summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2021-04-19 16:51:57 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2021-04-19 16:51:57 +0000
commit7e3b0fe1a9a84a696c3e03f9d5e6050fd4b0c181 (patch)
tree6aa816a8871b9762b7ce893a4b1a6c5445b292d7 /lib
parentafeb7e4c58c45e302b008e7d3a1ff84eacddcb47 (diff)
Move reuse_message, message_type, message_size and cert_verify into the
TLSv1.2 handshake struct. ok inoguchi@ tb@
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/d1_both.c14
-rw-r--r--lib/libssl/ssl_both.c16
-rw-r--r--lib/libssl/ssl_clnt.c42
-rw-r--r--lib/libssl/ssl_locl.h19
-rw-r--r--lib/libssl/ssl_srvr.c22
-rw-r--r--lib/libssl/tls13_legacy.c8
6 files changed, 62 insertions, 59 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index f4c1cb95b09..ba05c2a3543 100644
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.68 2021/02/27 14:20:50 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.69 2021/04/19 16:51:56 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -380,16 +380,16 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
* s3->internal->tmp is used to store messages that are unexpected, caused
* by the absence of an optional handshake message
*/
- if (S3I(s)->tmp.reuse_message) {
- S3I(s)->tmp.reuse_message = 0;
- if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
+ if (S3I(s)->hs.tls12.reuse_message) {
+ S3I(s)->hs.tls12.reuse_message = 0;
+ if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
goto fatal_err;
}
*ok = 1;
s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
- s->internal->init_num = (int)S3I(s)->tmp.message_size;
+ s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
return s->internal->init_num;
}
@@ -466,9 +466,9 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
return SSL_AD_INTERNAL_ERROR;
}
- S3I(s)->tmp.message_size = msg_len;
+ S3I(s)->hs.tls12.message_size = msg_len;
D1I(s)->r_msg_hdr.msg_len = msg_len;
- S3I(s)->tmp.message_type = msg_hdr->type;
+ S3I(s)->hs.tls12.message_type = msg_hdr->type;
D1I(s)->r_msg_hdr.type = msg_hdr->type;
D1I(s)->r_msg_hdr.seq = msg_hdr->seq;
} else if (msg_len != D1I(s)->r_msg_hdr.msg_len) {
diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index 4851231a8f3..ad9b0ee2578 100644
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.27 2021/03/29 16:46:09 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.28 2021/04/19 16:51:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -445,16 +445,16 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
if (SSL_is_dtls(s))
return (dtls1_get_message(s, st1, stn, mt, max, ok));
- if (S3I(s)->tmp.reuse_message) {
- S3I(s)->tmp.reuse_message = 0;
- if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
+ if (S3I(s)->hs.tls12.reuse_message) {
+ S3I(s)->hs.tls12.reuse_message = 0;
+ if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
goto fatal_err;
}
*ok = 1;
s->internal->init_msg = s->internal->init_buf->data + 4;
- s->internal->init_num = (int)S3I(s)->tmp.message_size;
+ s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
return s->internal->init_num;
}
@@ -511,7 +511,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
SSLerror(s, ERR_R_BUF_LIB);
goto err;
}
- S3I(s)->tmp.message_type = u8;
+ S3I(s)->hs.tls12.message_type = u8;
if (l > (unsigned long)max) {
al = SSL_AD_ILLEGAL_PARAMETER;
@@ -522,7 +522,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
SSLerror(s, ERR_R_BUF_LIB);
goto err;
}
- S3I(s)->tmp.message_size = l;
+ S3I(s)->hs.tls12.message_size = l;
S3I(s)->hs.state = stn;
s->internal->init_msg = s->internal->init_buf->data + 4;
@@ -531,7 +531,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
/* next state (stn) */
p = s->internal->init_msg;
- n = S3I(s)->tmp.message_size - s->internal->init_num;
+ n = S3I(s)->hs.tls12.message_size - s->internal->init_num;
while (n > 0) {
i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
&p[s->internal->init_num], n, 0);
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 92113c29531..6b43b565b98 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.90 2021/04/11 07:06:01 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.91 2021/04/19 16:51:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -623,7 +623,7 @@ ssl3_connect(SSL *s)
}
/* did we do anything */
- if (!S3I(s)->tmp.reuse_message && !skip) {
+ if (!S3I(s)->hs.tls12.reuse_message && !skip) {
if (s->internal->debug) {
if ((ret = BIO_flush(s->wbio)) <= 0)
goto end;
@@ -804,9 +804,9 @@ ssl3_get_dtls_hello_verify(SSL *s)
if (!ok)
return ((int)n);
- if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
+ if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
D1I(s)->send_cookie = 0;
- S3I(s)->tmp.reuse_message = 1;
+ S3I(s)->hs.tls12.reuse_message = 1;
return (1);
}
@@ -878,9 +878,9 @@ ssl3_get_server_hello(SSL *s)
CBS_init(&cbs, s->internal->init_msg, n);
if (SSL_is_dtls(s)) {
- if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+ if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
if (D1I(s)->send_cookie == 0) {
- S3I(s)->tmp.reuse_message = 1;
+ S3I(s)->hs.tls12.reuse_message = 1;
return (1);
} else {
/* Already sent a cookie. */
@@ -891,7 +891,7 @@ ssl3_get_server_hello(SSL *s)
}
}
- if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
@@ -1128,12 +1128,12 @@ ssl3_get_server_certificate(SSL *s)
if (!ok)
return ((int)n);
- if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
- S3I(s)->tmp.reuse_message = 1;
+ if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
+ S3I(s)->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
@@ -1498,7 +1498,7 @@ ssl3_get_server_key_exchange(SSL *s)
CBS_init(&cbs, s->internal->init_msg, n);
- if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
/*
* Do not skip server key exchange if this cipher suite uses
* ephemeral keys.
@@ -1509,7 +1509,7 @@ ssl3_get_server_key_exchange(SSL *s)
goto fatal_err;
}
- S3I(s)->tmp.reuse_message = 1;
+ S3I(s)->hs.tls12.reuse_message = 1;
EVP_MD_CTX_cleanup(&md_ctx);
return (1);
}
@@ -1663,8 +1663,8 @@ ssl3_get_certificate_request(SSL *s)
S3I(s)->tmp.cert_req = 0;
- if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_DONE) {
- S3I(s)->tmp.reuse_message = 1;
+ if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) {
+ S3I(s)->hs.tls12.reuse_message = 1;
/*
* If we get here we don't need any cached handshake records
* as we wont be doing client auth.
@@ -1673,7 +1673,7 @@ ssl3_get_certificate_request(SSL *s)
return (1);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
goto err;
@@ -1814,11 +1814,11 @@ ssl3_get_new_session_ticket(SSL *s)
if (!ok)
return ((int)n);
- if (S3I(s)->tmp.message_type == SSL3_MT_FINISHED) {
- S3I(s)->tmp.reuse_message = 1;
+ if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) {
+ S3I(s)->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
@@ -2799,9 +2799,9 @@ ssl3_check_finished(SSL *s)
if (!ok)
return ((int)n);
- S3I(s)->tmp.reuse_message = 1;
- if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) ||
- (S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
+ S3I(s)->hs.tls12.reuse_message = 1;
+ if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) ||
+ (S3I(s)->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET))
return (2);
return (1);
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 3339c57390c..3b86f5874b0 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.333 2021/03/29 16:46:09 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.334 2021/04/19 16:51:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -420,9 +420,19 @@ typedef struct ssl_handshake_tls12_st {
/* Used when SSL_ST_FLUSH_DATA is entered. */
int next_state;
+ /* Handshake message type and size. */
+ int message_type;
+ unsigned long message_size;
+
+ /* Reuse current handshake message. */
+ int reuse_message;
+
/* Record-layer key block for TLS 1.2 and earlier. */
unsigned char *key_block;
size_t key_block_len;
+
+ /* Transcript hash prior to sending certificate verify message. */
+ uint8_t cert_verify[EVP_MAX_MD_SIZE];
} SSL_HANDSHAKE_TLS12;
typedef struct ssl_handshake_tls13_st {
@@ -925,11 +935,6 @@ typedef struct ssl3_state_internal_st {
SSL_HANDSHAKE hs;
struct {
- unsigned char cert_verify_md[EVP_MAX_MD_SIZE];
-
- unsigned long message_size;
- int message_type;
-
DH *dh;
EC_KEY *ecdh; /* holds short lived ECDH key */
@@ -937,8 +942,6 @@ typedef struct ssl3_state_internal_st {
uint8_t *x25519;
- int reuse_message;
-
/* used for certificate requests */
int cert_req;
int ctype_num;
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 0f3572a6786..8241a59ac07 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.101 2021/03/29 16:56:20 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.102 2021/04/19 16:51:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -576,8 +576,8 @@ ssl3_accept(SSL *s)
* a client cert, it can be verified.
*/
if (!tls1_transcript_hash_value(s,
- S3I(s)->tmp.cert_verify_md,
- sizeof(S3I(s)->tmp.cert_verify_md),
+ S3I(s)->hs.tls12.cert_verify,
+ sizeof(S3I(s)->hs.tls12.cert_verify),
NULL)) {
ret = -1;
goto end;
@@ -733,7 +733,7 @@ ssl3_accept(SSL *s)
/* break; */
}
- if (!S3I(s)->tmp.reuse_message && !skip) {
+ if (!S3I(s)->hs.tls12.reuse_message && !skip) {
if (s->internal->debug) {
if ((ret = BIO_flush(s->wbio)) <= 0)
goto end;
@@ -2149,8 +2149,8 @@ ssl3_get_cert_verify(SSL *s)
type = X509_certificate_type(peer, pkey);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
- S3I(s)->tmp.reuse_message = 1;
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
+ S3I(s)->hs.tls12.reuse_message = 1;
if (peer != NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
@@ -2261,7 +2261,7 @@ ssl3_get_cert_verify(SSL *s)
goto fatal_err;
}
} else if (pkey->type == EVP_PKEY_RSA) {
- verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md,
+ verify = RSA_verify(NID_md5_sha1, S3I(s)->hs.tls12.cert_verify,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature),
CBS_len(&signature), pkey->pkey.rsa);
if (verify < 0) {
@@ -2276,7 +2276,7 @@ ssl3_get_cert_verify(SSL *s)
}
} else if (pkey->type == EVP_PKEY_EC) {
verify = ECDSA_verify(pkey->save_type,
- &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+ &(S3I(s)->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]),
SHA_DIGEST_LENGTH, CBS_data(&signature),
CBS_len(&signature), pkey->pkey.ec);
if (verify <= 0) {
@@ -2368,7 +2368,7 @@ ssl3_get_client_certificate(SSL *s)
if (!ok)
return ((int)n);
- if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+ if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
if ((s->verify_mode & SSL_VERIFY_PEER) &&
(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
@@ -2385,11 +2385,11 @@ ssl3_get_client_certificate(SSL *s)
al = SSL_AD_UNEXPECTED_MESSAGE;
goto fatal_err;
}
- S3I(s)->tmp.reuse_message = 1;
+ S3I(s)->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
goto fatal_err;
diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c
index 19271ef7874..f71bac48cde 100644
--- a/lib/libssl/tls13_legacy.c
+++ b/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_legacy.c,v 1.23 2021/03/21 18:36:34 jsing Exp $ */
+/* $OpenBSD: tls13_legacy.c,v 1.24 2021/04/19 16:51:56 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@@ -338,9 +338,9 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
s->internal->init_buf->length, NULL))
goto err;
- S3I(s)->tmp.reuse_message = 1;
- S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg);
- S3I(s)->tmp.message_size = CBS_len(&cbs);
+ S3I(s)->hs.tls12.reuse_message = 1;
+ S3I(s)->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg);
+ S3I(s)->hs.tls12.message_size = CBS_len(&cbs);
return 1;