From: jsing Date: Mon, 29 Mar 2021 16:46:09 +0000 (+0000) Subject: Move finished and peer finished to the handshake struct. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=268dad53d6e6176ac2f0893130b94dd69e18f3ef;p=openbsd Move finished and peer finished to the handshake struct. This moves the finish_md and peer_finish_md from the 'tmp' struct to the handshake struct, renaming to finished and peer_finished in the process. This also allows the remaining S3I(s) references to be removed from the TLSv1.3 client and server. ok inoguchi@ tb@ --- diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c index 789ab012131..4851231a8f3 100644 --- a/lib/libssl/ssl_both.c +++ b/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.26 2021/03/27 17:56:28 tb Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.27 2021/03/29 16:46:09 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -176,25 +176,25 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); if (tls1_final_finish_mac(s, sender, slen, - S3I(s)->tmp.finish_md) != md_len) + S3I(s)->hs.finished) != md_len) return (0); - S3I(s)->tmp.finish_md_len = md_len; + S3I(s)->hs.finished_len = md_len; /* Copy finished so we can use it for renegotiation checks. */ if (!s->server) { memcpy(S3I(s)->previous_client_finished, - S3I(s)->tmp.finish_md, md_len); + S3I(s)->hs.finished, md_len); S3I(s)->previous_client_finished_len = md_len; } else { memcpy(S3I(s)->previous_server_finished, - S3I(s)->tmp.finish_md, md_len); + S3I(s)->hs.finished, md_len); S3I(s)->previous_server_finished_len = md_len; } if (!ssl3_handshake_msg_start(s, &cbb, &finished, SSL3_MT_FINISHED)) goto err; - if (!CBB_add_bytes(&finished, S3I(s)->tmp.finish_md, md_len)) + if (!CBB_add_bytes(&finished, S3I(s)->hs.finished, md_len)) goto err; if (!ssl3_handshake_msg_finish(s, &cbb)) goto err; @@ -235,9 +235,9 @@ ssl3_take_mac(SSL *s) slen = TLS_MD_CLIENT_FINISH_CONST_SIZE; } - S3I(s)->tmp.peer_finish_md_len = + S3I(s)->hs.peer_finished_len = tls1_final_finish_mac(s, sender, slen, - S3I(s)->tmp.peer_finish_md); + S3I(s)->hs.peer_finished); } int @@ -270,14 +270,14 @@ ssl3_get_finished(SSL *s, int a, int b) CBS_init(&cbs, s->internal->init_msg, n); - if (S3I(s)->tmp.peer_finish_md_len != md_len || + if (S3I(s)->hs.peer_finished_len != md_len || CBS_len(&cbs) != md_len) { al = SSL_AD_DECODE_ERROR; SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); goto fatal_err; } - if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) { + if (!CBS_mem_equal(&cbs, S3I(s)->hs.peer_finished, CBS_len(&cbs))) { al = SSL_AD_DECRYPT_ERROR; SSLerror(s, SSL_R_DIGEST_CHECK_FAILED); goto fatal_err; @@ -287,11 +287,11 @@ ssl3_get_finished(SSL *s, int a, int b) OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); if (s->server) { memcpy(S3I(s)->previous_client_finished, - S3I(s)->tmp.peer_finish_md, md_len); + S3I(s)->hs.peer_finished, md_len); S3I(s)->previous_client_finished_len = md_len; } else { memcpy(S3I(s)->previous_server_finished, - S3I(s)->tmp.peer_finish_md, md_len); + S3I(s)->hs.peer_finished, md_len); S3I(s)->previous_server_finished_len = md_len; } diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index c77fdd77e98..892922d7611 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.253 2021/03/27 17:56:28 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.254 2021/03/29 16:46:09 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -723,10 +723,10 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) { size_t ret; - ret = S3I(s)->tmp.finish_md_len; + ret = S3I(s)->hs.finished_len; if (count > ret) count = ret; - memcpy(buf, S3I(s)->tmp.finish_md, count); + memcpy(buf, S3I(s)->hs.finished, count); return (ret); } @@ -736,10 +736,10 @@ SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { size_t ret; - ret = S3I(s)->tmp.peer_finish_md_len; + ret = S3I(s)->hs.peer_finished_len; if (count > ret) count = ret; - memcpy(buf, S3I(s)->tmp.peer_finish_md, count); + memcpy(buf, S3I(s)->hs.peer_finished, count); return (ret); } diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 4b2f98f84d2..3339c57390c 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.332 2021/03/29 16:19:15 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.333 2021/03/29 16:46:09 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -492,6 +492,15 @@ typedef struct ssl_handshake_st { uint8_t *sigalgs; size_t sigalgs_len; + /* + * Copies of the verify data sent in our finished message and the + * verify data received in the finished message sent by our peer. + */ + uint8_t finished[EVP_MAX_MD_SIZE]; + size_t finished_len; + uint8_t peer_finished[EVP_MAX_MD_SIZE]; + size_t peer_finished_len; + SSL_HANDSHAKE_TLS12 tls12; SSL_HANDSHAKE_TLS13 tls13; } SSL_HANDSHAKE; @@ -918,11 +927,6 @@ typedef struct ssl3_state_internal_st { struct { unsigned char cert_verify_md[EVP_MAX_MD_SIZE]; - unsigned char finish_md[EVP_MAX_MD_SIZE]; - size_t finish_md_len; - unsigned char peer_finish_md[EVP_MAX_MD_SIZE]; - size_t peer_finish_md_len; - unsigned long message_size; int message_type; diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index a93acdfa7f6..a760f90a3a0 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.39 2021/03/24 18:44:00 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.40 2021/03/29 16:46:09 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1190,12 +1190,12 @@ ssl3_do_change_cipher_spec(SSL *s) } i = tls1_final_finish_mac(s, sender, slen, - S3I(s)->tmp.peer_finish_md); + S3I(s)->hs.peer_finished); if (i == 0) { SSLerror(s, ERR_R_INTERNAL_ERROR); return 0; } - S3I(s)->tmp.peer_finish_md_len = i; + S3I(s)->hs.peer_finished_len = i; return (1); } diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 5ffab919a2d..797eb84001c 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.88 2021/03/21 18:36:34 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.89 2021/03/29 16:46:09 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -36,7 +36,7 @@ tlsext_alpn_client_needs(SSL *s, uint16_t msg_type) { /* ALPN protos have been specified and this is the initial handshake */ return s->internal->alpn_client_proto_list != NULL && - S3I(s)->tmp.finish_md_len == 0; + S3I(s)->hs.finished_len == 0; } int diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index 78bf15ec591..e0febee926d 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.76 2021/03/24 18:44:00 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.77 2021/03/29 16:46:09 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -746,7 +746,6 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) uint8_t key[EVP_MAX_MD_SIZE]; HMAC_CTX *hmac_ctx = NULL; unsigned int hlen; - SSL *s = ctx->ssl; int ret = 0; /* @@ -781,9 +780,9 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; } - if (!CBS_write_bytes(cbs, S3I(s)->tmp.peer_finish_md, - sizeof(S3I(s)->tmp.peer_finish_md), - &S3I(s)->tmp.peer_finish_md_len)) + if (!CBS_write_bytes(cbs, ctx->hs->peer_finished, + sizeof(ctx->hs->peer_finished), + &ctx->hs->peer_finished_len)) goto err; if (!CBS_skip(cbs, verify_data_len)) @@ -1032,7 +1031,6 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) unsigned int hlen; HMAC_CTX *hmac_ctx = NULL; CBS cbs; - SSL *s = ctx->ssl; int ret = 0; if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash))) @@ -1064,8 +1062,8 @@ tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) goto err; CBS_init(&cbs, verify_data, verify_data_len); - if (!CBS_write_bytes(&cbs, S3I(s)->tmp.finish_md, - sizeof(S3I(s)->tmp.finish_md), &S3I(s)->tmp.finish_md_len)) + if (!CBS_write_bytes(&cbs, ctx->hs->finished, + sizeof(ctx->hs->finished), &ctx->hs->finished_len)) goto err; ret = 1; diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index bac9623a153..4fed1a43d04 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.73 2021/03/24 18:44:00 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.74 2021/03/29 16:46:09 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -783,7 +783,6 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) unsigned int hlen; HMAC_CTX *hmac_ctx = NULL; CBS cbs; - SSL *s = ctx->ssl; int ret = 0; if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash))) @@ -815,8 +814,8 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) goto err; CBS_init(&cbs, verify_data, verify_data_len); - if (!CBS_write_bytes(&cbs, S3I(s)->tmp.finish_md, - sizeof(S3I(s)->tmp.finish_md), &S3I(s)->tmp.finish_md_len)) + if (!CBS_write_bytes(&cbs, ctx->hs->finished, + sizeof(ctx->hs->finished), &ctx->hs->finished_len)) goto err; ret = 1; @@ -1050,7 +1049,6 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) uint8_t key[EVP_MAX_MD_SIZE]; HMAC_CTX *hmac_ctx = NULL; unsigned int hlen; - SSL *s = ctx->ssl; int ret = 0; /* @@ -1085,9 +1083,9 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; } - if (!CBS_write_bytes(cbs, S3I(s)->tmp.peer_finish_md, - sizeof(S3I(s)->tmp.peer_finish_md), - &S3I(s)->tmp.peer_finish_md_len)) + if (!CBS_write_bytes(cbs, ctx->hs->peer_finished, + sizeof(ctx->hs->peer_finished), + &ctx->hs->peer_finished_len)) goto err; if (!CBS_skip(cbs, verify_data_len))