summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
-rw-r--r--src/lib/libssl/ssl_clnt.c272
1 files changed, 136 insertions, 136 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 6d50ade398..607b038825 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.140 2022/02/03 16:33:12 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.141 2022/02/05 14:54:10 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -190,12 +190,12 @@ ssl3_connect(SSL *s)
190 SSL_clear(s); 190 SSL_clear(s);
191 191
192 for (;;) { 192 for (;;) {
193 state = S3I(s)->hs.state; 193 state = s->s3->hs.state;
194 194
195 switch (S3I(s)->hs.state) { 195 switch (s->s3->hs.state) {
196 case SSL_ST_RENEGOTIATE: 196 case SSL_ST_RENEGOTIATE:
197 s->internal->renegotiate = 1; 197 s->internal->renegotiate = 1;
198 S3I(s)->hs.state = SSL_ST_CONNECT; 198 s->s3->hs.state = SSL_ST_CONNECT;
199 s->ctx->internal->stats.sess_connect_renegotiate++; 199 s->ctx->internal->stats.sess_connect_renegotiate++;
200 /* break */ 200 /* break */
201 case SSL_ST_BEFORE: 201 case SSL_ST_BEFORE:
@@ -214,8 +214,8 @@ ssl3_connect(SSL *s)
214 } 214 }
215 215
216 if (!ssl_supported_tls_version_range(s, 216 if (!ssl_supported_tls_version_range(s,
217 &S3I(s)->hs.our_min_tls_version, 217 &s->s3->hs.our_min_tls_version,
218 &S3I(s)->hs.our_max_tls_version)) { 218 &s->s3->hs.our_max_tls_version)) {
219 SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); 219 SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
220 ret = -1; 220 ret = -1;
221 goto end; 221 goto end;
@@ -241,7 +241,7 @@ ssl3_connect(SSL *s)
241 goto end; 241 goto end;
242 } 242 }
243 243
244 S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; 244 s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
245 s->ctx->internal->stats.sess_connect++; 245 s->ctx->internal->stats.sess_connect++;
246 s->internal->init_num = 0; 246 s->internal->init_num = 0;
247 247
@@ -270,10 +270,10 @@ ssl3_connect(SSL *s)
270 goto end; 270 goto end;
271 271
272 if (SSL_is_dtls(s) && s->d1->send_cookie) { 272 if (SSL_is_dtls(s) && s->d1->send_cookie) {
273 S3I(s)->hs.state = SSL3_ST_CW_FLUSH; 273 s->s3->hs.state = SSL3_ST_CW_FLUSH;
274 S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A; 274 s->s3->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A;
275 } else 275 } else
276 S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; 276 s->s3->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
277 277
278 s->internal->init_num = 0; 278 s->internal->init_num = 0;
279 279
@@ -290,20 +290,20 @@ ssl3_connect(SSL *s)
290 goto end; 290 goto end;
291 291
292 if (s->internal->hit) { 292 if (s->internal->hit) {
293 S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; 293 s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
294 if (!SSL_is_dtls(s)) { 294 if (!SSL_is_dtls(s)) {
295 if (s->internal->tlsext_ticket_expected) { 295 if (s->internal->tlsext_ticket_expected) {
296 /* receive renewed session ticket */ 296 /* receive renewed session ticket */
297 S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; 297 s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
298 } 298 }
299 299
300 /* No client certificate verification. */ 300 /* No client certificate verification. */
301 tls1_transcript_free(s); 301 tls1_transcript_free(s);
302 } 302 }
303 } else if (SSL_is_dtls(s)) { 303 } else if (SSL_is_dtls(s)) {
304 S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; 304 s->s3->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
305 } else { 305 } else {
306 S3I(s)->hs.state = SSL3_ST_CR_CERT_A; 306 s->s3->hs.state = SSL3_ST_CR_CERT_A;
307 } 307 }
308 s->internal->init_num = 0; 308 s->internal->init_num = 0;
309 break; 309 break;
@@ -315,9 +315,9 @@ ssl3_connect(SSL *s)
315 goto end; 315 goto end;
316 dtls1_stop_timer(s); 316 dtls1_stop_timer(s);
317 if (s->d1->send_cookie) /* start again, with a cookie */ 317 if (s->d1->send_cookie) /* start again, with a cookie */
318 S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_A; 318 s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
319 else 319 else
320 S3I(s)->hs.state = SSL3_ST_CR_CERT_A; 320 s->s3->hs.state = SSL3_ST_CR_CERT_A;
321 s->internal->init_num = 0; 321 s->internal->init_num = 0;
322 break; 322 break;
323 323
@@ -329,25 +329,25 @@ ssl3_connect(SSL *s)
329 if (ret == 2) { 329 if (ret == 2) {
330 s->internal->hit = 1; 330 s->internal->hit = 1;
331 if (s->internal->tlsext_ticket_expected) 331 if (s->internal->tlsext_ticket_expected)
332 S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A; 332 s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
333 else 333 else
334 S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; 334 s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
335 s->internal->init_num = 0; 335 s->internal->init_num = 0;
336 break; 336 break;
337 } 337 }
338 /* Check if it is anon DH/ECDH. */ 338 /* Check if it is anon DH/ECDH. */
339 if (!(S3I(s)->hs.cipher->algorithm_auth & 339 if (!(s->s3->hs.cipher->algorithm_auth &
340 SSL_aNULL)) { 340 SSL_aNULL)) {
341 ret = ssl3_get_server_certificate(s); 341 ret = ssl3_get_server_certificate(s);
342 if (ret <= 0) 342 if (ret <= 0)
343 goto end; 343 goto end;
344 if (s->internal->tlsext_status_expected) 344 if (s->internal->tlsext_status_expected)
345 S3I(s)->hs.state = SSL3_ST_CR_CERT_STATUS_A; 345 s->s3->hs.state = SSL3_ST_CR_CERT_STATUS_A;
346 else 346 else
347 S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; 347 s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
348 } else { 348 } else {
349 skip = 1; 349 skip = 1;
350 S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; 350 s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
351 } 351 }
352 s->internal->init_num = 0; 352 s->internal->init_num = 0;
353 break; 353 break;
@@ -357,7 +357,7 @@ ssl3_connect(SSL *s)
357 ret = ssl3_get_server_key_exchange(s); 357 ret = ssl3_get_server_key_exchange(s);
358 if (ret <= 0) 358 if (ret <= 0)
359 goto end; 359 goto end;
360 S3I(s)->hs.state = SSL3_ST_CR_CERT_REQ_A; 360 s->s3->hs.state = SSL3_ST_CR_CERT_REQ_A;
361 s->internal->init_num = 0; 361 s->internal->init_num = 0;
362 362
363 /* 363 /*
@@ -375,7 +375,7 @@ ssl3_connect(SSL *s)
375 ret = ssl3_get_certificate_request(s); 375 ret = ssl3_get_certificate_request(s);
376 if (ret <= 0) 376 if (ret <= 0)
377 goto end; 377 goto end;
378 S3I(s)->hs.state = SSL3_ST_CR_SRVR_DONE_A; 378 s->s3->hs.state = SSL3_ST_CR_SRVR_DONE_A;
379 s->internal->init_num = 0; 379 s->internal->init_num = 0;
380 break; 380 break;
381 381
@@ -386,10 +386,10 @@ ssl3_connect(SSL *s)
386 goto end; 386 goto end;
387 if (SSL_is_dtls(s)) 387 if (SSL_is_dtls(s))
388 dtls1_stop_timer(s); 388 dtls1_stop_timer(s);
389 if (S3I(s)->hs.tls12.cert_request) 389 if (s->s3->hs.tls12.cert_request)
390 S3I(s)->hs.state = SSL3_ST_CW_CERT_A; 390 s->s3->hs.state = SSL3_ST_CW_CERT_A;
391 else 391 else
392 S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; 392 s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A;
393 s->internal->init_num = 0; 393 s->internal->init_num = 0;
394 394
395 break; 395 break;
@@ -403,7 +403,7 @@ ssl3_connect(SSL *s)
403 ret = ssl3_send_client_certificate(s); 403 ret = ssl3_send_client_certificate(s);
404 if (ret <= 0) 404 if (ret <= 0)
405 goto end; 405 goto end;
406 S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; 406 s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A;
407 s->internal->init_num = 0; 407 s->internal->init_num = 0;
408 break; 408 break;
409 409
@@ -430,16 +430,16 @@ ssl3_connect(SSL *s)
430 * message when client's ECDH public key is sent 430 * message when client's ECDH public key is sent
431 * inside the client certificate. 431 * inside the client certificate.
432 */ 432 */
433 if (S3I(s)->hs.tls12.cert_request == 1) { 433 if (s->s3->hs.tls12.cert_request == 1) {
434 S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A; 434 s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_A;
435 } else { 435 } else {
436 S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; 436 s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
437 S3I(s)->change_cipher_spec = 0; 437 s->s3->change_cipher_spec = 0;
438 } 438 }
439 if (!SSL_is_dtls(s)) { 439 if (!SSL_is_dtls(s)) {
440 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { 440 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
441 S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; 441 s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
442 S3I(s)->change_cipher_spec = 0; 442 s->s3->change_cipher_spec = 0;
443 } 443 }
444 } 444 }
445 445
@@ -453,9 +453,9 @@ ssl3_connect(SSL *s)
453 ret = ssl3_send_client_verify(s); 453 ret = ssl3_send_client_verify(s);
454 if (ret <= 0) 454 if (ret <= 0)
455 goto end; 455 goto end;
456 S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; 456 s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
457 s->internal->init_num = 0; 457 s->internal->init_num = 0;
458 S3I(s)->change_cipher_spec = 0; 458 s->s3->change_cipher_spec = 0;
459 break; 459 break;
460 460
461 case SSL3_ST_CW_CHANGE_A: 461 case SSL3_ST_CW_CHANGE_A:
@@ -467,9 +467,9 @@ ssl3_connect(SSL *s)
467 if (ret <= 0) 467 if (ret <= 0)
468 goto end; 468 goto end;
469 469
470 S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A; 470 s->s3->hs.state = SSL3_ST_CW_FINISHED_A;
471 s->internal->init_num = 0; 471 s->internal->init_num = 0;
472 s->session->cipher = S3I(s)->hs.cipher; 472 s->session->cipher = s->s3->hs.cipher;
473 473
474 if (!tls1_setup_key_block(s)) { 474 if (!tls1_setup_key_block(s)) {
475 ret = -1; 475 ret = -1;
@@ -491,18 +491,18 @@ ssl3_connect(SSL *s)
491 goto end; 491 goto end;
492 if (!SSL_is_dtls(s)) 492 if (!SSL_is_dtls(s))
493 s->s3->flags |= SSL3_FLAGS_CCS_OK; 493 s->s3->flags |= SSL3_FLAGS_CCS_OK;
494 S3I(s)->hs.state = SSL3_ST_CW_FLUSH; 494 s->s3->hs.state = SSL3_ST_CW_FLUSH;
495 495
496 /* clear flags */ 496 /* clear flags */
497 if (s->internal->hit) { 497 if (s->internal->hit) {
498 S3I(s)->hs.tls12.next_state = SSL_ST_OK; 498 s->s3->hs.tls12.next_state = SSL_ST_OK;
499 } else { 499 } else {
500 /* Allow NewSessionTicket if ticket expected */ 500 /* Allow NewSessionTicket if ticket expected */
501 if (s->internal->tlsext_ticket_expected) 501 if (s->internal->tlsext_ticket_expected)
502 S3I(s)->hs.tls12.next_state = 502 s->s3->hs.tls12.next_state =
503 SSL3_ST_CR_SESSION_TICKET_A; 503 SSL3_ST_CR_SESSION_TICKET_A;
504 else 504 else
505 S3I(s)->hs.tls12.next_state = 505 s->s3->hs.tls12.next_state =
506 SSL3_ST_CR_FINISHED_A; 506 SSL3_ST_CR_FINISHED_A;
507 } 507 }
508 s->internal->init_num = 0; 508 s->internal->init_num = 0;
@@ -513,7 +513,7 @@ ssl3_connect(SSL *s)
513 ret = ssl3_get_new_session_ticket(s); 513 ret = ssl3_get_new_session_ticket(s);
514 if (ret <= 0) 514 if (ret <= 0)
515 goto end; 515 goto end;
516 S3I(s)->hs.state = SSL3_ST_CR_FINISHED_A; 516 s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
517 s->internal->init_num = 0; 517 s->internal->init_num = 0;
518 break; 518 break;
519 519
@@ -522,7 +522,7 @@ ssl3_connect(SSL *s)
522 ret = ssl3_get_cert_status(s); 522 ret = ssl3_get_cert_status(s);
523 if (ret <= 0) 523 if (ret <= 0)
524 goto end; 524 goto end;
525 S3I(s)->hs.state = SSL3_ST_CR_KEY_EXCH_A; 525 s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
526 s->internal->init_num = 0; 526 s->internal->init_num = 0;
527 break; 527 break;
528 528
@@ -540,9 +540,9 @@ ssl3_connect(SSL *s)
540 dtls1_stop_timer(s); 540 dtls1_stop_timer(s);
541 541
542 if (s->internal->hit) 542 if (s->internal->hit)
543 S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; 543 s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
544 else 544 else
545 S3I(s)->hs.state = SSL_ST_OK; 545 s->s3->hs.state = SSL_ST_OK;
546 s->internal->init_num = 0; 546 s->internal->init_num = 0;
547 break; 547 break;
548 548
@@ -553,21 +553,21 @@ ssl3_connect(SSL *s)
553 /* If the write error was fatal, stop trying */ 553 /* If the write error was fatal, stop trying */
554 if (!BIO_should_retry(s->wbio)) { 554 if (!BIO_should_retry(s->wbio)) {
555 s->internal->rwstate = SSL_NOTHING; 555 s->internal->rwstate = SSL_NOTHING;
556 S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; 556 s->s3->hs.state = s->s3->hs.tls12.next_state;
557 } 557 }
558 } 558 }
559 ret = -1; 559 ret = -1;
560 goto end; 560 goto end;
561 } 561 }
562 s->internal->rwstate = SSL_NOTHING; 562 s->internal->rwstate = SSL_NOTHING;
563 S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; 563 s->s3->hs.state = s->s3->hs.tls12.next_state;
564 break; 564 break;
565 565
566 case SSL_ST_OK: 566 case SSL_ST_OK:
567 /* clean a few things up */ 567 /* clean a few things up */
568 tls1_cleanup_key_block(s); 568 tls1_cleanup_key_block(s);
569 569
570 if (S3I(s)->handshake_transcript != NULL) { 570 if (s->s3->handshake_transcript != NULL) {
571 SSLerror(s, ERR_R_INTERNAL_ERROR); 571 SSLerror(s, ERR_R_INTERNAL_ERROR);
572 ret = -1; 572 ret = -1;
573 goto end; 573 goto end;
@@ -610,17 +610,17 @@ ssl3_connect(SSL *s)
610 } 610 }
611 611
612 /* did we do anything */ 612 /* did we do anything */
613 if (!S3I(s)->hs.tls12.reuse_message && !skip) { 613 if (!s->s3->hs.tls12.reuse_message && !skip) {
614 if (s->internal->debug) { 614 if (s->internal->debug) {
615 if ((ret = BIO_flush(s->wbio)) <= 0) 615 if ((ret = BIO_flush(s->wbio)) <= 0)
616 goto end; 616 goto end;
617 } 617 }
618 618
619 if (S3I(s)->hs.state != state) { 619 if (s->s3->hs.state != state) {
620 new_state = S3I(s)->hs.state; 620 new_state = s->s3->hs.state;
621 S3I(s)->hs.state = state; 621 s->s3->hs.state = state;
622 ssl_info_callback(s, SSL_CB_CONNECT_LOOP, 1); 622 ssl_info_callback(s, SSL_CB_CONNECT_LOOP, 1);
623 S3I(s)->hs.state = new_state; 623 s->s3->hs.state = new_state;
624 } 624 }
625 } 625 }
626 skip = 0; 626 skip = 0;
@@ -643,7 +643,7 @@ ssl3_send_client_hello(SSL *s)
643 643
644 memset(&cbb, 0, sizeof(cbb)); 644 memset(&cbb, 0, sizeof(cbb));
645 645
646 if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_A) { 646 if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {
647 SSL_SESSION *sess = s->session; 647 SSL_SESSION *sess = s->session;
648 648
649 if (!ssl_max_supported_version(s, &max_version)) { 649 if (!ssl_max_supported_version(s, &max_version)) {
@@ -734,7 +734,7 @@ ssl3_send_client_hello(SSL *s)
734 if (!ssl3_handshake_msg_finish(s, &cbb)) 734 if (!ssl3_handshake_msg_finish(s, &cbb))
735 goto err; 735 goto err;
736 736
737 S3I(s)->hs.state = SSL3_ST_CW_CLNT_HELLO_B; 737 s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_B;
738 } 738 }
739 739
740 /* SSL3_ST_CW_CLNT_HELLO_B */ 740 /* SSL3_ST_CW_CLNT_HELLO_B */
@@ -758,9 +758,9 @@ ssl3_get_dtls_hello_verify(SSL *s)
758 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list)) <= 0) 758 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list)) <= 0)
759 return ret; 759 return ret;
760 760
761 if (S3I(s)->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { 761 if (s->s3->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
762 s->d1->send_cookie = 0; 762 s->d1->send_cookie = 0;
763 S3I(s)->hs.tls12.reuse_message = 1; 763 s->s3->hs.tls12.reuse_message = 1;
764 return (1); 764 return (1);
765 } 765 }
766 766
@@ -831,9 +831,9 @@ ssl3_get_server_hello(SSL *s)
831 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 831 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
832 832
833 if (SSL_is_dtls(s)) { 833 if (SSL_is_dtls(s)) {
834 if (S3I(s)->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { 834 if (s->s3->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
835 if (s->d1->send_cookie == 0) { 835 if (s->d1->send_cookie == 0) {
836 S3I(s)->hs.tls12.reuse_message = 1; 836 s->s3->hs.tls12.reuse_message = 1;
837 return (1); 837 return (1);
838 } else { 838 } else {
839 /* Already sent a cookie. */ 839 /* Already sent a cookie. */
@@ -844,7 +844,7 @@ ssl3_get_server_hello(SSL *s)
844 } 844 }
845 } 845 }
846 846
847 if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) { 847 if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) {
848 al = SSL_AD_UNEXPECTED_MESSAGE; 848 al = SSL_AD_UNEXPECTED_MESSAGE;
849 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 849 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
850 goto fatal_err; 850 goto fatal_err;
@@ -859,11 +859,11 @@ ssl3_get_server_hello(SSL *s)
859 al = SSL_AD_PROTOCOL_VERSION; 859 al = SSL_AD_PROTOCOL_VERSION;
860 goto fatal_err; 860 goto fatal_err;
861 } 861 }
862 S3I(s)->hs.peer_legacy_version = server_version; 862 s->s3->hs.peer_legacy_version = server_version;
863 s->version = server_version; 863 s->version = server_version;
864 864
865 S3I(s)->hs.negotiated_tls_version = ssl_tls_version(server_version); 865 s->s3->hs.negotiated_tls_version = ssl_tls_version(server_version);
866 if (S3I(s)->hs.negotiated_tls_version == 0) { 866 if (s->s3->hs.negotiated_tls_version == 0) {
867 SSLerror(s, ERR_R_INTERNAL_ERROR); 867 SSLerror(s, ERR_R_INTERNAL_ERROR);
868 goto err; 868 goto err;
869 } 869 }
@@ -881,8 +881,8 @@ ssl3_get_server_hello(SSL *s)
881 sizeof(s->s3->server_random), NULL)) 881 sizeof(s->s3->server_random), NULL))
882 goto err; 882 goto err;
883 883
884 if (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION && 884 if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION &&
885 S3I(s)->hs.negotiated_tls_version < S3I(s)->hs.our_max_tls_version) { 885 s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) {
886 /* 886 /*
887 * RFC 8446 section 4.1.3. We must not downgrade if the server 887 * RFC 8446 section 4.1.3. We must not downgrade if the server
888 * random value contains the TLS 1.2 or TLS 1.1 magical value. 888 * random value contains the TLS 1.2 or TLS 1.1 magical value.
@@ -890,7 +890,7 @@ ssl3_get_server_hello(SSL *s)
890 if (!CBS_skip(&server_random, 890 if (!CBS_skip(&server_random,
891 CBS_len(&server_random) - sizeof(tls13_downgrade_12))) 891 CBS_len(&server_random) - sizeof(tls13_downgrade_12)))
892 goto err; 892 goto err;
893 if (S3I(s)->hs.negotiated_tls_version == TLS1_2_VERSION && 893 if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION &&
894 CBS_mem_equal(&server_random, tls13_downgrade_12, 894 CBS_mem_equal(&server_random, tls13_downgrade_12,
895 sizeof(tls13_downgrade_12))) { 895 sizeof(tls13_downgrade_12))) {
896 al = SSL_AD_ILLEGAL_PARAMETER; 896 al = SSL_AD_ILLEGAL_PARAMETER;
@@ -981,7 +981,7 @@ ssl3_get_server_hello(SSL *s)
981 981
982 /* TLS v1.2 only ciphersuites require v1.2 or later. */ 982 /* TLS v1.2 only ciphersuites require v1.2 or later. */
983 if ((cipher->algorithm_ssl & SSL_TLSV1_2) && 983 if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
984 S3I(s)->hs.negotiated_tls_version < TLS1_2_VERSION) { 984 s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) {
985 al = SSL_AD_ILLEGAL_PARAMETER; 985 al = SSL_AD_ILLEGAL_PARAMETER;
986 SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); 986 SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
987 goto fatal_err; 987 goto fatal_err;
@@ -1006,7 +1006,7 @@ ssl3_get_server_hello(SSL *s)
1006 SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 1006 SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
1007 goto fatal_err; 1007 goto fatal_err;
1008 } 1008 }
1009 S3I(s)->hs.cipher = cipher; 1009 s->s3->hs.cipher = cipher;
1010 1010
1011 if (!tls1_transcript_hash_init(s)) 1011 if (!tls1_transcript_hash_init(s))
1012 goto err; 1012 goto err;
@@ -1015,7 +1015,7 @@ ssl3_get_server_hello(SSL *s)
1015 * Don't digest cached records if no sigalgs: we may need them for 1015 * Don't digest cached records if no sigalgs: we may need them for
1016 * client authentication. 1016 * client authentication.
1017 */ 1017 */
1018 alg_k = S3I(s)->hs.cipher->algorithm_mkey; 1018 alg_k = s->s3->hs.cipher->algorithm_mkey;
1019 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST))) 1019 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
1020 tls1_transcript_free(s); 1020 tls1_transcript_free(s);
1021 1021
@@ -1044,7 +1044,7 @@ ssl3_get_server_hello(SSL *s)
1044 * which doesn't support RI so for the immediate future tolerate RI 1044 * which doesn't support RI so for the immediate future tolerate RI
1045 * absence on initial connect only. 1045 * absence on initial connect only.
1046 */ 1046 */
1047 if (!S3I(s)->renegotiate_seen && 1047 if (!s->s3->renegotiate_seen &&
1048 !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { 1048 !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
1049 al = SSL_AD_HANDSHAKE_FAILURE; 1049 al = SSL_AD_HANDSHAKE_FAILURE;
1050 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 1050 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
@@ -1085,12 +1085,12 @@ ssl3_get_server_certificate(SSL *s)
1085 1085
1086 ret = -1; 1086 ret = -1;
1087 1087
1088 if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { 1088 if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
1089 S3I(s)->hs.tls12.reuse_message = 1; 1089 s->s3->hs.tls12.reuse_message = 1;
1090 return (1); 1090 return (1);
1091 } 1091 }
1092 1092
1093 if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE) { 1093 if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
1094 al = SSL_AD_UNEXPECTED_MESSAGE; 1094 al = SSL_AD_UNEXPECTED_MESSAGE;
1095 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 1095 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
1096 goto fatal_err; 1096 goto fatal_err;
@@ -1208,11 +1208,11 @@ ssl3_get_server_kex_dhe(SSL *s, CBS *cbs)
1208 int decode_error, invalid_params, invalid_key; 1208 int decode_error, invalid_params, invalid_key;
1209 int nid = NID_dhKeyAgreement; 1209 int nid = NID_dhKeyAgreement;
1210 1210
1211 tls_key_share_free(S3I(s)->hs.key_share); 1211 tls_key_share_free(s->s3->hs.key_share);
1212 if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL) 1212 if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
1213 goto err; 1213 goto err;
1214 1214
1215 if (!tls_key_share_peer_params(S3I(s)->hs.key_share, cbs, 1215 if (!tls_key_share_peer_params(s->s3->hs.key_share, cbs,
1216 &decode_error, &invalid_params)) { 1216 &decode_error, &invalid_params)) {
1217 if (decode_error) { 1217 if (decode_error) {
1218 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1218 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
@@ -1220,7 +1220,7 @@ ssl3_get_server_kex_dhe(SSL *s, CBS *cbs)
1220 } 1220 }
1221 goto err; 1221 goto err;
1222 } 1222 }
1223 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, cbs, 1223 if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs,
1224 &decode_error, &invalid_key)) { 1224 &decode_error, &invalid_key)) {
1225 if (decode_error) { 1225 if (decode_error) {
1226 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1226 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
@@ -1279,11 +1279,11 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs)
1279 goto err; 1279 goto err;
1280 } 1280 }
1281 1281
1282 tls_key_share_free(S3I(s)->hs.key_share); 1282 tls_key_share_free(s->s3->hs.key_share);
1283 if ((S3I(s)->hs.key_share = tls_key_share_new(curve_id)) == NULL) 1283 if ((s->s3->hs.key_share = tls_key_share_new(curve_id)) == NULL)
1284 goto err; 1284 goto err;
1285 1285
1286 if (!tls_key_share_peer_public(S3I(s)->hs.key_share, &public, 1286 if (!tls_key_share_peer_public(s->s3->hs.key_share, &public,
1287 &decode_error, NULL)) { 1287 &decode_error, NULL)) {
1288 if (decode_error) 1288 if (decode_error)
1289 goto decode_err; 1289 goto decode_err;
@@ -1309,8 +1309,8 @@ ssl3_get_server_key_exchange(SSL *s)
1309 long alg_k, alg_a; 1309 long alg_k, alg_a;
1310 int al, ret; 1310 int al, ret;
1311 1311
1312 alg_k = S3I(s)->hs.cipher->algorithm_mkey; 1312 alg_k = s->s3->hs.cipher->algorithm_mkey;
1313 alg_a = S3I(s)->hs.cipher->algorithm_auth; 1313 alg_a = s->s3->hs.cipher->algorithm_auth;
1314 1314
1315 /* 1315 /*
1316 * Use same message size as in ssl3_get_certificate_request() 1316 * Use same message size as in ssl3_get_certificate_request()
@@ -1328,7 +1328,7 @@ ssl3_get_server_key_exchange(SSL *s)
1328 1328
1329 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 1329 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
1330 1330
1331 if (S3I(s)->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { 1331 if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1332 /* 1332 /*
1333 * Do not skip server key exchange if this cipher suite uses 1333 * Do not skip server key exchange if this cipher suite uses
1334 * ephemeral keys. 1334 * ephemeral keys.
@@ -1339,7 +1339,7 @@ ssl3_get_server_key_exchange(SSL *s)
1339 goto fatal_err; 1339 goto fatal_err;
1340 } 1340 }
1341 1341
1342 S3I(s)->hs.tls12.reuse_message = 1; 1342 s->s3->hs.tls12.reuse_message = 1;
1343 EVP_MD_CTX_free(md_ctx); 1343 EVP_MD_CTX_free(md_ctx);
1344 return (1); 1344 return (1);
1345 } 1345 }
@@ -1398,7 +1398,7 @@ ssl3_get_server_key_exchange(SSL *s)
1398 al = SSL_AD_DECODE_ERROR; 1398 al = SSL_AD_DECODE_ERROR;
1399 goto fatal_err; 1399 goto fatal_err;
1400 } 1400 }
1401 S3I(s)->hs.peer_sigalg = sigalg; 1401 s->s3->hs.peer_sigalg = sigalg;
1402 1402
1403 if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(), 1403 if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(),
1404 NULL, pkey)) 1404 NULL, pkey))
@@ -1462,10 +1462,10 @@ ssl3_get_certificate_request(SSL *s)
1462 1462
1463 ret = 0; 1463 ret = 0;
1464 1464
1465 S3I(s)->hs.tls12.cert_request = 0; 1465 s->s3->hs.tls12.cert_request = 0;
1466 1466
1467 if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) { 1467 if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_DONE) {
1468 S3I(s)->hs.tls12.reuse_message = 1; 1468 s->s3->hs.tls12.reuse_message = 1;
1469 /* 1469 /*
1470 * If we get here we don't need any cached handshake records 1470 * If we get here we don't need any cached handshake records
1471 * as we wont be doing client auth. 1471 * as we wont be doing client auth.
@@ -1474,14 +1474,14 @@ ssl3_get_certificate_request(SSL *s)
1474 return (1); 1474 return (1);
1475 } 1475 }
1476 1476
1477 if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) { 1477 if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1478 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1478 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1479 SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); 1479 SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
1480 goto err; 1480 goto err;
1481 } 1481 }
1482 1482
1483 /* TLS does not like anon-DH with client cert */ 1483 /* TLS does not like anon-DH with client cert */
1484 if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) { 1484 if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
1485 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1485 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1486 SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1486 SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1487 goto err; 1487 goto err;
@@ -1516,8 +1516,8 @@ ssl3_get_certificate_request(SSL *s)
1516 SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); 1516 SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1517 goto err; 1517 goto err;
1518 } 1518 }
1519 if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, 1519 if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs,
1520 &S3I(s)->hs.sigalgs_len)) 1520 &s->s3->hs.sigalgs_len))
1521 goto err; 1521 goto err;
1522 } 1522 }
1523 1523
@@ -1569,9 +1569,9 @@ ssl3_get_certificate_request(SSL *s)
1569 } 1569 }
1570 1570
1571 /* we should setup a certificate to return.... */ 1571 /* we should setup a certificate to return.... */
1572 S3I(s)->hs.tls12.cert_request = 1; 1572 s->s3->hs.tls12.cert_request = 1;
1573 sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free); 1573 sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
1574 S3I(s)->hs.tls12.ca_names = ca_sk; 1574 s->s3->hs.tls12.ca_names = ca_sk;
1575 ca_sk = NULL; 1575 ca_sk = NULL;
1576 1576
1577 ret = 1; 1577 ret = 1;
@@ -1602,11 +1602,11 @@ ssl3_get_new_session_ticket(SSL *s)
1602 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384)) <= 0) 1602 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384)) <= 0)
1603 return ret; 1603 return ret;
1604 1604
1605 if (S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) { 1605 if (s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) {
1606 S3I(s)->hs.tls12.reuse_message = 1; 1606 s->s3->hs.tls12.reuse_message = 1;
1607 return (1); 1607 return (1);
1608 } 1608 }
1609 if (S3I(s)->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) { 1609 if (s->s3->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) {
1610 al = SSL_AD_UNEXPECTED_MESSAGE; 1610 al = SSL_AD_UNEXPECTED_MESSAGE;
1611 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 1611 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
1612 goto fatal_err; 1612 goto fatal_err;
@@ -1673,7 +1673,7 @@ ssl3_get_cert_status(SSL *s)
1673 SSL3_ST_CR_CERT_STATUS_B, -1, 16384)) <= 0) 1673 SSL3_ST_CR_CERT_STATUS_B, -1, 16384)) <= 0)
1674 return ret; 1674 return ret;
1675 1675
1676 if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { 1676 if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
1677 /* 1677 /*
1678 * Tell the callback the server did not send us an OSCP 1678 * Tell the callback the server did not send us an OSCP
1679 * response, and has decided to head directly to key exchange. 1679 * response, and has decided to head directly to key exchange.
@@ -1696,12 +1696,12 @@ ssl3_get_cert_status(SSL *s)
1696 goto fatal_err; 1696 goto fatal_err;
1697 } 1697 }
1698 } 1698 }
1699 S3I(s)->hs.tls12.reuse_message = 1; 1699 s->s3->hs.tls12.reuse_message = 1;
1700 return (1); 1700 return (1);
1701 } 1701 }
1702 1702
1703 if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE && 1703 if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE &&
1704 S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) { 1704 s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) {
1705 al = SSL_AD_UNEXPECTED_MESSAGE; 1705 al = SSL_AD_UNEXPECTED_MESSAGE;
1706 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 1706 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
1707 goto fatal_err; 1707 goto fatal_err;
@@ -1858,17 +1858,17 @@ ssl3_send_client_kex_dhe(SSL *s, CBB *cbb)
1858 int ret = 0; 1858 int ret = 0;
1859 1859
1860 /* Ensure that we have an ephemeral key from the server for DHE. */ 1860 /* Ensure that we have an ephemeral key from the server for DHE. */
1861 if (S3I(s)->hs.key_share == NULL) { 1861 if (s->s3->hs.key_share == NULL) {
1862 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1862 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1863 SSLerror(s, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 1863 SSLerror(s, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1864 goto err; 1864 goto err;
1865 } 1865 }
1866 1866
1867 if (!tls_key_share_generate(S3I(s)->hs.key_share)) 1867 if (!tls_key_share_generate(s->s3->hs.key_share))
1868 goto err; 1868 goto err;
1869 if (!tls_key_share_public(S3I(s)->hs.key_share, cbb)) 1869 if (!tls_key_share_public(s->s3->hs.key_share, cbb))
1870 goto err; 1870 goto err;
1871 if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len)) 1871 if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
1872 goto err; 1872 goto err;
1873 1873
1874 if (!tls12_derive_master_secret(s, key, key_len)) 1874 if (!tls12_derive_master_secret(s, key, key_len))
@@ -1891,23 +1891,23 @@ ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb)
1891 int ret = 0; 1891 int ret = 0;
1892 1892
1893 /* Ensure that we have an ephemeral key for ECDHE. */ 1893 /* Ensure that we have an ephemeral key for ECDHE. */
1894 if (S3I(s)->hs.key_share == NULL) { 1894 if (s->s3->hs.key_share == NULL) {
1895 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1895 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1896 SSLerror(s, ERR_R_INTERNAL_ERROR); 1896 SSLerror(s, ERR_R_INTERNAL_ERROR);
1897 goto err; 1897 goto err;
1898 } 1898 }
1899 1899
1900 if (!tls_key_share_generate(S3I(s)->hs.key_share)) 1900 if (!tls_key_share_generate(s->s3->hs.key_share))
1901 goto err; 1901 goto err;
1902 1902
1903 if (!CBB_add_u8_length_prefixed(cbb, &public)) 1903 if (!CBB_add_u8_length_prefixed(cbb, &public))
1904 return 0; 1904 return 0;
1905 if (!tls_key_share_public(S3I(s)->hs.key_share, &public)) 1905 if (!tls_key_share_public(s->s3->hs.key_share, &public))
1906 goto err; 1906 goto err;
1907 if (!CBB_flush(cbb)) 1907 if (!CBB_flush(cbb))
1908 goto err; 1908 goto err;
1909 1909
1910 if (!tls_key_share_derive(S3I(s)->hs.key_share, &key, &key_len)) 1910 if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
1911 goto err; 1911 goto err;
1912 1912
1913 if (!tls12_derive_master_secret(s, key, key_len)) 1913 if (!tls12_derive_master_secret(s, key, key_len))
@@ -1960,7 +1960,7 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
1960 * If we have client certificate, use its secret as peer key. 1960 * If we have client certificate, use its secret as peer key.
1961 * XXX - this presumably lacks PFS. 1961 * XXX - this presumably lacks PFS.
1962 */ 1962 */
1963 if (S3I(s)->hs.tls12.cert_request != 0 && 1963 if (s->s3->hs.tls12.cert_request != 0 &&
1964 s->cert->key->privatekey != NULL) { 1964 s->cert->key->privatekey != NULL) {
1965 if (EVP_PKEY_derive_set_peer(pkey_ctx, 1965 if (EVP_PKEY_derive_set_peer(pkey_ctx,
1966 s->cert->key->privatekey) <=0) { 1966 s->cert->key->privatekey) <=0) {
@@ -1981,7 +1981,7 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
1981 } 1981 }
1982 1982
1983 /* XXX check handshake hash instead. */ 1983 /* XXX check handshake hash instead. */
1984 if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) 1984 if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
1985 nid = NID_id_GostR3411_94; 1985 nid = NID_id_GostR3411_94;
1986 else 1986 else
1987 nid = NID_id_tc26_gost3411_2012_256; 1987 nid = NID_id_tc26_gost3411_2012_256;
@@ -2042,8 +2042,8 @@ ssl3_send_client_key_exchange(SSL *s)
2042 2042
2043 memset(&cbb, 0, sizeof(cbb)); 2043 memset(&cbb, 0, sizeof(cbb));
2044 2044
2045 if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) { 2045 if (s->s3->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
2046 alg_k = S3I(s)->hs.cipher->algorithm_mkey; 2046 alg_k = s->s3->hs.cipher->algorithm_mkey;
2047 2047
2048 if (!ssl3_handshake_msg_start(s, &cbb, &kex, 2048 if (!ssl3_handshake_msg_start(s, &cbb, &kex,
2049 SSL3_MT_CLIENT_KEY_EXCHANGE)) 2049 SSL3_MT_CLIENT_KEY_EXCHANGE))
@@ -2071,7 +2071,7 @@ ssl3_send_client_key_exchange(SSL *s)
2071 if (!ssl3_handshake_msg_finish(s, &cbb)) 2071 if (!ssl3_handshake_msg_finish(s, &cbb))
2072 goto err; 2072 goto err;
2073 2073
2074 S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_B; 2074 s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_B;
2075 } 2075 }
2076 2076
2077 /* SSL3_ST_CW_KEY_EXCH_B */ 2077 /* SSL3_ST_CW_KEY_EXCH_B */
@@ -2302,7 +2302,7 @@ ssl3_send_client_verify(SSL *s)
2302 2302
2303 memset(&cbb, 0, sizeof(cbb)); 2303 memset(&cbb, 0, sizeof(cbb));
2304 2304
2305 if (S3I(s)->hs.state == SSL3_ST_CW_CERT_VRFY_A) { 2305 if (s->s3->hs.state == SSL3_ST_CW_CERT_VRFY_A) {
2306 if (!ssl3_handshake_msg_start(s, &cbb, &cert_verify, 2306 if (!ssl3_handshake_msg_start(s, &cbb, &cert_verify,
2307 SSL3_MT_CERTIFICATE_VERIFY)) 2307 SSL3_MT_CERTIFICATE_VERIFY))
2308 goto err; 2308 goto err;
@@ -2312,7 +2312,7 @@ ssl3_send_client_verify(SSL *s)
2312 SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR); 2312 SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
2313 goto err; 2313 goto err;
2314 } 2314 }
2315 S3I(s)->hs.our_sigalg = sigalg; 2315 s->s3->hs.our_sigalg = sigalg;
2316 2316
2317 /* 2317 /*
2318 * For TLS v1.2 send signature algorithm and signature using 2318 * For TLS v1.2 send signature algorithm and signature using
@@ -2344,7 +2344,7 @@ ssl3_send_client_verify(SSL *s)
2344 if (!ssl3_handshake_msg_finish(s, &cbb)) 2344 if (!ssl3_handshake_msg_finish(s, &cbb))
2345 goto err; 2345 goto err;
2346 2346
2347 S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_B; 2347 s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_B;
2348 } 2348 }
2349 2349
2350 return (ssl3_handshake_write(s)); 2350 return (ssl3_handshake_write(s));
@@ -2365,16 +2365,16 @@ ssl3_send_client_certificate(SSL *s)
2365 2365
2366 memset(&cbb, 0, sizeof(cbb)); 2366 memset(&cbb, 0, sizeof(cbb));
2367 2367
2368 if (S3I(s)->hs.state == SSL3_ST_CW_CERT_A) { 2368 if (s->s3->hs.state == SSL3_ST_CW_CERT_A) {
2369 if (s->cert->key->x509 == NULL || 2369 if (s->cert->key->x509 == NULL ||
2370 s->cert->key->privatekey == NULL) 2370 s->cert->key->privatekey == NULL)
2371 S3I(s)->hs.state = SSL3_ST_CW_CERT_B; 2371 s->s3->hs.state = SSL3_ST_CW_CERT_B;
2372 else 2372 else
2373 S3I(s)->hs.state = SSL3_ST_CW_CERT_C; 2373 s->s3->hs.state = SSL3_ST_CW_CERT_C;
2374 } 2374 }
2375 2375
2376 /* We need to get a client cert */ 2376 /* We need to get a client cert */
2377 if (S3I(s)->hs.state == SSL3_ST_CW_CERT_B) { 2377 if (s->s3->hs.state == SSL3_ST_CW_CERT_B) {
2378 /* 2378 /*
2379 * If we get an error, we need to 2379 * If we get an error, we need to
2380 * ssl->internal->rwstate = SSL_X509_LOOKUP; return(-1); 2380 * ssl->internal->rwstate = SSL_X509_LOOKUP; return(-1);
@@ -2387,7 +2387,7 @@ ssl3_send_client_certificate(SSL *s)
2387 } 2387 }
2388 s->internal->rwstate = SSL_NOTHING; 2388 s->internal->rwstate = SSL_NOTHING;
2389 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { 2389 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
2390 S3I(s)->hs.state = SSL3_ST_CW_CERT_B; 2390 s->s3->hs.state = SSL3_ST_CW_CERT_B;
2391 if (!SSL_use_certificate(s, x509) || 2391 if (!SSL_use_certificate(s, x509) ||
2392 !SSL_use_PrivateKey(s, pkey)) 2392 !SSL_use_PrivateKey(s, pkey))
2393 i = 0; 2393 i = 0;
@@ -2399,27 +2399,27 @@ ssl3_send_client_certificate(SSL *s)
2399 X509_free(x509); 2399 X509_free(x509);
2400 EVP_PKEY_free(pkey); 2400 EVP_PKEY_free(pkey);
2401 if (i == 0) { 2401 if (i == 0) {
2402 S3I(s)->hs.tls12.cert_request = 2; 2402 s->s3->hs.tls12.cert_request = 2;
2403 2403
2404 /* There is no client certificate to verify. */ 2404 /* There is no client certificate to verify. */
2405 tls1_transcript_free(s); 2405 tls1_transcript_free(s);
2406 } 2406 }
2407 2407
2408 /* Ok, we have a cert */ 2408 /* Ok, we have a cert */
2409 S3I(s)->hs.state = SSL3_ST_CW_CERT_C; 2409 s->s3->hs.state = SSL3_ST_CW_CERT_C;
2410 } 2410 }
2411 2411
2412 if (S3I(s)->hs.state == SSL3_ST_CW_CERT_C) { 2412 if (s->s3->hs.state == SSL3_ST_CW_CERT_C) {
2413 if (!ssl3_handshake_msg_start(s, &cbb, &client_cert, 2413 if (!ssl3_handshake_msg_start(s, &cbb, &client_cert,
2414 SSL3_MT_CERTIFICATE)) 2414 SSL3_MT_CERTIFICATE))
2415 goto err; 2415 goto err;
2416 if (!ssl3_output_cert_chain(s, &client_cert, 2416 if (!ssl3_output_cert_chain(s, &client_cert,
2417 (S3I(s)->hs.tls12.cert_request == 2) ? NULL : s->cert->key)) 2417 (s->s3->hs.tls12.cert_request == 2) ? NULL : s->cert->key))
2418 goto err; 2418 goto err;
2419 if (!ssl3_handshake_msg_finish(s, &cbb)) 2419 if (!ssl3_handshake_msg_finish(s, &cbb))
2420 goto err; 2420 goto err;
2421 2421
2422 S3I(s)->hs.state = SSL3_ST_CW_CERT_D; 2422 s->s3->hs.state = SSL3_ST_CW_CERT_D;
2423 } 2423 }
2424 2424
2425 /* SSL3_ST_CW_CERT_D */ 2425 /* SSL3_ST_CW_CERT_D */
@@ -2440,15 +2440,15 @@ ssl3_check_cert_and_algorithm(SSL *s)
2440 int nid = NID_undef; 2440 int nid = NID_undef;
2441 int i; 2441 int i;
2442 2442
2443 alg_k = S3I(s)->hs.cipher->algorithm_mkey; 2443 alg_k = s->s3->hs.cipher->algorithm_mkey;
2444 alg_a = S3I(s)->hs.cipher->algorithm_auth; 2444 alg_a = s->s3->hs.cipher->algorithm_auth;
2445 2445
2446 /* We don't have a certificate. */ 2446 /* We don't have a certificate. */
2447 if (alg_a & SSL_aNULL) 2447 if (alg_a & SSL_aNULL)
2448 return (1); 2448 return (1);
2449 2449
2450 if (S3I(s)->hs.key_share != NULL) 2450 if (s->s3->hs.key_share != NULL)
2451 nid = tls_key_share_nid(S3I(s)->hs.key_share); 2451 nid = tls_key_share_nid(s->s3->hs.key_share);
2452 2452
2453 /* This is the passed certificate. */ 2453 /* This is the passed certificate. */
2454 2454
@@ -2505,9 +2505,9 @@ ssl3_check_finished(SSL *s)
2505 SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0) 2505 SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list)) <= 0)
2506 return ret; 2506 return ret;
2507 2507
2508 S3I(s)->hs.tls12.reuse_message = 1; 2508 s->s3->hs.tls12.reuse_message = 1;
2509 if ((S3I(s)->hs.tls12.message_type == SSL3_MT_FINISHED) || 2509 if ((s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) ||
2510 (S3I(s)->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET)) 2510 (s->s3->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET))
2511 return (2); 2511 return (2);
2512 2512
2513 return (1); 2513 return (1);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 10:03:29 +0000