diff options
Diffstat (limited to 'src/lib/libssl/ssl_tlsext.c')
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 200 |
1 files changed, 100 insertions, 100 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 8070296d9f..f93f44ceba 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.109 2022/01/24 13:49:50 tb Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.110 2022/02/05 14:54:10 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -41,7 +41,7 @@ tlsext_alpn_client_needs(SSL *s, uint16_t msg_type) | |||
| 41 | { | 41 | { |
| 42 | /* ALPN protos have been specified and this is the initial handshake */ | 42 | /* ALPN protos have been specified and this is the initial handshake */ |
| 43 | return s->internal->alpn_client_proto_list != NULL && | 43 | return s->internal->alpn_client_proto_list != NULL && |
| 44 | S3I(s)->hs.finished_len == 0; | 44 | s->s3->hs.finished_len == 0; |
| 45 | } | 45 | } |
| 46 | 46 | ||
| 47 | int | 47 | int |
| @@ -101,14 +101,14 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) | |||
| 101 | s->ctx->internal->alpn_select_cb_arg); | 101 | s->ctx->internal->alpn_select_cb_arg); |
| 102 | 102 | ||
| 103 | if (r == SSL_TLSEXT_ERR_OK) { | 103 | if (r == SSL_TLSEXT_ERR_OK) { |
| 104 | free(S3I(s)->alpn_selected); | 104 | free(s->s3->alpn_selected); |
| 105 | if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) { | 105 | if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { |
| 106 | S3I(s)->alpn_selected_len = 0; | 106 | s->s3->alpn_selected_len = 0; |
| 107 | *alert = SSL_AD_INTERNAL_ERROR; | 107 | *alert = SSL_AD_INTERNAL_ERROR; |
| 108 | return 0; | 108 | return 0; |
| 109 | } | 109 | } |
| 110 | memcpy(S3I(s)->alpn_selected, selected, selected_len); | 110 | memcpy(s->s3->alpn_selected, selected, selected_len); |
| 111 | S3I(s)->alpn_selected_len = selected_len; | 111 | s->s3->alpn_selected_len = selected_len; |
| 112 | 112 | ||
| 113 | return 1; | 113 | return 1; |
| 114 | } | 114 | } |
| @@ -130,7 +130,7 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) | |||
| 130 | int | 130 | int |
| 131 | tlsext_alpn_server_needs(SSL *s, uint16_t msg_type) | 131 | tlsext_alpn_server_needs(SSL *s, uint16_t msg_type) |
| 132 | { | 132 | { |
| 133 | return S3I(s)->alpn_selected != NULL; | 133 | return s->s3->alpn_selected != NULL; |
| 134 | } | 134 | } |
| 135 | 135 | ||
| 136 | int | 136 | int |
| @@ -144,8 +144,8 @@ tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 144 | if (!CBB_add_u8_length_prefixed(&list, &selected)) | 144 | if (!CBB_add_u8_length_prefixed(&list, &selected)) |
| 145 | return 0; | 145 | return 0; |
| 146 | 146 | ||
| 147 | if (!CBB_add_bytes(&selected, S3I(s)->alpn_selected, | 147 | if (!CBB_add_bytes(&selected, s->s3->alpn_selected, |
| 148 | S3I(s)->alpn_selected_len)) | 148 | s->s3->alpn_selected_len)) |
| 149 | return 0; | 149 | return 0; |
| 150 | 150 | ||
| 151 | if (!CBB_flush(cbb)) | 151 | if (!CBB_flush(cbb)) |
| @@ -177,8 +177,8 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 177 | if (CBS_len(&proto) == 0) | 177 | if (CBS_len(&proto) == 0) |
| 178 | goto err; | 178 | goto err; |
| 179 | 179 | ||
| 180 | if (!CBS_stow(&proto, &(S3I(s)->alpn_selected), | 180 | if (!CBS_stow(&proto, &(s->s3->alpn_selected), |
| 181 | &(S3I(s)->alpn_selected_len))) | 181 | &(s->s3->alpn_selected_len))) |
| 182 | goto err; | 182 | goto err; |
| 183 | 183 | ||
| 184 | return 1; | 184 | return 1; |
| @@ -195,7 +195,7 @@ int | |||
| 195 | tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type) | 195 | tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type) |
| 196 | { | 196 | { |
| 197 | return ssl_has_ecc_ciphers(s) || | 197 | return ssl_has_ecc_ciphers(s) || |
| 198 | (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION); | 198 | (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); |
| 199 | } | 199 | } |
| 200 | 200 | ||
| 201 | int | 201 | int |
| @@ -247,7 +247,7 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, | |||
| 247 | uint16_t *groups; | 247 | uint16_t *groups; |
| 248 | int i; | 248 | int i; |
| 249 | 249 | ||
| 250 | if (S3I(s)->hs.tls13.hrr) { | 250 | if (s->s3->hs.tls13.hrr) { |
| 251 | if (s->session->tlsext_supportedgroups == NULL) { | 251 | if (s->session->tlsext_supportedgroups == NULL) { |
| 252 | *alert = SSL_AD_HANDSHAKE_FAILURE; | 252 | *alert = SSL_AD_HANDSHAKE_FAILURE; |
| 253 | return 0; | 253 | return 0; |
| @@ -450,8 +450,8 @@ tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 450 | 450 | ||
| 451 | if (!CBB_add_u8_length_prefixed(cbb, &reneg)) | 451 | if (!CBB_add_u8_length_prefixed(cbb, &reneg)) |
| 452 | return 0; | 452 | return 0; |
| 453 | if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished, | 453 | if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished, |
| 454 | S3I(s)->previous_client_finished_len)) | 454 | s->s3->previous_client_finished_len)) |
| 455 | return 0; | 455 | return 0; |
| 456 | if (!CBB_flush(cbb)) | 456 | if (!CBB_flush(cbb)) |
| 457 | return 0; | 457 | return 0; |
| @@ -469,15 +469,15 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 469 | if (CBS_len(cbs) != 0) | 469 | if (CBS_len(cbs) != 0) |
| 470 | goto err; | 470 | goto err; |
| 471 | 471 | ||
| 472 | if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished, | 472 | if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished, |
| 473 | S3I(s)->previous_client_finished_len)) { | 473 | s->s3->previous_client_finished_len)) { |
| 474 | SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); | 474 | SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); |
| 475 | *alert = SSL_AD_HANDSHAKE_FAILURE; | 475 | *alert = SSL_AD_HANDSHAKE_FAILURE; |
| 476 | return 0; | 476 | return 0; |
| 477 | } | 477 | } |
| 478 | 478 | ||
| 479 | S3I(s)->renegotiate_seen = 1; | 479 | s->s3->renegotiate_seen = 1; |
| 480 | S3I(s)->send_connection_binding = 1; | 480 | s->s3->send_connection_binding = 1; |
| 481 | 481 | ||
| 482 | return 1; | 482 | return 1; |
| 483 | 483 | ||
| @@ -490,8 +490,8 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 490 | int | 490 | int |
| 491 | tlsext_ri_server_needs(SSL *s, uint16_t msg_type) | 491 | tlsext_ri_server_needs(SSL *s, uint16_t msg_type) |
| 492 | { | 492 | { |
| 493 | return (S3I(s)->hs.negotiated_tls_version < TLS1_3_VERSION && | 493 | return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION && |
| 494 | S3I(s)->send_connection_binding); | 494 | s->s3->send_connection_binding); |
| 495 | } | 495 | } |
| 496 | 496 | ||
| 497 | int | 497 | int |
| @@ -501,11 +501,11 @@ tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 501 | 501 | ||
| 502 | if (!CBB_add_u8_length_prefixed(cbb, &reneg)) | 502 | if (!CBB_add_u8_length_prefixed(cbb, &reneg)) |
| 503 | return 0; | 503 | return 0; |
| 504 | if (!CBB_add_bytes(&reneg, S3I(s)->previous_client_finished, | 504 | if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished, |
| 505 | S3I(s)->previous_client_finished_len)) | 505 | s->s3->previous_client_finished_len)) |
| 506 | return 0; | 506 | return 0; |
| 507 | if (!CBB_add_bytes(&reneg, S3I(s)->previous_server_finished, | 507 | if (!CBB_add_bytes(&reneg, s->s3->previous_server_finished, |
| 508 | S3I(s)->previous_server_finished_len)) | 508 | s->s3->previous_server_finished_len)) |
| 509 | return 0; | 509 | return 0; |
| 510 | if (!CBB_flush(cbb)) | 510 | if (!CBB_flush(cbb)) |
| 511 | return 0; | 511 | return 0; |
| @@ -522,10 +522,10 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 522 | * Ensure that the previous client and server values are both not | 522 | * Ensure that the previous client and server values are both not |
| 523 | * present, or that they are both present. | 523 | * present, or that they are both present. |
| 524 | */ | 524 | */ |
| 525 | if ((S3I(s)->previous_client_finished_len == 0 && | 525 | if ((s->s3->previous_client_finished_len == 0 && |
| 526 | S3I(s)->previous_server_finished_len != 0) || | 526 | s->s3->previous_server_finished_len != 0) || |
| 527 | (S3I(s)->previous_client_finished_len != 0 && | 527 | (s->s3->previous_client_finished_len != 0 && |
| 528 | S3I(s)->previous_server_finished_len == 0)) { | 528 | s->s3->previous_server_finished_len == 0)) { |
| 529 | *alert = SSL_AD_INTERNAL_ERROR; | 529 | *alert = SSL_AD_INTERNAL_ERROR; |
| 530 | return 0; | 530 | return 0; |
| 531 | } | 531 | } |
| @@ -533,31 +533,31 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 533 | if (!CBS_get_u8_length_prefixed(cbs, &reneg)) | 533 | if (!CBS_get_u8_length_prefixed(cbs, &reneg)) |
| 534 | goto err; | 534 | goto err; |
| 535 | if (!CBS_get_bytes(&reneg, &prev_client, | 535 | if (!CBS_get_bytes(&reneg, &prev_client, |
| 536 | S3I(s)->previous_client_finished_len)) | 536 | s->s3->previous_client_finished_len)) |
| 537 | goto err; | 537 | goto err; |
| 538 | if (!CBS_get_bytes(&reneg, &prev_server, | 538 | if (!CBS_get_bytes(&reneg, &prev_server, |
| 539 | S3I(s)->previous_server_finished_len)) | 539 | s->s3->previous_server_finished_len)) |
| 540 | goto err; | 540 | goto err; |
| 541 | if (CBS_len(&reneg) != 0) | 541 | if (CBS_len(&reneg) != 0) |
| 542 | goto err; | 542 | goto err; |
| 543 | if (CBS_len(cbs) != 0) | 543 | if (CBS_len(cbs) != 0) |
| 544 | goto err; | 544 | goto err; |
| 545 | 545 | ||
| 546 | if (!CBS_mem_equal(&prev_client, S3I(s)->previous_client_finished, | 546 | if (!CBS_mem_equal(&prev_client, s->s3->previous_client_finished, |
| 547 | S3I(s)->previous_client_finished_len)) { | 547 | s->s3->previous_client_finished_len)) { |
| 548 | SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); | 548 | SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); |
| 549 | *alert = SSL_AD_HANDSHAKE_FAILURE; | 549 | *alert = SSL_AD_HANDSHAKE_FAILURE; |
| 550 | return 0; | 550 | return 0; |
| 551 | } | 551 | } |
| 552 | if (!CBS_mem_equal(&prev_server, S3I(s)->previous_server_finished, | 552 | if (!CBS_mem_equal(&prev_server, s->s3->previous_server_finished, |
| 553 | S3I(s)->previous_server_finished_len)) { | 553 | s->s3->previous_server_finished_len)) { |
| 554 | SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); | 554 | SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH); |
| 555 | *alert = SSL_AD_HANDSHAKE_FAILURE; | 555 | *alert = SSL_AD_HANDSHAKE_FAILURE; |
| 556 | return 0; | 556 | return 0; |
| 557 | } | 557 | } |
| 558 | 558 | ||
| 559 | S3I(s)->renegotiate_seen = 1; | 559 | s->s3->renegotiate_seen = 1; |
| 560 | S3I(s)->send_connection_binding = 1; | 560 | s->s3->send_connection_binding = 1; |
| 561 | 561 | ||
| 562 | return 1; | 562 | return 1; |
| 563 | 563 | ||
| @@ -573,17 +573,17 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 573 | int | 573 | int |
| 574 | tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type) | 574 | tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type) |
| 575 | { | 575 | { |
| 576 | return (S3I(s)->hs.our_max_tls_version >= TLS1_2_VERSION); | 576 | return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION); |
| 577 | } | 577 | } |
| 578 | 578 | ||
| 579 | int | 579 | int |
| 580 | tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb) | 580 | tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb) |
| 581 | { | 581 | { |
| 582 | uint16_t tls_version = S3I(s)->hs.negotiated_tls_version; | 582 | uint16_t tls_version = s->s3->hs.negotiated_tls_version; |
| 583 | CBB sigalgs; | 583 | CBB sigalgs; |
| 584 | 584 | ||
| 585 | if (msg_type == SSL_TLSEXT_MSG_CH) | 585 | if (msg_type == SSL_TLSEXT_MSG_CH) |
| 586 | tls_version = S3I(s)->hs.our_min_tls_version; | 586 | tls_version = s->s3->hs.our_min_tls_version; |
| 587 | 587 | ||
| 588 | if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) | 588 | if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) |
| 589 | return 0; | 589 | return 0; |
| @@ -604,7 +604,7 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 604 | return 0; | 604 | return 0; |
| 605 | if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) | 605 | if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) |
| 606 | return 0; | 606 | return 0; |
| 607 | if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len)) | 607 | if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len)) |
| 608 | return 0; | 608 | return 0; |
| 609 | 609 | ||
| 610 | return 1; | 610 | return 1; |
| @@ -613,7 +613,7 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 613 | int | 613 | int |
| 614 | tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type) | 614 | tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type) |
| 615 | { | 615 | { |
| 616 | return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION); | 616 | return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); |
| 617 | } | 617 | } |
| 618 | 618 | ||
| 619 | int | 619 | int |
| @@ -623,7 +623,7 @@ tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 623 | 623 | ||
| 624 | if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) | 624 | if (!CBB_add_u16_length_prefixed(cbb, &sigalgs)) |
| 625 | return 0; | 625 | return 0; |
| 626 | if (!ssl_sigalgs_build(S3I(s)->hs.negotiated_tls_version, &sigalgs)) | 626 | if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version, &sigalgs)) |
| 627 | return 0; | 627 | return 0; |
| 628 | if (!CBB_flush(cbb)) | 628 | if (!CBB_flush(cbb)) |
| 629 | return 0; | 629 | return 0; |
| @@ -643,7 +643,7 @@ tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 643 | return 0; | 643 | return 0; |
| 644 | if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) | 644 | if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) |
| 645 | return 0; | 645 | return 0; |
| 646 | if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len)) | 646 | if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len)) |
| 647 | return 0; | 647 | return 0; |
| 648 | 648 | ||
| 649 | return 1; | 649 | return 1; |
| @@ -804,7 +804,7 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 804 | goto err; | 804 | goto err; |
| 805 | } | 805 | } |
| 806 | 806 | ||
| 807 | if (s->internal->hit || S3I(s)->hs.tls13.hrr) { | 807 | if (s->internal->hit || s->s3->hs.tls13.hrr) { |
| 808 | if (s->session->tlsext_hostname == NULL) { | 808 | if (s->session->tlsext_hostname == NULL) { |
| 809 | *alert = SSL_AD_UNRECOGNIZED_NAME; | 809 | *alert = SSL_AD_UNRECOGNIZED_NAME; |
| 810 | goto err; | 810 | goto err; |
| @@ -1027,7 +1027,7 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1027 | int | 1027 | int |
| 1028 | tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type) | 1028 | tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type) |
| 1029 | { | 1029 | { |
| 1030 | if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION && | 1030 | if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && |
| 1031 | s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && | 1031 | s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && |
| 1032 | s->ctx->internal->tlsext_status_cb != NULL) { | 1032 | s->ctx->internal->tlsext_status_cb != NULL) { |
| 1033 | s->internal->tlsext_status_expected = 0; | 1033 | s->internal->tlsext_status_expected = 0; |
| @@ -1044,7 +1044,7 @@ tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 1044 | { | 1044 | { |
| 1045 | CBB ocsp_response; | 1045 | CBB ocsp_response; |
| 1046 | 1046 | ||
| 1047 | if (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION) { | 1047 | if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) { |
| 1048 | if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp)) | 1048 | if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp)) |
| 1049 | return 0; | 1049 | return 0; |
| 1050 | if (!CBB_add_u24_length_prefixed(cbb, &ocsp_response)) | 1050 | if (!CBB_add_u24_length_prefixed(cbb, &ocsp_response)) |
| @@ -1451,7 +1451,7 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1451 | int | 1451 | int |
| 1452 | tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type) | 1452 | tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type) |
| 1453 | { | 1453 | { |
| 1454 | return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION); | 1454 | return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); |
| 1455 | } | 1455 | } |
| 1456 | 1456 | ||
| 1457 | int | 1457 | int |
| @@ -1463,11 +1463,11 @@ tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 1463 | return 0; | 1463 | return 0; |
| 1464 | 1464 | ||
| 1465 | if (!CBB_add_u16(&client_shares, | 1465 | if (!CBB_add_u16(&client_shares, |
| 1466 | tls_key_share_group(S3I(s)->hs.key_share))) | 1466 | tls_key_share_group(s->s3->hs.key_share))) |
| 1467 | return 0; | 1467 | return 0; |
| 1468 | if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) | 1468 | if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) |
| 1469 | return 0; | 1469 | return 0; |
| 1470 | if (!tls_key_share_public(S3I(s)->hs.key_share, &key_exchange)) | 1470 | if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange)) |
| 1471 | return 0; | 1471 | return 0; |
| 1472 | 1472 | ||
| 1473 | if (!CBB_flush(cbb)) | 1473 | if (!CBB_flush(cbb)) |
| @@ -1503,9 +1503,9 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1503 | * Ignore this client share if we're using earlier than TLSv1.3 | 1503 | * Ignore this client share if we're using earlier than TLSv1.3 |
| 1504 | * or we've already selected a key share. | 1504 | * or we've already selected a key share. |
| 1505 | */ | 1505 | */ |
| 1506 | if (S3I(s)->hs.our_max_tls_version < TLS1_3_VERSION) | 1506 | if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION) |
| 1507 | continue; | 1507 | continue; |
| 1508 | if (S3I(s)->hs.key_share != NULL) | 1508 | if (s->s3->hs.key_share != NULL) |
| 1509 | continue; | 1509 | continue; |
| 1510 | 1510 | ||
| 1511 | /* XXX - consider implementing server preference. */ | 1511 | /* XXX - consider implementing server preference. */ |
| @@ -1513,11 +1513,11 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1513 | continue; | 1513 | continue; |
| 1514 | 1514 | ||
| 1515 | /* Decode and store the selected key share. */ | 1515 | /* Decode and store the selected key share. */ |
| 1516 | if ((S3I(s)->hs.key_share = tls_key_share_new(group)) == NULL) { | 1516 | if ((s->s3->hs.key_share = tls_key_share_new(group)) == NULL) { |
| 1517 | *alert = SSL_AD_INTERNAL_ERROR; | 1517 | *alert = SSL_AD_INTERNAL_ERROR; |
| 1518 | return 0; | 1518 | return 0; |
| 1519 | } | 1519 | } |
| 1520 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, | 1520 | if (!tls_key_share_peer_public(s->s3->hs.key_share, |
| 1521 | &key_exchange, &decode_error, NULL)) { | 1521 | &key_exchange, &decode_error, NULL)) { |
| 1522 | if (!decode_error) | 1522 | if (!decode_error) |
| 1523 | *alert = SSL_AD_INTERNAL_ERROR; | 1523 | *alert = SSL_AD_INTERNAL_ERROR; |
| @@ -1531,7 +1531,7 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1531 | int | 1531 | int |
| 1532 | tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type) | 1532 | tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type) |
| 1533 | { | 1533 | { |
| 1534 | return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION && | 1534 | return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && |
| 1535 | tlsext_extension_seen(s, TLSEXT_TYPE_key_share)); | 1535 | tlsext_extension_seen(s, TLSEXT_TYPE_key_share)); |
| 1536 | } | 1536 | } |
| 1537 | 1537 | ||
| @@ -1541,20 +1541,20 @@ tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 1541 | CBB key_exchange; | 1541 | CBB key_exchange; |
| 1542 | 1542 | ||
| 1543 | /* In the case of a HRR, we only send the server selected group. */ | 1543 | /* In the case of a HRR, we only send the server selected group. */ |
| 1544 | if (S3I(s)->hs.tls13.hrr) { | 1544 | if (s->s3->hs.tls13.hrr) { |
| 1545 | if (S3I(s)->hs.tls13.server_group == 0) | 1545 | if (s->s3->hs.tls13.server_group == 0) |
| 1546 | return 0; | 1546 | return 0; |
| 1547 | return CBB_add_u16(cbb, S3I(s)->hs.tls13.server_group); | 1547 | return CBB_add_u16(cbb, s->s3->hs.tls13.server_group); |
| 1548 | } | 1548 | } |
| 1549 | 1549 | ||
| 1550 | if (S3I(s)->hs.key_share == NULL) | 1550 | if (s->s3->hs.key_share == NULL) |
| 1551 | return 0; | 1551 | return 0; |
| 1552 | 1552 | ||
| 1553 | if (!CBB_add_u16(cbb, tls_key_share_group(S3I(s)->hs.key_share))) | 1553 | if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share))) |
| 1554 | return 0; | 1554 | return 0; |
| 1555 | if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) | 1555 | if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) |
| 1556 | return 0; | 1556 | return 0; |
| 1557 | if (!tls_key_share_public(S3I(s)->hs.key_share, &key_exchange)) | 1557 | if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange)) |
| 1558 | return 0; | 1558 | return 0; |
| 1559 | 1559 | ||
| 1560 | if (!CBB_flush(cbb)) | 1560 | if (!CBB_flush(cbb)) |
| @@ -1579,22 +1579,22 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1579 | if (msg_type != SSL_TLSEXT_MSG_HRR) | 1579 | if (msg_type != SSL_TLSEXT_MSG_HRR) |
| 1580 | return 0; | 1580 | return 0; |
| 1581 | 1581 | ||
| 1582 | S3I(s)->hs.tls13.server_group = group; | 1582 | s->s3->hs.tls13.server_group = group; |
| 1583 | return 1; | 1583 | return 1; |
| 1584 | } | 1584 | } |
| 1585 | 1585 | ||
| 1586 | if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) | 1586 | if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) |
| 1587 | return 0; | 1587 | return 0; |
| 1588 | 1588 | ||
| 1589 | if (S3I(s)->hs.key_share == NULL) { | 1589 | if (s->s3->hs.key_share == NULL) { |
| 1590 | *alert = SSL_AD_INTERNAL_ERROR; | 1590 | *alert = SSL_AD_INTERNAL_ERROR; |
| 1591 | return 0; | 1591 | return 0; |
| 1592 | } | 1592 | } |
| 1593 | if (tls_key_share_group(S3I(s)->hs.key_share) != group) { | 1593 | if (tls_key_share_group(s->s3->hs.key_share) != group) { |
| 1594 | *alert = SSL_AD_INTERNAL_ERROR; | 1594 | *alert = SSL_AD_INTERNAL_ERROR; |
| 1595 | return 0; | 1595 | return 0; |
| 1596 | } | 1596 | } |
| 1597 | if (!tls_key_share_peer_public(S3I(s)->hs.key_share, | 1597 | if (!tls_key_share_peer_public(s->s3->hs.key_share, |
| 1598 | &key_exchange, &decode_error, NULL)) { | 1598 | &key_exchange, &decode_error, NULL)) { |
| 1599 | if (!decode_error) | 1599 | if (!decode_error) |
| 1600 | *alert = SSL_AD_INTERNAL_ERROR; | 1600 | *alert = SSL_AD_INTERNAL_ERROR; |
| @@ -1610,7 +1610,7 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1610 | int | 1610 | int |
| 1611 | tlsext_versions_client_needs(SSL *s, uint16_t msg_type) | 1611 | tlsext_versions_client_needs(SSL *s, uint16_t msg_type) |
| 1612 | { | 1612 | { |
| 1613 | return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION); | 1613 | return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); |
| 1614 | } | 1614 | } |
| 1615 | 1615 | ||
| 1616 | int | 1616 | int |
| @@ -1620,8 +1620,8 @@ tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 1620 | uint16_t version; | 1620 | uint16_t version; |
| 1621 | CBB versions; | 1621 | CBB versions; |
| 1622 | 1622 | ||
| 1623 | max = S3I(s)->hs.our_max_tls_version; | 1623 | max = s->s3->hs.our_max_tls_version; |
| 1624 | min = S3I(s)->hs.our_min_tls_version; | 1624 | min = s->s3->hs.our_min_tls_version; |
| 1625 | 1625 | ||
| 1626 | if (!CBB_add_u8_length_prefixed(cbb, &versions)) | 1626 | if (!CBB_add_u8_length_prefixed(cbb, &versions)) |
| 1627 | return 0; | 1627 | return 0; |
| @@ -1646,8 +1646,8 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1646 | uint16_t max, min; | 1646 | uint16_t max, min; |
| 1647 | uint16_t matched_version = 0; | 1647 | uint16_t matched_version = 0; |
| 1648 | 1648 | ||
| 1649 | max = S3I(s)->hs.our_max_tls_version; | 1649 | max = s->s3->hs.our_max_tls_version; |
| 1650 | min = S3I(s)->hs.our_min_tls_version; | 1650 | min = s->s3->hs.our_min_tls_version; |
| 1651 | 1651 | ||
| 1652 | if (!CBS_get_u8_length_prefixed(cbs, &versions)) | 1652 | if (!CBS_get_u8_length_prefixed(cbs, &versions)) |
| 1653 | goto err; | 1653 | goto err; |
| @@ -1680,7 +1680,7 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1680 | int | 1680 | int |
| 1681 | tlsext_versions_server_needs(SSL *s, uint16_t msg_type) | 1681 | tlsext_versions_server_needs(SSL *s, uint16_t msg_type) |
| 1682 | { | 1682 | { |
| 1683 | return (S3I(s)->hs.negotiated_tls_version >= TLS1_3_VERSION); | 1683 | return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); |
| 1684 | } | 1684 | } |
| 1685 | 1685 | ||
| 1686 | int | 1686 | int |
| @@ -1706,7 +1706,7 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1706 | } | 1706 | } |
| 1707 | 1707 | ||
| 1708 | /* XXX test between min and max once initialization code goes in */ | 1708 | /* XXX test between min and max once initialization code goes in */ |
| 1709 | S3I(s)->hs.tls13.server_version = selected_version; | 1709 | s->s3->hs.tls13.server_version = selected_version; |
| 1710 | 1710 | ||
| 1711 | return 1; | 1711 | return 1; |
| 1712 | } | 1712 | } |
| @@ -1719,8 +1719,8 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1719 | int | 1719 | int |
| 1720 | tlsext_cookie_client_needs(SSL *s, uint16_t msg_type) | 1720 | tlsext_cookie_client_needs(SSL *s, uint16_t msg_type) |
| 1721 | { | 1721 | { |
| 1722 | return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION && | 1722 | return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION && |
| 1723 | S3I(s)->hs.tls13.cookie_len > 0 && S3I(s)->hs.tls13.cookie != NULL); | 1723 | s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); |
| 1724 | } | 1724 | } |
| 1725 | 1725 | ||
| 1726 | int | 1726 | int |
| @@ -1731,8 +1731,8 @@ tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 1731 | if (!CBB_add_u16_length_prefixed(cbb, &cookie)) | 1731 | if (!CBB_add_u16_length_prefixed(cbb, &cookie)) |
| 1732 | return 0; | 1732 | return 0; |
| 1733 | 1733 | ||
| 1734 | if (!CBB_add_bytes(&cookie, S3I(s)->hs.tls13.cookie, | 1734 | if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie, |
| 1735 | S3I(s)->hs.tls13.cookie_len)) | 1735 | s->s3->hs.tls13.cookie_len)) |
| 1736 | return 0; | 1736 | return 0; |
| 1737 | 1737 | ||
| 1738 | if (!CBB_flush(cbb)) | 1738 | if (!CBB_flush(cbb)) |
| @@ -1749,7 +1749,7 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1749 | if (!CBS_get_u16_length_prefixed(cbs, &cookie)) | 1749 | if (!CBS_get_u16_length_prefixed(cbs, &cookie)) |
| 1750 | goto err; | 1750 | goto err; |
| 1751 | 1751 | ||
| 1752 | if (CBS_len(&cookie) != S3I(s)->hs.tls13.cookie_len) | 1752 | if (CBS_len(&cookie) != s->s3->hs.tls13.cookie_len) |
| 1753 | goto err; | 1753 | goto err; |
| 1754 | 1754 | ||
| 1755 | /* | 1755 | /* |
| @@ -1757,8 +1757,8 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1757 | * sent - client *MUST* send the same cookie with new CR after | 1757 | * sent - client *MUST* send the same cookie with new CR after |
| 1758 | * a cookie is sent by the server with an HRR. | 1758 | * a cookie is sent by the server with an HRR. |
| 1759 | */ | 1759 | */ |
| 1760 | if (!CBS_mem_equal(&cookie, S3I(s)->hs.tls13.cookie, | 1760 | if (!CBS_mem_equal(&cookie, s->s3->hs.tls13.cookie, |
| 1761 | S3I(s)->hs.tls13.cookie_len)) { | 1761 | s->s3->hs.tls13.cookie_len)) { |
| 1762 | /* XXX special cookie mismatch alert? */ | 1762 | /* XXX special cookie mismatch alert? */ |
| 1763 | *alert = SSL_AD_ILLEGAL_PARAMETER; | 1763 | *alert = SSL_AD_ILLEGAL_PARAMETER; |
| 1764 | return 0; | 1764 | return 0; |
| @@ -1778,8 +1778,8 @@ tlsext_cookie_server_needs(SSL *s, uint16_t msg_type) | |||
| 1778 | * Server needs to set cookie value in tls13 handshake | 1778 | * Server needs to set cookie value in tls13 handshake |
| 1779 | * in order to send one, should only be sent with HRR. | 1779 | * in order to send one, should only be sent with HRR. |
| 1780 | */ | 1780 | */ |
| 1781 | return (S3I(s)->hs.our_max_tls_version >= TLS1_3_VERSION && | 1781 | return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION && |
| 1782 | S3I(s)->hs.tls13.cookie_len > 0 && S3I(s)->hs.tls13.cookie != NULL); | 1782 | s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); |
| 1783 | } | 1783 | } |
| 1784 | 1784 | ||
| 1785 | int | 1785 | int |
| @@ -1792,8 +1792,8 @@ tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 1792 | if (!CBB_add_u16_length_prefixed(cbb, &cookie)) | 1792 | if (!CBB_add_u16_length_prefixed(cbb, &cookie)) |
| 1793 | return 0; | 1793 | return 0; |
| 1794 | 1794 | ||
| 1795 | if (!CBB_add_bytes(&cookie, S3I(s)->hs.tls13.cookie, | 1795 | if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie, |
| 1796 | S3I(s)->hs.tls13.cookie_len)) | 1796 | s->s3->hs.tls13.cookie_len)) |
| 1797 | return 0; | 1797 | return 0; |
| 1798 | 1798 | ||
| 1799 | if (!CBB_flush(cbb)) | 1799 | if (!CBB_flush(cbb)) |
| @@ -1812,8 +1812,8 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1812 | * HRR from a server with a cookie to process after accepting | 1812 | * HRR from a server with a cookie to process after accepting |
| 1813 | * one from the server in the same handshake | 1813 | * one from the server in the same handshake |
| 1814 | */ | 1814 | */ |
| 1815 | if (S3I(s)->hs.tls13.cookie != NULL || | 1815 | if (s->s3->hs.tls13.cookie != NULL || |
| 1816 | S3I(s)->hs.tls13.cookie_len != 0) { | 1816 | s->s3->hs.tls13.cookie_len != 0) { |
| 1817 | *alert = SSL_AD_ILLEGAL_PARAMETER; | 1817 | *alert = SSL_AD_ILLEGAL_PARAMETER; |
| 1818 | return 0; | 1818 | return 0; |
| 1819 | } | 1819 | } |
| @@ -1821,8 +1821,8 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 1821 | if (!CBS_get_u16_length_prefixed(cbs, &cookie)) | 1821 | if (!CBS_get_u16_length_prefixed(cbs, &cookie)) |
| 1822 | goto err; | 1822 | goto err; |
| 1823 | 1823 | ||
| 1824 | if (!CBS_stow(&cookie, &S3I(s)->hs.tls13.cookie, | 1824 | if (!CBS_stow(&cookie, &s->s3->hs.tls13.cookie, |
| 1825 | &S3I(s)->hs.tls13.cookie_len)) | 1825 | &s->s3->hs.tls13.cookie_len)) |
| 1826 | goto err; | 1826 | goto err; |
| 1827 | 1827 | ||
| 1828 | return 1; | 1828 | return 1; |
| @@ -2049,7 +2049,7 @@ tlsext_extension_seen(SSL *s, uint16_t type) | |||
| 2049 | 2049 | ||
| 2050 | if (tls_extension_find(type, &idx) == NULL) | 2050 | if (tls_extension_find(type, &idx) == NULL) |
| 2051 | return 0; | 2051 | return 0; |
| 2052 | return ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0); | 2052 | return ((s->s3->hs.extensions_seen & (1 << idx)) != 0); |
| 2053 | } | 2053 | } |
| 2054 | 2054 | ||
| 2055 | static const struct tls_extension_funcs * | 2055 | static const struct tls_extension_funcs * |
| @@ -2149,7 +2149,7 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 2149 | 2149 | ||
| 2150 | tls_version = ssl_effective_tls_version(s); | 2150 | tls_version = ssl_effective_tls_version(s); |
| 2151 | 2151 | ||
| 2152 | S3I(s)->hs.extensions_seen = 0; | 2152 | s->s3->hs.extensions_seen = 0; |
| 2153 | 2153 | ||
| 2154 | /* An empty extensions block is valid. */ | 2154 | /* An empty extensions block is valid. */ |
| 2155 | if (CBS_len(cbs) == 0) | 2155 | if (CBS_len(cbs) == 0) |
| @@ -2191,9 +2191,9 @@ tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 2191 | } | 2191 | } |
| 2192 | 2192 | ||
| 2193 | /* Check for duplicate known extensions. */ | 2193 | /* Check for duplicate known extensions. */ |
| 2194 | if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0) | 2194 | if ((s->s3->hs.extensions_seen & (1 << idx)) != 0) |
| 2195 | goto err; | 2195 | goto err; |
| 2196 | S3I(s)->hs.extensions_seen |= (1 << idx); | 2196 | s->s3->hs.extensions_seen |= (1 << idx); |
| 2197 | 2197 | ||
| 2198 | ext = tlsext_funcs(tlsext, is_server); | 2198 | ext = tlsext_funcs(tlsext, is_server); |
| 2199 | if (!ext->parse(s, msg_type, &extension_data, &alert_desc)) | 2199 | if (!ext->parse(s, msg_type, &extension_data, &alert_desc)) |
| @@ -2215,10 +2215,10 @@ static void | |||
| 2215 | tlsext_server_reset_state(SSL *s) | 2215 | tlsext_server_reset_state(SSL *s) |
| 2216 | { | 2216 | { |
| 2217 | s->tlsext_status_type = -1; | 2217 | s->tlsext_status_type = -1; |
| 2218 | S3I(s)->renegotiate_seen = 0; | 2218 | s->s3->renegotiate_seen = 0; |
| 2219 | free(S3I(s)->alpn_selected); | 2219 | free(s->s3->alpn_selected); |
| 2220 | S3I(s)->alpn_selected = NULL; | 2220 | s->s3->alpn_selected = NULL; |
| 2221 | S3I(s)->alpn_selected_len = 0; | 2221 | s->s3->alpn_selected_len = 0; |
| 2222 | s->internal->srtp_profile = NULL; | 2222 | s->internal->srtp_profile = NULL; |
| 2223 | } | 2223 | } |
| 2224 | 2224 | ||
| @@ -2241,10 +2241,10 @@ tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) | |||
| 2241 | static void | 2241 | static void |
| 2242 | tlsext_client_reset_state(SSL *s) | 2242 | tlsext_client_reset_state(SSL *s) |
| 2243 | { | 2243 | { |
| 2244 | S3I(s)->renegotiate_seen = 0; | 2244 | s->s3->renegotiate_seen = 0; |
| 2245 | free(S3I(s)->alpn_selected); | 2245 | free(s->s3->alpn_selected); |
| 2246 | S3I(s)->alpn_selected = NULL; | 2246 | s->s3->alpn_selected = NULL; |
| 2247 | S3I(s)->alpn_selected_len = 0; | 2247 | s->s3->alpn_selected_len = 0; |
| 2248 | } | 2248 | } |
| 2249 | 2249 | ||
| 2250 | int | 2250 | int |