diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2022-02-05 14:54:11 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2022-02-05 14:54:11 +0000 |
commit | d735481d961055ec0391f4f3d7bd54bc317bc5c7 (patch) | |
tree | 52311171899accb038fae3f98d6fafc0f1235779 /lib/libssl | |
parent | 1d66f92e8ab22d48aa6033e5ff3816ca3355b2e2 (diff) |
Bye bye S3I.
S3I has served us well, however now that libssl is fully opaque it is time
to say goodbye. Aside from removing the calloc/free/memset, the rest is
mechanical sed.
ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/d1_both.c | 16 | ||||
-rw-r--r-- | lib/libssl/d1_pkt.c | 84 | ||||
-rw-r--r-- | lib/libssl/s3_lib.c | 143 | ||||
-rw-r--r-- | lib/libssl/ssl_both.c | 86 | ||||
-rw-r--r-- | lib/libssl/ssl_cert.c | 4 | ||||
-rw-r--r-- | lib/libssl/ssl_ciph.c | 6 | ||||
-rw-r--r-- | lib/libssl/ssl_ciphers.c | 10 | ||||
-rw-r--r-- | lib/libssl/ssl_clnt.c | 272 | ||||
-rw-r--r-- | lib/libssl/ssl_err.c | 4 | ||||
-rw-r--r-- | lib/libssl/ssl_lib.c | 46 | ||||
-rw-r--r-- | lib/libssl/ssl_locl.h | 22 | ||||
-rw-r--r-- | lib/libssl/ssl_packet.c | 6 | ||||
-rw-r--r-- | lib/libssl/ssl_pkt.c | 204 | ||||
-rw-r--r-- | lib/libssl/ssl_sigalgs.c | 14 | ||||
-rw-r--r-- | lib/libssl/ssl_srvr.c | 272 | ||||
-rw-r--r-- | lib/libssl/ssl_stat.c | 6 | ||||
-rw-r--r-- | lib/libssl/ssl_tlsext.c | 200 | ||||
-rw-r--r-- | lib/libssl/ssl_transcript.c | 44 | ||||
-rw-r--r-- | lib/libssl/ssl_versions.c | 10 | ||||
-rw-r--r-- | lib/libssl/t1_enc.c | 20 | ||||
-rw-r--r-- | lib/libssl/tls12_lib.c | 18 | ||||
-rw-r--r-- | lib/libssl/tls13_legacy.c | 34 | ||||
-rw-r--r-- | lib/libssl/tls13_lib.c | 6 |
23 files changed, 755 insertions, 772 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index 07c868f45e6..fd7c07a4d5c 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.80 2021/10/23 13:36:03 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.81 2022/02/05 14:54:10 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -380,15 +380,15 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max) * s3->internal->tmp is used to store messages that are unexpected, caused * by the absence of an optional handshake message */ - if (S3I(s)->hs.tls12.reuse_message) { - S3I(s)->hs.tls12.reuse_message = 0; - if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) { + if (s->s3->hs.tls12.reuse_message) { + s->s3->hs.tls12.reuse_message = 0; + if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); goto fatal_err; } s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; - s->internal->init_num = (int)S3I(s)->hs.tls12.message_size; + s->internal->init_num = (int)s->s3->hs.tls12.message_size; return 1; } @@ -463,9 +463,9 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) return SSL_AD_INTERNAL_ERROR; } - S3I(s)->hs.tls12.message_size = msg_len; + s->s3->hs.tls12.message_size = msg_len; s->d1->r_msg_hdr.msg_len = msg_len; - S3I(s)->hs.tls12.message_type = msg_hdr->type; + s->s3->hs.tls12.message_type = msg_hdr->type; s->d1->r_msg_hdr.type = msg_hdr->type; s->d1->r_msg_hdr.seq = msg_hdr->seq; } else if (msg_len != s->d1->r_msg_hdr.msg_len) { @@ -818,7 +818,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) goto fatal_err; /* XDTLS: ressurect this when restart is in place */ - S3I(s)->hs.state = stn; + s->s3->hs.state = stn; if (frag_len > 0) { unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 12a711324ab..e884f2d592e 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.116 2021/11/09 18:40:21 bcook Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.117 2022/02/05 14:54:10 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -191,12 +191,12 @@ static int dtls1_process_record(SSL *s); static int dtls1_copy_record(SSL *s, DTLS1_RECORD_DATA_INTERNAL *rdata) { - ssl3_release_buffer(&S3I(s)->rbuf); + ssl3_release_buffer(&s->s3->rbuf); s->internal->packet = rdata->packet; s->internal->packet_length = rdata->packet_length; - memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); - memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL)); + memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); + memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL)); return (1); } @@ -218,15 +218,15 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) rdata->packet = s->internal->packet; rdata->packet_length = s->internal->packet_length; - memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); - memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD_INTERNAL)); + memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); + memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL)); item->data = rdata; s->internal->packet = NULL; s->internal->packet_length = 0; - memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL)); - memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD_INTERNAL)); + memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL)); + memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL)); if (!ssl3_setup_buffers(s)) goto err; @@ -293,7 +293,7 @@ dtls1_process_buffered_record(SSL *s) static int dtls1_process_record(SSL *s) { - SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec); + SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); uint8_t alert_desc; uint8_t *out; size_t out_len; @@ -349,7 +349,7 @@ dtls1_process_record(SSL *s) int dtls1_get_record(SSL *s) { - SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec); + SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); unsigned char *p = NULL; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; @@ -517,7 +517,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) unsigned int n; SSL3_RECORD_INTERNAL *rr; - if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */ + if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ if (!ssl3_setup_buffers(s)) return (-1); @@ -554,17 +554,17 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->internal->rwstate = SSL_NOTHING; - /* S3I(s)->rrec.type - is the type of record - * S3I(s)->rrec.data, - data - * S3I(s)->rrec.off, - offset into 'data' for next read - * S3I(s)->rrec.length, - number of bytes. */ - rr = &(S3I(s)->rrec); + /* s->s3->rrec.type - is the type of record + * s->s3->rrec.data, - data + * s->s3->rrec.off, - offset into 'data' for next read + * s->s3->rrec.length, - number of bytes. */ + rr = &(s->s3->rrec); /* We are not handshaking and have no data yet, * so process data buffered during the last handshake * in advance, if any. */ - if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0) + if (s->s3->hs.state == SSL_ST_OK && rr->length == 0) dtls1_retrieve_buffered_record(s, &(s->d1->buffered_app_data)); /* Check for timeout */ @@ -591,7 +591,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) /* we now have a packet which can be read and processed */ - if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec, + if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, * reset by ssl3_get_finished */ && (rr->type != SSL3_RT_HANDSHAKE)) { /* We now have application data between CCS and Finished. @@ -667,7 +667,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) * Application data while renegotiating is allowed. * Try reading again. */ - S3I(s)->in_read_app_data = 2; + s->s3->in_read_app_data = 2; ssl_force_want_read(s); return -1; } else { @@ -708,7 +708,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !S3I(s)->renegotiate) { + !s->s3->renegotiate) { s->d1->handshake_read_seq++; s->internal->new_session = 1; ssl3_renegotiate(s); @@ -722,7 +722,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) { + if (s->s3->rbuf.left == 0) { ssl_force_want_read(s); return (-1); } @@ -746,14 +746,14 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) (alert_level << 8) | alert_descr); if (alert_level == SSL3_AL_WARNING) { - S3I(s)->warn_alert = alert_descr; + s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); } } else if (alert_level == SSL3_AL_FATAL) { s->internal->rwstate = SSL_NOTHING; - S3I(s)->fatal_alert = alert_descr; + s->s3->fatal_alert = alert_descr; SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); ERR_asprintf_error_data("SSL alert number %d", alert_descr); @@ -799,7 +799,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->d1->change_cipher_spec_ok = 0; - S3I(s)->change_cipher_spec = 1; + s->s3->change_cipher_spec = 1; if (!ssl3_do_change_cipher_spec(s)) goto err; @@ -835,9 +835,9 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) goto start; } - if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) && + if (((s->s3->hs.state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; + s->s3->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; s->internal->renegotiate = 1; s->internal->new_session = 1; } @@ -850,7 +850,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) { + if (s->s3->rbuf.left == 0) { ssl_force_want_read(s); return (-1); } @@ -881,15 +881,15 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) * at this point (session renegotiation not yet started), * we will indulge it. */ - if (S3I(s)->in_read_app_data && - (S3I(s)->total_renegotiations != 0) && - (((S3I(s)->hs.state & SSL_ST_CONNECT) && - (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && - (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( - (S3I(s)->hs.state & SSL_ST_ACCEPT) && - (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && - (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { - S3I(s)->in_read_app_data = 2; + if (s->s3->in_read_app_data && + (s->s3->total_renegotiations != 0) && + (((s->s3->hs.state & SSL_ST_CONNECT) && + (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && + (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( + (s->s3->hs.state & SSL_ST_ACCEPT) && + (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && + (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { + s->s3->in_read_app_data = 2; return (-1); } else { al = SSL_AD_UNEXPECTED_MESSAGE; @@ -947,7 +947,7 @@ dtls1_write_bytes(SSL *s, int type, const void *buf, int len) int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) { - SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf); + SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); size_t out_len; CBB cbb; int ret; @@ -964,7 +964,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) } /* If we have an alert to send, let's send it */ - if (S3I(s)->alert_dispatch) { + if (s->s3->alert_dispatch) { if ((ret = ssl3_dispatch_alert(s)) <= 0) return (ret); /* If it went, fall through and send more stuff. */ @@ -992,10 +992,10 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * Memorize arguments so that ssl3_write_pending can detect * bad write retries later. */ - S3I(s)->wpend_tot = len; - S3I(s)->wpend_buf = buf; - S3I(s)->wpend_type = type; - S3I(s)->wpend_ret = len; + s->s3->wpend_tot = len; + s->s3->wpend_buf = buf; + s->s3->wpend_type = type; + s->s3->wpend_ret = len; /* We now just need to write the buffer. */ return ssl3_write_pending(s, type, buf, len); diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index d5a53565f86..916ed4935cc 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.225 2022/01/26 11:05:41 tb Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.226 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1444,8 +1444,8 @@ ssl3_pending(const SSL *s) if (s->internal->rstate == SSL_ST_READ_BODY) return 0; - return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ? - S3I(s)->rrec.length : 0; + return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? + s->s3->rrec.length : 0; } int @@ -1544,10 +1544,6 @@ ssl3_new(SSL *s) { if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL) return (0); - if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) { - free(s->s3); - return (0); - } s->method->ssl_clear(s); @@ -1563,23 +1559,22 @@ ssl3_free(SSL *s) tls1_cleanup_key_block(s); ssl3_release_read_buffer(s); ssl3_release_write_buffer(s); - freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); + freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); - tls_key_share_free(S3I(s)->hs.key_share); + tls_key_share_free(s->s3->hs.key_share); - tls13_secrets_destroy(S3I(s)->hs.tls13.secrets); - freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len); - tls13_clienthello_hash_clear(&S3I(s)->hs.tls13); + tls13_secrets_destroy(s->s3->hs.tls13.secrets); + freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len); + tls13_clienthello_hash_clear(&s->s3->hs.tls13); - sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); sk_X509_pop_free(s->internal->verified_chain, X509_free); tls1_transcript_free(s); tls1_transcript_hash_free(s); - free(S3I(s)->alpn_selected); + free(s->s3->alpn_selected); - freezero(S3I(s), sizeof(*S3I(s))); freezero(s->s3, sizeof(*s->s3)); s->s3 = NULL; @@ -1588,65 +1583,61 @@ ssl3_free(SSL *s) void ssl3_clear(SSL *s) { - struct ssl3_state_internal_st *internal; unsigned char *rp, *wp; size_t rlen, wlen; tls1_cleanup_key_block(s); - sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); sk_X509_pop_free(s->internal->verified_chain, X509_free); s->internal->verified_chain = NULL; - freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); - S3I(s)->hs.sigalgs = NULL; - S3I(s)->hs.sigalgs_len = 0; + freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); + s->s3->hs.sigalgs = NULL; + s->s3->hs.sigalgs_len = 0; - tls_key_share_free(S3I(s)->hs.key_share); - S3I(s)->hs.key_share = NULL; + tls_key_share_free(s->s3->hs.key_share); + s->s3->hs.key_share = NULL; - tls13_secrets_destroy(S3I(s)->hs.tls13.secrets); - S3I(s)->hs.tls13.secrets = NULL; - freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len); - S3I(s)->hs.tls13.cookie = NULL; - S3I(s)->hs.tls13.cookie_len = 0; - tls13_clienthello_hash_clear(&S3I(s)->hs.tls13); + tls13_secrets_destroy(s->s3->hs.tls13.secrets); + s->s3->hs.tls13.secrets = NULL; + freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len); + s->s3->hs.tls13.cookie = NULL; + s->s3->hs.tls13.cookie_len = 0; + tls13_clienthello_hash_clear(&s->s3->hs.tls13); - S3I(s)->hs.extensions_seen = 0; + s->s3->hs.extensions_seen = 0; - rp = S3I(s)->rbuf.buf; - wp = S3I(s)->wbuf.buf; - rlen = S3I(s)->rbuf.len; - wlen = S3I(s)->wbuf.len; + rp = s->s3->rbuf.buf; + wp = s->s3->wbuf.buf; + rlen = s->s3->rbuf.len; + wlen = s->s3->wbuf.len; tls1_transcript_free(s); tls1_transcript_hash_free(s); - free(S3I(s)->alpn_selected); - S3I(s)->alpn_selected = NULL; - S3I(s)->alpn_selected_len = 0; + free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; + s->s3->alpn_selected_len = 0; - memset(S3I(s), 0, sizeof(*S3I(s))); - internal = S3I(s); memset(s->s3, 0, sizeof(*s->s3)); - S3I(s) = internal; - S3I(s)->rbuf.buf = rp; - S3I(s)->wbuf.buf = wp; - S3I(s)->rbuf.len = rlen; - S3I(s)->wbuf.len = wlen; + s->s3->rbuf.buf = rp; + s->s3->wbuf.buf = wp; + s->s3->rbuf.len = rlen; + s->s3->wbuf.len = wlen; ssl_free_wbio_buffer(s); /* Not needed... */ - S3I(s)->renegotiate = 0; - S3I(s)->total_renegotiations = 0; - S3I(s)->num_renegotiations = 0; - S3I(s)->in_read_app_data = 0; + s->s3->renegotiate = 0; + s->s3->total_renegotiations = 0; + s->s3->num_renegotiations = 0; + s->s3->in_read_app_data = 0; s->internal->packet_length = 0; s->version = TLS1_VERSION; - S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); + s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); } long @@ -1657,12 +1648,12 @@ _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key) *key = NULL; - if (S3I(s)->hs.key_share == NULL) + if (s->s3->hs.key_share == NULL) goto err; if ((pkey = EVP_PKEY_new()) == NULL) goto err; - if (!tls_key_share_peer_pkey(S3I(s)->hs.key_share, pkey)) + if (!tls_key_share_peer_pkey(s->s3->hs.key_share, pkey)) goto err; *key = pkey; @@ -1685,7 +1676,7 @@ _SSL_session_reused(SSL *s) static int _SSL_num_renegotiations(SSL *s) { - return S3I(s)->num_renegotiations; + return s->s3->num_renegotiations; } static int @@ -1693,8 +1684,8 @@ _SSL_clear_num_renegotiations(SSL *s) { int renegs; - renegs = S3I(s)->num_renegotiations; - S3I(s)->num_renegotiations = 0; + renegs = s->s3->num_renegotiations; + s->s3->num_renegotiations = 0; return renegs; } @@ -1702,7 +1693,7 @@ _SSL_clear_num_renegotiations(SSL *s) static int _SSL_total_renegotiations(SSL *s) { - return S3I(s)->total_renegotiations; + return s->s3->total_renegotiations; } static int @@ -1920,7 +1911,7 @@ _SSL_get_signature_nid(SSL *s, int *nid) { const struct ssl_sigalg *sigalg; - if ((sigalg = S3I(s)->hs.our_sigalg) == NULL) + if ((sigalg = s->s3->hs.our_sigalg) == NULL) return 0; *nid = EVP_MD_type(sigalg->md()); @@ -1933,7 +1924,7 @@ _SSL_get_peer_signature_nid(SSL *s, int *nid) { const struct ssl_sigalg *sigalg; - if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL) + if ((sigalg = s->s3->hs.peer_sigalg) == NULL) return 0; *nid = EVP_MD_type(sigalg->md()); @@ -1946,7 +1937,7 @@ SSL_get_signature_type_nid(const SSL *s, int *nid) { const struct ssl_sigalg *sigalg; - if ((sigalg = S3I(s)->hs.our_sigalg) == NULL) + if ((sigalg = s->s3->hs.our_sigalg) == NULL) return 0; *nid = sigalg->key_type; @@ -1962,7 +1953,7 @@ SSL_get_peer_signature_type_nid(const SSL *s, int *nid) { const struct ssl_sigalg *sigalg; - if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL) + if ((sigalg = s->s3->hs.peer_sigalg) == NULL) return 0; *nid = sigalg->key_type; @@ -2564,7 +2555,7 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb) { unsigned long alg_k; - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; #ifndef OPENSSL_NO_GOST if ((alg_k & SSL_kGOST) != 0) { @@ -2608,7 +2599,7 @@ ssl3_shutdown(SSL *s) * Don't do anything much if we have not done the handshake or * we don't want to send messages :-) */ - if ((s->internal->quiet_shutdown) || (S3I(s)->hs.state == SSL_ST_BEFORE)) { + if ((s->internal->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) { s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return (1); } @@ -2618,11 +2609,11 @@ ssl3_shutdown(SSL *s) ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); /* * Our shutdown alert has been sent now, and if it still needs - * to be written, S3I(s)->alert_dispatch will be true + * to be written, s->s3->alert_dispatch will be true */ - if (S3I(s)->alert_dispatch) + if (s->s3->alert_dispatch) return (-1); /* return WANT_WRITE */ - } else if (S3I(s)->alert_dispatch) { + } else if (s->s3->alert_dispatch) { /* resend it if not sent */ ret = ssl3_dispatch_alert(s); if (ret == -1) { @@ -2643,7 +2634,7 @@ ssl3_shutdown(SSL *s) } if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && - !S3I(s)->alert_dispatch) + !s->s3->alert_dispatch) return (1); else return (0); @@ -2654,7 +2645,7 @@ ssl3_write(SSL *s, const void *buf, int len) { errno = 0; - if (S3I(s)->renegotiate) + if (s->s3->renegotiate) ssl3_renegotiate_check(s); return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, @@ -2667,13 +2658,13 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek) int ret; errno = 0; - if (S3I(s)->renegotiate) + if (s->s3->renegotiate) ssl3_renegotiate_check(s); - S3I(s)->in_read_app_data = 1; + s->s3->in_read_app_data = 1; ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); - if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) { + if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->internal->handshake_func, * which called ssl3_read_bytes to read handshake data. @@ -2686,7 +2677,7 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek) buf, len, peek); s->internal->in_handshake--; } else - S3I(s)->in_read_app_data = 0; + s->s3->in_read_app_data = 0; return (ret); } @@ -2712,7 +2703,7 @@ ssl3_renegotiate(SSL *s) if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) return (0); - S3I(s)->renegotiate = 1; + s->s3->renegotiate = 1; return (1); } @@ -2721,8 +2712,8 @@ ssl3_renegotiate_check(SSL *s) { int ret = 0; - if (S3I(s)->renegotiate) { - if ((S3I(s)->rbuf.left == 0) && (S3I(s)->wbuf.left == 0) && + if (s->s3->renegotiate) { + if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && !SSL_in_init(s)) { /* * If we are the server, and we have sent @@ -2730,10 +2721,10 @@ ssl3_renegotiate_check(SSL *s) * to SSL_ST_ACCEPT. */ /* SSL_ST_ACCEPT */ - S3I(s)->hs.state = SSL_ST_RENEGOTIATE; - S3I(s)->renegotiate = 0; - S3I(s)->num_renegotiations++; - S3I(s)->total_renegotiations++; + s->s3->hs.state = SSL_ST_RENEGOTIATE; + s->s3->renegotiate = 0; + s->s3->num_renegotiations++; + s->s3->total_renegotiations++; ret = 1; } } diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c index ad16d2175b5..cfd32387d6b 100644 --- a/lib/libssl/ssl_both.c +++ b/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.41 2022/02/03 16:33:12 jsing Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.42 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -168,33 +168,33 @@ ssl3_send_finished(SSL *s, int state_a, int state_b) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == state_a) { + if (s->s3->hs.state == state_a) { if (!tls12_derive_finished(s)) goto err; /* Copy finished so we can use it for renegotiation checks. */ if (!s->server) { - memcpy(S3I(s)->previous_client_finished, - S3I(s)->hs.finished, S3I(s)->hs.finished_len); - S3I(s)->previous_client_finished_len = - S3I(s)->hs.finished_len; + memcpy(s->s3->previous_client_finished, + s->s3->hs.finished, s->s3->hs.finished_len); + s->s3->previous_client_finished_len = + s->s3->hs.finished_len; } else { - memcpy(S3I(s)->previous_server_finished, - S3I(s)->hs.finished, S3I(s)->hs.finished_len); - S3I(s)->previous_server_finished_len = - S3I(s)->hs.finished_len; + memcpy(s->s3->previous_server_finished, + s->s3->hs.finished, s->s3->hs.finished_len); + s->s3->previous_server_finished_len = + s->s3->hs.finished_len; } if (!ssl3_handshake_msg_start(s, &cbb, &finished, SSL3_MT_FINISHED)) goto err; - if (!CBB_add_bytes(&finished, S3I(s)->hs.finished, - S3I(s)->hs.finished_len)) + if (!CBB_add_bytes(&finished, s->s3->hs.finished, + s->s3->hs.finished_len)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = state_b; + s->s3->hs.state = state_b; } return (ssl3_handshake_write(s)); @@ -216,12 +216,12 @@ ssl3_get_finished(SSL *s, int a, int b) return ret; /* If this occurs, we have missed a message */ - if (!S3I(s)->change_cipher_spec) { + if (!s->s3->change_cipher_spec) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS); goto fatal_err; } - S3I(s)->change_cipher_spec = 0; + s->s3->change_cipher_spec = 0; md_len = TLS1_FINISH_MAC_LENGTH; @@ -233,14 +233,14 @@ ssl3_get_finished(SSL *s, int a, int b) CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - if (S3I(s)->hs.peer_finished_len != md_len || + if (s->s3->hs.peer_finished_len != md_len || CBS_len(&cbs) != md_len) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); goto fatal_err; } - if (!CBS_mem_equal(&cbs, S3I(s)->hs.peer_finished, CBS_len(&cbs))) { + if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_DIGEST_CHECK_FAILED); goto fatal_err; @@ -249,13 +249,13 @@ ssl3_get_finished(SSL *s, int a, int b) /* Copy finished so we can use it for renegotiation checks. */ OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); if (s->server) { - memcpy(S3I(s)->previous_client_finished, - S3I(s)->hs.peer_finished, md_len); - S3I(s)->previous_client_finished_len = md_len; + memcpy(s->s3->previous_client_finished, + s->s3->hs.peer_finished, md_len); + s->s3->previous_client_finished_len = md_len; } else { - memcpy(S3I(s)->previous_server_finished, - S3I(s)->hs.peer_finished, md_len); - S3I(s)->previous_server_finished_len = md_len; + memcpy(s->s3->previous_server_finished, + s->s3->hs.peer_finished, md_len); + s->s3->previous_server_finished_len = md_len; } return (1); @@ -272,7 +272,7 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == a) { + if (s->s3->hs.state == a) { if (!CBB_init_fixed(&cbb, s->internal->init_buf->data, s->internal->init_buf->length)) goto err; @@ -295,7 +295,7 @@ ssl3_send_change_cipher_spec(SSL *s, int a, int b) dtls1_buffer_message(s, 1); } - S3I(s)->hs.state = b; + s->s3->hs.state = b; } /* SSL3_ST_CW_CHANGE_B */ @@ -408,22 +408,22 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max) if (SSL_is_dtls(s)) return dtls1_get_message(s, st1, stn, mt, max); - if (S3I(s)->hs.tls12.reuse_message) { - S3I(s)->hs.tls12.reuse_message = 0; - if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) { + if (s->s3->hs.tls12.reuse_message) { + s->s3->hs.tls12.reuse_message = 0; + if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); goto fatal_err; } s->internal->init_msg = s->internal->init_buf->data + SSL3_HM_HEADER_LENGTH; - s->internal->init_num = (int)S3I(s)->hs.tls12.message_size; + s->internal->init_num = (int)s->s3->hs.tls12.message_size; return 1; } p = (unsigned char *)s->internal->init_buf->data; - if (S3I(s)->hs.state == st1) { + if (s->s3->hs.state == st1) { int skip_message; do { @@ -469,7 +469,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max) SSLerror(s, ERR_R_BUF_LIB); goto err; } - S3I(s)->hs.tls12.message_type = u8; + s->s3->hs.tls12.message_type = u8; if (l > (unsigned long)max) { al = SSL_AD_ILLEGAL_PARAMETER; @@ -481,8 +481,8 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max) SSLerror(s, ERR_R_BUF_LIB); goto err; } - S3I(s)->hs.tls12.message_size = l; - S3I(s)->hs.state = stn; + s->s3->hs.tls12.message_size = l; + s->s3->hs.state = stn; s->internal->init_msg = s->internal->init_buf->data + SSL3_HM_HEADER_LENGTH; @@ -491,7 +491,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max) /* next state (stn) */ p = s->internal->init_msg; - n = S3I(s)->hs.tls12.message_size - s->internal->init_num; + n = s->s3->hs.tls12.message_size - s->internal->init_num; while (n > 0) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->internal->init_num], n, 0); @@ -644,16 +644,16 @@ ssl3_setup_read_buffer(SSL *s) align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); - if (S3I(s)->rbuf.buf == NULL) { + if (s->s3->rbuf.buf == NULL) { len = SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; if ((p = calloc(1, len)) == NULL) goto err; - S3I(s)->rbuf.buf = p; - S3I(s)->rbuf.len = len; + s->s3->rbuf.buf = p; + s->s3->rbuf.len = len; } - s->internal->packet = S3I(s)->rbuf.buf; + s->internal->packet = s->s3->rbuf.buf; return 1; err: @@ -674,7 +674,7 @@ ssl3_setup_write_buffer(SSL *s) align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); - if (S3I(s)->wbuf.buf == NULL) { + if (s->s3->wbuf.buf == NULL) { len = s->max_send_fragment + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) @@ -683,8 +683,8 @@ ssl3_setup_write_buffer(SSL *s) if ((p = calloc(1, len)) == NULL) goto err; - S3I(s)->wbuf.buf = p; - S3I(s)->wbuf.len = len; + s->s3->wbuf.buf = p; + s->s3->wbuf.len = len; } return 1; @@ -715,11 +715,11 @@ ssl3_release_buffer(SSL3_BUFFER_INTERNAL *b) void ssl3_release_read_buffer(SSL *s) { - ssl3_release_buffer(&S3I(s)->rbuf); + ssl3_release_buffer(&s->s3->rbuf); } void ssl3_release_write_buffer(SSL *s) { - ssl3_release_buffer(&S3I(s)->wbuf); + ssl3_release_buffer(&s->s3->wbuf); } diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 71daf3718bb..30e99ad184e 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.94 2022/01/28 13:14:48 inoguchi Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.95 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -462,7 +462,7 @@ SSL_get_client_CA_list(const SSL *s) if (!s->server) { /* We are in the client. */ if ((s->version >> 8) == SSL3_VERSION_MAJOR) - return (S3I(s)->hs.tls12.ca_names); + return (s->s3->hs.tls12.ca_names); else return (NULL); } else { diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 643d668d7c7..13dcd905255 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.125 2021/11/23 18:26:23 tb Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.126 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -564,10 +564,10 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) *md = NULL; - if (S3I(s)->hs.cipher == NULL) + if (s->s3->hs.cipher == NULL) return 0; - handshake_mac = S3I(s)->hs.cipher->algorithm2 & + handshake_mac = s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_MASK; /* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */ diff --git a/lib/libssl/ssl_ciphers.c b/lib/libssl/ssl_ciphers.c index 4e4a0d93a4a..7ac40126eda 100644 --- a/lib/libssl/ssl_ciphers.c +++ b/lib/libssl/ssl_ciphers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciphers.c,v 1.11 2021/03/11 17:14:46 jsing Exp $ */ +/* $OpenBSD: ssl_ciphers.c,v 1.12 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org> @@ -96,7 +96,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) uint16_t cipher_value; unsigned long cipher_id; - S3I(s)->send_connection_binding = 0; + s->s3->send_connection_binding = 0; if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); @@ -123,7 +123,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) goto err; } - S3I(s)->send_connection_binding = 1; + s->s3->send_connection_binding = 1; continue; } @@ -134,8 +134,8 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) * Fail if the current version is an unexpected * downgrade. */ - if (S3I(s)->hs.negotiated_tls_version < - S3I(s)->hs.our_max_tls_version) { + if (s->s3->hs.negotiated_tls_version < + s->s3->hs.our_max_tls_version) { SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INAPPROPRIATE_FALLBACK); diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 6d50ade3987..607b0388256 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.140 2022/02/03 16:33:12 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.141 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -190,12 +190,12 @@ ssl3_connect(SSL *s) SSL_clear(s); for (;;) { - state = S3I(s)->hs.state; + state = s->s3->hs.state; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - S3I(s)->hs.state = SSL_ST_CONNECT; + s->s3->hs.state = SSL_ST_CONNECT; s->ctx->internal->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: @@ -214,8 +214,8 @@ ssl3_connect(SSL *s) } if (!ssl_supported_tls_version_range(s, - &S3I(s)->hs.our_min_tls_version, - &S3I(s)->hs.our_max_tls_version)) { + &s->s3->hs.our_min_tls_version, + &s->s3->hs.our_max_tls_version)) { SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); ret = -1; goto end; @@ -241,7 +241,7 @@ ssl3_connect(SSL *s) goto end; } - S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; + s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->internal->stats.sess_connect++; s->internal->init_num = 0; @@ -270,10 +270,10 @@ ssl3_connect(SSL *s) goto end; if (SSL_is_dtls(s) && s->d1->send_cookie) { - S3I(s)->hs.state = SSL3_ST_CW_FLUSH; - S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A; + s->s3->hs.state = SSL3_ST_CW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A; } else - S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; + s->s3->hs.state = SSL3_ST_CR_SRVR_HELLO_A; s->internal->init_num = 0; @@ -290,20 +290,20 @@ ssl3_connect(SSL *s) goto end; if (s->internal->hit) { - S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; + s->s3->hs.state = SSL3_ST_CR_FINISHED_A; if (!SSL_is_dtls(s)) { if (s->internal->tlsext_ticket_expected) { /* receive renewed session ticket */ - S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A; } /* No client certificate verification. */ tls1_transcript_free(s); } } else if (SSL_is_dtls(s)) { - S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; + s->s3->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; } else { - S3I(s)->hs.state = SSL3_ST_CR_CERT_A; + s->s3->hs.state = SSL3_ST_CR_CERT_A; } s->internal->init_num = 0; break; @@ -315,9 +315,9 @@ ssl3_connect(SSL *s) goto end; dtls1_stop_timer(s); if (s->d1->send_cookie) /* start again, with a cookie */ - S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; + s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A; else - S3I(s)->hs.state = SSL3_ST_CR_CERT_A; + s->s3->hs.state = SSL3_ST_CR_CERT_A; s->internal->init_num = 0; break; @@ -329,25 +329,25 @@ ssl3_connect(SSL *s) if (ret == 2) { s->internal->hit = 1; if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A; else - S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; + s->s3->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; } /* Check if it is anon DH/ECDH. */ - if (!(S3I(s)->hs.cipher->algorithm_auth & + if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A; + s->s3->hs.state = SSL3_ST_CR_CERT_STATUS_A; else - S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; } else { skip = 1; - S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; } s->internal->init_num = 0; break; @@ -357,7 +357,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_server_key_exchange(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A; + s->s3->hs.state = SSL3_ST_CR_CERT_REQ_A; s->internal->init_num = 0; /* @@ -375,7 +375,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_certificate_request(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A; + s->s3->hs.state = SSL3_ST_CR_SRVR_DONE_A; s->internal->init_num = 0; break; @@ -386,10 +386,10 @@ ssl3_connect(SSL *s) goto end; if (SSL_is_dtls(s)) dtls1_stop_timer(s); - if (S3I(s)->hs.tls12.cert_request) - S3I(s)->hs.state = SSL3_ST_CW_CERT_A; + if (s->s3->hs.tls12.cert_request) + s->s3->hs.state = SSL3_ST_CW_CERT_A; else - S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -403,7 +403,7 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_certificate(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -430,16 +430,16 @@ ssl3_connect(SSL *s) * message when client's ECDH public key is sent * inside the client certificate. */ - if (S3I(s)->hs.tls12.cert_request == 1) { - S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A; + if (s->s3->hs.tls12.cert_request == 1) { + s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_A; } else { - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; - S3I(s)->change_cipher_spec = 0; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->change_cipher_spec = 0; } if (!SSL_is_dtls(s)) { if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; - S3I(s)->change_cipher_spec = 0; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->change_cipher_spec = 0; } } @@ -453,9 +453,9 @@ ssl3_connect(SSL *s) ret = ssl3_send_client_verify(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; s->internal->init_num = 0; - S3I(s)->change_cipher_spec = 0; + s->s3->change_cipher_spec = 0; break; case SSL3_ST_CW_CHANGE_A: @@ -467,9 +467,9 @@ ssl3_connect(SSL *s) if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; + s->s3->hs.state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; - s->session->cipher = S3I(s)->hs.cipher; + s->session->cipher = s->s3->hs.cipher; if (!tls1_setup_key_block(s)) { ret = -1; @@ -491,18 +491,18 @@ ssl3_connect(SSL *s) goto end; if (!SSL_is_dtls(s)) s->s3->flags |= SSL3_FLAGS_CCS_OK; - S3I(s)->hs.state = SSL3_ST_CW_FLUSH; + s->s3->hs.state = SSL3_ST_CW_FLUSH; /* clear flags */ if (s->internal->hit) { - S3I(s)->hs.tls12.next_state = SSL_ST_OK; + s->s3->hs.tls12.next_state = SSL_ST_OK; } else { /* Allow NewSessionTicket if ticket expected */ if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.tls12.next_state = + s->s3->hs.tls12.next_state = SSL3_ST_CR_SESSION_TICKET_A; else - S3I(s)->hs.tls12.next_state = + s->s3->hs.tls12.next_state = SSL3_ST_CR_FINISHED_A; } s->internal->init_num = 0; @@ -513,7 +513,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_new_session_ticket(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; + s->s3->hs.state = SSL3_ST_CR_FINISHED_A; s->internal->init_num = 0; break; @@ -522,7 +522,7 @@ ssl3_connect(SSL *s) ret = ssl3_get_cert_status(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -540,9 +540,9 @@ ssl3_connect(SSL *s) dtls1_stop_timer(s); if (s->internal->hit) - S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; + s->s3->hs.state = SSL3_ST_CW_CHANGE_A; else - S3I(s)->hs.state = SSL_ST_OK; + s->s3->hs.state = SSL_ST_OK; s->internal->init_num = 0; break; @@ -553,21 +553,21 @@ ssl3_connect(SSL *s) /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; } } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; break; case SSL_ST_OK: /* clean a few things up */ tls1_cleanup_key_block(s); - if (S3I(s)->handshake_transcript != NULL) { + if (s->s3->handshake_transcript != NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); ret = -1; goto end; @@ -610,17 +610,17 @@ ssl3_connect(SSL *s) } /* did we do anything */ - if (!S3I(s)->hs.tls12.reuse_message && !skip) { + if (!s->s3->hs.tls12.reuse_message && !skip) { if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; } - if (S3I(s)->hs.state != state) { - new_state = S3I(s)->hs.state; - S3I(s)->hs.state = state; + if (s->s3->hs.state != state) { + new_state = s->s3->hs.state; + s->s3->hs.state = state; ssl_info_callback(s, SSL_CB_CONNECT_LOOP, 1); - S3I(s)->hs.state = new_state; + s->s3->hs.state = new_state; } } skip = 0; @@ -643,7 +643,7 @@ ssl3_send_client_hello(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { + if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; if (!ssl_max_supported_version(s, &max_version)) { @@ -734,7 +734,7 @@ ssl3_send_client_hello(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B; + s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_B; } /* SSL3_ST_CW_CLNT_HELLO_B */ @@ -758,9 +758,9 @@ ssl3_get_dtls_hello_verify(SSL *s) DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list)) <= 0) return ret; - if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { + if (s->s3->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { s->d1->send_cookie = 0; - S3I(s)->hs.tls12.reuse_message = 1; + s->s3->hs.tls12.reuse_message = 1; return (1); } @@ -831,9 +831,9 @@ ssl3_get_server_hello(SSL *s) CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); if (SSL_is_dtls(s)) { - if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { + if (s->s3->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { if (s->d1->send_cookie == 0) { - S3I(s)->hs.tls12.reuse_message = 1; + s->s3->hs.tls12.reuse_message = 1; return (1); } else { /* Already sent a cookie. */ @@ -844,7 +844,7 @@ ssl3_get_server_hello(SSL *s) } } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) { + if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); goto fatal_err; @@ -859,11 +859,11 @@ ssl3_get_server_hello(SSL *s) al = SSL_AD_PROTOCOL_VERSION; goto fatal_err; } - S3I(s)->hs.peer_legacy_version = server_version; + s->s3->hs.peer_legacy_version = server_version; s->version = server_version; - S3I(s)->hs.negotiated_tls_version = ssl_tls_version(server_version); - if (S3I(s)->hs.negotiated_tls_version == 0) { + s->s3->hs.negotiated_tls_version = ssl_tls_version(server_version); + if (s->s3->hs.negotiated_tls_version == 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } @@ -881,8 +881,8 @@ ssl3_get_server_hello(SSL *s) sizeof(s->s3->server_random), NULL)) goto err; - if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION && - S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) { + if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION && + s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) { /* * RFC 8446 section 4.1.3. We must not downgrade if the server * random value contains the TLS 1.2 or TLS 1.1 magical value. @@ -890,7 +890,7 @@ ssl3_get_server_hello(SSL *s) if (!CBS_skip(&server_random, CBS_len(&server_random) - sizeof(tls13_downgrade_12))) goto err; - if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION && + if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION && CBS_mem_equal(&server_random, tls13_downgrade_12, sizeof(tls13_downgrade_12))) { al = SSL_AD_ILLEGAL_PARAMETER; @@ -981,7 +981,7 @@ ssl3_get_server_hello(SSL *s) /* TLS v1.2 only ciphersuites require v1.2 or later. */ if ((cipher->algorithm_ssl & SSL_TLSV1_2) && - S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION) { + s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); goto fatal_err; @@ -1006,7 +1006,7 @@ ssl3_get_server_hello(SSL *s) SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); goto fatal_err; } - S3I(s)->hs.cipher = cipher; + s->s3->hs.cipher = cipher; if (!tls1_transcript_hash_init(s)) goto err; @@ -1015,7 +1015,7 @@ ssl3_get_server_hello(SSL *s) * Don't digest cached records if no sigalgs: we may need them for * client authentication. */ - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST))) tls1_transcript_free(s); @@ -1044,7 +1044,7 @@ ssl3_get_server_hello(SSL *s) * which doesn't support RI so for the immediate future tolerate RI * absence on initial connect only. */ - if (!S3I(s)->renegotiate_seen && + if (!s->s3->renegotiate_seen && !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); @@ -1085,12 +1085,12 @@ ssl3_get_server_certificate(SSL *s) ret = -1; - if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { - S3I(s)->hs.tls12.reuse_message = 1; + if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); goto fatal_err; @@ -1208,11 +1208,11 @@ ssl3_get_server_kex_dhe(SSL *s, CBS *cbs) int decode_error, invalid_params, invalid_key; int nid = NID_dhKeyAgreement; - tls_key_share_free(S3I(s)->hs.key_share); - if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL) + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) goto err; - if (!tls_key_share_peer_params(S3I(s)->hs.key_share, cbs, + if (!tls_key_share_peer_params(s->s3->hs.key_share, cbs, &decode_error, &invalid_params)) { if (decode_error) { SSLerror(s, SSL_R_BAD_PACKET_LENGTH); @@ -1220,7 +1220,7 @@ ssl3_get_server_kex_dhe(SSL *s, CBS *cbs) } goto err; } - if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs, + if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs, &decode_error, &invalid_key)) { if (decode_error) { SSLerror(s, SSL_R_BAD_PACKET_LENGTH); @@ -1279,11 +1279,11 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs) goto err; } - tls_key_share_free(S3I(s)->hs.key_share); - if ((S3I(s)->hs.key_share = tls_key_share_new(curve_id)) == NULL) + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new(curve_id)) == NULL) goto err; - if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public, + if (!tls_key_share_peer_public(s->s3->hs.key_share, &public, &decode_error, NULL)) { if (decode_error) goto decode_err; @@ -1309,8 +1309,8 @@ ssl3_get_server_key_exchange(SSL *s) long alg_k, alg_a; int al, ret; - alg_k = S3I(s)->hs.cipher->algorithm_mkey; - alg_a = S3I(s)->hs.cipher->algorithm_auth; + alg_k = s->s3->hs.cipher->algorithm_mkey; + alg_a = s->s3->hs.cipher->algorithm_auth; /* * Use same message size as in ssl3_get_certificate_request() @@ -1328,7 +1328,7 @@ ssl3_get_server_key_exchange(SSL *s) CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { /* * Do not skip server key exchange if this cipher suite uses * ephemeral keys. @@ -1339,7 +1339,7 @@ ssl3_get_server_key_exchange(SSL *s) goto fatal_err; } - S3I(s)->hs.tls12.reuse_message = 1; + s->s3->hs.tls12.reuse_message = 1; EVP_MD_CTX_free(md_ctx); return (1); } @@ -1398,7 +1398,7 @@ ssl3_get_server_key_exchange(SSL *s) al = SSL_AD_DECODE_ERROR; goto fatal_err; } - S3I(s)->hs.peer_sigalg = sigalg; + s->s3->hs.peer_sigalg = sigalg; if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(), NULL, pkey)) @@ -1462,10 +1462,10 @@ ssl3_get_certificate_request(SSL *s) ret = 0; - S3I(s)->hs.tls12.cert_request = 0; + s->s3->hs.tls12.cert_request = 0; - if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) { - S3I(s)->hs.tls12.reuse_message = 1; + if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_DONE) { + s->s3->hs.tls12.reuse_message = 1; /* * If we get here we don't need any cached handshake records * as we wont be doing client auth. @@ -1474,14 +1474,14 @@ ssl3_get_certificate_request(SSL *s) return (1); } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); goto err; } /* TLS does not like anon-DH with client cert */ - if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) { + if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); goto err; @@ -1516,8 +1516,8 @@ ssl3_get_certificate_request(SSL *s) SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); goto err; } - if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, - &S3I(s)->hs.sigalgs_len)) + if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, + &s->s3->hs.sigalgs_len)) goto err; } @@ -1569,9 +1569,9 @@ ssl3_get_certificate_request(SSL *s) } /* we should setup a certificate to return.... */ - S3I(s)->hs.tls12.cert_request = 1; - sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free); - S3I(s)->hs.tls12.ca_names = ca_sk; + s->s3->hs.tls12.cert_request = 1; + sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); + s->s3->hs.tls12.ca_names = ca_sk; ca_sk = NULL; ret = 1; @@ -1602,11 +1602,11 @@ ssl3_get_new_session_ticket(SSL *s) SSL3_ST_CR_SESSION_TICKET_B, -1, 16384)) <= 0) return ret; - if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) { - S3I(s)->hs.tls12.reuse_message = 1; + if (s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) { + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) { + if (s->s3->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); goto fatal_err; @@ -1673,7 +1673,7 @@ ssl3_get_cert_status(SSL *s) SSL3_ST_CR_CERT_STATUS_B, -1, 16384)) <= 0) return ret; - if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { + if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { /* * Tell the callback the server did not send us an OSCP * response, and has decided to head directly to key exchange. @@ -1696,12 +1696,12 @@ ssl3_get_cert_status(SSL *s) goto fatal_err; } } - S3I(s)->hs.tls12.reuse_message = 1; + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE && - S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE && + s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); goto fatal_err; @@ -1858,17 +1858,17 @@ ssl3_send_client_kex_dhe(SSL *s, CBB *cbb) int ret = 0; /* Ensure that we have an ephemeral key from the server for DHE. */ - if (S3I(s)->hs.key_share == NULL) { + if (s->s3->hs.key_share == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); SSLerror(s, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); goto err; } - if (!tls_key_share_generate(S3I(s)->hs.key_share)) + if (!tls_key_share_generate(s->s3->hs.key_share)) goto err; - if (!tls_key_share_public(S3I(s)->hs.key_share, cbb)) + if (!tls_key_share_public(s->s3->hs.key_share, cbb)) goto err; - if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len)) + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) goto err; if (!tls12_derive_master_secret(s, key, key_len)) @@ -1891,23 +1891,23 @@ ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb) int ret = 0; /* Ensure that we have an ephemeral key for ECDHE. */ - if (S3I(s)->hs.key_share == NULL) { + if (s->s3->hs.key_share == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } - if (!tls_key_share_generate(S3I(s)->hs.key_share)) + if (!tls_key_share_generate(s->s3->hs.key_share)) goto err; if (!CBB_add_u8_length_prefixed(cbb, &public)) return 0; - if (!tls_key_share_public(S3I(s)->hs.key_share, &public)) + if (!tls_key_share_public(s->s3->hs.key_share, &public)) goto err; if (!CBB_flush(cbb)) goto err; - if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len)) + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) goto err; if (!tls12_derive_master_secret(s, key, key_len)) @@ -1960,7 +1960,7 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb) * If we have client certificate, use its secret as peer key. * XXX - this presumably lacks PFS. */ - if (S3I(s)->hs.tls12.cert_request != 0 && + if (s->s3->hs.tls12.cert_request != 0 && s->cert->key->privatekey != NULL) { if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <=0) { @@ -1981,7 +1981,7 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb) } /* XXX check handshake hash instead. */ - if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) + if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) nid = NID_id_GostR3411_94; else nid = NID_id_tc26_gost3411_2012_256; @@ -2042,8 +2042,8 @@ ssl3_send_client_key_exchange(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) { - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + if (s->s3->hs.state == SSL3_ST_CW_KEY_EXCH_A) { + alg_k = s->s3->hs.cipher->algorithm_mkey; if (!ssl3_handshake_msg_start(s, &cbb, &kex, SSL3_MT_CLIENT_KEY_EXCHANGE)) @@ -2071,7 +2071,7 @@ ssl3_send_client_key_exchange(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B; + s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_B; } /* SSL3_ST_CW_KEY_EXCH_B */ @@ -2302,7 +2302,7 @@ ssl3_send_client_verify(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_VRFY_A) { if (!ssl3_handshake_msg_start(s, &cbb, &cert_verify, SSL3_MT_CERTIFICATE_VERIFY)) goto err; @@ -2312,7 +2312,7 @@ ssl3_send_client_verify(SSL *s) SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); goto err; } - S3I(s)->hs.our_sigalg = sigalg; + s->s3->hs.our_sigalg = sigalg; /* * For TLS v1.2 send signature algorithm and signature using @@ -2344,7 +2344,7 @@ ssl3_send_client_verify(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B; + s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_B; } return (ssl3_handshake_write(s)); @@ -2365,16 +2365,16 @@ ssl3_send_client_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_A) { if (s->cert->key->x509 == NULL || s->cert->key->privatekey == NULL) - S3I(s)->hs.state = SSL3_ST_CW_CERT_B; + s->s3->hs.state = SSL3_ST_CW_CERT_B; else - S3I(s)->hs.state = SSL3_ST_CW_CERT_C; + s->s3->hs.state = SSL3_ST_CW_CERT_C; } /* We need to get a client cert */ - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_B) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_B) { /* * If we get an error, we need to * ssl->internal->rwstate = SSL_X509_LOOKUP; return(-1); @@ -2387,7 +2387,7 @@ ssl3_send_client_certificate(SSL *s) } s->internal->rwstate = SSL_NOTHING; if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { - S3I(s)->hs.state = SSL3_ST_CW_CERT_B; + s->s3->hs.state = SSL3_ST_CW_CERT_B; if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey)) i = 0; @@ -2399,27 +2399,27 @@ ssl3_send_client_certificate(SSL *s) X509_free(x509); EVP_PKEY_free(pkey); if (i == 0) { - S3I(s)->hs.tls12.cert_request = 2; + s->s3->hs.tls12.cert_request = 2; /* There is no client certificate to verify. */ tls1_transcript_free(s); } /* Ok, we have a cert */ - S3I(s)->hs.state = SSL3_ST_CW_CERT_C; + s->s3->hs.state = SSL3_ST_CW_CERT_C; } - if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) { + if (s->s3->hs.state == SSL3_ST_CW_CERT_C) { if (!ssl3_handshake_msg_start(s, &cbb, &client_cert, SSL3_MT_CERTIFICATE)) goto err; if (!ssl3_output_cert_chain(s, &client_cert, - (S3I(s)->hs.tls12.cert_request == 2) ? NULL : s->cert->key)) + (s->s3->hs.tls12.cert_request == 2) ? NULL : s->cert->key)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_CW_CERT_D; + s->s3->hs.state = SSL3_ST_CW_CERT_D; } /* SSL3_ST_CW_CERT_D */ @@ -2440,15 +2440,15 @@ ssl3_check_cert_and_algorithm(SSL *s) int nid = NID_undef; int i; - alg_k = S3I(s)->hs.cipher->algorithm_mkey; - alg_a = S3I(s)->hs.cipher->algorithm_auth; + alg_k = s->s3->hs.cipher->algorithm_mkey; + alg_a = s->s3->hs.cipher->algorithm_auth; /* We don't have a certificate. */ if (alg_a & SSL_aNULL) return (1); - if (S3I(s)->hs.key_share != NULL) - nid = tls_key_share_nid(S3I(s)->hs.key_share); + if (s->s3->hs.key_share != NULL) + nid = tls_key_share_nid(s->s3->hs.key_share); /* This is the passed certificate. */ @@ -2505,9 +2505,9 @@ ssl3_check_finished(SSL *s) SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0) return ret; - S3I(s)->hs.tls12.reuse_message = 1; - if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) || - (S3I(s)->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET)) + s->s3->hs.tls12.reuse_message = 1; + if ((s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) || + (s->s3->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET)) return (2); return (1); diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c index 9ea7cd469ad..d4c9fbbf076 100644 --- a/lib/libssl/ssl_err.c +++ b/lib/libssl/ssl_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_err.c,v 1.39 2021/09/10 09:25:29 tb Exp $ */ +/* $OpenBSD: ssl_err.c,v 1.40 2022/02/05 14:54:10 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -666,5 +666,5 @@ void SSL_error_internal(const SSL *s, int r, char *f, int l) { ERR_PUT_error(ERR_LIB_SSL, - (SSL_state_func_code(S3I(s)->hs.state)), r, f, l); + (SSL_state_func_code(s->s3->hs.state)), r, f, l); } diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 91080e93608..ad7fe4d5752 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.287 2022/01/14 09:10:11 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.288 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -732,10 +732,10 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) { size_t ret; - ret = S3I(s)->hs.finished_len; + ret = s->s3->hs.finished_len; if (count > ret) count = ret; - memcpy(buf, S3I(s)->hs.finished, count); + memcpy(buf, s->s3->hs.finished, count); return (ret); } @@ -745,10 +745,10 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { size_t ret; - ret = S3I(s)->hs.peer_finished_len; + ret = s->s3->hs.peer_finished_len; if (count > ret) count = ret; - memcpy(buf, S3I(s)->hs.peer_finished, count); + memcpy(buf, s->s3->hs.peer_finished, count); return (ret); } @@ -1294,7 +1294,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return (1); case SSL_CTRL_GET_RI_SUPPORT: if (s->s3) - return (S3I(s)->send_connection_binding); + return (s->s3->send_connection_binding); else return (0); default: if (SSL_is_dtls(s)) @@ -1837,8 +1837,8 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, unsigned int *len) { - *data = ssl->s3->internal->alpn_selected; - *len = ssl->s3->internal->alpn_selected_len; + *data = ssl->s3->alpn_selected; + *len = ssl->s3->alpn_selected_len; } void @@ -2224,8 +2224,8 @@ ssl_using_ecc_cipher(SSL *s) { unsigned long alg_a, alg_k; - alg_a = S3I(s)->hs.cipher->algorithm_auth; - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_a = s->s3->hs.cipher->algorithm_auth; + alg_k = s->s3->hs.cipher->algorithm_mkey; return s->session->tlsext_ecpointformatlist != NULL && s->session->tlsext_ecpointformatlist_length > 0 && @@ -2235,7 +2235,7 @@ ssl_using_ecc_cipher(SSL *s) int ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x) { - const SSL_CIPHER *cs = S3I(s)->hs.cipher; + const SSL_CIPHER *cs = s->s3->hs.cipher; unsigned long alg_a; alg_a = cs->algorithm_auth; @@ -2259,9 +2259,9 @@ ssl_get_server_send_pkey(const SSL *s) int i; c = s->cert; - ssl_set_cert_masks(c, S3I(s)->hs.cipher); + ssl_set_cert_masks(c, s->s3->hs.cipher); - alg_a = S3I(s)->hs.cipher->algorithm_auth; + alg_a = s->s3->hs.cipher->algorithm_auth; if (alg_a & SSL_aECDSA) { i = SSL_PKEY_ECC; @@ -2319,9 +2319,9 @@ ssl_dhe_params_auto_key_bits(SSL *s) if (s->cert->dhe_params_auto == 2) { key_bits = 1024; - } else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) { + } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) { key_bits = 1024; - if (S3I(s)->hs.cipher->strength_bits == 256) + if (s->s3->hs.cipher->strength_bits == 256) key_bits = 3072; } else { if ((cpk = ssl_get_server_send_pkey(s)) == NULL) @@ -2352,7 +2352,7 @@ ssl_should_update_external_cache(SSL *s, int mode) return 1; /* If it's TLS 1.3, do it to match OpenSSL */ - if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) + if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) return 1; return 0; @@ -2377,7 +2377,7 @@ ssl_should_update_internal_cache(SSL *s, int mode) return 0; /* If we are lesser than TLS 1.3, Cache it. */ - if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION) + if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) return 1; /* Below this we consider TLS 1.3 or later */ @@ -2556,7 +2556,7 @@ SSL_get_error(const SSL *s, int i) if (i == 0) { if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && - (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY)) + (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) return (SSL_ERROR_ZERO_RETURN); } return (SSL_ERROR_SYSCALL); @@ -2589,7 +2589,7 @@ SSL_set_accept_state(SSL *s) { s->server = 1; s->internal->shutdown = 0; - S3I(s)->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; + s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE; s->internal->handshake_func = s->method->ssl_accept; ssl_clear_cipher_state(s); } @@ -2599,7 +2599,7 @@ SSL_set_connect_state(SSL *s) { s->server = 0; s->internal->shutdown = 0; - S3I(s)->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; + s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE; s->internal->handshake_func = s->method->ssl_connect; ssl_clear_cipher_state(s); } @@ -2731,7 +2731,7 @@ SSL_dup(SSL *s) ret->internal->quiet_shutdown = s->internal->quiet_shutdown; ret->internal->shutdown = s->internal->shutdown; /* SSL_dup does not really work at any state, though */ - S3I(ret)->hs.state = S3I(s)->hs.state; + ret->s3->hs.state = s->s3->hs.state; ret->internal->rstate = s->internal->rstate; /* @@ -3018,13 +3018,13 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) int SSL_state(const SSL *ssl) { - return (S3I(ssl)->hs.state); + return (ssl->s3->hs.state); } void SSL_set_state(SSL *ssl, int state) { - S3I(ssl)->hs.state = state; + ssl->s3->hs.state = state; } void diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index ee64ec208ef..69e52dcc8cc 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.384 2022/02/03 16:33:12 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.385 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1132,7 +1132,12 @@ typedef struct ssl3_buffer_internal_st { int left; /* how many bytes left */ } SSL3_BUFFER_INTERNAL; -typedef struct ssl3_state_internal_st { +typedef struct ssl3_state_st { + long flags; + + unsigned char server_random[SSL3_RANDOM_SIZE]; + unsigned char client_random[SSL3_RANDOM_SIZE]; + SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */ SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */ @@ -1204,21 +1209,8 @@ typedef struct ssl3_state_internal_st { */ unsigned char *alpn_selected; size_t alpn_selected_len; -} SSL3_STATE_INTERNAL; -#define S3I(s) (s->s3->internal) - -typedef struct ssl3_state_st { - long flags; - - unsigned char server_random[SSL3_RANDOM_SIZE]; - unsigned char client_random[SSL3_RANDOM_SIZE]; - - struct ssl3_state_internal_st *internal; } SSL3_STATE; -/*#define SSL_DEBUG */ -/*#define RSA_DEBUG */ - /* * Flag values for enc_flags. */ diff --git a/lib/libssl/ssl_packet.c b/lib/libssl/ssl_packet.c index af56dcef7f6..091685b2178 100644 --- a/lib/libssl/ssl_packet.c +++ b/lib/libssl/ssl_packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_packet.c,v 1.12 2021/07/01 17:53:39 jsing Exp $ */ +/* $OpenBSD: ssl_packet.c,v 1.13 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> * @@ -209,10 +209,10 @@ ssl_convert_sslv2_client_hello(SSL *s) if (!CBB_finish(&cbb, &data, &data_len)) goto err; - if (data_len > S3I(s)->rbuf.len) + if (data_len > s->s3->rbuf.len) goto err; - s->internal->packet = S3I(s)->rbuf.buf; + s->internal->packet = s->s3->rbuf.buf; s->internal->packet_length = data_len; memcpy(s->internal->packet, data, data_len); ret = 1; diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index e3101eefbac..3374713644c 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.52 2021/10/25 10:14:48 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.53 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -142,7 +142,7 @@ ssl_force_want_read(SSL *s) /* * If extend == 0, obtain new n-byte packet; if extend == 1, increase * packet by another n bytes. - * The packet will be in the sub-array of S3I(s)->rbuf.buf specified + * The packet will be in the sub-array of s->s3->rbuf.buf specified * by s->internal->packet and s->internal->packet_length. * (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf * [plus s->internal->packet_length bytes if extend == 1].) @@ -150,7 +150,7 @@ ssl_force_want_read(SSL *s) static int ssl3_read_n(SSL *s, int n, int max, int extend) { - SSL3_BUFFER_INTERNAL *rb = &(S3I(s)->rbuf); + SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf); int i, len, left; size_t align; unsigned char *pkt; @@ -239,7 +239,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) } while (left < n) { - /* Now we have len+left bytes at the front of S3I(s)->rbuf.buf + /* Now we have len+left bytes at the front of s->s3->rbuf.buf * and need to read in more until we have len+n (up to * len+max if possible) */ @@ -288,7 +288,7 @@ ssl3_packet_read(SSL *s, int plen) { int n; - n = ssl3_read_n(s, plen, S3I(s)->rbuf.len, 0); + n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0); if (n <= 0) return n; if (s->internal->packet_length < plen) @@ -327,8 +327,8 @@ ssl3_packet_extend(SSL *s, int plen) static int ssl3_get_record(SSL *s) { - SSL3_BUFFER_INTERNAL *rb = &(S3I(s)->rbuf); - SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec); + SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf); + SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec); uint8_t alert_desc; uint8_t *out; size_t out_len; @@ -483,8 +483,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } s->internal->rwstate = SSL_NOTHING; - tot = S3I(s)->wnum; - S3I(s)->wnum = 0; + tot = s->s3->wnum; + s->s3->wnum = 0; if (SSL_in_init(s) && !s->internal->in_handshake) { i = s->internal->handshake_func(s); @@ -507,7 +507,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) i = do_ssl3_write(s, type, &(buf[tot]), nw); if (i <= 0) { - S3I(s)->wnum = tot; + s->s3->wnum = tot; return i; } @@ -518,7 +518,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * empty fragment in ciphersuites with known-IV * weakness. */ - S3I(s)->empty_fragment_done = 0; + s->s3->empty_fragment_done = 0; return tot + i; } @@ -531,7 +531,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) { - SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf); + SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); SSL_SESSION *sess = s->session; int need_empty_fragment = 0; size_t align, out_len; @@ -553,7 +553,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) return (ssl3_write_pending(s, type, buf, len)); /* If we have an alert to send, let's send it. */ - if (S3I(s)->alert_dispatch) { + if (s->s3->alert_dispatch) { if ((ret = ssl3_dispatch_alert(s)) <= 0) return (ret); /* If it went, fall through and send more stuff. */ @@ -572,9 +572,9 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * bytes and record version number > TLS 1.0. */ version = s->version; - if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && + if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate && - S3I(s)->hs.our_max_tls_version > TLS1_VERSION) + s->s3->hs.our_max_tls_version > TLS1_VERSION) version = TLS1_VERSION; /* @@ -583,8 +583,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * is unnecessary for AEAD. */ if (sess != NULL && tls12_record_layer_write_protected(s->internal->rl)) { - if (S3I(s)->need_empty_fragments && - !S3I(s)->empty_fragment_done && + if (s->s3->need_empty_fragments && + !s->s3->empty_fragment_done && type == SSL3_RT_APPLICATION_DATA) need_empty_fragment = 1; } @@ -609,7 +609,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, 0, &cbb)) goto err; - S3I(s)->empty_fragment_done = 1; + s->s3->empty_fragment_done = 1; } if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb)) @@ -624,10 +624,10 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) * Memorize arguments so that ssl3_write_pending can detect * bad write retries later. */ - S3I(s)->wpend_tot = len; - S3I(s)->wpend_buf = buf; - S3I(s)->wpend_type = type; - S3I(s)->wpend_ret = len; + s->s3->wpend_tot = len; + s->s3->wpend_buf = buf; + s->s3->wpend_type = type; + s->s3->wpend_ret = len; /* We now just need to write the buffer. */ return ssl3_write_pending(s, type, buf, len); @@ -638,17 +638,17 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) return -1; } -/* if S3I(s)->wbuf.left != 0, we need to call this */ +/* if s->s3->wbuf.left != 0, we need to call this */ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) { int i; - SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf); + SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf); /* XXXX */ - if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) && + if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) && !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || - (S3I(s)->wpend_type != type)) { + (s->s3->wpend_type != type)) { SSLerror(s, SSL_R_BAD_WRITE_RETRY); return (-1); } @@ -670,7 +670,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) !SSL_is_dtls(s)) ssl3_release_write_buffer(s); s->internal->rwstate = SSL_NOTHING; - return (S3I(s)->wpend_ret); + return (s->s3->wpend_ret); } else if (i <= 0) { /* * For DTLS, just drop it. That's kind of the @@ -720,7 +720,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) unsigned int n; SSL3_RECORD_INTERNAL *rr; - if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */ + if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ if (!ssl3_setup_read_buffer(s)) return (-1); @@ -737,28 +737,28 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } if ((type == SSL3_RT_HANDSHAKE) && - (S3I(s)->handshake_fragment_len > 0)) { + (s->s3->handshake_fragment_len > 0)) { /* (partially) satisfy request from storage */ - unsigned char *src = S3I(s)->handshake_fragment; + unsigned char *src = s->s3->handshake_fragment; unsigned char *dst = buf; unsigned int k; /* peek == 0 */ n = 0; - while ((len > 0) && (S3I(s)->handshake_fragment_len > 0)) { + while ((len > 0) && (s->s3->handshake_fragment_len > 0)) { *dst++ = *src++; len--; - S3I(s)->handshake_fragment_len--; + s->s3->handshake_fragment_len--; n++; } /* move any remaining fragment bytes: */ - for (k = 0; k < S3I(s)->handshake_fragment_len; k++) - S3I(s)->handshake_fragment[k] = *src++; + for (k = 0; k < s->s3->handshake_fragment_len; k++) + s->s3->handshake_fragment[k] = *src++; return n; } /* - * Now S3I(s)->handshake_fragment_len == 0 if + * Now s->s3->handshake_fragment_len == 0 if * type == SSL3_RT_HANDSHAKE. */ if (!s->internal->in_handshake && SSL_in_init(s)) { @@ -789,12 +789,12 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->internal->rwstate = SSL_NOTHING; /* - * S3I(s)->rrec.type - is the type of record - * S3I(s)->rrec.data, - data - * S3I(s)->rrec.off, - offset into 'data' for next read - * S3I(s)->rrec.length, - number of bytes. + * s->s3->rrec.type - is the type of record + * s->s3->rrec.data, - data + * s->s3->rrec.off, - offset into 'data' for next read + * s->s3->rrec.length, - number of bytes. */ - rr = &(S3I(s)->rrec); + rr = &(s->s3->rrec); /* get new packet if necessary */ if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) { @@ -805,7 +805,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) /* we now have a packet which can be read and processed */ - if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec, + if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, * reset by ssl3_get_finished */ && (rr->type != SSL3_RT_HANDSHAKE)) { al = SSL_AD_UNEXPECTED_MESSAGE; @@ -850,7 +850,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->internal->rstate = SSL_ST_READ_HEADER; rr->off = 0; if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS && - S3I(s)->rbuf.left == 0) + s->s3->rbuf.left == 0) ssl3_release_read_buffer(s); } } @@ -872,13 +872,13 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) unsigned int *dest_len = NULL; if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof S3I(s)->handshake_fragment; - dest = S3I(s)->handshake_fragment; - dest_len = &S3I(s)->handshake_fragment_len; + dest_maxlen = sizeof s->s3->handshake_fragment; + dest = s->s3->handshake_fragment; + dest_len = &s->s3->handshake_fragment_len; } else if (rr->type == SSL3_RT_ALERT) { - dest_maxlen = sizeof S3I(s)->alert_fragment; - dest = S3I(s)->alert_fragment; - dest_len = &S3I(s)->alert_fragment_len; + dest_maxlen = sizeof s->s3->alert_fragment; + dest = s->s3->alert_fragment; + dest_len = &s->s3->alert_fragment_len; } if (dest_maxlen > 0) { /* available space in 'dest' */ @@ -897,30 +897,30 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } - /* S3I(s)->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; - * S3I(s)->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. + /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; + * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ /* If we are a client, check for an incoming 'Hello Request': */ - if ((!s->server) && (S3I(s)->handshake_fragment_len >= 4) && - (S3I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && + if ((!s->server) && (s->s3->handshake_fragment_len >= 4) && + (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && (s->session != NULL) && (s->session->cipher != NULL)) { - S3I(s)->handshake_fragment_len = 0; + s->s3->handshake_fragment_len = 0; - if ((S3I(s)->handshake_fragment[1] != 0) || - (S3I(s)->handshake_fragment[2] != 0) || - (S3I(s)->handshake_fragment[3] != 0)) { + if ((s->s3->handshake_fragment[1] != 0) || + (s->s3->handshake_fragment[2] != 0) || + (s->s3->handshake_fragment[3] != 0)) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_HELLO_REQUEST); goto fatal_err; } ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, - S3I(s)->handshake_fragment, 4); + s->s3->handshake_fragment, 4); if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !S3I(s)->renegotiate) { + !s->s3->renegotiate) { ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) { i = s->internal->handshake_func(s); @@ -932,7 +932,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) { + if (s->s3->rbuf.left == 0) { ssl_force_want_read(s); return (-1); } @@ -945,8 +945,8 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } /* Disallow client initiated renegotiation if configured. */ if (s->server && SSL_is_init_finished(s) && - S3I(s)->handshake_fragment_len >= 4 && - S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO && + s->s3->handshake_fragment_len >= 4 && + s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO && (s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) { al = SSL_AD_NO_RENEGOTIATION; goto fatal_err; @@ -957,29 +957,29 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) */ if (s->server && SSL_is_init_finished(s) && - !S3I(s)->send_connection_binding && - (S3I(s)->handshake_fragment_len >= 4) && - (S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && + !s->s3->send_connection_binding && + (s->s3->handshake_fragment_len >= 4) && + (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && (s->session != NULL) && (s->session->cipher != NULL)) { - /*S3I(s)->handshake_fragment_len = 0;*/ + /*s->s3->handshake_fragment_len = 0;*/ rr->length = 0; ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); goto start; } - if (S3I(s)->alert_fragment_len >= 2) { - int alert_level = S3I(s)->alert_fragment[0]; - int alert_descr = S3I(s)->alert_fragment[1]; + if (s->s3->alert_fragment_len >= 2) { + int alert_level = s->s3->alert_fragment[0]; + int alert_descr = s->s3->alert_fragment[1]; - S3I(s)->alert_fragment_len = 0; + s->s3->alert_fragment_len = 0; ssl_msg_callback(s, 0, SSL3_RT_ALERT, - S3I(s)->alert_fragment, 2); + s->s3->alert_fragment, 2); ssl_info_callback(s, SSL_CB_READ_ALERT, (alert_level << 8) | alert_descr); if (alert_level == SSL3_AL_WARNING) { - S3I(s)->warn_alert = alert_descr; + s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; return (0); @@ -1000,7 +1000,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } else if (alert_level == SSL3_AL_FATAL) { s->internal->rwstate = SSL_NOTHING; - S3I(s)->fatal_alert = alert_descr; + s->s3->fatal_alert = alert_descr; SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); ERR_asprintf_error_data("SSL alert number %d", alert_descr); @@ -1034,7 +1034,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } /* Check we have a cipher to change to */ - if (S3I(s)->hs.cipher == NULL) { + if (s->s3->hs.cipher == NULL) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); goto fatal_err; @@ -1052,7 +1052,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ssl_msg_callback(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1); - S3I(s)->change_cipher_spec = 1; + s->s3->change_cipher_spec = 1; if (!ssl3_do_change_cipher_spec(s)) goto err; else @@ -1060,10 +1060,10 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } /* Unexpected handshake message (Client Hello, or protocol violation) */ - if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) { - if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) && + if ((s->s3->handshake_fragment_len >= 4) && !s->internal->in_handshake) { + if (((s->s3->hs.state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; + s->s3->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; s->internal->renegotiate = 1; s->internal->new_session = 1; } @@ -1076,7 +1076,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { - if (S3I(s)->rbuf.left == 0) { + if (s->s3->rbuf.left == 0) { ssl_force_want_read(s); return (-1); } @@ -1115,15 +1115,15 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) * at this point (session renegotiation not yet started), * we will indulge it. */ - if (S3I(s)->in_read_app_data && - (S3I(s)->total_renegotiations != 0) && - (((S3I(s)->hs.state & SSL_ST_CONNECT) && - (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && - (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || - ((S3I(s)->hs.state & SSL_ST_ACCEPT) && - (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && - (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { - S3I(s)->in_read_app_data = 2; + if (s->s3->in_read_app_data && + (s->s3->total_renegotiations != 0) && + (((s->s3->hs.state & SSL_ST_CONNECT) && + (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && + (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || + ((s->s3->hs.state & SSL_ST_ACCEPT) && + (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && + (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { + s->s3->in_read_app_data = 2; return (-1); } else { al = SSL_AD_UNEXPECTED_MESSAGE; @@ -1142,14 +1142,14 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) int ssl3_do_change_cipher_spec(SSL *s) { - if (S3I(s)->hs.tls12.key_block == NULL) { + if (s->s3->hs.tls12.key_block == NULL) { if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); return (0); } - s->session->cipher = S3I(s)->hs.cipher; + s->session->cipher = s->s3->hs.cipher; if (!tls1_setup_key_block(s)) return (0); } @@ -1171,11 +1171,11 @@ static int ssl3_write_alert(SSL *s) { if (SSL_is_dtls(s)) - return do_dtls1_write(s, SSL3_RT_ALERT, S3I(s)->send_alert, - sizeof(S3I(s)->send_alert)); + return do_dtls1_write(s, SSL3_RT_ALERT, s->s3->send_alert, + sizeof(s->s3->send_alert)); - return do_ssl3_write(s, SSL3_RT_ALERT, S3I(s)->send_alert, - sizeof(S3I(s)->send_alert)); + return do_ssl3_write(s, SSL3_RT_ALERT, s->s3->send_alert, + sizeof(s->s3->send_alert)); } int @@ -1185,15 +1185,15 @@ ssl3_send_alert(SSL *s, int level, int desc) if (level == SSL3_AL_FATAL) SSL_CTX_remove_session(s->ctx, s->session); - S3I(s)->alert_dispatch = 1; - S3I(s)->send_alert[0] = level; - S3I(s)->send_alert[1] = desc; + s->s3->alert_dispatch = 1; + s->s3->send_alert[0] = level; + s->s3->send_alert[1] = desc; /* * If data is still being written out, the alert will be dispatched at * some point in the future. */ - if (S3I(s)->wbuf.left != 0) + if (s->s3->wbuf.left != 0) return -1; return ssl3_dispatch_alert(s); @@ -1204,9 +1204,9 @@ ssl3_dispatch_alert(SSL *s) { int ret; - S3I(s)->alert_dispatch = 0; + s->s3->alert_dispatch = 0; if ((ret = ssl3_write_alert(s)) <= 0) { - S3I(s)->alert_dispatch = 1; + s->s3->alert_dispatch = 1; return ret; } @@ -1215,13 +1215,13 @@ ssl3_dispatch_alert(SSL *s) * If the message does not get sent due to non-blocking IO, * we will not worry too much. */ - if (S3I(s)->send_alert[0] == SSL3_AL_FATAL) + if (s->s3->send_alert[0] == SSL3_AL_FATAL) (void)BIO_flush(s->wbio); - ssl_msg_callback(s, 1, SSL3_RT_ALERT, S3I(s)->send_alert, 2); + ssl_msg_callback(s, 1, SSL3_RT_ALERT, s->s3->send_alert, 2); ssl_info_callback(s, SSL_CB_WRITE_ALERT, - (S3I(s)->send_alert[0] << 8) | S3I(s)->send_alert[1]); + (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]); return ret; } diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c index fd96317fde7..daf735a8ffd 100644 --- a/lib/libssl/ssl_sigalgs.c +++ b/lib/libssl/ssl_sigalgs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.40 2022/01/20 20:37:33 tb Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.41 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> @@ -209,7 +209,7 @@ ssl_sigalg_from_value(SSL *s, uint16_t value) size_t len; int i; - ssl_sigalgs_for_version(S3I(s)->hs.negotiated_tls_version, + ssl_sigalgs_for_version(s->s3->hs.negotiated_tls_version, &values, &len); for (i = 0; i < len; i++) { @@ -248,7 +248,7 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey) /* Default signature algorithms used for TLSv1.2 and earlier. */ switch (EVP_PKEY_id(pkey)) { case EVP_PKEY_RSA: - if (S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION) + if (s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); case EVP_PKEY_EC: @@ -277,7 +277,7 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) return 0; } - if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION) + if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) return 1; /* RSA cannot be used without PSS in TLSv1.3. */ @@ -309,14 +309,14 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey) * RFC 5246 allows a TLS 1.2 client to send no sigalgs extension, * in which case the server must use the default. */ - if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION && - S3I(s)->hs.sigalgs == NULL) + if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION && + s->s3->hs.sigalgs == NULL) return ssl_sigalg_for_legacy(s, pkey); /* * If we get here, we have client or server sent sigalgs, use one. */ - CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); + CBS_init(&cbs, s->s3->hs.sigalgs, s->s3->hs.sigalgs_len); while (CBS_len(&cbs) > 0) { const struct ssl_sigalg *sigalg; uint16_t sigalg_value; diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 30545320b30..359395051a8 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.140 2022/01/11 19:03:15 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.141 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -194,12 +194,12 @@ ssl3_accept(SSL *s) s->d1->listen = listen; for (;;) { - state = S3I(s)->hs.state; + state = s->s3->hs.state; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_RENEGOTIATE: s->internal->renegotiate = 1; - /* S3I(s)->hs.state=SSL_ST_ACCEPT; */ + /* s->s3->hs.state=SSL_ST_ACCEPT; */ case SSL_ST_BEFORE: case SSL_ST_ACCEPT: @@ -216,8 +216,8 @@ ssl3_accept(SSL *s) } if (!ssl_supported_tls_version_range(s, - &S3I(s)->hs.our_min_tls_version, - &S3I(s)->hs.our_max_tls_version)) { + &s->s3->hs.our_min_tls_version, + &s->s3->hs.our_max_tls_version)) { SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); ret = -1; goto end; @@ -234,7 +234,7 @@ ssl3_accept(SSL *s) s->internal->init_num = 0; - if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) { + if (s->s3->hs.state != SSL_ST_RENEGOTIATE) { /* * Ok, we now need to push on a buffering BIO * so that the output is sent in a way that @@ -250,9 +250,9 @@ ssl3_accept(SSL *s) goto end; } - S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; + s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->internal->stats.sess_accept++; - } else if (!SSL_is_dtls(s) && !S3I(s)->send_connection_binding) { + } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) { /* * Server attempting to renegotiate with * client that doesn't support secure @@ -265,11 +265,11 @@ ssl3_accept(SSL *s) goto end; } else { /* - * S3I(s)->hs.state == SSL_ST_RENEGOTIATE, + * s->s3->hs.state == SSL_ST_RENEGOTIATE, * we will just send a HelloRequest. */ s->ctx->internal->stats.sess_accept_renegotiate++; - S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A; + s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A; } break; @@ -284,10 +284,10 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; if (SSL_is_dtls(s)) - S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; + s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; else - S3I(s)->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C; + s->s3->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; if (SSL_is_dtls(s)) { @@ -299,7 +299,7 @@ ssl3_accept(SSL *s) break; case SSL3_ST_SW_HELLO_REQ_C: - S3I(s)->hs.state = SSL_ST_OK; + s->s3->hs.state = SSL_ST_OK; break; case SSL3_ST_SR_CLNT_HELLO_A: @@ -314,9 +314,9 @@ ssl3_accept(SSL *s) if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) - S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; + s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; else - S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A; + s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; s->internal->init_num = 0; @@ -330,7 +330,7 @@ ssl3_accept(SSL *s) } /* If we're just listening, stop here */ - if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { + if (listen && s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; s->d1->listen = 0; /* @@ -350,7 +350,7 @@ ssl3_accept(SSL *s) } s->internal->renegotiate = 2; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A; + s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; s->internal->init_num = 0; } break; @@ -360,8 +360,8 @@ ssl3_accept(SSL *s) ret = ssl3_send_dtls_hello_verify_request(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; - S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; + s->s3->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; /* HelloVerifyRequest resets Finished MAC. */ tls1_transcript_reset(s); @@ -378,11 +378,11 @@ ssl3_accept(SSL *s) goto end; if (s->internal->hit) { if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; else - S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; + s->s3->hs.state = SSL3_ST_SW_CHANGE_A; } else { - S3I(s)->hs.state = SSL3_ST_SW_CERT_A; + s->s3->hs.state = SSL3_ST_SW_CERT_A; } s->internal->init_num = 0; break; @@ -390,7 +390,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH. */ - if (!(S3I(s)->hs.cipher->algorithm_auth & + if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) { if (SSL_is_dtls(s)) dtls1_start_timer(s); @@ -398,19 +398,19 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; if (s->internal->tlsext_status_expected) - S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A; + s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A; else - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; } else { skip = 1; - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; } s->internal->init_num = 0; break; case SSL3_ST_SW_KEY_EXCH_A: case SSL3_ST_SW_KEY_EXCH_B: - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; /* * Only send if using a DH key exchange. @@ -429,7 +429,7 @@ ssl3_accept(SSL *s) } else skip = 1; - S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A; + s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A; s->internal->init_num = 0; break; @@ -455,24 +455,24 @@ ssl3_accept(SSL *s) if (!(s->verify_mode & SSL_VERIFY_PEER) || ((s->session->peer_cert != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - ((S3I(s)->hs.cipher->algorithm_auth & + ((s->s3->hs.cipher->algorithm_auth & SSL_aNULL) && !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { /* No cert request. */ skip = 1; - S3I(s)->hs.tls12.cert_request = 0; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; + s->s3->hs.tls12.cert_request = 0; + s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; if (!SSL_is_dtls(s)) tls1_transcript_free(s); } else { - S3I(s)->hs.tls12.cert_request = 1; + s->s3->hs.tls12.cert_request = 1; if (SSL_is_dtls(s)) dtls1_start_timer(s); ret = ssl3_send_certificate_request(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A; + s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; s->internal->init_num = 0; } break; @@ -484,8 +484,8 @@ ssl3_accept(SSL *s) ret = ssl3_send_server_done(s); if (ret <= 0) goto end; - S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CERT_A; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A; + s->s3->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; break; @@ -506,25 +506,25 @@ ssl3_accept(SSL *s) /* If the write error was fatal, stop trying. */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; } } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; + s->s3->hs.state = s->s3->hs.tls12.next_state; break; case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: - if (S3I(s)->hs.tls12.cert_request) { + if (s->s3->hs.tls12.cert_request) { ret = ssl3_get_client_certificate(s); if (ret <= 0) goto end; } s->internal->init_num = 0; - S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: @@ -534,21 +534,21 @@ ssl3_accept(SSL *s) goto end; if (SSL_is_dtls(s)) { - S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; + s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; } - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { /* * A GOST client may use the key from its * certificate for key exchange, in which case * the CertificateVerify message is not sent. */ - S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; + s->s3->hs.state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { - S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; + s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; if (!s->session->peer_cert) break; @@ -558,7 +558,7 @@ ssl3_accept(SSL *s) */ tls1_transcript_freeze(s); } else { - S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A; + s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->internal->init_num = 0; tls1_transcript_free(s); @@ -568,8 +568,8 @@ ssl3_accept(SSL *s) * a client cert, it can be verified. */ if (!tls1_transcript_hash_value(s, - S3I(s)->hs.tls12.cert_verify, - sizeof(S3I(s)->hs.tls12.cert_verify), + s->s3->hs.tls12.cert_verify, + sizeof(s->s3->hs.tls12.cert_verify), NULL)) { ret = -1; goto end; @@ -588,7 +588,7 @@ ssl3_accept(SSL *s) ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A; + s->s3->hs.state = SSL3_ST_SR_FINISHED_A; s->internal->init_num = 0; break; @@ -605,11 +605,11 @@ ssl3_accept(SSL *s) if (SSL_is_dtls(s)) dtls1_stop_timer(s); if (s->internal->hit) - S3I(s)->hs.state = SSL_ST_OK; + s->s3->hs.state = SSL_ST_OK; else if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A; + s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; else - S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; + s->s3->hs.state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -618,7 +618,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_newsession_ticket(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A; + s->s3->hs.state = SSL3_ST_SW_CHANGE_A; s->internal->init_num = 0; break; @@ -627,7 +627,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_cert_status(s); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; s->internal->init_num = 0; break; @@ -637,9 +637,9 @@ ssl3_accept(SSL *s) SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A; + s->s3->hs.state = SSL3_ST_SW_FINISHED_A; s->internal->init_num = 0; - s->session->cipher = S3I(s)->hs.cipher; + s->session->cipher = s->s3->hs.cipher; if (!tls1_setup_key_block(s)) { ret = -1; @@ -657,12 +657,12 @@ ssl3_accept(SSL *s) SSL3_ST_SW_FINISHED_B); if (ret <= 0) goto end; - S3I(s)->hs.state = SSL3_ST_SW_FLUSH; + s->s3->hs.state = SSL3_ST_SW_FLUSH; if (s->internal->hit) { - S3I(s)->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A; + s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A; tls1_transcript_free(s); } else - S3I(s)->hs.tls12.next_state = SSL_ST_OK; + s->s3->hs.tls12.next_state = SSL_ST_OK; s->internal->init_num = 0; break; @@ -670,7 +670,7 @@ ssl3_accept(SSL *s) /* clean a few things up */ tls1_cleanup_key_block(s); - if (S3I(s)->handshake_transcript != NULL) { + if (s->s3->handshake_transcript != NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); ret = -1; goto end; @@ -717,18 +717,18 @@ ssl3_accept(SSL *s) /* break; */ } - if (!S3I(s)->hs.tls12.reuse_message && !skip) { + if (!s->s3->hs.tls12.reuse_message && !skip) { if (s->internal->debug) { if ((ret = BIO_flush(s->wbio)) <= 0) goto end; } - if (S3I(s)->hs.state != state) { - new_state = S3I(s)->hs.state; - S3I(s)->hs.state = state; + if (s->s3->hs.state != state) { + new_state = s->s3->hs.state; + s->s3->hs.state = state; ssl_info_callback(s, SSL_CB_ACCEPT_LOOP, 1); - S3I(s)->hs.state = new_state; + s->s3->hs.state = new_state; } } skip = 0; @@ -748,14 +748,14 @@ ssl3_send_hello_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_HELLO_REQ_A) { + if (s->s3->hs.state == SSL3_ST_SW_HELLO_REQ_A) { if (!ssl3_handshake_msg_start(s, &cbb, &hello, SSL3_MT_HELLO_REQUEST)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_B; + s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_B; } /* SSL3_ST_SW_HELLO_REQ_B */ @@ -790,8 +790,8 @@ ssl3_get_client_hello(SSL *s) * If we are SSLv3, we will respond with SSLv3, even if prompted with * TLSv1. */ - if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A) - S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B; + if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A) + s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B; s->internal->first_packet = 1; if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, @@ -845,11 +845,11 @@ ssl3_get_client_hello(SSL *s) al = SSL_AD_PROTOCOL_VERSION; goto fatal_err; } - S3I(s)->hs.peer_legacy_version = client_version; + s->s3->hs.peer_legacy_version = client_version; s->version = shared_version; - S3I(s)->hs.negotiated_tls_version = ssl_tls_version(shared_version); - if (S3I(s)->hs.negotiated_tls_version == 0) { + s->s3->hs.negotiated_tls_version = ssl_tls_version(shared_version); + if (s->s3->hs.negotiated_tls_version == 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } @@ -1015,7 +1015,7 @@ ssl3_get_client_hello(SSL *s) if (CBS_len(&cbs) != 0) goto decode_err; - if (!S3I(s)->renegotiate_seen && s->internal->renegotiate) { + if (!s->s3->renegotiate_seen && s->internal->renegotiate) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); goto fatal_err; @@ -1034,8 +1034,8 @@ ssl3_get_client_hello(SSL *s) */ arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); - if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION && - S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) { + if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION && + s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) { /* * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3 * we must set the last 8 bytes of the server random to magical @@ -1044,7 +1044,7 @@ ssl3_get_client_hello(SSL *s) */ size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12); uint8_t *magic = &s->s3->server_random[index]; - if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION) { + if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION) { /* Indicate we chose to downgrade to 1.2. */ memcpy(magic, tls13_downgrade_12, sizeof(tls13_downgrade_12)); @@ -1107,15 +1107,15 @@ ssl3_get_client_hello(SSL *s) SSLerror(s, SSL_R_NO_SHARED_CIPHER); goto fatal_err; } - S3I(s)->hs.cipher = c; + s->s3->hs.cipher = c; } else { - S3I(s)->hs.cipher = s->session->cipher; + s->s3->hs.cipher = s->session->cipher; } if (!tls1_transcript_hash_init(s)) goto err; - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || !(s->verify_mode & SSL_VERIFY_PEER)) tls1_transcript_free(s); @@ -1160,7 +1160,7 @@ ssl3_send_dtls_hello_verify_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { + if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { if (s->ctx->internal->app_gen_cookie_cb == NULL || s->ctx->internal->app_gen_cookie_cb(s, s->d1->cookie, &(s->d1->cookie_len)) == 0) { @@ -1185,10 +1185,10 @@ ssl3_send_dtls_hello_verify_request(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; + s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; } - /* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ + /* s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ return (ssl3_handshake_write(s)); err: @@ -1205,7 +1205,7 @@ ssl3_send_server_hello(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { + if (s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) { if (!ssl3_handshake_msg_start(s, &cbb, &server_hello, SSL3_MT_SERVER_HELLO)) goto err; @@ -1250,7 +1250,7 @@ ssl3_send_server_hello(SSL *s) /* Cipher suite. */ if (!CBB_add_u16(&server_hello, - ssl3_cipher_get_value(S3I(s)->hs.cipher))) + ssl3_cipher_get_value(s->s3->hs.cipher))) goto err; /* Compression method (null). */ @@ -1283,14 +1283,14 @@ ssl3_send_server_done(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_DONE_A) { + if (s->s3->hs.state == SSL3_ST_SW_SRVR_DONE_A) { if (!ssl3_handshake_msg_start(s, &cbb, &done, SSL3_MT_SERVER_DONE)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_B; + s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_B; } /* SSL3_ST_SW_SRVR_DONE_B */ @@ -1307,8 +1307,8 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) { int nid = NID_dhKeyAgreement; - tls_key_share_free(S3I(s)->hs.key_share); - if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL) + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) goto err; if (s->cert->dhe_params_auto != 0) { @@ -1320,14 +1320,14 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) SSL_AD_INTERNAL_ERROR); goto err; } - tls_key_share_set_key_bits(S3I(s)->hs.key_share, + tls_key_share_set_key_bits(s->s3->hs.key_share, key_bits); } else { DH *dh_params = s->cert->dhe_params; if (dh_params == NULL && s->cert->dhe_params_cb != NULL) dh_params = s->cert->dhe_params_cb(s, 0, - SSL_C_PKEYLENGTH(S3I(s)->hs.cipher)); + SSL_C_PKEYLENGTH(s->s3->hs.cipher)); if (dh_params == NULL) { SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); @@ -1336,16 +1336,16 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) goto err; } - if (!tls_key_share_set_dh_params(S3I(s)->hs.key_share, dh_params)) + if (!tls_key_share_set_dh_params(s->s3->hs.key_share, dh_params)) goto err; } - if (!tls_key_share_generate(S3I(s)->hs.key_share)) + if (!tls_key_share_generate(s->s3->hs.key_share)) goto err; - if (!tls_key_share_params(S3I(s)->hs.key_share, cbb)) + if (!tls_key_share_params(s->s3->hs.key_share, cbb)) goto err; - if (!tls_key_share_public(S3I(s)->hs.key_share, cbb)) + if (!tls_key_share_public(s->s3->hs.key_share, cbb)) goto err; return 1; @@ -1366,11 +1366,11 @@ ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb) goto err; } - tls_key_share_free(S3I(s)->hs.key_share); - if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL) + tls_key_share_free(s->s3->hs.key_share); + if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL) goto err; - if (!tls_key_share_generate(S3I(s)->hs.key_share)) + if (!tls_key_share_generate(s->s3->hs.key_share)) goto err; /* @@ -1378,11 +1378,11 @@ ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb) */ if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE)) goto err; - if (!CBB_add_u16(cbb, tls_key_share_group(S3I(s)->hs.key_share))) + if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share))) goto err; if (!CBB_add_u8_length_prefixed(cbb, &public)) goto err; - if (!tls_key_share_public(S3I(s)->hs.key_share, &public)) + if (!tls_key_share_public(s->s3->hs.key_share, &public)) goto err; if (!CBB_flush(cbb)) goto err; @@ -1415,7 +1415,7 @@ ssl3_send_server_key_exchange(SSL *s) if ((md_ctx = EVP_MD_CTX_new()) == NULL) goto err; - if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) { + if (s->s3->hs.state == SSL3_ST_SW_KEY_EXCH_A) { if (!ssl3_handshake_msg_start(s, &cbb, &server_kex, SSL3_MT_SERVER_KEY_EXCHANGE)) @@ -1424,7 +1424,7 @@ ssl3_send_server_key_exchange(SSL *s) if (!CBB_init(&cbb_params, 0)) goto err; - type = S3I(s)->hs.cipher->algorithm_mkey; + type = s->s3->hs.cipher->algorithm_mkey; if (type & SSL_kDHE) { if (!ssl3_send_server_kex_dhe(s, &cbb_params)) goto err; @@ -1444,13 +1444,13 @@ ssl3_send_server_key_exchange(SSL *s) goto err; /* Add signature unless anonymous. */ - if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) { - if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.cipher, + if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) { + if ((pkey = ssl_get_sign_pkey(s, s->s3->hs.cipher, &md, &sigalg)) == NULL) { al = SSL_AD_DECODE_ERROR; goto fatal_err; } - S3I(s)->hs.our_sigalg = sigalg; + s->s3->hs.our_sigalg = sigalg; /* Send signature algorithm. */ if (SSL_USE_SIGALGS(s)) { @@ -1511,7 +1511,7 @@ ssl3_send_server_key_exchange(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B; + s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_B; } EVP_MD_CTX_free(md_ctx); @@ -1546,7 +1546,7 @@ ssl3_send_certificate_request(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_CERT_REQ_A) { + if (s->s3->hs.state == SSL3_ST_SW_CERT_REQ_A) { if (!ssl3_handshake_msg_start(s, &cbb, &cert_request, SSL3_MT_CERTIFICATE_REQUEST)) goto err; @@ -1561,7 +1561,7 @@ ssl3_send_certificate_request(SSL *s) &sigalgs)) goto err; if (!ssl_sigalgs_build( - S3I(s)->hs.negotiated_tls_version, &sigalgs)) + s->s3->hs.negotiated_tls_version, &sigalgs)) goto err; } @@ -1587,7 +1587,7 @@ ssl3_send_certificate_request(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_B; + s->s3->hs.state = SSL3_ST_SW_CERT_REQ_B; } /* SSL3_ST_SW_CERT_REQ_B */ @@ -1614,8 +1614,8 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) arc4random_buf(fakekey, sizeof(fakekey)); - fakekey[0] = S3I(s)->hs.peer_legacy_version >> 8; - fakekey[1] = S3I(s)->hs.peer_legacy_version & 0xff; + fakekey[0] = s->s3->hs.peer_legacy_version >> 8; + fakekey[1] = s->s3->hs.peer_legacy_version & 0xff; pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey; if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { @@ -1648,8 +1648,8 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs) /* SSLerror(s, SSL_R_BAD_RSA_DECRYPT); */ } - if ((al == -1) && !((pms[0] == (S3I(s)->hs.peer_legacy_version >> 8)) && - (pms[1] == (S3I(s)->hs.peer_legacy_version & 0xff)))) { + if ((al == -1) && !((pms[0] == (s->s3->hs.peer_legacy_version >> 8)) && + (pms[1] == (s->s3->hs.peer_legacy_version & 0xff)))) { /* * The premaster secret must contain the same version number * as the ClientHello to detect version rollback attacks @@ -1704,13 +1704,13 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs) int decode_error, invalid_key; int ret = 0; - if (S3I(s)->hs.key_share == NULL) { + if (s->s3->hs.key_share == NULL) { SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); goto err; } - if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs, + if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs, &decode_error, &invalid_key)) { if (decode_error) { SSLerror(s, SSL_R_BAD_PACKET_LENGTH); @@ -1724,7 +1724,7 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs) goto err; } - if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len)) + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) goto err; if (!tls12_derive_master_secret(s, key, key_len)) @@ -1747,7 +1747,7 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) CBS public; int ret = 0; - if (S3I(s)->hs.key_share == NULL) { + if (s->s3->hs.key_share == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); goto err; @@ -1758,7 +1758,7 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); goto err; } - if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public, + if (!tls_key_share_peer_public(s->s3->hs.key_share, &public, &decode_error, NULL)) { if (decode_error) { SSLerror(s, SSL_R_BAD_PACKET_LENGTH); @@ -1767,7 +1767,7 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) goto err; } - if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len)) + if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len)) goto err; if (!tls12_derive_master_secret(s, key, key_len)) @@ -1792,7 +1792,7 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs) CBS gostblob; /* Get our certificate private key*/ - if ((S3I(s)->hs.cipher->algorithm_auth & SSL_aGOST01) != 0) + if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0) pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) @@ -1865,7 +1865,7 @@ ssl3_get_client_key_exchange(SSL *s) CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); - alg_k = S3I(s)->hs.cipher->algorithm_mkey; + alg_k = s->s3->hs.cipher->algorithm_mkey; if (alg_k & SSL_kRSA) { if (!ssl3_get_client_kex_rsa(s, &cbs)) @@ -1932,8 +1932,8 @@ ssl3_get_cert_verify(SSL *s) pkey = X509_get0_pubkey(peer_cert); type = X509_certificate_type(peer_cert, pkey); - if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { - S3I(s)->hs.tls12.reuse_message = 1; + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { + s->s3->hs.tls12.reuse_message = 1; if (peer_cert != NULL) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); @@ -1955,7 +1955,7 @@ ssl3_get_cert_verify(SSL *s) goto fatal_err; } - if (S3I(s)->change_cipher_spec) { + if (s->s3->change_cipher_spec) { SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); al = SSL_AD_UNEXPECTED_MESSAGE; goto fatal_err; @@ -1984,7 +1984,7 @@ ssl3_get_cert_verify(SSL *s) al = SSL_AD_DECODE_ERROR; goto fatal_err; } - S3I(s)->hs.peer_sigalg = sigalg; + s->s3->hs.peer_sigalg = sigalg; if (SSL_USE_SIGALGS(s)) { EVP_PKEY_CTX *pctx; @@ -2033,7 +2033,7 @@ ssl3_get_cert_verify(SSL *s) SSLerror(s, ERR_R_EVP_LIB); goto fatal_err; } - verify = RSA_verify(NID_md5_sha1, S3I(s)->hs.tls12.cert_verify, + verify = RSA_verify(NID_md5_sha1, s->s3->hs.tls12.cert_verify, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature), CBS_len(&signature), rsa); if (verify < 0) { @@ -2055,7 +2055,7 @@ ssl3_get_cert_verify(SSL *s) goto fatal_err; } verify = ECDSA_verify(0, - &(S3I(s)->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]), + &(s->s3->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH, CBS_data(&signature), CBS_len(&signature), eckey); if (verify <= 0) { @@ -2148,7 +2148,7 @@ ssl3_get_client_certificate(SSL *s) ret = -1; - if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { + if (s->s3->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); @@ -2159,17 +2159,17 @@ ssl3_get_client_certificate(SSL *s) * If tls asked for a client cert, * the client must return a 0 list. */ - if (S3I(s)->hs.tls12.cert_request) { + if (s->s3->hs.tls12.cert_request) { SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST ); al = SSL_AD_UNEXPECTED_MESSAGE; goto fatal_err; } - S3I(s)->hs.tls12.reuse_message = 1; + s->s3->hs.tls12.reuse_message = 1; return (1); } - if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { + if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); goto fatal_err; @@ -2278,7 +2278,7 @@ ssl3_send_server_certificate(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_CERT_A) { + if (s->s3->hs.state == SSL3_ST_SW_CERT_A) { if ((cpk = ssl_get_server_send_pkey(s)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); return (0); @@ -2292,7 +2292,7 @@ ssl3_send_server_certificate(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_CERT_B; + s->s3->hs.state = SSL3_ST_SW_CERT_B; } /* SSL3_ST_SW_CERT_B */ @@ -2332,7 +2332,7 @@ ssl3_send_newsession_ticket(SSL *s) if ((hctx = HMAC_CTX_new()) == NULL) goto err; - if (S3I(s)->hs.state == SSL3_ST_SW_SESSION_TICKET_A) { + if (s->s3->hs.state == SSL3_ST_SW_SESSION_TICKET_A) { if (!ssl3_handshake_msg_start(s, &cbb, &session_ticket, SSL3_MT_NEWSESSION_TICKET)) goto err; @@ -2417,7 +2417,7 @@ ssl3_send_newsession_ticket(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B; + s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_B; } EVP_CIPHER_CTX_free(ctx); @@ -2445,7 +2445,7 @@ ssl3_send_cert_status(SSL *s) memset(&cbb, 0, sizeof(cbb)); - if (S3I(s)->hs.state == SSL3_ST_SW_CERT_STATUS_A) { + if (s->s3->hs.state == SSL3_ST_SW_CERT_STATUS_A) { if (!ssl3_handshake_msg_start(s, &cbb, &certstatus, SSL3_MT_CERTIFICATE_STATUS)) goto err; @@ -2459,7 +2459,7 @@ ssl3_send_cert_status(SSL *s) if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; - S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_B; + s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_B; } /* SSL3_ST_SW_CERT_STATUS_B */ diff --git a/lib/libssl/ssl_stat.c b/lib/libssl/ssl_stat.c index b51538c1b2a..5d35528acdd 100644 --- a/lib/libssl/ssl_stat.c +++ b/lib/libssl/ssl_stat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_stat.c,v 1.17 2021/06/13 15:51:10 jsing Exp $ */ +/* $OpenBSD: ssl_stat.c,v 1.18 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -91,7 +91,7 @@ SSL_state_string_long(const SSL *s) { const char *str; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_BEFORE: str = "before SSL initialization"; break; @@ -347,7 +347,7 @@ SSL_state_string(const SSL *s) { const char *str; - switch (S3I(s)->hs.state) { + switch (s->s3->hs.state) { case SSL_ST_BEFORE: str = "PINIT "; break; diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 8070296d9f6..f93f44ceba7 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.109 2022/01/24 13:49:50 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.110 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -41,7 +41,7 @@ tlsext_alpn_client_needs(SSL *s, uint16_t msg_type) { /* ALPN protos have been specified and this is the initial handshake */ return s->internal->alpn_client_proto_list != NULL && - S3I(s)->hs.finished_len == 0; + s->s3->hs.finished_len == 0; } int @@ -101,14 +101,14 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) s->ctx->internal->alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { - free(S3I(s)->alpn_selected); - if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) { - S3I(s)->alpn_selected_len = 0; + free(s->s3->alpn_selected); + if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { + s->s3->alpn_selected_len = 0; *alert = SSL_AD_INTERNAL_ERROR; return 0; } - memcpy(S3I(s)->alpn_selected, selected, selected_len); - S3I(s)->alpn_selected_len = selected_len; + memcpy(s->s3->alpn_selected, selected, selected_len); + s->s3->alpn_selected_len = selected_len; return 1; } @@ -130,7 +130,7 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) int tlsext_alpn_server_needs(SSL *s, uint16_t msg_type) { - return S3I(s)->alpn_selected != NULL; + return s->s3->alpn_selected != NULL; } int @@ -144,8 +144,8 @@ tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u8_length_prefixed(&list, &selected)) return 0; - if (!CBB_add_bytes(&selected, S3I(s)->alpn_selected, - S3I(s)->alpn_selected_len)) + if (!CBB_add_bytes(&selected, s->s3->alpn_selected, + s->s3->alpn_selected_len)) return 0; if (!CBB_flush(cbb)) @@ -177,8 +177,8 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (CBS_len(&proto) == 0) goto err; - if (!CBS_stow(&proto, &(S3I(s)->alpn_selected), - &(S3I(s)->alpn_selected_len))) + if (!CBS_stow(&proto, &(s->s3->alpn_selected), + &(s->s3->alpn_selected_len))) goto err; return 1; @@ -195,7 +195,7 @@ int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type) { return ssl_has_ecc_ciphers(s) || - (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION); + (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } int @@ -247,7 +247,7 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, uint16_t *groups; int i; - if (S3I(s)->hs.tls13.hrr) { + if (s->s3->hs.tls13.hrr) { if (s->session->tlsext_supportedgroups == NULL) { *alert = SSL_AD_HANDSHAKE_FAILURE; return 0; @@ -450,8 +450,8 @@ tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u8_length_prefixed(cbb, &reneg)) return 0; - if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) + if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) return 0; if (!CBB_flush(cbb)) return 0; @@ -469,15 +469,15 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (CBS_len(cbs) != 0) goto err; - if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) { + if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) { SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); *alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } - S3I(s)->renegotiate_seen = 1; - S3I(s)->send_connection_binding = 1; + s->s3->renegotiate_seen = 1; + s->s3->send_connection_binding = 1; return 1; @@ -490,8 +490,8 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_ri_server_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION && - S3I(s)->send_connection_binding); + return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION && + s->s3->send_connection_binding); } int @@ -501,11 +501,11 @@ tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u8_length_prefixed(cbb, &reneg)) return 0; - if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) + if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) return 0; - if (!CBB_add_bytes(&reneg, S3I(s)->previous_server_finished, - S3I(s)->previous_server_finished_len)) + if (!CBB_add_bytes(&reneg, s->s3->previous_server_finished, + s->s3->previous_server_finished_len)) return 0; if (!CBB_flush(cbb)) return 0; @@ -522,10 +522,10 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * Ensure that the previous client and server values are both not * present, or that they are both present. */ - if ((S3I(s)->previous_client_finished_len == 0 && - S3I(s)->previous_server_finished_len != 0) || - (S3I(s)->previous_client_finished_len != 0 && - S3I(s)->previous_server_finished_len == 0)) { + if ((s->s3->previous_client_finished_len == 0 && + s->s3->previous_server_finished_len != 0) || + (s->s3->previous_client_finished_len != 0 && + s->s3->previous_server_finished_len == 0)) { *alert = SSL_AD_INTERNAL_ERROR; return 0; } @@ -533,31 +533,31 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (!CBS_get_u8_length_prefixed(cbs, &reneg)) goto err; if (!CBS_get_bytes(&reneg, &prev_client, - S3I(s)->previous_client_finished_len)) + s->s3->previous_client_finished_len)) goto err; if (!CBS_get_bytes(&reneg, &prev_server, - S3I(s)->previous_server_finished_len)) + s->s3->previous_server_finished_len)) goto err; if (CBS_len(&reneg) != 0) goto err; if (CBS_len(cbs) != 0) goto err; - if (!CBS_mem_equal(&prev_client, S3I(s)->previous_client_finished, - S3I(s)->previous_client_finished_len)) { + if (!CBS_mem_equal(&prev_client, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) { SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); *alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } - if (!CBS_mem_equal(&prev_server, S3I(s)->previous_server_finished, - S3I(s)->previous_server_finished_len)) { + if (!CBS_mem_equal(&prev_server, s->s3->previous_server_finished, + s->s3->previous_server_finished_len)) { SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); *alert = SSL_AD_HANDSHAKE_FAILURE; return 0; } - S3I(s)->renegotiate_seen = 1; - S3I(s)->send_connection_binding = 1; + s->s3->renegotiate_seen = 1; + s->s3->send_connection_binding = 1; return 1; @@ -573,17 +573,17 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION); + return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION); } int tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { - uint16_t tls_version = S3I(s)->hs.negotiated_tls_version; + uint16_t tls_version = s->s3->hs.negotiated_tls_version; CBB sigalgs; if (msg_type == SSL_TLSEXT_MSG_CH) - tls_version = S3I(s)->hs.our_min_tls_version; + tls_version = s->s3->hs.our_min_tls_version; if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) return 0; @@ -604,7 +604,7 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) return 0; - if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len)) + if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len)) return 0; return 1; @@ -613,7 +613,7 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION); + return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); } int @@ -623,7 +623,7 @@ tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) return 0; - if (!ssl_sigalgs_build(S3I(s)->hs.negotiated_tls_version, &sigalgs)) + if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version, &sigalgs)) return 0; if (!CBB_flush(cbb)) return 0; @@ -643,7 +643,7 @@ tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) return 0; - if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len)) + if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len)) return 0; return 1; @@ -804,7 +804,7 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) goto err; } - if (s->internal->hit || S3I(s)->hs.tls13.hrr) { + if (s->internal->hit || s->s3->hs.tls13.hrr) { if (s->session->tlsext_hostname == NULL) { *alert = SSL_AD_UNRECOGNIZED_NAME; goto err; @@ -1027,7 +1027,7 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type) { - if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION && + if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && s->ctx->internal->tlsext_status_cb != NULL) { s->internal->tlsext_status_expected = 0; @@ -1044,7 +1044,7 @@ tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB ocsp_response; - if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) { + if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) { if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp)) return 0; if (!CBB_add_u24_length_prefixed(cbb, &ocsp_response)) @@ -1451,7 +1451,7 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } int @@ -1463,11 +1463,11 @@ tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 0; if (!CBB_add_u16(&client_shares, - tls_key_share_group(S3I(s)->hs.key_share))) + tls_key_share_group(s->s3->hs.key_share))) return 0; if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) return 0; - if (!tls_key_share_public(S3I(s)->hs.key_share, &key_exchange)) + if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange)) return 0; if (!CBB_flush(cbb)) @@ -1503,9 +1503,9 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * Ignore this client share if we're using earlier than TLSv1.3 * or we've already selected a key share. */ - if (S3I(s)->hs.our_max_tls_version < TLS1_3_VERSION) + if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION) continue; - if (S3I(s)->hs.key_share != NULL) + if (s->s3->hs.key_share != NULL) continue; /* XXX - consider implementing server preference. */ @@ -1513,11 +1513,11 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) continue; /* Decode and store the selected key share. */ - if ((S3I(s)->hs.key_share = tls_key_share_new(group)) == NULL) { + if ((s->s3->hs.key_share = tls_key_share_new(group)) == NULL) { *alert = SSL_AD_INTERNAL_ERROR; return 0; } - if (!tls_key_share_peer_public(S3I(s)->hs.key_share, + if (!tls_key_share_peer_public(s->s3->hs.key_share, &key_exchange, &decode_error, NULL)) { if (!decode_error) *alert = SSL_AD_INTERNAL_ERROR; @@ -1531,7 +1531,7 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION && + return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && tlsext_extension_seen(s, TLSEXT_TYPE_key_share)); } @@ -1541,20 +1541,20 @@ tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb) CBB key_exchange; /* In the case of a HRR, we only send the server selected group. */ - if (S3I(s)->hs.tls13.hrr) { - if (S3I(s)->hs.tls13.server_group == 0) + if (s->s3->hs.tls13.hrr) { + if (s->s3->hs.tls13.server_group == 0) return 0; - return CBB_add_u16(cbb, S3I(s)->hs.tls13.server_group); + return CBB_add_u16(cbb, s->s3->hs.tls13.server_group); } - if (S3I(s)->hs.key_share == NULL) + if (s->s3->hs.key_share == NULL) return 0; - if (!CBB_add_u16(cbb, tls_key_share_group(S3I(s)->hs.key_share))) + if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share))) return 0; if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) return 0; - if (!tls_key_share_public(S3I(s)->hs.key_share, &key_exchange)) + if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange)) return 0; if (!CBB_flush(cbb)) @@ -1579,22 +1579,22 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (msg_type != SSL_TLSEXT_MSG_HRR) return 0; - S3I(s)->hs.tls13.server_group = group; + s->s3->hs.tls13.server_group = group; return 1; } if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) return 0; - if (S3I(s)->hs.key_share == NULL) { + if (s->s3->hs.key_share == NULL) { *alert = SSL_AD_INTERNAL_ERROR; return 0; } - if (tls_key_share_group(S3I(s)->hs.key_share) != group) { + if (tls_key_share_group(s->s3->hs.key_share) != group) { *alert = SSL_AD_INTERNAL_ERROR; return 0; } - if (!tls_key_share_peer_public(S3I(s)->hs.key_share, + if (!tls_key_share_peer_public(s->s3->hs.key_share, &key_exchange, &decode_error, NULL)) { if (!decode_error) *alert = SSL_AD_INTERNAL_ERROR; @@ -1610,7 +1610,7 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_versions_client_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } int @@ -1620,8 +1620,8 @@ tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb) uint16_t version; CBB versions; - max = S3I(s)->hs.our_max_tls_version; - min = S3I(s)->hs.our_min_tls_version; + max = s->s3->hs.our_max_tls_version; + min = s->s3->hs.our_min_tls_version; if (!CBB_add_u8_length_prefixed(cbb, &versions)) return 0; @@ -1646,8 +1646,8 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) uint16_t max, min; uint16_t matched_version = 0; - max = S3I(s)->hs.our_max_tls_version; - min = S3I(s)->hs.our_min_tls_version; + max = s->s3->hs.our_max_tls_version; + min = s->s3->hs.our_min_tls_version; if (!CBS_get_u8_length_prefixed(cbs, &versions)) goto err; @@ -1680,7 +1680,7 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_versions_server_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION); + return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); } int @@ -1706,7 +1706,7 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) } /* XXX test between min and max once initialization code goes in */ - S3I(s)->hs.tls13.server_version = selected_version; + s->s3->hs.tls13.server_version = selected_version; return 1; } @@ -1719,8 +1719,8 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type) { - return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION && - S3I(s)->hs.tls13.cookie_len > 0 && S3I(s)->hs.tls13.cookie != NULL); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION && + s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); } int @@ -1731,8 +1731,8 @@ tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u16_length_prefixed(cbb, &cookie)) return 0; - if (!CBB_add_bytes(&cookie, S3I(s)->hs.tls13.cookie, - S3I(s)->hs.tls13.cookie_len)) + if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie, + s->s3->hs.tls13.cookie_len)) return 0; if (!CBB_flush(cbb)) @@ -1749,7 +1749,7 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(cbs, &cookie)) goto err; - if (CBS_len(&cookie) != S3I(s)->hs.tls13.cookie_len) + if (CBS_len(&cookie) != s->s3->hs.tls13.cookie_len) goto err; /* @@ -1757,8 +1757,8 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * sent - client *MUST* send the same cookie with new CR after * a cookie is sent by the server with an HRR. */ - if (!CBS_mem_equal(&cookie, S3I(s)->hs.tls13.cookie, - S3I(s)->hs.tls13.cookie_len)) { + if (!CBS_mem_equal(&cookie, s->s3->hs.tls13.cookie, + s->s3->hs.tls13.cookie_len)) { /* XXX special cookie mismatch alert? */ *alert = SSL_AD_ILLEGAL_PARAMETER; return 0; @@ -1778,8 +1778,8 @@ tlsext_cookie_server_needs(SSL *s, uint16_t msg_type) * Server needs to set cookie value in tls13 handshake * in order to send one, should only be sent with HRR. */ - return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION && - S3I(s)->hs.tls13.cookie_len > 0 && S3I(s)->hs.tls13.cookie != NULL); + return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION && + s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); } int @@ -1792,8 +1792,8 @@ tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb) if (!CBB_add_u16_length_prefixed(cbb, &cookie)) return 0; - if (!CBB_add_bytes(&cookie, S3I(s)->hs.tls13.cookie, - S3I(s)->hs.tls13.cookie_len)) + if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie, + s->s3->hs.tls13.cookie_len)) return 0; if (!CBB_flush(cbb)) @@ -1812,8 +1812,8 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * HRR from a server with a cookie to process after accepting * one from the server in the same handshake */ - if (S3I(s)->hs.tls13.cookie != NULL || - S3I(s)->hs.tls13.cookie_len != 0) { + if (s->s3->hs.tls13.cookie != NULL || + s->s3->hs.tls13.cookie_len != 0) { *alert = SSL_AD_ILLEGAL_PARAMETER; return 0; } @@ -1821,8 +1821,8 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(cbs, &cookie)) goto err; - if (!CBS_stow(&cookie, &S3I(s)->hs.tls13.cookie, - &S3I(s)->hs.tls13.cookie_len)) + if (!CBS_stow(&cookie, &s->s3->hs.tls13.cookie, + &s->s3->hs.tls13.cookie_len)) goto err; return 1; @@ -2049,7 +2049,7 @@ tlsext_extension_seen(SSL *s, uint16_t type) if (tls_extension_find(type, &idx) == NULL) return 0; - return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0); + return ((s->s3->hs.extensions_seen & (1 << idx)) != 0); } static const struct tls_extension_funcs * @@ -2149,7 +2149,7 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) tls_version = ssl_effective_tls_version(s); - S3I(s)->hs.extensions_seen = 0; + s->s3->hs.extensions_seen = 0; /* An empty extensions block is valid. */ if (CBS_len(cbs) == 0) @@ -2191,9 +2191,9 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) } /* Check for duplicate known extensions. */ - if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0) + if ((s->s3->hs.extensions_seen & (1 << idx)) != 0) goto err; - S3I(s)->hs.extensions_seen |= (1 << idx); + s->s3->hs.extensions_seen |= (1 << idx); ext = tlsext_funcs(tlsext, is_server); if (!ext->parse(s, msg_type, &extension_data, &alert_desc)) @@ -2215,10 +2215,10 @@ static void tlsext_server_reset_state(SSL *s) { s->tlsext_status_type = -1; - S3I(s)->renegotiate_seen = 0; - free(S3I(s)->alpn_selected); - S3I(s)->alpn_selected = NULL; - S3I(s)->alpn_selected_len = 0; + s->s3->renegotiate_seen = 0; + free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; + s->s3->alpn_selected_len = 0; s->internal->srtp_profile = NULL; } @@ -2241,10 +2241,10 @@ tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) static void tlsext_client_reset_state(SSL *s) { - S3I(s)->renegotiate_seen = 0; - free(S3I(s)->alpn_selected); - S3I(s)->alpn_selected = NULL; - S3I(s)->alpn_selected_len = 0; + s->s3->renegotiate_seen = 0; + free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; + s->s3->alpn_selected_len = 0; } int diff --git a/lib/libssl/ssl_transcript.c b/lib/libssl/ssl_transcript.c index 47aa15adc20..c54cdb22cb2 100644 --- a/lib/libssl/ssl_transcript.c +++ b/lib/libssl/ssl_transcript.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_transcript.c,v 1.5 2021/05/16 14:10:43 jsing Exp $ */ +/* $OpenBSD: ssl_transcript.c,v 1.6 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> * @@ -33,11 +33,11 @@ tls1_transcript_hash_init(SSL *s) goto err; } - if ((S3I(s)->handshake_hash = EVP_MD_CTX_new()) == NULL) { + if ((s->s3->handshake_hash = EVP_MD_CTX_new()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_DigestInit_ex(S3I(s)->handshake_hash, md, NULL)) { + if (!EVP_DigestInit_ex(s->s3->handshake_hash, md, NULL)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -62,10 +62,10 @@ tls1_transcript_hash_init(SSL *s) int tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len) { - if (S3I(s)->handshake_hash == NULL) + if (s->s3->handshake_hash == NULL) return 1; - return EVP_DigestUpdate(S3I(s)->handshake_hash, buf, len); + return EVP_DigestUpdate(s->s3->handshake_hash, buf, len); } int @@ -76,17 +76,17 @@ tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, unsigned int mdlen; int ret = 0; - if (S3I(s)->handshake_hash == NULL) + if (s->s3->handshake_hash == NULL) goto err; - if (EVP_MD_CTX_size(S3I(s)->handshake_hash) > len) + if (EVP_MD_CTX_size(s->s3->handshake_hash) > len) goto err; if ((mdctx = EVP_MD_CTX_new()) == NULL) { SSLerror(s, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_MD_CTX_copy_ex(mdctx, S3I(s)->handshake_hash)) { + if (!EVP_MD_CTX_copy_ex(mdctx, s->s3->handshake_hash)) { SSLerror(s, ERR_R_EVP_LIB); goto err; } @@ -108,17 +108,17 @@ tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len, void tls1_transcript_hash_free(SSL *s) { - EVP_MD_CTX_free(S3I(s)->handshake_hash); - S3I(s)->handshake_hash = NULL; + EVP_MD_CTX_free(s->s3->handshake_hash); + s->s3->handshake_hash = NULL; } int tls1_transcript_init(SSL *s) { - if (S3I(s)->handshake_transcript != NULL) + if (s->s3->handshake_transcript != NULL) return 0; - if ((S3I(s)->handshake_transcript = BUF_MEM_new()) == NULL) + if ((s->s3->handshake_transcript = BUF_MEM_new()) == NULL) return 0; tls1_transcript_reset(s); @@ -129,8 +129,8 @@ tls1_transcript_init(SSL *s) void tls1_transcript_free(SSL *s) { - BUF_MEM_free(S3I(s)->handshake_transcript); - S3I(s)->handshake_transcript = NULL; + BUF_MEM_free(s->s3->handshake_transcript); + s->s3->handshake_transcript = NULL; } void @@ -143,7 +143,7 @@ tls1_transcript_reset(SSL *s) * or if it failed (and returned zero)... our implementation never * fails with a length of zero, so we trust all is okay... */ - (void)BUF_MEM_grow_clean(S3I(s)->handshake_transcript, 0); + (void)BUF_MEM_grow_clean(s->s3->handshake_transcript, 0); tls1_transcript_unfreeze(s); } @@ -153,22 +153,22 @@ tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len) { size_t olen, nlen; - if (S3I(s)->handshake_transcript == NULL) + if (s->s3->handshake_transcript == NULL) return 1; if (s->s3->flags & TLS1_FLAGS_FREEZE_TRANSCRIPT) return 1; - olen = S3I(s)->handshake_transcript->length; + olen = s->s3->handshake_transcript->length; nlen = olen + len; if (nlen < olen) return 0; - if (BUF_MEM_grow(S3I(s)->handshake_transcript, nlen) == 0) + if (BUF_MEM_grow(s->s3->handshake_transcript, nlen) == 0) return 0; - memcpy(S3I(s)->handshake_transcript->data + olen, buf, len); + memcpy(s->s3->handshake_transcript->data + olen, buf, len); return 1; } @@ -176,11 +176,11 @@ tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len) int tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len) { - if (S3I(s)->handshake_transcript == NULL) + if (s->s3->handshake_transcript == NULL) return 0; - *data = S3I(s)->handshake_transcript->data; - *len = S3I(s)->handshake_transcript->length; + *data = s->s3->handshake_transcript->data; + *len = s->s3->handshake_transcript->length; return 1; } diff --git a/lib/libssl/ssl_versions.c b/lib/libssl/ssl_versions.c index b5834dbe339..4069670dc94 100644 --- a/lib/libssl/ssl_versions.c +++ b/lib/libssl/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.21 2021/10/23 14:40:54 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.22 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> * @@ -224,10 +224,10 @@ ssl_tls_version(uint16_t version) uint16_t ssl_effective_tls_version(SSL *s) { - if (S3I(s)->hs.negotiated_tls_version > 0) - return S3I(s)->hs.negotiated_tls_version; + if (s->s3->hs.negotiated_tls_version > 0) + return s->s3->hs.negotiated_tls_version; - return S3I(s)->hs.our_max_tls_version; + return s->s3->hs.our_max_tls_version; } int @@ -255,7 +255,7 @@ ssl_max_legacy_version(SSL *s, uint16_t *max_ver) { uint16_t max_version; - if ((max_version = S3I(s)->hs.our_max_tls_version) > TLS1_2_VERSION) + if ((max_version = s->s3->hs.our_max_tls_version) > TLS1_2_VERSION) max_version = TLS1_2_VERSION; if (SSL_is_dtls(s)) { diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index a63da9c2636..c996159a475 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.153 2021/12/09 17:54:41 tb Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.154 2022/02/05 14:54:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -149,8 +149,8 @@ void tls1_cleanup_key_block(SSL *s) { - tls12_key_block_free(S3I(s)->hs.tls12.key_block); - S3I(s)->hs.tls12.key_block = NULL; + tls12_key_block_free(s->s3->hs.tls12.key_block); + s->s3->hs.tls12.key_block = NULL; } /* @@ -303,10 +303,10 @@ tls1_change_cipher_state(SSL *s, int is_write) /* Use client write keys on client write and server read. */ if ((!s->server && is_write) || (s->server && !is_write)) { - tls12_key_block_client_write(S3I(s)->hs.tls12.key_block, + tls12_key_block_client_write(s->s3->hs.tls12.key_block, &mac_key, &key, &iv); } else { - tls12_key_block_server_write(S3I(s)->hs.tls12.key_block, + tls12_key_block_server_write(s->s3->hs.tls12.key_block, &mac_key, &key, &iv); } @@ -354,7 +354,7 @@ tls1_setup_key_block(SSL *s) * XXX - callers should be changed so that they only call this * function once. */ - if (S3I(s)->hs.tls12.key_block != NULL) + if (s->s3->hs.tls12.key_block != NULL) return (1); if (s->session->cipher && @@ -384,7 +384,7 @@ tls1_setup_key_block(SSL *s) if (!tls12_key_block_generate(key_block, s, aead, cipher, mac_hash)) goto err; - S3I(s)->hs.tls12.key_block = key_block; + s->s3->hs.tls12.key_block = key_block; key_block = NULL; if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && @@ -393,15 +393,15 @@ tls1_setup_key_block(SSL *s) * Enable vulnerability countermeasure for CBC ciphers with * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ - S3I(s)->need_empty_fragments = 1; + s->s3->need_empty_fragments = 1; if (s->session->cipher != NULL) { if (s->session->cipher->algorithm_enc == SSL_eNULL) - S3I(s)->need_empty_fragments = 0; + s->s3->need_empty_fragments = 0; #ifndef OPENSSL_NO_RC4 if (s->session->cipher->algorithm_enc == SSL_RC4) - S3I(s)->need_empty_fragments = 0; + s->s3->need_empty_fragments = 0; #endif } } diff --git a/lib/libssl/tls12_lib.c b/lib/libssl/tls12_lib.c index f30f3a7b463..773ba30bd07 100644 --- a/lib/libssl/tls12_lib.c +++ b/lib/libssl/tls12_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_lib.c,v 1.3 2021/05/02 15:57:29 jsing Exp $ */ +/* $OpenBSD: tls12_lib.c,v 1.4 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> * @@ -71,12 +71,12 @@ tls12_derive_finished(SSL *s) { if (!s->server) { return tls12_client_finished_verify_data(s, - S3I(s)->hs.finished, sizeof(S3I(s)->hs.finished), - &S3I(s)->hs.finished_len); + s->s3->hs.finished, sizeof(s->s3->hs.finished), + &s->s3->hs.finished_len); } else { return tls12_server_finished_verify_data(s, - S3I(s)->hs.finished, sizeof(S3I(s)->hs.finished), - &S3I(s)->hs.finished_len); + s->s3->hs.finished, sizeof(s->s3->hs.finished), + &s->s3->hs.finished_len); } } @@ -85,12 +85,12 @@ tls12_derive_peer_finished(SSL *s) { if (s->server) { return tls12_client_finished_verify_data(s, - S3I(s)->hs.peer_finished, sizeof(S3I(s)->hs.peer_finished), - &S3I(s)->hs.peer_finished_len); + s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished), + &s->s3->hs.peer_finished_len); } else { return tls12_server_finished_verify_data(s, - S3I(s)->hs.peer_finished, sizeof(S3I(s)->hs.peer_finished), - &S3I(s)->hs.peer_finished_len); + s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished), + &s->s3->hs.peer_finished_len); } } diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c index a62e936ccb5..0379c978e92 100644 --- a/lib/libssl/tls13_legacy.c +++ b/lib/libssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.35 2022/01/25 15:00:09 tb Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.36 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -127,7 +127,7 @@ tls13_legacy_error(SSL *ssl) int reason = SSL_R_UNKNOWN; /* If we received a fatal alert we already put an error on the stack. */ - if (S3I(ssl)->fatal_alert != 0) + if (ssl->s3->fatal_alert != 0) return; switch (ctx->error.code) { @@ -288,7 +288,7 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) * In the non-SSL_MODE_ENABLE_PARTIAL_WRITE case we have to loop until * we have written out all of the requested data. */ - sent = S3I(ssl)->wnum; + sent = ssl->s3->wnum; if (len < sent) { SSLerror(ssl, SSL_R_BAD_LENGTH); return -1; @@ -296,12 +296,12 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) n = len - sent; for (;;) { if (n == 0) { - S3I(ssl)->wnum = 0; + ssl->s3->wnum = 0; return sent; } if ((ret = tls13_write_application_data(ctx->rl, &buf[sent], n)) <= 0) { - S3I(ssl)->wnum = sent; + ssl->s3->wnum = sent; return tls13_legacy_return_code(ssl, ret); } sent += ret; @@ -330,8 +330,8 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) /* Stash any unprocessed data from the last record. */ tls13_record_layer_rcontent(ctx->rl, &cbs); if (CBS_len(&cbs) > 0) { - if (!CBB_init_fixed(&cbb, S3I(s)->rbuf.buf, - S3I(s)->rbuf.len)) + if (!CBB_init_fixed(&cbb, s->s3->rbuf.buf, + s->s3->rbuf.len)) goto err; if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE)) goto err; @@ -344,12 +344,12 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) if (!CBB_finish(&cbb, NULL, NULL)) goto err; - S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH; - S3I(s)->rbuf.left = CBS_len(&cbs); - S3I(s)->rrec.type = SSL3_RT_HANDSHAKE; - S3I(s)->rrec.length = CBS_len(&cbs); + s->s3->rbuf.offset = SSL3_RT_HEADER_LENGTH; + s->s3->rbuf.left = CBS_len(&cbs); + s->s3->rrec.type = SSL3_RT_HANDSHAKE; + s->s3->rrec.length = CBS_len(&cbs); s->internal->rstate = SSL_ST_READ_BODY; - s->internal->packet = S3I(s)->rbuf.buf; + s->internal->packet = s->s3->rbuf.buf; s->internal->packet_length = SSL3_RT_HEADER_LENGTH; s->internal->mac_packet = 1; } @@ -362,9 +362,9 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) s->internal->init_buf->length, NULL)) goto err; - S3I(s)->hs.tls12.reuse_message = 1; - S3I(s)->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg); - S3I(s)->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH; + s->s3->hs.tls12.reuse_message = 1; + s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg); + s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH; return 1; @@ -416,7 +416,7 @@ tls13_legacy_accept(SSL *ssl) } ssl->internal->tls13 = ctx; ctx->ssl = ssl; - ctx->hs = &S3I(ssl)->hs; + ctx->hs = &ssl->s3->hs; if (!tls13_server_init(ctx)) { if (ERR_peek_error() == 0) @@ -452,7 +452,7 @@ tls13_legacy_connect(SSL *ssl) } ssl->internal->tls13 = ctx; ctx->ssl = ssl; - ctx->hs = &S3I(ssl)->hs; + ctx->hs = &ssl->s3->hs; if (!tls13_client_init(ctx)) { if (ERR_peek_error() == 0) diff --git a/lib/libssl/tls13_lib.c b/lib/libssl/tls13_lib.c index 1a9596adca8..20d3a38412b 100644 --- a/lib/libssl/tls13_lib.c +++ b/lib/libssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.62 2021/09/16 19:25:30 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.63 2022/02/05 14:54:10 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2019 Bob Beck <beck@openbsd.org> @@ -111,7 +111,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { ctx->close_notify_recv = 1; ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; - S3I(ctx->ssl)->warn_alert = alert_desc; + ctx->ssl->s3->warn_alert = alert_desc; return; } @@ -124,7 +124,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) } /* All other alerts are treated as fatal in TLSv1.3. */ - S3I(ctx->ssl)->fatal_alert = alert_desc; + ctx->ssl->s3->fatal_alert = alert_desc; SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc); ERR_asprintf_error_data("SSL alert number %d", alert_desc); |