TLSv1.2 handshake struct.
ok inoguchi@ tb@
-/* $OpenBSD: d1_both.c,v 1.68 2021/02/27 14:20:50 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.69 2021/04/19 16:51:56 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
* s3->internal->tmp is used to store messages that are unexpected, caused
* by the absence of an optional handshake message
*/
- if (S3I(s)->tmp.reuse_message) {
- S3I(s)->tmp.reuse_message = 0;
- if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
+ if (S3I(s)->hs.tls12.reuse_message) {
+ S3I(s)->hs.tls12.reuse_message = 0;
+ if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
goto fatal_err;
}
*ok = 1;
s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
- s->internal->init_num = (int)S3I(s)->tmp.message_size;
+ s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
return s->internal->init_num;
}
return SSL_AD_INTERNAL_ERROR;
}
- S3I(s)->tmp.message_size = msg_len;
+ S3I(s)->hs.tls12.message_size = msg_len;
D1I(s)->r_msg_hdr.msg_len = msg_len;
- S3I(s)->tmp.message_type = msg_hdr->type;
+ S3I(s)->hs.tls12.message_type = msg_hdr->type;
D1I(s)->r_msg_hdr.type = msg_hdr->type;
D1I(s)->r_msg_hdr.seq = msg_hdr->seq;
} else if (msg_len != D1I(s)->r_msg_hdr.msg_len) {
-/* $OpenBSD: ssl_both.c,v 1.27 2021/03/29 16:46:09 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.28 2021/04/19 16:51:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
if (SSL_is_dtls(s))
return (dtls1_get_message(s, st1, stn, mt, max, ok));
- if (S3I(s)->tmp.reuse_message) {
- S3I(s)->tmp.reuse_message = 0;
- if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
+ if (S3I(s)->hs.tls12.reuse_message) {
+ S3I(s)->hs.tls12.reuse_message = 0;
+ if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
goto fatal_err;
}
*ok = 1;
s->internal->init_msg = s->internal->init_buf->data + 4;
- s->internal->init_num = (int)S3I(s)->tmp.message_size;
+ s->internal->init_num = (int)S3I(s)->hs.tls12.message_size;
return s->internal->init_num;
}
SSLerror(s, ERR_R_BUF_LIB);
goto err;
}
- S3I(s)->tmp.message_type = u8;
+ S3I(s)->hs.tls12.message_type = u8;
if (l > (unsigned long)max) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, ERR_R_BUF_LIB);
goto err;
}
- S3I(s)->tmp.message_size = l;
+ S3I(s)->hs.tls12.message_size = l;
S3I(s)->hs.state = stn;
s->internal->init_msg = s->internal->init_buf->data + 4;
/* next state (stn) */
p = s->internal->init_msg;
- n = S3I(s)->tmp.message_size - s->internal->init_num;
+ n = S3I(s)->hs.tls12.message_size - s->internal->init_num;
while (n > 0) {
i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
&p[s->internal->init_num], n, 0);
-/* $OpenBSD: ssl_clnt.c,v 1.90 2021/04/11 07:06:01 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.91 2021/04/19 16:51:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
}
/* did we do anything */
- if (!S3I(s)->tmp.reuse_message && !skip) {
+ if (!S3I(s)->hs.tls12.reuse_message && !skip) {
if (s->internal->debug) {
if ((ret = BIO_flush(s->wbio)) <= 0)
goto end;
if (!ok)
return ((int)n);
- if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
+ if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
D1I(s)->send_cookie = 0;
- S3I(s)->tmp.reuse_message = 1;
+ S3I(s)->hs.tls12.reuse_message = 1;
return (1);
}
CBS_init(&cbs, s->internal->init_msg, n);
if (SSL_is_dtls(s)) {
- if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+ if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
if (D1I(s)->send_cookie == 0) {
- S3I(s)->tmp.reuse_message = 1;
+ S3I(s)->hs.tls12.reuse_message = 1;
return (1);
} else {
/* Already sent a cookie. */
}
}
- if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
if (!ok)
return ((int)n);
- if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
- S3I(s)->tmp.reuse_message = 1;
+ if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
+ S3I(s)->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
CBS_init(&cbs, s->internal->init_msg, n);
- if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
/*
* Do not skip server key exchange if this cipher suite uses
* ephemeral keys.
goto fatal_err;
}
- S3I(s)->tmp.reuse_message = 1;
+ S3I(s)->hs.tls12.reuse_message = 1;
EVP_MD_CTX_cleanup(&md_ctx);
return (1);
}
S3I(s)->tmp.cert_req = 0;
- if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_DONE) {
- S3I(s)->tmp.reuse_message = 1;
+ if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) {
+ S3I(s)->hs.tls12.reuse_message = 1;
/*
* If we get here we don't need any cached handshake records
* as we wont be doing client auth.
return (1);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
goto err;
if (!ok)
return ((int)n);
- if (S3I(s)->tmp.message_type == SSL3_MT_FINISHED) {
- S3I(s)->tmp.reuse_message = 1;
+ if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) {
+ S3I(s)->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
goto fatal_err;
if (!ok)
return ((int)n);
- S3I(s)->tmp.reuse_message = 1;
- if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) ||
- (S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
+ S3I(s)->hs.tls12.reuse_message = 1;
+ if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) ||
+ (S3I(s)->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET))
return (2);
return (1);
-/* $OpenBSD: ssl_locl.h,v 1.333 2021/03/29 16:46:09 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.334 2021/04/19 16:51:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
/* Used when SSL_ST_FLUSH_DATA is entered. */
int next_state;
+ /* Handshake message type and size. */
+ int message_type;
+ unsigned long message_size;
+
+ /* Reuse current handshake message. */
+ int reuse_message;
+
/* Record-layer key block for TLS 1.2 and earlier. */
unsigned char *key_block;
size_t key_block_len;
+
+ /* Transcript hash prior to sending certificate verify message. */
+ uint8_t cert_verify[EVP_MAX_MD_SIZE];
} SSL_HANDSHAKE_TLS12;
typedef struct ssl_handshake_tls13_st {
SSL_HANDSHAKE hs;
struct {
- unsigned char cert_verify_md[EVP_MAX_MD_SIZE];
-
- unsigned long message_size;
- int message_type;
-
DH *dh;
EC_KEY *ecdh; /* holds short lived ECDH key */
uint8_t *x25519;
- int reuse_message;
-
/* used for certificate requests */
int cert_req;
int ctype_num;
-/* $OpenBSD: ssl_srvr.c,v 1.101 2021/03/29 16:56:20 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.102 2021/04/19 16:51:56 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* a client cert, it can be verified.
*/
if (!tls1_transcript_hash_value(s,
- S3I(s)->tmp.cert_verify_md,
- sizeof(S3I(s)->tmp.cert_verify_md),
+ S3I(s)->hs.tls12.cert_verify,
+ sizeof(S3I(s)->hs.tls12.cert_verify),
NULL)) {
ret = -1;
goto end;
/* break; */
}
- if (!S3I(s)->tmp.reuse_message && !skip) {
+ if (!S3I(s)->hs.tls12.reuse_message && !skip) {
if (s->internal->debug) {
if ((ret = BIO_flush(s->wbio)) <= 0)
goto end;
type = X509_certificate_type(peer, pkey);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
- S3I(s)->tmp.reuse_message = 1;
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
+ S3I(s)->hs.tls12.reuse_message = 1;
if (peer != NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
goto fatal_err;
}
} else if (pkey->type == EVP_PKEY_RSA) {
- verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md,
+ verify = RSA_verify(NID_md5_sha1, S3I(s)->hs.tls12.cert_verify,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature),
CBS_len(&signature), pkey->pkey.rsa);
if (verify < 0) {
}
} else if (pkey->type == EVP_PKEY_EC) {
verify = ECDSA_verify(pkey->save_type,
- &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+ &(S3I(s)->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]),
SHA_DIGEST_LENGTH, CBS_data(&signature),
CBS_len(&signature), pkey->pkey.ec);
if (verify <= 0) {
if (!ok)
return ((int)n);
- if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+ if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
if ((s->verify_mode & SSL_VERIFY_PEER) &&
(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
al = SSL_AD_UNEXPECTED_MESSAGE;
goto fatal_err;
}
- S3I(s)->tmp.reuse_message = 1;
+ S3I(s)->hs.tls12.reuse_message = 1;
return (1);
}
- if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
+ if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
goto fatal_err;
-/* $OpenBSD: tls13_legacy.c,v 1.23 2021/03/21 18:36:34 jsing Exp $ */
+/* $OpenBSD: tls13_legacy.c,v 1.24 2021/04/19 16:51:56 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
s->internal->init_buf->length, NULL))
goto err;
- S3I(s)->tmp.reuse_message = 1;
- S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg);
- S3I(s)->tmp.message_size = CBS_len(&cbs);
+ S3I(s)->hs.tls12.reuse_message = 1;
+ S3I(s)->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg);
+ S3I(s)->hs.tls12.message_size = CBS_len(&cbs);
return 1;
projects / openbsd / commitdiff