)
st->in_handshake--; st->in_handshake--;
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { if (SSL_CONNECTION_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(ssl))) {
/* /*
* Notify SCTP BIO socket to leave handshake mode and allow stream * Notify SCTP BIO socket to leave handshake mode and allow stream
* identifier other than 0. * identifier other than 0.
*/ */
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL); st->in_handshake, NULL);
} }
#endif #endif
@ -485,9 +519,9 @@ static int state_machine(SSL *s, int server)
BUF_MEM_free(buf); BUF_MEM_free(buf);
if (cb != NULL) { if (cb != NULL) {
if (server) if (server)
cb(s, SSL_CB_ACCEPT_EXIT, ret); cb(ssl, SSL_CB_ACCEPT_EXIT, ret);
else else
cb(s, SSL_CB_CONNECT_EXIT, ret); cb(ssl, SSL_CB_CONNECT_EXIT, ret);
} }
return ret; return ret;
} }
@ -495,14 +529,14 @@ static int state_machine(SSL *s, int server)
/* /*
* Initialise the MSG_FLOW_READING sub-state machine * Initialise the MSG_FLOW_READING sub-state machine
*/ */
static void init_read_state_machine(SSL *s) static void init_read_state_machine(SSL_CONNECTION *s)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
st->read_state = READ_STATE_HEADER; st->read_state = READ_STATE_HEADER;
} }
static int grow_init_buf(SSL *s, size_t size) { static int grow_init_buf(SSL_CONNECTION *s, size_t size) {
size_t msg_offset = (char *)s->init_msg - s->init_buf->data; size_t msg_offset = (char *)s->init_msg - s->init_buf->data;
@ -543,17 +577,18 @@ static int grow_init_buf(SSL *s, size_t size) {
* control returns to the calling application. When this function is recalled we * control returns to the calling application. When this function is recalled we
* will resume in the same state where we left off. * will resume in the same state where we left off.
*/ */
static SUB_STATE_RETURN read_state_machine(SSL *s) static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
int ret, mt; int ret, mt;
size_t len = 0; size_t len = 0;
int (*transition) (SSL *s, int mt); int (*transition) (SSL_CONNECTION *s, int mt);
PACKET pkt; PACKET pkt;
MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt); MSG_PROCESS_RETURN(*process_message) (SSL_CONNECTION *s, PACKET *pkt);
WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst); WORK_STATE(*post_process_message) (SSL_CONNECTION *s, WORK_STATE wst);
size_t (*max_message_size) (SSL *s); size_t (*max_message_size) (SSL_CONNECTION *s);
void (*cb) (const SSL *ssl, int type, int val) = NULL; void (*cb) (const SSL *ssl, int type, int val) = NULL;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
cb = get_callback(s); cb = get_callback(s);
@ -578,7 +613,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
switch (st->read_state) { switch (st->read_state) {
case READ_STATE_HEADER: case READ_STATE_HEADER:
/* Get the state the peer wants to move to */ /* Get the state the peer wants to move to */
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
/* /*
* In DTLS we get the whole message in one go - header and body * In DTLS we get the whole message in one go - header and body
*/ */
@ -595,9 +630,9 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
if (cb != NULL) { if (cb != NULL) {
/* Notify callback of an impending state change */ /* Notify callback of an impending state change */
if (s->server) if (s->server)
cb(s, SSL_CB_ACCEPT_LOOP, 1); cb(ssl, SSL_CB_ACCEPT_LOOP, 1);
else else
cb(s, SSL_CB_CONNECT_LOOP, 1); cb(ssl, SSL_CB_CONNECT_LOOP, 1);
} }
/* /*
* Validate that we are allowed to move to the new state and move * Validate that we are allowed to move to the new state and move
@ -613,7 +648,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
} }
/* dtls_get_message already did this */ /* dtls_get_message already did this */
if (!SSL_IS_DTLS(s) if (!SSL_CONNECTION_IS_DTLS(s)
&& s->s3.tmp.message_size > 0 && s->s3.tmp.message_size > 0
&& !grow_init_buf(s, s->s3.tmp.message_size && !grow_init_buf(s, s->s3.tmp.message_size
+ SSL3_HM_HEADER_LENGTH)) { + SSL3_HM_HEADER_LENGTH)) {
@ -625,7 +660,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
/* Fall through */ /* Fall through */
case READ_STATE_BODY: case READ_STATE_BODY:
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
/* /*
* Actually we already have the body, but we give DTLS the * Actually we already have the body, but we give DTLS the
* opportunity to do any further processing. * opportunity to do any further processing.
@ -655,7 +690,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
return SUB_STATE_ERROR; return SUB_STATE_ERROR;
case MSG_PROCESS_FINISHED_READING: case MSG_PROCESS_FINISHED_READING:
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
dtls1_stop_timer(s); dtls1_stop_timer(s);
} }
return SUB_STATE_FINISHED; return SUB_STATE_FINISHED;
@ -687,7 +722,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
break; break;
case WORK_FINISHED_STOP: case WORK_FINISHED_STOP:
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
dtls1_stop_timer(s); dtls1_stop_timer(s);
} }
return SUB_STATE_FINISHED; return SUB_STATE_FINISHED;
@ -705,13 +740,13 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
/* /*
* Send a previously constructed message to the peer. * Send a previously constructed message to the peer.
*/ */
static int statem_do_write(SSL *s) static int statem_do_write(SSL_CONNECTION *s)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
if (st->hand_state == TLS_ST_CW_CHANGE if (st->hand_state == TLS_ST_CW_CHANGE
|| st->hand_state == TLS_ST_SW_CHANGE) { || st->hand_state == TLS_ST_SW_CHANGE) {
if (SSL_IS_DTLS(s)) if (SSL_CONNECTION_IS_DTLS(s))
return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
else else
return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
@ -723,7 +758,7 @@ static int statem_do_write(SSL *s)
/* /*
* Initialise the MSG_FLOW_WRITING sub-state machine * Initialise the MSG_FLOW_WRITING sub-state machine
*/ */
static void init_write_state_machine(SSL *s) static void init_write_state_machine(SSL_CONNECTION *s)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
@ -761,20 +796,22 @@ static void init_write_state_machine(SSL *s)
* message has been completed. As for WRITE_STATE_PRE_WORK this could also * message has been completed. As for WRITE_STATE_PRE_WORK this could also
* result in an NBIO event. * result in an NBIO event.
*/ */
static SUB_STATE_RETURN write_state_machine(SSL *s) static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
int ret; int ret;
WRITE_TRAN(*transition) (SSL *s); WRITE_TRAN(*transition) (SSL_CONNECTION *s);
WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst); WORK_STATE(*pre_work) (SSL_CONNECTION *s, WORK_STATE wst);
WORK_STATE(*post_work) (SSL *s, WORK_STATE wst); WORK_STATE(*post_work) (SSL_CONNECTION *s, WORK_STATE wst);
int (*get_construct_message_f) (SSL *s, int (*get_construct_message_f) (SSL_CONNECTION *s,
int (**confunc) (SSL *s, WPACKET *pkt), int (**confunc) (SSL_CONNECTION *s,
WPACKET *pkt),
int *mt); int *mt);
void (*cb) (const SSL *ssl, int type, int val) = NULL; void (*cb) (const SSL *ssl, int type, int val) = NULL;
int (*confunc) (SSL *s, WPACKET *pkt); int (*confunc) (SSL_CONNECTION *s, WPACKET *pkt);
int mt; int mt;
WPACKET pkt; WPACKET pkt;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
cb = get_callback(s); cb = get_callback(s);
@ -796,9 +833,9 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
if (cb != NULL) { if (cb != NULL) {
/* Notify callback of an impending state change */ /* Notify callback of an impending state change */
if (s->server) if (s->server)
cb(s, SSL_CB_ACCEPT_LOOP, 1); cb(ssl, SSL_CB_ACCEPT_LOOP, 1);
else else
cb(s, SSL_CB_CONNECT_LOOP, 1); cb(ssl, SSL_CB_CONNECT_LOOP, 1);
} }
switch (transition(s)) { switch (transition(s)) {
case WRITE_TRAN_CONTINUE: case WRITE_TRAN_CONTINUE:
@ -864,7 +901,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
/* Fall through */ /* Fall through */
case WRITE_STATE_SEND: case WRITE_STATE_SEND:
if (SSL_IS_DTLS(s) && st->use_timer) { if (SSL_CONNECTION_IS_DTLS(s) && st->use_timer) {
dtls1_start_timer(s); dtls1_start_timer(s);
} }
ret = statem_do_write(s); ret = statem_do_write(s);
@ -904,7 +941,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
/* /*
* Flush the write BIO * Flush the write BIO
*/ */
int statem_flush(SSL *s) int statem_flush(SSL_CONNECTION *s)
{ {
s->rwstate = SSL_WRITING; s->rwstate = SSL_WRITING;
if (BIO_flush(s->wbio) <= 0) { if (BIO_flush(s->wbio) <= 0) {
@ -923,7 +960,7 @@ int statem_flush(SSL *s)
* 1: Yes (application data allowed) * 1: Yes (application data allowed)
* 0: No (application data not allowed) * 0: No (application data not allowed)
*/ */
int ossl_statem_app_data_allowed(SSL *s) int ossl_statem_app_data_allowed(SSL_CONNECTION *s)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
@ -957,7 +994,7 @@ int ossl_statem_app_data_allowed(SSL *s)
* This function returns 1 if TLS exporter is ready to export keying * This function returns 1 if TLS exporter is ready to export keying
* material, or 0 if otherwise. * material, or 0 if otherwise.
*/ */
int ossl_statem_export_allowed(SSL *s) int ossl_statem_export_allowed(SSL_CONNECTION *s)
{ {
return s->s3.previous_server_finished_len != 0 return s->s3.previous_server_finished_len != 0
&& s->statem.hand_state != TLS_ST_SW_FINISHED; && s->statem.hand_state != TLS_ST_SW_FINISHED;
@ -967,7 +1004,7 @@ int ossl_statem_export_allowed(SSL *s)
* Return 1 if early TLS exporter is ready to export keying material, * Return 1 if early TLS exporter is ready to export keying material,
* or 0 if otherwise. * or 0 if otherwise.
*/ */
int ossl_statem_export_early_allowed(SSL *s) int ossl_statem_export_early_allowed(SSL_CONNECTION *s)
{ {
/* /*
* The early exporter secret is only present on the server if we * The early exporter secret is only present on the server if we

31
ssl/statem/statem.h
View File

@ -130,10 +130,11 @@ typedef struct ossl_statem_st OSSL_STATEM;
__owur int ossl_statem_accept(SSL *s); __owur int ossl_statem_accept(SSL *s);
__owur int ossl_statem_connect(SSL *s); __owur int ossl_statem_connect(SSL *s);
void ossl_statem_clear(SSL *s); void ossl_statem_clear(SSL_CONNECTION *s);
void ossl_statem_set_renegotiate(SSL *s); void ossl_statem_set_renegotiate(SSL_CONNECTION *s);
void ossl_statem_send_fatal(SSL *s, int al); void ossl_statem_send_fatal(SSL_CONNECTION *s, int al);
void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...); void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason,
const char *fmt, ...);
# define SSL_AD_NO_ALERT -1 # define SSL_AD_NO_ALERT -1
# define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al)) # define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al))
# define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL) # define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL)
@ -142,16 +143,16 @@ void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...);
ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
ossl_statem_fatal) ossl_statem_fatal)
int ossl_statem_in_error(const SSL *s); int ossl_statem_in_error(const SSL_CONNECTION *s);
void ossl_statem_set_in_init(SSL *s, int init); void ossl_statem_set_in_init(SSL_CONNECTION *s, int init);
int ossl_statem_get_in_handshake(SSL *s); int ossl_statem_get_in_handshake(SSL_CONNECTION *s);
void ossl_statem_set_in_handshake(SSL *s, int inhand); void ossl_statem_set_in_handshake(SSL_CONNECTION *s, int inhand);
__owur int ossl_statem_skip_early_data(SSL *s); __owur int ossl_statem_skip_early_data(SSL_CONNECTION *s);
void ossl_statem_check_finish_init(SSL *s, int send); void ossl_statem_check_finish_init(SSL_CONNECTION *s, int send);
void ossl_statem_set_hello_verify_done(SSL *s); void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s);
__owur int ossl_statem_app_data_allowed(SSL *s); __owur int ossl_statem_app_data_allowed(SSL_CONNECTION *s);
__owur int ossl_statem_export_allowed(SSL *s); __owur int ossl_statem_export_allowed(SSL_CONNECTION *s);
__owur int ossl_statem_export_early_allowed(SSL *s); __owur int ossl_statem_export_early_allowed(SSL_CONNECTION *s);
/* Flush the write BIO */ /* Flush the write BIO */
int statem_flush(SSL *s); int statem_flush(SSL_CONNECTION *s);

359
ssl/statem/statem_clnt.c
View File

File diff suppressed because it is too large Load Diff

129
ssl/statem/statem_dtls.c
View File

@ -43,15 +43,17 @@ static unsigned char bitmask_start_values[] =
static unsigned char bitmask_end_values[] = static unsigned char bitmask_end_values[] =
{ 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f }; { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f };
static void dtls1_fix_message_header(SSL *s, size_t frag_off, static void dtls1_fix_message_header(SSL_CONNECTION *s, size_t frag_off,
size_t frag_len); size_t frag_len);
static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p); static unsigned char *dtls1_write_message_header(SSL_CONNECTION *s,
static void dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned char *p);
static void dtls1_set_message_header_int(SSL_CONNECTION *s, unsigned char mt,
size_t len, size_t len,
unsigned short seq_num, unsigned short seq_num,
size_t frag_off, size_t frag_off,
size_t frag_len); size_t frag_len);
static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len); static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype,
size_t *len);
static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly)
{ {
@ -109,13 +111,14 @@ void dtls1_hm_fragment_free(hm_fragment *frag)
* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
* SSL3_RT_CHANGE_CIPHER_SPEC) * SSL3_RT_CHANGE_CIPHER_SPEC)
*/ */
int dtls1_do_write(SSL *s, int type) int dtls1_do_write(SSL_CONNECTION *s, int type)
{ {
int ret; int ret;
size_t written; size_t written;
size_t curr_mtu; size_t curr_mtu;
int retry = 1; int retry = 1;
size_t len, frag_off, mac_size, blocksize, used_len; size_t len, frag_off, mac_size, blocksize, used_len;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (!dtls1_query_mtu(s)) if (!dtls1_query_mtu(s))
return -1; return -1;
@ -248,9 +251,9 @@ int dtls1_do_write(SSL *s, int type)
* retransmit anything. continue as if everything is fine and * retransmit anything. continue as if everything is fine and
* wait for an alert to handle the retransmit * wait for an alert to handle the retransmit
*/ */
if (retry && BIO_ctrl(SSL_get_wbio(s), if (retry && BIO_ctrl(SSL_get_wbio(ssl),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) { BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { if (!(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {
if (!dtls1_query_mtu(s)) if (!dtls1_query_mtu(s))
return -1; return -1;
/* Have one more go */ /* Have one more go */
@ -303,7 +306,7 @@ int dtls1_do_write(SSL *s, int type)
if (written == s->init_num) { if (written == s->init_num) {
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data, s->msg_callback(1, s->version, type, s->init_buf->data,
(size_t)(s->init_off + s->init_num), s, (size_t)(s->init_off + s->init_num), ssl,
s->msg_callback_arg); s->msg_callback_arg);
s->init_off = 0; /* done writing this message */ s->init_off = 0; /* done writing this message */
@ -328,7 +331,7 @@ int dtls1_do_write(SSL *s, int type)
return 0; return 0;
} }
int dtls_get_message(SSL *s, int *mt) int dtls_get_message(SSL_CONNECTION *s, int *mt)
{ {
struct hm_header_st *msg_hdr; struct hm_header_st *msg_hdr;
unsigned char *p; unsigned char *p;
@ -356,7 +359,8 @@ int dtls_get_message(SSL *s, int *mt)
if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
if (s->msg_callback) { if (s->msg_callback) {
s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
p, 1, s, s->msg_callback_arg); p, 1, SSL_CONNECTION_GET_SSL(s),
s->msg_callback_arg);
} }
/* /*
* This isn't a real handshake message so skip the processing below. * This isn't a real handshake message so skip the processing below.
@ -387,7 +391,7 @@ int dtls_get_message(SSL *s, int *mt)
* DTLS to do any further processing it wants at the same point that TLS would * DTLS to do any further processing it wants at the same point that TLS would
* be asked for the message body. * be asked for the message body.
*/ */
int dtls_get_message_body(SSL *s, size_t *len) int dtls_get_message_body(SSL_CONNECTION *s, size_t *len)
{ {
unsigned char *msg = (unsigned char *)s->init_buf->data; unsigned char *msg = (unsigned char *)s->init_buf->data;
size_t msg_len = s->init_num + DTLS1_HM_HEADER_LENGTH; size_t msg_len = s->init_num + DTLS1_HM_HEADER_LENGTH;
@ -416,7 +420,7 @@ int dtls_get_message_body(SSL *s, size_t *len)
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH,
s, s->msg_callback_arg); SSL_CONNECTION_GET_SSL(s), s->msg_callback_arg);
end: end:
*len = s->init_num; *len = s->init_num;
@ -428,7 +432,7 @@ int dtls_get_message_body(SSL *s, size_t *len)
* permitted in a DTLS handshake message for |s|. The minimum is 16KB, but * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
* may be greater if the maximum certificate list size requires it. * may be greater if the maximum certificate list size requires it.
*/ */
static size_t dtls1_max_handshake_message_len(const SSL *s) static size_t dtls1_max_handshake_message_len(const SSL_CONNECTION *s)
{ {
size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
if (max_len < s->max_cert_list) if (max_len < s->max_cert_list)
@ -436,7 +440,8 @@ static size_t dtls1_max_handshake_message_len(const SSL *s)
return max_len; return max_len;
} }
static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr) static int dtls1_preprocess_fragment(SSL_CONNECTION *s,
struct hm_header_st *msg_hdr)
{ {
size_t frag_off, frag_len, msg_len; size_t frag_off, frag_len, msg_len;
@ -482,7 +487,7 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
* Returns 1 if there is a buffered fragment available, 0 if not, or -1 on a * Returns 1 if there is a buffered fragment available, 0 if not, or -1 on a
* fatal error. * fatal error.
*/ */
static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len) static int dtls1_retrieve_buffered_fragment(SSL_CONNECTION *s, size_t *len)
{ {
/*- /*-
* (0) check whether the desired fragment is available * (0) check whether the desired fragment is available
@ -545,8 +550,8 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len)
} }
} }
static int static int dtls1_reassemble_fragment(SSL_CONNECTION *s,
dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) const struct hm_header_st *msg_hdr)
{ {
hm_fragment *frag = NULL; hm_fragment *frag = NULL;
pitem *item = NULL; pitem *item = NULL;
@ -554,6 +559,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
unsigned char seq64be[8]; unsigned char seq64be[8];
size_t frag_len = msg_hdr->frag_len; size_t frag_len = msg_hdr->frag_len;
size_t readbytes; size_t readbytes;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
@ -594,11 +600,11 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
unsigned char devnull[256]; unsigned char devnull[256];
while (frag_len) { while (frag_len) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
devnull, devnull,
frag_len > frag_len >
sizeof(devnull) ? sizeof(devnull) : sizeof(devnull) ? sizeof(devnull) :
frag_len, 0, &readbytes); frag_len, 0, &readbytes);
if (i <= 0) if (i <= 0)
goto err; goto err;
frag_len -= readbytes; frag_len -= readbytes;
@ -607,9 +613,9 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
} }
/* read the body of the fragment (header has already been read */ /* read the body of the fragment (header has already been read */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
frag->fragment + msg_hdr->frag_off, frag->fragment + msg_hdr->frag_off,
frag_len, 0, &readbytes); frag_len, 0, &readbytes);
if (i <= 0 || readbytes != frag_len) if (i <= 0 || readbytes != frag_len)
i = -1; i = -1;
if (i <= 0) if (i <= 0)
@ -654,8 +660,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
return -1; return -1;
} }
static int static int dtls1_process_out_of_seq_message(SSL_CONNECTION *s,
dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) const struct hm_header_st *msg_hdr)
{ {
int i = -1; int i = -1;
hm_fragment *frag = NULL; hm_fragment *frag = NULL;
@ -663,6 +669,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
unsigned char seq64be[8]; unsigned char seq64be[8];
size_t frag_len = msg_hdr->frag_len; size_t frag_len = msg_hdr->frag_len;
size_t readbytes; size_t readbytes;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
goto err; goto err;
@ -691,11 +698,11 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
unsigned char devnull[256]; unsigned char devnull[256];
while (frag_len) { while (frag_len) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
devnull, devnull,
frag_len > frag_len >
sizeof(devnull) ? sizeof(devnull) : sizeof(devnull) ? sizeof(devnull) :
frag_len, 0, &readbytes); frag_len, 0, &readbytes);
if (i <= 0) if (i <= 0)
goto err; goto err;
frag_len -= readbytes; frag_len -= readbytes;
@ -718,9 +725,9 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
/* /*
* read the body of the fragment (header has already been read * read the body of the fragment (header has already been read
*/ */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
frag->fragment, frag_len, 0, frag->fragment, frag_len, 0,
&readbytes); &readbytes);
if (i<=0 || readbytes != frag_len) if (i<=0 || readbytes != frag_len)
i = -1; i = -1;
if (i <= 0) if (i <= 0)
@ -752,13 +759,15 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
return 0; return 0;
} }
static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype,
size_t *len)
{ {
unsigned char wire[DTLS1_HM_HEADER_LENGTH]; unsigned char wire[DTLS1_HM_HEADER_LENGTH];
size_t mlen, frag_off, frag_len; size_t mlen, frag_off, frag_len;
int i, ret, recvd_type; int i, ret, recvd_type;
struct hm_header_st msg_hdr; struct hm_header_st msg_hdr;
size_t readbytes; size_t readbytes;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
*errtype = 0; *errtype = 0;
@ -776,8 +785,8 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
} }
/* read handshake message header */ /* read handshake message header */
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire, i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, &recvd_type, wire,
DTLS1_HM_HEADER_LENGTH, 0, &readbytes); DTLS1_HM_HEADER_LENGTH, 0, &readbytes);
if (i <= 0) { /* nbio, or an error */ if (i <= 0) { /* nbio, or an error */
s->rwstate = SSL_READING; s->rwstate = SSL_READING;
*len = 0; *len = 0;
@ -849,7 +858,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
wire, DTLS1_HM_HEADER_LENGTH, s, wire, DTLS1_HM_HEADER_LENGTH, ssl,
s->msg_callback_arg); s->msg_callback_arg);
s->init_num = 0; s->init_num = 0;
@ -870,8 +879,8 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
unsigned char *p = unsigned char *p =
(unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
&p[frag_off], frag_len, 0, &readbytes); &p[frag_off], frag_len, 0, &readbytes);
/* /*
* This shouldn't ever fail due to NBIO because we already checked * This shouldn't ever fail due to NBIO because we already checked
@ -919,7 +928,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
* ssl->session->read_compression assign * ssl->session->read_compression assign
* ssl->session->read_hash assign * ssl->session->read_hash assign
*/ */
int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt) int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt)
{ {
if (s->version == DTLS1_BAD_VER) { if (s->version == DTLS1_BAD_VER) {
s->d1->next_handshake_write_seq++; s->d1->next_handshake_write_seq++;
@ -938,13 +947,14 @@ int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
* Wait for a dry event. Should only be called at a point in the handshake * Wait for a dry event. Should only be called at a point in the handshake
* where we are not expecting any data from the peer except an alert. * where we are not expecting any data from the peer except an alert.
*/ */
WORK_STATE dtls_wait_for_dry(SSL *s) WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s)
{ {
int ret, errtype; int ret, errtype;
size_t len; size_t len;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* read app data until dry event */ /* read app data until dry event */
ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(ssl));
if (ret < 0) { if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return WORK_ERROR; return WORK_ERROR;
@ -965,16 +975,18 @@ WORK_STATE dtls_wait_for_dry(SSL *s)
s->s3.in_read_app_data = 2; s->s3.in_read_app_data = 2;
s->rwstate = SSL_READING; s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_clear_retry_flags(SSL_get_rbio(ssl));
BIO_set_retry_read(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(ssl));
return WORK_MORE_A; return WORK_MORE_A;
} }
return WORK_FINISHED_CONTINUE; return WORK_FINISHED_CONTINUE;
} }
#endif #endif
int dtls1_read_failed(SSL *s, int code) int dtls1_read_failed(SSL_CONNECTION *s, int code)
{ {
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (code > 0) { if (code > 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0; return 0;
@ -988,9 +1000,9 @@ int dtls1_read_failed(SSL *s, int code)
return code; return code;
} }
/* done, no need to send a retransmit */ /* done, no need to send a retransmit */
if (!SSL_in_init(s)) if (!SSL_in_init(ssl))
{ {
BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); BIO_set_flags(SSL_get_rbio(ssl), BIO_FLAGS_READ);
return code; return code;
} }
@ -1012,7 +1024,7 @@ int dtls1_get_queue_priority(unsigned short seq, int is_ccs)
return seq * 2 - is_ccs; return seq * 2 - is_ccs;
} }
int dtls1_retransmit_buffered_messages(SSL *s) int dtls1_retransmit_buffered_messages(SSL_CONNECTION *s)
{ {
pqueue *sent = s->d1->sent_messages; pqueue *sent = s->d1->sent_messages;
piterator iter; piterator iter;
@ -1034,7 +1046,7 @@ int dtls1_retransmit_buffered_messages(SSL *s)
return 1; return 1;
} }
int dtls1_buffer_message(SSL *s, int is_ccs) int dtls1_buffer_message(SSL_CONNECTION *s, int is_ccs)
{ {
pitem *item; pitem *item;
hm_fragment *frag; hm_fragment *frag;
@ -1105,7 +1117,7 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
return 1; return 1;
} }
int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) int dtls1_retransmit_message(SSL_CONNECTION *s, unsigned short seq, int *found)
{ {
int ret; int ret;
/* XDTLS: for now assuming that read/writes are blocking */ /* XDTLS: for now assuming that read/writes are blocking */
@ -1178,7 +1190,7 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
return ret; return ret;
} }
void dtls1_set_message_header(SSL *s, void dtls1_set_message_header(SSL_CONNECTION *s,
unsigned char mt, size_t len, unsigned char mt, size_t len,
size_t frag_off, size_t frag_len) size_t frag_off, size_t frag_len)
{ {
@ -1193,7 +1205,7 @@ void dtls1_set_message_header(SSL *s,
/* don't actually do the writing, wait till the MTU has been retrieved */ /* don't actually do the writing, wait till the MTU has been retrieved */
static void static void
dtls1_set_message_header_int(SSL *s, unsigned char mt, dtls1_set_message_header_int(SSL_CONNECTION *s, unsigned char mt,
size_t len, unsigned short seq_num, size_t len, unsigned short seq_num,
size_t frag_off, size_t frag_len) size_t frag_off, size_t frag_len)
{ {
@ -1207,7 +1219,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt,
} }
static void static void
dtls1_fix_message_header(SSL *s, size_t frag_off, size_t frag_len) dtls1_fix_message_header(SSL_CONNECTION *s, size_t frag_off, size_t frag_len)
{ {
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
@ -1215,7 +1227,8 @@ dtls1_fix_message_header(SSL *s, size_t frag_off, size_t frag_len)
msg_hdr->frag_len = frag_len; msg_hdr->frag_len = frag_len;
} }
static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p) static unsigned char *dtls1_write_message_header(SSL_CONNECTION *s,
unsigned char *p)
{ {
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
@ -1240,7 +1253,7 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
n2l3(data, msg_hdr->frag_len); n2l3(data, msg_hdr->frag_len);
} }
int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype) int dtls1_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype)
{ {
unsigned char *header; unsigned char *header;
@ -1264,7 +1277,7 @@ int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
return 1; return 1;
} }
int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype) int dtls1_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype)
{ {
size_t msglen; size_t msglen;

309
ssl/statem/statem_lib.c
View File

@ -40,12 +40,13 @@ const unsigned char hrrrandom[] = {
* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
* SSL3_RT_CHANGE_CIPHER_SPEC) * SSL3_RT_CHANGE_CIPHER_SPEC)
*/ */
int ssl3_do_write(SSL *s, int type) int ssl3_do_write(SSL_CONNECTION *s, int type)
{ {
int ret; int ret;
size_t written = 0; size_t written = 0;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], ret = ssl3_write_bytes(ssl, type, &s->init_buf->data[s->init_off],
s->init_num, &written); s->init_num, &written);
if (ret < 0) if (ret < 0)
return -1; return -1;
@ -55,7 +56,8 @@ int ssl3_do_write(SSL *s, int type)
* ignore the result anyway * ignore the result anyway
* TLS1.3 KeyUpdate and NewSessionTicket do not need to be added * TLS1.3 KeyUpdate and NewSessionTicket do not need to be added
*/ */
if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET if (!SSL_CONNECTION_IS_TLS13(s)
|| (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET
&& s->statem.hand_state != TLS_ST_CW_KEY_UPDATE && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE
&& s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE))
if (!ssl3_finish_mac(s, if (!ssl3_finish_mac(s,
@ -65,7 +67,7 @@ int ssl3_do_write(SSL *s, int type)
if (written == s->init_num) { if (written == s->init_num) {
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data, s->msg_callback(1, s->version, type, s->init_buf->data,
(size_t)(s->init_off + s->init_num), s, (size_t)(s->init_off + s->init_num), ssl,
s->msg_callback_arg); s->msg_callback_arg);
return 1; return 1;
} }
@ -74,7 +76,7 @@ int ssl3_do_write(SSL *s, int type)
return 0; return 0;
} }
int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype) int tls_close_construct_packet(SSL_CONNECTION *s, WPACKET *pkt, int htype)
{ {
size_t msglen; size_t msglen;
@ -88,9 +90,11 @@ int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
return 1; return 1;
} }
int tls_setup_handshake(SSL *s) int tls_setup_handshake(SSL_CONNECTION *s)
{ {
int ver_min, ver_max, ok; int ver_min, ver_max, ok;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (!ssl3_init_finished_mac(s)) { if (!ssl3_init_finished_mac(s)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
@ -106,11 +110,11 @@ int tls_setup_handshake(SSL *s)
} }
/* Sanity check that we have MD5-SHA1 if we need it */ /* Sanity check that we have MD5-SHA1 if we need it */
if (s->ctx->ssl_digest_methods[SSL_MD_MD5_SHA1_IDX] == NULL) { if (sctx->ssl_digest_methods[SSL_MD_MD5_SHA1_IDX] == NULL) {
int md5sha1_needed = 0; int md5sha1_needed = 0;
/* We don't have MD5-SHA1 - do we need it? */ /* We don't have MD5-SHA1 - do we need it? */
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
if (DTLS_VERSION_LE(ver_max, DTLS1_VERSION)) if (DTLS_VERSION_LE(ver_max, DTLS1_VERSION))
md5sha1_needed = 1; md5sha1_needed = 1;
} else { } else {
@ -129,12 +133,12 @@ int tls_setup_handshake(SSL *s)
ok = 1; ok = 1;
/* Don't allow TLSv1.1 or below to be negotiated */ /* Don't allow TLSv1.1 or below to be negotiated */
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
if (DTLS_VERSION_LT(ver_min, DTLS1_2_VERSION)) if (DTLS_VERSION_LT(ver_min, DTLS1_2_VERSION))
ok = SSL_set_min_proto_version(s, DTLS1_2_VERSION); ok = SSL_set_min_proto_version(ssl, DTLS1_2_VERSION);
} else { } else {
if (ver_min < TLS1_2_VERSION) if (ver_min < TLS1_2_VERSION)
ok = SSL_set_min_proto_version(s, TLS1_2_VERSION); ok = SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
} }
if (!ok) { if (!ok) {
/* Shouldn't happen */ /* Shouldn't happen */
@ -145,7 +149,7 @@ int tls_setup_handshake(SSL *s)
ok = 0; ok = 0;
if (s->server) { if (s->server) {
STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(s); STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(ssl);
int i; int i;
/* /*
@ -156,7 +160,7 @@ int tls_setup_handshake(SSL *s)
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
if (DTLS_VERSION_GE(ver_max, c->min_dtls) && if (DTLS_VERSION_GE(ver_max, c->min_dtls) &&
DTLS_VERSION_LE(ver_max, c->max_dtls)) DTLS_VERSION_LE(ver_max, c->max_dtls))
ok = 1; ok = 1;
@ -178,7 +182,7 @@ int tls_setup_handshake(SSL *s)
ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_accept); ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_accept);
} else { } else {
/* N.B. s->ctx may not equal s->session_ctx */ /* N.B. s->ctx may not equal s->session_ctx */
ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept_renegotiate); ssl_tsan_counter(sctx, &sctx->stats.sess_accept_renegotiate);
s->s3.tmp.cert_request = 0; s->s3.tmp.cert_request = 0;
} }
@ -195,7 +199,7 @@ int tls_setup_handshake(SSL *s)
s->s3.tmp.cert_req = 0; s->s3.tmp.cert_req = 0;
if (SSL_IS_DTLS(s)) if (SSL_CONNECTION_IS_DTLS(s))
s->statem.use_timer = 1; s->statem.use_timer = 1;
} }
@ -209,7 +213,7 @@ int tls_setup_handshake(SSL *s)
#define TLS13_TBS_START_SIZE 64 #define TLS13_TBS_START_SIZE 64
#define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1) #define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1)
static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, static int get_cert_verify_tbs_data(SSL_CONNECTION *s, unsigned char *tls13tbs,
void **hdata, size_t *hdatalen) void **hdata, size_t *hdatalen)
{ {
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC
@ -225,7 +229,8 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
static const char servercontext[] = "TLS 1.3, server CertificateVerify"; static const char servercontext[] = "TLS 1.3, server CertificateVerify";
static const char clientcontext[] = "TLS 1.3, client CertificateVerify"; static const char clientcontext[] = "TLS 1.3, client CertificateVerify";
#endif #endif
if (SSL_IS_TLS13(s)) {
if (SSL_CONNECTION_IS_TLS13(s)) {
size_t hashlen; size_t hashlen;
/* Set the first 64 bytes of to-be-signed data to octet 32 */ /* Set the first 64 bytes of to-be-signed data to octet 32 */
@ -270,7 +275,7 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
return 1; return 1;
} }
int tls_construct_cert_verify(SSL *s, WPACKET *pkt) int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt)
{ {
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
const EVP_MD *md = NULL; const EVP_MD *md = NULL;
@ -281,6 +286,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
unsigned char *sig = NULL; unsigned char *sig = NULL;
unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg; const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (lu == NULL || s->s3.tmp.cert == NULL) { if (lu == NULL || s->s3.tmp.cert == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -288,7 +294,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
} }
pkey = s->s3.tmp.cert->privatekey; pkey = s->s3.tmp.cert->privatekey;
if (pkey == NULL || !tls1_lookup_md(s->ctx, lu, &md)) { if (pkey == NULL || !tls1_lookup_md(sctx, lu, &md)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
@ -312,7 +318,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
if (EVP_DigestSignInit_ex(mctx, &pctx, if (EVP_DigestSignInit_ex(mctx, &pctx,
md == NULL ? NULL : EVP_MD_get0_name(md), md == NULL ? NULL : EVP_MD_get0_name(md),
s->ctx->libctx, s->ctx->propq, pkey, sctx->libctx, sctx->propq, pkey,
NULL) <= 0) { NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err; goto err;
@ -394,7 +400,7 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
return 0; return 0;
} }
MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt)
{ {
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
const unsigned char *data; const unsigned char *data;
@ -411,6 +417,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
EVP_MD_CTX *mctx = EVP_MD_CTX_new(); EVP_MD_CTX *mctx = EVP_MD_CTX_new();
EVP_PKEY_CTX *pctx = NULL; EVP_PKEY_CTX *pctx = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (mctx == NULL) { if (mctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
@ -446,7 +453,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
goto err; goto err;
} }
if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) { if (!tls1_lookup_md(sctx, s->s3.tmp.peer_sigalg, &md)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
@ -490,7 +497,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
if (EVP_DigestVerifyInit_ex(mctx, &pctx, if (EVP_DigestVerifyInit_ex(mctx, &pctx,
md == NULL ? NULL : EVP_MD_get0_name(md), md == NULL ? NULL : EVP_MD_get0_name(md),
s->ctx->libctx, s->ctx->propq, pkey, sctx->libctx, sctx->propq, pkey,
NULL) <= 0) { NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err; goto err;
@ -547,7 +554,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
* want to make sure that SSL_get1_peer_certificate() will return the actual * want to make sure that SSL_get1_peer_certificate() will return the actual
* server certificate from the client_cert_cb callback. * server certificate from the client_cert_cb callback.
*/ */
if (!s->server && SSL_IS_TLS13(s) && s->s3.tmp.cert_req == 1) if (!s->server && SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.cert_req == 1)
ret = MSG_PROCESS_CONTINUE_PROCESSING; ret = MSG_PROCESS_CONTINUE_PROCESSING;
else else
ret = MSG_PROCESS_CONTINUE_READING; ret = MSG_PROCESS_CONTINUE_READING;
@ -561,11 +568,12 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
return ret; return ret;
} }
int tls_construct_finished(SSL *s, WPACKET *pkt) int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt)
{ {
size_t finish_md_len; size_t finish_md_len;
const char *sender; const char *sender;
size_t slen; size_t slen;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* This is a real handshake so make sure we clean it up at the end */ /* This is a real handshake so make sure we clean it up at the end */
if (!s->server && s->post_handshake_auth != SSL_PHA_REQUESTED) if (!s->server && s->post_handshake_auth != SSL_PHA_REQUESTED)
@ -575,26 +583,26 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
* We only change the keys if we didn't already do this when we sent the * We only change the keys if we didn't already do this when we sent the
* client certificate * client certificate
*/ */
if (SSL_IS_TLS13(s) if (SSL_CONNECTION_IS_TLS13(s)
&& !s->server && !s->server
&& s->s3.tmp.cert_req == 0 && s->s3.tmp.cert_req == 0
&& (!s->method->ssl3_enc->change_cipher_state(s, && (!ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {; SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {;
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
} }
if (s->server) { if (s->server) {
sender = s->method->ssl3_enc->server_finished_label; sender = ssl->method->ssl3_enc->server_finished_label;
slen = s->method->ssl3_enc->server_finished_label_len; slen = ssl->method->ssl3_enc->server_finished_label_len;
} else { } else {
sender = s->method->ssl3_enc->client_finished_label; sender = ssl->method->ssl3_enc->client_finished_label;
slen = s->method->ssl3_enc->client_finished_label_len; slen = ssl->method->ssl3_enc->client_finished_label_len;
} }
finish_md_len = s->method->ssl3_enc->final_finish_mac(s, finish_md_len = ssl->method->ssl3_enc->final_finish_mac(s,
sender, slen, sender, slen,
s->s3.tmp.finish_md); s->s3.tmp.finish_md);
if (finish_md_len == 0) { if (finish_md_len == 0) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
@ -611,9 +619,9 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
* Log the master secret, if logging is enabled. We don't log it for * Log the master secret, if logging is enabled. We don't log it for
* TLSv1.3: there's a different key schedule for that. * TLSv1.3: there's a different key schedule for that.
*/ */
if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL, if (!SSL_CONNECTION_IS_TLS13(s)
s->session->master_key, && !ssl_log_secret(s, MASTER_SECRET_LABEL, s->session->master_key,
s->session->master_key_length)) { s->session->master_key_length)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return 0; return 0;
} }
@ -638,7 +646,7 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
return 1; return 1;
} }
int tls_construct_key_update(SSL *s, WPACKET *pkt) int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt)
{ {
if (!WPACKET_put_bytes_u8(pkt, s->key_update)) { if (!WPACKET_put_bytes_u8(pkt, s->key_update)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -649,7 +657,7 @@ int tls_construct_key_update(SSL *s, WPACKET *pkt)
return 1; return 1;
} }
MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, PACKET *pkt)
{ {
unsigned int updatetype; unsigned int updatetype;
@ -698,22 +706,23 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
* to far. * to far.
*/ */
int ssl3_take_mac(SSL *s) int ssl3_take_mac(SSL_CONNECTION *s)
{ {
const char *sender; const char *sender;
size_t slen; size_t slen;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (!s->server) { if (!s->server) {
sender = s->method->ssl3_enc->server_finished_label; sender = ssl->method->ssl3_enc->server_finished_label;
slen = s->method->ssl3_enc->server_finished_label_len; slen = ssl->method->ssl3_enc->server_finished_label_len;
} else { } else {
sender = s->method->ssl3_enc->client_finished_label; sender = ssl->method->ssl3_enc->client_finished_label;
slen = s->method->ssl3_enc->client_finished_label_len; slen = ssl->method->ssl3_enc->client_finished_label_len;
} }
s->s3.tmp.peer_finish_md_len = s->s3.tmp.peer_finish_md_len =
s->method->ssl3_enc->final_finish_mac(s, sender, slen, ssl->method->ssl3_enc->final_finish_mac(s, sender, slen,
s->s3.tmp.peer_finish_md); s->s3.tmp.peer_finish_md);
if (s->s3.tmp.peer_finish_md_len == 0) { if (s->s3.tmp.peer_finish_md_len == 0) {
/* SSLfatal() already called */ /* SSLfatal() already called */
@ -723,7 +732,8 @@ int ssl3_take_mac(SSL *s)
return 1; return 1;
} }
MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s,
PACKET *pkt)
{ {
size_t remain; size_t remain;
@ -733,7 +743,7 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
* been consumed by ssl_get_message() so there should be no bytes left, * been consumed by ssl_get_message() so there should be no bytes left,
* unless we're using DTLS1_BAD_VER, which has an extra 2 bytes * unless we're using DTLS1_BAD_VER, which has an extra 2 bytes
*/ */
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
if ((s->version == DTLS1_BAD_VER if ((s->version == DTLS1_BAD_VER
&& remain != DTLS1_CCS_HEADER_LENGTH + 1) && remain != DTLS1_CCS_HEADER_LENGTH + 1)
|| (s->version != DTLS1_BAD_VER || (s->version != DTLS1_BAD_VER
@ -760,7 +770,7 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
dtls1_reset_seq_numbers(s, SSL3_CC_READ); dtls1_reset_seq_numbers(s, SSL3_CC_READ);
if (s->version == DTLS1_BAD_VER) if (s->version == DTLS1_BAD_VER)
@ -772,16 +782,18 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
* SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
* SCTP is used * SCTP is used
*/ */
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL); BIO_ctrl(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s)),
BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
#endif #endif
} }
return MSG_PROCESS_CONTINUE_READING; return MSG_PROCESS_CONTINUE_READING;
} }
MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt)
{ {
size_t md_len; size_t md_len;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* This is a real handshake so make sure we clean it up at the end */ /* This is a real handshake so make sure we clean it up at the end */
@ -794,7 +806,8 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
s->statem.enc_read_state = ENC_READ_STATE_VALID; s->statem.enc_read_state = ENC_READ_STATE_VALID;
if (s->post_handshake_auth != SSL_PHA_REQUESTED) if (s->post_handshake_auth != SSL_PHA_REQUESTED)
s->statem.cleanuphand = 1; s->statem.cleanuphand = 1;
if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) { if (SSL_CONNECTION_IS_TLS13(s)
&& !tls13_save_handshake_digest_for_pha(s)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
@ -804,13 +817,14 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
* In TLSv1.3 a Finished message signals a key change so the end of the * In TLSv1.3 a Finished message signals a key change so the end of the
* message must be on a record boundary. * message must be on a record boundary.
*/ */
if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) { if (SSL_CONNECTION_IS_TLS13(s)
&& RECORD_LAYER_processed_read_pending(&s->rlayer)) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_NOT_ON_RECORD_BOUNDARY); SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_NOT_ON_RECORD_BOUNDARY);
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
/* If this occurs, we have missed a message */ /* If this occurs, we have missed a message */
if (!SSL_IS_TLS13(s) && !s->s3.change_cipher_spec) { if (!SSL_CONNECTION_IS_TLS13(s) && !s->s3.change_cipher_spec) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_GOT_A_FIN_BEFORE_A_CCS); SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
@ -850,24 +864,24 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
* In TLS1.3 we also have to change cipher state and do any final processing * In TLS1.3 we also have to change cipher state and do any final processing
* of the initial server flight (if we are a client) * of the initial server flight (if we are a client)
*/ */
if (SSL_IS_TLS13(s)) { if (SSL_CONNECTION_IS_TLS13(s)) {
if (s->server) { if (s->server) {
if (s->post_handshake_auth != SSL_PHA_REQUESTED && if (s->post_handshake_auth != SSL_PHA_REQUESTED &&
!s->method->ssl3_enc->change_cipher_state(s, !ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) { SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
} else { } else {
/* TLS 1.3 gets the secret size from the handshake md */ /* TLS 1.3 gets the secret size from the handshake md */
size_t dummy; size_t dummy;
if (!s->method->ssl3_enc->generate_master_secret(s, if (!ssl->method->ssl3_enc->generate_master_secret(s,
s->master_secret, s->handshake_secret, 0, s->master_secret, s->handshake_secret, 0,
&dummy)) { &dummy)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
if (!s->method->ssl3_enc->change_cipher_state(s, if (!ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) { SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
@ -882,7 +896,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
return MSG_PROCESS_FINISHED_READING; return MSG_PROCESS_FINISHED_READING;
} }
int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt) int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt)
{ {
if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) { if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -893,7 +907,8 @@ int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
} }
/* Add a certificate to the WPACKET */ /* Add a certificate to the WPACKET */
static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain) static int ssl_add_cert_to_wpacket(SSL_CONNECTION *s, WPACKET *pkt,
X509 *x, int chain)
{ {
int len; int len;
unsigned char *outbytes; unsigned char *outbytes;
@ -909,7 +924,7 @@ static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain)
return 0; return 0;
} }
if (SSL_IS_TLS13(s) if (SSL_CONNECTION_IS_TLS13(s)
&& !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x, && !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x,
chain)) { chain)) {
/* SSLfatal() already called */ /* SSLfatal() already called */
@ -920,13 +935,14 @@ static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain)
} }
/* Add certificate chain to provided WPACKET */ /* Add certificate chain to provided WPACKET */
static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) static int ssl_add_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, CERT_PKEY *cpk)
{ {
int i, chain_count; int i, chain_count;
X509 *x; X509 *x;
STACK_OF(X509) *extra_certs; STACK_OF(X509) *extra_certs;
STACK_OF(X509) *chain = NULL; STACK_OF(X509) *chain = NULL;
X509_STORE *chain_store; X509_STORE *chain_store;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (cpk == NULL || cpk->x509 == NULL) if (cpk == NULL || cpk->x509 == NULL)
return 1; return 1;
@ -939,18 +955,18 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
if (cpk->chain != NULL) if (cpk->chain != NULL)
extra_certs = cpk->chain; extra_certs = cpk->chain;
else else
extra_certs = s->ctx->extra_certs; extra_certs = sctx->extra_certs;
if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs) if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs)
chain_store = NULL; chain_store = NULL;
else if (s->cert->chain_store) else if (s->cert->chain_store)
chain_store = s->cert->chain_store; chain_store = s->cert->chain_store;
else else
chain_store = s->ctx->cert_store; chain_store = sctx->cert_store;
if (chain_store != NULL) { if (chain_store != NULL) {
X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(s->ctx->libctx, X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(sctx->libctx,
s->ctx->propq); sctx->propq);
if (xs_ctx == NULL) { if (xs_ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
@ -1015,7 +1031,8 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
return 1; return 1;
} }
unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) unsigned long ssl3_output_cert_chain(SSL_CONNECTION *s, WPACKET *pkt,
CERT_PKEY *cpk)
{ {
if (!WPACKET_start_sub_packet_u24(pkt)) { if (!WPACKET_start_sub_packet_u24(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -1038,14 +1055,16 @@ unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
* in NBIO events. If |clearbufs| is set then init_buf and the wbio buffer is * in NBIO events. If |clearbufs| is set then init_buf and the wbio buffer is
* freed up as well. * freed up as well.
*/ */
WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst, WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst,
int clearbufs, int stop) int clearbufs, int stop)
{ {
void (*cb) (const SSL *ssl, int type, int val) = NULL; void (*cb) (const SSL *ssl, int type, int val) = NULL;
int cleanuphand = s->statem.cleanuphand; int cleanuphand = s->statem.cleanuphand;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (clearbufs) { if (clearbufs) {
if (!SSL_IS_DTLS(s) if (!SSL_CONNECTION_IS_DTLS(s)
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
/* /*
* RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS * RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS
@ -1053,7 +1072,7 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
* MUST NOT be used. * MUST NOT be used.
* Hence the init_buf can be cleared when DTLS over SCTP as transport is used. * Hence the init_buf can be cleared when DTLS over SCTP as transport is used.
*/ */
|| BIO_dgram_is_sctp(SSL_get_wbio(s)) || BIO_dgram_is_sctp(SSL_get_wbio(ssl))
#endif #endif
) { ) {
/* /*
@ -1071,7 +1090,7 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
s->init_num = 0; s->init_num = 0;
} }
if (SSL_IS_TLS13(s) && !s->server if (SSL_CONNECTION_IS_TLS13(s) && !s->server
&& s->post_handshake_auth == SSL_PHA_REQUESTED) && s->post_handshake_auth == SSL_PHA_REQUESTED)
s->post_handshake_auth = SSL_PHA_EXT_SENT; s->post_handshake_auth = SSL_PHA_EXT_SENT;
@ -1093,14 +1112,14 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
* In TLSv1.3 we update the cache as part of constructing the * In TLSv1.3 we update the cache as part of constructing the
* NewSessionTicket * NewSessionTicket
*/ */
if (!SSL_IS_TLS13(s)) if (!SSL_CONNECTION_IS_TLS13(s))
ssl_update_cache(s, SSL_SESS_CACHE_SERVER); ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
/* N.B. s->ctx may not equal s->session_ctx */ /* N.B. s->ctx may not equal s->session_ctx */
ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept_good); ssl_tsan_counter(sctx, &sctx->stats.sess_accept_good);
s->handshake_func = ossl_statem_accept; s->handshake_func = ossl_statem_accept;
} else { } else {
if (SSL_IS_TLS13(s)) { if (SSL_CONNECTION_IS_TLS13(s)) {
/* /*
* We encourage applications to only use TLSv1.3 tickets once, * We encourage applications to only use TLSv1.3 tickets once,
* so we remove this one from the cache. * so we remove this one from the cache.
@ -1124,7 +1143,7 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
&s->session_ctx->stats.sess_connect_good); &s->session_ctx->stats.sess_connect_good);
} }
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
/* done with handshaking */ /* done with handshaking */
s->d1->handshake_read_seq = 0; s->d1->handshake_read_seq = 0;
s->d1->handshake_write_seq = 0; s->d1->handshake_write_seq = 0;
@ -1135,17 +1154,17 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
if (s->info_callback != NULL) if (s->info_callback != NULL)
cb = s->info_callback; cb = s->info_callback;
else if (s->ctx->info_callback != NULL) else if (sctx->info_callback != NULL)
cb = s->ctx->info_callback; cb = sctx->info_callback;
/* The callback may expect us to not be in init at handshake done */ /* The callback may expect us to not be in init at handshake done */
ossl_statem_set_in_init(s, 0); ossl_statem_set_in_init(s, 0);
if (cb != NULL) { if (cb != NULL) {
if (cleanuphand if (cleanuphand
|| !SSL_IS_TLS13(s) || !SSL_CONNECTION_IS_TLS13(s)
|| SSL_IS_FIRST_HANDSHAKE(s)) || SSL_IS_FIRST_HANDSHAKE(s))
cb(s, SSL_CB_HANDSHAKE_DONE, 1); cb(ssl, SSL_CB_HANDSHAKE_DONE, 1);
} }
if (!stop) { if (!stop) {
@ -1157,21 +1176,22 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
return WORK_FINISHED_STOP; return WORK_FINISHED_STOP;
} }
int tls_get_message_header(SSL *s, int *mt) int tls_get_message_header(SSL_CONNECTION *s, int *mt)
{ {
/* s->init_num < SSL3_HM_HEADER_LENGTH */ /* s->init_num < SSL3_HM_HEADER_LENGTH */
int skip_message, i, recvd_type; int skip_message, i, recvd_type;
unsigned char *p; unsigned char *p;
size_t l, readbytes; size_t l, readbytes;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
p = (unsigned char *)s->init_buf->data; p = (unsigned char *)s->init_buf->data;
do { do {
while (s->init_num < SSL3_HM_HEADER_LENGTH) { while (s->init_num < SSL3_HM_HEADER_LENGTH) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, &recvd_type,
&p[s->init_num], &p[s->init_num],
SSL3_HM_HEADER_LENGTH - s->init_num, SSL3_HM_HEADER_LENGTH - s->init_num,
0, &readbytes); 0, &readbytes);
if (i <= 0) { if (i <= 0) {
s->rwstate = SSL_READING; s->rwstate = SSL_READING;
return 0; return 0;
@ -1226,7 +1246,7 @@ int tls_get_message_header(SSL *s, int *mt)
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
p, SSL3_HM_HEADER_LENGTH, s, p, SSL3_HM_HEADER_LENGTH, ssl,
s->msg_callback_arg); s->msg_callback_arg);
} }
} while (skip_message); } while (skip_message);
@ -1266,11 +1286,12 @@ int tls_get_message_header(SSL *s, int *mt)
return 1; return 1;
} }
int tls_get_message_body(SSL *s, size_t *len) int tls_get_message_body(SSL_CONNECTION *s, size_t *len)
{ {
size_t n, readbytes; size_t n, readbytes;
unsigned char *p; unsigned char *p;
int i; int i;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) {
/* We've already read everything in */ /* We've already read everything in */
@ -1281,8 +1302,8 @@ int tls_get_message_body(SSL *s, size_t *len)
p = s->init_msg; p = s->init_msg;
n = s->s3.tmp.message_size - s->init_num; n = s->s3.tmp.message_size - s->init_num;
while (n > 0) { while (n > 0) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, i = ssl->method->ssl_read_bytes(ssl, SSL3_RT_HANDSHAKE, NULL,
&p[s->init_num], n, 0, &readbytes); &p[s->init_num], n, 0, &readbytes);
if (i <= 0) { if (i <= 0) {
s->rwstate = SSL_READING; s->rwstate = SSL_READING;
*len = 0; *len = 0;
@ -1312,7 +1333,7 @@ int tls_get_message_body(SSL *s, size_t *len)
} }
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data, s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
(size_t)s->init_num, s, s->msg_callback_arg); (size_t)s->init_num, ssl, s->msg_callback_arg);
} else { } else {
/* /*
* We defer feeding in the HRR until later. We'll do it as part of * We defer feeding in the HRR until later. We'll do it as part of
@ -1322,8 +1343,9 @@ int tls_get_message_body(SSL *s, size_t *len)
*/ */
#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) #define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2)
/* KeyUpdate and NewSessionTicket do not need to be added */ /* KeyUpdate and NewSessionTicket do not need to be added */
if (!SSL_IS_TLS13(s) || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET if (!SSL_CONNECTION_IS_TLS13(s)
&& s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) { || (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET
&& s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE)) {
if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO
|| s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE
|| memcmp(hrrrandom, || memcmp(hrrrandom,
@ -1339,7 +1361,7 @@ int tls_get_message_body(SSL *s, size_t *len)
} }
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
(size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s, (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ssl,
s->msg_callback_arg); s->msg_callback_arg);
} }
@ -1403,16 +1425,16 @@ int ssl_x509err2alert(int x509err)
return tp->alert; return tp->alert;
} }
int ssl_allow_compression(SSL *s) int ssl_allow_compression(SSL_CONNECTION *s)
{ {
if (s->options & SSL_OP_NO_COMPRESSION) if (s->options & SSL_OP_NO_COMPRESSION)
return 0; return 0;
return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL); return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
} }
static int version_cmp(const SSL *s, int a, int b) static int version_cmp(const SSL_CONNECTION *s, int a, int b)
{ {
int dtls = SSL_IS_DTLS(s); int dtls = SSL_CONNECTION_IS_DTLS(s);
if (a == b) if (a == b)
return 0; return 0;
@ -1490,7 +1512,7 @@ static const version_info dtls_version_table[] = {
* *
* Returns 0 on success, or an SSL error reason on failure. * Returns 0 on success, or an SSL error reason on failure.
*/ */
static int ssl_method_error(const SSL *s, const SSL_METHOD *method) static int ssl_method_error(const SSL_CONNECTION *s, const SSL_METHOD *method)
{ {
int version = method->version; int version = method->version;
@ -1516,19 +1538,20 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
* certificate type, or has PSK or a certificate callback configured, or has * certificate type, or has PSK or a certificate callback configured, or has
* a servername callback configure. Otherwise returns 0. * a servername callback configure. Otherwise returns 0.
*/ */
static int is_tls13_capable(const SSL *s) static int is_tls13_capable(const SSL_CONNECTION *s)
{ {
int i; int i;
int curve; int curve;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) if (!ossl_assert(sctx != NULL) || !ossl_assert(s->session_ctx != NULL))
return 0; return 0;
/* /*
* A servername callback can change the available certs, so if a servername * A servername callback can change the available certs, so if a servername
* cb is set then we just assume TLSv1.3 will be ok * cb is set then we just assume TLSv1.3 will be ok
*/ */
if (s->ctx->ext.servername_cb != NULL if (sctx->ext.servername_cb != NULL
|| s->session_ctx->ext.servername_cb != NULL) || s->session_ctx->ext.servername_cb != NULL)
return 1; return 1;
@ -1577,12 +1600,13 @@ static int is_tls13_capable(const SSL *s)
* *
* Returns 1 when supported, otherwise 0 * Returns 1 when supported, otherwise 0
*/ */
int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth) int ssl_version_supported(const SSL_CONNECTION *s, int version,
const SSL_METHOD **meth)
{ {
const version_info *vent; const version_info *vent;
const version_info *table; const version_info *table;
switch (s->method->version) { switch (SSL_CONNECTION_GET_SSL(s)->method->version) {
default: default:
/* Version should match method version for non-ANY method */ /* Version should match method version for non-ANY method */
return version_cmp(s, version, s->version) == 0; return version_cmp(s, version, s->version) == 0;
@ -1620,26 +1644,27 @@ int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth)
* *
* Returns 1 when using the highest enabled version, 0 otherwise. * Returns 1 when using the highest enabled version, 0 otherwise.
*/ */
int ssl_check_version_downgrade(SSL *s) int ssl_check_version_downgrade(SSL_CONNECTION *s)
{ {
const version_info *vent; const version_info *vent;
const version_info *table; const version_info *table;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* /*
* Check that the current protocol is the highest enabled version * Check that the current protocol is the highest enabled version
* (according to s->ctx->method, as version negotiation may have changed * (according to s->ctx->method, as version negotiation may have changed
* s->method). * s->method).
*/ */
if (s->version == s->ctx->method->version) if (s->version == sctx->method->version)
return 1; return 1;
/* /*
* Apparently we're using a version-flexible SSL_METHOD (not at its * Apparently we're using a version-flexible SSL_METHOD (not at its
* highest protocol version). * highest protocol version).
*/ */
if (s->ctx->method->version == TLS_method()->version) if (sctx->method->version == TLS_method()->version)
table = tls_version_table; table = tls_version_table;
else if (s->ctx->method->version == DTLS_method()->version) else if (sctx->method->version == DTLS_method()->version)
table = dtls_version_table; table = dtls_version_table;
else { else {
/* Unexpected state; fail closed. */ /* Unexpected state; fail closed. */
@ -1714,12 +1739,12 @@ int ssl_set_version_bound(int method_version, int version, int *bound)
return 1; return 1;
} }
static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd) static void check_for_downgrade(SSL_CONNECTION *s, int vers, DOWNGRADE *dgrd)
{ {
if (vers == TLS1_2_VERSION if (vers == TLS1_2_VERSION
&& ssl_version_supported(s, TLS1_3_VERSION, NULL)) { && ssl_version_supported(s, TLS1_3_VERSION, NULL)) {
*dgrd = DOWNGRADE_TO_1_2; *dgrd = DOWNGRADE_TO_1_2;
} else if (!SSL_IS_DTLS(s) } else if (!SSL_CONNECTION_IS_DTLS(s)
&& vers < TLS1_2_VERSION && vers < TLS1_2_VERSION
/* /*
* We need to ensure that a server that disables TLSv1.2 * We need to ensure that a server that disables TLSv1.2
@ -1744,7 +1769,8 @@ static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd)
* *
* Returns 0 on success or an SSL error reason number on failure. * Returns 0 on success or an SSL error reason number on failure.
*/ */
int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) int ssl_choose_server_version(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello,
DOWNGRADE *dgrd)
{ {
/*- /*-
* With version-flexible methods we have an initial state with: * With version-flexible methods we have an initial state with:
@ -1755,7 +1781,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
* So we detect version-flexible methods via the method version, not the * So we detect version-flexible methods via the method version, not the
* handle version. * handle version.
*/ */
int server_version = s->method->version; SSL *ssl = SSL_CONNECTION_GET_SSL(s);
int server_version = ssl->method->version;
int client_version = hello->legacy_version; int client_version = hello->legacy_version;
const version_info *vent; const version_info *vent;
const version_info *table; const version_info *table;
@ -1766,7 +1793,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
switch (server_version) { switch (server_version) {
default: default:
if (!SSL_IS_TLS13(s)) { if (!SSL_CONNECTION_IS_TLS13(s)) {
if (version_cmp(s, client_version, s->version) < 0) if (version_cmp(s, client_version, s->version) < 0)
return SSL_R_WRONG_SSL_VERSION; return SSL_R_WRONG_SSL_VERSION;
*dgrd = DOWNGRADE_NONE; *dgrd = DOWNGRADE_NONE;
@ -1798,7 +1825,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
if (!suppversions->present && s->hello_retry_request != SSL_HRR_NONE) if (!suppversions->present && s->hello_retry_request != SSL_HRR_NONE)
return SSL_R_UNSUPPORTED_PROTOCOL; return SSL_R_UNSUPPORTED_PROTOCOL;
if (suppversions->present && !SSL_IS_DTLS(s)) { if (suppversions->present && !SSL_CONNECTION_IS_DTLS(s)) {
unsigned int candidate_vers = 0; unsigned int candidate_vers = 0;
unsigned int best_vers = 0; unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL; const SSL_METHOD *best_method = NULL;
@ -1846,7 +1873,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
} }
check_for_downgrade(s, best_vers, dgrd); check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers; s->version = best_vers;
s->method = best_method; ssl->method = best_method;
return 0; return 0;
} }
return SSL_R_UNSUPPORTED_PROTOCOL; return SSL_R_UNSUPPORTED_PROTOCOL;
@ -1873,7 +1900,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
if (ssl_method_error(s, method) == 0) { if (ssl_method_error(s, method) == 0) {
check_for_downgrade(s, vent->version, dgrd); check_for_downgrade(s, vent->version, dgrd);
s->version = vent->version; s->version = vent->version;
s->method = method; ssl->method = method;
return 0; return 0;
} }
disabled = 1; disabled = 1;
@ -1892,11 +1919,13 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
* *
* Returns 1 on success or 0 on error. * Returns 1 on success or 0 on error.
*/ */
int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) int ssl_choose_client_version(SSL_CONNECTION *s, int version,
RAW_EXTENSION *extensions)
{ {
const version_info *vent; const version_info *vent;
const version_info *table; const version_info *table;
int ret, ver_min, ver_max, real_max, origv; int ret, ver_min, ver_max, real_max, origv;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
origv = s->version; origv = s->version;
s->version = version; s->version = version;
@ -1917,9 +1946,9 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
return 0; return 0;
} }
switch (s->method->version) { switch (ssl->method->version) {
default: default:
if (s->version != s->method->version) { if (s->version != ssl->method->version) {
s->version = origv; s->version = origv;
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION); SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_SSL_VERSION);
return 0; return 0;
@ -1946,13 +1975,13 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, ret); SSLfatal(s, SSL_AD_PROTOCOL_VERSION, ret);
return 0; return 0;
} }
if (SSL_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min) if (SSL_CONNECTION_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min)
: s->version < ver_min) { : s->version < ver_min) {
s->version = origv; s->version = origv;
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
return 0; return 0;
} else if (SSL_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max) } else if (SSL_CONNECTION_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max)
: s->version > ver_max) { : s->version > ver_max) {
s->version = origv; s->version = origv;
SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
return 0; return 0;
@ -1972,7 +2001,7 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
SSL_R_INAPPROPRIATE_FALLBACK); SSL_R_INAPPROPRIATE_FALLBACK);
return 0; return 0;
} }
} else if (!SSL_IS_DTLS(s) } else if (!SSL_CONNECTION_IS_DTLS(s)
&& s->version < TLS1_2_VERSION && s->version < TLS1_2_VERSION
&& real_max > s->version) { && real_max > s->version) {
if (memcmp(tls11downgrade, if (memcmp(tls11downgrade,
@ -1990,7 +2019,7 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
if (vent->cmeth == NULL || s->version != vent->version) if (vent->cmeth == NULL || s->version != vent->version)
continue; continue;
s->method = vent->cmeth(); ssl->method = vent->cmeth();
return 1; return 1;
} }
@ -2021,8 +2050,8 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
* Returns 0 on success or an SSL error reason number on failure. On failure * Returns 0 on success or an SSL error reason number on failure. On failure
* min_version and max_version will also be set to 0. * min_version and max_version will also be set to 0.
*/ */
int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version, int ssl_get_min_max_version(const SSL_CONNECTION *s, int *min_version,
int *real_max) int *max_version, int *real_max)
{ {
int version, tmp_real_max; int version, tmp_real_max;
int hole; int hole;
@ -2030,8 +2059,9 @@ int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version,
const SSL_METHOD *method; const SSL_METHOD *method;
const version_info *table; const version_info *table;
const version_info *vent; const version_info *vent;
const SSL *ssl = SSL_CONNECTION_GET_SSL(s);
switch (s->method->version) { switch (ssl->method->version) {
default: default:
/* /*
* If this SSL handle is not from a version flexible method we don't * If this SSL handle is not from a version flexible method we don't
@ -2128,7 +2158,7 @@ int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version,
* *
* Returns 0 on success or an SSL error reason number on failure. * Returns 0 on success or an SSL error reason number on failure.
*/ */
int ssl_set_client_hello_version(SSL *s) int ssl_set_client_hello_version(SSL_CONNECTION *s)
{ {
int ver_min, ver_max, ret; int ver_min, ver_max, ret;
@ -2147,7 +2177,7 @@ int ssl_set_client_hello_version(SSL *s)
s->version = ver_max; s->version = ver_max;
/* TLS1.3 always uses TLS1.2 in the legacy_version field */ /* TLS1.3 always uses TLS1.2 in the legacy_version field */
if (!SSL_IS_DTLS(s) && ver_max > TLS1_2_VERSION) if (!SSL_CONNECTION_IS_DTLS(s) && ver_max > TLS1_2_VERSION)
ver_max = TLS1_2_VERSION; ver_max = TLS1_2_VERSION;
s->client_version = ver_max; s->client_version = ver_max;
@ -2160,7 +2190,7 @@ int ssl_set_client_hello_version(SSL *s)
* used. Returns 1 if the group is in the list (and allowed if |checkallow| is * used. Returns 1 if the group is in the list (and allowed if |checkallow| is
* 1) or 0 otherwise. * 1) or 0 otherwise.
*/ */
int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups,
size_t num_groups, int checkallow) size_t num_groups, int checkallow)
{ {
size_t i; size_t i;
@ -2188,7 +2218,8 @@ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
} }
/* Replace ClientHello1 in the transcript hash with a synthetic message */ /* Replace ClientHello1 in the transcript hash with a synthetic message */
int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, int create_synthetic_message_hash(SSL_CONNECTION *s,
const unsigned char *hashval,
size_t hashlen, const unsigned char *hrr, size_t hashlen, const unsigned char *hrr,
size_t hrrlen) size_t hrrlen)
{ {
@ -2246,7 +2277,7 @@ static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
return X509_NAME_cmp(*a, *b); return X509_NAME_cmp(*a, *b);
} }
int parse_ca_names(SSL *s, PACKET *pkt) int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt)
{ {
STACK_OF(X509_NAME) *ca_sk = sk_X509_NAME_new(ca_dn_cmp); STACK_OF(X509_NAME) *ca_sk = sk_X509_NAME_new(ca_dn_cmp);
X509_NAME *xn = NULL; X509_NAME *xn = NULL;
@ -2300,23 +2331,25 @@ int parse_ca_names(SSL *s, PACKET *pkt)
return 0; return 0;
} }
const STACK_OF(X509_NAME) *get_ca_names(SSL *s) const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s)
{ {
const STACK_OF(X509_NAME) *ca_sk = NULL; const STACK_OF(X509_NAME) *ca_sk = NULL;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->server) { if (s->server) {
ca_sk = SSL_get_client_CA_list(s); ca_sk = SSL_get_client_CA_list(ssl);
if (ca_sk != NULL && sk_X509_NAME_num(ca_sk) == 0) if (ca_sk != NULL && sk_X509_NAME_num(ca_sk) == 0)
ca_sk = NULL; ca_sk = NULL;
} }
if (ca_sk == NULL) if (ca_sk == NULL)
ca_sk = SSL_get0_CA_list(s); ca_sk = SSL_get0_CA_list(ssl);
return ca_sk; return ca_sk;
} }
int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt) int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk,
WPACKET *pkt)
{ {
/* Start sub-packet for client CA list */ /* Start sub-packet for client CA list */
if (!WPACKET_start_sub_packet_u16(pkt)) { if (!WPACKET_start_sub_packet_u16(pkt)) {
@ -2352,7 +2385,7 @@ int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt)
} }
/* Create a buffer containing data to be signed for server key exchange */ /* Create a buffer containing data to be signed for server key exchange */
size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs,
const void *param, size_t paramlen) const void *param, size_t paramlen)
{ {
size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen; size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen;
@ -2375,7 +2408,7 @@ size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
* Saves the current handshake digest for Post-Handshake Auth, * Saves the current handshake digest for Post-Handshake Auth,
* Done after ClientFinished is processed, done exactly once * Done after ClientFinished is processed, done exactly once
*/ */
int tls13_save_handshake_digest_for_pha(SSL *s) int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s)
{ {
if (s->pha_dgst == NULL) { if (s->pha_dgst == NULL) {
if (!ssl3_digest_cached_records(s, 1)) if (!ssl3_digest_cached_records(s, 1))
@ -2402,7 +2435,7 @@ int tls13_save_handshake_digest_for_pha(SSL *s)
* Restores the Post-Handshake Auth handshake digest * Restores the Post-Handshake Auth handshake digest
* Done just before sending/processing the Cert Request * Done just before sending/processing the Cert Request
*/ */
int tls13_restore_handshake_digest_for_pha(SSL *s) int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s)
{ {
if (s->pha_dgst == NULL) { if (s->pha_dgst == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);

451
ssl/statem/statem_local.h
View File

@ -54,116 +54,142 @@ typedef enum {
MSG_PROCESS_CONTINUE_READING MSG_PROCESS_CONTINUE_READING
} MSG_PROCESS_RETURN; } MSG_PROCESS_RETURN;
typedef int (*confunc_f) (SSL *s, WPACKET *pkt); typedef int (*confunc_f) (SSL_CONNECTION *s, WPACKET *pkt);
int ssl3_take_mac(SSL *s); int ssl3_take_mac(SSL_CONNECTION *s);
int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups,
size_t num_groups, int checkallow); size_t num_groups, int checkallow);
int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, int create_synthetic_message_hash(SSL_CONNECTION *s,
const unsigned char *hashval,
size_t hashlen, const unsigned char *hrr, size_t hashlen, const unsigned char *hrr,
size_t hrrlen); size_t hrrlen);
int parse_ca_names(SSL *s, PACKET *pkt); int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt);
const STACK_OF(X509_NAME) *get_ca_names(SSL *s); const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s);
int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt); int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk,
size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, WPACKET *pkt);
size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs,
const void *param, size_t paramlen); const void *param, size_t paramlen);
/* /*
* TLS/DTLS client state machine functions * TLS/DTLS client state machine functions
*/ */
int ossl_statem_client_read_transition(SSL *s, int mt); int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt);
WRITE_TRAN ossl_statem_client_write_transition(SSL *s); WRITE_TRAN ossl_statem_client_write_transition(SSL_CONNECTION *s);
WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_client_pre_work(SSL_CONNECTION *s, WORK_STATE wst);
WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst);
int ossl_statem_client_construct_message(SSL *s, int ossl_statem_client_construct_message(SSL_CONNECTION *s,
confunc_f *confunc, int *mt); confunc_f *confunc, int *mt);
size_t ossl_statem_client_max_message_size(SSL *s); size_t ossl_statem_client_max_message_size(SSL_CONNECTION *s);
MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt); MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL_CONNECTION *s,
WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst); PACKET *pkt);
WORK_STATE ossl_statem_client_post_process_message(SSL_CONNECTION *s,
WORK_STATE wst);
/* /*
* TLS/DTLS server state machine functions * TLS/DTLS server state machine functions
*/ */
int ossl_statem_server_read_transition(SSL *s, int mt); int ossl_statem_server_read_transition(SSL_CONNECTION *s, int mt);
WRITE_TRAN ossl_statem_server_write_transition(SSL *s); WRITE_TRAN ossl_statem_server_write_transition(SSL_CONNECTION *s);
WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_server_pre_work(SSL_CONNECTION *s, WORK_STATE wst);
WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst);
int ossl_statem_server_construct_message(SSL *s, int ossl_statem_server_construct_message(SSL_CONNECTION *s,
confunc_f *confunc,int *mt); confunc_f *confunc,int *mt);
size_t ossl_statem_server_max_message_size(SSL *s); size_t ossl_statem_server_max_message_size(SSL_CONNECTION *s);
MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt); MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL_CONNECTION *s,
WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst); PACKET *pkt);
WORK_STATE ossl_statem_server_post_process_message(SSL_CONNECTION *s,
WORK_STATE wst);
/* Functions for getting new message data */ /* Functions for getting new message data */
__owur int tls_get_message_header(SSL *s, int *mt); __owur int tls_get_message_header(SSL_CONNECTION *s, int *mt);
__owur int tls_get_message_body(SSL *s, size_t *len); __owur int tls_get_message_body(SSL_CONNECTION *s, size_t *len);
__owur int dtls_get_message(SSL *s, int *mt); __owur int dtls_get_message(SSL_CONNECTION *s, int *mt);
__owur int dtls_get_message_body(SSL *s, size_t *len); __owur int dtls_get_message_body(SSL_CONNECTION *s, size_t *len);
/* Message construction and processing functions */ /* Message construction and processing functions */
__owur int tls_process_initial_server_flight(SSL *s); __owur int tls_process_initial_server_flight(SSL_CONNECTION *s);
__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s,
__owur MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt); PACKET *pkt);
__owur int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt);
__owur int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt); __owur int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt);
__owur int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_finished(SSL *s, WPACKET *pkt); __owur int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_key_update(SSL *s, WPACKET *pkt); __owur int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s,
__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, PACKET *pkt);
int stop); __owur WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, WORK_STATE wst,
__owur WORK_STATE dtls_wait_for_dry(SSL *s); int clearbufs, int stop);
__owur WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s);
/* some client-only functions */ /* some client-only functions */
__owur int tls_construct_client_hello(SSL *s, WPACKET *pkt); __owur int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s,
__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt); PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s,
__owur int tls_process_cert_status_body(SSL *s, PACKET *pkt); PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s,
__owur MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt); PACKET *pkt);
__owur int tls_construct_cert_verify(SSL *s, WPACKET *pkt); __owur int tls_process_cert_status_body(SSL_CONNECTION *s, PACKET *pkt);
__owur WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst); __owur MSG_PROCESS_RETURN tls_process_cert_status(SSL_CONNECTION *s,
__owur int tls_construct_client_certificate(SSL *s, WPACKET *pkt); PACKET *pkt);
__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); __owur MSG_PROCESS_RETURN tls_process_server_done(SSL_CONNECTION *s,
__owur int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt); PACKET *pkt);
__owur int tls_client_key_exchange_post_work(SSL *s); __owur int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_cert_status_body(SSL *s, WPACKET *pkt); __owur WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s,
__owur int tls_construct_cert_status(SSL *s, WPACKET *pkt); WORK_STATE wst);
__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt); __owur int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt); __owur int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509,
__owur WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst); EVP_PKEY **ppkey);
__owur int ssl3_check_cert_and_algorithm(SSL *s); __owur int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_client_key_exchange_post_work(SSL_CONNECTION *s);
__owur int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s,
PACKET *pkt);
__owur WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s,
WORK_STATE wst);
__owur int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s);
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
__owur int tls_construct_next_proto(SSL *s, WPACKET *pkt); __owur int tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt);
#endif #endif
__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_hello_req(SSL_CONNECTION *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt);
__owur int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt); __owur int tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt);
/* some server-only functions */ /* some server-only functions */
__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s,
__owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst); PACKET *pkt);
__owur int tls_construct_server_hello(SSL *s, WPACKET *pkt); __owur WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s,
__owur int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt); WORK_STATE wst);
__owur int tls_construct_server_certificate(SSL *s, WPACKET *pkt); __owur int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt); __owur int dtls_construct_hello_verify_request(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_certificate_request(SSL *s, WPACKET *pkt); __owur int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt);
__owur int tls_construct_server_done(SSL *s, WPACKET *pkt); __owur int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt); __owur int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt); __owur int tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt);
__owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst); __owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s,
__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt); PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s,
PACKET *pkt);
__owur WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s,
WORK_STATE wst);
__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s,
PACKET *pkt);
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s,
PACKET *pkt);
#endif #endif
__owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt); __owur int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt);
MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt); MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s,
PACKET *pkt);
#ifndef OPENSSL_NO_GOST #ifndef OPENSSL_NO_GOST
/* These functions are used in GOST18 CKE, both for client and server */ /* These functions are used in GOST18 CKE, both for client and server */
int ossl_gost18_cke_cipher_nid(const SSL *s); int ossl_gost18_cke_cipher_nid(const SSL_CONNECTION *s);
int ossl_gost_ukm(const SSL *s, unsigned char *dgst_buf); int ossl_gost_ukm(const SSL_CONNECTION *s, unsigned char *dgst_buf);
#endif #endif
/* Extension processing */ /* Extension processing */
@ -174,252 +200,293 @@ typedef enum ext_return_en {
EXT_RETURN_NOT_SENT EXT_RETURN_NOT_SENT
} EXT_RETURN; } EXT_RETURN;
__owur int tls_validate_all_contexts(SSL *s, unsigned int thisctx, __owur int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx,
RAW_EXTENSION *exts); RAW_EXTENSION *exts);
__owur int extension_is_relevant(SSL *s, unsigned int extctx, __owur int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx,
unsigned int thisctx); unsigned int thisctx);
__owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, __owur int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
unsigned int context,
RAW_EXTENSION **res, size_t *len, int init); RAW_EXTENSION **res, size_t *len, int init);
__owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, __owur int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context,
RAW_EXTENSION *exts, X509 *x, size_t chainidx); RAW_EXTENSION *exts, X509 *x, size_t chainidx);
__owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, __owur int tls_parse_all_extensions(SSL_CONNECTION *s, int context,
RAW_EXTENSION *exts,
X509 *x, size_t chainidx, int fin); X509 *x, size_t chainidx, int fin);
__owur int should_add_extension(SSL *s, unsigned int extctx, __owur int should_add_extension(SSL_CONNECTION *s, unsigned int extctx,
unsigned int thisctx, int max_version); unsigned int thisctx, int max_version);
__owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, __owur int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
__owur int tls_psk_do_binder(SSL *s, const EVP_MD *md, __owur int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *msgstart, const unsigned char *msgstart,
size_t binderoffset, const unsigned char *binderin, size_t binderoffset, const unsigned char *binderin,
unsigned char *binderout, unsigned char *binderout,
SSL_SESSION *sess, int sign, int external); SSL_SESSION *sess, int sign, int external);
/* Server Extension processing */ /* Server Extension processing */
int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
#endif #endif
int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidxl); X509 *x, size_t chainidxl);
int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt,
size_t chainidx); unsigned int context, X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
#endif #endif
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
#endif #endif
int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt,
size_t chainidx); unsigned int context, X509 *x, size_t chainidx);
#endif #endif
int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt,
size_t chainidx); unsigned int context, X509 *x, size_t chainidx);
int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context, int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
#endif #endif
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
#endif #endif
EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt,
X509 *x, size_t chainidx); unsigned int context,
X509 *x, size_t chainidx);
#endif #endif
EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
/* /*
* Not in public headers as this is not an official extension. Only used when * Not in public headers as this is not an official extension. Only used when
* SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set.
*/ */
#define TLSEXT_TYPE_cryptopro_bug 0xfde8 #define TLSEXT_TYPE_cryptopro_bug 0xfde8
EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
/* Client Extension processing */ /* Client Extension processing */
EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt,
X509 *x, size_t chainidx); unsigned int context,
EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx);
X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt,
EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context, unsigned int context,
X509 *x, size_t chainidx);
EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, EXT_RETURN tls_construct_ctos_srp(SSL_CONNECTION *s, WPACKET *pkt,
size_t chainidx); unsigned int context, X509 *x,
size_t chainidx);
#endif #endif
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
#endif #endif
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
#endif #endif
EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
#endif #endif
EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
#endif #endif
EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx); size_t chainidx);
EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
#endif #endif
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
#endif #endif
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
#endif #endif
int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt,
size_t chainidx); unsigned int context, X509 *x, size_t chainidx);
#endif #endif
int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt,
size_t chainidx); unsigned int context, X509 *x, size_t chainidx);
int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
size_t chainidx); X509 *x, size_t chainidx);
int tls_handle_alpn(SSL *s); int tls_handle_alpn(SSL_CONNECTION *s);
int tls13_save_handshake_digest_for_pha(SSL *s); int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s);
int tls13_restore_handshake_digest_for_pha(SSL *s); int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s);

391
ssl/statem/statem_srvr.c
View File

File diff suppressed because it is too large Load Diff

53
ssl/t1_enc.c
View File

@ -22,7 +22,7 @@
#include <openssl/trace.h> #include <openssl/trace.h>
/* seed1 through seed5 are concatenated */ /* seed1 through seed5 are concatenated */
static int tls1_PRF(SSL *s, static int tls1_PRF(SSL_CONNECTION *s,
const void *seed1, size_t seed1_len, const void *seed1, size_t seed1_len,
const void *seed2, size_t seed2_len, const void *seed2, size_t seed2_len,
const void *seed3, size_t seed3_len, const void *seed3, size_t seed3_len,
@ -45,7 +45,9 @@ static int tls1_PRF(SSL *s,
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_PRF, s->ctx->propq); kdf = EVP_KDF_fetch(SSL_CONNECTION_GET_CTX(s)->libctx,
OSSL_KDF_NAME_TLS1_PRF,
SSL_CONNECTION_GET_CTX(s)->propq);
if (kdf == NULL) if (kdf == NULL)
goto err; goto err;
kctx = EVP_KDF_CTX_new(kdf); kctx = EVP_KDF_CTX_new(kdf);
@ -83,7 +85,8 @@ static int tls1_PRF(SSL *s,
return 0; return 0;
} }
static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) static int tls1_generate_key_block(SSL_CONNECTION *s, unsigned char *km,
size_t num)
{ {
int ret; int ret;
@ -98,7 +101,7 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num)
return ret; return ret;
} }
int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *ciph, const EVP_CIPHER *ciph,
const EVP_MD *md) const EVP_MD *md)
{ {
@ -147,7 +150,7 @@ static int tls_iv_length_within_key_block(const EVP_CIPHER *c)
return EVP_CIPHER_get_iv_length(c); return EVP_CIPHER_get_iv_length(c);
} }
int tls1_change_cipher_state(SSL *s, int which) int tls1_change_cipher_state(SSL_CONNECTION *s, int which)
{ {
unsigned char *p, *mac_secret; unsigned char *p, *mac_secret;
unsigned char *ms, *key, *iv; unsigned char *ms, *key, *iv;
@ -224,7 +227,7 @@ int tls1_change_cipher_state(SSL *s, int which)
/* /*
* this is done by dtls1_reset_seq_numbers for DTLS * this is done by dtls1_reset_seq_numbers for DTLS
*/ */
if (!SSL_IS_DTLS(s)) if (!SSL_CONNECTION_IS_DTLS(s))
RECORD_LAYER_reset_read_sequence(&s->rlayer); RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3.read_mac_secret[0]); mac_secret = &(s->s3.read_mac_secret[0]);
mac_secret_size = &(s->s3.read_mac_secret_size); mac_secret_size = &(s->s3.read_mac_secret_size);
@ -244,14 +247,14 @@ int tls1_change_cipher_state(SSL *s, int which)
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_TLSTREE; s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_TLSTREE;
else else
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_TLSTREE; s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_TLSTREE;
if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) { if (s->enc_write_ctx != NULL && !SSL_CONNECTION_IS_DTLS(s)) {
reuse_dd = 1; reuse_dd = 1;
} else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
dd = s->enc_write_ctx; dd = s->enc_write_ctx;
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
mac_ctx = EVP_MD_CTX_new(); mac_ctx = EVP_MD_CTX_new();
if (mac_ctx == NULL) { if (mac_ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
@ -280,7 +283,7 @@ int tls1_change_cipher_state(SSL *s, int which)
/* /*
* this is done by dtls1_reset_seq_numbers for DTLS * this is done by dtls1_reset_seq_numbers for DTLS
*/ */
if (!SSL_IS_DTLS(s)) if (!SSL_CONNECTION_IS_DTLS(s))
RECORD_LAYER_reset_write_sequence(&s->rlayer); RECORD_LAYER_reset_write_sequence(&s->rlayer);
mac_secret = &(s->s3.write_mac_secret[0]); mac_secret = &(s->s3.write_mac_secret[0]);
mac_secret_size = &(s->s3.write_mac_secret_size); mac_secret_size = &(s->s3.write_mac_secret_size);
@ -321,9 +324,11 @@ int tls1_change_cipher_state(SSL *s, int which)
memcpy(mac_secret, ms, i); memcpy(mac_secret, ms, i);
if (!(EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { if (!(EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (mac_type == EVP_PKEY_HMAC) { if (mac_type == EVP_PKEY_HMAC) {
mac_key = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", mac_key = EVP_PKEY_new_raw_private_key_ex(sctx->libctx, "HMAC",
s->ctx->propq, mac_secret, sctx->propq, mac_secret,
*mac_secret_size); *mac_secret_size);
} else { } else {
/* /*
@ -336,7 +341,7 @@ int tls1_change_cipher_state(SSL *s, int which)
} }
if (mac_key == NULL if (mac_key == NULL
|| EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_get0_name(m), || EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_get0_name(m),
s->ctx->libctx, s->ctx->propq, mac_key, sctx->libctx, sctx->propq, mac_key,
NULL) <= 0) { NULL) <= 0) {
EVP_PKEY_free(mac_key); EVP_PKEY_free(mac_key);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@ -441,7 +446,7 @@ int tls1_change_cipher_state(SSL *s, int which)
if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) { if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) {
if (which & SSL3_CC_WRITE) if (which & SSL3_CC_WRITE)
ssl3_release_write_buffer(s); ssl3_release_write_buffer(s);
SSL_set_options(s, SSL_OP_NO_RENEGOTIATION); SSL_set_options(SSL_CONNECTION_GET_SSL(s), SSL_OP_NO_RENEGOTIATION);
} }
skip_ktls: skip_ktls:
@ -460,7 +465,7 @@ int tls1_change_cipher_state(SSL *s, int which)
return 0; return 0;
} }
int tls1_setup_key_block(SSL *s) int tls1_setup_key_block(SSL_CONNECTION *s)
{ {
unsigned char *p; unsigned char *p;
const EVP_CIPHER *c; const EVP_CIPHER *c;
@ -473,8 +478,9 @@ int tls1_setup_key_block(SSL *s)
if (s->s3.tmp.key_block_length != 0) if (s->s3.tmp.key_block_length != 0)
return 1; return 1;
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type, if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash,
&mac_secret_size, &comp, s->ext.use_etm)) { &mac_type, &mac_secret_size, &comp,
s->ext.use_etm)) {
/* Error is already recorded */ /* Error is already recorded */
SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
return 0; return 0;
@ -523,7 +529,7 @@ int tls1_setup_key_block(SSL *s)
} OSSL_TRACE_END(TLS); } OSSL_TRACE_END(TLS);
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
&& s->method->version <= TLS1_VERSION) { && SSL_CONNECTION_GET_SSL(s)->method->version <= TLS1_VERSION) {
/* /*
* enable vulnerability countermeasure for CBC ciphers with known-IV * enable vulnerability countermeasure for CBC ciphers with known-IV
* problem (http://www.openssl.org/~bodo/tls-cbc.txt) * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
@ -544,8 +550,8 @@ int tls1_setup_key_block(SSL *s)
return ret; return ret;
} }
size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, size_t tls1_final_finish_mac(SSL_CONNECTION *s, const char *str,
unsigned char *out) size_t slen, unsigned char *out)
{ {
size_t hashlen; size_t hashlen;
unsigned char hash[EVP_MAX_MD_SIZE]; unsigned char hash[EVP_MAX_MD_SIZE];
@ -574,8 +580,9 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
return finished_size; return finished_size;
} }
int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int tls1_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
size_t len, size_t *secret_size) unsigned char *p, size_t len,
size_t *secret_size)
{ {
if (s->session->flags & SSL_SESS_FLAG_EXTMS) { if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
unsigned char hash[EVP_MAX_MD_SIZE * 2]; unsigned char hash[EVP_MAX_MD_SIZE * 2];
@ -637,8 +644,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
return 1; return 1;
} }
int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, int tls1_export_keying_material(SSL_CONNECTION *s, unsigned char *out,
const char *label, size_t llen, size_t olen, const char *label, size_t llen,
const unsigned char *context, const unsigned char *context,
size_t contextlen, int use_context) size_t contextlen, int use_context)
{ {

316
ssl/t1_lib.c
View File

@ -26,8 +26,8 @@
#include "ssl_local.h" #include "ssl_local.h"
#include <openssl/ct.h> #include <openssl/ct.h>
static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey); static const SIGALG_LOOKUP *find_sig_alg(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pkey);
static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu); static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op, const SIGALG_LOOKUP *lu);
SSL3_ENC_METHOD const TLSv1_enc_data = { SSL3_ENC_METHOD const TLSv1_enc_data = {
tls1_enc, tls1_enc,
@ -119,19 +119,29 @@ int tls1_new(SSL *s)
void tls1_free(SSL *s) void tls1_free(SSL *s)
{ {
OPENSSL_free(s->ext.session_ticket); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return;
OPENSSL_free(sc->ext.session_ticket);
ssl3_free(s); ssl3_free(s);
} }
int tls1_clear(SSL *s) int tls1_clear(SSL *s)
{ {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
if (!ssl3_clear(s)) if (!ssl3_clear(s))
return 0; return 0;
if (s->method->version == TLS_ANY_VERSION) if (s->method->version == TLS_ANY_VERSION)
s->version = TLS_MAX_VERSION_INTERNAL; sc->version = TLS_MAX_VERSION_INTERNAL;
else else
s->version = s->method->version; sc->version = s->method->version;
return 1; return 1;
} }
@ -525,9 +535,11 @@ uint16_t tls1_nid2group_id(int nid)
* Set *pgroups to the supported groups list and *pgroupslen to * Set *pgroups to the supported groups list and *pgroupslen to
* the number of groups supported. * the number of groups supported.
*/ */
void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, void tls1_get_supported_groups(SSL_CONNECTION *s, const uint16_t **pgroups,
size_t *pgroupslen) size_t *pgroupslen)
{ {
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* For Suite B mode only include P-256, P-384 */ /* For Suite B mode only include P-256, P-384 */
switch (tls1_suiteb(s)) { switch (tls1_suiteb(s)) {
case SSL_CERT_FLAG_SUITEB_128_LOS: case SSL_CERT_FLAG_SUITEB_128_LOS:
@ -547,8 +559,8 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
default: default:
if (s->ext.supportedgroups == NULL) { if (s->ext.supportedgroups == NULL) {
*pgroups = s->ctx->ext.supported_groups_default; *pgroups = sctx->ext.supported_groups_default;
*pgroupslen = s->ctx->ext.supported_groups_default_len; *pgroupslen = sctx->ext.supported_groups_default_len;
} else { } else {
*pgroups = s->ext.supportedgroups; *pgroups = s->ext.supportedgroups;
*pgroupslen = s->ext.supportedgroups_len; *pgroupslen = s->ext.supportedgroups_len;
@ -557,10 +569,12 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
} }
} }
int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion, int tls_valid_group(SSL_CONNECTION *s, uint16_t group_id,
int minversion, int maxversion,
int isec, int *okfortls13) int isec, int *okfortls13)
{ {
const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group_id); const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s),
group_id);
int ret; int ret;
if (okfortls13 != NULL) if (okfortls13 != NULL)
@ -569,7 +583,7 @@ int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion,
if (ginfo == NULL) if (ginfo == NULL)
return 0; return 0;
if (SSL_IS_DTLS(s)) { if (SSL_CONNECTION_IS_DTLS(s)) {
if (ginfo->mindtls < 0 || ginfo->maxdtls < 0) if (ginfo->mindtls < 0 || ginfo->maxdtls < 0)
return 0; return 0;
if (ginfo->maxdtls == 0) if (ginfo->maxdtls == 0)
@ -600,9 +614,10 @@ int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion,
} }
/* See if group is allowed by security callback */ /* See if group is allowed by security callback */
int tls_group_allowed(SSL *s, uint16_t group, int op) int tls_group_allowed(SSL_CONNECTION *s, uint16_t group, int op)
{ {
const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group); const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(SSL_CONNECTION_GET_CTX(s),
group);
unsigned char gtmp[2]; unsigned char gtmp[2];
if (ginfo == NULL) if (ginfo == NULL)
@ -631,7 +646,7 @@ static int tls1_in_list(uint16_t id, const uint16_t *list, size_t listlen)
* For nmatch == -2, return the id of the group to use for * For nmatch == -2, return the id of the group to use for
* a tmp key, or 0 if there is no match. * a tmp key, or 0 if there is no match.
*/ */
uint16_t tls1_shared_group(SSL *s, int nmatch) uint16_t tls1_shared_group(SSL_CONNECTION *s, int nmatch)
{ {
const uint16_t *pref, *supp; const uint16_t *pref, *supp;
size_t num_pref, num_supp, i; size_t num_pref, num_supp, i;
@ -674,7 +689,7 @@ uint16_t tls1_shared_group(SSL *s, int nmatch)
uint16_t id = pref[i]; uint16_t id = pref[i];
uint16_t cid = id; uint16_t cid = id;
if (SSL_IS_TLS13(s)) { if (SSL_CONNECTION_IS_TLS13(s)) {
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
cid = ssl_group_id_internal_to_tls13(id); cid = ssl_group_id_internal_to_tls13(id);
else else
@ -817,7 +832,8 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen,
} }
/* Check a group id matches preferences */ /* Check a group id matches preferences */
int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) int tls1_check_group_id(SSL_CONNECTION *s, uint16_t group_id,
int check_own_groups)
{ {
const uint16_t *groups; const uint16_t *groups;
size_t groups_len; size_t groups_len;
@ -869,7 +885,7 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
return tls1_in_list(group_id, groups, groups_len); return tls1_in_list(group_id, groups, groups_len);
} }
void tls1_get_formatlist(SSL *s, const unsigned char **pformats, void tls1_get_formatlist(SSL_CONNECTION *s, const unsigned char **pformats,
size_t *num_formats) size_t *num_formats)
{ {
/* /*
@ -889,7 +905,7 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
} }
/* Check a key is compatible with compression extension */ /* Check a key is compatible with compression extension */
static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) static int tls1_check_pkey_comp(SSL_CONNECTION *s, EVP_PKEY *pkey)
{ {
unsigned char comp_id; unsigned char comp_id;
size_t i; size_t i;
@ -906,7 +922,7 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
return 0; return 0;
if (point_conv == POINT_CONVERSION_UNCOMPRESSED) { if (point_conv == POINT_CONVERSION_UNCOMPRESSED) {
comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
} else if (SSL_IS_TLS13(s)) { } else if (SSL_CONNECTION_IS_TLS13(s)) {
/* /*
* ec_point_formats extension is not used in TLSv1.3 so we ignore * ec_point_formats extension is not used in TLSv1.3 so we ignore
* this check. * this check.
@ -950,7 +966,7 @@ static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
* Check cert parameters compatible with extensions: currently just checks EC * Check cert parameters compatible with extensions: currently just checks EC
* certificates have compatible curves and compression. * certificates have compatible curves and compression.
*/ */
static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md) static int tls1_check_cert_param(SSL_CONNECTION *s, X509 *x, int check_ee_md)
{ {
uint16_t group_id; uint16_t group_id;
EVP_PKEY *pkey; EVP_PKEY *pkey;
@ -1004,7 +1020,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md)
* *
* Returns 0 when the cipher can't be used or 1 when it can. * Returns 0 when the cipher can't be used or 1 when it can.
*/ */
int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) int tls1_check_ec_tmp_key(SSL_CONNECTION *s, unsigned long cid)
{ {
/* If not Suite B just need a shared group */ /* If not Suite B just need a shared group */
if (!tls1_suiteb(s)) if (!tls1_suiteb(s))
@ -1252,12 +1268,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
} }
/* Lookup TLS signature algorithm */ /* Lookup TLS signature algorithm */
static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL *s, uint16_t sigalg) static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL_CONNECTION *s,
uint16_t sigalg)
{ {
size_t i; size_t i;
const SIGALG_LOOKUP *lu; const SIGALG_LOOKUP *lu;
for (i = 0, lu = s->ctx->sigalg_lookup_cache; for (i = 0, lu = SSL_CONNECTION_GET_CTX(s)->sigalg_lookup_cache;
/* cache should have the same number of elements as sigalg_lookup_tbl */ /* cache should have the same number of elements as sigalg_lookup_tbl */
i < OSSL_NELEM(sigalg_lookup_tbl); i < OSSL_NELEM(sigalg_lookup_tbl);
lu++, i++) { lu++, i++) {
@ -1273,6 +1290,7 @@ static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL *s, uint16_t sigalg)
int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd) int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
{ {
const EVP_MD *md; const EVP_MD *md;
if (lu == NULL) if (lu == NULL)
return 0; return 0;
/* lu->hash == NID_undef means no associated digest */ /* lu->hash == NID_undef means no associated digest */
@ -1317,7 +1335,8 @@ static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey,
* certificate type from |s| will be used. * certificate type from |s| will be used.
* Returns the signature algorithm to use, or NULL on error. * Returns the signature algorithm to use, or NULL on error.
*/ */
static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL_CONNECTION *s,
int idx)
{ {
if (idx == -1) { if (idx == -1) {
if (s->server) { if (s->server) {
@ -1375,7 +1394,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
if (lu == NULL) if (lu == NULL)
return NULL; return NULL;
if (!tls1_lookup_md(s->ctx, lu, NULL)) if (!tls1_lookup_md(SSL_CONNECTION_GET_CTX(s), lu, NULL))
return NULL; return NULL;
if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
return NULL; return NULL;
@ -1386,7 +1405,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
return &legacy_rsa_sigalg; return &legacy_rsa_sigalg;
} }
/* Set peer sigalg based key type */ /* Set peer sigalg based key type */
int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey) int tls1_set_peer_legacy_sigalg(SSL_CONNECTION *s, const EVP_PKEY *pkey)
{ {
size_t idx; size_t idx;
const SIGALG_LOOKUP *lu; const SIGALG_LOOKUP *lu;
@ -1400,7 +1419,7 @@ int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey)
return 1; return 1;
} }
size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs) size_t tls12_get_psigalgs(SSL_CONNECTION *s, int sent, const uint16_t **psigs)
{ {
/* /*
* If Suite B mode use Suite B sigalgs only, ignore any other * If Suite B mode use Suite B sigalgs only, ignore any other
@ -1440,7 +1459,7 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
* Called by servers only. Checks that we have a sig alg that supports the * Called by servers only. Checks that we have a sig alg that supports the
* specified EC curve. * specified EC curve.
*/ */
int tls_check_sigalg_curve(const SSL *s, int curve) int tls_check_sigalg_curve(const SSL_CONNECTION *s, int curve)
{ {
const uint16_t *sigs; const uint16_t *sigs;
size_t siglen, i; size_t siglen, i;
@ -1515,7 +1534,7 @@ static int sigalg_security_bits(SSL_CTX *ctx, const SIGALG_LOOKUP *lu)
* algorithms and if so set relevant digest and signature scheme in * algorithms and if so set relevant digest and signature scheme in
* s. * s.
*/ */
int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t sig, EVP_PKEY *pkey)
{ {
const uint16_t *sent_sigs; const uint16_t *sent_sigs;
const EVP_MD *md = NULL; const EVP_MD *md = NULL;
@ -1529,7 +1548,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
/* Should never happen */ /* Should never happen */
if (pkeyid == -1) if (pkeyid == -1)
return -1; return -1;
if (SSL_IS_TLS13(s)) { if (SSL_CONNECTION_IS_TLS13(s)) {
/* Disallow DSA for TLS 1.3 */ /* Disallow DSA for TLS 1.3 */
if (pkeyid == EVP_PKEY_DSA) { if (pkeyid == EVP_PKEY_DSA) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE); SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE);
@ -1545,7 +1564,8 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
* is consistent with signature: RSA keys can be used for RSA-PSS * is consistent with signature: RSA keys can be used for RSA-PSS
*/ */
if (lu == NULL if (lu == NULL
|| (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224)) || (SSL_CONNECTION_IS_TLS13(s)
&& (lu->hash == NID_sha1 || lu->hash == NID_sha224))
|| (pkeyid != lu->sig || (pkeyid != lu->sig
&& (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE); SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE);
@ -1568,7 +1588,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
} }
/* For TLS 1.3 or Suite B check curve matches signature algorithm */ /* For TLS 1.3 or Suite B check curve matches signature algorithm */
if (SSL_IS_TLS13(s) || tls1_suiteb(s)) { if (SSL_CONNECTION_IS_TLS13(s) || tls1_suiteb(s)) {
int curve = ssl_get_EC_curve_nid(pkey); int curve = ssl_get_EC_curve_nid(pkey);
if (lu->curve != NID_undef && curve != lu->curve) { if (lu->curve != NID_undef && curve != lu->curve) {
@ -1576,7 +1596,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
return 0; return 0;
} }
} }
if (!SSL_IS_TLS13(s)) { if (!SSL_CONNECTION_IS_TLS13(s)) {
/* Check curve matches extensions */ /* Check curve matches extensions */
if (!tls1_check_group_id(s, tls1_get_group_id(pkey), 1)) { if (!tls1_check_group_id(s, tls1_get_group_id(pkey), 1)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CURVE); SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CURVE);
@ -1609,7 +1629,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
return 0; return 0;
} }
if (!tls1_lookup_md(s->ctx, lu, &md)) { if (!tls1_lookup_md(SSL_CONNECTION_GET_CTX(s), lu, &md)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
return 0; return 0;
} }
@ -1619,7 +1639,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
*/ */
sigalgstr[0] = (sig >> 8) & 0xff; sigalgstr[0] = (sig >> 8) & 0xff;
sigalgstr[1] = sig & 0xff; sigalgstr[1] = sig & 0xff;
secbits = sigalg_security_bits(s->ctx, lu); secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu);
if (secbits == 0 || if (secbits == 0 ||
!ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
md != NULL ? EVP_MD_get_type(md) : NID_undef, md != NULL ? EVP_MD_get_type(md) : NID_undef,
@ -1634,17 +1654,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid) int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid)
{ {
if (s->s3.tmp.peer_sigalg == NULL) const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return 0; return 0;
*pnid = s->s3.tmp.peer_sigalg->sig;
if (sc->s3.tmp.peer_sigalg == NULL)
return 0;
*pnid = sc->s3.tmp.peer_sigalg->sig;
return 1; return 1;
} }
int SSL_get_signature_type_nid(const SSL *s, int *pnid) int SSL_get_signature_type_nid(const SSL *s, int *pnid)
{ {
if (s->s3.tmp.sigalg == NULL) const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
if (sc == NULL)
return 0; return 0;
*pnid = s->s3.tmp.sigalg->sig;
if (sc->s3.tmp.sigalg == NULL)
return 0;
*pnid = sc->s3.tmp.sigalg->sig;
return 1; return 1;
} }
@ -1658,7 +1688,7 @@ int SSL_get_signature_type_nid(const SSL *s, int *pnid)
* *
* Call ssl_cipher_disabled() to check that it's enabled or not. * Call ssl_cipher_disabled() to check that it's enabled or not.
*/ */
int ssl_set_client_disabled(SSL *s) int ssl_set_client_disabled(SSL_CONNECTION *s)
{ {
s->s3.tmp.mask_a = 0; s->s3.tmp.mask_a = 0;
s->s3.tmp.mask_k = 0; s->s3.tmp.mask_k = 0;
@ -1691,14 +1721,15 @@ int ssl_set_client_disabled(SSL *s)
* *
* Returns 1 when it's disabled, 0 when enabled. * Returns 1 when it's disabled, 0 when enabled.
*/ */
int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe) int ssl_cipher_disabled(const SSL_CONNECTION *s, const SSL_CIPHER *c,
int op, int ecdhe)
{ {
if (c->algorithm_mkey & s->s3.tmp.mask_k if (c->algorithm_mkey & s->s3.tmp.mask_k
|| c->algorithm_auth & s->s3.tmp.mask_a) || c->algorithm_auth & s->s3.tmp.mask_a)
return 1; return 1;
if (s->s3.tmp.max_ver == 0) if (s->s3.tmp.max_ver == 0)
return 1; return 1;
if (!SSL_IS_DTLS(s)) { if (!SSL_CONNECTION_IS_DTLS(s)) {
int min_tls = c->min_tls; int min_tls = c->min_tls;
/* /*
@ -1712,21 +1743,22 @@ int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
if ((min_tls > s->s3.tmp.max_ver) || (c->max_tls < s->s3.tmp.min_ver)) if ((min_tls > s->s3.tmp.max_ver) || (c->max_tls < s->s3.tmp.min_ver))
return 1; return 1;
} }
if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver) if (SSL_CONNECTION_IS_DTLS(s)
|| DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver))) && (DTLS_VERSION_GT(c->min_dtls, s->s3.tmp.max_ver)
|| DTLS_VERSION_LT(c->max_dtls, s->s3.tmp.min_ver)))
return 1; return 1;
return !ssl_security(s, op, c->strength_bits, 0, (void *)c); return !ssl_security(s, op, c->strength_bits, 0, (void *)c);
} }
int tls_use_ticket(SSL *s) int tls_use_ticket(SSL_CONNECTION *s)
{ {
if ((s->options & SSL_OP_NO_TICKET)) if ((s->options & SSL_OP_NO_TICKET))
return 0; return 0;
return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL); return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
} }
int tls1_set_server_sigalgs(SSL *s) int tls1_set_server_sigalgs(SSL_CONNECTION *s)
{ {
size_t i; size_t i;
@ -1783,7 +1815,8 @@ int tls1_set_server_sigalgs(SSL *s)
* ret: (output) on return, if a ticket was decrypted, then this is set to * ret: (output) on return, if a ticket was decrypted, then this is set to
* point to the resulting session. * point to the resulting session.
*/ */
SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, SSL_TICKET_STATUS tls_get_ticket_from_client(SSL_CONNECTION *s,
CLIENTHELLO_MSG *hello,
SSL_SESSION **ret) SSL_SESSION **ret)
{ {
size_t size; size_t size;
@ -1833,8 +1866,10 @@ SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
* psess: (output) on return, if a ticket was decrypted, then this is set to * psess: (output) on return, if a ticket was decrypted, then this is set to
* point to the resulting session. * point to the resulting session.
*/ */
SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s,
size_t eticklen, const unsigned char *sess_id, const unsigned char *etick,
size_t eticklen,
const unsigned char *sess_id,
size_t sesslen, SSL_SESSION **psess) size_t sesslen, SSL_SESSION **psess)
{ {
SSL_SESSION *sess = NULL; SSL_SESSION *sess = NULL;
@ -1856,7 +1891,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
ret = SSL_TICKET_EMPTY; ret = SSL_TICKET_EMPTY;
goto end; goto end;
} }
if (!SSL_IS_TLS13(s) && s->ext.session_secret_cb) { if (!SSL_CONNECTION_IS_TLS13(s) && s->ext.session_secret_cb) {
/* /*
* Indicate that the ticket couldn't be decrypted rather than * Indicate that the ticket couldn't be decrypted rather than
* generating the session from ticket now, trigger * generating the session from ticket now, trigger
@ -1894,7 +1929,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
int rv = 0; int rv = 0;
if (tctx->ext.ticket_key_evp_cb != NULL) if (tctx->ext.ticket_key_evp_cb != NULL)
rv = tctx->ext.ticket_key_evp_cb(s, nctick, rv = tctx->ext.ticket_key_evp_cb(SSL_CONNECTION_GET_SSL(s), nctick,
nctick + TLSEXT_KEYNAME_LENGTH, nctick + TLSEXT_KEYNAME_LENGTH,
ctx, ctx,
ssl_hmac_get0_EVP_MAC_CTX(hctx), ssl_hmac_get0_EVP_MAC_CTX(hctx),
@ -1902,7 +1937,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
#ifndef OPENSSL_NO_DEPRECATED_3_0 #ifndef OPENSSL_NO_DEPRECATED_3_0
else if (tctx->ext.ticket_key_cb != NULL) else if (tctx->ext.ticket_key_cb != NULL)
/* if 0 is returned, write an empty ticket */ /* if 0 is returned, write an empty ticket */
rv = tctx->ext.ticket_key_cb(s, nctick, rv = tctx->ext.ticket_key_cb(SSL_CONNECTION_GET_SSL(s), nctick,
nctick + TLSEXT_KEYNAME_LENGTH, nctick + TLSEXT_KEYNAME_LENGTH,
ctx, ssl_hmac_get0_HMAC_CTX(hctx), 0); ctx, ssl_hmac_get0_HMAC_CTX(hctx), 0);
#endif #endif
@ -1918,6 +1953,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
renew_ticket = 1; renew_ticket = 1;
} else { } else {
EVP_CIPHER *aes256cbc = NULL; EVP_CIPHER *aes256cbc = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* Check key name matches */ /* Check key name matches */
if (memcmp(etick, tctx->ext.tick_key_name, if (memcmp(etick, tctx->ext.tick_key_name,
@ -1926,8 +1962,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
goto end; goto end;
} }
aes256cbc = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", aes256cbc = EVP_CIPHER_fetch(sctx->libctx, "AES-256-CBC",
s->ctx->propq); sctx->propq);
if (aes256cbc == NULL if (aes256cbc == NULL
|| ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, || ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key,
sizeof(tctx->ext.secure->tick_hmac_key), sizeof(tctx->ext.secure->tick_hmac_key),
@ -1940,7 +1976,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
goto end; goto end;
} }
EVP_CIPHER_free(aes256cbc); EVP_CIPHER_free(aes256cbc);
if (SSL_IS_TLS13(s)) if (SSL_CONNECTION_IS_TLS13(s))
renew_ticket = 1; renew_ticket = 1;
} }
/* /*
@ -2042,7 +2078,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
if (keyname_len > TLSEXT_KEYNAME_LENGTH) if (keyname_len > TLSEXT_KEYNAME_LENGTH)
keyname_len = TLSEXT_KEYNAME_LENGTH; keyname_len = TLSEXT_KEYNAME_LENGTH;
retcb = s->session_ctx->decrypt_ticket_cb(s, sess, etick, keyname_len, retcb = s->session_ctx->decrypt_ticket_cb(SSL_CONNECTION_GET_SSL(s),
sess, etick, keyname_len,
ret, ret,
s->session_ctx->ticket_cb_data); s->session_ctx->ticket_cb_data);
switch (retcb) { switch (retcb) {
@ -2080,7 +2117,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
} }
} }
if (s->ext.session_secret_cb == NULL || SSL_IS_TLS13(s)) { if (s->ext.session_secret_cb == NULL || SSL_CONNECTION_IS_TLS13(s)) {
switch (ret) { switch (ret) {
case SSL_TICKET_NO_DECRYPT: case SSL_TICKET_NO_DECRYPT:
case SSL_TICKET_SUCCESS_RENEW: case SSL_TICKET_SUCCESS_RENEW:
@ -2095,7 +2132,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
} }
/* Check to see if a signature algorithm is allowed */ /* Check to see if a signature algorithm is allowed */
static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op,
const SIGALG_LOOKUP *lu)
{ {
unsigned char sigalgstr[2]; unsigned char sigalgstr[2];
int secbits; int secbits;
@ -2103,30 +2141,31 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
if (lu == NULL || !lu->enabled) if (lu == NULL || !lu->enabled)
return 0; return 0;
/* DSA is not allowed in TLS 1.3 */ /* DSA is not allowed in TLS 1.3 */
if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA) if (SSL_CONNECTION_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
return 0; return 0;
/* /*
* At some point we should fully axe DSA/etc. in ClientHello as per TLS 1.3 * At some point we should fully axe DSA/etc. in ClientHello as per TLS 1.3
* spec * spec
*/ */
if (!s->server && !SSL_IS_DTLS(s) && s->s3.tmp.min_ver >= TLS1_3_VERSION if (!s->server && !SSL_CONNECTION_IS_DTLS(s)
&& s->s3.tmp.min_ver >= TLS1_3_VERSION
&& (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX
|| lu->hash_idx == SSL_MD_MD5_IDX || lu->hash_idx == SSL_MD_MD5_IDX
|| lu->hash_idx == SSL_MD_SHA224_IDX)) || lu->hash_idx == SSL_MD_SHA224_IDX))
return 0; return 0;
/* See if public key algorithm allowed */ /* See if public key algorithm allowed */
if (ssl_cert_is_disabled(s->ctx, lu->sig_idx)) if (ssl_cert_is_disabled(SSL_CONNECTION_GET_CTX(s), lu->sig_idx))
return 0; return 0;
if (lu->sig == NID_id_GostR3410_2012_256 if (lu->sig == NID_id_GostR3410_2012_256
|| lu->sig == NID_id_GostR3410_2012_512 || lu->sig == NID_id_GostR3410_2012_512
|| lu->sig == NID_id_GostR3410_2001) { || lu->sig == NID_id_GostR3410_2001) {
/* We never allow GOST sig algs on the server with TLSv1.3 */ /* We never allow GOST sig algs on the server with TLSv1.3 */
if (s->server && SSL_IS_TLS13(s)) if (s->server && SSL_CONNECTION_IS_TLS13(s))
return 0; return 0;
if (!s->server if (!s->server
&& s->method->version == TLS_ANY_VERSION && SSL_CONNECTION_GET_SSL(s)->method->version == TLS_ANY_VERSION
&& s->s3.tmp.max_ver >= TLS1_3_VERSION) { && s->s3.tmp.max_ver >= TLS1_3_VERSION) {
int i, num; int i, num;
STACK_OF(SSL_CIPHER) *sk; STACK_OF(SSL_CIPHER) *sk;
@ -2140,7 +2179,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
if (s->s3.tmp.min_ver >= TLS1_3_VERSION) if (s->s3.tmp.min_ver >= TLS1_3_VERSION)
return 0; return 0;
sk = SSL_get_ciphers(s); sk = SSL_get_ciphers(SSL_CONNECTION_GET_SSL(s));
num = sk != NULL ? sk_SSL_CIPHER_num(sk) : 0; num = sk != NULL ? sk_SSL_CIPHER_num(sk) : 0;
for (i = 0; i < num; i++) { for (i = 0; i < num; i++) {
const SSL_CIPHER *c; const SSL_CIPHER *c;
@ -2159,7 +2198,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
} }
/* Finally see if security callback allows it */ /* Finally see if security callback allows it */
secbits = sigalg_security_bits(s->ctx, lu); secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu);
sigalgstr[0] = (lu->sigalg >> 8) & 0xff; sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
sigalgstr[1] = lu->sigalg & 0xff; sigalgstr[1] = lu->sigalg & 0xff;
return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr); return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr);
@ -2171,7 +2210,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
* disabled. * disabled.
*/ */
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) void ssl_set_sig_mask(uint32_t *pmask_a, SSL_CONNECTION *s, int op)
{ {
const uint16_t *sigalgs; const uint16_t *sigalgs;
size_t i, sigalgslen; size_t i, sigalgslen;
@ -2200,7 +2239,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
*pmask_a |= disabled_mask; *pmask_a |= disabled_mask;
} }
int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, int tls12_copy_sigalgs(SSL_CONNECTION *s, WPACKET *pkt,
const uint16_t *psig, size_t psiglen) const uint16_t *psig, size_t psiglen)
{ {
size_t i; size_t i;
@ -2218,7 +2257,7 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
* If TLS 1.3 must have at least one valid TLS 1.3 message * If TLS 1.3 must have at least one valid TLS 1.3 message
* signing algorithm: i.e. neither RSA nor SHA1/SHA224 * signing algorithm: i.e. neither RSA nor SHA1/SHA224
*/ */
if (rv == 0 && (!SSL_IS_TLS13(s) if (rv == 0 && (!SSL_CONNECTION_IS_TLS13(s)
|| (lu->sig != EVP_PKEY_RSA || (lu->sig != EVP_PKEY_RSA
&& lu->hash != NID_sha1 && lu->hash != NID_sha1
&& lu->hash != NID_sha224))) && lu->hash != NID_sha224)))
@ -2230,7 +2269,8 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
} }
/* Given preference and allowed sigalgs set shared sigalgs */ /* Given preference and allowed sigalgs set shared sigalgs */
static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig, static size_t tls12_shared_sigalgs(SSL_CONNECTION *s,
const SIGALG_LOOKUP **shsig,
const uint16_t *pref, size_t preflen, const uint16_t *pref, size_t preflen,
const uint16_t *allow, size_t allowlen) const uint16_t *allow, size_t allowlen)
{ {
@ -2256,7 +2296,7 @@ static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig,
} }
/* Set shared signature algorithms for SSL structures */ /* Set shared signature algorithms for SSL structures */
static int tls1_set_shared_sigalgs(SSL *s) static int tls1_set_shared_sigalgs(SSL_CONNECTION *s)
{ {
const uint16_t *pref, *allow, *conf; const uint16_t *pref, *allow, *conf;
size_t preflen, allowlen, conflen; size_t preflen, allowlen, conflen;
@ -2336,7 +2376,7 @@ int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen)
return 1; return 1;
} }
int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert) int tls1_save_sigalgs(SSL_CONNECTION *s, PACKET *pkt, int cert)
{ {
/* Extension ignored for inappropriate versions */ /* Extension ignored for inappropriate versions */
if (!SSL_USE_SIGALGS(s)) if (!SSL_USE_SIGALGS(s))
@ -2356,7 +2396,7 @@ int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert)
/* Set preferred digest for each key type */ /* Set preferred digest for each key type */
int tls1_process_sigalgs(SSL *s) int tls1_process_sigalgs(SSL_CONNECTION *s)
{ {
size_t i; size_t i;
uint32_t *pvalid = s->s3.tmp.valid_flags; uint32_t *pvalid = s->s3.tmp.valid_flags;
@ -2372,10 +2412,11 @@ int tls1_process_sigalgs(SSL *s)
int idx = sigptr->sig_idx; int idx = sigptr->sig_idx;
/* Ignore PKCS1 based sig algs in TLSv1.3 */ /* Ignore PKCS1 based sig algs in TLSv1.3 */
if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA) if (SSL_CONNECTION_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA)
continue; continue;
/* If not disabled indicate we can explicitly sign */ /* If not disabled indicate we can explicitly sign */
if (pvalid[idx] == 0 && !ssl_cert_is_disabled(s->ctx, idx)) if (pvalid[idx] == 0
&& !ssl_cert_is_disabled(SSL_CONNECTION_GET_CTX(s), idx))
pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN; pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
} }
return 1; return 1;
@ -2385,8 +2426,16 @@ int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignhash, int *psign, int *phash, int *psignhash,
unsigned char *rsig, unsigned char *rhash) unsigned char *rsig, unsigned char *rhash)
{ {
uint16_t *psig = s->s3.tmp.peer_sigalgs; uint16_t *psig;
size_t numsigalgs = s->s3.tmp.peer_sigalgslen; size_t numsigalgs;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
psig = sc->s3.tmp.peer_sigalgs;
numsigalgs = sc->s3.tmp.peer_sigalgslen;
if (psig == NULL || numsigalgs > INT_MAX) if (psig == NULL || numsigalgs > INT_MAX)
return 0; return 0;
if (idx >= 0) { if (idx >= 0) {
@ -2399,7 +2448,7 @@ int SSL_get_sigalgs(SSL *s, int idx,
*rhash = (unsigned char)((*psig >> 8) & 0xff); *rhash = (unsigned char)((*psig >> 8) & 0xff);
if (rsig != NULL) if (rsig != NULL)
*rsig = (unsigned char)(*psig & 0xff); *rsig = (unsigned char)(*psig & 0xff);
lu = tls1_lookup_sigalg(s, *psig); lu = tls1_lookup_sigalg(sc, *psig);
if (psign != NULL) if (psign != NULL)
*psign = lu != NULL ? lu->sig : NID_undef; *psign = lu != NULL ? lu->sig : NID_undef;
if (phash != NULL) if (phash != NULL)
@ -2415,12 +2464,17 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
unsigned char *rsig, unsigned char *rhash) unsigned char *rsig, unsigned char *rhash)
{ {
const SIGALG_LOOKUP *shsigalgs; const SIGALG_LOOKUP *shsigalgs;
if (s->shared_sigalgs == NULL SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
|| idx < 0
|| idx >= (int)s->shared_sigalgslen if (sc == NULL)
|| s->shared_sigalgslen > INT_MAX)
return 0; return 0;
shsigalgs = s->shared_sigalgs[idx];
if (sc->shared_sigalgs == NULL
|| idx < 0
|| idx >= (int)sc->shared_sigalgslen
|| sc->shared_sigalgslen > INT_MAX)
return 0;
shsigalgs = sc->shared_sigalgs[idx];
if (phash != NULL) if (phash != NULL)
*phash = shsigalgs->hash; *phash = shsigalgs->hash;
if (psign != NULL) if (psign != NULL)
@ -2431,7 +2485,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
*rsig = (unsigned char)(shsigalgs->sigalg & 0xff); *rsig = (unsigned char)(shsigalgs->sigalg & 0xff);
if (rhash != NULL) if (rhash != NULL)
*rhash = (unsigned char)((shsigalgs->sigalg >> 8) & 0xff); *rhash = (unsigned char)((shsigalgs->sigalg >> 8) & 0xff);
return (int)s->shared_sigalgslen; return (int)sc->shared_sigalgslen;
} }
/* Maximum possible number of unique entries in sigalgs array */ /* Maximum possible number of unique entries in sigalgs array */
@ -2612,19 +2666,20 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
return 0; return 0;
} }
static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) static int tls1_check_sig_alg(SSL_CONNECTION *s, X509 *x, int default_nid)
{ {
int sig_nid, use_pc_sigalgs = 0; int sig_nid, use_pc_sigalgs = 0;
size_t i; size_t i;
const SIGALG_LOOKUP *sigalg; const SIGALG_LOOKUP *sigalg;
size_t sigalgslen; size_t sigalgslen;
if (default_nid == -1) if (default_nid == -1)
return 1; return 1;
sig_nid = X509_get_signature_nid(x); sig_nid = X509_get_signature_nid(x);
if (default_nid) if (default_nid)
return sig_nid == default_nid ? 1 : 0; return sig_nid == default_nid ? 1 : 0;
if (SSL_IS_TLS13(s) && s->s3.tmp.peer_cert_sigalgs != NULL) { if (SSL_CONNECTION_IS_TLS13(s) && s->s3.tmp.peer_cert_sigalgs != NULL) {
/* /*
* If we're in TLSv1.3 then we only get here if we're checking the * If we're in TLSv1.3 then we only get here if we're checking the
* chain. If the peer has specified peer_cert_sigalgs then we use them * chain. If the peer has specified peer_cert_sigalgs then we use them
@ -2674,8 +2729,8 @@ static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x)
(CERT_PKEY_VALID_FLAGS|CERT_PKEY_CA_SIGNATURE|CERT_PKEY_CA_PARAM \ (CERT_PKEY_VALID_FLAGS|CERT_PKEY_CA_SIGNATURE|CERT_PKEY_CA_PARAM \
| CERT_PKEY_ISSUER_NAME|CERT_PKEY_CERT_TYPE) | CERT_PKEY_ISSUER_NAME|CERT_PKEY_CERT_TYPE)
int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, int tls1_check_chain(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pk,
int idx) STACK_OF(X509) *chain, int idx)
{ {
int i; int i;
int rv = 0; int rv = 0;
@ -2684,6 +2739,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
CERT *c = s->cert; CERT *c = s->cert;
uint32_t *pvalid; uint32_t *pvalid;
unsigned int suiteb_flags = tls1_suiteb(s); unsigned int suiteb_flags = tls1_suiteb(s);
/* idx == -1 means checking server chains */ /* idx == -1 means checking server chains */
if (idx != -1) { if (idx != -1) {
/* idx == -2 means checking client certificate chains */ /* idx == -2 means checking client certificate chains */
@ -2733,9 +2789,11 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
* Check all signature algorithms are consistent with signature * Check all signature algorithms are consistent with signature
* algorithms extension if TLS 1.2 or later and strict mode. * algorithms extension if TLS 1.2 or later and strict mode.
*/ */
if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) { if (TLS1_get_version(SSL_CONNECTION_GET_SSL(s)) >= TLS1_2_VERSION
&& strict_mode) {
int default_nid; int default_nid;
int rsign = 0; int rsign = 0;
if (s->s3.tmp.peer_cert_sigalgs != NULL if (s->s3.tmp.peer_cert_sigalgs != NULL
|| s->s3.tmp.peer_sigalgs != NULL) { || s->s3.tmp.peer_sigalgs != NULL) {
default_nid = 0; default_nid = 0;
@ -2798,7 +2856,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
} }
} }
/* Check signature algorithm of each cert in chain */ /* Check signature algorithm of each cert in chain */
if (SSL_IS_TLS13(s)) { if (SSL_CONNECTION_IS_TLS13(s)) {
/* /*
* We only get here if the application has called SSL_check_chain(), * We only get here if the application has called SSL_check_chain(),
* so check_flags is always set. * so check_flags is always set.
@ -2899,7 +2957,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
end: end:
if (TLS1_get_version(s) >= TLS1_2_VERSION) if (TLS1_get_version(SSL_CONNECTION_GET_SSL(s)) >= TLS1_2_VERSION)
rv |= *pvalid & (CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN); rv |= *pvalid & (CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN);
else else
rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN; rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN;
@ -2921,7 +2979,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
} }
/* Set validity of certificates in an SSL structure */ /* Set validity of certificates in an SSL structure */
void tls1_set_cert_validity(SSL *s) void tls1_set_cert_validity(SSL_CONNECTION *s)
{ {
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_PSS_SIGN); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_PSS_SIGN);
@ -2937,10 +2995,15 @@ void tls1_set_cert_validity(SSL *s)
/* User level utility function to check a chain is suitable */ /* User level utility function to check a chain is suitable */
int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
{ {
return tls1_check_chain(s, x, pk, chain, -1); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
return tls1_check_chain(sc, x, pk, chain, -1);
} }
EVP_PKEY *ssl_get_auto_dh(SSL *s) EVP_PKEY *ssl_get_auto_dh(SSL_CONNECTION *s)
{ {
EVP_PKEY *dhp = NULL; EVP_PKEY *dhp = NULL;
BIGNUM *p; BIGNUM *p;
@ -2948,6 +3011,7 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s)
EVP_PKEY_CTX *pctx = NULL; EVP_PKEY_CTX *pctx = NULL;
OSSL_PARAM_BLD *tmpl = NULL; OSSL_PARAM_BLD *tmpl = NULL;
OSSL_PARAM *params = NULL; OSSL_PARAM *params = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (s->cert->dh_tmp_auto != 2) { if (s->cert->dh_tmp_auto != 2) {
if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
@ -2963,7 +3027,8 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s)
} }
/* Do not pick a prime that is too weak for the current security level */ /* Do not pick a prime that is too weak for the current security level */
sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL); sec_level_bits = ssl_get_security_level_bits(SSL_CONNECTION_GET_SSL(s),
NULL, NULL);
if (dh_secbits < sec_level_bits) if (dh_secbits < sec_level_bits)
dh_secbits = sec_level_bits; dh_secbits = sec_level_bits;
@ -2980,7 +3045,7 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s)
if (p == NULL) if (p == NULL)
goto err; goto err;
pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq); pctx = EVP_PKEY_CTX_new_from_name(sctx->libctx, "DH", sctx->propq);
if (pctx == NULL if (pctx == NULL
|| EVP_PKEY_fromdata_init(pctx) != 1) || EVP_PKEY_fromdata_init(pctx) != 1)
goto err; goto err;
@ -3004,10 +3069,12 @@ err:
return dhp; return dhp;
} }
static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op) static int ssl_security_cert_key(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x,
int op)
{ {
int secbits = -1; int secbits = -1;
EVP_PKEY *pkey = X509_get0_pubkey(x); EVP_PKEY *pkey = X509_get0_pubkey(x);
if (pkey) { if (pkey) {
/* /*
* If no parameters this will return -1 and fail using the default * If no parameters this will return -1 and fail using the default
@ -3017,16 +3084,18 @@ static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op)
*/ */
secbits = EVP_PKEY_get_security_bits(pkey); secbits = EVP_PKEY_get_security_bits(pkey);
} }
if (s) if (s != NULL)
return ssl_security(s, op, secbits, 0, x); return ssl_security(s, op, secbits, 0, x);
else else
return ssl_ctx_security(ctx, op, secbits, 0, x); return ssl_ctx_security(ctx, op, secbits, 0, x);
} }
static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) static int ssl_security_cert_sig(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x,
int op)
{ {
/* Lookup signature algorithm digest */ /* Lookup signature algorithm digest */
int secbits, nid, pknid; int secbits, nid, pknid;
/* Don't check signature if self signed */ /* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
return 1; return 1;
@ -3035,13 +3104,14 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
/* If digest NID not defined use signature NID */ /* If digest NID not defined use signature NID */
if (nid == NID_undef) if (nid == NID_undef)
nid = pknid; nid = pknid;
if (s) if (s != NULL)
return ssl_security(s, op, secbits, nid, x); return ssl_security(s, op, secbits, nid, x);
else else
return ssl_ctx_security(ctx, op, secbits, nid, x); return ssl_ctx_security(ctx, op, secbits, nid, x);
} }
int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee) int ssl_security_cert(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x, int vfy,
int is_ee)
{ {
if (vfy) if (vfy)
vfy = SSL_SECOP_PEER; vfy = SSL_SECOP_PEER;
@ -3063,9 +3133,11 @@ int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)
* one to the peer. Return values: 1 if ok otherwise error code to use * one to the peer. Return values: 1 if ok otherwise error code to use
*/ */
int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy) int ssl_security_cert_chain(SSL_CONNECTION *s, STACK_OF(X509) *sk,
X509 *x, int vfy)
{ {
int rv, start_idx, i; int rv, start_idx, i;
if (x == NULL) { if (x == NULL) {
x = sk_X509_value(sk, 0); x = sk_X509_value(sk, 0);
if (x == NULL) if (x == NULL)
@ -3092,7 +3164,8 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
* with the signature algorithm "lu" and return index of certificate. * with the signature algorithm "lu" and return index of certificate.
*/ */
static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) static int tls12_get_cert_sigalg_idx(const SSL_CONNECTION *s,
const SIGALG_LOOKUP *lu)
{ {
int sig_idx = lu->sig_idx; int sig_idx = lu->sig_idx;
const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(sig_idx); const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(sig_idx);
@ -3113,13 +3186,14 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
* the key. * the key.
* Returns true if the cert is usable and false otherwise. * Returns true if the cert is usable and false otherwise.
*/ */
static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, static int check_cert_usable(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig,
EVP_PKEY *pkey) X509 *x, EVP_PKEY *pkey)
{ {
const SIGALG_LOOKUP *lu; const SIGALG_LOOKUP *lu;
int mdnid, pknid, supported; int mdnid, pknid, supported;
size_t i; size_t i;
const char *mdname = NULL; const char *mdname = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* /*
* If the given EVP_PKEY cannot support signing with this digest, * If the given EVP_PKEY cannot support signing with this digest,
@ -3127,9 +3201,9 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
*/ */
if (sig->hash != NID_undef) if (sig->hash != NID_undef)
mdname = OBJ_nid2sn(sig->hash); mdname = OBJ_nid2sn(sig->hash);
supported = EVP_PKEY_digestsign_supports_digest(pkey, s->ctx->libctx, supported = EVP_PKEY_digestsign_supports_digest(pkey, sctx->libctx,
mdname, mdname,
s->ctx->propq); sctx->propq);
if (supported <= 0) if (supported <= 0)
return 0; return 0;
@ -3171,7 +3245,7 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
* the signature_algorithm_cert restrictions sent by the peer (if any). * the signature_algorithm_cert restrictions sent by the peer (if any).
* Returns false if no usable certificate is found. * Returns false if no usable certificate is found.
*/ */
static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) static int has_usable_cert(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig, int idx)
{ {
/* TLS 1.2 callers can override sig->sig_idx, but not TLS 1.3 callers. */ /* TLS 1.2 callers can override sig->sig_idx, but not TLS 1.3 callers. */
if (idx == -1) if (idx == -1)
@ -3187,7 +3261,7 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
* Returns true if the supplied cert |x| and key |pkey| is usable with the * Returns true if the supplied cert |x| and key |pkey| is usable with the
* specified signature scheme |sig|, or false otherwise. * specified signature scheme |sig|, or false otherwise.
*/ */
static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, static int is_cert_usable(SSL_CONNECTION *s, const SIGALG_LOOKUP *sig, X509 *x,
EVP_PKEY *pkey) EVP_PKEY *pkey)
{ {
size_t idx; size_t idx;
@ -3207,12 +3281,14 @@ static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
* |pkey|. |x| and |pkey| may be NULL in which case we additionally look at our * |pkey|. |x| and |pkey| may be NULL in which case we additionally look at our
* available certs/keys to find one that works. * available certs/keys to find one that works.
*/ */
static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) static const SIGALG_LOOKUP *find_sig_alg(SSL_CONNECTION *s, X509 *x,
EVP_PKEY *pkey)
{ {
const SIGALG_LOOKUP *lu = NULL; const SIGALG_LOOKUP *lu = NULL;
size_t i; size_t i;
int curve = -1; int curve = -1;
EVP_PKEY *tmppkey; EVP_PKEY *tmppkey;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* Look for a shared sigalgs matching possible certificates */ /* Look for a shared sigalgs matching possible certificates */
for (i = 0; i < s->shared_sigalgslen; i++) { for (i = 0; i < s->shared_sigalgslen; i++) {
@ -3225,7 +3301,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
|| lu->sig == EVP_PKEY_RSA) || lu->sig == EVP_PKEY_RSA)
continue; continue;
/* Check that we have a cert, and signature_algorithms_cert */ /* Check that we have a cert, and signature_algorithms_cert */
if (!tls1_lookup_md(s->ctx, lu, NULL)) if (!tls1_lookup_md(sctx, lu, NULL))
continue; continue;
if ((pkey == NULL && !has_usable_cert(s, lu, -1)) if ((pkey == NULL && !has_usable_cert(s, lu, -1))
|| (pkey != NULL && !is_cert_usable(s, lu, x, pkey))) || (pkey != NULL && !is_cert_usable(s, lu, x, pkey)))
@ -3241,7 +3317,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
continue; continue;
} else if (lu->sig == EVP_PKEY_RSA_PSS) { } else if (lu->sig == EVP_PKEY_RSA_PSS) {
/* validate that key is large enough for the signature algorithm */ /* validate that key is large enough for the signature algorithm */
if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu)) if (!rsa_pss_check_min_key_size(sctx, tmppkey, lu))
continue; continue;
} }
break; break;
@ -3264,7 +3340,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
* a fatal error: we will either try another certificate or not present one * a fatal error: we will either try another certificate or not present one
* to the server. In this case no error is set. * to the server. In this case no error is set.
*/ */
int tls_choose_sigalg(SSL *s, int fatalerrs) int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs)
{ {
const SIGALG_LOOKUP *lu = NULL; const SIGALG_LOOKUP *lu = NULL;
int sig_idx = -1; int sig_idx = -1;
@ -3272,7 +3348,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
s->s3.tmp.cert = NULL; s->s3.tmp.cert = NULL;
s->s3.tmp.sigalg = NULL; s->s3.tmp.sigalg = NULL;
if (SSL_IS_TLS13(s)) { if (SSL_CONNECTION_IS_TLS13(s)) {
lu = find_sig_alg(s, NULL, NULL); lu = find_sig_alg(s, NULL, NULL);
if (lu == NULL) { if (lu == NULL) {
if (!fatalerrs) if (!fatalerrs)
@ -3292,6 +3368,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
size_t i; size_t i;
if (s->s3.tmp.peer_sigalgs != NULL) { if (s->s3.tmp.peer_sigalgs != NULL) {
int curve = -1; int curve = -1;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* For Suite B need to match signature algorithm to curve */ /* For Suite B need to match signature algorithm to curve */
if (tls1_suiteb(s)) if (tls1_suiteb(s))
@ -3322,7 +3399,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
/* validate that key is large enough for the signature algorithm */ /* validate that key is large enough for the signature algorithm */
EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey; EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey;
if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu)) if (!rsa_pss_check_min_key_size(sctx, pkey, lu))
continue; continue;
} }
if (curve == -1 || lu->curve == curve) if (curve == -1 || lu->curve == curve)
@ -3334,7 +3411,9 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
* in supported_algorithms extension, so when we have GOST-based ciphersuite, * in supported_algorithms extension, so when we have GOST-based ciphersuite,
* we have to assume GOST support. * we have to assume GOST support.
*/ */
if (i == s->shared_sigalgslen && s->s3.tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) { if (i == s->shared_sigalgslen
&& (s->s3.tmp.new_cipher->algorithm_auth
& (SSL_aGOST01 | SSL_aGOST12)) != 0) {
if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
if (!fatalerrs) if (!fatalerrs)
return 1; return 1;
@ -3416,13 +3495,18 @@ int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode)
int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode) int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode)
{ {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
if (mode != TLSEXT_max_fragment_length_DISABLED if (mode != TLSEXT_max_fragment_length_DISABLED
&& !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0; return 0;
} }
ssl->ext.max_fragment_len_mode = mode; sc->ext.max_fragment_len_mode = mode;
return 1; return 1;
} }

72
ssl/t1_trce.c
View File

@ -688,12 +688,12 @@ static int ssl_print_random(BIO *bio, int indent,
return 1; return 1;
} }
static int ssl_print_signature(BIO *bio, int indent, const SSL *ssl, static int ssl_print_signature(BIO *bio, int indent, const SSL_CONNECTION *sc,
const unsigned char **pmsg, size_t *pmsglen) const unsigned char **pmsg, size_t *pmsglen)
{ {
if (*pmsglen < 2) if (*pmsglen < 2)
return 0; return 0;
if (SSL_USE_SIGALGS(ssl)) { if (SSL_USE_SIGALGS(sc)) {
const unsigned char *p = *pmsg; const unsigned char *p = *pmsg;
unsigned int sigalg = (p[0] << 8) | p[1]; unsigned int sigalg = (p[0] << 8) | p[1];
@ -948,7 +948,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
return 1; return 1;
} }
static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent, static int ssl_print_client_hello(BIO *bio, const SSL_CONNECTION *sc, int indent,
const unsigned char *msg, size_t msglen) const unsigned char *msg, size_t msglen)
{ {
size_t len; size_t len;
@ -960,7 +960,7 @@ static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent,
return 0; return 0;
if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
return 0; return 0;
if (SSL_IS_DTLS(ssl)) { if (SSL_CONNECTION_IS_DTLS(sc)) {
if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
return 0; return 0;
} }
@ -1051,9 +1051,9 @@ static int ssl_print_server_hello(BIO *bio, int indent,
return 1; return 1;
} }
static int ssl_get_keyex(const char **pname, const SSL *ssl) static int ssl_get_keyex(const char **pname, const SSL_CONNECTION *sc)
{ {
unsigned long alg_k = ssl->s3.tmp.new_cipher->algorithm_mkey; unsigned long alg_k = sc->s3.tmp.new_cipher->algorithm_mkey;
if (alg_k & SSL_kRSA) { if (alg_k & SSL_kRSA) {
*pname = "rsa"; *pname = "rsa";
@ -1099,11 +1099,11 @@ static int ssl_get_keyex(const char **pname, const SSL *ssl)
return 0; return 0;
} }
static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, static int ssl_print_client_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc,
const unsigned char *msg, size_t msglen) const unsigned char *msg, size_t msglen)
{ {
const char *algname; const char *algname;
int id = ssl_get_keyex(&algname, ssl); int id = ssl_get_keyex(&algname, sc);
BIO_indent(bio, indent, 80); BIO_indent(bio, indent, 80);
BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
@ -1116,7 +1116,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl,
case SSL_kRSA: case SSL_kRSA:
case SSL_kRSAPSK: case SSL_kRSAPSK:
if (TLS1_get_version(ssl) == SSL3_VERSION) { if (TLS1_get_version(SSL_CONNECTION_GET_SSL(sc)) == SSL3_VERSION) {
ssl_print_hex(bio, indent + 2, ssl_print_hex(bio, indent + 2,
"EncryptedPreMasterSecret", msg, msglen); "EncryptedPreMasterSecret", msg, msglen);
} else { } else {
@ -1151,11 +1151,11 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl,
return !msglen; return !msglen;
} }
static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl, static int ssl_print_server_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc,
const unsigned char *msg, size_t msglen) const unsigned char *msg, size_t msglen)
{ {
const char *algname; const char *algname;
int id = ssl_get_keyex(&algname, ssl); int id = ssl_get_keyex(&algname, sc);
BIO_indent(bio, indent, 80); BIO_indent(bio, indent, 80);
BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
@ -1215,7 +1215,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl,
break; break;
} }
if (!(id & SSL_PSK)) if (!(id & SSL_PSK))
ssl_print_signature(bio, indent, ssl, &msg, &msglen); ssl_print_signature(bio, indent, sc, &msg, &msglen);
return !msglen; return !msglen;
} }
@ -1254,13 +1254,13 @@ static int ssl_print_certificate(BIO *bio, int indent,
return 1; return 1;
} }
static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, static int ssl_print_certificates(BIO *bio, const SSL_CONNECTION *sc, int server,
int indent, const unsigned char *msg, int indent, const unsigned char *msg,
size_t msglen) size_t msglen)
{ {
size_t clen; size_t clen;
if (SSL_IS_TLS13(ssl) if (SSL_CONNECTION_IS_TLS13(sc)
&& !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen)) && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen))
return 0; return 0;
@ -1275,7 +1275,7 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
while (clen > 0) { while (clen > 0) {
if (!ssl_print_certificate(bio, indent + 2, &msg, &clen)) if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
return 0; return 0;
if (SSL_IS_TLS13(ssl) if (SSL_CONNECTION_IS_TLS13(sc)
&& !ssl_print_extensions(bio, indent + 2, server, && !ssl_print_extensions(bio, indent + 2, server,
SSL3_MT_CERTIFICATE, &msg, &clen)) SSL3_MT_CERTIFICATE, &msg, &clen))
return 0; return 0;
@ -1284,13 +1284,13 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
return 1; return 1;
} }
static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc,
const unsigned char *msg, size_t msglen) const unsigned char *msg, size_t msglen)
{ {
size_t xlen; size_t xlen;
unsigned int sigalg; unsigned int sigalg;
if (SSL_IS_TLS13(ssl)) { if (SSL_CONNECTION_IS_TLS13(sc)) {
if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen)) if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen))
return 0; return 0;
if (!ssl_print_extensions(bio, indent, 1, if (!ssl_print_extensions(bio, indent, 1,
@ -1311,7 +1311,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl,
msg += xlen; msg += xlen;
msglen -= xlen + 1; msglen -= xlen + 1;
} }
if (SSL_USE_SIGALGS(ssl)) { if (SSL_USE_SIGALGS(sc)) {
if (msglen < 2) if (msglen < 2)
return 0; return 0;
xlen = (msg[0] << 8) | msg[1]; xlen = (msg[0] << 8) | msg[1];
@ -1365,7 +1365,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl,
xlen -= dlen + 2; xlen -= dlen + 2;
msg += dlen; msg += dlen;
} }
if (SSL_IS_TLS13(ssl)) { if (SSL_CONNECTION_IS_TLS13(sc)) {
if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2, if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2,
&msg, &msglen)) &msg, &msglen))
return 0; return 0;
@ -1373,7 +1373,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl,
return msglen == 0; return msglen == 0;
} }
static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, static int ssl_print_ticket(BIO *bio, int indent, const SSL_CONNECTION *sc,
const unsigned char *msg, size_t msglen) const unsigned char *msg, size_t msglen)
{ {
unsigned int tick_life; unsigned int tick_life;
@ -1393,7 +1393,7 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
msg += 4; msg += 4;
BIO_indent(bio, indent + 2, 80); BIO_indent(bio, indent + 2, 80);
BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life); BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life);
if (SSL_IS_TLS13(ssl)) { if (SSL_CONNECTION_IS_TLS13(sc)) {
unsigned int ticket_age_add; unsigned int ticket_age_add;
if (msglen < 4) if (msglen < 4)
@ -1413,7 +1413,7 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
} }
if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen)) if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen))
return 0; return 0;
if (SSL_IS_TLS13(ssl) if (SSL_CONNECTION_IS_TLS13(sc)
&& !ssl_print_extensions(bio, indent + 2, 0, && !ssl_print_extensions(bio, indent + 2, 0,
SSL3_MT_NEWSESSION_TICKET, &msg, &msglen)) SSL3_MT_NEWSESSION_TICKET, &msg, &msglen))
return 0; return 0;
@ -1422,7 +1422,7 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
return 1; return 1;
} }
static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, static int ssl_print_handshake(BIO *bio, const SSL_CONNECTION *sc, int server,
const unsigned char *msg, size_t msglen, const unsigned char *msg, size_t msglen,
int indent) int indent)
{ {
@ -1438,7 +1438,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen); ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen);
msg += 4; msg += 4;
msglen -= 4; msglen -= 4;
if (SSL_IS_DTLS(ssl)) { if (SSL_CONNECTION_IS_DTLS(sc)) {
if (msglen < 8) if (msglen < 8)
return 0; return 0;
BIO_indent(bio, indent, 80); BIO_indent(bio, indent, 80);
@ -1454,7 +1454,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
return 0; return 0;
switch (htype) { switch (htype) {
case SSL3_MT_CLIENT_HELLO: case SSL3_MT_CLIENT_HELLO:
if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen)) if (!ssl_print_client_hello(bio, sc, indent + 2, msg, msglen))
return 0; return 0;
break; break;
@ -1469,27 +1469,27 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
break; break;
case SSL3_MT_SERVER_KEY_EXCHANGE: case SSL3_MT_SERVER_KEY_EXCHANGE:
if (!ssl_print_server_keyex(bio, indent + 2, ssl, msg, msglen)) if (!ssl_print_server_keyex(bio, indent + 2, sc, msg, msglen))
return 0; return 0;
break; break;
case SSL3_MT_CLIENT_KEY_EXCHANGE: case SSL3_MT_CLIENT_KEY_EXCHANGE:
if (!ssl_print_client_keyex(bio, indent + 2, ssl, msg, msglen)) if (!ssl_print_client_keyex(bio, indent + 2, sc, msg, msglen))
return 0; return 0;
break; break;
case SSL3_MT_CERTIFICATE: case SSL3_MT_CERTIFICATE:
if (!ssl_print_certificates(bio, ssl, server, indent + 2, msg, msglen)) if (!ssl_print_certificates(bio, sc, server, indent + 2, msg, msglen))
return 0; return 0;
break; break;
case SSL3_MT_CERTIFICATE_VERIFY: case SSL3_MT_CERTIFICATE_VERIFY:
if (!ssl_print_signature(bio, indent + 2, ssl, &msg, &msglen)) if (!ssl_print_signature(bio, indent + 2, sc, &msg, &msglen))
return 0; return 0;
break; break;
case SSL3_MT_CERTIFICATE_REQUEST: case SSL3_MT_CERTIFICATE_REQUEST:
if (!ssl_print_cert_request(bio, indent + 2, ssl, msg, msglen)) if (!ssl_print_cert_request(bio, indent + 2, sc, msg, msglen))
return 0; return 0;
break; break;
@ -1503,7 +1503,7 @@ static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
break; break;
case SSL3_MT_NEWSESSION_TICKET: case SSL3_MT_NEWSESSION_TICKET:
if (!ssl_print_ticket(bio, indent + 2, ssl, msg, msglen)) if (!ssl_print_ticket(bio, indent + 2, sc, msg, msglen))
return 0; return 0;
break; break;
@ -1536,6 +1536,10 @@ void SSL_trace(int write_p, int version, int content_type,
{ {
const unsigned char *msg = buf; const unsigned char *msg = buf;
BIO *bio = arg; BIO *bio = arg;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return;
switch (content_type) { switch (content_type) {
case SSL3_RT_HEADER: case SSL3_RT_HEADER:
@ -1543,7 +1547,7 @@ void SSL_trace(int write_p, int version, int content_type,
int hvers; int hvers;
/* avoid overlapping with length at the end of buffer */ /* avoid overlapping with length at the end of buffer */
if (msglen < (size_t)(SSL_IS_DTLS(ssl) ? if (msglen < (size_t)(SSL_CONNECTION_IS_DTLS(sc) ?
DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) {
BIO_puts(bio, write_p ? "Sent" : "Received"); BIO_puts(bio, write_p ? "Sent" : "Received");
ssl_print_hex(bio, 0, " too short message", msg, msglen); ssl_print_hex(bio, 0, " too short message", msg, msglen);
@ -1553,7 +1557,7 @@ void SSL_trace(int write_p, int version, int content_type,
BIO_puts(bio, write_p ? "Sent" : "Received"); BIO_puts(bio, write_p ? "Sent" : "Received");
BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n",
ssl_trace_str(hvers, ssl_version_tbl), hvers); ssl_trace_str(hvers, ssl_version_tbl), hvers);
if (SSL_IS_DTLS(ssl)) { if (SSL_CONNECTION_IS_DTLS(sc)) {
BIO_printf(bio, BIO_printf(bio,
" epoch=%d, sequence_number=%04x%04x%04x\n", " epoch=%d, sequence_number=%04x%04x%04x\n",
(msg[3] << 8 | msg[4]), (msg[3] << 8 | msg[4]),
@ -1573,7 +1577,7 @@ void SSL_trace(int write_p, int version, int content_type,
break; break;
case SSL3_RT_HANDSHAKE: case SSL3_RT_HANDSHAKE:
if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p, if (!ssl_print_handshake(bio, sc, sc->server ? write_p : !write_p,
msg, msglen, 4)) msg, msglen, 4))
BIO_printf(bio, "Message length parse error!\n"); BIO_printf(bio, "Message length parse error!\n");
break; break;

65
ssl/tls13_enc.c
View File

@ -31,13 +31,15 @@ static const unsigned char label_prefix[] = "tls13 ";
* The |data| value may be zero length. Any errors will be treated as fatal if * The |data| value may be zero length. Any errors will be treated as fatal if
* |fatal| is set. Returns 1 on success 0 on failure. * |fatal| is set. Returns 1 on success 0 on failure.
*/ */
int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, int tls13_hkdf_expand(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret,
const unsigned char *label, size_t labellen, const unsigned char *label, size_t labellen,
const unsigned char *data, size_t datalen, const unsigned char *data, size_t datalen,
unsigned char *out, size_t outlen, int fatal) unsigned char *out, size_t outlen, int fatal)
{ {
EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
s->ctx->propq); EVP_KDF *kdf = EVP_KDF_fetch(sctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF,
sctx->propq);
EVP_KDF_CTX *kctx; EVP_KDF_CTX *kctx;
OSSL_PARAM params[7], *p = params; OSSL_PARAM params[7], *p = params;
int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
@ -107,7 +109,8 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
* Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on * Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on
* success 0 on failure. * success 0 on failure.
*/ */
int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, int tls13_derive_key(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret,
unsigned char *key, size_t keylen) unsigned char *key, size_t keylen)
{ {
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC
@ -124,7 +127,8 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
* Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on * Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on
* success 0 on failure. * success 0 on failure.
*/ */
int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret, int tls13_derive_iv(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret,
unsigned char *iv, size_t ivlen) unsigned char *iv, size_t ivlen)
{ {
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC
@ -137,7 +141,7 @@ int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret,
NULL, 0, iv, ivlen, 1); NULL, 0, iv, ivlen, 1);
} }
int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, int tls13_derive_finishedkey(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *secret, const unsigned char *secret,
unsigned char *fin, size_t finlen) unsigned char *fin, size_t finlen)
{ {
@ -156,7 +160,7 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
* length |insecretlen|, generate a new secret and store it in the location * length |insecretlen|, generate a new secret and store it in the location
* pointed to by |outsecret|. Returns 1 on success 0 on failure. * pointed to by |outsecret|. Returns 1 on success 0 on failure.
*/ */
int tls13_generate_secret(SSL *s, const EVP_MD *md, int tls13_generate_secret(SSL_CONNECTION *s, const EVP_MD *md,
const unsigned char *prevsecret, const unsigned char *prevsecret,
const unsigned char *insecret, const unsigned char *insecret,
size_t insecretlen, size_t insecretlen,
@ -175,8 +179,9 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
#else #else
static const char derived_secret_label[] = "derived"; static const char derived_secret_label[] = "derived";
#endif #endif
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, s->ctx->propq); kdf = EVP_KDF_fetch(sctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, sctx->propq);
kctx = EVP_KDF_CTX_new(kdf); kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf); EVP_KDF_free(kdf);
if (kctx == NULL) { if (kctx == NULL) {
@ -225,8 +230,9 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
* handshake secret. This requires the early secret to already have been * handshake secret. This requires the early secret to already have been
* generated. Returns 1 on success 0 on failure. * generated. Returns 1 on success 0 on failure.
*/ */
int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, int tls13_generate_handshake_secret(SSL_CONNECTION *s,
size_t insecretlen) const unsigned char *insecret,
size_t insecretlen)
{ {
/* Calls SSLfatal() if required */ /* Calls SSLfatal() if required */
return tls13_generate_secret(s, ssl_handshake_md(s), s->early_secret, return tls13_generate_secret(s, ssl_handshake_md(s), s->early_secret,
@ -239,7 +245,7 @@ int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret,
* secret and store its length in |*secret_size|. Returns 1 on success 0 on * secret and store its length in |*secret_size|. Returns 1 on success 0 on
* failure. * failure.
*/ */
int tls13_generate_master_secret(SSL *s, unsigned char *out, int tls13_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
unsigned char *prev, size_t prevlen, unsigned char *prev, size_t prevlen,
size_t *secret_size) size_t *secret_size)
{ {
@ -254,7 +260,7 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out,
* Generates the mac for the Finished message. Returns the length of the MAC or * Generates the mac for the Finished message. Returns the length of the MAC or
* 0 on error. * 0 on error.
*/ */
size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, size_t tls13_final_finish_mac(SSL_CONNECTION *s, const char *str, size_t slen,
unsigned char *out) unsigned char *out)
{ {
const EVP_MD *md = ssl_handshake_md(s); const EVP_MD *md = ssl_handshake_md(s);
@ -264,14 +270,15 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
unsigned char *key = NULL; unsigned char *key = NULL;
size_t len = 0, hashlen; size_t len = 0, hashlen;
OSSL_PARAM params[2], *p = params; OSSL_PARAM params[2], *p = params;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (md == NULL) if (md == NULL)
return 0; return 0;
/* Safe to cast away const here since we're not "getting" any data */ /* Safe to cast away const here since we're not "getting" any data */
if (s->ctx->propq != NULL) if (sctx->propq != NULL)
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES,
(char *)s->ctx->propq, (char *)sctx->propq,
0); 0);
*p = OSSL_PARAM_construct_end(); *p = OSSL_PARAM_construct_end();
@ -280,7 +287,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
goto err; goto err;
} }
if (str == s->method->ssl3_enc->server_finished_label) { if (str == SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->server_finished_label) {
key = s->server_finished_secret; key = s->server_finished_secret;
} else if (SSL_IS_FIRST_HANDSHAKE(s)) { } else if (SSL_IS_FIRST_HANDSHAKE(s)) {
key = s->client_finished_secret; key = s->client_finished_secret;
@ -292,7 +299,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
key = finsecret; key = finsecret;
} }
if (!EVP_Q_mac(s->ctx->libctx, "HMAC", s->ctx->propq, mdname, if (!EVP_Q_mac(sctx->libctx, "HMAC", sctx->propq, mdname,
params, key, hashlen, hash, hashlen, params, key, hashlen, hash, hashlen,
/* outsize as per sizeof(peer_finish_md) */ /* outsize as per sizeof(peer_finish_md) */
out, EVP_MAX_MD_SIZE * 2, &len)) { out, EVP_MAX_MD_SIZE * 2, &len)) {
@ -309,14 +316,14 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
* There isn't really a key block in TLSv1.3, but we still need this function * There isn't really a key block in TLSv1.3, but we still need this function
* for initialising the cipher and hash. Returns 1 on success or 0 on failure. * for initialising the cipher and hash. Returns 1 on success or 0 on failure.
*/ */
int tls13_setup_key_block(SSL *s) int tls13_setup_key_block(SSL_CONNECTION *s)
{ {
const EVP_CIPHER *c; const EVP_CIPHER *c;
const EVP_MD *hash; const EVP_MD *hash;
s->session->cipher = s->s3.tmp.new_cipher; s->session->cipher = s->s3.tmp.new_cipher;
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, NULL, if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash,
0)) { NULL, NULL, NULL, 0)) {
/* Error is already recorded */ /* Error is already recorded */
SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
return 0; return 0;
@ -330,7 +337,8 @@ int tls13_setup_key_block(SSL *s)
return 1; return 1;
} }
static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, static int derive_secret_key_and_iv(SSL_CONNECTION *s, int sending,
const EVP_MD *md,
const EVP_CIPHER *ciph, const EVP_CIPHER *ciph,
const unsigned char *insecret, const unsigned char *insecret,
const unsigned char *hash, const unsigned char *hash,
@ -400,7 +408,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
return 1; return 1;
} }
int tls13_change_cipher_state(SSL *s, int which) int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
{ {
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC
static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
@ -436,6 +444,7 @@ int tls13_change_cipher_state(SSL *s, int which)
int ret = 0; int ret = 0;
const EVP_MD *md = NULL; const EVP_MD *md = NULL;
const EVP_CIPHER *cipher = NULL; const EVP_CIPHER *cipher = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
#if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13) #if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13)
ktls_crypto_info_t crypto_info; ktls_crypto_info_t crypto_info;
void *rl_sequence; void *rl_sequence;
@ -529,14 +538,14 @@ int tls13_change_cipher_state(SSL *s, int which)
* This ups the ref count on cipher so we better make sure we free * This ups the ref count on cipher so we better make sure we free
* it again * it again
*/ */
if (!ssl_cipher_get_evp_cipher(s->ctx, sslcipher, &cipher)) { if (!ssl_cipher_get_evp_cipher(sctx, sslcipher, &cipher)) {
/* Error is already recorded */ /* Error is already recorded */
SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
EVP_MD_CTX_free(mdctx); EVP_MD_CTX_free(mdctx);
goto err; goto err;
} }
md = ssl_md(s->ctx, sslcipher->algorithm2); md = ssl_md(sctx, sslcipher->algorithm2);
if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL) if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL)
|| !EVP_DigestUpdate(mdctx, hdata, handlen) || !EVP_DigestUpdate(mdctx, hdata, handlen)
|| !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) { || !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) {
@ -754,7 +763,7 @@ skip_ktls:
return ret; return ret;
} }
int tls13_update_key(SSL *s, int sending) int tls13_update_key(SSL_CONNECTION *s, int sending)
{ {
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC
static const unsigned char application_traffic[] = { 0x74, 0x72 ,0x61 ,0x66 ,0x66 ,0x69 ,0x63 ,0x20 ,0x75 ,0x70 ,0x64, 0x00}; static const unsigned char application_traffic[] = { 0x74, 0x72 ,0x61 ,0x66 ,0x66 ,0x69 ,0x63 ,0x20 ,0x75 ,0x70 ,0x64, 0x00};
@ -813,7 +822,8 @@ int tls13_alert_code(int code)
return tls1_alert_code(code); return tls1_alert_code(code);
} }
int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, int tls13_export_keying_material(SSL_CONNECTION *s,
unsigned char *out, size_t olen,
const char *label, size_t llen, const char *label, size_t llen,
const unsigned char *context, const unsigned char *context,
size_t contextlen, int use_context) size_t contextlen, int use_context)
@ -855,7 +865,8 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
return ret; return ret;
} }
int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, int tls13_export_keying_material_early(SSL_CONNECTION *s,
unsigned char *out, size_t olen,
const char *label, size_t llen, const char *label, size_t llen,
const unsigned char *context, const unsigned char *context,
size_t contextlen) size_t contextlen)
@ -882,7 +893,7 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
else else
sslcipher = SSL_SESSION_get0_cipher(s->session); sslcipher = SSL_SESSION_get0_cipher(s->session);
md = ssl_md(s->ctx, sslcipher->algorithm2); md = ssl_md(SSL_CONNECTION_GET_CTX(s), sslcipher->algorithm2);
/* /*
* Calculate the hash value and store it in |data|. The reason why * Calculate the hash value and store it in |data|. The reason why

10
ssl/tls_depr.c
View File

@ -64,10 +64,14 @@ const EVP_MD *tls_get_digest_from_engine(int nid)
} }
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey) int tls_engine_load_ssl_client_cert(SSL_CONNECTION *s, X509 **px509,
EVP_PKEY **ppkey)
{ {
return ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, SSL *ssl = SSL_CONNECTION_GET_SSL(s);
SSL_get_client_CA_list(s),
return ENGINE_load_ssl_client_cert(SSL_CONNECTION_GET_CTX(s)->client_cert_engine,
ssl,
SSL_get_client_CA_list(ssl),
px509, ppkey, NULL, NULL, NULL); px509, ppkey, NULL, NULL, NULL);
} }
#endif #endif

188
ssl/tls_srp.c
View File

@ -57,7 +57,7 @@ int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx)
* The public API SSL_SRP_CTX_free() is deprecated so we use * The public API SSL_SRP_CTX_free() is deprecated so we use
* ssl_srp_ctx_free_intern() internally. * ssl_srp_ctx_free_intern() internally.
*/ */
int ssl_srp_ctx_free_intern(SSL *s) int ssl_srp_ctx_free_intern(SSL_CONNECTION *s)
{ {
if (s == NULL) if (s == NULL)
return 0; return 0;
@ -78,18 +78,21 @@ int ssl_srp_ctx_free_intern(SSL *s)
int SSL_SRP_CTX_free(SSL *s) int SSL_SRP_CTX_free(SSL *s)
{ {
return ssl_srp_ctx_free_intern(s); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
/* the call works with NULL sc */
return ssl_srp_ctx_free_intern(sc);
} }
/* /*
* The public API SSL_SRP_CTX_init() is deprecated so we use * The public API SSL_SRP_CTX_init() is deprecated so we use
* ssl_srp_ctx_init_intern() internally. * ssl_srp_ctx_init_intern() internally.
*/ */
int ssl_srp_ctx_init_intern(SSL *s) int ssl_srp_ctx_init_intern(SSL_CONNECTION *s)
{ {
SSL_CTX *ctx; SSL_CTX *ctx = SSL_CONNECTION_GET_CTX(s);
if ((s == NULL) || ((ctx = s->ctx) == NULL)) if (s == NULL || ctx == NULL)
return 0; return 0;
memset(&s->srp_ctx, 0, sizeof(s->srp_ctx)); memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
@ -156,7 +159,10 @@ int ssl_srp_ctx_init_intern(SSL *s)
int SSL_SRP_CTX_init(SSL *s) int SSL_SRP_CTX_init(SSL *s)
{ {
return ssl_srp_ctx_init_intern(s); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
/* the call works with NULL sc */
return ssl_srp_ctx_init_intern(sc);
} }
/* /*
@ -184,15 +190,17 @@ int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx)
* The public API SSL_srp_server_param_with_username() is deprecated so we use * The public API SSL_srp_server_param_with_username() is deprecated so we use
* ssl_srp_server_param_with_username_intern() internally. * ssl_srp_server_param_with_username_intern() internally.
*/ */
int ssl_srp_server_param_with_username_intern(SSL *s, int *ad) int ssl_srp_server_param_with_username_intern(SSL_CONNECTION *s, int *ad)
{ {
unsigned char b[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
int al; int al;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
*ad = SSL_AD_UNKNOWN_PSK_IDENTITY; *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) && if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) &&
((al = ((al =
s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.TLS_ext_srp_username_callback(SSL_CONNECTION_GET_SSL(s),
ad,
s->srp_ctx.SRP_cb_arg)) != s->srp_ctx.SRP_cb_arg)) !=
SSL_ERROR_NONE)) SSL_ERROR_NONE))
return al; return al;
@ -203,7 +211,8 @@ int ssl_srp_server_param_with_username_intern(SSL *s, int *ad)
(s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL)) (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
return SSL3_AL_FATAL; return SSL3_AL_FATAL;
if (RAND_priv_bytes_ex(s->ctx->libctx, b, sizeof(b), 0) <= 0) if (RAND_priv_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx, b, sizeof(b),
0) <= 0)
return SSL3_AL_FATAL; return SSL3_AL_FATAL;
s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL); s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
OPENSSL_cleanse(b, sizeof(b)); OPENSSL_cleanse(b, sizeof(b));
@ -212,13 +221,18 @@ int ssl_srp_server_param_with_username_intern(SSL *s, int *ad)
return ((s->srp_ctx.B = return ((s->srp_ctx.B =
SRP_Calc_B_ex(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, SRP_Calc_B_ex(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g,
s->srp_ctx.v, s->ctx->libctx, s->ctx->propq)) != s->srp_ctx.v, sctx->libctx, sctx->propq)) !=
NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL; NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL;
} }
int SSL_srp_server_param_with_username(SSL *s, int *ad) int SSL_srp_server_param_with_username(SSL *s, int *ad)
{ {
return ssl_srp_server_param_with_username_intern(s, ad); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return SSL3_AL_FATAL;
return ssl_srp_server_param_with_username_intern(sc, ad);
} }
/* /*
@ -228,17 +242,23 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
const char *grp) const char *grp)
{ {
SRP_gN *GN = SRP_get_default_gN(grp); SRP_gN *GN;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return -1;
GN = SRP_get_default_gN(grp);
if (GN == NULL) if (GN == NULL)
return -1; return -1;
s->srp_ctx.N = BN_dup(GN->N); sc->srp_ctx.N = BN_dup(GN->N);
s->srp_ctx.g = BN_dup(GN->g); sc->srp_ctx.g = BN_dup(GN->g);
BN_clear_free(s->srp_ctx.v); BN_clear_free(sc->srp_ctx.v);
s->srp_ctx.v = NULL; sc->srp_ctx.v = NULL;
BN_clear_free(s->srp_ctx.s); BN_clear_free(sc->srp_ctx.s);
s->srp_ctx.s = NULL; sc->srp_ctx.s = NULL;
if (!SRP_create_verifier_BN_ex(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, if (!SRP_create_verifier_BN_ex(user, pass, &sc->srp_ctx.s, &sc->srp_ctx.v,
s->srp_ctx.N, s->srp_ctx.g, s->ctx->libctx, sc->srp_ctx.N, sc->srp_ctx.g, s->ctx->libctx,
s->ctx->propq)) s->ctx->propq))
return -1; return -1;
@ -248,66 +268,72 @@ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
BIGNUM *sa, BIGNUM *v, char *info) BIGNUM *sa, BIGNUM *v, char *info)
{ {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return -1;
if (N != NULL) { if (N != NULL) {
if (s->srp_ctx.N != NULL) { if (sc->srp_ctx.N != NULL) {
if (!BN_copy(s->srp_ctx.N, N)) { if (!BN_copy(sc->srp_ctx.N, N)) {
BN_free(s->srp_ctx.N); BN_free(sc->srp_ctx.N);
s->srp_ctx.N = NULL; sc->srp_ctx.N = NULL;
} }
} else } else
s->srp_ctx.N = BN_dup(N); sc->srp_ctx.N = BN_dup(N);
} }
if (g != NULL) { if (g != NULL) {
if (s->srp_ctx.g != NULL) { if (sc->srp_ctx.g != NULL) {
if (!BN_copy(s->srp_ctx.g, g)) { if (!BN_copy(sc->srp_ctx.g, g)) {
BN_free(s->srp_ctx.g); BN_free(sc->srp_ctx.g);
s->srp_ctx.g = NULL; sc->srp_ctx.g = NULL;
} }
} else } else
s->srp_ctx.g = BN_dup(g); sc->srp_ctx.g = BN_dup(g);
} }
if (sa != NULL) { if (sa != NULL) {
if (s->srp_ctx.s != NULL) { if (sc->srp_ctx.s != NULL) {
if (!BN_copy(s->srp_ctx.s, sa)) { if (!BN_copy(sc->srp_ctx.s, sa)) {
BN_free(s->srp_ctx.s); BN_free(sc->srp_ctx.s);
s->srp_ctx.s = NULL; sc->srp_ctx.s = NULL;
} }
} else } else
s->srp_ctx.s = BN_dup(sa); sc->srp_ctx.s = BN_dup(sa);
} }
if (v != NULL) { if (v != NULL) {
if (s->srp_ctx.v != NULL) { if (sc->srp_ctx.v != NULL) {
if (!BN_copy(s->srp_ctx.v, v)) { if (!BN_copy(sc->srp_ctx.v, v)) {
BN_free(s->srp_ctx.v); BN_free(sc->srp_ctx.v);
s->srp_ctx.v = NULL; sc->srp_ctx.v = NULL;
} }
} else } else
s->srp_ctx.v = BN_dup(v); sc->srp_ctx.v = BN_dup(v);
} }
if (info != NULL) { if (info != NULL) {
if (s->srp_ctx.info) if (sc->srp_ctx.info)
OPENSSL_free(s->srp_ctx.info); OPENSSL_free(sc->srp_ctx.info);
if ((s->srp_ctx.info = OPENSSL_strdup(info)) == NULL) if ((sc->srp_ctx.info = OPENSSL_strdup(info)) == NULL)
return -1; return -1;
} }
if (!(s->srp_ctx.N) || if (!(sc->srp_ctx.N) ||
!(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v)) !(sc->srp_ctx.g) || !(sc->srp_ctx.s) || !(sc->srp_ctx.v))
return -1; return -1;
return 1; return 1;
} }
int srp_generate_server_master_secret(SSL *s) int srp_generate_server_master_secret(SSL_CONNECTION *s)
{ {
BIGNUM *K = NULL, *u = NULL; BIGNUM *K = NULL, *u = NULL;
int ret = 0, tmp_len = 0; int ret = 0, tmp_len = 0;
unsigned char *tmp = NULL; unsigned char *tmp = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N)) if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
goto err; goto err;
if ((u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, if ((u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N,
s->ctx->libctx, s->ctx->propq)) == NULL) sctx->libctx, sctx->propq)) == NULL)
goto err; goto err;
if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b,
s->srp_ctx.N)) == NULL) s->srp_ctx.N)) == NULL)
@ -328,37 +354,38 @@ int srp_generate_server_master_secret(SSL *s)
} }
/* client side */ /* client side */
int srp_generate_client_master_secret(SSL *s) int srp_generate_client_master_secret(SSL_CONNECTION *s)
{ {
BIGNUM *x = NULL, *u = NULL, *K = NULL; BIGNUM *x = NULL, *u = NULL, *K = NULL;
int ret = 0, tmp_len = 0; int ret = 0, tmp_len = 0;
char *passwd = NULL; char *passwd = NULL;
unsigned char *tmp = NULL; unsigned char *tmp = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
/* /*
* Checks if b % n == 0 * Checks if b % n == 0
*/ */
if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0 if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0
|| (u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N, || (u = SRP_Calc_u_ex(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N,
s->ctx->libctx, s->ctx->propq)) sctx->libctx, sctx->propq))
== NULL == NULL
|| s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) { || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s, if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(SSL_CONNECTION_GET_SSL(s),
s->srp_ctx.SRP_cb_arg)) s->srp_ctx.SRP_cb_arg))
== NULL) { == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED);
goto err; goto err;
} }
if ((x = SRP_Calc_x_ex(s->srp_ctx.s, s->srp_ctx.login, passwd, if ((x = SRP_Calc_x_ex(s->srp_ctx.s, s->srp_ctx.login, passwd,
s->ctx->libctx, s->ctx->propq)) == NULL sctx->libctx, sctx->propq)) == NULL
|| (K = SRP_Calc_client_key_ex(s->srp_ctx.N, s->srp_ctx.B, || (K = SRP_Calc_client_key_ex(s->srp_ctx.N, s->srp_ctx.B,
s->srp_ctx.g, x, s->srp_ctx.g, x,
s->srp_ctx.a, u, s->srp_ctx.a, u,
s->ctx->libctx, sctx->libctx,
s->ctx->propq)) == NULL) { sctx->propq)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
@ -380,7 +407,7 @@ int srp_generate_client_master_secret(SSL *s)
return ret; return ret;
} }
int srp_verify_server_param(SSL *s) int srp_verify_server_param(SSL_CONNECTION *s)
{ {
SRP_CTX *srp = &s->srp_ctx; SRP_CTX *srp = &s->srp_ctx;
/* /*
@ -399,7 +426,8 @@ int srp_verify_server_param(SSL *s)
} }
if (srp->SRP_verify_param_callback) { if (srp->SRP_verify_param_callback) {
if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) { if (srp->SRP_verify_param_callback(SSL_CONNECTION_GET_SSL(s),
srp->SRP_cb_arg) <= 0) {
SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_R_CALLBACK_FAILED); SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_R_CALLBACK_FAILED);
return 0; return 0;
} }
@ -416,11 +444,12 @@ int srp_verify_server_param(SSL *s)
* The public API SRP_Calc_A_param() is deprecated so we use * The public API SRP_Calc_A_param() is deprecated so we use
* ssl_srp_calc_a_param_intern() internally. * ssl_srp_calc_a_param_intern() internally.
*/ */
int ssl_srp_calc_a_param_intern(SSL *s) int ssl_srp_calc_a_param_intern(SSL_CONNECTION *s)
{ {
unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
if (RAND_priv_bytes_ex(s->ctx->libctx, rnd, sizeof(rnd), 0) <= 0) if (RAND_priv_bytes_ex(SSL_CONNECTION_GET_CTX(s)->libctx,
rnd, sizeof(rnd), 0) <= 0)
return 0; return 0;
s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
OPENSSL_cleanse(rnd, sizeof(rnd)); OPENSSL_cleanse(rnd, sizeof(rnd));
@ -433,34 +462,59 @@ int ssl_srp_calc_a_param_intern(SSL *s)
int SRP_Calc_A_param(SSL *s) int SRP_Calc_A_param(SSL *s)
{ {
return ssl_srp_calc_a_param_intern(s); SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
return ssl_srp_calc_a_param_intern(sc);
} }
BIGNUM *SSL_get_srp_g(SSL *s) BIGNUM *SSL_get_srp_g(SSL *s)
{ {
if (s->srp_ctx.g != NULL) SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
return s->srp_ctx.g;
if (sc == NULL)
return NULL;
if (sc->srp_ctx.g != NULL)
return sc->srp_ctx.g;
return s->ctx->srp_ctx.g; return s->ctx->srp_ctx.g;
} }
BIGNUM *SSL_get_srp_N(SSL *s) BIGNUM *SSL_get_srp_N(SSL *s)
{ {
if (s->srp_ctx.N != NULL) SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
return s->srp_ctx.N;
if (sc == NULL)
return NULL;
if (sc->srp_ctx.N != NULL)
return sc->srp_ctx.N;
return s->ctx->srp_ctx.N; return s->ctx->srp_ctx.N;
} }
char *SSL_get_srp_username(SSL *s) char *SSL_get_srp_username(SSL *s)
{ {
if (s->srp_ctx.login != NULL) SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
return s->srp_ctx.login;
if (sc == NULL)
return NULL;
if (sc->srp_ctx.login != NULL)
return sc->srp_ctx.login;
return s->ctx->srp_ctx.login; return s->ctx->srp_ctx.login;
} }
char *SSL_get_srp_userinfo(SSL *s) char *SSL_get_srp_userinfo(SSL *s)
{ {
if (s->srp_ctx.info != NULL) SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
return s->srp_ctx.info;
if (sc == NULL)
return NULL;
if (sc->srp_ctx.info != NULL)
return sc->srp_ctx.info;
return s->ctx->srp_ctx.info; return s->ctx->srp_ctx.info;
} }

5
test/dtls_mtu_test.c
View File

@ -55,6 +55,7 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm)
size_t mtus[30]; size_t mtus[30];
unsigned char buf[600]; unsigned char buf[600];
int rv = 0; int rv = 0;
SSL_CONNECTION *clnt_sc;
memset(buf, 0x5a, sizeof(buf)); memset(buf, 0x5a, sizeof(buf));
@ -132,8 +133,10 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm)
} }
} }
} }
if (!TEST_ptr(clnt_sc = SSL_CONNECTION_FROM_SSL_ONLY(clnt_ssl)))
goto end;
rv = 1; rv = 1;
if (SSL_READ_ETM(clnt_ssl)) if (SSL_READ_ETM(clnt_sc))
rv = 2; rv = 2;
end: end:
SSL_free(clnt_ssl); SSL_free(clnt_ssl);

8
test/helpers/handshake.c
View File

@ -978,9 +978,15 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer)
return; return;
} else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH) { } else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH) {
if (SSL_is_server(peer->ssl)) { if (SSL_is_server(peer->ssl)) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(peer->ssl);
if (sc == NULL) {
peer->status = PEER_ERROR;
return;
}
/* Make the server believe it's received the extension */ /* Make the server believe it's received the extension */
if (test_ctx->extra.server.force_pha) if (test_ctx->extra.server.force_pha)
peer->ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; sc->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
ret = SSL_verify_client_post_handshake(peer->ssl); ret = SSL_verify_client_post_handshake(peer->ssl);
if (!ret) { if (!ret) {
peer->status = PEER_ERROR; peer->status = PEER_ERROR;

61
test/sslapitest.c
View File

@ -1079,12 +1079,17 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
char srec_wseq_after[SEQ_NUM_SIZE]; char srec_wseq_after[SEQ_NUM_SIZE];
char srec_rseq_before[SEQ_NUM_SIZE]; char srec_rseq_before[SEQ_NUM_SIZE];
char srec_rseq_after[SEQ_NUM_SIZE]; char srec_rseq_after[SEQ_NUM_SIZE];
SSL_CONNECTION *clientsc, *serversc;
if (!TEST_ptr(clientsc = SSL_CONNECTION_FROM_SSL_ONLY(clientssl))
|| !TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
goto end;
cbuf[0] = count++; cbuf[0] = count++;
memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); memcpy(crec_rseq_before, &clientsc->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); memcpy(srec_rseq_before, &serversc->rlayer.read_sequence, SEQ_NUM_SIZE);
if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf))) if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf)))
goto end; goto end;
@ -1104,10 +1109,10 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
} }
} }
memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); memcpy(crec_rseq_after, &clientsc->rlayer.read_sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); memcpy(srec_rseq_after, &serversc->rlayer.read_sequence, SEQ_NUM_SIZE);
/* verify the payload */ /* verify the payload */
if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf))) if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf)))
@ -1117,7 +1122,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
* If ktls is used then kernel sequences are used instead of * If ktls is used then kernel sequences are used instead of
* OpenSSL sequences * OpenSSL sequences
*/ */
if (!BIO_get_ktls_send(clientssl->wbio)) { if (!BIO_get_ktls_send(clientsc->wbio)) {
if (!TEST_mem_ne(crec_wseq_before, SEQ_NUM_SIZE, if (!TEST_mem_ne(crec_wseq_before, SEQ_NUM_SIZE,
crec_wseq_after, SEQ_NUM_SIZE)) crec_wseq_after, SEQ_NUM_SIZE))
goto end; goto end;
@ -1127,7 +1132,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
goto end; goto end;
} }
if (!BIO_get_ktls_send(serverssl->wbio)) { if (!BIO_get_ktls_send(serversc->wbio)) {
if (!TEST_mem_ne(srec_wseq_before, SEQ_NUM_SIZE, if (!TEST_mem_ne(srec_wseq_before, SEQ_NUM_SIZE,
srec_wseq_after, SEQ_NUM_SIZE)) srec_wseq_after, SEQ_NUM_SIZE))
goto end; goto end;
@ -1137,7 +1142,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
goto end; goto end;
} }
if (!BIO_get_ktls_recv(clientssl->wbio)) { if (!BIO_get_ktls_recv(clientsc->wbio)) {
if (!TEST_mem_ne(crec_rseq_before, SEQ_NUM_SIZE, if (!TEST_mem_ne(crec_rseq_before, SEQ_NUM_SIZE,
crec_rseq_after, SEQ_NUM_SIZE)) crec_rseq_after, SEQ_NUM_SIZE))
goto end; goto end;
@ -1147,7 +1152,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
goto end; goto end;
} }
if (!BIO_get_ktls_recv(serverssl->wbio)) { if (!BIO_get_ktls_recv(serversc->wbio)) {
if (!TEST_mem_ne(srec_rseq_before, SEQ_NUM_SIZE, if (!TEST_mem_ne(srec_rseq_before, SEQ_NUM_SIZE,
srec_rseq_after, SEQ_NUM_SIZE)) srec_rseq_after, SEQ_NUM_SIZE))
goto end; goto end;
@ -1170,6 +1175,7 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
int ktls_used = 0, testresult = 0; int ktls_used = 0, testresult = 0;
int cfd = -1, sfd = -1; int cfd = -1, sfd = -1;
int rx_supported; int rx_supported;
SSL_CONNECTION *clientsc, *serversc;
if (!TEST_true(create_test_sockets(&cfd, &sfd))) if (!TEST_true(create_test_sockets(&cfd, &sfd)))
goto end; goto end;
@ -1206,6 +1212,10 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
&clientssl, sfd, cfd))) &clientssl, sfd, cfd)))
goto end; goto end;
if (!TEST_ptr(clientsc = SSL_CONNECTION_FROM_SSL_ONLY(clientssl))
|| !TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
goto end;
if (cis_ktls) { if (cis_ktls) {
if (!TEST_true(SSL_set_options(clientssl, SSL_OP_ENABLE_KTLS))) if (!TEST_true(SSL_set_options(clientssl, SSL_OP_ENABLE_KTLS)))
goto end; goto end;
@ -1225,18 +1235,18 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
* isn't enabled. * isn't enabled.
*/ */
if (!cis_ktls) { if (!cis_ktls) {
if (!TEST_false(BIO_get_ktls_send(clientssl->wbio))) if (!TEST_false(BIO_get_ktls_send(clientsc->wbio)))
goto end; goto end;
} else { } else {
if (BIO_get_ktls_send(clientssl->wbio)) if (BIO_get_ktls_send(clientsc->wbio))
ktls_used = 1; ktls_used = 1;
} }
if (!sis_ktls) { if (!sis_ktls) {
if (!TEST_false(BIO_get_ktls_send(serverssl->wbio))) if (!TEST_false(BIO_get_ktls_send(serversc->wbio)))
goto end; goto end;
} else { } else {
if (BIO_get_ktls_send(serverssl->wbio)) if (BIO_get_ktls_send(serversc->wbio))
ktls_used = 1; ktls_used = 1;
} }
@ -1246,18 +1256,18 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
rx_supported = 1; rx_supported = 1;
#endif #endif
if (!cis_ktls || !rx_supported) { if (!cis_ktls || !rx_supported) {
if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio))) if (!TEST_false(BIO_get_ktls_recv(clientsc->rbio)))
goto end; goto end;
} else { } else {
if (BIO_get_ktls_send(clientssl->rbio)) if (BIO_get_ktls_send(clientsc->rbio))
ktls_used = 1; ktls_used = 1;
} }
if (!sis_ktls || !rx_supported) { if (!sis_ktls || !rx_supported) {
if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio))) if (!TEST_false(BIO_get_ktls_recv(serversc->rbio)))
goto end; goto end;
} else { } else {
if (BIO_get_ktls_send(serverssl->rbio)) if (BIO_get_ktls_send(serversc->rbio))
ktls_used = 1; ktls_used = 1;
} }
@ -1306,6 +1316,7 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
off_t chunk_off = 0; off_t chunk_off = 0;
int testresult = 0; int testresult = 0;
FILE *ffdp; FILE *ffdp;
SSL_CONNECTION *serversc;
buf = OPENSSL_zalloc(SENDFILE_SZ); buf = OPENSSL_zalloc(SENDFILE_SZ);
buf_dst = OPENSSL_zalloc(SENDFILE_SZ); buf_dst = OPENSSL_zalloc(SENDFILE_SZ);
@ -1345,6 +1356,9 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
&clientssl, sfd, cfd))) &clientssl, sfd, cfd)))
goto end; goto end;
if (!TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
goto end;
if (!TEST_true(SSL_set_options(serverssl, SSL_OP_ENABLE_KTLS))) if (!TEST_true(SSL_set_options(serverssl, SSL_OP_ENABLE_KTLS)))
goto end; goto end;
@ -1352,7 +1366,7 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
SSL_ERROR_NONE))) SSL_ERROR_NONE)))
goto end; goto end;
if (!BIO_get_ktls_send(serverssl->wbio)) { if (!BIO_get_ktls_send(serversc->wbio)) {
testresult = TEST_skip("Failed to enable KTLS for %s cipher %s", testresult = TEST_skip("Failed to enable KTLS for %s cipher %s",
tls_version == TLS1_3_VERSION ? "TLS 1.3" : tls_version == TLS1_3_VERSION ? "TLS 1.3" :
"TLS 1.2", cipher); "TLS 1.2", cipher);
@ -1529,6 +1543,7 @@ static int execute_cleanse_plaintext(const SSL_METHOD *smeth,
int testresult = 0; int testresult = 0;
SSL3_RECORD *rr; SSL3_RECORD *rr;
void *zbuf; void *zbuf;
SSL_CONNECTION *serversc;
static unsigned char cbuf[16000]; static unsigned char cbuf[16000];
static unsigned char sbuf[16000]; static unsigned char sbuf[16000];
@ -1589,7 +1604,9 @@ static int execute_cleanse_plaintext(const SSL_METHOD *smeth,
* layer is a plaintext record. We can gather the pointer to check * layer is a plaintext record. We can gather the pointer to check
* for zeroization after SSL_read(). * for zeroization after SSL_read().
*/ */
rr = serverssl->rlayer.rrec; if (!TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl)))
goto end;
rr = serversc->rlayer.rrec;
zbuf = &rr->data[rr->off]; zbuf = &rr->data[rr->off];
if (!TEST_int_eq(rr->length, sizeof(cbuf))) if (!TEST_int_eq(rr->length, sizeof(cbuf)))
goto end; goto end;

11
test/tls13encryptiontest.c
View File

@ -304,12 +304,13 @@ static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc)
static int test_tls13_encryption(void) static int test_tls13_encryption(void)
{ {
SSL_CTX *ctx = NULL; SSL_CTX *ctx = NULL;
SSL *s = NULL; SSL *ssl = NULL;
SSL3_RECORD rec; SSL3_RECORD rec;
unsigned char *key = NULL, *iv = NULL, *seq = NULL; unsigned char *key = NULL, *iv = NULL, *seq = NULL;
const EVP_CIPHER *ciph = EVP_aes_128_gcm(); const EVP_CIPHER *ciph = EVP_aes_128_gcm();
int ret = 0; int ret = 0;
size_t ivlen, ctr; size_t ivlen, ctr;
SSL_CONNECTION *s;
/* /*
* Encrypted TLSv1.3 records always have an outer content type of * Encrypted TLSv1.3 records always have an outer content type of
@ -325,8 +326,8 @@ static int test_tls13_encryption(void)
goto err; goto err;
} }
s = SSL_new(ctx); ssl = SSL_new(ctx);
if (!TEST_ptr(s)) { if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl))) {
TEST_info("Failed creating SSL"); TEST_info("Failed creating SSL");
goto err; goto err;
} }
@ -339,7 +340,7 @@ static int test_tls13_encryption(void)
if (!TEST_ptr(s->enc_write_ctx)) if (!TEST_ptr(s->enc_write_ctx))
goto err; goto err;
s->s3.tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES); s->s3.tmp.new_cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES);
if (!TEST_ptr(s->s3.tmp.new_cipher)) { if (!TEST_ptr(s->s3.tmp.new_cipher)) {
TEST_info("Failed to find cipher"); TEST_info("Failed to find cipher");
goto err; goto err;
@ -405,7 +406,7 @@ static int test_tls13_encryption(void)
OPENSSL_free(key); OPENSSL_free(key);
OPENSSL_free(iv); OPENSSL_free(iv);
OPENSSL_free(seq); OPENSSL_free(seq);
SSL_free(s); SSL_free(ssl);
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
return ret; return ret;
} }

28
test/tls13secretstest.c
View File

@ -126,7 +126,7 @@ static unsigned char server_ats_iv[] = {
}; };
/* Mocked out implementations of various functions */ /* Mocked out implementations of various functions */
int ssl3_digest_cached_records(SSL *s, int keep) int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep)
{ {
return 1; return 1;
} }
@ -134,7 +134,7 @@ int ssl3_digest_cached_records(SSL *s, int keep)
static int full_hash = 0; static int full_hash = 0;
/* Give a hash of the currently set handshake */ /* Give a hash of the currently set handshake */
int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, int ssl_handshake_hash(SSL_CONNECTION *s, unsigned char *out, size_t outlen,
size_t *hashlen) size_t *hashlen)
{ {
if (sizeof(hs_start_hash) > outlen if (sizeof(hs_start_hash) > outlen
@ -152,7 +152,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
return 1; return 1;
} }
const EVP_MD *ssl_handshake_md(SSL *s) const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s)
{ {
return EVP_sha256(); return EVP_sha256();
} }
@ -185,7 +185,7 @@ int tls1_alert_code(int code)
return code; return code;
} }
int ssl_log_secret(SSL *ssl, int ssl_log_secret(SSL_CONNECTION *sc,
const char *label, const char *label,
const uint8_t *secret, const uint8_t *secret,
size_t secret_len) size_t secret_len)
@ -198,20 +198,21 @@ const EVP_MD *ssl_md(SSL_CTX *ctx, int idx)
return EVP_sha256(); return EVP_sha256();
} }
void ossl_statem_send_fatal(SSL *s, int al) void ossl_statem_send_fatal(SSL_CONNECTION *s, int al)
{ {
} }
void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...) void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason,
const char *fmt, ...)
{ {
} }
int ossl_statem_export_allowed(SSL *s) int ossl_statem_export_allowed(SSL_CONNECTION *s)
{ {
return 1; return 1;
} }
int ossl_statem_export_early_allowed(SSL *s) int ossl_statem_export_early_allowed(SSL_CONNECTION *s)
{ {
return 1; return 1;
} }
@ -226,7 +227,7 @@ void ssl_evp_md_free(const EVP_MD *md)
/* End of mocked out code */ /* End of mocked out code */
static int test_secret(SSL *s, unsigned char *prk, static int test_secret(SSL_CONNECTION *s, unsigned char *prk,
const unsigned char *label, size_t labellen, const unsigned char *label, size_t labellen,
const unsigned char *ref_secret, const unsigned char *ref_secret,
const unsigned char *ref_key, const unsigned char *ref_iv) const unsigned char *ref_key, const unsigned char *ref_iv)
@ -274,7 +275,8 @@ static int test_secret(SSL *s, unsigned char *prk,
static int test_handshake_secrets(void) static int test_handshake_secrets(void)
{ {
SSL_CTX *ctx = NULL; SSL_CTX *ctx = NULL;
SSL *s = NULL; SSL *ssl = NULL;
SSL_CONNECTION *s;
int ret = 0; int ret = 0;
size_t hashsize; size_t hashsize;
unsigned char out_master_secret[EVP_MAX_MD_SIZE]; unsigned char out_master_secret[EVP_MAX_MD_SIZE];
@ -284,8 +286,8 @@ static int test_handshake_secrets(void)
if (!TEST_ptr(ctx)) if (!TEST_ptr(ctx))
goto err; goto err;
s = SSL_new(ctx); ssl = SSL_new(ctx);
if (!TEST_ptr(s )) if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl)))
goto err; goto err;
s->session = SSL_SESSION_new(); s->session = SSL_SESSION_new();
@ -396,7 +398,7 @@ static int test_handshake_secrets(void)
ret = 1; ret = 1;
err: err:
SSL_free(s); SSL_free(ssl);
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
return ret; return ret;
} }