Move reuse_message, message_type, message_size and cert_verify into the

TLSv1.2 handshake struct. ok inoguchi@ tb@
author: jsing <> 2021-04-19 16:51:56 +0000
committer: jsing <> 2021-04-19 16:51:56 +0000
commit: c80ec6c0289d29bb4c9a0250b49a487f3eead897 (patch)
tree: 54d09c9ab81cd7a258895b2d77b510ba6d5fe4ff /src/lib/libssl/ssl_srvr.c
parent: a781147be0607c2030c602b8de9b181330876373 (diff)
download: openbsd-c80ec6c0289d29bb4c9a0250b49a487f3eead897.tar.gz
openbsd-c80ec6c0289d29bb4c9a0250b49a487f3eead897.tar.bz2
openbsd-c80ec6c0289d29bb4c9a0250b49a487f3eead897.zip
1 files changed, 11 insertions, 11 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 0f3572a678..8241a59ac0 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.101 2021/03/29 16:56:20 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.102 2021/04/19 16:51:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -576,8 +576,8 @@ ssl3_accept(SSL *s)
                                 * a client cert, it can be verified.
                                 */
                                if (!tls1_transcript_hash_value(s,
-                                    S3I(s)->tmp.cert_verify_md,
+                                    S3I(s)->hs.tls12.cert_verify,
-                                    sizeof(S3I(s)->tmp.cert_verify_md),
+                                    sizeof(S3I(s)->hs.tls12.cert_verify),
                                    NULL)) {
                                        ret = -1;
                                        goto end;
@@ -733,7 +733,7 @@ ssl3_accept(SSL *s)
                        /* break; */
                }
-                if (!S3I(s)->tmp.reuse_message && !skip) {
+                if (!S3I(s)->hs.tls12.reuse_message && !skip) {
                        if (s->internal->debug) {
                                if ((ret = BIO_flush(s->wbio)) <= 0)
                                        goto end;
@@ -2149,8 +2149,8 @@ ssl3_get_cert_verify(SSL *s)
                type = X509_certificate_type(peer, pkey);
        }
-        if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
+        if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
-                S3I(s)->tmp.reuse_message = 1;
+                S3I(s)->hs.tls12.reuse_message = 1;
                if (peer != NULL) {
                        al = SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
@@ -2261,7 +2261,7 @@ ssl3_get_cert_verify(SSL *s)
                        goto fatal_err;
                }
        } else if (pkey->type == EVP_PKEY_RSA) {
-                verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md,
+                verify = RSA_verify(NID_md5_sha1, S3I(s)->hs.tls12.cert_verify,
                    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature),
                    CBS_len(&signature), pkey->pkey.rsa);
                if (verify < 0) {
@@ -2276,7 +2276,7 @@ ssl3_get_cert_verify(SSL *s)
                }
        } else if (pkey->type == EVP_PKEY_EC) {
                verify = ECDSA_verify(pkey->save_type,
-                    &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+                    &(S3I(s)->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]),
                    SHA_DIGEST_LENGTH, CBS_data(&signature),
                    CBS_len(&signature), pkey->pkey.ec);
                if (verify <= 0) {
@@ -2368,7 +2368,7 @@ ssl3_get_client_certificate(SSL *s)
        if (!ok)
                return ((int)n);
-        if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+        if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
                if ((s->verify_mode & SSL_VERIFY_PEER) &&
                    (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
                        SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
@@ -2385,11 +2385,11 @@ ssl3_get_client_certificate(SSL *s)
                        al = SSL_AD_UNEXPECTED_MESSAGE;
                        goto fatal_err;
                }
-                S3I(s)->tmp.reuse_message = 1;
+                S3I(s)->hs.tls12.reuse_message = 1;
                return (1);
        }
-        if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
+        if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
                al = SSL_AD_UNEXPECTED_MESSAGE;
                SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
                goto fatal_err;
author	jsing <>	2021-04-19 16:51:56 +0000
committer	jsing <>	2021-04-19 16:51:56 +0000
commit	c80ec6c0289d29bb4c9a0250b49a487f3eead897 (patch)
tree	54d09c9ab81cd7a258895b2d77b510ba6d5fe4ff /src/lib/libssl/ssl_srvr.c
parent	a781147be0607c2030c602b8de9b181330876373 (diff)
download	openbsd-c80ec6c0289d29bb4c9a0250b49a487f3eead897.tar.gz openbsd-c80ec6c0289d29bb4c9a0250b49a487f3eead897.tar.bz2 openbsd-c80ec6c0289d29bb4c9a0250b49a487f3eead897.zip

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 0f3572a678..8241a59ac0 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.101 2021/03/29 16:56:20 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.102 2021/04/19 16:51:56 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -576,8 +576,8 @@ ssl3_accept(SSL *s)
576	* a client cert, it can be verified.	576	* a client cert, it can be verified.
577	*/	577	*/
578	if (!tls1_transcript_hash_value(s,	578	if (!tls1_transcript_hash_value(s,
579	S3I(s)->tmp.cert_verify_md,	579	S3I(s)->hs.tls12.cert_verify,
580	sizeof(S3I(s)->tmp.cert_verify_md),	580	sizeof(S3I(s)->hs.tls12.cert_verify),
581	NULL)) {	581	NULL)) {
582	ret = -1;	582	ret = -1;
583	goto end;	583	goto end;
@@ -733,7 +733,7 @@ ssl3_accept(SSL *s)
733	/* break; */	733	/* break; */
734	}	734	}
735		735
736	if (!S3I(s)->tmp.reuse_message && !skip) {	736	if (!S3I(s)->hs.tls12.reuse_message && !skip) {
737	if (s->internal->debug) {	737	if (s->internal->debug) {
738	if ((ret = BIO_flush(s->wbio)) <= 0)	738	if ((ret = BIO_flush(s->wbio)) <= 0)
739	goto end;	739	goto end;
@@ -2149,8 +2149,8 @@ ssl3_get_cert_verify(SSL *s)
2149	type = X509_certificate_type(peer, pkey);	2149	type = X509_certificate_type(peer, pkey);
2150	}	2150	}
2151		2151
2152	if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) {	2152	if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
2153	S3I(s)->tmp.reuse_message = 1;	2153	S3I(s)->hs.tls12.reuse_message = 1;
2154	if (peer != NULL) {	2154	if (peer != NULL) {
2155	al = SSL_AD_UNEXPECTED_MESSAGE;	2155	al = SSL_AD_UNEXPECTED_MESSAGE;
2156	SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);	2156	SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
@@ -2261,7 +2261,7 @@ ssl3_get_cert_verify(SSL *s)
2261	goto fatal_err;	2261	goto fatal_err;
2262	}	2262	}
2263	} else if (pkey->type == EVP_PKEY_RSA) {	2263	} else if (pkey->type == EVP_PKEY_RSA) {
2264	verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md,	2264	verify = RSA_verify(NID_md5_sha1, S3I(s)->hs.tls12.cert_verify,
2265	MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature),	2265	MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature),
2266	CBS_len(&signature), pkey->pkey.rsa);	2266	CBS_len(&signature), pkey->pkey.rsa);
2267	if (verify < 0) {	2267	if (verify < 0) {
@@ -2276,7 +2276,7 @@ ssl3_get_cert_verify(SSL *s)
2276	}	2276	}
2277	} else if (pkey->type == EVP_PKEY_EC) {	2277	} else if (pkey->type == EVP_PKEY_EC) {
2278	verify = ECDSA_verify(pkey->save_type,	2278	verify = ECDSA_verify(pkey->save_type,
2279	&(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),	2279	&(S3I(s)->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]),
2280	SHA_DIGEST_LENGTH, CBS_data(&signature),	2280	SHA_DIGEST_LENGTH, CBS_data(&signature),
2281	CBS_len(&signature), pkey->pkey.ec);	2281	CBS_len(&signature), pkey->pkey.ec);
2282	if (verify <= 0) {	2282	if (verify <= 0) {
@@ -2368,7 +2368,7 @@ ssl3_get_client_certificate(SSL *s)
2368	if (!ok)	2368	if (!ok)
2369	return ((int)n);	2369	return ((int)n);
2370		2370
2371	if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {	2371	if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
2372	if ((s->verify_mode & SSL_VERIFY_PEER) &&	2372	if ((s->verify_mode & SSL_VERIFY_PEER) &&
2373	(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {	2373	(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2374	SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);	2374	SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
@@ -2385,11 +2385,11 @@ ssl3_get_client_certificate(SSL *s)
2385	al = SSL_AD_UNEXPECTED_MESSAGE;	2385	al = SSL_AD_UNEXPECTED_MESSAGE;
2386	goto fatal_err;	2386	goto fatal_err;
2387	}	2387	}
2388	S3I(s)->tmp.reuse_message = 1;	2388	S3I(s)->hs.tls12.reuse_message = 1;
2389	return (1);	2389	return (1);
2390	}	2390	}
2391		2391
2392	if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {	2392	if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
2393	al = SSL_AD_UNEXPECTED_MESSAGE;	2393	al = SSL_AD_UNEXPECTED_MESSAGE;
2394	SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);	2394	SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
2395	goto fatal_err;	2395	goto fatal_err;