Improve argument order for the internal tlsext API

Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data. requested by jsing
author: tb <> 2020-07-03 04:12:51 +0000
committer: tb <> 2020-07-03 04:12:51 +0000
commit: 19ec1b6acc3e3c1c1156d9578424119a3a98dd63 (patch)
tree: ccbfc5a18a8593e33c9c504671e7d32e7f8e6c1a /src/lib
parent: ba5d20ce0e8a0f27f37d05f5e9e4457b8712655d (diff)
download: openbsd-19ec1b6acc3e3c1c1156d9578424119a3a98dd63.tar.gz
openbsd-19ec1b6acc3e3c1c1156d9578424119a3a98dd63.tar.bz2
openbsd-19ec1b6acc3e3c1c1156d9578424119a3a98dd63.zip
8 files changed, 39 insertions, 39 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 0a1b6ea241..b6dcb8888d 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.69 2020/06/05 17:53:26 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.70 2020/07/03 04:12:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -775,7 +775,7 @@ ssl3_send_client_hello(SSL *s)
                        goto err;
                /* TLS extensions */
-                if (!tlsext_client_build(s, &client_hello, SSL_TLSEXT_MSG_CH)) {
+                if (!tlsext_client_build(s, SSL_TLSEXT_MSG_CH, &client_hello)) {
                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                        goto err;
                }
@@ -1024,7 +1024,7 @@ ssl3_get_server_hello(SSL *s)
                goto f_err;
        }
-        if (!tlsext_client_parse(s, &cbs, &al, SSL_TLSEXT_MSG_SH)) {
+        if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) {
                SSLerror(s, SSL_R_PARSE_TLSEXT);
                goto f_err;
        }
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 706ad1453b..67671f276c 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.79 2020/06/05 17:53:26 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.80 2020/07/03 04:12:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s)
                goto f_err;
        }
-        if (!tlsext_server_parse(s, &cbs, &al, SSL_TLSEXT_MSG_CH)) {
+        if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)) {
                SSLerror(s, SSL_R_PARSE_TLSEXT);
                goto f_err;
        }
@@ -1233,7 +1233,7 @@ ssl3_send_server_hello(SSL *s)
                        goto err;
                /* TLS extensions */
-                if (!tlsext_server_build(s, &server_hello, SSL_TLSEXT_MSG_SH)) {
+                if (!tlsext_server_build(s, SSL_TLSEXT_MSG_SH, &server_hello)) {
                        SSLerror(s, ERR_R_INTERNAL_ERROR);
                        goto err;
                }
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index f6943c83ae..2b91a087af 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.75 2020/06/06 01:40:09 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.76 2020/07/03 04:12:51 tb Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2009,7 +2009,7 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server)
 }
 static int
-tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type)
+tlsext_build(SSL *s, int is_server, uint16_t msg_type, CBB *cbb)
 {
        struct tls_extension_funcs *ext;
        struct tls_extension *tlsext;
@@ -2087,7 +2087,7 @@ tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs)
 }
 static int
-tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
+tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert)
 {
        struct tls_extension_funcs *ext;
        struct tls_extension *tlsext;
@@ -2175,19 +2175,19 @@ tlsext_server_reset_state(SSL *s)
 }
 int
-tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type)
+tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-        return tlsext_build(s, cbb, 1, msg_type);
+        return tlsext_build(s, 1, msg_type, cbb);
 }
 int
-tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type)
+tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        /* XXX - this should be done by the caller... */
        if (msg_type == SSL_TLSEXT_MSG_CH)
                tlsext_server_reset_state(s);
-        return tlsext_parse(s, cbs, alert, 1, msg_type);
+        return tlsext_parse(s, 1, msg_type, cbs, alert);
 }
 static void
@@ -2199,17 +2199,17 @@ tlsext_client_reset_state(SSL *s)
 }
 int
-tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type)
+tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
-        return tlsext_build(s, cbb, 0, msg_type);
+        return tlsext_build(s, 0, msg_type, cbb);
 }
 int
-tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type)
+tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        /* XXX - this should be done by the caller... */
        if (msg_type == SSL_TLSEXT_MSG_SH)
                tlsext_client_reset_state(s);
-        return tlsext_parse(s, cbs, alert, 0, msg_type);
+        return tlsext_parse(s, 0, msg_type, cbs, alert);
 }
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index 15e0257e63..e2aafa7815 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.23 2020/05/23 17:13:24 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.24 2020/07/03 04:12:51 tb Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -118,11 +118,11 @@ int tlsext_srtp_server_build(SSL *s, CBB *cbb);
 int tlsext_srtp_server_parse(SSL *s, CBS *cbs, int *alert);
 #endif
-int tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type);
+int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type);
+int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type);
+int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type);
+int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
 struct tls_extension *tls_extension_find(uint16_t, size_t *);
 int tlsext_extension_seen(SSL *s, uint16_t);
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index e2f61f6c08..bd72db8be0 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.65 2020/06/04 18:41:42 tb Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.66 2020/07/03 04:12:51 tb Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -118,7 +118,7 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb)
        if (!CBB_add_u8(&compression_methods, 0))
                goto err;
-        if (!tlsext_client_build(s, cbb, SSL_TLSEXT_MSG_CH))
+        if (!tlsext_client_build(s, SSL_TLSEXT_MSG_CH, cbb))
                goto err;
        if (!CBB_flush(cbb))
@@ -265,7 +265,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
                ctx->hs->hrr = 1;
        }
-        if (!tlsext_client_parse(s, cbs, &alert_desc, tlsext_msg_type)) {
+        if (!tlsext_client_parse(s, tlsext_msg_type, cbs, &alert_desc)) {
                ctx->alert = alert_desc;
                goto err;
        }
@@ -504,7 +504,7 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs)
 {
        int alert_desc;
-        if (!tlsext_client_parse(ctx->ssl, cbs, &alert_desc, SSL_TLSEXT_MSG_EE)) {
+        if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_EE, cbs, &alert_desc)) {
                ctx->alert = alert_desc;
                goto err;
        }
@@ -540,7 +540,7 @@ tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs)
        if (CBS_len(&cert_request_context) != 0)
                goto err;
-        if (!tlsext_client_parse(ctx->ssl, cbs, &alert_desc, SSL_TLSEXT_MSG_CR)) {
+        if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_CR, cbs, &alert_desc)) {
                ctx->alert = alert_desc;
                goto err;
        }
@@ -580,8 +580,8 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
                if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))
                        goto err;
-                if (!tlsext_client_parse(ctx->ssl, &cert_list, &alert_desc,
+                if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_CT,
-                    SSL_TLSEXT_MSG_CT)) {
+                    &cert_list, &alert_desc)) {
                        ctx->alert = alert_desc;
                        goto err;
                }
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index a18184f505..f35f09bbb1 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.84 2020/06/06 01:40:09 beck Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.85 2020/07/03 04:12:51 tb Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -383,7 +383,7 @@ int tls13_server_finished_sent(struct tls13_ctx *ctx);
 void tls13_error_clear(struct tls13_error *error);
 int tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert,
-    int(*build_extensions)(SSL *s, CBB *cbb, uint16_t msg_type));
+    int(*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb));
 int tls13_synthetic_handshake_message(struct tls13_ctx *ctx);
 int tls13_clienthello_hash_init(struct tls13_ctx *ctx);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index b5939aecab..8fef39a12f 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.51 2020/06/06 01:40:09 beck Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.52 2020/07/03 04:12:51 tb Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -415,7 +415,7 @@ tls13_ctx_free(struct tls13_ctx *ctx)
 int
 tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert,
-    int(*build_extensions)(SSL *s, CBB *cbb, uint16_t msg_type))
+    int(*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb))
 {
        CBB cert_data;
        uint8_t *data;
@@ -431,7 +431,7 @@ tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert,
        if (i2d_X509(cert, &data) != cert_len)
                return 0;
        if (build_extensions != NULL) {
-                if (!build_extensions(ctx->ssl, cbb, SSL_TLSEXT_MSG_CT))
+                if (!build_extensions(ctx->ssl, SSL_TLSEXT_MSG_CT, cbb))
                        return 0;
        } else {
                CBB cert_exts;
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 12601fa33d..a5c03b610c 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.60 2020/06/25 07:35:05 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.61 2020/07/03 04:12:51 tb Exp $ */
 /*
 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -191,7 +191,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        }
-        if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) {
+        if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, cbs, &alert_desc)) {
                ctx->alert = alert_desc;
                goto err;
        }
@@ -330,7 +330,7 @@ tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr)
                goto err;
        if (!CBB_add_u8(cbb, 0))
                goto err;
-        if (!tlsext_server_build(s, cbb, tlsext_msg_type))
+        if (!tlsext_server_build(s, tlsext_msg_type, cbb))
                goto err;
        if (!CBB_flush(cbb))
@@ -511,7 +511,7 @@ tls13_server_hello_sent(struct tls13_ctx *ctx)
 int
 tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb)
 {
-        if (!tlsext_server_build(ctx->ssl, cbb, SSL_TLSEXT_MSG_EE))
+        if (!tlsext_server_build(ctx->ssl, SSL_TLSEXT_MSG_EE, cbb))
                goto err;
        return 1;
@@ -526,7 +526,7 @@ tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb)
        if (!CBB_add_u8_length_prefixed(cbb, &certificate_request_context))
                goto err;
-        if (!tlsext_server_build(ctx->ssl, cbb, SSL_TLSEXT_MSG_CR))
+        if (!tlsext_server_build(ctx->ssl, SSL_TLSEXT_MSG_CR, cbb))
                goto err;
        if (!CBB_flush(cbb))
author	tb <>	2020-07-03 04:12:51 +0000
committer	tb <>	2020-07-03 04:12:51 +0000
commit	19ec1b6acc3e3c1c1156d9578424119a3a98dd63 (patch)
tree	ccbfc5a18a8593e33c9c504671e7d32e7f8e6c1a /src/lib
parent	ba5d20ce0e8a0f27f37d05f5e9e4457b8712655d (diff)
download	openbsd-19ec1b6acc3e3c1c1156d9578424119a3a98dd63.tar.gz openbsd-19ec1b6acc3e3c1c1156d9578424119a3a98dd63.tar.bz2 openbsd-19ec1b6acc3e3c1c1156d9578424119a3a98dd63.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 0a1b6ea241..b6dcb8888d 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.69 2020/06/05 17:53:26 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.70 2020/07/03 04:12:50 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -775,7 +775,7 @@ ssl3_send_client_hello(SSL *s)
775	goto err;	775	goto err;
776		776
777	/* TLS extensions */	777	/* TLS extensions */
778	if (!tlsext_client_build(s, &client_hello, SSL_TLSEXT_MSG_CH)) {	778	if (!tlsext_client_build(s, SSL_TLSEXT_MSG_CH, &client_hello)) {
779	SSLerror(s, ERR_R_INTERNAL_ERROR);	779	SSLerror(s, ERR_R_INTERNAL_ERROR);
780	goto err;	780	goto err;
781	}	781	}
@@ -1024,7 +1024,7 @@ ssl3_get_server_hello(SSL *s)
1024	goto f_err;	1024	goto f_err;
1025	}	1025	}
1026		1026
1027	if (!tlsext_client_parse(s, &cbs, &al, SSL_TLSEXT_MSG_SH)) {	1027	if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) {
1028	SSLerror(s, SSL_R_PARSE_TLSEXT);	1028	SSLerror(s, SSL_R_PARSE_TLSEXT);
1029	goto f_err;	1029	goto f_err;
1030	}	1030	}


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 706ad1453b..67671f276c 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.79 2020/06/05 17:53:26 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.80 2020/07/03 04:12:50 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s)
1025	goto f_err;	1025	goto f_err;
1026	}	1026	}
1027		1027
1028	if (!tlsext_server_parse(s, &cbs, &al, SSL_TLSEXT_MSG_CH)) {	1028	if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)) {
1029	SSLerror(s, SSL_R_PARSE_TLSEXT);	1029	SSLerror(s, SSL_R_PARSE_TLSEXT);
1030	goto f_err;	1030	goto f_err;
1031	}	1031	}
@@ -1233,7 +1233,7 @@ ssl3_send_server_hello(SSL *s)
1233	goto err;	1233	goto err;
1234		1234
1235	/* TLS extensions */	1235	/* TLS extensions */
1236	if (!tlsext_server_build(s, &server_hello, SSL_TLSEXT_MSG_SH)) {	1236	if (!tlsext_server_build(s, SSL_TLSEXT_MSG_SH, &server_hello)) {
1237	SSLerror(s, ERR_R_INTERNAL_ERROR);	1237	SSLerror(s, ERR_R_INTERNAL_ERROR);
1238	goto err;	1238	goto err;
1239	}	1239	}


diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index f6943c83ae..2b91a087af 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.75 2020/06/06 01:40:09 beck Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.76 2020/07/03 04:12:51 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2009,7 +2009,7 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server)
2009	}	2009	}
2010		2010
2011	static int	2011	static int
2012	tlsext_build(SSL s, CBB cbb, int is_server, uint16_t msg_type)	2012	tlsext_build(SSL s, int is_server, uint16_t msg_type, CBB cbb)
2013	{	2013	{
2014	struct tls_extension_funcs *ext;	2014	struct tls_extension_funcs *ext;
2015	struct tls_extension *tlsext;	2015	struct tls_extension *tlsext;
@@ -2087,7 +2087,7 @@ tlsext_clienthello_hash_extension(SSL s, uint16_t type, CBS cbs)
2087	}	2087	}
2088		2088
2089	static int	2089	static int
2090	tlsext_parse(SSL s, CBS cbs, int *alert, int is_server, uint16_t msg_type)	2090	tlsext_parse(SSL s, int is_server, uint16_t msg_type, CBS cbs, int *alert)
2091	{	2091	{
2092	struct tls_extension_funcs *ext;	2092	struct tls_extension_funcs *ext;
2093	struct tls_extension *tlsext;	2093	struct tls_extension *tlsext;
@@ -2175,19 +2175,19 @@ tlsext_server_reset_state(SSL *s)
2175	}	2175	}
2176		2176
2177	int	2177	int
2178	tlsext_server_build(SSL s, CBB cbb, uint16_t msg_type)	2178	tlsext_server_build(SSL s, uint16_t msg_type, CBB cbb)
2179	{	2179	{
2180	return tlsext_build(s, cbb, 1, msg_type);	2180	return tlsext_build(s, 1, msg_type, cbb);
2181	}	2181	}
2182		2182
2183	int	2183	int
2184	tlsext_server_parse(SSL s, CBS cbs, int *alert, uint16_t msg_type)	2184	tlsext_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert)
2185	{	2185	{
2186	/* XXX - this should be done by the caller... */	2186	/* XXX - this should be done by the caller... */
2187	if (msg_type == SSL_TLSEXT_MSG_CH)	2187	if (msg_type == SSL_TLSEXT_MSG_CH)
2188	tlsext_server_reset_state(s);	2188	tlsext_server_reset_state(s);
2189		2189
2190	return tlsext_parse(s, cbs, alert, 1, msg_type);	2190	return tlsext_parse(s, 1, msg_type, cbs, alert);
2191	}	2191	}
2192		2192
2193	static void	2193	static void
@@ -2199,17 +2199,17 @@ tlsext_client_reset_state(SSL *s)
2199	}	2199	}
2200		2200
2201	int	2201	int
2202	tlsext_client_build(SSL s, CBB cbb, uint16_t msg_type)	2202	tlsext_client_build(SSL s, uint16_t msg_type, CBB cbb)
2203	{	2203	{
2204	return tlsext_build(s, cbb, 0, msg_type);	2204	return tlsext_build(s, 0, msg_type, cbb);
2205	}	2205	}
2206		2206
2207	int	2207	int
2208	tlsext_client_parse(SSL s, CBS cbs, int *alert, uint16_t msg_type)	2208	tlsext_client_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert)
2209	{	2209	{
2210	/* XXX - this should be done by the caller... */	2210	/* XXX - this should be done by the caller... */
2211	if (msg_type == SSL_TLSEXT_MSG_SH)	2211	if (msg_type == SSL_TLSEXT_MSG_SH)
2212	tlsext_client_reset_state(s);	2212	tlsext_client_reset_state(s);
2213		2213
2214	return tlsext_parse(s, cbs, alert, 0, msg_type);	2214	return tlsext_parse(s, 0, msg_type, cbs, alert);
2215	}	2215	}


diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index 15e0257e63..e2aafa7815 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.h,v 1.23 2020/05/23 17:13:24 beck Exp $ */	1	/* $OpenBSD: ssl_tlsext.h,v 1.24 2020/07/03 04:12:51 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -118,11 +118,11 @@ int tlsext_srtp_server_build(SSL s, CBB cbb);
118	int tlsext_srtp_server_parse(SSL s, CBS cbs, int *alert);	118	int tlsext_srtp_server_parse(SSL s, CBS cbs, int *alert);
119	#endif	119	#endif
120		120
121	int tlsext_client_build(SSL s, CBB cbb, uint16_t msg_type);	121	int tlsext_client_build(SSL s, uint16_t msg_type, CBB cbb);
122	int tlsext_client_parse(SSL s, CBS cbs, int *alert, uint16_t msg_type);	122	int tlsext_client_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);
123		123
124	int tlsext_server_build(SSL s, CBB cbb, uint16_t msg_type);	124	int tlsext_server_build(SSL s, uint16_t msg_type, CBB cbb);
125	int tlsext_server_parse(SSL s, CBS cbs, int *alert, uint16_t msg_type);	125	int tlsext_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);
126		126
127	struct tls_extension tls_extension_find(uint16_t, size_t );	127	struct tls_extension tls_extension_find(uint16_t, size_t );
128	int tlsext_extension_seen(SSL *s, uint16_t);	128	int tlsext_extension_seen(SSL *s, uint16_t);


diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index e2f61f6c08..bd72db8be0 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.65 2020/06/04 18:41:42 tb Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.66 2020/07/03 04:12:51 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -118,7 +118,7 @@ tls13_client_hello_build(struct tls13_ctx ctx, CBB cbb)
118	if (!CBB_add_u8(&compression_methods, 0))	118	if (!CBB_add_u8(&compression_methods, 0))
119	goto err;	119	goto err;
120		120
121	if (!tlsext_client_build(s, cbb, SSL_TLSEXT_MSG_CH))	121	if (!tlsext_client_build(s, SSL_TLSEXT_MSG_CH, cbb))
122	goto err;	122	goto err;
123		123
124	if (!CBB_flush(cbb))	124	if (!CBB_flush(cbb))
@@ -265,7 +265,7 @@ tls13_server_hello_process(struct tls13_ctx ctx, CBS cbs)
265	ctx->hs->hrr = 1;	265	ctx->hs->hrr = 1;
266	}	266	}
267		267
268	if (!tlsext_client_parse(s, cbs, &alert_desc, tlsext_msg_type)) {	268	if (!tlsext_client_parse(s, tlsext_msg_type, cbs, &alert_desc)) {
269	ctx->alert = alert_desc;	269	ctx->alert = alert_desc;
270	goto err;	270	goto err;
271	}	271	}
@@ -504,7 +504,7 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx ctx, CBS cbs)
504	{	504	{
505	int alert_desc;	505	int alert_desc;
506		506
507	if (!tlsext_client_parse(ctx->ssl, cbs, &alert_desc, SSL_TLSEXT_MSG_EE)) {	507	if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_EE, cbs, &alert_desc)) {
508	ctx->alert = alert_desc;	508	ctx->alert = alert_desc;
509	goto err;	509	goto err;
510	}	510	}
@@ -540,7 +540,7 @@ tls13_server_certificate_request_recv(struct tls13_ctx ctx, CBS cbs)
540	if (CBS_len(&cert_request_context) != 0)	540	if (CBS_len(&cert_request_context) != 0)
541	goto err;	541	goto err;
542		542
543	if (!tlsext_client_parse(ctx->ssl, cbs, &alert_desc, SSL_TLSEXT_MSG_CR)) {	543	if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_CR, cbs, &alert_desc)) {
544	ctx->alert = alert_desc;	544	ctx->alert = alert_desc;
545	goto err;	545	goto err;
546	}	546	}
@@ -580,8 +580,8 @@ tls13_server_certificate_recv(struct tls13_ctx ctx, CBS cbs)
580	if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))	580	if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))
581	goto err;	581	goto err;
582		582
583	if (!tlsext_client_parse(ctx->ssl, &cert_list, &alert_desc,	583	if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_CT,
584	SSL_TLSEXT_MSG_CT)) {	584	&cert_list, &alert_desc)) {
585	ctx->alert = alert_desc;	585	ctx->alert = alert_desc;
586	goto err;	586	goto err;
587	}	587	}


diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index a18184f505..f35f09bbb1 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_internal.h,v 1.84 2020/06/06 01:40:09 beck Exp $ */	1	/* $OpenBSD: tls13_internal.h,v 1.85 2020/07/03 04:12:51 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -383,7 +383,7 @@ int tls13_server_finished_sent(struct tls13_ctx *ctx);
383		383
384	void tls13_error_clear(struct tls13_error *error);	384	void tls13_error_clear(struct tls13_error *error);
385	int tls13_cert_add(struct tls13_ctx ctx, CBB cbb, X509 *cert,	385	int tls13_cert_add(struct tls13_ctx ctx, CBB cbb, X509 *cert,
386	int(build_extensions)(SSL s, CBB *cbb, uint16_t msg_type));	386	int(build_extensions)(SSL s, uint16_t msg_type, CBB *cbb));
387		387
388	int tls13_synthetic_handshake_message(struct tls13_ctx *ctx);	388	int tls13_synthetic_handshake_message(struct tls13_ctx *ctx);
389	int tls13_clienthello_hash_init(struct tls13_ctx *ctx);	389	int tls13_clienthello_hash_init(struct tls13_ctx *ctx);


diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index b5939aecab..8fef39a12f 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_lib.c,v 1.51 2020/06/06 01:40:09 beck Exp $ */	1	/* $OpenBSD: tls13_lib.c,v 1.52 2020/07/03 04:12:51 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -415,7 +415,7 @@ tls13_ctx_free(struct tls13_ctx *ctx)
415		415
416	int	416	int
417	tls13_cert_add(struct tls13_ctx ctx, CBB cbb, X509 *cert,	417	tls13_cert_add(struct tls13_ctx ctx, CBB cbb, X509 *cert,
418	int(build_extensions)(SSL s, CBB *cbb, uint16_t msg_type))	418	int(build_extensions)(SSL s, uint16_t msg_type, CBB *cbb))
419	{	419	{
420	CBB cert_data;	420	CBB cert_data;
421	uint8_t *data;	421	uint8_t *data;
@@ -431,7 +431,7 @@ tls13_cert_add(struct tls13_ctx ctx, CBB cbb, X509 *cert,
431	if (i2d_X509(cert, &data) != cert_len)	431	if (i2d_X509(cert, &data) != cert_len)
432	return 0;	432	return 0;
433	if (build_extensions != NULL) {	433	if (build_extensions != NULL) {
434	if (!build_extensions(ctx->ssl, cbb, SSL_TLSEXT_MSG_CT))	434	if (!build_extensions(ctx->ssl, SSL_TLSEXT_MSG_CT, cbb))
435	return 0;	435	return 0;
436	} else {	436	} else {
437	CBB cert_exts;	437	CBB cert_exts;


diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 12601fa33d..a5c03b610c 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.60 2020/06/25 07:35:05 tb Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.61 2020/07/03 04:12:51 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -191,7 +191,7 @@ tls13_client_hello_process(struct tls13_ctx ctx, CBS cbs)
191	goto err;	191	goto err;
192	}	192	}
193		193
194	if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) {	194	if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, cbs, &alert_desc)) {
195	ctx->alert = alert_desc;	195	ctx->alert = alert_desc;
196	goto err;	196	goto err;
197	}	197	}
@@ -330,7 +330,7 @@ tls13_server_hello_build(struct tls13_ctx ctx, CBB cbb, int hrr)
330	goto err;	330	goto err;
331	if (!CBB_add_u8(cbb, 0))	331	if (!CBB_add_u8(cbb, 0))
332	goto err;	332	goto err;
333	if (!tlsext_server_build(s, cbb, tlsext_msg_type))	333	if (!tlsext_server_build(s, tlsext_msg_type, cbb))
334	goto err;	334	goto err;
335		335
336	if (!CBB_flush(cbb))	336	if (!CBB_flush(cbb))
@@ -511,7 +511,7 @@ tls13_server_hello_sent(struct tls13_ctx *ctx)
511	int	511	int
512	tls13_server_encrypted_extensions_send(struct tls13_ctx ctx, CBB cbb)	512	tls13_server_encrypted_extensions_send(struct tls13_ctx ctx, CBB cbb)
513	{	513	{
514	if (!tlsext_server_build(ctx->ssl, cbb, SSL_TLSEXT_MSG_EE))	514	if (!tlsext_server_build(ctx->ssl, SSL_TLSEXT_MSG_EE, cbb))
515	goto err;	515	goto err;
516		516
517	return 1;	517	return 1;
@@ -526,7 +526,7 @@ tls13_server_certificate_request_send(struct tls13_ctx ctx, CBB cbb)
526		526
527	if (!CBB_add_u8_length_prefixed(cbb, &certificate_request_context))	527	if (!CBB_add_u8_length_prefixed(cbb, &certificate_request_context))
528	goto err;	528	goto err;
529	if (!tlsext_server_build(ctx->ssl, cbb, SSL_TLSEXT_MSG_CR))	529	if (!tlsext_server_build(ctx->ssl, SSL_TLSEXT_MSG_CR, cbb))
530	goto err;	530	goto err;
531		531
532	if (!CBB_flush(cbb))	532	if (!CBB_flush(cbb))