diff options
| author | jsing <> | 2021-04-19 16:51:56 +0000 |
|---|---|---|
| committer | jsing <> | 2021-04-19 16:51:56 +0000 |
| commit | c80ec6c0289d29bb4c9a0250b49a487f3eead897 (patch) | |
| tree | 54d09c9ab81cd7a258895b2d77b510ba6d5fe4ff /src | |
| parent | a781147be0607c2030c602b8de9b181330876373 (diff) | |
| download | openbsd-c80ec6c0289d29bb4c9a0250b49a487f3eead897.tar.gz openbsd-c80ec6c0289d29bb4c9a0250b49a487f3eead897.tar.bz2 openbsd-c80ec6c0289d29bb4c9a0250b49a487f3eead897.zip | |
Move reuse_message, message_type, message_size and cert_verify into the
TLSv1.2 handshake struct.
ok inoguchi@ tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/d1_both.c | 14 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_both.c | 16 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 42 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 19 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 22 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_legacy.c | 8 |
6 files changed, 62 insertions, 59 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index f4c1cb95b0..ba05c2a354 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_both.c,v 1.68 2021/02/27 14:20:50 jsing Exp $ */ | 1 | /* $OpenBSD: d1_both.c,v 1.69 2021/04/19 16:51:56 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -380,16 +380,16 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 380 | * s3->internal->tmp is used to store messages that are unexpected, caused | 380 | * s3->internal->tmp is used to store messages that are unexpected, caused |
| 381 | * by the absence of an optional handshake message | 381 | * by the absence of an optional handshake message |
| 382 | */ | 382 | */ |
| 383 | if (S3I(s)->tmp.reuse_message) { | 383 | if (S3I(s)->hs.tls12.reuse_message) { |
| 384 | S3I(s)->tmp.reuse_message = 0; | 384 | S3I(s)->hs.tls12.reuse_message = 0; |
| 385 | if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { | 385 | if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) { |
| 386 | al = SSL_AD_UNEXPECTED_MESSAGE; | 386 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 387 | SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); | 387 | SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); |
| 388 | goto fatal_err; | 388 | goto fatal_err; |
| 389 | } | 389 | } |
| 390 | *ok = 1; | 390 | *ok = 1; |
| 391 | s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; | 391 | s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; |
| 392 | s->internal->init_num = (int)S3I(s)->tmp.message_size; | 392 | s->internal->init_num = (int)S3I(s)->hs.tls12.message_size; |
| 393 | return s->internal->init_num; | 393 | return s->internal->init_num; |
| 394 | } | 394 | } |
| 395 | 395 | ||
| @@ -466,9 +466,9 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) | |||
| 466 | return SSL_AD_INTERNAL_ERROR; | 466 | return SSL_AD_INTERNAL_ERROR; |
| 467 | } | 467 | } |
| 468 | 468 | ||
| 469 | S3I(s)->tmp.message_size = msg_len; | 469 | S3I(s)->hs.tls12.message_size = msg_len; |
| 470 | D1I(s)->r_msg_hdr.msg_len = msg_len; | 470 | D1I(s)->r_msg_hdr.msg_len = msg_len; |
| 471 | S3I(s)->tmp.message_type = msg_hdr->type; | 471 | S3I(s)->hs.tls12.message_type = msg_hdr->type; |
| 472 | D1I(s)->r_msg_hdr.type = msg_hdr->type; | 472 | D1I(s)->r_msg_hdr.type = msg_hdr->type; |
| 473 | D1I(s)->r_msg_hdr.seq = msg_hdr->seq; | 473 | D1I(s)->r_msg_hdr.seq = msg_hdr->seq; |
| 474 | } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { | 474 | } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { |
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c index 4851231a8f..ad9b0ee257 100644 --- a/src/lib/libssl/ssl_both.c +++ b/src/lib/libssl/ssl_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_both.c,v 1.27 2021/03/29 16:46:09 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_both.c,v 1.28 2021/04/19 16:51:56 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -445,16 +445,16 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 445 | if (SSL_is_dtls(s)) | 445 | if (SSL_is_dtls(s)) |
| 446 | return (dtls1_get_message(s, st1, stn, mt, max, ok)); | 446 | return (dtls1_get_message(s, st1, stn, mt, max, ok)); |
| 447 | 447 | ||
| 448 | if (S3I(s)->tmp.reuse_message) { | 448 | if (S3I(s)->hs.tls12.reuse_message) { |
| 449 | S3I(s)->tmp.reuse_message = 0; | 449 | S3I(s)->hs.tls12.reuse_message = 0; |
| 450 | if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { | 450 | if ((mt >= 0) && (S3I(s)->hs.tls12.message_type != mt)) { |
| 451 | al = SSL_AD_UNEXPECTED_MESSAGE; | 451 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 452 | SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); | 452 | SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); |
| 453 | goto fatal_err; | 453 | goto fatal_err; |
| 454 | } | 454 | } |
| 455 | *ok = 1; | 455 | *ok = 1; |
| 456 | s->internal->init_msg = s->internal->init_buf->data + 4; | 456 | s->internal->init_msg = s->internal->init_buf->data + 4; |
| 457 | s->internal->init_num = (int)S3I(s)->tmp.message_size; | 457 | s->internal->init_num = (int)S3I(s)->hs.tls12.message_size; |
| 458 | return s->internal->init_num; | 458 | return s->internal->init_num; |
| 459 | } | 459 | } |
| 460 | 460 | ||
| @@ -511,7 +511,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 511 | SSLerror(s, ERR_R_BUF_LIB); | 511 | SSLerror(s, ERR_R_BUF_LIB); |
| 512 | goto err; | 512 | goto err; |
| 513 | } | 513 | } |
| 514 | S3I(s)->tmp.message_type = u8; | 514 | S3I(s)->hs.tls12.message_type = u8; |
| 515 | 515 | ||
| 516 | if (l > (unsigned long)max) { | 516 | if (l > (unsigned long)max) { |
| 517 | al = SSL_AD_ILLEGAL_PARAMETER; | 517 | al = SSL_AD_ILLEGAL_PARAMETER; |
| @@ -522,7 +522,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 522 | SSLerror(s, ERR_R_BUF_LIB); | 522 | SSLerror(s, ERR_R_BUF_LIB); |
| 523 | goto err; | 523 | goto err; |
| 524 | } | 524 | } |
| 525 | S3I(s)->tmp.message_size = l; | 525 | S3I(s)->hs.tls12.message_size = l; |
| 526 | S3I(s)->hs.state = stn; | 526 | S3I(s)->hs.state = stn; |
| 527 | 527 | ||
| 528 | s->internal->init_msg = s->internal->init_buf->data + 4; | 528 | s->internal->init_msg = s->internal->init_buf->data + 4; |
| @@ -531,7 +531,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 531 | 531 | ||
| 532 | /* next state (stn) */ | 532 | /* next state (stn) */ |
| 533 | p = s->internal->init_msg; | 533 | p = s->internal->init_msg; |
| 534 | n = S3I(s)->tmp.message_size - s->internal->init_num; | 534 | n = S3I(s)->hs.tls12.message_size - s->internal->init_num; |
| 535 | while (n > 0) { | 535 | while (n > 0) { |
| 536 | i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, | 536 | i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, |
| 537 | &p[s->internal->init_num], n, 0); | 537 | &p[s->internal->init_num], n, 0); |
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 92113c2953..6b43b565b9 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.90 2021/04/11 07:06:01 tb Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.91 2021/04/19 16:51:56 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -623,7 +623,7 @@ ssl3_connect(SSL *s) | |||
| 623 | } | 623 | } |
| 624 | 624 | ||
| 625 | /* did we do anything */ | 625 | /* did we do anything */ |
| 626 | if (!S3I(s)->tmp.reuse_message && !skip) { | 626 | if (!S3I(s)->hs.tls12.reuse_message && !skip) { |
| 627 | if (s->internal->debug) { | 627 | if (s->internal->debug) { |
| 628 | if ((ret = BIO_flush(s->wbio)) <= 0) | 628 | if ((ret = BIO_flush(s->wbio)) <= 0) |
| 629 | goto end; | 629 | goto end; |
| @@ -804,9 +804,9 @@ ssl3_get_dtls_hello_verify(SSL *s) | |||
| 804 | if (!ok) | 804 | if (!ok) |
| 805 | return ((int)n); | 805 | return ((int)n); |
| 806 | 806 | ||
| 807 | if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { | 807 | if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { |
| 808 | D1I(s)->send_cookie = 0; | 808 | D1I(s)->send_cookie = 0; |
| 809 | S3I(s)->tmp.reuse_message = 1; | 809 | S3I(s)->hs.tls12.reuse_message = 1; |
| 810 | return (1); | 810 | return (1); |
| 811 | } | 811 | } |
| 812 | 812 | ||
| @@ -878,9 +878,9 @@ ssl3_get_server_hello(SSL *s) | |||
| 878 | CBS_init(&cbs, s->internal->init_msg, n); | 878 | CBS_init(&cbs, s->internal->init_msg, n); |
| 879 | 879 | ||
| 880 | if (SSL_is_dtls(s)) { | 880 | if (SSL_is_dtls(s)) { |
| 881 | if (S3I(s)->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { | 881 | if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { |
| 882 | if (D1I(s)->send_cookie == 0) { | 882 | if (D1I(s)->send_cookie == 0) { |
| 883 | S3I(s)->tmp.reuse_message = 1; | 883 | S3I(s)->hs.tls12.reuse_message = 1; |
| 884 | return (1); | 884 | return (1); |
| 885 | } else { | 885 | } else { |
| 886 | /* Already sent a cookie. */ | 886 | /* Already sent a cookie. */ |
| @@ -891,7 +891,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 891 | } | 891 | } |
| 892 | } | 892 | } |
| 893 | 893 | ||
| 894 | if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) { | 894 | if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) { |
| 895 | al = SSL_AD_UNEXPECTED_MESSAGE; | 895 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 896 | SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); | 896 | SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); |
| 897 | goto fatal_err; | 897 | goto fatal_err; |
| @@ -1128,12 +1128,12 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1128 | if (!ok) | 1128 | if (!ok) |
| 1129 | return ((int)n); | 1129 | return ((int)n); |
| 1130 | 1130 | ||
| 1131 | if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { | 1131 | if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { |
| 1132 | S3I(s)->tmp.reuse_message = 1; | 1132 | S3I(s)->hs.tls12.reuse_message = 1; |
| 1133 | return (1); | 1133 | return (1); |
| 1134 | } | 1134 | } |
| 1135 | 1135 | ||
| 1136 | if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { | 1136 | if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { |
| 1137 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1137 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1138 | SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); | 1138 | SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); |
| 1139 | goto fatal_err; | 1139 | goto fatal_err; |
| @@ -1498,7 +1498,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1498 | 1498 | ||
| 1499 | CBS_init(&cbs, s->internal->init_msg, n); | 1499 | CBS_init(&cbs, s->internal->init_msg, n); |
| 1500 | 1500 | ||
| 1501 | if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { | 1501 | if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { |
| 1502 | /* | 1502 | /* |
| 1503 | * Do not skip server key exchange if this cipher suite uses | 1503 | * Do not skip server key exchange if this cipher suite uses |
| 1504 | * ephemeral keys. | 1504 | * ephemeral keys. |
| @@ -1509,7 +1509,7 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1509 | goto fatal_err; | 1509 | goto fatal_err; |
| 1510 | } | 1510 | } |
| 1511 | 1511 | ||
| 1512 | S3I(s)->tmp.reuse_message = 1; | 1512 | S3I(s)->hs.tls12.reuse_message = 1; |
| 1513 | EVP_MD_CTX_cleanup(&md_ctx); | 1513 | EVP_MD_CTX_cleanup(&md_ctx); |
| 1514 | return (1); | 1514 | return (1); |
| 1515 | } | 1515 | } |
| @@ -1663,8 +1663,8 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1663 | 1663 | ||
| 1664 | S3I(s)->tmp.cert_req = 0; | 1664 | S3I(s)->tmp.cert_req = 0; |
| 1665 | 1665 | ||
| 1666 | if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_DONE) { | 1666 | if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) { |
| 1667 | S3I(s)->tmp.reuse_message = 1; | 1667 | S3I(s)->hs.tls12.reuse_message = 1; |
| 1668 | /* | 1668 | /* |
| 1669 | * If we get here we don't need any cached handshake records | 1669 | * If we get here we don't need any cached handshake records |
| 1670 | * as we wont be doing client auth. | 1670 | * as we wont be doing client auth. |
| @@ -1673,7 +1673,7 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1673 | return (1); | 1673 | return (1); |
| 1674 | } | 1674 | } |
| 1675 | 1675 | ||
| 1676 | if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { | 1676 | if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) { |
| 1677 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); | 1677 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); |
| 1678 | SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); | 1678 | SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); |
| 1679 | goto err; | 1679 | goto err; |
| @@ -1814,11 +1814,11 @@ ssl3_get_new_session_ticket(SSL *s) | |||
| 1814 | if (!ok) | 1814 | if (!ok) |
| 1815 | return ((int)n); | 1815 | return ((int)n); |
| 1816 | 1816 | ||
| 1817 | if (S3I(s)->tmp.message_type == SSL3_MT_FINISHED) { | 1817 | if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) { |
| 1818 | S3I(s)->tmp.reuse_message = 1; | 1818 | S3I(s)->hs.tls12.reuse_message = 1; |
| 1819 | return (1); | 1819 | return (1); |
| 1820 | } | 1820 | } |
| 1821 | if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { | 1821 | if (S3I(s)->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) { |
| 1822 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1822 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1823 | SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); | 1823 | SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); |
| 1824 | goto fatal_err; | 1824 | goto fatal_err; |
| @@ -2799,9 +2799,9 @@ ssl3_check_finished(SSL *s) | |||
| 2799 | if (!ok) | 2799 | if (!ok) |
| 2800 | return ((int)n); | 2800 | return ((int)n); |
| 2801 | 2801 | ||
| 2802 | S3I(s)->tmp.reuse_message = 1; | 2802 | S3I(s)->hs.tls12.reuse_message = 1; |
| 2803 | if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) || | 2803 | if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) || |
| 2804 | (S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) | 2804 | (S3I(s)->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET)) |
| 2805 | return (2); | 2805 | return (2); |
| 2806 | 2806 | ||
| 2807 | return (1); | 2807 | return (1); |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 3339c57390..3b86f5874b 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.333 2021/03/29 16:46:09 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.334 2021/04/19 16:51:56 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -420,9 +420,19 @@ typedef struct ssl_handshake_tls12_st { | |||
| 420 | /* Used when SSL_ST_FLUSH_DATA is entered. */ | 420 | /* Used when SSL_ST_FLUSH_DATA is entered. */ |
| 421 | int next_state; | 421 | int next_state; |
| 422 | 422 | ||
| 423 | /* Handshake message type and size. */ | ||
| 424 | int message_type; | ||
| 425 | unsigned long message_size; | ||
| 426 | |||
| 427 | /* Reuse current handshake message. */ | ||
| 428 | int reuse_message; | ||
| 429 | |||
| 423 | /* Record-layer key block for TLS 1.2 and earlier. */ | 430 | /* Record-layer key block for TLS 1.2 and earlier. */ |
| 424 | unsigned char *key_block; | 431 | unsigned char *key_block; |
| 425 | size_t key_block_len; | 432 | size_t key_block_len; |
| 433 | |||
| 434 | /* Transcript hash prior to sending certificate verify message. */ | ||
| 435 | uint8_t cert_verify[EVP_MAX_MD_SIZE]; | ||
| 426 | } SSL_HANDSHAKE_TLS12; | 436 | } SSL_HANDSHAKE_TLS12; |
| 427 | 437 | ||
| 428 | typedef struct ssl_handshake_tls13_st { | 438 | typedef struct ssl_handshake_tls13_st { |
| @@ -925,11 +935,6 @@ typedef struct ssl3_state_internal_st { | |||
| 925 | SSL_HANDSHAKE hs; | 935 | SSL_HANDSHAKE hs; |
| 926 | 936 | ||
| 927 | struct { | 937 | struct { |
| 928 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE]; | ||
| 929 | |||
| 930 | unsigned long message_size; | ||
| 931 | int message_type; | ||
| 932 | |||
| 933 | DH *dh; | 938 | DH *dh; |
| 934 | 939 | ||
| 935 | EC_KEY *ecdh; /* holds short lived ECDH key */ | 940 | EC_KEY *ecdh; /* holds short lived ECDH key */ |
| @@ -937,8 +942,6 @@ typedef struct ssl3_state_internal_st { | |||
| 937 | 942 | ||
| 938 | uint8_t *x25519; | 943 | uint8_t *x25519; |
| 939 | 944 | ||
| 940 | int reuse_message; | ||
| 941 | |||
| 942 | /* used for certificate requests */ | 945 | /* used for certificate requests */ |
| 943 | int cert_req; | 946 | int cert_req; |
| 944 | int ctype_num; | 947 | int ctype_num; |
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 0f3572a678..8241a59ac0 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.101 2021/03/29 16:56:20 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.102 2021/04/19 16:51:56 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -576,8 +576,8 @@ ssl3_accept(SSL *s) | |||
| 576 | * a client cert, it can be verified. | 576 | * a client cert, it can be verified. |
| 577 | */ | 577 | */ |
| 578 | if (!tls1_transcript_hash_value(s, | 578 | if (!tls1_transcript_hash_value(s, |
| 579 | S3I(s)->tmp.cert_verify_md, | 579 | S3I(s)->hs.tls12.cert_verify, |
| 580 | sizeof(S3I(s)->tmp.cert_verify_md), | 580 | sizeof(S3I(s)->hs.tls12.cert_verify), |
| 581 | NULL)) { | 581 | NULL)) { |
| 582 | ret = -1; | 582 | ret = -1; |
| 583 | goto end; | 583 | goto end; |
| @@ -733,7 +733,7 @@ ssl3_accept(SSL *s) | |||
| 733 | /* break; */ | 733 | /* break; */ |
| 734 | } | 734 | } |
| 735 | 735 | ||
| 736 | if (!S3I(s)->tmp.reuse_message && !skip) { | 736 | if (!S3I(s)->hs.tls12.reuse_message && !skip) { |
| 737 | if (s->internal->debug) { | 737 | if (s->internal->debug) { |
| 738 | if ((ret = BIO_flush(s->wbio)) <= 0) | 738 | if ((ret = BIO_flush(s->wbio)) <= 0) |
| 739 | goto end; | 739 | goto end; |
| @@ -2149,8 +2149,8 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2149 | type = X509_certificate_type(peer, pkey); | 2149 | type = X509_certificate_type(peer, pkey); |
| 2150 | } | 2150 | } |
| 2151 | 2151 | ||
| 2152 | if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { | 2152 | if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) { |
| 2153 | S3I(s)->tmp.reuse_message = 1; | 2153 | S3I(s)->hs.tls12.reuse_message = 1; |
| 2154 | if (peer != NULL) { | 2154 | if (peer != NULL) { |
| 2155 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2155 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 2156 | SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); | 2156 | SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); |
| @@ -2261,7 +2261,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2261 | goto fatal_err; | 2261 | goto fatal_err; |
| 2262 | } | 2262 | } |
| 2263 | } else if (pkey->type == EVP_PKEY_RSA) { | 2263 | } else if (pkey->type == EVP_PKEY_RSA) { |
| 2264 | verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md, | 2264 | verify = RSA_verify(NID_md5_sha1, S3I(s)->hs.tls12.cert_verify, |
| 2265 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature), | 2265 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature), |
| 2266 | CBS_len(&signature), pkey->pkey.rsa); | 2266 | CBS_len(&signature), pkey->pkey.rsa); |
| 2267 | if (verify < 0) { | 2267 | if (verify < 0) { |
| @@ -2276,7 +2276,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2276 | } | 2276 | } |
| 2277 | } else if (pkey->type == EVP_PKEY_EC) { | 2277 | } else if (pkey->type == EVP_PKEY_EC) { |
| 2278 | verify = ECDSA_verify(pkey->save_type, | 2278 | verify = ECDSA_verify(pkey->save_type, |
| 2279 | &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | 2279 | &(S3I(s)->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]), |
| 2280 | SHA_DIGEST_LENGTH, CBS_data(&signature), | 2280 | SHA_DIGEST_LENGTH, CBS_data(&signature), |
| 2281 | CBS_len(&signature), pkey->pkey.ec); | 2281 | CBS_len(&signature), pkey->pkey.ec); |
| 2282 | if (verify <= 0) { | 2282 | if (verify <= 0) { |
| @@ -2368,7 +2368,7 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2368 | if (!ok) | 2368 | if (!ok) |
| 2369 | return ((int)n); | 2369 | return ((int)n); |
| 2370 | 2370 | ||
| 2371 | if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { | 2371 | if (S3I(s)->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { |
| 2372 | if ((s->verify_mode & SSL_VERIFY_PEER) && | 2372 | if ((s->verify_mode & SSL_VERIFY_PEER) && |
| 2373 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { | 2373 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { |
| 2374 | SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); | 2374 | SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); |
| @@ -2385,11 +2385,11 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2385 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2385 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 2386 | goto fatal_err; | 2386 | goto fatal_err; |
| 2387 | } | 2387 | } |
| 2388 | S3I(s)->tmp.reuse_message = 1; | 2388 | S3I(s)->hs.tls12.reuse_message = 1; |
| 2389 | return (1); | 2389 | return (1); |
| 2390 | } | 2390 | } |
| 2391 | 2391 | ||
| 2392 | if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { | 2392 | if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { |
| 2393 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2393 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 2394 | SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); | 2394 | SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); |
| 2395 | goto fatal_err; | 2395 | goto fatal_err; |
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index 19271ef787..f71bac48cd 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_legacy.c,v 1.23 2021/03/21 18:36:34 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_legacy.c,v 1.24 2021/04/19 16:51:56 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -338,9 +338,9 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) | |||
| 338 | s->internal->init_buf->length, NULL)) | 338 | s->internal->init_buf->length, NULL)) |
| 339 | goto err; | 339 | goto err; |
| 340 | 340 | ||
| 341 | S3I(s)->tmp.reuse_message = 1; | 341 | S3I(s)->hs.tls12.reuse_message = 1; |
| 342 | S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg); | 342 | S3I(s)->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg); |
| 343 | S3I(s)->tmp.message_size = CBS_len(&cbs); | 343 | S3I(s)->hs.tls12.message_size = CBS_len(&cbs); |
| 344 | 344 | ||
| 345 | return 1; | 345 | return 1; |
| 346 | 346 | ||