-/* $OpenBSD: d1_both.c,v 1.80 2021/10/23 13:36:03 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.81 2022/02/05 14:54:10 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
* s3->internal->tmp is used to store messages that are unexpected, caused
* by the absence of an optional handshake message
*/
- if (S3I(s)->hs.tls12.reuse_message) {
- S3I(s)->hs.tls12.reuse_message = 0;
- if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) {
+ if (s->s3->hs.tls12.reuse_message) {
+ s->s3->hs.tls12.reuse_message = 0;
+ if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
goto fatal_err;
}
s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
- s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
+ s->internal->init_num = (int)s->s3->hs.tls12.message_size;
return 1;
}
return SSL_AD_INTERNAL_ERROR;
}
- S3I(s)->hs.tls12.message_size = msg_len;
+ s->s3->hs.tls12.message_size = msg_len;
s->d1->r_msg_hdr.msg_len = msg_len;
- S3I(s)->hs.tls12.message_type = msg_hdr->type;
+ s->s3->hs.tls12.message_type = msg_hdr->type;
s->d1->r_msg_hdr.type = msg_hdr->type;
s->d1->r_msg_hdr.seq = msg_hdr->seq;
} else if (msg_len != s->d1->r_msg_hdr.msg_len) {
goto fatal_err;
/* XDTLS: ressurect this when restart is in place */
- S3I(s)->hs.state = stn;
+ s->s3->hs.state = stn;
if (frag_len > 0) {
unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-/* $OpenBSD: d1_pkt.c,v 1.116 2021/11/09 18:40:21 bcook Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.117 2022/02/05 14:54:10 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
static int
dtls1_copy_record(SSL *s, DTLS1_RECORD_DATA_INTERNAL *rdata)
{
- ssl3_release_buffer(&S3I(s)->rbuf);
+ ssl3_release_buffer(&s->s3->rbuf);
s->internal->packet = rdata->packet;
s->internal->packet_length = rdata->packet_length;
- memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
- memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
+ memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
+ memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
return (1);
}
rdata->packet = s->internal->packet;
rdata->packet_length = s->internal->packet_length;
- memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
- memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD_INTERNAL));
+ memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
+ memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL));
item->data = rdata;
s->internal->packet = NULL;
s->internal->packet_length = 0;
- memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
- memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
+ memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
+ memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
if (!ssl3_setup_buffers(s))
goto err;
static int
dtls1_process_record(SSL *s)
{
- SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec);
+ SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
uint8_t alert_desc;
uint8_t *out;
size_t out_len;
int
dtls1_get_record(SSL *s)
{
- SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec);
+ SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
unsigned char *p = NULL;
DTLS1_BITMAP *bitmap;
unsigned int is_next_epoch;
unsigned int n;
SSL3_RECORD_INTERNAL *rr;
- if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
+ if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
if (!ssl3_setup_buffers(s))
return (-1);
s->internal->rwstate = SSL_NOTHING;
- /* S3I(s)->rrec.type - is the type of record
- * S3I(s)->rrec.data, - data
- * S3I(s)->rrec.off, - offset into 'data' for next read
- * S3I(s)->rrec.length, - number of bytes. */
- rr = &(S3I(s)->rrec);
+ /* s->s3->rrec.type - is the type of record
+ * s->s3->rrec.data, - data
+ * s->s3->rrec.off, - offset into 'data' for next read
+ * s->s3->rrec.length, - number of bytes. */
+ rr = &(s->s3->rrec);
/* We are not handshaking and have no data yet,
* so process data buffered during the last handshake
* in advance, if any.
*/
- if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0)
+ if (s->s3->hs.state == SSL_ST_OK && rr->length == 0)
dtls1_retrieve_buffered_record(s, &(s->d1->buffered_app_data));
/* Check for timeout */
/* we now have a packet which can be read and processed */
- if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec,
+ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */
&& (rr->type != SSL3_RT_HANDSHAKE)) {
/* We now have application data between CCS and Finished.
* Application data while renegotiating is allowed.
* Try reading again.
*/
- S3I(s)->in_read_app_data = 2;
+ s->s3->in_read_app_data = 2;
ssl_force_want_read(s);
return -1;
} else {
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !S3I(s)->renegotiate) {
+ !s->s3->renegotiate) {
s->d1->handshake_read_seq++;
s->internal->new_session = 1;
ssl3_renegotiate(s);
}
if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
- if (S3I(s)->rbuf.left == 0) {
+ if (s->s3->rbuf.left == 0) {
ssl_force_want_read(s);
return (-1);
}
(alert_level << 8) | alert_descr);
if (alert_level == SSL3_AL_WARNING) {
- S3I(s)->warn_alert = alert_descr;
+ s->s3->warn_alert = alert_descr;
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
}
} else if (alert_level == SSL3_AL_FATAL) {
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->fatal_alert = alert_descr;
+ s->s3->fatal_alert = alert_descr;
SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
ERR_asprintf_error_data("SSL alert number %d",
alert_descr);
s->d1->change_cipher_spec_ok = 0;
- S3I(s)->change_cipher_spec = 1;
+ s->s3->change_cipher_spec = 1;
if (!ssl3_do_change_cipher_spec(s))
goto err;
goto start;
}
- if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
+ if (((s->s3->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
- S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+ s->s3->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
s->internal->renegotiate = 1;
s->internal->new_session = 1;
}
}
if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
- if (S3I(s)->rbuf.left == 0) {
+ if (s->s3->rbuf.left == 0) {
ssl_force_want_read(s);
return (-1);
}
* at this point (session renegotiation not yet started),
* we will indulge it.
*/
- if (S3I(s)->in_read_app_data &&
- (S3I(s)->total_renegotiations != 0) &&
- (((S3I(s)->hs.state & SSL_ST_CONNECT) &&
- (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
- (S3I(s)->hs.state & SSL_ST_ACCEPT) &&
- (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
- S3I(s)->in_read_app_data = 2;
+ if (s->s3->in_read_app_data &&
+ (s->s3->total_renegotiations != 0) &&
+ (((s->s3->hs.state & SSL_ST_CONNECT) &&
+ (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+ (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
+ (s->s3->hs.state & SSL_ST_ACCEPT) &&
+ (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
+ (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
+ s->s3->in_read_app_data = 2;
return (-1);
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
int
do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
- SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
+ SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
size_t out_len;
CBB cbb;
int ret;
}
/* If we have an alert to send, let's send it */
- if (S3I(s)->alert_dispatch) {
+ if (s->s3->alert_dispatch) {
if ((ret = ssl3_dispatch_alert(s)) <= 0)
return (ret);
/* If it went, fall through and send more stuff. */
* Memorize arguments so that ssl3_write_pending can detect
* bad write retries later.
*/
- S3I(s)->wpend_tot = len;
- S3I(s)->wpend_buf = buf;
- S3I(s)->wpend_type = type;
- S3I(s)->wpend_ret = len;
+ s->s3->wpend_tot = len;
+ s->s3->wpend_buf = buf;
+ s->s3->wpend_type = type;
+ s->s3->wpend_ret = len;
/* We now just need to write the buffer. */
return ssl3_write_pending(s, type, buf, len);
-/* $OpenBSD: s3_lib.c,v 1.225 2022/01/26 11:05:41 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.226 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
if (s->internal->rstate == SSL_ST_READ_BODY)
return 0;
- return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ?
- S3I(s)->rrec.length : 0;
+ return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
+ s->s3->rrec.length : 0;
}
int
{
if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL)
return (0);
- if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) {
- free(s->s3);
- return (0);
- }
s->method->ssl_clear(s);
tls1_cleanup_key_block(s);
ssl3_release_read_buffer(s);
ssl3_release_write_buffer(s);
- freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len);
+ freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
- tls_key_share_free(S3I(s)->hs.key_share);
+ tls_key_share_free(s->s3->hs.key_share);
- tls13_secrets_destroy(S3I(s)->hs.tls13.secrets);
- freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len);
- tls13_clienthello_hash_clear(&S3I(s)->hs.tls13);
+ tls13_secrets_destroy(s->s3->hs.tls13.secrets);
+ freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
+ tls13_clienthello_hash_clear(&s->s3->hs.tls13);
- sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
sk_X509_pop_free(s->internal->verified_chain, X509_free);
tls1_transcript_free(s);
tls1_transcript_hash_free(s);
- free(S3I(s)->alpn_selected);
+ free(s->s3->alpn_selected);
- freezero(S3I(s), sizeof(*S3I(s)));
freezero(s->s3, sizeof(*s->s3));
s->s3 = NULL;
void
ssl3_clear(SSL *s)
{
- struct ssl3_state_internal_st *internal;
unsigned char *rp, *wp;
size_t rlen, wlen;
tls1_cleanup_key_block(s);
- sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
sk_X509_pop_free(s->internal->verified_chain, X509_free);
s->internal->verified_chain = NULL;
- freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len);
- S3I(s)->hs.sigalgs = NULL;
- S3I(s)->hs.sigalgs_len = 0;
+ freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
+ s->s3->hs.sigalgs = NULL;
+ s->s3->hs.sigalgs_len = 0;
- tls_key_share_free(S3I(s)->hs.key_share);
- S3I(s)->hs.key_share = NULL;
+ tls_key_share_free(s->s3->hs.key_share);
+ s->s3->hs.key_share = NULL;
- tls13_secrets_destroy(S3I(s)->hs.tls13.secrets);
- S3I(s)->hs.tls13.secrets = NULL;
- freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len);
- S3I(s)->hs.tls13.cookie = NULL;
- S3I(s)->hs.tls13.cookie_len = 0;
- tls13_clienthello_hash_clear(&S3I(s)->hs.tls13);
+ tls13_secrets_destroy(s->s3->hs.tls13.secrets);
+ s->s3->hs.tls13.secrets = NULL;
+ freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
+ s->s3->hs.tls13.cookie = NULL;
+ s->s3->hs.tls13.cookie_len = 0;
+ tls13_clienthello_hash_clear(&s->s3->hs.tls13);
- S3I(s)->hs.extensions_seen = 0;
+ s->s3->hs.extensions_seen = 0;
- rp = S3I(s)->rbuf.buf;
- wp = S3I(s)->wbuf.buf;
- rlen = S3I(s)->rbuf.len;
- wlen = S3I(s)->wbuf.len;
+ rp = s->s3->rbuf.buf;
+ wp = s->s3->wbuf.buf;
+ rlen = s->s3->rbuf.len;
+ wlen = s->s3->wbuf.len;
tls1_transcript_free(s);
tls1_transcript_hash_free(s);
- free(S3I(s)->alpn_selected);
- S3I(s)->alpn_selected = NULL;
- S3I(s)->alpn_selected_len = 0;
+ free(s->s3->alpn_selected);
+ s->s3->alpn_selected = NULL;
+ s->s3->alpn_selected_len = 0;
- memset(S3I(s), 0, sizeof(*S3I(s)));
- internal = S3I(s);
memset(s->s3, 0, sizeof(*s->s3));
- S3I(s) = internal;
- S3I(s)->rbuf.buf = rp;
- S3I(s)->wbuf.buf = wp;
- S3I(s)->rbuf.len = rlen;
- S3I(s)->wbuf.len = wlen;
+ s->s3->rbuf.buf = rp;
+ s->s3->wbuf.buf = wp;
+ s->s3->rbuf.len = rlen;
+ s->s3->wbuf.len = wlen;
ssl_free_wbio_buffer(s);
/* Not needed... */
- S3I(s)->renegotiate = 0;
- S3I(s)->total_renegotiations = 0;
- S3I(s)->num_renegotiations = 0;
- S3I(s)->in_read_app_data = 0;
+ s->s3->renegotiate = 0;
+ s->s3->total_renegotiations = 0;
+ s->s3->num_renegotiations = 0;
+ s->s3->in_read_app_data = 0;
s->internal->packet_length = 0;
s->version = TLS1_VERSION;
- S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
+ s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
}
long
*key = NULL;
- if (S3I(s)->hs.key_share == NULL)
+ if (s->s3->hs.key_share == NULL)
goto err;
if ((pkey = EVP_PKEY_new()) == NULL)
goto err;
- if (!tls_key_share_peer_pkey(S3I(s)->hs.key_share, pkey))
+ if (!tls_key_share_peer_pkey(s->s3->hs.key_share, pkey))
goto err;
*key = pkey;
static int
_SSL_num_renegotiations(SSL *s)
{
- return S3I(s)->num_renegotiations;
+ return s->s3->num_renegotiations;
}
static int
{
int renegs;
- renegs = S3I(s)->num_renegotiations;
- S3I(s)->num_renegotiations = 0;
+ renegs = s->s3->num_renegotiations;
+ s->s3->num_renegotiations = 0;
return renegs;
}
static int
_SSL_total_renegotiations(SSL *s)
{
- return S3I(s)->total_renegotiations;
+ return s->s3->total_renegotiations;
}
static int
{
const struct ssl_sigalg *sigalg;
- if ((sigalg = S3I(s)->hs.our_sigalg) == NULL)
+ if ((sigalg = s->s3->hs.our_sigalg) == NULL)
return 0;
*nid = EVP_MD_type(sigalg->md());
{
const struct ssl_sigalg *sigalg;
- if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL)
+ if ((sigalg = s->s3->hs.peer_sigalg) == NULL)
return 0;
*nid = EVP_MD_type(sigalg->md());
{
const struct ssl_sigalg *sigalg;
- if ((sigalg = S3I(s)->hs.our_sigalg) == NULL)
+ if ((sigalg = s->s3->hs.our_sigalg) == NULL)
return 0;
*nid = sigalg->key_type;
{
const struct ssl_sigalg *sigalg;
- if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL)
+ if ((sigalg = s->s3->hs.peer_sigalg) == NULL)
return 0;
*nid = sigalg->key_type;
{
unsigned long alg_k;
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
#ifndef OPENSSL_NO_GOST
if ((alg_k & SSL_kGOST) != 0) {
* Don't do anything much if we have not done the handshake or
* we don't want to send messages :-)
*/
- if ((s->internal->quiet_shutdown) || (S3I(s)->hs.state == SSL_ST_BEFORE)) {
+ if ((s->internal->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) {
s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
return (1);
}
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
/*
* Our shutdown alert has been sent now, and if it still needs
- * to be written, S3I(s)->alert_dispatch will be true
+ * to be written, s->s3->alert_dispatch will be true
*/
- if (S3I(s)->alert_dispatch)
+ if (s->s3->alert_dispatch)
return (-1); /* return WANT_WRITE */
- } else if (S3I(s)->alert_dispatch) {
+ } else if (s->s3->alert_dispatch) {
/* resend it if not sent */
ret = ssl3_dispatch_alert(s);
if (ret == -1) {
}
if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
- !S3I(s)->alert_dispatch)
+ !s->s3->alert_dispatch)
return (1);
else
return (0);
{
errno = 0;
- if (S3I(s)->renegotiate)
+ if (s->s3->renegotiate)
ssl3_renegotiate_check(s);
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
int ret;
errno = 0;
- if (S3I(s)->renegotiate)
+ if (s->s3->renegotiate)
ssl3_renegotiate_check(s);
- S3I(s)->in_read_app_data = 1;
+ s->s3->in_read_app_data = 1;
ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
peek);
- if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) {
+ if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
/*
* ssl3_read_bytes decided to call s->internal->handshake_func,
* which called ssl3_read_bytes to read handshake data.
buf, len, peek);
s->internal->in_handshake--;
} else
- S3I(s)->in_read_app_data = 0;
+ s->s3->in_read_app_data = 0;
return (ret);
}
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return (0);
- S3I(s)->renegotiate = 1;
+ s->s3->renegotiate = 1;
return (1);
}
{
int ret = 0;
- if (S3I(s)->renegotiate) {
- if ((S3I(s)->rbuf.left == 0) && (S3I(s)->wbuf.left == 0) &&
+ if (s->s3->renegotiate) {
+ if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
!SSL_in_init(s)) {
/*
* If we are the server, and we have sent
* to SSL_ST_ACCEPT.
*/
/* SSL_ST_ACCEPT */
- S3I(s)->hs.state = SSL_ST_RENEGOTIATE;
- S3I(s)->renegotiate = 0;
- S3I(s)->num_renegotiations++;
- S3I(s)->total_renegotiations++;
+ s->s3->hs.state = SSL_ST_RENEGOTIATE;
+ s->s3->renegotiate = 0;
+ s->s3->num_renegotiations++;
+ s->s3->total_renegotiations++;
ret = 1;
}
}
-/* $OpenBSD: ssl_both.c,v 1.41 2022/02/03 16:33:12 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.42 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == state_a) {
+ if (s->s3->hs.state == state_a) {
if (!tls12_derive_finished(s))
goto err;
/* Copy finished so we can use it for renegotiation checks. */
if (!s->server) {
- memcpy(S3I(s)->previous_client_finished,
- S3I(s)->hs.finished, S3I(s)->hs.finished_len);
- S3I(s)->previous_client_finished_len =
- S3I(s)->hs.finished_len;
+ memcpy(s->s3->previous_client_finished,
+ s->s3->hs.finished, s->s3->hs.finished_len);
+ s->s3->previous_client_finished_len =
+ s->s3->hs.finished_len;
} else {
- memcpy(S3I(s)->previous_server_finished,
- S3I(s)->hs.finished, S3I(s)->hs.finished_len);
- S3I(s)->previous_server_finished_len =
- S3I(s)->hs.finished_len;
+ memcpy(s->s3->previous_server_finished,
+ s->s3->hs.finished, s->s3->hs.finished_len);
+ s->s3->previous_server_finished_len =
+ s->s3->hs.finished_len;
}
if (!ssl3_handshake_msg_start(s, &cbb, &finished,
SSL3_MT_FINISHED))
goto err;
- if (!CBB_add_bytes(&finished, S3I(s)->hs.finished,
- S3I(s)->hs.finished_len))
+ if (!CBB_add_bytes(&finished, s->s3->hs.finished,
+ s->s3->hs.finished_len))
goto err;
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = state_b;
+ s->s3->hs.state = state_b;
}
return (ssl3_handshake_write(s));
return ret;
/* If this occurs, we have missed a message */
- if (!S3I(s)->change_cipher_spec) {
+ if (!s->s3->change_cipher_spec) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
goto fatal_err;
}
- S3I(s)->change_cipher_spec = 0;
+ s->s3->change_cipher_spec = 0;
md_len = TLS1_FINISH_MAC_LENGTH;
CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
- if (S3I(s)->hs.peer_finished_len != md_len ||
+ if (s->s3->hs.peer_finished_len != md_len ||
CBS_len(&cbs) != md_len) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
goto fatal_err;
}
- if (!CBS_mem_equal(&cbs, S3I(s)->hs.peer_finished, CBS_len(&cbs))) {
+ if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
goto fatal_err;
/* Copy finished so we can use it for renegotiation checks. */
OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
if (s->server) {
- memcpy(S3I(s)->previous_client_finished,
- S3I(s)->hs.peer_finished, md_len);
- S3I(s)->previous_client_finished_len = md_len;
+ memcpy(s->s3->previous_client_finished,
+ s->s3->hs.peer_finished, md_len);
+ s->s3->previous_client_finished_len = md_len;
} else {
- memcpy(S3I(s)->previous_server_finished,
- S3I(s)->hs.peer_finished, md_len);
- S3I(s)->previous_server_finished_len = md_len;
+ memcpy(s->s3->previous_server_finished,
+ s->s3->hs.peer_finished, md_len);
+ s->s3->previous_server_finished_len = md_len;
}
return (1);
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == a) {
+ if (s->s3->hs.state == a) {
if (!CBB_init_fixed(&cbb, s->internal->init_buf->data,
s->internal->init_buf->length))
goto err;
dtls1_buffer_message(s, 1);
}
- S3I(s)->hs.state = b;
+ s->s3->hs.state = b;
}
/* SSL3_ST_CW_CHANGE_B */
if (SSL_is_dtls(s))
return dtls1_get_message(s, st1, stn, mt, max);
- if (S3I(s)->hs.tls12.reuse_message) {
- S3I(s)->hs.tls12.reuse_message = 0;
- if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) {
+ if (s->s3->hs.tls12.reuse_message) {
+ s->s3->hs.tls12.reuse_message = 0;
+ if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
goto fatal_err;
}
s->internal->init_msg = s->internal->init_buf->data +
SSL3_HM_HEADER_LENGTH;
- s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
+ s->internal->init_num = (int)s->s3->hs.tls12.message_size;
return 1;
}
p = (unsigned char *)s->internal->init_buf->data;
- if (S3I(s)->hs.state == st1) {
+ if (s->s3->hs.state == st1) {
int skip_message;
do {
SSLerror(s, ERR_R_BUF_LIB);
goto err;
}
- S3I(s)->hs.tls12.message_type = u8;
+ s->s3->hs.tls12.message_type = u8;
if (l > (unsigned long)max) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, ERR_R_BUF_LIB);
goto err;
}
- S3I(s)->hs.tls12.message_size = l;
- S3I(s)->hs.state = stn;
+ s->s3->hs.tls12.message_size = l;
+ s->s3->hs.state = stn;
s->internal->init_msg = s->internal->init_buf->data +
SSL3_HM_HEADER_LENGTH;
/* next state (stn) */
p = s->internal->init_msg;
- n = S3I(s)->hs.tls12.message_size - s->internal->init_num;
+ n = s->s3->hs.tls12.message_size - s->internal->init_num;
while (n > 0) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
&p[s->internal->init_num], n, 0);
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
- if (S3I(s)->rbuf.buf == NULL) {
+ if (s->s3->rbuf.buf == NULL) {
len = SSL3_RT_MAX_PLAIN_LENGTH +
SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
if ((p = calloc(1, len)) == NULL)
goto err;
- S3I(s)->rbuf.buf = p;
- S3I(s)->rbuf.len = len;
+ s->s3->rbuf.buf = p;
+ s->s3->rbuf.len = len;
}
- s->internal->packet = S3I(s)->rbuf.buf;
+ s->internal->packet = s->s3->rbuf.buf;
return 1;
err:
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
- if (S3I(s)->wbuf.buf == NULL) {
+ if (s->s3->wbuf.buf == NULL) {
len = s->max_send_fragment +
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
if ((p = calloc(1, len)) == NULL)
goto err;
- S3I(s)->wbuf.buf = p;
- S3I(s)->wbuf.len = len;
+ s->s3->wbuf.buf = p;
+ s->s3->wbuf.len = len;
}
return 1;
void
ssl3_release_read_buffer(SSL *s)
{
- ssl3_release_buffer(&S3I(s)->rbuf);
+ ssl3_release_buffer(&s->s3->rbuf);
}
void
ssl3_release_write_buffer(SSL *s)
{
- ssl3_release_buffer(&S3I(s)->wbuf);
+ ssl3_release_buffer(&s->s3->wbuf);
}
-/* $OpenBSD: ssl_cert.c,v 1.94 2022/01/28 13:14:48 inoguchi Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.95 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
if (!s->server) {
/* We are in the client. */
if ((s->version >> 8) == SSL3_VERSION_MAJOR)
- return (S3I(s)->hs.tls12.ca_names);
+ return (s->s3->hs.tls12.ca_names);
else
return (NULL);
} else {
-/* $OpenBSD: ssl_ciph.c,v 1.125 2021/11/23 18:26:23 tb Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.126 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
*md = NULL;
- if (S3I(s)->hs.cipher == NULL)
+ if (s->s3->hs.cipher == NULL)
return 0;
- handshake_mac = S3I(s)->hs.cipher->algorithm2 &
+ handshake_mac = s->s3->hs.cipher->algorithm2 &
SSL_HANDSHAKE_MAC_MASK;
/* For TLSv1.2 we upgrade the default MD5+SHA1 MAC to SHA256. */
-/* $OpenBSD: ssl_ciphers.c,v 1.11 2021/03/11 17:14:46 jsing Exp $ */
+/* $OpenBSD: ssl_ciphers.c,v 1.12 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
* Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org>
uint16_t cipher_value;
unsigned long cipher_id;
- S3I(s)->send_connection_binding = 0;
+ s->s3->send_connection_binding = 0;
if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
- S3I(s)->send_connection_binding = 1;
+ s->s3->send_connection_binding = 1;
continue;
}
* Fail if the current version is an unexpected
* downgrade.
*/
- if (S3I(s)->hs.negotiated_tls_version <
- S3I(s)->hs.our_max_tls_version) {
+ if (s->s3->hs.negotiated_tls_version <
+ s->s3->hs.our_max_tls_version) {
SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
ssl3_send_alert(s, SSL3_AL_FATAL,
SSL_AD_INAPPROPRIATE_FALLBACK);
-/* $OpenBSD: ssl_clnt.c,v 1.140 2022/02/03 16:33:12 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.141 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
SSL_clear(s);
for (;;) {
- state = S3I(s)->hs.state;
+ state = s->s3->hs.state;
- switch (S3I(s)->hs.state) {
+ switch (s->s3->hs.state) {
case SSL_ST_RENEGOTIATE:
s->internal->renegotiate = 1;
- S3I(s)->hs.state = SSL_ST_CONNECT;
+ s->s3->hs.state = SSL_ST_CONNECT;
s->ctx->internal->stats.sess_connect_renegotiate++;
/* break */
case SSL_ST_BEFORE:
}
if (!ssl_supported_tls_version_range(s,
- &S3I(s)->hs.our_min_tls_version,
- &S3I(s)->hs.our_max_tls_version)) {
+ &s->s3->hs.our_min_tls_version,
+ &s->s3->hs.our_max_tls_version)) {
SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
ret = -1;
goto end;
goto end;
}
- S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
+ s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->internal->stats.sess_connect++;
s->internal->init_num = 0;
goto end;
if (SSL_is_dtls(s) && s->d1->send_cookie) {
- S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
- S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A;
+ s->s3->hs.state = SSL3_ST_CW_FLUSH;
+ s->s3->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A;
} else
- S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
+ s->s3->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
s->internal->init_num = 0;
goto end;
if (s->internal->hit) {
- S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
if (!SSL_is_dtls(s)) {
if (s->internal->tlsext_ticket_expected) {
/* receive renewed session ticket */
- S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
+ s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
}
/* No client certificate verification. */
tls1_transcript_free(s);
}
} else if (SSL_is_dtls(s)) {
- S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
+ s->s3->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
} else {
- S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
+ s->s3->hs.state = SSL3_ST_CR_CERT_A;
}
s->internal->init_num = 0;
break;
goto end;
dtls1_stop_timer(s);
if (s->d1->send_cookie) /* start again, with a cookie */
- S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
+ s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
else
- S3I(s)->hs.state = SSL3_ST_CR_CERT_A;
+ s->s3->hs.state = SSL3_ST_CR_CERT_A;
s->internal->init_num = 0;
break;
if (ret == 2) {
s->internal->hit = 1;
if (s->internal->tlsext_ticket_expected)
- S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
+ s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
else
- S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
s->internal->init_num = 0;
break;
}
/* Check if it is anon DH/ECDH. */
- if (!(S3I(s)->hs.cipher->algorithm_auth &
+ if (!(s->s3->hs.cipher->algorithm_auth &
SSL_aNULL)) {
ret = ssl3_get_server_certificate(s);
if (ret <= 0)
goto end;
if (s->internal->tlsext_status_expected)
- S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A;
+ s->s3->hs.state = SSL3_ST_CR_CERT_STATUS_A;
else
- S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
} else {
skip = 1;
- S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
}
s->internal->init_num = 0;
break;
ret = ssl3_get_server_key_exchange(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A;
+ s->s3->hs.state = SSL3_ST_CR_CERT_REQ_A;
s->internal->init_num = 0;
/*
ret = ssl3_get_certificate_request(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A;
+ s->s3->hs.state = SSL3_ST_CR_SRVR_DONE_A;
s->internal->init_num = 0;
break;
goto end;
if (SSL_is_dtls(s))
dtls1_stop_timer(s);
- if (S3I(s)->hs.tls12.cert_request)
- S3I(s)->hs.state = SSL3_ST_CW_CERT_A;
+ if (s->s3->hs.tls12.cert_request)
+ s->s3->hs.state = SSL3_ST_CW_CERT_A;
else
- S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A;
s->internal->init_num = 0;
break;
ret = ssl3_send_client_certificate(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A;
s->internal->init_num = 0;
break;
* message when client's ECDH public key is sent
* inside the client certificate.
*/
- if (S3I(s)->hs.tls12.cert_request == 1) {
- S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A;
+ if (s->s3->hs.tls12.cert_request == 1) {
+ s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_A;
} else {
- S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
- S3I(s)->change_cipher_spec = 0;
+ s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
+ s->s3->change_cipher_spec = 0;
}
if (!SSL_is_dtls(s)) {
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
- S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
- S3I(s)->change_cipher_spec = 0;
+ s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
+ s->s3->change_cipher_spec = 0;
}
}
ret = ssl3_send_client_verify(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
+ s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
s->internal->init_num = 0;
- S3I(s)->change_cipher_spec = 0;
+ s->s3->change_cipher_spec = 0;
break;
case SSL3_ST_CW_CHANGE_A:
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_CW_FINISHED_A;
s->internal->init_num = 0;
- s->session->cipher = S3I(s)->hs.cipher;
+ s->session->cipher = s->s3->hs.cipher;
if (!tls1_setup_key_block(s)) {
ret = -1;
goto end;
if (!SSL_is_dtls(s))
s->s3->flags |= SSL3_FLAGS_CCS_OK;
- S3I(s)->hs.state = SSL3_ST_CW_FLUSH;
+ s->s3->hs.state = SSL3_ST_CW_FLUSH;
/* clear flags */
if (s->internal->hit) {
- S3I(s)->hs.tls12.next_state = SSL_ST_OK;
+ s->s3->hs.tls12.next_state = SSL_ST_OK;
} else {
/* Allow NewSessionTicket if ticket expected */
if (s->internal->tlsext_ticket_expected)
- S3I(s)->hs.tls12.next_state =
+ s->s3->hs.tls12.next_state =
SSL3_ST_CR_SESSION_TICKET_A;
else
- S3I(s)->hs.tls12.next_state =
+ s->s3->hs.tls12.next_state =
SSL3_ST_CR_FINISHED_A;
}
s->internal->init_num = 0;
ret = ssl3_get_new_session_ticket(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
s->internal->init_num = 0;
break;
ret = ssl3_get_cert_status(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
s->internal->init_num = 0;
break;
dtls1_stop_timer(s);
if (s->internal->hit)
- S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
+ s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
else
- S3I(s)->hs.state = SSL_ST_OK;
+ s->s3->hs.state = SSL_ST_OK;
s->internal->init_num = 0;
break;
/* If the write error was fatal, stop trying */
if (!BIO_should_retry(s->wbio)) {
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
+ s->s3->hs.state = s->s3->hs.tls12.next_state;
}
}
ret = -1;
goto end;
}
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
+ s->s3->hs.state = s->s3->hs.tls12.next_state;
break;
case SSL_ST_OK:
/* clean a few things up */
tls1_cleanup_key_block(s);
- if (S3I(s)->handshake_transcript != NULL) {
+ if (s->s3->handshake_transcript != NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
ret = -1;
goto end;
}
/* did we do anything */
- if (!S3I(s)->hs.tls12.reuse_message && !skip) {
+ if (!s->s3->hs.tls12.reuse_message && !skip) {
if (s->internal->debug) {
if ((ret = BIO_flush(s->wbio)) <= 0)
goto end;
}
- if (S3I(s)->hs.state != state) {
- new_state = S3I(s)->hs.state;
- S3I(s)->hs.state = state;
+ if (s->s3->hs.state != state) {
+ new_state = s->s3->hs.state;
+ s->s3->hs.state = state;
ssl_info_callback(s, SSL_CB_CONNECT_LOOP, 1);
- S3I(s)->hs.state = new_state;
+ s->s3->hs.state = new_state;
}
}
skip = 0;
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {
+ if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {
SSL_SESSION *sess = s->session;
if (!ssl_max_supported_version(s, &max_version)) {
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B;
+ s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_B;
}
/* SSL3_ST_CW_CLNT_HELLO_B */
DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list)) <= 0)
return ret;
- if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
+ if (s->s3->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
s->d1->send_cookie = 0;
- S3I(s)->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
}
CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
if (SSL_is_dtls(s)) {
- if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+ if (s->s3->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
if (s->d1->send_cookie == 0) {
- S3I(s)->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
} else {
/* Already sent a cookie. */
}
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
al = SSL_AD_PROTOCOL_VERSION;
goto fatal_err;
}
- S3I(s)->hs.peer_legacy_version = server_version;
+ s->s3->hs.peer_legacy_version = server_version;
s->version = server_version;
- S3I(s)->hs.negotiated_tls_version = ssl_tls_version(server_version);
- if (S3I(s)->hs.negotiated_tls_version == 0) {
+ s->s3->hs.negotiated_tls_version = ssl_tls_version(server_version);
+ if (s->s3->hs.negotiated_tls_version == 0) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
sizeof(s->s3->server_random), NULL))
goto err;
- if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION &&
- S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) {
+ if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION &&
+ s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) {
/*
* RFC 8446 section 4.1.3. We must not downgrade if the server
* random value contains the TLS 1.2 or TLS 1.1 magical value.
if (!CBS_skip(&server_random,
CBS_len(&server_random) - sizeof(tls13_downgrade_12)))
goto err;
- if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION &&
+ if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION &&
CBS_mem_equal(&server_random, tls13_downgrade_12,
sizeof(tls13_downgrade_12))) {
al = SSL_AD_ILLEGAL_PARAMETER;
/* TLS v1.2 only ciphersuites require v1.2 or later. */
if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
- S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION) {
+ s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
goto fatal_err;
SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
goto fatal_err;
}
- S3I(s)->hs.cipher = cipher;
+ s->s3->hs.cipher = cipher;
if (!tls1_transcript_hash_init(s))
goto err;
* Don't digest cached records if no sigalgs: we may need them for
* client authentication.
*/
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
tls1_transcript_free(s);
* which doesn't support RI so for the immediate future tolerate RI
* absence on initial connect only.
*/
- if (!S3I(s)->renegotiate_seen &&
+ if (!s->s3->renegotiate_seen &&
!(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
ret = -1;
- if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
- S3I(s)->hs.tls12.reuse_message = 1;
+ if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
int decode_error, invalid_params, invalid_key;
int nid = NID_dhKeyAgreement;
- tls_key_share_free(S3I(s)->hs.key_share);
- if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
+ tls_key_share_free(s->s3->hs.key_share);
+ if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
goto err;
- if (!tls_key_share_peer_params(S3I(s)->hs.key_share, cbs,
+ if (!tls_key_share_peer_params(s->s3->hs.key_share, cbs,
&decode_error, &invalid_params)) {
if (decode_error) {
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
}
goto err;
}
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs,
&decode_error, &invalid_key)) {
if (decode_error) {
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
goto err;
}
- tls_key_share_free(S3I(s)->hs.key_share);
- if ((S3I(s)->hs.key_share = tls_key_share_new(curve_id)) == NULL)
+ tls_key_share_free(s->s3->hs.key_share);
+ if ((s->s3->hs.key_share = tls_key_share_new(curve_id)) == NULL)
goto err;
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share, &public,
&decode_error, NULL)) {
if (decode_error)
goto decode_err;
long alg_k, alg_a;
int al, ret;
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
- alg_a = S3I(s)->hs.cipher->algorithm_auth;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
+ alg_a = s->s3->hs.cipher->algorithm_auth;
/*
* Use same message size as in ssl3_get_certificate_request()
CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
/*
* Do not skip server key exchange if this cipher suite uses
* ephemeral keys.
goto fatal_err;
}
- S3I(s)->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.reuse_message = 1;
EVP_MD_CTX_free(md_ctx);
return (1);
}
al = SSL_AD_DECODE_ERROR;
goto fatal_err;
}
- S3I(s)->hs.peer_sigalg = sigalg;
+ s->s3->hs.peer_sigalg = sigalg;
if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(),
NULL, pkey))
ret = 0;
- S3I(s)->hs.tls12.cert_request = 0;
+ s->s3->hs.tls12.cert_request = 0;
- if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) {
- S3I(s)->hs.tls12.reuse_message = 1;
+ if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_DONE) {
+ s->s3->hs.tls12.reuse_message = 1;
/*
* If we get here we don't need any cached handshake records
* as we wont be doing client auth.
return (1);
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
goto err;
}
/* TLS does not like anon-DH with client cert */
- if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
+ if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
goto err;
SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
goto err;
}
- if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs,
- &S3I(s)->hs.sigalgs_len))
+ if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs,
+ &s->s3->hs.sigalgs_len))
goto err;
}
}
/* we should setup a certificate to return.... */
- S3I(s)->hs.tls12.cert_request = 1;
- sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
- S3I(s)->hs.tls12.ca_names = ca_sk;
+ s->s3->hs.tls12.cert_request = 1;
+ sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
+ s->s3->hs.tls12.ca_names = ca_sk;
ca_sk = NULL;
ret = 1;
SSL3_ST_CR_SESSION_TICKET_B, -1, 16384)) <= 0)
return ret;
- if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) {
- S3I(s)->hs.tls12.reuse_message = 1;
+ if (s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) {
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
SSL3_ST_CR_CERT_STATUS_B, -1, 16384)) <= 0)
return ret;
- if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
+ if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
/*
* Tell the callback the server did not send us an OSCP
* response, and has decided to head directly to key exchange.
goto fatal_err;
}
}
- S3I(s)->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE &&
- S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE &&
+ s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
int ret = 0;
/* Ensure that we have an ephemeral key from the server for DHE. */
- if (S3I(s)->hs.key_share == NULL) {
+ if (s->s3->hs.key_share == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerror(s, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
goto err;
}
- if (!tls_key_share_generate(S3I(s)->hs.key_share))
+ if (!tls_key_share_generate(s->s3->hs.key_share))
goto err;
- if (!tls_key_share_public(S3I(s)->hs.key_share, cbb))
+ if (!tls_key_share_public(s->s3->hs.key_share, cbb))
goto err;
- if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len))
+ if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
goto err;
if (!tls12_derive_master_secret(s, key, key_len))
int ret = 0;
/* Ensure that we have an ephemeral key for ECDHE. */
- if (S3I(s)->hs.key_share == NULL) {
+ if (s->s3->hs.key_share == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
- if (!tls_key_share_generate(S3I(s)->hs.key_share))
+ if (!tls_key_share_generate(s->s3->hs.key_share))
goto err;
if (!CBB_add_u8_length_prefixed(cbb, &public))
return 0;
- if (!tls_key_share_public(S3I(s)->hs.key_share, &public))
+ if (!tls_key_share_public(s->s3->hs.key_share, &public))
goto err;
if (!CBB_flush(cbb))
goto err;
- if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len))
+ if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
goto err;
if (!tls12_derive_master_secret(s, key, key_len))
* If we have client certificate, use its secret as peer key.
* XXX - this presumably lacks PFS.
*/
- if (S3I(s)->hs.tls12.cert_request != 0 &&
+ if (s->s3->hs.tls12.cert_request != 0 &&
s->cert->key->privatekey != NULL) {
if (EVP_PKEY_derive_set_peer(pkey_ctx,
s->cert->key->privatekey) <=0) {
}
/* XXX check handshake hash instead. */
- if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
+ if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
nid = NID_id_GostR3411_94;
else
nid = NID_id_tc26_gost3411_2012_256;
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ if (s->s3->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
if (!ssl3_handshake_msg_start(s, &cbb, &kex,
SSL3_MT_CLIENT_KEY_EXCHANGE))
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B;
+ s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_B;
}
/* SSL3_ST_CW_KEY_EXCH_B */
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) {
+ if (s->s3->hs.state == SSL3_ST_CW_CERT_VRFY_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &cert_verify,
SSL3_MT_CERTIFICATE_VERIFY))
goto err;
SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
goto err;
}
- S3I(s)->hs.our_sigalg = sigalg;
+ s->s3->hs.our_sigalg = sigalg;
/*
* For TLS v1.2 send signature algorithm and signature using
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B;
+ s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_B;
}
return (ssl3_handshake_write(s));
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) {
+ if (s->s3->hs.state == SSL3_ST_CW_CERT_A) {
if (s->cert->key->x509 == NULL ||
s->cert->key->privatekey == NULL)
- S3I(s)->hs.state = SSL3_ST_CW_CERT_B;
+ s->s3->hs.state = SSL3_ST_CW_CERT_B;
else
- S3I(s)->hs.state = SSL3_ST_CW_CERT_C;
+ s->s3->hs.state = SSL3_ST_CW_CERT_C;
}
/* We need to get a client cert */
- if (S3I(s)->hs.state == SSL3_ST_CW_CERT_B) {
+ if (s->s3->hs.state == SSL3_ST_CW_CERT_B) {
/*
* If we get an error, we need to
* ssl->internal->rwstate = SSL_X509_LOOKUP; return(-1);
}
s->internal->rwstate = SSL_NOTHING;
if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
- S3I(s)->hs.state = SSL3_ST_CW_CERT_B;
+ s->s3->hs.state = SSL3_ST_CW_CERT_B;
if (!SSL_use_certificate(s, x509) ||
!SSL_use_PrivateKey(s, pkey))
i = 0;
X509_free(x509);
EVP_PKEY_free(pkey);
if (i == 0) {
- S3I(s)->hs.tls12.cert_request = 2;
+ s->s3->hs.tls12.cert_request = 2;
/* There is no client certificate to verify. */
tls1_transcript_free(s);
}
/* Ok, we have a cert */
- S3I(s)->hs.state = SSL3_ST_CW_CERT_C;
+ s->s3->hs.state = SSL3_ST_CW_CERT_C;
}
- if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) {
+ if (s->s3->hs.state == SSL3_ST_CW_CERT_C) {
if (!ssl3_handshake_msg_start(s, &cbb, &client_cert,
SSL3_MT_CERTIFICATE))
goto err;
if (!ssl3_output_cert_chain(s, &client_cert,
- (S3I(s)->hs.tls12.cert_request == 2) ? NULL : s->cert->key))
+ (s->s3->hs.tls12.cert_request == 2) ? NULL : s->cert->key))
goto err;
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_CW_CERT_D;
+ s->s3->hs.state = SSL3_ST_CW_CERT_D;
}
/* SSL3_ST_CW_CERT_D */
int nid = NID_undef;
int i;
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
- alg_a = S3I(s)->hs.cipher->algorithm_auth;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
+ alg_a = s->s3->hs.cipher->algorithm_auth;
/* We don't have a certificate. */
if (alg_a & SSL_aNULL)
return (1);
- if (S3I(s)->hs.key_share != NULL)
- nid = tls_key_share_nid(S3I(s)->hs.key_share);
+ if (s->s3->hs.key_share != NULL)
+ nid = tls_key_share_nid(s->s3->hs.key_share);
/* This is the passed certificate. */
SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)
return ret;
- S3I(s)->hs.tls12.reuse_message = 1;
- if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) ||
- (S3I(s)->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET))
+ s->s3->hs.tls12.reuse_message = 1;
+ if ((s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) ||
+ (s->s3->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET))
return (2);
return (1);
-/* $OpenBSD: ssl_err.c,v 1.39 2021/09/10 09:25:29 tb Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.40 2022/02/05 14:54:10 jsing Exp $ */
/* ====================================================================
* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
*
SSL_error_internal(const SSL *s, int r, char *f, int l)
{
ERR_PUT_error(ERR_LIB_SSL,
- (SSL_state_func_code(S3I(s)->hs.state)), r, f, l);
+ (SSL_state_func_code(s->s3->hs.state)), r, f, l);
}
-/* $OpenBSD: ssl_lib.c,v 1.287 2022/01/14 09:10:11 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.288 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
{
size_t ret;
- ret = S3I(s)->hs.finished_len;
+ ret = s->s3->hs.finished_len;
if (count > ret)
count = ret;
- memcpy(buf, S3I(s)->hs.finished, count);
+ memcpy(buf, s->s3->hs.finished, count);
return (ret);
}
{
size_t ret;
- ret = S3I(s)->hs.peer_finished_len;
+ ret = s->s3->hs.peer_finished_len;
if (count > ret)
count = ret;
- memcpy(buf, S3I(s)->hs.peer_finished, count);
+ memcpy(buf, s->s3->hs.peer_finished, count);
return (ret);
}
return (1);
case SSL_CTRL_GET_RI_SUPPORT:
if (s->s3)
- return (S3I(s)->send_connection_binding);
+ return (s->s3->send_connection_binding);
else return (0);
default:
if (SSL_is_dtls(s))
SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned int *len)
{
- *data = ssl->s3->internal->alpn_selected;
- *len = ssl->s3->internal->alpn_selected_len;
+ *data = ssl->s3->alpn_selected;
+ *len = ssl->s3->alpn_selected_len;
}
void
{
unsigned long alg_a, alg_k;
- alg_a = S3I(s)->hs.cipher->algorithm_auth;
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_a = s->s3->hs.cipher->algorithm_auth;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
return s->session->tlsext_ecpointformatlist != NULL &&
s->session->tlsext_ecpointformatlist_length > 0 &&
int
ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x)
{
- const SSL_CIPHER *cs = S3I(s)->hs.cipher;
+ const SSL_CIPHER *cs = s->s3->hs.cipher;
unsigned long alg_a;
alg_a = cs->algorithm_auth;
int i;
c = s->cert;
- ssl_set_cert_masks(c, S3I(s)->hs.cipher);
+ ssl_set_cert_masks(c, s->s3->hs.cipher);
- alg_a = S3I(s)->hs.cipher->algorithm_auth;
+ alg_a = s->s3->hs.cipher->algorithm_auth;
if (alg_a & SSL_aECDSA) {
i = SSL_PKEY_ECC;
if (s->cert->dhe_params_auto == 2) {
key_bits = 1024;
- } else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
+ } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
key_bits = 1024;
- if (S3I(s)->hs.cipher->strength_bits == 256)
+ if (s->s3->hs.cipher->strength_bits == 256)
key_bits = 3072;
} else {
if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
return 1;
/* If it's TLS 1.3, do it to match OpenSSL */
- if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION)
+ if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION)
return 1;
return 0;
return 0;
/* If we are lesser than TLS 1.3, Cache it. */
- if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION)
+ if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
return 1;
/* Below this we consider TLS 1.3 or later */
if (i == 0) {
if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&
- (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY))
+ (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
return (SSL_ERROR_ZERO_RETURN);
}
return (SSL_ERROR_SYSCALL);
{
s->server = 1;
s->internal->shutdown = 0;
- S3I(s)->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
+ s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
s->internal->handshake_func = s->method->ssl_accept;
ssl_clear_cipher_state(s);
}
{
s->server = 0;
s->internal->shutdown = 0;
- S3I(s)->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
+ s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
s->internal->handshake_func = s->method->ssl_connect;
ssl_clear_cipher_state(s);
}
ret->internal->quiet_shutdown = s->internal->quiet_shutdown;
ret->internal->shutdown = s->internal->shutdown;
/* SSL_dup does not really work at any state, though */
- S3I(ret)->hs.state = S3I(s)->hs.state;
+ ret->s3->hs.state = s->s3->hs.state;
ret->internal->rstate = s->internal->rstate;
/*
int
SSL_state(const SSL *ssl)
{
- return (S3I(ssl)->hs.state);
+ return (ssl->s3->hs.state);
}
void
SSL_set_state(SSL *ssl, int state)
{
- S3I(ssl)->hs.state = state;
+ ssl->s3->hs.state = state;
}
void
-/* $OpenBSD: ssl_locl.h,v 1.384 2022/02/03 16:33:12 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.385 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int left; /* how many bytes left */
} SSL3_BUFFER_INTERNAL;
-typedef struct ssl3_state_internal_st {
+typedef struct ssl3_state_st {
+ long flags;
+
+ unsigned char server_random[SSL3_RANDOM_SIZE];
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+
SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */
SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */
*/
unsigned char *alpn_selected;
size_t alpn_selected_len;
-} SSL3_STATE_INTERNAL;
-#define S3I(s) (s->s3->internal)
-
-typedef struct ssl3_state_st {
- long flags;
-
- unsigned char server_random[SSL3_RANDOM_SIZE];
- unsigned char client_random[SSL3_RANDOM_SIZE];
-
- struct ssl3_state_internal_st *internal;
} SSL3_STATE;
-/*#define SSL_DEBUG */
-/*#define RSA_DEBUG */
-
/*
* Flag values for enc_flags.
*/
-/* $OpenBSD: ssl_packet.c,v 1.12 2021/07/01 17:53:39 jsing Exp $ */
+/* $OpenBSD: ssl_packet.c,v 1.13 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
if (!CBB_finish(&cbb, &data, &data_len))
goto err;
- if (data_len > S3I(s)->rbuf.len)
+ if (data_len > s->s3->rbuf.len)
goto err;
- s->internal->packet = S3I(s)->rbuf.buf;
+ s->internal->packet = s->s3->rbuf.buf;
s->internal->packet_length = data_len;
memcpy(s->internal->packet, data, data_len);
ret = 1;
-/* $OpenBSD: ssl_pkt.c,v 1.52 2021/10/25 10:14:48 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.53 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
/*
* If extend == 0, obtain new n-byte packet; if extend == 1, increase
* packet by another n bytes.
- * The packet will be in the sub-array of S3I(s)->rbuf.buf specified
+ * The packet will be in the sub-array of s->s3->rbuf.buf specified
* by s->internal->packet and s->internal->packet_length.
* (If s->internal->read_ahead is set, 'max' bytes may be stored in rbuf
* [plus s->internal->packet_length bytes if extend == 1].)
static int
ssl3_read_n(SSL *s, int n, int max, int extend)
{
- SSL3_BUFFER_INTERNAL *rb = &(S3I(s)->rbuf);
+ SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf);
int i, len, left;
size_t align;
unsigned char *pkt;
}
while (left < n) {
- /* Now we have len+left bytes at the front of S3I(s)->rbuf.buf
+ /* Now we have len+left bytes at the front of s->s3->rbuf.buf
* and need to read in more until we have len+n (up to
* len+max if possible) */
{
int n;
- n = ssl3_read_n(s, plen, S3I(s)->rbuf.len, 0);
+ n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0);
if (n <= 0)
return n;
if (s->internal->packet_length < plen)
static int
ssl3_get_record(SSL *s)
{
- SSL3_BUFFER_INTERNAL *rb = &(S3I(s)->rbuf);
- SSL3_RECORD_INTERNAL *rr = &(S3I(s)->rrec);
+ SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf);
+ SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
uint8_t alert_desc;
uint8_t *out;
size_t out_len;
}
s->internal->rwstate = SSL_NOTHING;
- tot = S3I(s)->wnum;
- S3I(s)->wnum = 0;
+ tot = s->s3->wnum;
+ s->s3->wnum = 0;
if (SSL_in_init(s) && !s->internal->in_handshake) {
i = s->internal->handshake_func(s);
i = do_ssl3_write(s, type, &(buf[tot]), nw);
if (i <= 0) {
- S3I(s)->wnum = tot;
+ s->s3->wnum = tot;
return i;
}
* empty fragment in ciphersuites with known-IV
* weakness.
*/
- S3I(s)->empty_fragment_done = 0;
+ s->s3->empty_fragment_done = 0;
return tot + i;
}
static int
do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
- SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
+ SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
SSL_SESSION *sess = s->session;
int need_empty_fragment = 0;
size_t align, out_len;
return (ssl3_write_pending(s, type, buf, len));
/* If we have an alert to send, let's send it. */
- if (S3I(s)->alert_dispatch) {
+ if (s->s3->alert_dispatch) {
if ((ret = ssl3_dispatch_alert(s)) <= 0)
return (ret);
/* If it went, fall through and send more stuff. */
* bytes and record version number > TLS 1.0.
*/
version = s->version;
- if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B &&
+ if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_B &&
!s->internal->renegotiate &&
- S3I(s)->hs.our_max_tls_version > TLS1_VERSION)
+ s->s3->hs.our_max_tls_version > TLS1_VERSION)
version = TLS1_VERSION;
/*
* is unnecessary for AEAD.
*/
if (sess != NULL && tls12_record_layer_write_protected(s->internal->rl)) {
- if (S3I(s)->need_empty_fragments &&
- !S3I(s)->empty_fragment_done &&
+ if (s->s3->need_empty_fragments &&
+ !s->s3->empty_fragment_done &&
type == SSL3_RT_APPLICATION_DATA)
need_empty_fragment = 1;
}
if (!tls12_record_layer_seal_record(s->internal->rl, type,
buf, 0, &cbb))
goto err;
- S3I(s)->empty_fragment_done = 1;
+ s->s3->empty_fragment_done = 1;
}
if (!tls12_record_layer_seal_record(s->internal->rl, type, buf, len, &cbb))
* Memorize arguments so that ssl3_write_pending can detect
* bad write retries later.
*/
- S3I(s)->wpend_tot = len;
- S3I(s)->wpend_buf = buf;
- S3I(s)->wpend_type = type;
- S3I(s)->wpend_ret = len;
+ s->s3->wpend_tot = len;
+ s->s3->wpend_buf = buf;
+ s->s3->wpend_type = type;
+ s->s3->wpend_ret = len;
/* We now just need to write the buffer. */
return ssl3_write_pending(s, type, buf, len);
return -1;
}
-/* if S3I(s)->wbuf.left != 0, we need to call this */
+/* if s->s3->wbuf.left != 0, we need to call this */
int
ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
int i;
- SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
+ SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
/* XXXX */
- if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
+ if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) &&
!(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
- (S3I(s)->wpend_type != type)) {
+ (s->s3->wpend_type != type)) {
SSLerror(s, SSL_R_BAD_WRITE_RETRY);
return (-1);
}
!SSL_is_dtls(s))
ssl3_release_write_buffer(s);
s->internal->rwstate = SSL_NOTHING;
- return (S3I(s)->wpend_ret);
+ return (s->s3->wpend_ret);
} else if (i <= 0) {
/*
* For DTLS, just drop it. That's kind of the
unsigned int n;
SSL3_RECORD_INTERNAL *rr;
- if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
+ if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
if (!ssl3_setup_read_buffer(s))
return (-1);
}
if ((type == SSL3_RT_HANDSHAKE) &&
- (S3I(s)->handshake_fragment_len > 0)) {
+ (s->s3->handshake_fragment_len > 0)) {
/* (partially) satisfy request from storage */
- unsigned char *src = S3I(s)->handshake_fragment;
+ unsigned char *src = s->s3->handshake_fragment;
unsigned char *dst = buf;
unsigned int k;
/* peek == 0 */
n = 0;
- while ((len > 0) && (S3I(s)->handshake_fragment_len > 0)) {
+ while ((len > 0) && (s->s3->handshake_fragment_len > 0)) {
*dst++ = *src++;
len--;
- S3I(s)->handshake_fragment_len--;
+ s->s3->handshake_fragment_len--;
n++;
}
/* move any remaining fragment bytes: */
- for (k = 0; k < S3I(s)->handshake_fragment_len; k++)
- S3I(s)->handshake_fragment[k] = *src++;
+ for (k = 0; k < s->s3->handshake_fragment_len; k++)
+ s->s3->handshake_fragment[k] = *src++;
return n;
}
/*
- * Now S3I(s)->handshake_fragment_len == 0 if
+ * Now s->s3->handshake_fragment_len == 0 if
* type == SSL3_RT_HANDSHAKE.
*/
if (!s->internal->in_handshake && SSL_in_init(s)) {
s->internal->rwstate = SSL_NOTHING;
/*
- * S3I(s)->rrec.type - is the type of record
- * S3I(s)->rrec.data, - data
- * S3I(s)->rrec.off, - offset into 'data' for next read
- * S3I(s)->rrec.length, - number of bytes.
+ * s->s3->rrec.type - is the type of record
+ * s->s3->rrec.data, - data
+ * s->s3->rrec.off, - offset into 'data' for next read
+ * s->s3->rrec.length, - number of bytes.
*/
- rr = &(S3I(s)->rrec);
+ rr = &(s->s3->rrec);
/* get new packet if necessary */
if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) {
/* we now have a packet which can be read and processed */
- if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec,
+ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */
&& (rr->type != SSL3_RT_HANDSHAKE)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
s->internal->rstate = SSL_ST_READ_HEADER;
rr->off = 0;
if (s->internal->mode & SSL_MODE_RELEASE_BUFFERS &&
- S3I(s)->rbuf.left == 0)
+ s->s3->rbuf.left == 0)
ssl3_release_read_buffer(s);
}
}
unsigned int *dest_len = NULL;
if (rr->type == SSL3_RT_HANDSHAKE) {
- dest_maxlen = sizeof S3I(s)->handshake_fragment;
- dest = S3I(s)->handshake_fragment;
- dest_len = &S3I(s)->handshake_fragment_len;
+ dest_maxlen = sizeof s->s3->handshake_fragment;
+ dest = s->s3->handshake_fragment;
+ dest_len = &s->s3->handshake_fragment_len;
} else if (rr->type == SSL3_RT_ALERT) {
- dest_maxlen = sizeof S3I(s)->alert_fragment;
- dest = S3I(s)->alert_fragment;
- dest_len = &S3I(s)->alert_fragment_len;
+ dest_maxlen = sizeof s->s3->alert_fragment;
+ dest = s->s3->alert_fragment;
+ dest_len = &s->s3->alert_fragment_len;
}
if (dest_maxlen > 0) {
/* available space in 'dest' */
}
}
- /* S3I(s)->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
- * S3I(s)->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
+ /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
+ * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
* (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
/* If we are a client, check for an incoming 'Hello Request': */
- if ((!s->server) && (S3I(s)->handshake_fragment_len >= 4) &&
- (S3I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
+ if ((!s->server) && (s->s3->handshake_fragment_len >= 4) &&
+ (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
(s->session != NULL) && (s->session->cipher != NULL)) {
- S3I(s)->handshake_fragment_len = 0;
+ s->s3->handshake_fragment_len = 0;
- if ((S3I(s)->handshake_fragment[1] != 0) ||
- (S3I(s)->handshake_fragment[2] != 0) ||
- (S3I(s)->handshake_fragment[3] != 0)) {
+ if ((s->s3->handshake_fragment[1] != 0) ||
+ (s->s3->handshake_fragment[2] != 0) ||
+ (s->s3->handshake_fragment[3] != 0)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
goto fatal_err;
}
ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE,
- S3I(s)->handshake_fragment, 4);
+ s->s3->handshake_fragment, 4);
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !S3I(s)->renegotiate) {
+ !s->s3->renegotiate) {
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s)) {
i = s->internal->handshake_func(s);
}
if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
- if (S3I(s)->rbuf.left == 0) {
+ if (s->s3->rbuf.left == 0) {
ssl_force_want_read(s);
return (-1);
}
}
/* Disallow client initiated renegotiation if configured. */
if (s->server && SSL_is_init_finished(s) &&
- S3I(s)->handshake_fragment_len >= 4 &&
- S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO &&
+ s->s3->handshake_fragment_len >= 4 &&
+ s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO &&
(s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) {
al = SSL_AD_NO_RENEGOTIATION;
goto fatal_err;
*/
if (s->server &&
SSL_is_init_finished(s) &&
- !S3I(s)->send_connection_binding &&
- (S3I(s)->handshake_fragment_len >= 4) &&
- (S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
+ !s->s3->send_connection_binding &&
+ (s->s3->handshake_fragment_len >= 4) &&
+ (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
(s->session != NULL) && (s->session->cipher != NULL)) {
- /*S3I(s)->handshake_fragment_len = 0;*/
+ /*s->s3->handshake_fragment_len = 0;*/
rr->length = 0;
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
goto start;
}
- if (S3I(s)->alert_fragment_len >= 2) {
- int alert_level = S3I(s)->alert_fragment[0];
- int alert_descr = S3I(s)->alert_fragment[1];
+ if (s->s3->alert_fragment_len >= 2) {
+ int alert_level = s->s3->alert_fragment[0];
+ int alert_descr = s->s3->alert_fragment[1];
- S3I(s)->alert_fragment_len = 0;
+ s->s3->alert_fragment_len = 0;
ssl_msg_callback(s, 0, SSL3_RT_ALERT,
- S3I(s)->alert_fragment, 2);
+ s->s3->alert_fragment, 2);
ssl_info_callback(s, SSL_CB_READ_ALERT,
(alert_level << 8) | alert_descr);
if (alert_level == SSL3_AL_WARNING) {
- S3I(s)->warn_alert = alert_descr;
+ s->s3->warn_alert = alert_descr;
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
}
} else if (alert_level == SSL3_AL_FATAL) {
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->fatal_alert = alert_descr;
+ s->s3->fatal_alert = alert_descr;
SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
ERR_asprintf_error_data("SSL alert number %d",
alert_descr);
}
/* Check we have a cipher to change to */
- if (S3I(s)->hs.cipher == NULL) {
+ if (s->s3->hs.cipher == NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
goto fatal_err;
ssl_msg_callback(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1);
- S3I(s)->change_cipher_spec = 1;
+ s->s3->change_cipher_spec = 1;
if (!ssl3_do_change_cipher_spec(s))
goto err;
else
}
/* Unexpected handshake message (Client Hello, or protocol violation) */
- if ((S3I(s)->handshake_fragment_len >= 4) && !s->internal->in_handshake) {
- if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
+ if ((s->s3->handshake_fragment_len >= 4) && !s->internal->in_handshake) {
+ if (((s->s3->hs.state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
- S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+ s->s3->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
s->internal->renegotiate = 1;
s->internal->new_session = 1;
}
}
if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) {
- if (S3I(s)->rbuf.left == 0) {
+ if (s->s3->rbuf.left == 0) {
ssl_force_want_read(s);
return (-1);
}
* at this point (session renegotiation not yet started),
* we will indulge it.
*/
- if (S3I(s)->in_read_app_data &&
- (S3I(s)->total_renegotiations != 0) &&
- (((S3I(s)->hs.state & SSL_ST_CONNECT) &&
- (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
- ((S3I(s)->hs.state & SSL_ST_ACCEPT) &&
- (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
- S3I(s)->in_read_app_data = 2;
+ if (s->s3->in_read_app_data &&
+ (s->s3->total_renegotiations != 0) &&
+ (((s->s3->hs.state & SSL_ST_CONNECT) &&
+ (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+ (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
+ ((s->s3->hs.state & SSL_ST_ACCEPT) &&
+ (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
+ (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
+ s->s3->in_read_app_data = 2;
return (-1);
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
int
ssl3_do_change_cipher_spec(SSL *s)
{
- if (S3I(s)->hs.tls12.key_block == NULL) {
+ if (s->s3->hs.tls12.key_block == NULL) {
if (s->session == NULL || s->session->master_key_length == 0) {
/* might happen if dtls1_read_bytes() calls this */
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
return (0);
}
- s->session->cipher = S3I(s)->hs.cipher;
+ s->session->cipher = s->s3->hs.cipher;
if (!tls1_setup_key_block(s))
return (0);
}
ssl3_write_alert(SSL *s)
{
if (SSL_is_dtls(s))
- return do_dtls1_write(s, SSL3_RT_ALERT, S3I(s)->send_alert,
- sizeof(S3I(s)->send_alert));
+ return do_dtls1_write(s, SSL3_RT_ALERT, s->s3->send_alert,
+ sizeof(s->s3->send_alert));
- return do_ssl3_write(s, SSL3_RT_ALERT, S3I(s)->send_alert,
- sizeof(S3I(s)->send_alert));
+ return do_ssl3_write(s, SSL3_RT_ALERT, s->s3->send_alert,
+ sizeof(s->s3->send_alert));
}
int
if (level == SSL3_AL_FATAL)
SSL_CTX_remove_session(s->ctx, s->session);
- S3I(s)->alert_dispatch = 1;
- S3I(s)->send_alert[0] = level;
- S3I(s)->send_alert[1] = desc;
+ s->s3->alert_dispatch = 1;
+ s->s3->send_alert[0] = level;
+ s->s3->send_alert[1] = desc;
/*
* If data is still being written out, the alert will be dispatched at
* some point in the future.
*/
- if (S3I(s)->wbuf.left != 0)
+ if (s->s3->wbuf.left != 0)
return -1;
return ssl3_dispatch_alert(s);
{
int ret;
- S3I(s)->alert_dispatch = 0;
+ s->s3->alert_dispatch = 0;
if ((ret = ssl3_write_alert(s)) <= 0) {
- S3I(s)->alert_dispatch = 1;
+ s->s3->alert_dispatch = 1;
return ret;
}
* If the message does not get sent due to non-blocking IO,
* we will not worry too much.
*/
- if (S3I(s)->send_alert[0] == SSL3_AL_FATAL)
+ if (s->s3->send_alert[0] == SSL3_AL_FATAL)
(void)BIO_flush(s->wbio);
- ssl_msg_callback(s, 1, SSL3_RT_ALERT, S3I(s)->send_alert, 2);
+ ssl_msg_callback(s, 1, SSL3_RT_ALERT, s->s3->send_alert, 2);
ssl_info_callback(s, SSL_CB_WRITE_ALERT,
- (S3I(s)->send_alert[0] << 8) | S3I(s)->send_alert[1]);
+ (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]);
return ret;
}
-/* $OpenBSD: ssl_sigalgs.c,v 1.40 2022/01/20 20:37:33 tb Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.41 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
size_t len;
int i;
- ssl_sigalgs_for_version(S3I(s)->hs.negotiated_tls_version,
+ ssl_sigalgs_for_version(s->s3->hs.negotiated_tls_version,
&values, &len);
for (i = 0; i < len; i++) {
/* Default signature algorithms used for TLSv1.2 and earlier. */
switch (EVP_PKEY_id(pkey)) {
case EVP_PKEY_RSA:
- if (S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION)
+ if (s->s3->hs.negotiated_tls_version < TLS1_2_VERSION)
return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
case EVP_PKEY_EC:
return 0;
}
- if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION)
+ if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
return 1;
/* RSA cannot be used without PSS in TLSv1.3. */
* RFC 5246 allows a TLS 1.2 client to send no sigalgs extension,
* in which case the server must use the default.
*/
- if (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION &&
- S3I(s)->hs.sigalgs == NULL)
+ if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&
+ s->s3->hs.sigalgs == NULL)
return ssl_sigalg_for_legacy(s, pkey);
/*
* If we get here, we have client or server sent sigalgs, use one.
*/
- CBS_init(&cbs, S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len);
+ CBS_init(&cbs, s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
while (CBS_len(&cbs) > 0) {
const struct ssl_sigalg *sigalg;
uint16_t sigalg_value;
-/* $OpenBSD: ssl_srvr.c,v 1.140 2022/01/11 19:03:15 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.141 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
s->d1->listen = listen;
for (;;) {
- state = S3I(s)->hs.state;
+ state = s->s3->hs.state;
- switch (S3I(s)->hs.state) {
+ switch (s->s3->hs.state) {
case SSL_ST_RENEGOTIATE:
s->internal->renegotiate = 1;
- /* S3I(s)->hs.state=SSL_ST_ACCEPT; */
+ /* s->s3->hs.state=SSL_ST_ACCEPT; */
case SSL_ST_BEFORE:
case SSL_ST_ACCEPT:
}
if (!ssl_supported_tls_version_range(s,
- &S3I(s)->hs.our_min_tls_version,
- &S3I(s)->hs.our_max_tls_version)) {
+ &s->s3->hs.our_min_tls_version,
+ &s->s3->hs.our_max_tls_version)) {
SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
ret = -1;
goto end;
s->internal->init_num = 0;
- if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) {
+ if (s->s3->hs.state != SSL_ST_RENEGOTIATE) {
/*
* Ok, we now need to push on a buffering BIO
* so that the output is sent in a way that
goto end;
}
- S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
+ s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->internal->stats.sess_accept++;
- } else if (!SSL_is_dtls(s) && !S3I(s)->send_connection_binding) {
+ } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) {
/*
* Server attempting to renegotiate with
* client that doesn't support secure
goto end;
} else {
/*
- * S3I(s)->hs.state == SSL_ST_RENEGOTIATE,
+ * s->s3->hs.state == SSL_ST_RENEGOTIATE,
* we will just send a HelloRequest.
*/
s->ctx->internal->stats.sess_accept_renegotiate++;
- S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A;
+ s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A;
}
break;
if (ret <= 0)
goto end;
if (SSL_is_dtls(s))
- S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+ s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
else
- S3I(s)->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C;
- S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
+ s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C;
+ s->s3->hs.state = SSL3_ST_SW_FLUSH;
s->internal->init_num = 0;
if (SSL_is_dtls(s)) {
break;
case SSL3_ST_SW_HELLO_REQ_C:
- S3I(s)->hs.state = SSL_ST_OK;
+ s->s3->hs.state = SSL_ST_OK;
break;
case SSL3_ST_SR_CLNT_HELLO_A:
if (ret == 1 &&
(SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
- S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
+ s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
else
- S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
+ s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
s->internal->init_num = 0;
}
/* If we're just listening, stop here */
- if (listen && S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
+ if (listen && s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
ret = 2;
s->d1->listen = 0;
/*
}
s->internal->renegotiate = 2;
- S3I(s)->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
+ s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
s->internal->init_num = 0;
}
break;
ret = ssl3_send_dtls_hello_verify_request(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
- S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+ s->s3->hs.state = SSL3_ST_SW_FLUSH;
+ s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
/* HelloVerifyRequest resets Finished MAC. */
tls1_transcript_reset(s);
goto end;
if (s->internal->hit) {
if (s->internal->tlsext_ticket_expected)
- S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
+ s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
else
- S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
+ s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
} else {
- S3I(s)->hs.state = SSL3_ST_SW_CERT_A;
+ s->s3->hs.state = SSL3_ST_SW_CERT_A;
}
s->internal->init_num = 0;
break;
case SSL3_ST_SW_CERT_A:
case SSL3_ST_SW_CERT_B:
/* Check if it is anon DH or anon ECDH. */
- if (!(S3I(s)->hs.cipher->algorithm_auth &
+ if (!(s->s3->hs.cipher->algorithm_auth &
SSL_aNULL)) {
if (SSL_is_dtls(s))
dtls1_start_timer(s);
if (ret <= 0)
goto end;
if (s->internal->tlsext_status_expected)
- S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_A;
+ s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A;
else
- S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
} else {
skip = 1;
- S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
}
s->internal->init_num = 0;
break;
case SSL3_ST_SW_KEY_EXCH_A:
case SSL3_ST_SW_KEY_EXCH_B:
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
/*
* Only send if using a DH key exchange.
} else
skip = 1;
- S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_A;
+ s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A;
s->internal->init_num = 0;
break;
if (!(s->verify_mode & SSL_VERIFY_PEER) ||
((s->session->peer_cert != NULL) &&
(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
- ((S3I(s)->hs.cipher->algorithm_auth &
+ ((s->s3->hs.cipher->algorithm_auth &
SSL_aNULL) && !(s->verify_mode &
SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
/* No cert request. */
skip = 1;
- S3I(s)->hs.tls12.cert_request = 0;
- S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
+ s->s3->hs.tls12.cert_request = 0;
+ s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A;
if (!SSL_is_dtls(s))
tls1_transcript_free(s);
} else {
- S3I(s)->hs.tls12.cert_request = 1;
+ s->s3->hs.tls12.cert_request = 1;
if (SSL_is_dtls(s))
dtls1_start_timer(s);
ret = ssl3_send_certificate_request(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
+ s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A;
s->internal->init_num = 0;
}
break;
ret = ssl3_send_server_done(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CERT_A;
- S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
+ s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A;
+ s->s3->hs.state = SSL3_ST_SW_FLUSH;
s->internal->init_num = 0;
break;
/* If the write error was fatal, stop trying. */
if (!BIO_should_retry(s->wbio)) {
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
+ s->s3->hs.state = s->s3->hs.tls12.next_state;
}
}
ret = -1;
goto end;
}
s->internal->rwstate = SSL_NOTHING;
- S3I(s)->hs.state = S3I(s)->hs.tls12.next_state;
+ s->s3->hs.state = s->s3->hs.tls12.next_state;
break;
case SSL3_ST_SR_CERT_A:
case SSL3_ST_SR_CERT_B:
- if (S3I(s)->hs.tls12.cert_request) {
+ if (s->s3->hs.tls12.cert_request) {
ret = ssl3_get_client_certificate(s);
if (ret <= 0)
goto end;
}
s->internal->init_num = 0;
- S3I(s)->hs.state = SSL3_ST_SR_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A;
break;
case SSL3_ST_SR_KEY_EXCH_A:
goto end;
if (SSL_is_dtls(s)) {
- S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
+ s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
}
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
/*
* A GOST client may use the key from its
* certificate for key exchange, in which case
* the CertificateVerify message is not sent.
*/
- S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
s->internal->init_num = 0;
} else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
- S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
+ s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
if (!s->session->peer_cert)
break;
*/
tls1_transcript_freeze(s);
} else {
- S3I(s)->hs.state = SSL3_ST_SR_CERT_VRFY_A;
+ s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
s->internal->init_num = 0;
tls1_transcript_free(s);
* a client cert, it can be verified.
*/
if (!tls1_transcript_hash_value(s,
- S3I(s)->hs.tls12.cert_verify,
- sizeof(S3I(s)->hs.tls12.cert_verify),
+ s->s3->hs.tls12.cert_verify,
+ sizeof(s->s3->hs.tls12.cert_verify),
NULL)) {
ret = -1;
goto end;
ret = ssl3_get_cert_verify(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
s->internal->init_num = 0;
break;
if (SSL_is_dtls(s))
dtls1_stop_timer(s);
if (s->internal->hit)
- S3I(s)->hs.state = SSL_ST_OK;
+ s->s3->hs.state = SSL_ST_OK;
else if (s->internal->tlsext_ticket_expected)
- S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
+ s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
else
- S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
+ s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
s->internal->init_num = 0;
break;
ret = ssl3_send_newsession_ticket(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
+ s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
s->internal->init_num = 0;
break;
ret = ssl3_send_cert_status(s);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_A;
+ s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
s->internal->init_num = 0;
break;
SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;
+ s->s3->hs.state = SSL3_ST_SW_FINISHED_A;
s->internal->init_num = 0;
- s->session->cipher = S3I(s)->hs.cipher;
+ s->session->cipher = s->s3->hs.cipher;
if (!tls1_setup_key_block(s)) {
ret = -1;
SSL3_ST_SW_FINISHED_B);
if (ret <= 0)
goto end;
- S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
+ s->s3->hs.state = SSL3_ST_SW_FLUSH;
if (s->internal->hit) {
- S3I(s)->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A;
+ s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A;
tls1_transcript_free(s);
} else
- S3I(s)->hs.tls12.next_state = SSL_ST_OK;
+ s->s3->hs.tls12.next_state = SSL_ST_OK;
s->internal->init_num = 0;
break;
/* clean a few things up */
tls1_cleanup_key_block(s);
- if (S3I(s)->handshake_transcript != NULL) {
+ if (s->s3->handshake_transcript != NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
ret = -1;
goto end;
/* break; */
}
- if (!S3I(s)->hs.tls12.reuse_message && !skip) {
+ if (!s->s3->hs.tls12.reuse_message && !skip) {
if (s->internal->debug) {
if ((ret = BIO_flush(s->wbio)) <= 0)
goto end;
}
- if (S3I(s)->hs.state != state) {
- new_state = S3I(s)->hs.state;
- S3I(s)->hs.state = state;
+ if (s->s3->hs.state != state) {
+ new_state = s->s3->hs.state;
+ s->s3->hs.state = state;
ssl_info_callback(s, SSL_CB_ACCEPT_LOOP, 1);
- S3I(s)->hs.state = new_state;
+ s->s3->hs.state = new_state;
}
}
skip = 0;
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_HELLO_REQ_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_HELLO_REQ_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &hello,
SSL3_MT_HELLO_REQUEST))
goto err;
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_B;
+ s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_B;
}
/* SSL3_ST_SW_HELLO_REQ_B */
* If we are SSLv3, we will respond with SSLv3, even if prompted with
* TLSv1.
*/
- if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A)
- S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
+ if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A)
+ s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
s->internal->first_packet = 1;
if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
al = SSL_AD_PROTOCOL_VERSION;
goto fatal_err;
}
- S3I(s)->hs.peer_legacy_version = client_version;
+ s->s3->hs.peer_legacy_version = client_version;
s->version = shared_version;
- S3I(s)->hs.negotiated_tls_version = ssl_tls_version(shared_version);
- if (S3I(s)->hs.negotiated_tls_version == 0) {
+ s->s3->hs.negotiated_tls_version = ssl_tls_version(shared_version);
+ if (s->s3->hs.negotiated_tls_version == 0) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
if (CBS_len(&cbs) != 0)
goto decode_err;
- if (!S3I(s)->renegotiate_seen && s->internal->renegotiate) {
+ if (!s->s3->renegotiate_seen && s->internal->renegotiate) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
goto fatal_err;
*/
arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
- if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION &&
- S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) {
+ if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION &&
+ s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) {
/*
* RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3
* we must set the last 8 bytes of the server random to magical
*/
size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12);
uint8_t *magic = &s->s3->server_random[index];
- if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION) {
+ if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION) {
/* Indicate we chose to downgrade to 1.2. */
memcpy(magic, tls13_downgrade_12,
sizeof(tls13_downgrade_12));
SSLerror(s, SSL_R_NO_SHARED_CIPHER);
goto fatal_err;
}
- S3I(s)->hs.cipher = c;
+ s->s3->hs.cipher = c;
} else {
- S3I(s)->hs.cipher = s->session->cipher;
+ s->s3->hs.cipher = s->session->cipher;
}
if (!tls1_transcript_hash_init(s))
goto err;
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
!(s->verify_mode & SSL_VERIFY_PEER))
tls1_transcript_free(s);
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
+ if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
if (s->ctx->internal->app_gen_cookie_cb == NULL ||
s->ctx->internal->app_gen_cookie_cb(s, s->d1->cookie,
&(s->d1->cookie_len)) == 0) {
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
+ s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
}
- /* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
+ /* s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
return (ssl3_handshake_write(s));
err:
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &server_hello,
SSL3_MT_SERVER_HELLO))
goto err;
/* Cipher suite. */
if (!CBB_add_u16(&server_hello,
- ssl3_cipher_get_value(S3I(s)->hs.cipher)))
+ ssl3_cipher_get_value(s->s3->hs.cipher)))
goto err;
/* Compression method (null). */
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_SRVR_DONE_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_SRVR_DONE_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &done,
SSL3_MT_SERVER_DONE))
goto err;
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_B;
+ s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_B;
}
/* SSL3_ST_SW_SRVR_DONE_B */
{
int nid = NID_dhKeyAgreement;
- tls_key_share_free(S3I(s)->hs.key_share);
- if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
+ tls_key_share_free(s->s3->hs.key_share);
+ if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
goto err;
if (s->cert->dhe_params_auto != 0) {
SSL_AD_INTERNAL_ERROR);
goto err;
}
- tls_key_share_set_key_bits(S3I(s)->hs.key_share,
+ tls_key_share_set_key_bits(s->s3->hs.key_share,
key_bits);
} else {
DH *dh_params = s->cert->dhe_params;
if (dh_params == NULL && s->cert->dhe_params_cb != NULL)
dh_params = s->cert->dhe_params_cb(s, 0,
- SSL_C_PKEYLENGTH(S3I(s)->hs.cipher));
+ SSL_C_PKEYLENGTH(s->s3->hs.cipher));
if (dh_params == NULL) {
SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
goto err;
}
- if (!tls_key_share_set_dh_params(S3I(s)->hs.key_share, dh_params))
+ if (!tls_key_share_set_dh_params(s->s3->hs.key_share, dh_params))
goto err;
}
- if (!tls_key_share_generate(S3I(s)->hs.key_share))
+ if (!tls_key_share_generate(s->s3->hs.key_share))
goto err;
- if (!tls_key_share_params(S3I(s)->hs.key_share, cbb))
+ if (!tls_key_share_params(s->s3->hs.key_share, cbb))
goto err;
- if (!tls_key_share_public(S3I(s)->hs.key_share, cbb))
+ if (!tls_key_share_public(s->s3->hs.key_share, cbb))
goto err;
return 1;
goto err;
}
- tls_key_share_free(S3I(s)->hs.key_share);
- if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
+ tls_key_share_free(s->s3->hs.key_share);
+ if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
goto err;
- if (!tls_key_share_generate(S3I(s)->hs.key_share))
+ if (!tls_key_share_generate(s->s3->hs.key_share))
goto err;
/*
*/
if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE))
goto err;
- if (!CBB_add_u16(cbb, tls_key_share_group(S3I(s)->hs.key_share)))
+ if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share)))
goto err;
if (!CBB_add_u8_length_prefixed(cbb, &public))
goto err;
- if (!tls_key_share_public(S3I(s)->hs.key_share, &public))
+ if (!tls_key_share_public(s->s3->hs.key_share, &public))
goto err;
if (!CBB_flush(cbb))
goto err;
if ((md_ctx = EVP_MD_CTX_new()) == NULL)
goto err;
- if (S3I(s)->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &server_kex,
SSL3_MT_SERVER_KEY_EXCHANGE))
if (!CBB_init(&cbb_params, 0))
goto err;
- type = S3I(s)->hs.cipher->algorithm_mkey;
+ type = s->s3->hs.cipher->algorithm_mkey;
if (type & SSL_kDHE) {
if (!ssl3_send_server_kex_dhe(s, &cbb_params))
goto err;
goto err;
/* Add signature unless anonymous. */
- if (!(S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL)) {
- if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.cipher,
+ if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) {
+ if ((pkey = ssl_get_sign_pkey(s, s->s3->hs.cipher,
&md, &sigalg)) == NULL) {
al = SSL_AD_DECODE_ERROR;
goto fatal_err;
}
- S3I(s)->hs.our_sigalg = sigalg;
+ s->s3->hs.our_sigalg = sigalg;
/* Send signature algorithm. */
if (SSL_USE_SIGALGS(s)) {
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_KEY_EXCH_B;
+ s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_B;
}
EVP_MD_CTX_free(md_ctx);
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_CERT_REQ_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_CERT_REQ_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &cert_request,
SSL3_MT_CERTIFICATE_REQUEST))
goto err;
&sigalgs))
goto err;
if (!ssl_sigalgs_build(
- S3I(s)->hs.negotiated_tls_version, &sigalgs))
+ s->s3->hs.negotiated_tls_version, &sigalgs))
goto err;
}
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_CERT_REQ_B;
+ s->s3->hs.state = SSL3_ST_SW_CERT_REQ_B;
}
/* SSL3_ST_SW_CERT_REQ_B */
arc4random_buf(fakekey, sizeof(fakekey));
- fakekey[0] = S3I(s)->hs.peer_legacy_version >> 8;
- fakekey[1] = S3I(s)->hs.peer_legacy_version & 0xff;
+ fakekey[0] = s->s3->hs.peer_legacy_version >> 8;
+ fakekey[1] = s->s3->hs.peer_legacy_version & 0xff;
pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey;
if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
/* SSLerror(s, SSL_R_BAD_RSA_DECRYPT); */
}
- if ((al == -1) && !((pms[0] == (S3I(s)->hs.peer_legacy_version >> 8)) &&
- (pms[1] == (S3I(s)->hs.peer_legacy_version & 0xff)))) {
+ if ((al == -1) && !((pms[0] == (s->s3->hs.peer_legacy_version >> 8)) &&
+ (pms[1] == (s->s3->hs.peer_legacy_version & 0xff)))) {
/*
* The premaster secret must contain the same version number
* as the ClientHello to detect version rollback attacks
int decode_error, invalid_key;
int ret = 0;
- if (S3I(s)->hs.key_share == NULL) {
+ if (s->s3->hs.key_share == NULL) {
SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
goto err;
}
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs,
&decode_error, &invalid_key)) {
if (decode_error) {
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
goto err;
}
- if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len))
+ if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
goto err;
if (!tls12_derive_master_secret(s, key, key_len))
CBS public;
int ret = 0;
- if (S3I(s)->hs.key_share == NULL) {
+ if (s->s3->hs.key_share == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
goto err;
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
goto err;
}
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share, &public,
&decode_error, NULL)) {
if (decode_error) {
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
goto err;
}
- if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len))
+ if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
goto err;
if (!tls12_derive_master_secret(s, key, key_len))
CBS gostblob;
/* Get our certificate private key*/
- if ((S3I(s)->hs.cipher->algorithm_auth & SSL_aGOST01) != 0)
+ if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0)
pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
- alg_k = S3I(s)->hs.cipher->algorithm_mkey;
+ alg_k = s->s3->hs.cipher->algorithm_mkey;
if (alg_k & SSL_kRSA) {
if (!ssl3_get_client_kex_rsa(s, &cbs))
pkey = X509_get0_pubkey(peer_cert);
type = X509_certificate_type(peer_cert, pkey);
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
- S3I(s)->hs.tls12.reuse_message = 1;
+ if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
+ s->s3->hs.tls12.reuse_message = 1;
if (peer_cert != NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
goto fatal_err;
}
- if (S3I(s)->change_cipher_spec) {
+ if (s->s3->change_cipher_spec) {
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
al = SSL_AD_UNEXPECTED_MESSAGE;
goto fatal_err;
al = SSL_AD_DECODE_ERROR;
goto fatal_err;
}
- S3I(s)->hs.peer_sigalg = sigalg;
+ s->s3->hs.peer_sigalg = sigalg;
if (SSL_USE_SIGALGS(s)) {
EVP_PKEY_CTX *pctx;
SSLerror(s, ERR_R_EVP_LIB);
goto fatal_err;
}
- verify = RSA_verify(NID_md5_sha1, S3I(s)->hs.tls12.cert_verify,
+ verify = RSA_verify(NID_md5_sha1, s->s3->hs.tls12.cert_verify,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature),
CBS_len(&signature), rsa);
if (verify < 0) {
goto fatal_err;
}
verify = ECDSA_verify(0,
- &(S3I(s)->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]),
+ &(s->s3->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]),
SHA_DIGEST_LENGTH, CBS_data(&signature),
CBS_len(&signature), eckey);
if (verify <= 0) {
ret = -1;
- if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+ if (s->s3->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
if ((s->verify_mode & SSL_VERIFY_PEER) &&
(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
* If tls asked for a client cert,
* the client must return a 0 list.
*/
- if (S3I(s)->hs.tls12.cert_request) {
+ if (s->s3->hs.tls12.cert_request) {
SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
);
al = SSL_AD_UNEXPECTED_MESSAGE;
goto fatal_err;
}
- S3I(s)->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
+ if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
goto fatal_err;
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_CERT_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_CERT_A) {
if ((cpk = ssl_get_server_send_pkey(s)) == NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
return (0);
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_CERT_B;
+ s->s3->hs.state = SSL3_ST_SW_CERT_B;
}
/* SSL3_ST_SW_CERT_B */
if ((hctx = HMAC_CTX_new()) == NULL)
goto err;
- if (S3I(s)->hs.state == SSL3_ST_SW_SESSION_TICKET_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_SESSION_TICKET_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &session_ticket,
SSL3_MT_NEWSESSION_TICKET))
goto err;
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_B;
+ s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_B;
}
EVP_CIPHER_CTX_free(ctx);
memset(&cbb, 0, sizeof(cbb));
- if (S3I(s)->hs.state == SSL3_ST_SW_CERT_STATUS_A) {
+ if (s->s3->hs.state == SSL3_ST_SW_CERT_STATUS_A) {
if (!ssl3_handshake_msg_start(s, &cbb, &certstatus,
SSL3_MT_CERTIFICATE_STATUS))
goto err;
if (!ssl3_handshake_msg_finish(s, &cbb))
goto err;
- S3I(s)->hs.state = SSL3_ST_SW_CERT_STATUS_B;
+ s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_B;
}
/* SSL3_ST_SW_CERT_STATUS_B */
-/* $OpenBSD: ssl_stat.c,v 1.17 2021/06/13 15:51:10 jsing Exp $ */
+/* $OpenBSD: ssl_stat.c,v 1.18 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
{
const char *str;
- switch (S3I(s)->hs.state) {
+ switch (s->s3->hs.state) {
case SSL_ST_BEFORE:
str = "before SSL initialization";
break;
{
const char *str;
- switch (S3I(s)->hs.state) {
+ switch (s->s3->hs.state) {
case SSL_ST_BEFORE:
str = "PINIT ";
break;
-/* $OpenBSD: ssl_tlsext.c,v 1.109 2022/01/24 13:49:50 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.110 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
{
/* ALPN protos have been specified and this is the initial handshake */
return s->internal->alpn_client_proto_list != NULL &&
- S3I(s)->hs.finished_len == 0;
+ s->s3->hs.finished_len == 0;
}
int
s->ctx->internal->alpn_select_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) {
- free(S3I(s)->alpn_selected);
- if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) {
- S3I(s)->alpn_selected_len = 0;
+ free(s->s3->alpn_selected);
+ if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) {
+ s->s3->alpn_selected_len = 0;
*alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
- memcpy(S3I(s)->alpn_selected, selected, selected_len);
- S3I(s)->alpn_selected_len = selected_len;
+ memcpy(s->s3->alpn_selected, selected, selected_len);
+ s->s3->alpn_selected_len = selected_len;
return 1;
}
int
tlsext_alpn_server_needs(SSL *s, uint16_t msg_type)
{
- return S3I(s)->alpn_selected != NULL;
+ return s->s3->alpn_selected != NULL;
}
int
if (!CBB_add_u8_length_prefixed(&list, &selected))
return 0;
- if (!CBB_add_bytes(&selected, S3I(s)->alpn_selected,
- S3I(s)->alpn_selected_len))
+ if (!CBB_add_bytes(&selected, s->s3->alpn_selected,
+ s->s3->alpn_selected_len))
return 0;
if (!CBB_flush(cbb))
if (CBS_len(&proto) == 0)
goto err;
- if (!CBS_stow(&proto, &(S3I(s)->alpn_selected),
- &(S3I(s)->alpn_selected_len)))
+ if (!CBS_stow(&proto, &(s->s3->alpn_selected),
+ &(s->s3->alpn_selected_len)))
goto err;
return 1;
tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type)
{
return ssl_has_ecc_ciphers(s) ||
- (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION);
+ (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
}
int
uint16_t *groups;
int i;
- if (S3I(s)->hs.tls13.hrr) {
+ if (s->s3->hs.tls13.hrr) {
if (s->session->tlsext_supportedgroups == NULL) {
*alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
if (!CBB_add_u8_length_prefixed(cbb, &reneg))
return 0;
- if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished,
- S3I(s)->previous_client_finished_len))
+ if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len))
return 0;
if (!CBB_flush(cbb))
return 0;
if (CBS_len(cbs) != 0)
goto err;
- if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,
- S3I(s)->previous_client_finished_len)) {
+ if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len)) {
SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
*alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
- S3I(s)->renegotiate_seen = 1;
- S3I(s)->send_connection_binding = 1;
+ s->s3->renegotiate_seen = 1;
+ s->s3->send_connection_binding = 1;
return 1;
int
tlsext_ri_server_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION &&
- S3I(s)->send_connection_binding);
+ return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&
+ s->s3->send_connection_binding);
}
int
if (!CBB_add_u8_length_prefixed(cbb, &reneg))
return 0;
- if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished,
- S3I(s)->previous_client_finished_len))
+ if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len))
return 0;
- if (!CBB_add_bytes(&reneg, S3I(s)->previous_server_finished,
- S3I(s)->previous_server_finished_len))
+ if (!CBB_add_bytes(&reneg, s->s3->previous_server_finished,
+ s->s3->previous_server_finished_len))
return 0;
if (!CBB_flush(cbb))
return 0;
* Ensure that the previous client and server values are both not
* present, or that they are both present.
*/
- if ((S3I(s)->previous_client_finished_len == 0 &&
- S3I(s)->previous_server_finished_len != 0) ||
- (S3I(s)->previous_client_finished_len != 0 &&
- S3I(s)->previous_server_finished_len == 0)) {
+ if ((s->s3->previous_client_finished_len == 0 &&
+ s->s3->previous_server_finished_len != 0) ||
+ (s->s3->previous_client_finished_len != 0 &&
+ s->s3->previous_server_finished_len == 0)) {
*alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
if (!CBS_get_u8_length_prefixed(cbs, &reneg))
goto err;
if (!CBS_get_bytes(&reneg, &prev_client,
- S3I(s)->previous_client_finished_len))
+ s->s3->previous_client_finished_len))
goto err;
if (!CBS_get_bytes(&reneg, &prev_server,
- S3I(s)->previous_server_finished_len))
+ s->s3->previous_server_finished_len))
goto err;
if (CBS_len(&reneg) != 0)
goto err;
if (CBS_len(cbs) != 0)
goto err;
- if (!CBS_mem_equal(&prev_client, S3I(s)->previous_client_finished,
- S3I(s)->previous_client_finished_len)) {
+ if (!CBS_mem_equal(&prev_client, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len)) {
SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
*alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
- if (!CBS_mem_equal(&prev_server, S3I(s)->previous_server_finished,
- S3I(s)->previous_server_finished_len)) {
+ if (!CBS_mem_equal(&prev_server, s->s3->previous_server_finished,
+ s->s3->previous_server_finished_len)) {
SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
*alert = SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
- S3I(s)->renegotiate_seen = 1;
- S3I(s)->send_connection_binding = 1;
+ s->s3->renegotiate_seen = 1;
+ s->s3->send_connection_binding = 1;
return 1;
int
tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION);
+ return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION);
}
int
tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
- uint16_t tls_version = S3I(s)->hs.negotiated_tls_version;
+ uint16_t tls_version = s->s3->hs.negotiated_tls_version;
CBB sigalgs;
if (msg_type == SSL_TLSEXT_MSG_CH)
- tls_version = S3I(s)->hs.our_min_tls_version;
+ tls_version = s->s3->hs.our_min_tls_version;
if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
return 0;
return 0;
if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64)
return 0;
- if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len))
+ if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len))
return 0;
return 1;
int
tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION);
+ return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);
}
int
if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
return 0;
- if (!ssl_sigalgs_build(S3I(s)->hs.negotiated_tls_version, &sigalgs))
+ if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version, &sigalgs))
return 0;
if (!CBB_flush(cbb))
return 0;
return 0;
if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64)
return 0;
- if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len))
+ if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len))
return 0;
return 1;
goto err;
}
- if (s->internal->hit || S3I(s)->hs.tls13.hrr) {
+ if (s->internal->hit || s->s3->hs.tls13.hrr) {
if (s->session->tlsext_hostname == NULL) {
*alert = SSL_AD_UNRECOGNIZED_NAME;
goto err;
int
tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type)
{
- if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION &&
+ if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&
s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
s->ctx->internal->tlsext_status_cb != NULL) {
s->internal->tlsext_status_expected = 0;
{
CBB ocsp_response;
- if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) {
+ if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) {
if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp))
return 0;
if (!CBB_add_u24_length_prefixed(cbb, &ocsp_response))
int
tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION);
+ return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
}
int
return 0;
if (!CBB_add_u16(&client_shares,
- tls_key_share_group(S3I(s)->hs.key_share)))
+ tls_key_share_group(s->s3->hs.key_share)))
return 0;
if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange))
return 0;
- if (!tls_key_share_public(S3I(s)->hs.key_share, &key_exchange))
+ if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange))
return 0;
if (!CBB_flush(cbb))
* Ignore this client share if we're using earlier than TLSv1.3
* or we've already selected a key share.
*/
- if (S3I(s)->hs.our_max_tls_version < TLS1_3_VERSION)
+ if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION)
continue;
- if (S3I(s)->hs.key_share != NULL)
+ if (s->s3->hs.key_share != NULL)
continue;
/* XXX - consider implementing server preference. */
continue;
/* Decode and store the selected key share. */
- if ((S3I(s)->hs.key_share = tls_key_share_new(group)) == NULL) {
+ if ((s->s3->hs.key_share = tls_key_share_new(group)) == NULL) {
*alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share,
&key_exchange, &decode_error, NULL)) {
if (!decode_error)
*alert = SSL_AD_INTERNAL_ERROR;
int
tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION &&
+ return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&
tlsext_extension_seen(s, TLSEXT_TYPE_key_share));
}
CBB key_exchange;
/* In the case of a HRR, we only send the server selected group. */
- if (S3I(s)->hs.tls13.hrr) {
- if (S3I(s)->hs.tls13.server_group == 0)
+ if (s->s3->hs.tls13.hrr) {
+ if (s->s3->hs.tls13.server_group == 0)
return 0;
- return CBB_add_u16(cbb, S3I(s)->hs.tls13.server_group);
+ return CBB_add_u16(cbb, s->s3->hs.tls13.server_group);
}
- if (S3I(s)->hs.key_share == NULL)
+ if (s->s3->hs.key_share == NULL)
return 0;
- if (!CBB_add_u16(cbb, tls_key_share_group(S3I(s)->hs.key_share)))
+ if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share)))
return 0;
if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
return 0;
- if (!tls_key_share_public(S3I(s)->hs.key_share, &key_exchange))
+ if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange))
return 0;
if (!CBB_flush(cbb))
if (msg_type != SSL_TLSEXT_MSG_HRR)
return 0;
- S3I(s)->hs.tls13.server_group = group;
+ s->s3->hs.tls13.server_group = group;
return 1;
}
if (!CBS_get_u16_length_prefixed(cbs, &key_exchange))
return 0;
- if (S3I(s)->hs.key_share == NULL) {
+ if (s->s3->hs.key_share == NULL) {
*alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
- if (tls_key_share_group(S3I(s)->hs.key_share) != group) {
+ if (tls_key_share_group(s->s3->hs.key_share) != group) {
*alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
- if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
+ if (!tls_key_share_peer_public(s->s3->hs.key_share,
&key_exchange, &decode_error, NULL)) {
if (!decode_error)
*alert = SSL_AD_INTERNAL_ERROR;
int
tlsext_versions_client_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION);
+ return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
}
int
uint16_t version;
CBB versions;
- max = S3I(s)->hs.our_max_tls_version;
- min = S3I(s)->hs.our_min_tls_version;
+ max = s->s3->hs.our_max_tls_version;
+ min = s->s3->hs.our_min_tls_version;
if (!CBB_add_u8_length_prefixed(cbb, &versions))
return 0;
uint16_t max, min;
uint16_t matched_version = 0;
- max = S3I(s)->hs.our_max_tls_version;
- min = S3I(s)->hs.our_min_tls_version;
+ max = s->s3->hs.our_max_tls_version;
+ min = s->s3->hs.our_min_tls_version;
if (!CBS_get_u8_length_prefixed(cbs, &versions))
goto err;
int
tlsext_versions_server_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION);
+ return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);
}
int
}
/* XXX test between min and max once initialization code goes in */
- S3I(s)->hs.tls13.server_version = selected_version;
+ s->s3->hs.tls13.server_version = selected_version;
return 1;
}
int
tlsext_cookie_client_needs(SSL *s, uint16_t msg_type)
{
- return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION &&
- S3I(s)->hs.tls13.cookie_len > 0 && S3I(s)->hs.tls13.cookie != NULL);
+ return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION &&
+ s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);
}
int
if (!CBB_add_u16_length_prefixed(cbb, &cookie))
return 0;
- if (!CBB_add_bytes(&cookie, S3I(s)->hs.tls13.cookie,
- S3I(s)->hs.tls13.cookie_len))
+ if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie,
+ s->s3->hs.tls13.cookie_len))
return 0;
if (!CBB_flush(cbb))
if (!CBS_get_u16_length_prefixed(cbs, &cookie))
goto err;
- if (CBS_len(&cookie) != S3I(s)->hs.tls13.cookie_len)
+ if (CBS_len(&cookie) != s->s3->hs.tls13.cookie_len)
goto err;
/*
* sent - client *MUST* send the same cookie with new CR after
* a cookie is sent by the server with an HRR.
*/
- if (!CBS_mem_equal(&cookie, S3I(s)->hs.tls13.cookie,
- S3I(s)->hs.tls13.cookie_len)) {
+ if (!CBS_mem_equal(&cookie, s->s3->hs.tls13.cookie,
+ s->s3->hs.tls13.cookie_len)) {
/* XXX special cookie mismatch alert? */
*alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
* Server needs to set cookie value in tls13 handshake
* in order to send one, should only be sent with HRR.
*/
- return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION &&
- S3I(s)->hs.tls13.cookie_len > 0 && S3I(s)->hs.tls13.cookie != NULL);
+ return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION &&
+ s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);
}
int
if (!CBB_add_u16_length_prefixed(cbb, &cookie))
return 0;
- if (!CBB_add_bytes(&cookie, S3I(s)->hs.tls13.cookie,
- S3I(s)->hs.tls13.cookie_len))
+ if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie,
+ s->s3->hs.tls13.cookie_len))
return 0;
if (!CBB_flush(cbb))
* HRR from a server with a cookie to process after accepting
* one from the server in the same handshake
*/
- if (S3I(s)->hs.tls13.cookie != NULL ||
- S3I(s)->hs.tls13.cookie_len != 0) {
+ if (s->s3->hs.tls13.cookie != NULL ||
+ s->s3->hs.tls13.cookie_len != 0) {
*alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
if (!CBS_get_u16_length_prefixed(cbs, &cookie))
goto err;
- if (!CBS_stow(&cookie, &S3I(s)->hs.tls13.cookie,
- &S3I(s)->hs.tls13.cookie_len))
+ if (!CBS_stow(&cookie, &s->s3->hs.tls13.cookie,
+ &s->s3->hs.tls13.cookie_len))
goto err;
return 1;
if (tls_extension_find(type, &idx) == NULL)
return 0;
- return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0);
+ return ((s->s3->hs.extensions_seen & (1 << idx)) != 0);
}
static const struct tls_extension_funcs *
tls_version = ssl_effective_tls_version(s);
- S3I(s)->hs.extensions_seen = 0;
+ s->s3->hs.extensions_seen = 0;
/* An empty extensions block is valid. */
if (CBS_len(cbs) == 0)
}
/* Check for duplicate known extensions. */
- if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0)
+ if ((s->s3->hs.extensions_seen & (1 << idx)) != 0)
goto err;
- S3I(s)->hs.extensions_seen |= (1 << idx);
+ s->s3->hs.extensions_seen |= (1 << idx);
ext = tlsext_funcs(tlsext, is_server);
if (!ext->parse(s, msg_type, &extension_data, &alert_desc))
tlsext_server_reset_state(SSL *s)
{
s->tlsext_status_type = -1;
- S3I(s)->renegotiate_seen = 0;
- free(S3I(s)->alpn_selected);
- S3I(s)->alpn_selected = NULL;
- S3I(s)->alpn_selected_len = 0;
+ s->s3->renegotiate_seen = 0;
+ free(s->s3->alpn_selected);
+ s->s3->alpn_selected = NULL;
+ s->s3->alpn_selected_len = 0;
s->internal->srtp_profile = NULL;
}
static void
tlsext_client_reset_state(SSL *s)
{
- S3I(s)->renegotiate_seen = 0;
- free(S3I(s)->alpn_selected);
- S3I(s)->alpn_selected = NULL;
- S3I(s)->alpn_selected_len = 0;
+ s->s3->renegotiate_seen = 0;
+ free(s->s3->alpn_selected);
+ s->s3->alpn_selected = NULL;
+ s->s3->alpn_selected_len = 0;
}
int
-/* $OpenBSD: ssl_transcript.c,v 1.5 2021/05/16 14:10:43 jsing Exp $ */
+/* $OpenBSD: ssl_transcript.c,v 1.6 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
*
goto err;
}
- if ((S3I(s)->handshake_hash = EVP_MD_CTX_new()) == NULL) {
+ if ((s->s3->handshake_hash = EVP_MD_CTX_new()) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_DigestInit_ex(S3I(s)->handshake_hash, md, NULL)) {
+ if (!EVP_DigestInit_ex(s->s3->handshake_hash, md, NULL)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
int
tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len)
{
- if (S3I(s)->handshake_hash == NULL)
+ if (s->s3->handshake_hash == NULL)
return 1;
- return EVP_DigestUpdate(S3I(s)->handshake_hash, buf, len);
+ return EVP_DigestUpdate(s->s3->handshake_hash, buf, len);
}
int
unsigned int mdlen;
int ret = 0;
- if (S3I(s)->handshake_hash == NULL)
+ if (s->s3->handshake_hash == NULL)
goto err;
- if (EVP_MD_CTX_size(S3I(s)->handshake_hash) > len)
+ if (EVP_MD_CTX_size(s->s3->handshake_hash) > len)
goto err;
if ((mdctx = EVP_MD_CTX_new()) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_MD_CTX_copy_ex(mdctx, S3I(s)->handshake_hash)) {
+ if (!EVP_MD_CTX_copy_ex(mdctx, s->s3->handshake_hash)) {
SSLerror(s, ERR_R_EVP_LIB);
goto err;
}
void
tls1_transcript_hash_free(SSL *s)
{
- EVP_MD_CTX_free(S3I(s)->handshake_hash);
- S3I(s)->handshake_hash = NULL;
+ EVP_MD_CTX_free(s->s3->handshake_hash);
+ s->s3->handshake_hash = NULL;
}
int
tls1_transcript_init(SSL *s)
{
- if (S3I(s)->handshake_transcript != NULL)
+ if (s->s3->handshake_transcript != NULL)
return 0;
- if ((S3I(s)->handshake_transcript = BUF_MEM_new()) == NULL)
+ if ((s->s3->handshake_transcript = BUF_MEM_new()) == NULL)
return 0;
tls1_transcript_reset(s);
void
tls1_transcript_free(SSL *s)
{
- BUF_MEM_free(S3I(s)->handshake_transcript);
- S3I(s)->handshake_transcript = NULL;
+ BUF_MEM_free(s->s3->handshake_transcript);
+ s->s3->handshake_transcript = NULL;
}
void
* or if it failed (and returned zero)... our implementation never
* fails with a length of zero, so we trust all is okay...
*/
- (void)BUF_MEM_grow_clean(S3I(s)->handshake_transcript, 0);
+ (void)BUF_MEM_grow_clean(s->s3->handshake_transcript, 0);
tls1_transcript_unfreeze(s);
}
{
size_t olen, nlen;
- if (S3I(s)->handshake_transcript == NULL)
+ if (s->s3->handshake_transcript == NULL)
return 1;
if (s->s3->flags & TLS1_FLAGS_FREEZE_TRANSCRIPT)
return 1;
- olen = S3I(s)->handshake_transcript->length;
+ olen = s->s3->handshake_transcript->length;
nlen = olen + len;
if (nlen < olen)
return 0;
- if (BUF_MEM_grow(S3I(s)->handshake_transcript, nlen) == 0)
+ if (BUF_MEM_grow(s->s3->handshake_transcript, nlen) == 0)
return 0;
- memcpy(S3I(s)->handshake_transcript->data + olen, buf, len);
+ memcpy(s->s3->handshake_transcript->data + olen, buf, len);
return 1;
}
int
tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len)
{
- if (S3I(s)->handshake_transcript == NULL)
+ if (s->s3->handshake_transcript == NULL)
return 0;
- *data = S3I(s)->handshake_transcript->data;
- *len = S3I(s)->handshake_transcript->length;
+ *data = s->s3->handshake_transcript->data;
+ *len = s->s3->handshake_transcript->length;
return 1;
}
-/* $OpenBSD: ssl_versions.c,v 1.21 2021/10/23 14:40:54 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.22 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
uint16_t
ssl_effective_tls_version(SSL *s)
{
- if (S3I(s)->hs.negotiated_tls_version > 0)
- return S3I(s)->hs.negotiated_tls_version;
+ if (s->s3->hs.negotiated_tls_version > 0)
+ return s->s3->hs.negotiated_tls_version;
- return S3I(s)->hs.our_max_tls_version;
+ return s->s3->hs.our_max_tls_version;
}
int
{
uint16_t max_version;
- if ((max_version = S3I(s)->hs.our_max_tls_version) > TLS1_2_VERSION)
+ if ((max_version = s->s3->hs.our_max_tls_version) > TLS1_2_VERSION)
max_version = TLS1_2_VERSION;
if (SSL_is_dtls(s)) {
-/* $OpenBSD: t1_enc.c,v 1.153 2021/12/09 17:54:41 tb Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.154 2022/02/05 14:54:10 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
void
tls1_cleanup_key_block(SSL *s)
{
- tls12_key_block_free(S3I(s)->hs.tls12.key_block);
- S3I(s)->hs.tls12.key_block = NULL;
+ tls12_key_block_free(s->s3->hs.tls12.key_block);
+ s->s3->hs.tls12.key_block = NULL;
}
/*
/* Use client write keys on client write and server read. */
if ((!s->server && is_write) || (s->server && !is_write)) {
- tls12_key_block_client_write(S3I(s)->hs.tls12.key_block,
+ tls12_key_block_client_write(s->s3->hs.tls12.key_block,
&mac_key, &key, &iv);
} else {
- tls12_key_block_server_write(S3I(s)->hs.tls12.key_block,
+ tls12_key_block_server_write(s->s3->hs.tls12.key_block,
&mac_key, &key, &iv);
}
* XXX - callers should be changed so that they only call this
* function once.
*/
- if (S3I(s)->hs.tls12.key_block != NULL)
+ if (s->s3->hs.tls12.key_block != NULL)
return (1);
if (s->session->cipher &&
if (!tls12_key_block_generate(key_block, s, aead, cipher, mac_hash))
goto err;
- S3I(s)->hs.tls12.key_block = key_block;
+ s->s3->hs.tls12.key_block = key_block;
key_block = NULL;
if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
* Enable vulnerability countermeasure for CBC ciphers with
* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
*/
- S3I(s)->need_empty_fragments = 1;
+ s->s3->need_empty_fragments = 1;
if (s->session->cipher != NULL) {
if (s->session->cipher->algorithm_enc == SSL_eNULL)
- S3I(s)->need_empty_fragments = 0;
+ s->s3->need_empty_fragments = 0;
#ifndef OPENSSL_NO_RC4
if (s->session->cipher->algorithm_enc == SSL_RC4)
- S3I(s)->need_empty_fragments = 0;
+ s->s3->need_empty_fragments = 0;
#endif
}
}
-/* $OpenBSD: tls12_lib.c,v 1.3 2021/05/02 15:57:29 jsing Exp $ */
+/* $OpenBSD: tls12_lib.c,v 1.4 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
*
{
if (!s->server) {
return tls12_client_finished_verify_data(s,
- S3I(s)->hs.finished, sizeof(S3I(s)->hs.finished),
- &S3I(s)->hs.finished_len);
+ s->s3->hs.finished, sizeof(s->s3->hs.finished),
+ &s->s3->hs.finished_len);
} else {
return tls12_server_finished_verify_data(s,
- S3I(s)->hs.finished, sizeof(S3I(s)->hs.finished),
- &S3I(s)->hs.finished_len);
+ s->s3->hs.finished, sizeof(s->s3->hs.finished),
+ &s->s3->hs.finished_len);
}
}
{
if (s->server) {
return tls12_client_finished_verify_data(s,
- S3I(s)->hs.peer_finished, sizeof(S3I(s)->hs.peer_finished),
- &S3I(s)->hs.peer_finished_len);
+ s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished),
+ &s->s3->hs.peer_finished_len);
} else {
return tls12_server_finished_verify_data(s,
- S3I(s)->hs.peer_finished, sizeof(S3I(s)->hs.peer_finished),
- &S3I(s)->hs.peer_finished_len);
+ s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished),
+ &s->s3->hs.peer_finished_len);
}
}
-/* $OpenBSD: tls13_legacy.c,v 1.35 2022/01/25 15:00:09 tb Exp $ */
+/* $OpenBSD: tls13_legacy.c,v 1.36 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
int reason = SSL_R_UNKNOWN;
/* If we received a fatal alert we already put an error on the stack. */
- if (S3I(ssl)->fatal_alert != 0)
+ if (ssl->s3->fatal_alert != 0)
return;
switch (ctx->error.code) {
* In the non-SSL_MODE_ENABLE_PARTIAL_WRITE case we have to loop until
* we have written out all of the requested data.
*/
- sent = S3I(ssl)->wnum;
+ sent = ssl->s3->wnum;
if (len < sent) {
SSLerror(ssl, SSL_R_BAD_LENGTH);
return -1;
n = len - sent;
for (;;) {
if (n == 0) {
- S3I(ssl)->wnum = 0;
+ ssl->s3->wnum = 0;
return sent;
}
if ((ret = tls13_write_application_data(ctx->rl,
&buf[sent], n)) <= 0) {
- S3I(ssl)->wnum = sent;
+ ssl->s3->wnum = sent;
return tls13_legacy_return_code(ssl, ret);
}
sent += ret;
/* Stash any unprocessed data from the last record. */
tls13_record_layer_rcontent(ctx->rl, &cbs);
if (CBS_len(&cbs) > 0) {
- if (!CBB_init_fixed(&cbb, S3I(s)->rbuf.buf,
- S3I(s)->rbuf.len))
+ if (!CBB_init_fixed(&cbb, s->s3->rbuf.buf,
+ s->s3->rbuf.len))
goto err;
if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE))
goto err;
if (!CBB_finish(&cbb, NULL, NULL))
goto err;
- S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH;
- S3I(s)->rbuf.left = CBS_len(&cbs);
- S3I(s)->rrec.type = SSL3_RT_HANDSHAKE;
- S3I(s)->rrec.length = CBS_len(&cbs);
+ s->s3->rbuf.offset = SSL3_RT_HEADER_LENGTH;
+ s->s3->rbuf.left = CBS_len(&cbs);
+ s->s3->rrec.type = SSL3_RT_HANDSHAKE;
+ s->s3->rrec.length = CBS_len(&cbs);
s->internal->rstate = SSL_ST_READ_BODY;
- s->internal->packet = S3I(s)->rbuf.buf;
+ s->internal->packet = s->s3->rbuf.buf;
s->internal->packet_length = SSL3_RT_HEADER_LENGTH;
s->internal->mac_packet = 1;
}
s->internal->init_buf->length, NULL))
goto err;
- S3I(s)->hs.tls12.reuse_message = 1;
- S3I(s)->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg);
- S3I(s)->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH;
+ s->s3->hs.tls12.reuse_message = 1;
+ s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg);
+ s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH;
return 1;
}
ssl->internal->tls13 = ctx;
ctx->ssl = ssl;
- ctx->hs = &S3I(ssl)->hs;
+ ctx->hs = &ssl->s3->hs;
if (!tls13_server_init(ctx)) {
if (ERR_peek_error() == 0)
}
ssl->internal->tls13 = ctx;
ctx->ssl = ssl;
- ctx->hs = &S3I(ssl)->hs;
+ ctx->hs = &ssl->s3->hs;
if (!tls13_client_init(ctx)) {
if (ERR_peek_error() == 0)
-/* $OpenBSD: tls13_lib.c,v 1.62 2021/09/16 19:25:30 jsing Exp $ */
+/* $OpenBSD: tls13_lib.c,v 1.63 2022/02/05 14:54:10 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
ctx->close_notify_recv = 1;
ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
- S3I(ctx->ssl)->warn_alert = alert_desc;
+ ctx->ssl->s3->warn_alert = alert_desc;
return;
}
}
/* All other alerts are treated as fatal in TLSv1.3. */
- S3I(ctx->ssl)->fatal_alert = alert_desc;
+ ctx->ssl->s3->fatal_alert = alert_desc;
SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc);
ERR_asprintf_error_data("SSL alert number %d", alert_desc);
projects / openbsd / commitdiff