summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c143
1 files changed, 67 insertions, 76 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index d5a53565f8..916ed4935c 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.225 2022/01/26 11:05:41 tb Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.226 2022/02/05 14:54:10 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1444,8 +1444,8 @@ ssl3_pending(const SSL *s)
1444 if (s->internal->rstate == SSL_ST_READ_BODY) 1444 if (s->internal->rstate == SSL_ST_READ_BODY)
1445 return 0; 1445 return 0;
1446 1446
1447 return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ? 1447 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
1448 S3I(s)->rrec.length : 0; 1448 s->s3->rrec.length : 0;
1449} 1449}
1450 1450
1451int 1451int
@@ -1544,10 +1544,6 @@ ssl3_new(SSL *s)
1544{ 1544{
1545 if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL) 1545 if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL)
1546 return (0); 1546 return (0);
1547 if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) {
1548 free(s->s3);
1549 return (0);
1550 }
1551 1547
1552 s->method->ssl_clear(s); 1548 s->method->ssl_clear(s);
1553 1549
@@ -1563,23 +1559,22 @@ ssl3_free(SSL *s)
1563 tls1_cleanup_key_block(s); 1559 tls1_cleanup_key_block(s);
1564 ssl3_release_read_buffer(s); 1560 ssl3_release_read_buffer(s);
1565 ssl3_release_write_buffer(s); 1561 ssl3_release_write_buffer(s);
1566 freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); 1562 freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
1567 1563
1568 tls_key_share_free(S3I(s)->hs.key_share); 1564 tls_key_share_free(s->s3->hs.key_share);
1569 1565
1570 tls13_secrets_destroy(S3I(s)->hs.tls13.secrets); 1566 tls13_secrets_destroy(s->s3->hs.tls13.secrets);
1571 freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len); 1567 freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
1572 tls13_clienthello_hash_clear(&S3I(s)->hs.tls13); 1568 tls13_clienthello_hash_clear(&s->s3->hs.tls13);
1573 1569
1574 sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free); 1570 sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
1575 sk_X509_pop_free(s->internal->verified_chain, X509_free); 1571 sk_X509_pop_free(s->internal->verified_chain, X509_free);
1576 1572
1577 tls1_transcript_free(s); 1573 tls1_transcript_free(s);
1578 tls1_transcript_hash_free(s); 1574 tls1_transcript_hash_free(s);
1579 1575
1580 free(S3I(s)->alpn_selected); 1576 free(s->s3->alpn_selected);
1581 1577
1582 freezero(S3I(s), sizeof(*S3I(s)));
1583 freezero(s->s3, sizeof(*s->s3)); 1578 freezero(s->s3, sizeof(*s->s3));
1584 1579
1585 s->s3 = NULL; 1580 s->s3 = NULL;
@@ -1588,65 +1583,61 @@ ssl3_free(SSL *s)
1588void 1583void
1589ssl3_clear(SSL *s) 1584ssl3_clear(SSL *s)
1590{ 1585{
1591 struct ssl3_state_internal_st *internal;
1592 unsigned char *rp, *wp; 1586 unsigned char *rp, *wp;
1593 size_t rlen, wlen; 1587 size_t rlen, wlen;
1594 1588
1595 tls1_cleanup_key_block(s); 1589 tls1_cleanup_key_block(s);
1596 sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free); 1590 sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
1597 sk_X509_pop_free(s->internal->verified_chain, X509_free); 1591 sk_X509_pop_free(s->internal->verified_chain, X509_free);
1598 s->internal->verified_chain = NULL; 1592 s->internal->verified_chain = NULL;
1599 1593
1600 freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); 1594 freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
1601 S3I(s)->hs.sigalgs = NULL; 1595 s->s3->hs.sigalgs = NULL;
1602 S3I(s)->hs.sigalgs_len = 0; 1596 s->s3->hs.sigalgs_len = 0;
1603 1597
1604 tls_key_share_free(S3I(s)->hs.key_share); 1598 tls_key_share_free(s->s3->hs.key_share);
1605 S3I(s)->hs.key_share = NULL; 1599 s->s3->hs.key_share = NULL;
1606 1600
1607 tls13_secrets_destroy(S3I(s)->hs.tls13.secrets); 1601 tls13_secrets_destroy(s->s3->hs.tls13.secrets);
1608 S3I(s)->hs.tls13.secrets = NULL; 1602 s->s3->hs.tls13.secrets = NULL;
1609 freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len); 1603 freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
1610 S3I(s)->hs.tls13.cookie = NULL; 1604 s->s3->hs.tls13.cookie = NULL;
1611 S3I(s)->hs.tls13.cookie_len = 0; 1605 s->s3->hs.tls13.cookie_len = 0;
1612 tls13_clienthello_hash_clear(&S3I(s)->hs.tls13); 1606 tls13_clienthello_hash_clear(&s->s3->hs.tls13);
1613 1607
1614 S3I(s)->hs.extensions_seen = 0; 1608 s->s3->hs.extensions_seen = 0;
1615 1609
1616 rp = S3I(s)->rbuf.buf; 1610 rp = s->s3->rbuf.buf;
1617 wp = S3I(s)->wbuf.buf; 1611 wp = s->s3->wbuf.buf;
1618 rlen = S3I(s)->rbuf.len; 1612 rlen = s->s3->rbuf.len;
1619 wlen = S3I(s)->wbuf.len; 1613 wlen = s->s3->wbuf.len;
1620 1614
1621 tls1_transcript_free(s); 1615 tls1_transcript_free(s);
1622 tls1_transcript_hash_free(s); 1616 tls1_transcript_hash_free(s);
1623 1617
1624 free(S3I(s)->alpn_selected); 1618 free(s->s3->alpn_selected);
1625 S3I(s)->alpn_selected = NULL; 1619 s->s3->alpn_selected = NULL;
1626 S3I(s)->alpn_selected_len = 0; 1620 s->s3->alpn_selected_len = 0;
1627 1621
1628 memset(S3I(s), 0, sizeof(*S3I(s)));
1629 internal = S3I(s);
1630 memset(s->s3, 0, sizeof(*s->s3)); 1622 memset(s->s3, 0, sizeof(*s->s3));
1631 S3I(s) = internal;
1632 1623
1633 S3I(s)->rbuf.buf = rp; 1624 s->s3->rbuf.buf = rp;
1634 S3I(s)->wbuf.buf = wp; 1625 s->s3->wbuf.buf = wp;
1635 S3I(s)->rbuf.len = rlen; 1626 s->s3->rbuf.len = rlen;
1636 S3I(s)->wbuf.len = wlen; 1627 s->s3->wbuf.len = wlen;
1637 1628
1638 ssl_free_wbio_buffer(s); 1629 ssl_free_wbio_buffer(s);
1639 1630
1640 /* Not needed... */ 1631 /* Not needed... */
1641 S3I(s)->renegotiate = 0; 1632 s->s3->renegotiate = 0;
1642 S3I(s)->total_renegotiations = 0; 1633 s->s3->total_renegotiations = 0;
1643 S3I(s)->num_renegotiations = 0; 1634 s->s3->num_renegotiations = 0;
1644 S3I(s)->in_read_app_data = 0; 1635 s->s3->in_read_app_data = 0;
1645 1636
1646 s->internal->packet_length = 0; 1637 s->internal->packet_length = 0;
1647 s->version = TLS1_VERSION; 1638 s->version = TLS1_VERSION;
1648 1639
1649 S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); 1640 s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
1650} 1641}
1651 1642
1652long 1643long
@@ -1657,12 +1648,12 @@ _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
1657 1648
1658 *key = NULL; 1649 *key = NULL;
1659 1650
1660 if (S3I(s)->hs.key_share == NULL) 1651 if (s->s3->hs.key_share == NULL)
1661 goto err; 1652 goto err;
1662 1653
1663 if ((pkey = EVP_PKEY_new()) == NULL) 1654 if ((pkey = EVP_PKEY_new()) == NULL)
1664 goto err; 1655 goto err;
1665 if (!tls_key_share_peer_pkey(S3I(s)->hs.key_share, pkey)) 1656 if (!tls_key_share_peer_pkey(s->s3->hs.key_share, pkey))
1666 goto err; 1657 goto err;
1667 1658
1668 *key = pkey; 1659 *key = pkey;
@@ -1685,7 +1676,7 @@ _SSL_session_reused(SSL *s)
1685static int 1676static int
1686_SSL_num_renegotiations(SSL *s) 1677_SSL_num_renegotiations(SSL *s)
1687{ 1678{
1688 return S3I(s)->num_renegotiations; 1679 return s->s3->num_renegotiations;
1689} 1680}
1690 1681
1691static int 1682static int
@@ -1693,8 +1684,8 @@ _SSL_clear_num_renegotiations(SSL *s)
1693{ 1684{
1694 int renegs; 1685 int renegs;
1695 1686
1696 renegs = S3I(s)->num_renegotiations; 1687 renegs = s->s3->num_renegotiations;
1697 S3I(s)->num_renegotiations = 0; 1688 s->s3->num_renegotiations = 0;
1698 1689
1699 return renegs; 1690 return renegs;
1700} 1691}
@@ -1702,7 +1693,7 @@ _SSL_clear_num_renegotiations(SSL *s)
1702static int 1693static int
1703_SSL_total_renegotiations(SSL *s) 1694_SSL_total_renegotiations(SSL *s)
1704{ 1695{
1705 return S3I(s)->total_renegotiations; 1696 return s->s3->total_renegotiations;
1706} 1697}
1707 1698
1708static int 1699static int
@@ -1920,7 +1911,7 @@ _SSL_get_signature_nid(SSL *s, int *nid)
1920{ 1911{
1921 const struct ssl_sigalg *sigalg; 1912 const struct ssl_sigalg *sigalg;
1922 1913
1923 if ((sigalg = S3I(s)->hs.our_sigalg) == NULL) 1914 if ((sigalg = s->s3->hs.our_sigalg) == NULL)
1924 return 0; 1915 return 0;
1925 1916
1926 *nid = EVP_MD_type(sigalg->md()); 1917 *nid = EVP_MD_type(sigalg->md());
@@ -1933,7 +1924,7 @@ _SSL_get_peer_signature_nid(SSL *s, int *nid)
1933{ 1924{
1934 const struct ssl_sigalg *sigalg; 1925 const struct ssl_sigalg *sigalg;
1935 1926
1936 if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL) 1927 if ((sigalg = s->s3->hs.peer_sigalg) == NULL)
1937 return 0; 1928 return 0;
1938 1929
1939 *nid = EVP_MD_type(sigalg->md()); 1930 *nid = EVP_MD_type(sigalg->md());
@@ -1946,7 +1937,7 @@ SSL_get_signature_type_nid(const SSL *s, int *nid)
1946{ 1937{
1947 const struct ssl_sigalg *sigalg; 1938 const struct ssl_sigalg *sigalg;
1948 1939
1949 if ((sigalg = S3I(s)->hs.our_sigalg) == NULL) 1940 if ((sigalg = s->s3->hs.our_sigalg) == NULL)
1950 return 0; 1941 return 0;
1951 1942
1952 *nid = sigalg->key_type; 1943 *nid = sigalg->key_type;
@@ -1962,7 +1953,7 @@ SSL_get_peer_signature_type_nid(const SSL *s, int *nid)
1962{ 1953{
1963 const struct ssl_sigalg *sigalg; 1954 const struct ssl_sigalg *sigalg;
1964 1955
1965 if ((sigalg = S3I(s)->hs.peer_sigalg) == NULL) 1956 if ((sigalg = s->s3->hs.peer_sigalg) == NULL)
1966 return 0; 1957 return 0;
1967 1958
1968 *nid = sigalg->key_type; 1959 *nid = sigalg->key_type;
@@ -2564,7 +2555,7 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb)
2564{ 2555{
2565 unsigned long alg_k; 2556 unsigned long alg_k;
2566 2557
2567 alg_k = S3I(s)->hs.cipher->algorithm_mkey; 2558 alg_k = s->s3->hs.cipher->algorithm_mkey;
2568 2559
2569#ifndef OPENSSL_NO_GOST 2560#ifndef OPENSSL_NO_GOST
2570 if ((alg_k & SSL_kGOST) != 0) { 2561 if ((alg_k & SSL_kGOST) != 0) {
@@ -2608,7 +2599,7 @@ ssl3_shutdown(SSL *s)
2608 * Don't do anything much if we have not done the handshake or 2599 * Don't do anything much if we have not done the handshake or
2609 * we don't want to send messages :-) 2600 * we don't want to send messages :-)
2610 */ 2601 */
2611 if ((s->internal->quiet_shutdown) || (S3I(s)->hs.state == SSL_ST_BEFORE)) { 2602 if ((s->internal->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) {
2612 s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 2603 s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2613 return (1); 2604 return (1);
2614 } 2605 }
@@ -2618,11 +2609,11 @@ ssl3_shutdown(SSL *s)
2618 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 2609 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
2619 /* 2610 /*
2620 * Our shutdown alert has been sent now, and if it still needs 2611 * Our shutdown alert has been sent now, and if it still needs
2621 * to be written, S3I(s)->alert_dispatch will be true 2612 * to be written, s->s3->alert_dispatch will be true
2622 */ 2613 */
2623 if (S3I(s)->alert_dispatch) 2614 if (s->s3->alert_dispatch)
2624 return (-1); /* return WANT_WRITE */ 2615 return (-1); /* return WANT_WRITE */
2625 } else if (S3I(s)->alert_dispatch) { 2616 } else if (s->s3->alert_dispatch) {
2626 /* resend it if not sent */ 2617 /* resend it if not sent */
2627 ret = ssl3_dispatch_alert(s); 2618 ret = ssl3_dispatch_alert(s);
2628 if (ret == -1) { 2619 if (ret == -1) {
@@ -2643,7 +2634,7 @@ ssl3_shutdown(SSL *s)
2643 } 2634 }
2644 2635
2645 if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 2636 if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2646 !S3I(s)->alert_dispatch) 2637 !s->s3->alert_dispatch)
2647 return (1); 2638 return (1);
2648 else 2639 else
2649 return (0); 2640 return (0);
@@ -2654,7 +2645,7 @@ ssl3_write(SSL *s, const void *buf, int len)
2654{ 2645{
2655 errno = 0; 2646 errno = 0;
2656 2647
2657 if (S3I(s)->renegotiate) 2648 if (s->s3->renegotiate)
2658 ssl3_renegotiate_check(s); 2649 ssl3_renegotiate_check(s);
2659 2650
2660 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 2651 return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
@@ -2667,13 +2658,13 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2667 int ret; 2658 int ret;
2668 2659
2669 errno = 0; 2660 errno = 0;
2670 if (S3I(s)->renegotiate) 2661 if (s->s3->renegotiate)
2671 ssl3_renegotiate_check(s); 2662 ssl3_renegotiate_check(s);
2672 S3I(s)->in_read_app_data = 1; 2663 s->s3->in_read_app_data = 1;
2673 2664
2674 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, 2665 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
2675 peek); 2666 peek);
2676 if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) { 2667 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
2677 /* 2668 /*
2678 * ssl3_read_bytes decided to call s->internal->handshake_func, 2669 * ssl3_read_bytes decided to call s->internal->handshake_func,
2679 * which called ssl3_read_bytes to read handshake data. 2670 * which called ssl3_read_bytes to read handshake data.
@@ -2686,7 +2677,7 @@ ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2686 buf, len, peek); 2677 buf, len, peek);
2687 s->internal->in_handshake--; 2678 s->internal->in_handshake--;
2688 } else 2679 } else
2689 S3I(s)->in_read_app_data = 0; 2680 s->s3->in_read_app_data = 0;
2690 2681
2691 return (ret); 2682 return (ret);
2692} 2683}
@@ -2712,7 +2703,7 @@ ssl3_renegotiate(SSL *s)
2712 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) 2703 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2713 return (0); 2704 return (0);
2714 2705
2715 S3I(s)->renegotiate = 1; 2706 s->s3->renegotiate = 1;
2716 return (1); 2707 return (1);
2717} 2708}
2718 2709
@@ -2721,8 +2712,8 @@ ssl3_renegotiate_check(SSL *s)
2721{ 2712{
2722 int ret = 0; 2713 int ret = 0;
2723 2714
2724 if (S3I(s)->renegotiate) { 2715 if (s->s3->renegotiate) {
2725 if ((S3I(s)->rbuf.left == 0) && (S3I(s)->wbuf.left == 0) && 2716 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
2726 !SSL_in_init(s)) { 2717 !SSL_in_init(s)) {
2727 /* 2718 /*
2728 * If we are the server, and we have sent 2719 * If we are the server, and we have sent
@@ -2730,10 +2721,10 @@ ssl3_renegotiate_check(SSL *s)
2730 * to SSL_ST_ACCEPT. 2721 * to SSL_ST_ACCEPT.
2731 */ 2722 */
2732 /* SSL_ST_ACCEPT */ 2723 /* SSL_ST_ACCEPT */
2733 S3I(s)->hs.state = SSL_ST_RENEGOTIATE; 2724 s->s3->hs.state = SSL_ST_RENEGOTIATE;
2734 S3I(s)->renegotiate = 0; 2725 s->s3->renegotiate = 0;
2735 S3I(s)->num_renegotiations++; 2726 s->s3->num_renegotiations++;
2736 S3I(s)->total_renegotiations++; 2727 s->s3->total_renegotiations++;
2737 ret = 1; 2728 ret = 1;
2738 } 2729 }
2739 } 2730 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 12:51:42 +0000