summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorguenther <>2020-10-11 12:45:52 +0000
committerguenther <>2020-10-11 12:45:52 +0000
commitaf6a663711d3d3993dad528fa53865494ffaca28 (patch)
tree667c30e60e822bb9cb6f7a9d26580beea65d65a0
parentd30a2211e331d165f1922febac556a295ba95562 (diff)
downloadopenbsd-af6a663711d3d3993dad528fa53865494ffaca28.tar.gz
openbsd-af6a663711d3d3993dad528fa53865494ffaca28.tar.bz2
openbsd-af6a663711d3d3993dad528fa53865494ffaca28.zip
SSL3_ENC_METHOD is just a flag word; merge it into SSL_METHOD_INTERNAL
with #defines for the per-version initializers instead of extern globals. Add SSL_USE_SHA256_PRF() to complete the abstraction. ok tb@ jsing@
Diffstat
-rw-r--r--src/lib/libssl/s3_lib.c4
-rw-r--r--src/lib/libssl/ssl_locl.h31
-rw-r--r--src/lib/libssl/ssl_methods.c14
-rw-r--r--src/lib/libssl/t1_lib.c15
-rw-r--r--src/lib/libssl/tls13_legacy.c6
5 files changed, 28 insertions, 42 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 01afc72ebd..3bd7d65522 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.199 2020/10/11 01:13:04 guenther Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.200 2020/10/11 12:45:51 guenther Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2731,7 +2731,7 @@ ssl_get_algorithm2(SSL *s)
2731{ 2731{
2732 long alg2 = S3I(s)->hs.new_cipher->algorithm2; 2732 long alg2 = S3I(s)->hs.new_cipher->algorithm2;
2733 2733
2734 if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && 2734 if (SSL_USE_SHA256_PRF(s) &&
2735 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 2735 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
2736 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; 2736 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
2737 return alg2; 2737 return alg2;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 5d41417df8..f2e1cb97f8 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.303 2020/10/11 02:44:27 tb Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.304 2020/10/11 12:45:52 guenther Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -319,15 +319,19 @@ __BEGIN_HIDDEN_DECLS
319 319
320/* See if we use signature algorithms extension. */ 320/* See if we use signature algorithms extension. */
321#define SSL_USE_SIGALGS(s) \ 321#define SSL_USE_SIGALGS(s) \
322 (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) 322 (s->method->internal->enc_flags & SSL_ENC_FLAG_SIGALGS)
323
324/* See if we use SHA256 default PRF. */
325#define SSL_USE_SHA256_PRF(s) \
326 (s->method->internal->enc_flags & SSL_ENC_FLAG_SHA256_PRF)
323 327
324/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ 328/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
325#define SSL_USE_TLS1_2_CIPHERS(s) \ 329#define SSL_USE_TLS1_2_CIPHERS(s) \
326 (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) 330 (s->method->internal->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
327 331
328/* Allow TLS 1.3 ciphersuites only. */ 332/* Allow TLS 1.3 ciphersuites only. */
329#define SSL_USE_TLS1_3_CIPHERS(s) \ 333#define SSL_USE_TLS1_3_CIPHERS(s) \
330 (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS) 334 (s->method->internal->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS)
331 335
332#define SSL_PKEY_RSA 0 336#define SSL_PKEY_RSA 0
333#define SSL_PKEY_ECC 1 337#define SSL_PKEY_ECC 1
@@ -379,7 +383,7 @@ typedef struct ssl_method_internal_st {
379 int peek); 383 int peek);
380 int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); 384 int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
381 385
382 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ 386 unsigned int enc_flags; /* SSL_ENC_FLAG_* */
383} SSL_METHOD_INTERNAL; 387} SSL_METHOD_INTERNAL;
384 388
385typedef struct ssl_session_internal_st { 389typedef struct ssl_session_internal_st {
@@ -1063,10 +1067,6 @@ typedef struct sess_cert_st {
1063/*#define SSL_DEBUG */ 1067/*#define SSL_DEBUG */
1064/*#define RSA_DEBUG */ 1068/*#define RSA_DEBUG */
1065 1069
1066typedef struct ssl3_enc_method {
1067 unsigned int enc_flags;
1068} SSL3_ENC_METHOD;
1069
1070/* 1070/*
1071 * Flag values for enc_flags. 1071 * Flag values for enc_flags.
1072 */ 1072 */
@@ -1083,6 +1083,14 @@ typedef struct ssl3_enc_method {
1083/* Allow TLS 1.3 ciphersuites only. */ 1083/* Allow TLS 1.3 ciphersuites only. */
1084#define SSL_ENC_FLAG_TLS1_3_CIPHERS (1 << 5) 1084#define SSL_ENC_FLAG_TLS1_3_CIPHERS (1 << 5)
1085 1085
1086#define TLSV1_ENC_FLAGS 0
1087#define TLSV1_1_ENC_FLAGS 0
1088#define TLSV1_2_ENC_FLAGS (SSL_ENC_FLAG_SIGALGS | \
1089 SSL_ENC_FLAG_SHA256_PRF | \
1090 SSL_ENC_FLAG_TLS1_2_CIPHERS)
1091#define TLSV1_3_ENC_FLAGS (SSL_ENC_FLAG_SIGALGS | \
1092 SSL_ENC_FLAG_TLS1_3_CIPHERS)
1093
1086/* 1094/*
1087 * ssl_aead_ctx_st contains information about an AEAD that is being used to 1095 * ssl_aead_ctx_st contains information about an AEAD that is being used to
1088 * encrypt an SSL connection. 1096 * encrypt an SSL connection.
@@ -1123,11 +1131,6 @@ int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher,
1123const SSL_METHOD *tls_legacy_method(void); 1131const SSL_METHOD *tls_legacy_method(void);
1124const SSL_METHOD *ssl_get_method(uint16_t version); 1132const SSL_METHOD *ssl_get_method(uint16_t version);
1125 1133
1126extern SSL3_ENC_METHOD TLSv1_enc_data;
1127extern SSL3_ENC_METHOD TLSv1_1_enc_data;
1128extern SSL3_ENC_METHOD TLSv1_2_enc_data;
1129extern SSL3_ENC_METHOD TLSv1_3_enc_data;
1130
1131void ssl_clear_cipher_state(SSL *s); 1134void ssl_clear_cipher_state(SSL *s);
1132void ssl_clear_cipher_read_state(SSL *s); 1135void ssl_clear_cipher_read_state(SSL *s);
1133void ssl_clear_cipher_write_state(SSL *s); 1136void ssl_clear_cipher_write_state(SSL *s);
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index 23c7e97b57..e2d5766e0f 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */ 1/* $OpenBSD: ssl_methods.c,v 1.19 2020/10/11 12:45:52 guenther Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -74,7 +74,7 @@ static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
74 .ssl_pending = ssl3_pending, 74 .ssl_pending = ssl3_pending,
75 .ssl_read_bytes = dtls1_read_bytes, 75 .ssl_read_bytes = dtls1_read_bytes,
76 .ssl_write_bytes = dtls1_write_app_data_bytes, 76 .ssl_write_bytes = dtls1_write_app_data_bytes,
77 .ssl3_enc = &TLSv1_1_enc_data, 77 .enc_flags = TLSV1_1_ENC_FLAGS,
78}; 78};
79 79
80static const SSL_METHOD DTLSv1_method_data = { 80static const SSL_METHOD DTLSv1_method_data = {
@@ -138,7 +138,7 @@ static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
138 .ssl_pending = tls13_legacy_pending, 138 .ssl_pending = tls13_legacy_pending,
139 .ssl_read_bytes = tls13_legacy_read_bytes, 139 .ssl_read_bytes = tls13_legacy_read_bytes,
140 .ssl_write_bytes = tls13_legacy_write_bytes, 140 .ssl_write_bytes = tls13_legacy_write_bytes,
141 .ssl3_enc = &TLSv1_3_enc_data, 141 .enc_flags = TLSV1_3_ENC_FLAGS,
142}; 142};
143 143
144static const SSL_METHOD TLS_method_data = { 144static const SSL_METHOD TLS_method_data = {
@@ -166,7 +166,7 @@ static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = {
166 .ssl_pending = ssl3_pending, 166 .ssl_pending = ssl3_pending,
167 .ssl_read_bytes = ssl3_read_bytes, 167 .ssl_read_bytes = ssl3_read_bytes,
168 .ssl_write_bytes = ssl3_write_bytes, 168 .ssl_write_bytes = ssl3_write_bytes,
169 .ssl3_enc = &TLSv1_2_enc_data, 169 .enc_flags = TLSV1_2_ENC_FLAGS,
170}; 170};
171 171
172static const SSL_METHOD TLS_legacy_method_data = { 172static const SSL_METHOD TLS_legacy_method_data = {
@@ -193,7 +193,7 @@ static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = {
193 .ssl_pending = ssl3_pending, 193 .ssl_pending = ssl3_pending,
194 .ssl_read_bytes = ssl3_read_bytes, 194 .ssl_read_bytes = ssl3_read_bytes,
195 .ssl_write_bytes = ssl3_write_bytes, 195 .ssl_write_bytes = ssl3_write_bytes,
196 .ssl3_enc = &TLSv1_enc_data, 196 .enc_flags = TLSV1_ENC_FLAGS,
197}; 197};
198 198
199static const SSL_METHOD TLSv1_method_data = { 199static const SSL_METHOD TLSv1_method_data = {
@@ -220,7 +220,7 @@ static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = {
220 .ssl_pending = ssl3_pending, 220 .ssl_pending = ssl3_pending,
221 .ssl_read_bytes = ssl3_read_bytes, 221 .ssl_read_bytes = ssl3_read_bytes,
222 .ssl_write_bytes = ssl3_write_bytes, 222 .ssl_write_bytes = ssl3_write_bytes,
223 .ssl3_enc = &TLSv1_1_enc_data, 223 .enc_flags = TLSV1_1_ENC_FLAGS,
224}; 224};
225 225
226static const SSL_METHOD TLSv1_1_method_data = { 226static const SSL_METHOD TLSv1_1_method_data = {
@@ -247,7 +247,7 @@ static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = {
247 .ssl_pending = ssl3_pending, 247 .ssl_pending = ssl3_pending,
248 .ssl_read_bytes = ssl3_read_bytes, 248 .ssl_read_bytes = ssl3_read_bytes,
249 .ssl_write_bytes = ssl3_write_bytes, 249 .ssl_write_bytes = ssl3_write_bytes,
250 .ssl3_enc = &TLSv1_2_enc_data, 250 .enc_flags = TLSV1_2_ENC_FLAGS,
251}; 251};
252 252
253static const SSL_METHOD TLSv1_2_method_data = { 253static const SSL_METHOD TLSv1_2_method_data = {
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 5635c8ff43..10ca80c4fe 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.177 2020/10/07 08:43:34 jsing Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.178 2020/10/11 12:45:52 guenther Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -125,19 +125,6 @@
125static int tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, 125static int tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert,
126 SSL_SESSION **psess); 126 SSL_SESSION **psess);
127 127
128SSL3_ENC_METHOD TLSv1_enc_data = {
129 .enc_flags = 0,
130};
131
132SSL3_ENC_METHOD TLSv1_1_enc_data = {
133 .enc_flags = 0,
134};
135
136SSL3_ENC_METHOD TLSv1_2_enc_data = {
137 .enc_flags = SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF|
138 SSL_ENC_FLAG_TLS1_2_CIPHERS,
139};
140
141int 128int
142tls1_new(SSL *s) 129tls1_new(SSL *s)
143{ 130{
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index a9a7fff3e0..463d56372e 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_legacy.c,v 1.17 2020/10/11 02:59:47 jsing Exp $ */ 1/* $OpenBSD: tls13_legacy.c,v 1.18 2020/10/11 12:45:52 guenther Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -20,10 +20,6 @@
20#include "ssl_locl.h" 20#include "ssl_locl.h"
21#include "tls13_internal.h" 21#include "tls13_internal.h"
22 22
23SSL3_ENC_METHOD TLSv1_3_enc_data = {
24 .enc_flags = SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_TLS1_3_CIPHERS,
25};
26
27static ssize_t 23static ssize_t
28tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len) 24tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len)
29{ 25{
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 01:04:26 +0000