Move finished and peer finished to the handshake struct.

This moves the finish_md and peer_finish_md from the 'tmp' struct to the
handshake struct, renaming to finished and peer_finished in the process.
This also allows the remaining S3I(s) references to be removed from the
TLSv1.3 client and server.

ok inoguchi@ tb@

diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index 789ab01..4851231 100644 (file)
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.26 2021/03/27 17:56:28 tb Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.27 2021/03/29 16:46:09 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -176,25 +176,25 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
 
                if (tls1_final_finish_mac(s, sender, slen,
-                   S3I(s)->tmp.finish_md) != md_len)
+                   S3I(s)->hs.finished) != md_len)
                        return (0);
-               S3I(s)->tmp.finish_md_len = md_len;
+               S3I(s)->hs.finished_len = md_len;
 
                /* Copy finished so we can use it for renegotiation checks. */
                if (!s->server) {
                        memcpy(S3I(s)->previous_client_finished,
-                           S3I(s)->tmp.finish_md, md_len);
+                           S3I(s)->hs.finished, md_len);
                        S3I(s)->previous_client_finished_len = md_len;
                } else {
                        memcpy(S3I(s)->previous_server_finished,
-                           S3I(s)->tmp.finish_md, md_len);
+                           S3I(s)->hs.finished, md_len);
                        S3I(s)->previous_server_finished_len = md_len;
                }
 
                if (!ssl3_handshake_msg_start(s, &cbb, &finished,
                    SSL3_MT_FINISHED))
                         goto err;
-               if (!CBB_add_bytes(&finished, S3I(s)->tmp.finish_md, md_len))
+               if (!CBB_add_bytes(&finished, S3I(s)->hs.finished, md_len))
                        goto err;
                if (!ssl3_handshake_msg_finish(s, &cbb))
                        goto err;
@@ -235,9 +235,9 @@ ssl3_take_mac(SSL *s)
                slen = TLS_MD_CLIENT_FINISH_CONST_SIZE;
        }
 
-       S3I(s)->tmp.peer_finish_md_len =
+       S3I(s)->hs.peer_finished_len =
            tls1_final_finish_mac(s, sender, slen,
-               S3I(s)->tmp.peer_finish_md);
+               S3I(s)->hs.peer_finished);
 }
 
 int
@@ -270,14 +270,14 @@ ssl3_get_finished(SSL *s, int a, int b)
 
        CBS_init(&cbs, s->internal->init_msg, n);
 
-       if (S3I(s)->tmp.peer_finish_md_len != md_len ||
+       if (S3I(s)->hs.peer_finished_len != md_len ||
            CBS_len(&cbs) != md_len) {
                al = SSL_AD_DECODE_ERROR;
                SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
                goto fatal_err;
        }
 
-       if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) {
+       if (!CBS_mem_equal(&cbs, S3I(s)->hs.peer_finished, CBS_len(&cbs))) {
                al = SSL_AD_DECRYPT_ERROR;
                SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
                goto fatal_err;
@@ -287,11 +287,11 @@ ssl3_get_finished(SSL *s, int a, int b)
        OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
        if (s->server) {
                memcpy(S3I(s)->previous_client_finished,
-                   S3I(s)->tmp.peer_finish_md, md_len);
+                   S3I(s)->hs.peer_finished, md_len);
                S3I(s)->previous_client_finished_len = md_len;
        } else {
                memcpy(S3I(s)->previous_server_finished,
-                   S3I(s)->tmp.peer_finish_md, md_len);
+                   S3I(s)->hs.peer_finished, md_len);
                S3I(s)->previous_server_finished_len = md_len;
        }
 

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index c77fdd7..892922d 100644 (file)
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.253 2021/03/27 17:56:28 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.254 2021/03/29 16:46:09 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -723,10 +723,10 @@ SSL_get_finished(const SSL *s, void *buf, size_t count)
 {
        size_t  ret;
 
-       ret = S3I(s)->tmp.finish_md_len;
+       ret = S3I(s)->hs.finished_len;
        if (count > ret)
                count = ret;
-       memcpy(buf, S3I(s)->tmp.finish_md, count);
+       memcpy(buf, S3I(s)->hs.finished, count);
        return (ret);
 }
 
@@ -736,10 +736,10 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
 {
        size_t  ret;
 
-       ret = S3I(s)->tmp.peer_finish_md_len;
+       ret = S3I(s)->hs.peer_finished_len;
        if (count > ret)
                count = ret;
-       memcpy(buf, S3I(s)->tmp.peer_finish_md, count);
+       memcpy(buf, S3I(s)->hs.peer_finished, count);
        return (ret);
 }
 

diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 4b2f98f..3339c57 100644 (file)
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.332 2021/03/29 16:19:15 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.333 2021/03/29 16:46:09 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -492,6 +492,15 @@ typedef struct ssl_handshake_st {
        uint8_t *sigalgs;
        size_t sigalgs_len;
 
+       /*
+        * Copies of the verify data sent in our finished message and the
+        * verify data received in the finished message sent by our peer.
+        */
+       uint8_t finished[EVP_MAX_MD_SIZE];
+       size_t finished_len;
+       uint8_t peer_finished[EVP_MAX_MD_SIZE];
+       size_t peer_finished_len;
+
        SSL_HANDSHAKE_TLS12 tls12;
        SSL_HANDSHAKE_TLS13 tls13;
 } SSL_HANDSHAKE;
@@ -918,11 +927,6 @@ typedef struct ssl3_state_internal_st {
        struct  {
                unsigned char cert_verify_md[EVP_MAX_MD_SIZE];
 
-               unsigned char finish_md[EVP_MAX_MD_SIZE];
-               size_t finish_md_len;
-               unsigned char peer_finish_md[EVP_MAX_MD_SIZE];
-               size_t peer_finish_md_len;
-
                unsigned long message_size;
                int message_type;
 

diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c
index a93acdf..a760f90 100644 (file)
--- a/lib/libssl/ssl_pkt.c
+++ b/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.39 2021/03/24 18:44:00 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.40 2021/03/29 16:46:09 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1190,12 +1190,12 @@ ssl3_do_change_cipher_spec(SSL *s)
        }
 
        i = tls1_final_finish_mac(s, sender, slen,
-           S3I(s)->tmp.peer_finish_md);
+           S3I(s)->hs.peer_finished);
        if (i == 0) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return 0;
        }
-       S3I(s)->tmp.peer_finish_md_len = i;
+       S3I(s)->hs.peer_finished_len = i;
 
        return (1);
 }

diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index 5ffab91..797eb84 100644 (file)
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.88 2021/03/21 18:36:34 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.89 2021/03/29 16:46:09 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -36,7 +36,7 @@ tlsext_alpn_client_needs(SSL *s, uint16_t msg_type)
 {
        /* ALPN protos have been specified and this is the initial handshake */
        return s->internal->alpn_client_proto_list != NULL &&
-           S3I(s)->tmp.finish_md_len == 0;
+           S3I(s)->hs.finished_len == 0;
 }
 
 int

diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index 78bf15e..e0febee 100644 (file)
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.76 2021/03/24 18:44:00 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.77 2021/03/29 16:46:09 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -746,7 +746,6 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
        uint8_t key[EVP_MAX_MD_SIZE];
        HMAC_CTX *hmac_ctx = NULL;
        unsigned int hlen;
-       SSL *s = ctx->ssl;
        int ret = 0;
 
        /*
@@ -781,9 +780,9 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        }
 
-       if (!CBS_write_bytes(cbs, S3I(s)->tmp.peer_finish_md,
-           sizeof(S3I(s)->tmp.peer_finish_md),
-           &S3I(s)->tmp.peer_finish_md_len))
+       if (!CBS_write_bytes(cbs, ctx->hs->peer_finished,
+           sizeof(ctx->hs->peer_finished),
+           &ctx->hs->peer_finished_len))
                goto err;
 
        if (!CBS_skip(cbs, verify_data_len))
@@ -1032,7 +1031,6 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
        unsigned int hlen;
        HMAC_CTX *hmac_ctx = NULL;
        CBS cbs;
-       SSL *s = ctx->ssl;
        int ret = 0;
 
        if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash)))
@@ -1064,8 +1062,8 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
                goto err;
 
        CBS_init(&cbs, verify_data, verify_data_len);
-       if (!CBS_write_bytes(&cbs, S3I(s)->tmp.finish_md,
-           sizeof(S3I(s)->tmp.finish_md), &S3I(s)->tmp.finish_md_len))
+       if (!CBS_write_bytes(&cbs, ctx->hs->finished,
+           sizeof(ctx->hs->finished), &ctx->hs->finished_len))
                goto err;
 
        ret = 1;

diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index bac9623..4fed1a4 100644 (file)
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.73 2021/03/24 18:44:00 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.74 2021/03/29 16:46:09 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -783,7 +783,6 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb)
        unsigned int hlen;
        HMAC_CTX *hmac_ctx = NULL;
        CBS cbs;
-       SSL *s = ctx->ssl;
        int ret = 0;
 
        if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash)))
@@ -815,8 +814,8 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb)
                goto err;
 
        CBS_init(&cbs, verify_data, verify_data_len);
-       if (!CBS_write_bytes(&cbs, S3I(s)->tmp.finish_md,
-           sizeof(S3I(s)->tmp.finish_md), &S3I(s)->tmp.finish_md_len))
+       if (!CBS_write_bytes(&cbs, ctx->hs->finished,
+           sizeof(ctx->hs->finished), &ctx->hs->finished_len))
                goto err;
 
        ret = 1;
@@ -1050,7 +1049,6 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
        uint8_t key[EVP_MAX_MD_SIZE];
        HMAC_CTX *hmac_ctx = NULL;
        unsigned int hlen;
-       SSL *s = ctx->ssl;
        int ret = 0;
 
        /*
@@ -1085,9 +1083,9 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        }
 
-       if (!CBS_write_bytes(cbs, S3I(s)->tmp.peer_finish_md,
-           sizeof(S3I(s)->tmp.peer_finish_md),
-           &S3I(s)->tmp.peer_finish_md_len))
+       if (!CBS_write_bytes(cbs, ctx->hs->peer_finished,
+           sizeof(ctx->hs->peer_finished),
+           &ctx->hs->peer_finished_len))
                goto err;
 
        if (!CBS_skip(cbs, verify_data_len))