summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/d1_enc.c4
-rw-r--r--lib/libssl/d1_lib.c10
-rw-r--r--lib/libssl/d1_pkt.c39
-rw-r--r--lib/libssl/dtls1.h6
-rw-r--r--lib/libssl/s3_cbc.c8
-rw-r--r--lib/libssl/ssl3.h4
-rw-r--r--lib/libssl/ssl_locl.h39
-rw-r--r--lib/libssl/ssl_pkt.c20
-rw-r--r--lib/libssl/t1_enc.c6
9 files changed, 83 insertions, 53 deletions
diff --git a/lib/libssl/d1_enc.c b/lib/libssl/d1_enc.c
index 20686d29631..3927fbfe0df 100644
--- a/lib/libssl/d1_enc.c
+++ b/lib/libssl/d1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_enc.c,v 1.14 2017/01/23 08:08:06 beck Exp $ */
+/* $OpenBSD: d1_enc.c,v 1.15 2020/03/12 17:01:53 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -132,7 +132,7 @@
int
dtls1_enc(SSL *s, int send)
{
- SSL3_RECORD *rec;
+ SSL3_RECORD_INTERNAL *rec;
EVP_CIPHER_CTX *ds;
unsigned long l;
int bs, i, j, k, mac_size = 0;
diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c
index 6171035d238..b7ba6b1092e 100644
--- a/lib/libssl/d1_lib.c
+++ b/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.44 2020/03/10 17:02:21 jsing Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.45 2020/03/12 17:01:53 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -136,17 +136,17 @@ dtls1_clear_queues(SSL *s)
{
pitem *item = NULL;
hm_fragment *frag = NULL;
- DTLS1_RECORD_DATA *rdata;
+ DTLS1_RECORD_DATA_INTERNAL *rdata;
while ((item = pqueue_pop(D1I(s)->unprocessed_rcds.q)) != NULL) {
- rdata = (DTLS1_RECORD_DATA *) item->data;
+ rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data;
free(rdata->rbuf.buf);
free(item->data);
pitem_free(item);
}
while ((item = pqueue_pop(D1I(s)->processed_rcds.q)) != NULL) {
- rdata = (DTLS1_RECORD_DATA *) item->data;
+ rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data;
free(rdata->rbuf.buf);
free(item->data);
pitem_free(item);
@@ -167,7 +167,7 @@ dtls1_clear_queues(SSL *s)
}
while ((item = pqueue_pop(D1I(s)->buffered_app_data.q)) != NULL) {
- rdata = (DTLS1_RECORD_DATA *) item->data;
+ rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data;
free(rdata->rbuf.buf);
free(item->data);
pitem_free(item);
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index 101017449ce..31415b7c3a4 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.70 2020/03/10 17:02:21 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.71 2020/03/12 17:01:53 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -186,7 +186,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
int len, int peek);
static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr,
unsigned int *is_next_epoch);
static int dtls1_buffer_record(SSL *s, record_pqueue *q,
unsigned char *priority);
@@ -196,16 +196,16 @@ static int dtls1_process_record(SSL *s);
static int
dtls1_copy_record(SSL *s, pitem *item)
{
- DTLS1_RECORD_DATA *rdata;
+ DTLS1_RECORD_DATA_INTERNAL *rdata;
- rdata = (DTLS1_RECORD_DATA *)item->data;
+ rdata = (DTLS1_RECORD_DATA_INTERNAL *)item->data;
free(S3I(s)->rbuf.buf);
s->internal->packet = rdata->packet;
s->internal->packet_length = rdata->packet_length;
- memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
- memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+ memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
+ memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
/* Set proper sequence number for mac calculation */
memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);
@@ -217,30 +217,29 @@ dtls1_copy_record(SSL *s, pitem *item)
static int
dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
{
- DTLS1_RECORD_DATA *rdata;
+ DTLS1_RECORD_DATA_INTERNAL *rdata;
pitem *item;
/* Limit the size of the queue to prevent DOS attacks */
if (pqueue_size(queue->q) >= 100)
return 0;
- rdata = malloc(sizeof(DTLS1_RECORD_DATA));
+ rdata = malloc(sizeof(DTLS1_RECORD_DATA_INTERNAL));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
goto init_err;
rdata->packet = s->internal->packet;
rdata->packet_length = s->internal->packet_length;
- memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER));
- memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD));
+ memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
+ memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD_INTERNAL));
item->data = rdata;
-
s->internal->packet = NULL;
s->internal->packet_length = 0;
- memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER));
- memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD));
+ memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
+ memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
if (!ssl3_setup_buffers(s))
goto err;
@@ -329,7 +328,7 @@ dtls1_process_record(SSL *s)
int i, al;
int enc_err;
SSL_SESSION *sess;
- SSL3_RECORD *rr;
+ SSL3_RECORD_INTERNAL *rr;
unsigned int mac_size, orig_len;
unsigned char md[EVP_MAX_MD_SIZE];
@@ -467,7 +466,7 @@ err:
int
dtls1_get_record(SSL *s)
{
- SSL3_RECORD *rr;
+ SSL3_RECORD_INTERNAL *rr;
unsigned char *p = NULL;
DTLS1_BITMAP *bitmap;
unsigned int is_next_epoch;
@@ -638,7 +637,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
{
int al, i, j, ret;
unsigned int n;
- SSL3_RECORD *rr;
+ SSL3_RECORD_INTERNAL *rr;
void (*cb)(const SSL *ssl, int type2, int val) = NULL;
if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
@@ -1178,15 +1177,15 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
unsigned char *p;
int i, mac_size, clear = 0;
- SSL3_RECORD *wr;
- SSL3_BUFFER *wb;
+ SSL3_RECORD_INTERNAL *wr;
+ SSL3_BUFFER_INTERNAL *wb;
SSL_SESSION *sess;
int bs;
CBB cbb;
memset(&cbb, 0, sizeof(cbb));
- /* first check if there is a SSL3_BUFFER still being written
+ /* first check if there is a SSL3_BUFFER_INTERNAL still being written
* out. This will happen with non blocking IO */
if (S3I(s)->wbuf.left != 0) {
OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
@@ -1408,7 +1407,7 @@ dtls1_dispatch_alert(SSL *s)
static DTLS1_BITMAP *
-dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
+dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
{
*is_next_epoch = 0;
diff --git a/lib/libssl/dtls1.h b/lib/libssl/dtls1.h
index cc672a59345..1ed7c2dc302 100644
--- a/lib/libssl/dtls1.h
+++ b/lib/libssl/dtls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls1.h,v 1.22 2018/08/24 19:35:05 jsing Exp $ */
+/* $OpenBSD: dtls1.h,v 1.23 2020/03/12 17:01:53 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -161,6 +161,8 @@ typedef struct dtls1_state_st {
struct dtls1_state_internal_st *internal;
} DTLS1_STATE;
+#ifndef LIBRESSL_INTERNAL
+
typedef struct dtls1_record_data_st {
unsigned char *packet;
unsigned int packet_length;
@@ -170,6 +172,8 @@ typedef struct dtls1_record_data_st {
#endif
+#endif
+
/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
#define DTLS1_TMO_READ_COUNT 2
#define DTLS1_TMO_WRITE_COUNT 2
diff --git a/lib/libssl/s3_cbc.c b/lib/libssl/s3_cbc.c
index 4b66e1f17aa..371c68cfcc3 100644
--- a/lib/libssl/s3_cbc.c
+++ b/lib/libssl/s3_cbc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_cbc.c,v 1.18 2020/02/21 16:07:00 jsing Exp $ */
+/* $OpenBSD: s3_cbc.c,v 1.19 2020/03/12 17:01:53 jsing Exp $ */
/* ====================================================================
* Copyright (c) 2012 The OpenSSL Project. All rights reserved.
*
@@ -113,8 +113,8 @@ constant_time_eq_8(unsigned a, unsigned b)
* 1: if the padding was valid
* -1: otherwise. */
int
-tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
- unsigned mac_size)
+tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD_INTERNAL *rec,
+ unsigned block_size, unsigned mac_size)
{
unsigned padding_length, good, to_check, i;
const unsigned overhead = 1 /* padding length byte */ + mac_size;
@@ -194,7 +194,7 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
#define CBC_MAC_ROTATE_IN_PLACE
void
-ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD *rec,
+ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD_INTERNAL *rec,
unsigned md_size, unsigned orig_len)
{
#if defined(CBC_MAC_ROTATE_IN_PLACE)
diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index cadf7fd3872..30dc4c5d7d6 100644
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.49 2018/11/08 22:28:52 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.50 2020/03/12 17:01:53 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -314,6 +314,7 @@ extern "C" {
#define TLS1_HB_RESPONSE 2
#ifndef OPENSSL_NO_SSL_INTERN
+#ifndef LIBRESSL_INTERNAL
typedef struct ssl3_record_st {
/*r */ int type; /* type of record */
@@ -334,6 +335,7 @@ typedef struct ssl3_buffer_st {
} SSL3_BUFFER;
#endif
+#endif
#define SSL3_CT_RSA_SIGN 1
#define SSL3_CT_DSS_SIGN 2
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 77c1a517980..a696ef99b10 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.267 2020/03/10 17:02:21 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.268 2020/03/12 17:01:53 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -776,6 +776,24 @@ typedef struct ssl_internal_st {
int empty_record_count;
} SSL_INTERNAL;
+typedef struct ssl3_record_internal_st {
+ int type; /* type of record */
+ unsigned int length; /* How many bytes available */
+ unsigned int off; /* read/write offset into 'buf' */
+ unsigned char *data; /* pointer to the record data */
+ unsigned char *input; /* where the decode bytes are */
+ unsigned long epoch; /* epoch number, needed by DTLS1 */
+ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
+} SSL3_RECORD_INTERNAL;
+
+typedef struct ssl3_buffer_internal_st {
+ unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
+ * see ssl3_setup_buffers() */
+ size_t len; /* buffer size */
+ int offset; /* where to 'copy from' */
+ int left; /* how many bytes left */
+} SSL3_BUFFER_INTERNAL;
+
typedef struct ssl3_state_internal_st {
unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
int read_mac_secret_size;
@@ -784,8 +802,8 @@ typedef struct ssl3_state_internal_st {
int write_mac_secret_size;
unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
- SSL3_BUFFER rbuf; /* read IO goes into here */
- SSL3_BUFFER wbuf; /* write IO goes into here */
+ SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */
+ SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */
/* we allow one fatal and one warning alert to be outstanding,
* send close alert via the warning alert */
@@ -796,8 +814,8 @@ typedef struct ssl3_state_internal_st {
int need_empty_fragments;
int empty_fragment_done;
- SSL3_RECORD rrec; /* each decoded record goes in here */
- SSL3_RECORD wrec; /* goes out from here */
+ SSL3_RECORD_INTERNAL rrec; /* each decoded record goes in here */
+ SSL3_RECORD_INTERNAL wrec; /* goes out from here */
/* storage for Alert/Handshake protocol data received but not
* yet processed by ssl3_read_bytes: */
@@ -897,6 +915,13 @@ typedef struct ssl3_state_internal_st {
} SSL3_STATE_INTERNAL;
#define S3I(s) (s->s3->internal)
+typedef struct dtls1_record_data_internal_st {
+ unsigned char *packet;
+ unsigned int packet_length;
+ SSL3_BUFFER_INTERNAL rbuf;
+ SSL3_RECORD_INTERNAL rrec;
+} DTLS1_RECORD_DATA_INTERNAL;
+
typedef struct dtls1_state_internal_st {
unsigned int send_cookie;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
@@ -1346,9 +1371,9 @@ long ssl_get_algorithm2(SSL *s);
int tls1_check_ec_server_key(SSL *s);
/* s3_cbc.c */
-void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec,
+void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD_INTERNAL *rec,
unsigned md_size, unsigned orig_len);
-int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
+int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD_INTERNAL *rec,
unsigned block_size, unsigned mac_size);
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c
index 8126c42d1d8..4302794d942 100644
--- a/lib/libssl/ssl_pkt.c
+++ b/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.21 2020/03/10 17:02:21 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.22 2020/03/12 17:01:53 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -152,7 +152,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
int i, len, left;
size_t align;
unsigned char *pkt;
- SSL3_BUFFER *rb;
+ SSL3_BUFFER_INTERNAL *rb;
if (n <= 0)
return n;
@@ -329,7 +329,7 @@ ssl3_get_record(SSL *s)
{
int al;
int enc_err, n, i, ret = -1;
- SSL3_RECORD *rr;
+ SSL3_RECORD_INTERNAL *rr;
SSL_SESSION *sess;
unsigned char md[EVP_MAX_MD_SIZE];
unsigned mac_size, orig_len;
@@ -360,7 +360,7 @@ ssl3_get_record(SSL *s)
CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH);
- /* Pull apart the header into the SSL3_RECORD */
+ /* Pull apart the header into the SSL3_RECORD_INTERNAL */
if (!CBS_get_u8(&header, &type) ||
!CBS_get_u16(&header, &ssl_version) ||
!CBS_get_u16(&header, &len)) {
@@ -621,7 +621,7 @@ static int
ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf,
unsigned int len)
{
- SSL3_RECORD *wr = &(S3I(s)->wrec);
+ SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec);
SSL_SESSION *sess = s->session;
int eivlen, mac_size;
uint16_t version;
@@ -729,8 +729,8 @@ ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf,
static int
do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
- SSL3_RECORD *wr = &(S3I(s)->wrec);
- SSL3_BUFFER *wb = &(S3I(s)->wbuf);
+ SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec);
+ SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
SSL_SESSION *sess = s->session;
unsigned char *p;
int i, clear = 0;
@@ -741,7 +741,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
if (!ssl3_setup_write_buffer(s))
return -1;
- /* first check if there is a SSL3_BUFFER still being written
+ /* first check if there is a SSL3_BUFFER_INTERNAL still being written
* out. This will happen with non blocking IO */
if (wb->left != 0)
return (ssl3_write_pending(s, type, buf, len));
@@ -830,7 +830,7 @@ int
ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
int i;
- SSL3_BUFFER *wb = &(S3I(s)->wbuf);
+ SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
/* XXXX */
if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
@@ -906,7 +906,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
void (*cb)(const SSL *ssl, int type2, int val) = NULL;
int al, i, j, ret, rrcount = 0;
unsigned int n;
- SSL3_RECORD *rr;
+ SSL3_RECORD_INTERNAL *rr;
if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
if (!ssl3_setup_read_buffer(s))
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index 1eaa0873832..b399f2bd3ce 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.118 2019/05/13 22:48:30 bcook Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.119 2020/03/12 17:01:53 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -668,7 +668,7 @@ tls1_enc(SSL *s, int send)
const SSL_AEAD_CTX *aead;
const EVP_CIPHER *enc;
EVP_CIPHER_CTX *ds;
- SSL3_RECORD *rec;
+ SSL3_RECORD_INTERNAL *rec;
unsigned char *seq;
unsigned long l;
int bs, i, j, k, ret, mac_size = 0;
@@ -931,7 +931,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int str_len, unsigned char *out)
int
tls1_mac(SSL *ssl, unsigned char *md, int send)
{
- SSL3_RECORD *rec;
+ SSL3_RECORD_INTERNAL *rec;
unsigned char *seq;
EVP_MD_CTX *hash;
size_t md_size, orig_len;