diff options
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/d1_enc.c | 4 | ||||
-rw-r--r-- | lib/libssl/d1_lib.c | 10 | ||||
-rw-r--r-- | lib/libssl/d1_pkt.c | 39 | ||||
-rw-r--r-- | lib/libssl/dtls1.h | 6 | ||||
-rw-r--r-- | lib/libssl/s3_cbc.c | 8 | ||||
-rw-r--r-- | lib/libssl/ssl3.h | 4 | ||||
-rw-r--r-- | lib/libssl/ssl_locl.h | 39 | ||||
-rw-r--r-- | lib/libssl/ssl_pkt.c | 20 | ||||
-rw-r--r-- | lib/libssl/t1_enc.c | 6 |
9 files changed, 83 insertions, 53 deletions
diff --git a/lib/libssl/d1_enc.c b/lib/libssl/d1_enc.c index 20686d29631..3927fbfe0df 100644 --- a/lib/libssl/d1_enc.c +++ b/lib/libssl/d1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_enc.c,v 1.14 2017/01/23 08:08:06 beck Exp $ */ +/* $OpenBSD: d1_enc.c,v 1.15 2020/03/12 17:01:53 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -132,7 +132,7 @@ int dtls1_enc(SSL *s, int send) { - SSL3_RECORD *rec; + SSL3_RECORD_INTERNAL *rec; EVP_CIPHER_CTX *ds; unsigned long l; int bs, i, j, k, mac_size = 0; diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c index 6171035d238..b7ba6b1092e 100644 --- a/lib/libssl/d1_lib.c +++ b/lib/libssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.44 2020/03/10 17:02:21 jsing Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.45 2020/03/12 17:01:53 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -136,17 +136,17 @@ dtls1_clear_queues(SSL *s) { pitem *item = NULL; hm_fragment *frag = NULL; - DTLS1_RECORD_DATA *rdata; + DTLS1_RECORD_DATA_INTERNAL *rdata; while ((item = pqueue_pop(D1I(s)->unprocessed_rcds.q)) != NULL) { - rdata = (DTLS1_RECORD_DATA *) item->data; + rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data; free(rdata->rbuf.buf); free(item->data); pitem_free(item); } while ((item = pqueue_pop(D1I(s)->processed_rcds.q)) != NULL) { - rdata = (DTLS1_RECORD_DATA *) item->data; + rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data; free(rdata->rbuf.buf); free(item->data); pitem_free(item); @@ -167,7 +167,7 @@ dtls1_clear_queues(SSL *s) } while ((item = pqueue_pop(D1I(s)->buffered_app_data.q)) != NULL) { - rdata = (DTLS1_RECORD_DATA *) item->data; + rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data; free(rdata->rbuf.buf); free(item->data); pitem_free(item); diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 101017449ce..31415b7c3a4 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.70 2020/03/10 17:02:21 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.71 2020/03/12 17:01:53 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -186,7 +186,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, int len, int peek); static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); -static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, +static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch); static int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority); @@ -196,16 +196,16 @@ static int dtls1_process_record(SSL *s); static int dtls1_copy_record(SSL *s, pitem *item) { - DTLS1_RECORD_DATA *rdata; + DTLS1_RECORD_DATA_INTERNAL *rdata; - rdata = (DTLS1_RECORD_DATA *)item->data; + rdata = (DTLS1_RECORD_DATA_INTERNAL *)item->data; free(S3I(s)->rbuf.buf); s->internal->packet = rdata->packet; s->internal->packet_length = rdata->packet_length; - memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); - memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); + memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); + memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL)); /* Set proper sequence number for mac calculation */ memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6); @@ -217,30 +217,29 @@ dtls1_copy_record(SSL *s, pitem *item) static int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) { - DTLS1_RECORD_DATA *rdata; + DTLS1_RECORD_DATA_INTERNAL *rdata; pitem *item; /* Limit the size of the queue to prevent DOS attacks */ if (pqueue_size(queue->q) >= 100) return 0; - rdata = malloc(sizeof(DTLS1_RECORD_DATA)); + rdata = malloc(sizeof(DTLS1_RECORD_DATA_INTERNAL)); item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) goto init_err; rdata->packet = s->internal->packet; rdata->packet_length = s->internal->packet_length; - memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER)); - memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD)); + memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER_INTERNAL)); + memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD_INTERNAL)); item->data = rdata; - s->internal->packet = NULL; s->internal->packet_length = 0; - memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER)); - memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD)); + memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL)); + memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD_INTERNAL)); if (!ssl3_setup_buffers(s)) goto err; @@ -329,7 +328,7 @@ dtls1_process_record(SSL *s) int i, al; int enc_err; SSL_SESSION *sess; - SSL3_RECORD *rr; + SSL3_RECORD_INTERNAL *rr; unsigned int mac_size, orig_len; unsigned char md[EVP_MAX_MD_SIZE]; @@ -467,7 +466,7 @@ err: int dtls1_get_record(SSL *s) { - SSL3_RECORD *rr; + SSL3_RECORD_INTERNAL *rr; unsigned char *p = NULL; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; @@ -638,7 +637,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) { int al, i, j, ret; unsigned int n; - SSL3_RECORD *rr; + SSL3_RECORD_INTERNAL *rr; void (*cb)(const SSL *ssl, int type2, int val) = NULL; if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */ @@ -1178,15 +1177,15 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) { unsigned char *p; int i, mac_size, clear = 0; - SSL3_RECORD *wr; - SSL3_BUFFER *wb; + SSL3_RECORD_INTERNAL *wr; + SSL3_BUFFER_INTERNAL *wb; SSL_SESSION *sess; int bs; CBB cbb; memset(&cbb, 0, sizeof(cbb)); - /* first check if there is a SSL3_BUFFER still being written + /* first check if there is a SSL3_BUFFER_INTERNAL still being written * out. This will happen with non blocking IO */ if (S3I(s)->wbuf.left != 0) { OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ @@ -1408,7 +1407,7 @@ dtls1_dispatch_alert(SSL *s) static DTLS1_BITMAP * -dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch) +dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch) { *is_next_epoch = 0; diff --git a/lib/libssl/dtls1.h b/lib/libssl/dtls1.h index cc672a59345..1ed7c2dc302 100644 --- a/lib/libssl/dtls1.h +++ b/lib/libssl/dtls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dtls1.h,v 1.22 2018/08/24 19:35:05 jsing Exp $ */ +/* $OpenBSD: dtls1.h,v 1.23 2020/03/12 17:01:53 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -161,6 +161,8 @@ typedef struct dtls1_state_st { struct dtls1_state_internal_st *internal; } DTLS1_STATE; +#ifndef LIBRESSL_INTERNAL + typedef struct dtls1_record_data_st { unsigned char *packet; unsigned int packet_length; @@ -170,6 +172,8 @@ typedef struct dtls1_record_data_st { #endif +#endif + /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ #define DTLS1_TMO_READ_COUNT 2 #define DTLS1_TMO_WRITE_COUNT 2 diff --git a/lib/libssl/s3_cbc.c b/lib/libssl/s3_cbc.c index 4b66e1f17aa..371c68cfcc3 100644 --- a/lib/libssl/s3_cbc.c +++ b/lib/libssl/s3_cbc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_cbc.c,v 1.18 2020/02/21 16:07:00 jsing Exp $ */ +/* $OpenBSD: s3_cbc.c,v 1.19 2020/03/12 17:01:53 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2012 The OpenSSL Project. All rights reserved. * @@ -113,8 +113,8 @@ constant_time_eq_8(unsigned a, unsigned b) * 1: if the padding was valid * -1: otherwise. */ int -tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, - unsigned mac_size) +tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD_INTERNAL *rec, + unsigned block_size, unsigned mac_size) { unsigned padding_length, good, to_check, i; const unsigned overhead = 1 /* padding length byte */ + mac_size; @@ -194,7 +194,7 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, #define CBC_MAC_ROTATE_IN_PLACE void -ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD *rec, +ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD_INTERNAL *rec, unsigned md_size, unsigned orig_len) { #if defined(CBC_MAC_ROTATE_IN_PLACE) diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index cadf7fd3872..30dc4c5d7d6 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.49 2018/11/08 22:28:52 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.50 2020/03/12 17:01:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -314,6 +314,7 @@ extern "C" { #define TLS1_HB_RESPONSE 2 #ifndef OPENSSL_NO_SSL_INTERN +#ifndef LIBRESSL_INTERNAL typedef struct ssl3_record_st { /*r */ int type; /* type of record */ @@ -334,6 +335,7 @@ typedef struct ssl3_buffer_st { } SSL3_BUFFER; #endif +#endif #define SSL3_CT_RSA_SIGN 1 #define SSL3_CT_DSS_SIGN 2 diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 77c1a517980..a696ef99b10 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.267 2020/03/10 17:02:21 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.268 2020/03/12 17:01:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -776,6 +776,24 @@ typedef struct ssl_internal_st { int empty_record_count; } SSL_INTERNAL; +typedef struct ssl3_record_internal_st { + int type; /* type of record */ + unsigned int length; /* How many bytes available */ + unsigned int off; /* read/write offset into 'buf' */ + unsigned char *data; /* pointer to the record data */ + unsigned char *input; /* where the decode bytes are */ + unsigned long epoch; /* epoch number, needed by DTLS1 */ + unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ +} SSL3_RECORD_INTERNAL; + +typedef struct ssl3_buffer_internal_st { + unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, + * see ssl3_setup_buffers() */ + size_t len; /* buffer size */ + int offset; /* where to 'copy from' */ + int left; /* how many bytes left */ +} SSL3_BUFFER_INTERNAL; + typedef struct ssl3_state_internal_st { unsigned char read_sequence[SSL3_SEQUENCE_SIZE]; int read_mac_secret_size; @@ -784,8 +802,8 @@ typedef struct ssl3_state_internal_st { int write_mac_secret_size; unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; - SSL3_BUFFER rbuf; /* read IO goes into here */ - SSL3_BUFFER wbuf; /* write IO goes into here */ + SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */ + SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */ /* we allow one fatal and one warning alert to be outstanding, * send close alert via the warning alert */ @@ -796,8 +814,8 @@ typedef struct ssl3_state_internal_st { int need_empty_fragments; int empty_fragment_done; - SSL3_RECORD rrec; /* each decoded record goes in here */ - SSL3_RECORD wrec; /* goes out from here */ + SSL3_RECORD_INTERNAL rrec; /* each decoded record goes in here */ + SSL3_RECORD_INTERNAL wrec; /* goes out from here */ /* storage for Alert/Handshake protocol data received but not * yet processed by ssl3_read_bytes: */ @@ -897,6 +915,13 @@ typedef struct ssl3_state_internal_st { } SSL3_STATE_INTERNAL; #define S3I(s) (s->s3->internal) +typedef struct dtls1_record_data_internal_st { + unsigned char *packet; + unsigned int packet_length; + SSL3_BUFFER_INTERNAL rbuf; + SSL3_RECORD_INTERNAL rrec; +} DTLS1_RECORD_DATA_INTERNAL; + typedef struct dtls1_state_internal_st { unsigned int send_cookie; unsigned char cookie[DTLS1_COOKIE_LENGTH]; @@ -1346,9 +1371,9 @@ long ssl_get_algorithm2(SSL *s); int tls1_check_ec_server_key(SSL *s); /* s3_cbc.c */ -void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec, +void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD_INTERNAL *rec, unsigned md_size, unsigned orig_len); -int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, +int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD_INTERNAL *rec, unsigned block_size, unsigned mac_size); char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index 8126c42d1d8..4302794d942 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.21 2020/03/10 17:02:21 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.22 2020/03/12 17:01:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -152,7 +152,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) int i, len, left; size_t align; unsigned char *pkt; - SSL3_BUFFER *rb; + SSL3_BUFFER_INTERNAL *rb; if (n <= 0) return n; @@ -329,7 +329,7 @@ ssl3_get_record(SSL *s) { int al; int enc_err, n, i, ret = -1; - SSL3_RECORD *rr; + SSL3_RECORD_INTERNAL *rr; SSL_SESSION *sess; unsigned char md[EVP_MAX_MD_SIZE]; unsigned mac_size, orig_len; @@ -360,7 +360,7 @@ ssl3_get_record(SSL *s) CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH); - /* Pull apart the header into the SSL3_RECORD */ + /* Pull apart the header into the SSL3_RECORD_INTERNAL */ if (!CBS_get_u8(&header, &type) || !CBS_get_u16(&header, &ssl_version) || !CBS_get_u16(&header, &len)) { @@ -621,7 +621,7 @@ static int ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf, unsigned int len) { - SSL3_RECORD *wr = &(S3I(s)->wrec); + SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec); SSL_SESSION *sess = s->session; int eivlen, mac_size; uint16_t version; @@ -729,8 +729,8 @@ ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf, static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) { - SSL3_RECORD *wr = &(S3I(s)->wrec); - SSL3_BUFFER *wb = &(S3I(s)->wbuf); + SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec); + SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf); SSL_SESSION *sess = s->session; unsigned char *p; int i, clear = 0; @@ -741,7 +741,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len) if (!ssl3_setup_write_buffer(s)) return -1; - /* first check if there is a SSL3_BUFFER still being written + /* first check if there is a SSL3_BUFFER_INTERNAL still being written * out. This will happen with non blocking IO */ if (wb->left != 0) return (ssl3_write_pending(s, type, buf, len)); @@ -830,7 +830,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) { int i; - SSL3_BUFFER *wb = &(S3I(s)->wbuf); + SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf); /* XXXX */ if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) && @@ -906,7 +906,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) void (*cb)(const SSL *ssl, int type2, int val) = NULL; int al, i, j, ret, rrcount = 0; unsigned int n; - SSL3_RECORD *rr; + SSL3_RECORD_INTERNAL *rr; if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */ if (!ssl3_setup_read_buffer(s)) diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 1eaa0873832..b399f2bd3ce 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.118 2019/05/13 22:48:30 bcook Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.119 2020/03/12 17:01:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -668,7 +668,7 @@ tls1_enc(SSL *s, int send) const SSL_AEAD_CTX *aead; const EVP_CIPHER *enc; EVP_CIPHER_CTX *ds; - SSL3_RECORD *rec; + SSL3_RECORD_INTERNAL *rec; unsigned char *seq; unsigned long l; int bs, i, j, k, ret, mac_size = 0; @@ -931,7 +931,7 @@ tls1_final_finish_mac(SSL *s, const char *str, int str_len, unsigned char *out) int tls1_mac(SSL *ssl, unsigned char *md, int send) { - SSL3_RECORD *rec; + SSL3_RECORD_INTERNAL *rec; unsigned char *seq; EVP_MD_CTX *hash; size_t md_size, orig_len; |