summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
-rw-r--r--src/lib/libssl/ssl_srvr.c186
1 files changed, 93 insertions, 93 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 821006af81..098e82e339 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.150 2022/10/01 16:23:15 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.151 2022/10/02 16:36:41 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -204,7 +204,7 @@ ssl3_accept(SSL *s)
204 listen = s->d1->listen; 204 listen = s->d1->listen;
205 205
206 /* init things to blank */ 206 /* init things to blank */
207 s->internal->in_handshake++; 207 s->in_handshake++;
208 if (!SSL_in_init(s) || SSL_in_before(s)) 208 if (!SSL_in_init(s) || SSL_in_before(s))
209 SSL_clear(s); 209 SSL_clear(s);
210 210
@@ -216,7 +216,7 @@ ssl3_accept(SSL *s)
216 216
217 switch (s->s3->hs.state) { 217 switch (s->s3->hs.state) {
218 case SSL_ST_RENEGOTIATE: 218 case SSL_ST_RENEGOTIATE:
219 s->internal->renegotiate = 1; 219 s->renegotiate = 1;
220 /* s->s3->hs.state=SSL_ST_ACCEPT; */ 220 /* s->s3->hs.state=SSL_ST_ACCEPT; */
221 221
222 case SSL_ST_BEFORE: 222 case SSL_ST_BEFORE:
@@ -257,7 +257,7 @@ ssl3_accept(SSL *s)
257 goto end; 257 goto end;
258 } 258 }
259 259
260 s->internal->init_num = 0; 260 s->init_num = 0;
261 261
262 if (s->s3->hs.state != SSL_ST_RENEGOTIATE) { 262 if (s->s3->hs.state != SSL_ST_RENEGOTIATE) {
263 /* 263 /*
@@ -276,7 +276,7 @@ ssl3_accept(SSL *s)
276 } 276 }
277 277
278 s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A; 278 s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
279 s->ctx->internal->stats.sess_accept++; 279 s->ctx->stats.sess_accept++;
280 } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) { 280 } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) {
281 /* 281 /*
282 * Server attempting to renegotiate with 282 * Server attempting to renegotiate with
@@ -293,14 +293,14 @@ ssl3_accept(SSL *s)
293 * s->s3->hs.state == SSL_ST_RENEGOTIATE, 293 * s->s3->hs.state == SSL_ST_RENEGOTIATE,
294 * we will just send a HelloRequest. 294 * we will just send a HelloRequest.
295 */ 295 */
296 s->ctx->internal->stats.sess_accept_renegotiate++; 296 s->ctx->stats.sess_accept_renegotiate++;
297 s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A; 297 s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A;
298 } 298 }
299 break; 299 break;
300 300
301 case SSL3_ST_SW_HELLO_REQ_A: 301 case SSL3_ST_SW_HELLO_REQ_A:
302 case SSL3_ST_SW_HELLO_REQ_B: 302 case SSL3_ST_SW_HELLO_REQ_B:
303 s->internal->shutdown = 0; 303 s->shutdown = 0;
304 if (SSL_is_dtls(s)) { 304 if (SSL_is_dtls(s)) {
305 dtls1_clear_record_buffer(s); 305 dtls1_clear_record_buffer(s);
306 dtls1_start_timer(s); 306 dtls1_start_timer(s);
@@ -313,7 +313,7 @@ ssl3_accept(SSL *s)
313 else 313 else
314 s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C; 314 s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C;
315 s->s3->hs.state = SSL3_ST_SW_FLUSH; 315 s->s3->hs.state = SSL3_ST_SW_FLUSH;
316 s->internal->init_num = 0; 316 s->init_num = 0;
317 317
318 if (SSL_is_dtls(s)) { 318 if (SSL_is_dtls(s)) {
319 if (!tls1_transcript_init(s)) { 319 if (!tls1_transcript_init(s)) {
@@ -330,7 +330,7 @@ ssl3_accept(SSL *s)
330 case SSL3_ST_SR_CLNT_HELLO_A: 330 case SSL3_ST_SR_CLNT_HELLO_A:
331 case SSL3_ST_SR_CLNT_HELLO_B: 331 case SSL3_ST_SR_CLNT_HELLO_B:
332 case SSL3_ST_SR_CLNT_HELLO_C: 332 case SSL3_ST_SR_CLNT_HELLO_C:
333 s->internal->shutdown = 0; 333 s->shutdown = 0;
334 if (SSL_is_dtls(s)) { 334 if (SSL_is_dtls(s)) {
335 ret = ssl3_get_client_hello(s); 335 ret = ssl3_get_client_hello(s);
336 if (ret <= 0) 336 if (ret <= 0)
@@ -343,7 +343,7 @@ ssl3_accept(SSL *s)
343 else 343 else
344 s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; 344 s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
345 345
346 s->internal->init_num = 0; 346 s->init_num = 0;
347 347
348 /* 348 /*
349 * Reflect ClientHello sequence to remain 349 * Reflect ClientHello sequence to remain
@@ -351,7 +351,7 @@ ssl3_accept(SSL *s)
351 */ 351 */
352 if (listen) { 352 if (listen) {
353 tls12_record_layer_reflect_seq_num( 353 tls12_record_layer_reflect_seq_num(
354 s->internal->rl); 354 s->rl);
355 } 355 }
356 356
357 /* If we're just listening, stop here */ 357 /* If we're just listening, stop here */
@@ -368,15 +368,15 @@ ssl3_accept(SSL *s)
368 goto end; 368 goto end;
369 } 369 }
370 } else { 370 } else {
371 if (s->internal->rwstate != SSL_X509_LOOKUP) { 371 if (s->rwstate != SSL_X509_LOOKUP) {
372 ret = ssl3_get_client_hello(s); 372 ret = ssl3_get_client_hello(s);
373 if (ret <= 0) 373 if (ret <= 0)
374 goto end; 374 goto end;
375 } 375 }
376 376
377 s->internal->renegotiate = 2; 377 s->renegotiate = 2;
378 s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A; 378 s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
379 s->internal->init_num = 0; 379 s->init_num = 0;
380 } 380 }
381 break; 381 break;
382 382
@@ -395,21 +395,21 @@ ssl3_accept(SSL *s)
395 case SSL3_ST_SW_SRVR_HELLO_A: 395 case SSL3_ST_SW_SRVR_HELLO_A:
396 case SSL3_ST_SW_SRVR_HELLO_B: 396 case SSL3_ST_SW_SRVR_HELLO_B:
397 if (SSL_is_dtls(s)) { 397 if (SSL_is_dtls(s)) {
398 s->internal->renegotiate = 2; 398 s->renegotiate = 2;
399 dtls1_start_timer(s); 399 dtls1_start_timer(s);
400 } 400 }
401 ret = ssl3_send_server_hello(s); 401 ret = ssl3_send_server_hello(s);
402 if (ret <= 0) 402 if (ret <= 0)
403 goto end; 403 goto end;
404 if (s->internal->hit) { 404 if (s->hit) {
405 if (s->internal->tlsext_ticket_expected) 405 if (s->tlsext_ticket_expected)
406 s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; 406 s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
407 else 407 else
408 s->s3->hs.state = SSL3_ST_SW_CHANGE_A; 408 s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
409 } else { 409 } else {
410 s->s3->hs.state = SSL3_ST_SW_CERT_A; 410 s->s3->hs.state = SSL3_ST_SW_CERT_A;
411 } 411 }
412 s->internal->init_num = 0; 412 s->init_num = 0;
413 break; 413 break;
414 414
415 case SSL3_ST_SW_CERT_A: 415 case SSL3_ST_SW_CERT_A:
@@ -422,7 +422,7 @@ ssl3_accept(SSL *s)
422 ret = ssl3_send_server_certificate(s); 422 ret = ssl3_send_server_certificate(s);
423 if (ret <= 0) 423 if (ret <= 0)
424 goto end; 424 goto end;
425 if (s->internal->tlsext_status_expected) 425 if (s->tlsext_status_expected)
426 s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A; 426 s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A;
427 else 427 else
428 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; 428 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
@@ -430,7 +430,7 @@ ssl3_accept(SSL *s)
430 skip = 1; 430 skip = 1;
431 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; 431 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
432 } 432 }
433 s->internal->init_num = 0; 433 s->init_num = 0;
434 break; 434 break;
435 435
436 case SSL3_ST_SW_KEY_EXCH_A: 436 case SSL3_ST_SW_KEY_EXCH_A:
@@ -455,7 +455,7 @@ ssl3_accept(SSL *s)
455 skip = 1; 455 skip = 1;
456 456
457 s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A; 457 s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A;
458 s->internal->init_num = 0; 458 s->init_num = 0;
459 break; 459 break;
460 460
461 case SSL3_ST_SW_CERT_REQ_A: 461 case SSL3_ST_SW_CERT_REQ_A:
@@ -498,7 +498,7 @@ ssl3_accept(SSL *s)
498 if (ret <= 0) 498 if (ret <= 0)
499 goto end; 499 goto end;
500 s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A; 500 s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A;
501 s->internal->init_num = 0; 501 s->init_num = 0;
502 } 502 }
503 break; 503 break;
504 504
@@ -511,7 +511,7 @@ ssl3_accept(SSL *s)
511 goto end; 511 goto end;
512 s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A; 512 s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A;
513 s->s3->hs.state = SSL3_ST_SW_FLUSH; 513 s->s3->hs.state = SSL3_ST_SW_FLUSH;
514 s->internal->init_num = 0; 514 s->init_num = 0;
515 break; 515 break;
516 516
517 case SSL3_ST_SW_FLUSH: 517 case SSL3_ST_SW_FLUSH:
@@ -525,19 +525,19 @@ ssl3_accept(SSL *s)
525 * still exist. So instead we just flush 525 * still exist. So instead we just flush
526 * unconditionally. 526 * unconditionally.
527 */ 527 */
528 s->internal->rwstate = SSL_WRITING; 528 s->rwstate = SSL_WRITING;
529 if (BIO_flush(s->wbio) <= 0) { 529 if (BIO_flush(s->wbio) <= 0) {
530 if (SSL_is_dtls(s)) { 530 if (SSL_is_dtls(s)) {
531 /* If the write error was fatal, stop trying. */ 531 /* If the write error was fatal, stop trying. */
532 if (!BIO_should_retry(s->wbio)) { 532 if (!BIO_should_retry(s->wbio)) {
533 s->internal->rwstate = SSL_NOTHING; 533 s->rwstate = SSL_NOTHING;
534 s->s3->hs.state = s->s3->hs.tls12.next_state; 534 s->s3->hs.state = s->s3->hs.tls12.next_state;
535 } 535 }
536 } 536 }
537 ret = -1; 537 ret = -1;
538 goto end; 538 goto end;
539 } 539 }
540 s->internal->rwstate = SSL_NOTHING; 540 s->rwstate = SSL_NOTHING;
541 s->s3->hs.state = s->s3->hs.tls12.next_state; 541 s->s3->hs.state = s->s3->hs.tls12.next_state;
542 break; 542 break;
543 543
@@ -548,7 +548,7 @@ ssl3_accept(SSL *s)
548 if (ret <= 0) 548 if (ret <= 0)
549 goto end; 549 goto end;
550 } 550 }
551 s->internal->init_num = 0; 551 s->init_num = 0;
552 s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A; 552 s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A;
553 break; 553 break;
554 554
@@ -560,7 +560,7 @@ ssl3_accept(SSL *s)
560 560
561 if (SSL_is_dtls(s)) { 561 if (SSL_is_dtls(s)) {
562 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; 562 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
563 s->internal->init_num = 0; 563 s->init_num = 0;
564 } 564 }
565 565
566 alg_k = s->s3->hs.cipher->algorithm_mkey; 566 alg_k = s->s3->hs.cipher->algorithm_mkey;
@@ -571,10 +571,10 @@ ssl3_accept(SSL *s)
571 * the CertificateVerify message is not sent. 571 * the CertificateVerify message is not sent.
572 */ 572 */
573 s->s3->hs.state = SSL3_ST_SR_FINISHED_A; 573 s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
574 s->internal->init_num = 0; 574 s->init_num = 0;
575 } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { 575 } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
576 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; 576 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
577 s->internal->init_num = 0; 577 s->init_num = 0;
578 if (!s->session->peer_cert) 578 if (!s->session->peer_cert)
579 break; 579 break;
580 /* 580 /*
@@ -584,7 +584,7 @@ ssl3_accept(SSL *s)
584 tls1_transcript_freeze(s); 584 tls1_transcript_freeze(s);
585 } else { 585 } else {
586 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; 586 s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
587 s->internal->init_num = 0; 587 s->init_num = 0;
588 588
589 tls1_transcript_free(s); 589 tls1_transcript_free(s);
590 590
@@ -614,7 +614,7 @@ ssl3_accept(SSL *s)
614 if (ret <= 0) 614 if (ret <= 0)
615 goto end; 615 goto end;
616 s->s3->hs.state = SSL3_ST_SR_FINISHED_A; 616 s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
617 s->internal->init_num = 0; 617 s->init_num = 0;
618 break; 618 break;
619 619
620 case SSL3_ST_SR_FINISHED_A: 620 case SSL3_ST_SR_FINISHED_A:
@@ -628,13 +628,13 @@ ssl3_accept(SSL *s)
628 goto end; 628 goto end;
629 if (SSL_is_dtls(s)) 629 if (SSL_is_dtls(s))
630 dtls1_stop_timer(s); 630 dtls1_stop_timer(s);
631 if (s->internal->hit) 631 if (s->hit)
632 s->s3->hs.state = SSL_ST_OK; 632 s->s3->hs.state = SSL_ST_OK;
633 else if (s->internal->tlsext_ticket_expected) 633 else if (s->tlsext_ticket_expected)
634 s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A; 634 s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
635 else 635 else
636 s->s3->hs.state = SSL3_ST_SW_CHANGE_A; 636 s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
637 s->internal->init_num = 0; 637 s->init_num = 0;
638 break; 638 break;
639 639
640 case SSL3_ST_SW_SESSION_TICKET_A: 640 case SSL3_ST_SW_SESSION_TICKET_A:
@@ -643,7 +643,7 @@ ssl3_accept(SSL *s)
643 if (ret <= 0) 643 if (ret <= 0)
644 goto end; 644 goto end;
645 s->s3->hs.state = SSL3_ST_SW_CHANGE_A; 645 s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
646 s->internal->init_num = 0; 646 s->init_num = 0;
647 break; 647 break;
648 648
649 case SSL3_ST_SW_CERT_STATUS_A: 649 case SSL3_ST_SW_CERT_STATUS_A:
@@ -652,7 +652,7 @@ ssl3_accept(SSL *s)
652 if (ret <= 0) 652 if (ret <= 0)
653 goto end; 653 goto end;
654 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A; 654 s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
655 s->internal->init_num = 0; 655 s->init_num = 0;
656 break; 656 break;
657 657
658 case SSL3_ST_SW_CHANGE_A: 658 case SSL3_ST_SW_CHANGE_A:
@@ -661,7 +661,7 @@ ssl3_accept(SSL *s)
661 if (ret <= 0) 661 if (ret <= 0)
662 goto end; 662 goto end;
663 s->s3->hs.state = SSL3_ST_SW_FINISHED_A; 663 s->s3->hs.state = SSL3_ST_SW_FINISHED_A;
664 s->internal->init_num = 0; 664 s->init_num = 0;
665 s->session->cipher = s->s3->hs.cipher; 665 s->session->cipher = s->s3->hs.cipher;
666 666
667 if (!tls1_setup_key_block(s)) { 667 if (!tls1_setup_key_block(s)) {
@@ -680,12 +680,12 @@ ssl3_accept(SSL *s)
680 if (ret <= 0) 680 if (ret <= 0)
681 goto end; 681 goto end;
682 s->s3->hs.state = SSL3_ST_SW_FLUSH; 682 s->s3->hs.state = SSL3_ST_SW_FLUSH;
683 if (s->internal->hit) { 683 if (s->hit) {
684 s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A; 684 s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A;
685 tls1_transcript_free(s); 685 tls1_transcript_free(s);
686 } else 686 } else
687 s->s3->hs.tls12.next_state = SSL_ST_OK; 687 s->s3->hs.tls12.next_state = SSL_ST_OK;
688 s->internal->init_num = 0; 688 s->init_num = 0;
689 break; 689 break;
690 690
691 case SSL_ST_OK: 691 case SSL_ST_OK:
@@ -704,18 +704,18 @@ ssl3_accept(SSL *s)
704 /* remove buffering on output */ 704 /* remove buffering on output */
705 ssl_free_wbio_buffer(s); 705 ssl_free_wbio_buffer(s);
706 706
707 s->internal->init_num = 0; 707 s->init_num = 0;
708 708
709 /* Skipped if we just sent a HelloRequest. */ 709 /* Skipped if we just sent a HelloRequest. */
710 if (s->internal->renegotiate == 2) { 710 if (s->renegotiate == 2) {
711 s->internal->renegotiate = 0; 711 s->renegotiate = 0;
712 s->internal->new_session = 0; 712 s->new_session = 0;
713 713
714 ssl_update_cache(s, SSL_SESS_CACHE_SERVER); 714 ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
715 715
716 s->ctx->internal->stats.sess_accept_good++; 716 s->ctx->stats.sess_accept_good++;
717 /* s->server=1; */ 717 /* s->server=1; */
718 s->internal->handshake_func = ssl3_accept; 718 s->handshake_func = ssl3_accept;
719 719
720 ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1); 720 ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1);
721 } 721 }
@@ -740,7 +740,7 @@ ssl3_accept(SSL *s)
740 } 740 }
741 741
742 if (!s->s3->hs.tls12.reuse_message && !skip) { 742 if (!s->s3->hs.tls12.reuse_message && !skip) {
743 if (s->internal->debug) { 743 if (s->debug) {
744 if ((ret = BIO_flush(s->wbio)) <= 0) 744 if ((ret = BIO_flush(s->wbio)) <= 0)
745 goto end; 745 goto end;
746 } 746 }
@@ -757,7 +757,7 @@ ssl3_accept(SSL *s)
757 } 757 }
758 end: 758 end:
759 /* BIO_flush(s->wbio); */ 759 /* BIO_flush(s->wbio); */
760 s->internal->in_handshake--; 760 s->in_handshake--;
761 ssl_info_callback(s, SSL_CB_ACCEPT_EXIT, ret); 761 ssl_info_callback(s, SSL_CB_ACCEPT_EXIT, ret);
762 762
763 return (ret); 763 return (ret);
@@ -815,19 +815,19 @@ ssl3_get_client_hello(SSL *s)
815 if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A) 815 if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A)
816 s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B; 816 s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
817 817
818 s->internal->first_packet = 1; 818 s->first_packet = 1;
819 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, 819 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
820 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, 820 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
821 SSL3_RT_MAX_PLAIN_LENGTH)) <= 0) 821 SSL3_RT_MAX_PLAIN_LENGTH)) <= 0)
822 return ret; 822 return ret;
823 s->internal->first_packet = 0; 823 s->first_packet = 0;
824 824
825 ret = -1; 825 ret = -1;
826 826
827 if (s->internal->init_num < 0) 827 if (s->init_num < 0)
828 goto err; 828 goto err;
829 829
830 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 830 CBS_init(&cbs, s->init_msg, s->init_num);
831 831
832 /* Parse client hello up until the extensions (if any). */ 832 /* Parse client hello up until the extensions (if any). */
833 if (!CBS_get_u16(&cbs, &client_version)) 833 if (!CBS_get_u16(&cbs, &client_version))
@@ -856,7 +856,7 @@ ssl3_get_client_hello(SSL *s)
856 */ 856 */
857 if (!ssl_max_shared_version(s, client_version, &shared_version)) { 857 if (!ssl_max_shared_version(s, client_version, &shared_version)) {
858 if ((client_version >> 8) == SSL3_VERSION_MAJOR && 858 if ((client_version >> 8) == SSL3_VERSION_MAJOR &&
859 !tls12_record_layer_write_protected(s->internal->rl)) { 859 !tls12_record_layer_write_protected(s->rl)) {
860 /* 860 /*
861 * Similar to ssl3_get_record, send alert using remote 861 * Similar to ssl3_get_record, send alert using remote
862 * version number. 862 * version number.
@@ -898,7 +898,7 @@ ssl3_get_client_hello(SSL *s)
898 sizeof(s->s3->client_random), NULL)) 898 sizeof(s->s3->client_random), NULL))
899 goto err; 899 goto err;
900 900
901 s->internal->hit = 0; 901 s->hit = 0;
902 902
903 /* 903 /*
904 * Versions before 0.9.7 always allow clients to resume sessions in 904 * Versions before 0.9.7 always allow clients to resume sessions in
@@ -910,12 +910,12 @@ ssl3_get_client_hello(SSL *s)
910 * library versions). 910 * library versions).
911 * 911 *
912 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() 912 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated()
913 * to request renegotiation but not a new session (s->internal->new_session 913 * to request renegotiation but not a new session (s->new_session
914 * remains unset): for servers, this essentially just means that the 914 * remains unset): for servers, this essentially just means that the
915 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be 915 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
916 * ignored. 916 * ignored.
917 */ 917 */
918 if ((s->internal->new_session && (s->internal->options & 918 if ((s->new_session && (s->options &
919 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { 919 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
920 if (!ssl_get_new_session(s, 1)) 920 if (!ssl_get_new_session(s, 1))
921 goto err; 921 goto err;
@@ -926,7 +926,7 @@ ssl3_get_client_hello(SSL *s)
926 926
927 i = ssl_get_prev_session(s, &session_id, &ext_block, &al); 927 i = ssl_get_prev_session(s, &session_id, &ext_block, &al);
928 if (i == 1) { /* previous session */ 928 if (i == 1) { /* previous session */
929 s->internal->hit = 1; 929 s->hit = 1;
930 } else if (i == -1) 930 } else if (i == -1)
931 goto fatal_err; 931 goto fatal_err;
932 else { 932 else {
@@ -958,8 +958,8 @@ ssl3_get_client_hello(SSL *s)
958 sizeof(s->d1->rcvd_cookie), &cookie_len)) 958 sizeof(s->d1->rcvd_cookie), &cookie_len))
959 goto err; 959 goto err;
960 960
961 if (s->ctx->internal->app_verify_cookie_cb != NULL) { 961 if (s->ctx->app_verify_cookie_cb != NULL) {
962 if (s->ctx->internal->app_verify_cookie_cb(s, 962 if (s->ctx->app_verify_cookie_cb(s,
963 s->d1->rcvd_cookie, cookie_len) == 0) { 963 s->d1->rcvd_cookie, cookie_len) == 0) {
964 al = SSL_AD_HANDSHAKE_FAILURE; 964 al = SSL_AD_HANDSHAKE_FAILURE;
965 SSLerror(s, SSL_R_COOKIE_MISMATCH); 965 SSLerror(s, SSL_R_COOKIE_MISMATCH);
@@ -994,7 +994,7 @@ ssl3_get_client_hello(SSL *s)
994 994
995 /* If it is a hit, check that the cipher is in the list */ 995 /* If it is a hit, check that the cipher is in the list */
996 /* XXX - CBS_len(&cipher_suites) will always be zero here... */ 996 /* XXX - CBS_len(&cipher_suites) will always be zero here... */
997 if (s->internal->hit && CBS_len(&cipher_suites) > 0) { 997 if (s->hit && CBS_len(&cipher_suites) > 0) {
998 j = 0; 998 j = 0;
999 id = s->session->cipher->id; 999 id = s->session->cipher->id;
1000 1000
@@ -1037,7 +1037,7 @@ ssl3_get_client_hello(SSL *s)
1037 if (CBS_len(&cbs) != 0) 1037 if (CBS_len(&cbs) != 0)
1038 goto decode_err; 1038 goto decode_err;
1039 1039
1040 if (!s->s3->renegotiate_seen && s->internal->renegotiate) { 1040 if (!s->s3->renegotiate_seen && s->renegotiate) {
1041 al = SSL_AD_HANDSHAKE_FAILURE; 1041 al = SSL_AD_HANDSHAKE_FAILURE;
1042 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 1042 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1043 goto fatal_err; 1043 goto fatal_err;
@@ -1077,13 +1077,13 @@ ssl3_get_client_hello(SSL *s)
1077 } 1077 }
1078 } 1078 }
1079 1079
1080 if (!s->internal->hit && s->internal->tls_session_secret_cb != NULL) { 1080 if (!s->hit && s->tls_session_secret_cb != NULL) {
1081 SSL_CIPHER *pref_cipher = NULL; 1081 SSL_CIPHER *pref_cipher = NULL;
1082 int master_key_length = sizeof(s->session->master_key); 1082 int master_key_length = sizeof(s->session->master_key);
1083 1083
1084 if (!s->internal->tls_session_secret_cb(s, 1084 if (!s->tls_session_secret_cb(s,
1085 s->session->master_key, &master_key_length, ciphers, 1085 s->session->master_key, &master_key_length, ciphers,
1086 &pref_cipher, s->internal->tls_session_secret_cb_arg)) { 1086 &pref_cipher, s->tls_session_secret_cb_arg)) {
1087 SSLerror(s, ERR_R_INTERNAL_ERROR); 1087 SSLerror(s, ERR_R_INTERNAL_ERROR);
1088 goto err; 1088 goto err;
1089 } 1089 }
@@ -1093,7 +1093,7 @@ ssl3_get_client_hello(SSL *s)
1093 } 1093 }
1094 s->session->master_key_length = master_key_length; 1094 s->session->master_key_length = master_key_length;
1095 1095
1096 s->internal->hit = 1; 1096 s->hit = 1;
1097 s->session->verify_result = X509_V_OK; 1097 s->session->verify_result = X509_V_OK;
1098 1098
1099 sk_SSL_CIPHER_free(s->session->ciphers); 1099 sk_SSL_CIPHER_free(s->session->ciphers);
@@ -1120,7 +1120,7 @@ ssl3_get_client_hello(SSL *s)
1120 * pick a cipher 1120 * pick a cipher
1121 */ 1121 */
1122 1122
1123 if (!s->internal->hit) { 1123 if (!s->hit) {
1124 if (ciphers == NULL) { 1124 if (ciphers == NULL) {
1125 al = SSL_AD_ILLEGAL_PARAMETER; 1125 al = SSL_AD_ILLEGAL_PARAMETER;
1126 SSLerror(s, SSL_R_NO_CIPHERS_PASSED); 1126 SSLerror(s, SSL_R_NO_CIPHERS_PASSED);
@@ -1157,7 +1157,7 @@ ssl3_get_client_hello(SSL *s)
1157 * compression - basically ignored right now 1157 * compression - basically ignored right now
1158 * ssl version is set - sslv3 1158 * ssl version is set - sslv3
1159 * s->session - The ssl session has been setup. 1159 * s->session - The ssl session has been setup.
1160 * s->internal->hit - session reuse flag 1160 * s->hit - session reuse flag
1161 * s->hs.cipher - the new cipher to use. 1161 * s->hs.cipher - the new cipher to use.
1162 */ 1162 */
1163 1163
@@ -1190,8 +1190,8 @@ ssl3_send_dtls_hello_verify_request(SSL *s)
1190 memset(&cbb, 0, sizeof(cbb)); 1190 memset(&cbb, 0, sizeof(cbb));
1191 1191
1192 if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { 1192 if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
1193 if (s->ctx->internal->app_gen_cookie_cb == NULL || 1193 if (s->ctx->app_gen_cookie_cb == NULL ||
1194 s->ctx->internal->app_gen_cookie_cb(s, s->d1->cookie, 1194 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
1195 &(s->d1->cookie_len)) == 0) { 1195 &(s->d1->cookie_len)) == 0) {
1196 SSLerror(s, ERR_R_INTERNAL_ERROR); 1196 SSLerror(s, ERR_R_INTERNAL_ERROR);
1197 return 0; 1197 return 0;
@@ -1259,12 +1259,12 @@ ssl3_send_server_hello(SSL *s)
1259 * - However, if we want the new session to be single-use, 1259 * - However, if we want the new session to be single-use,
1260 * we send back a 0-length session ID. 1260 * we send back a 0-length session ID.
1261 * 1261 *
1262 * s->internal->hit is non-zero in either case of session reuse, 1262 * s->hit is non-zero in either case of session reuse,
1263 * so the following won't overwrite an ID that we're supposed 1263 * so the following won't overwrite an ID that we're supposed
1264 * to send back. 1264 * to send back.
1265 */ 1265 */
1266 if (!(s->ctx->internal->session_cache_mode & SSL_SESS_CACHE_SERVER) 1266 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
1267 && !s->internal->hit) 1267 && !s->hit)
1268 s->session->session_id_length = 0; 1268 s->session->session_id_length = 0;
1269 1269
1270 sl = s->session->session_id_length; 1270 sl = s->session->session_id_length;
@@ -1895,10 +1895,10 @@ ssl3_get_client_key_exchange(SSL *s)
1895 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048)) <= 0) 1895 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048)) <= 0)
1896 return ret; 1896 return ret;
1897 1897
1898 if (s->internal->init_num < 0) 1898 if (s->init_num < 0)
1899 goto err; 1899 goto err;
1900 1900
1901 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 1901 CBS_init(&cbs, s->init_msg, s->init_num);
1902 1902
1903 alg_k = s->s3->hs.cipher->algorithm_mkey; 1903 alg_k = s->s3->hs.cipher->algorithm_mkey;
1904 1904
@@ -1955,13 +1955,13 @@ ssl3_get_cert_verify(SSL *s)
1955 1955
1956 ret = 0; 1956 ret = 0;
1957 1957
1958 if (s->internal->init_num < 0) 1958 if (s->init_num < 0)
1959 goto err; 1959 goto err;
1960 1960
1961 if ((mctx = EVP_MD_CTX_new()) == NULL) 1961 if ((mctx = EVP_MD_CTX_new()) == NULL)
1962 goto err; 1962 goto err;
1963 1963
1964 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 1964 CBS_init(&cbs, s->init_msg, s->init_num);
1965 1965
1966 peer_cert = s->session->peer_cert; 1966 peer_cert = s->session->peer_cert;
1967 pkey = X509_get0_pubkey(peer_cert); 1967 pkey = X509_get0_pubkey(peer_cert);
@@ -2178,7 +2178,7 @@ ssl3_get_client_certificate(SSL *s)
2178 int al, ret; 2178 int al, ret;
2179 2179
2180 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, 2180 if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
2181 -1, s->internal->max_cert_list)) <= 0) 2181 -1, s->max_cert_list)) <= 0)
2182 return ret; 2182 return ret;
2183 2183
2184 ret = -1; 2184 ret = -1;
@@ -2210,10 +2210,10 @@ ssl3_get_client_certificate(SSL *s)
2210 goto fatal_err; 2210 goto fatal_err;
2211 } 2211 }
2212 2212
2213 if (s->internal->init_num < 0) 2213 if (s->init_num < 0)
2214 goto decode_err; 2214 goto decode_err;
2215 2215
2216 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 2216 CBS_init(&cbs, s->init_msg, s->init_num);
2217 2217
2218 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list)) 2218 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list))
2219 goto decode_err; 2219 goto decode_err;
@@ -2367,17 +2367,17 @@ ssl3_send_newsession_ticket(SSL *s)
2367 * it does all the work, otherwise use generated values from 2367 * it does all the work, otherwise use generated values from
2368 * parent context. 2368 * parent context.
2369 */ 2369 */
2370 if (tctx->internal->tlsext_ticket_key_cb != NULL) { 2370 if (tctx->tlsext_ticket_key_cb != NULL) {
2371 if (tctx->internal->tlsext_ticket_key_cb(s, 2371 if (tctx->tlsext_ticket_key_cb(s,
2372 key_name, iv, ctx, hctx, 1) < 0) 2372 key_name, iv, ctx, hctx, 1) < 0)
2373 goto err; 2373 goto err;
2374 } else { 2374 } else {
2375 arc4random_buf(iv, 16); 2375 arc4random_buf(iv, 16);
2376 EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, 2376 EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
2377 tctx->internal->tlsext_tick_aes_key, iv); 2377 tctx->tlsext_tick_aes_key, iv);
2378 HMAC_Init_ex(hctx, tctx->internal->tlsext_tick_hmac_key, 2378 HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
2379 16, EVP_sha256(), NULL); 2379 16, EVP_sha256(), NULL);
2380 memcpy(key_name, tctx->internal->tlsext_tick_key_name, 16); 2380 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
2381 } 2381 }
2382 2382
2383 /* Encrypt the session state. */ 2383 /* Encrypt the session state. */
@@ -2415,7 +2415,7 @@ ssl3_send_newsession_ticket(SSL *s)
2415 * sessions will live as long as their sessions. 2415 * sessions will live as long as their sessions.
2416 */ 2416 */
2417 if (!CBB_add_u32(&session_ticket, 2417 if (!CBB_add_u32(&session_ticket,
2418 s->internal->hit ? 0 : s->session->timeout)) 2418 s->hit ? 0 : s->session->timeout))
2419 goto err; 2419 goto err;
2420 2420
2421 if (!CBB_add_u16_length_prefixed(&session_ticket, &ticket)) 2421 if (!CBB_add_u16_length_prefixed(&session_ticket, &ticket))
@@ -2473,8 +2473,8 @@ ssl3_send_cert_status(SSL *s)
2473 goto err; 2473 goto err;
2474 if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp)) 2474 if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp))
2475 goto err; 2475 goto err;
2476 if (!CBB_add_bytes(&ocspresp, s->internal->tlsext_ocsp_resp, 2476 if (!CBB_add_bytes(&ocspresp, s->tlsext_ocsp_resp,
2477 s->internal->tlsext_ocsp_resp_len)) 2477 s->tlsext_ocsp_resp_len))
2478 goto err; 2478 goto err;
2479 if (!ssl3_handshake_msg_finish(s, &cbb)) 2479 if (!ssl3_handshake_msg_finish(s, &cbb))
2480 goto err; 2480 goto err;
@@ -2500,8 +2500,8 @@ ssl3_send_server_change_cipher_spec(SSL *s)
2500 memset(&cbb, 0, sizeof(cbb)); 2500 memset(&cbb, 0, sizeof(cbb));
2501 2501
2502 if (s->s3->hs.state == SSL3_ST_SW_CHANGE_A) { 2502 if (s->s3->hs.state == SSL3_ST_SW_CHANGE_A) {
2503 if (!CBB_init_fixed(&cbb, s->internal->init_buf->data, 2503 if (!CBB_init_fixed(&cbb, s->init_buf->data,
2504 s->internal->init_buf->length)) 2504 s->init_buf->length))
2505 goto err; 2505 goto err;
2506 if (!CBB_add_u8(&cbb, SSL3_MT_CCS)) 2506 if (!CBB_add_u8(&cbb, SSL3_MT_CCS))
2507 goto err; 2507 goto err;
@@ -2511,8 +2511,8 @@ ssl3_send_server_change_cipher_spec(SSL *s)
2511 if (outlen > INT_MAX) 2511 if (outlen > INT_MAX)
2512 goto err; 2512 goto err;
2513 2513
2514 s->internal->init_num = (int)outlen; 2514 s->init_num = (int)outlen;
2515 s->internal->init_off = 0; 2515 s->init_off = 0;
2516 2516
2517 if (SSL_is_dtls(s)) { 2517 if (SSL_is_dtls(s)) {
2518 s->d1->handshake_write_seq = 2518 s->d1->handshake_write_seq =
@@ -2555,13 +2555,13 @@ ssl3_get_client_finished(SSL *s)
2555 2555
2556 md_len = TLS1_FINISH_MAC_LENGTH; 2556 md_len = TLS1_FINISH_MAC_LENGTH;
2557 2557
2558 if (s->internal->init_num < 0) { 2558 if (s->init_num < 0) {
2559 al = SSL_AD_DECODE_ERROR; 2559 al = SSL_AD_DECODE_ERROR;
2560 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); 2560 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
2561 goto fatal_err; 2561 goto fatal_err;
2562 } 2562 }
2563 2563
2564 CBS_init(&cbs, s->internal->init_msg, s->internal->init_num); 2564 CBS_init(&cbs, s->init_msg, s->init_num);
2565 2565
2566 if (s->s3->hs.peer_finished_len != md_len || 2566 if (s->s3->hs.peer_finished_len != md_len ||
2567 CBS_len(&cbs) != md_len) { 2567 CBS_len(&cbs) != md_len) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 13:26:56 +0000