summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/t1_lib.c78
1 files changed, 39 insertions, 39 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 55624a2d24..d1d20b6bda 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.98 2017/01/22 06:36:49 jsing Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.99 2017/01/22 09:02:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -863,7 +863,7 @@ skip_ext:
863 } 863 }
864 864
865 if (s->ctx->internal->next_proto_select_cb && 865 if (s->ctx->internal->next_proto_select_cb &&
866 !s->s3->tmp.finish_md_len) { 866 !S3I(s)->tmp.finish_md_len) {
867 /* The client advertises an emtpy extension to indicate its 867 /* The client advertises an emtpy extension to indicate its
868 * support for Next Protocol Negotiation */ 868 * support for Next Protocol Negotiation */
869 if ((size_t)(limit - ret) < 4) 869 if ((size_t)(limit - ret) < 4)
@@ -873,7 +873,7 @@ skip_ext:
873 } 873 }
874 874
875 if (s->internal->alpn_client_proto_list != NULL && 875 if (s->internal->alpn_client_proto_list != NULL &&
876 s->s3->tmp.finish_md_len == 0) { 876 S3I(s)->tmp.finish_md_len == 0) {
877 if ((size_t)(limit - ret) < 877 if ((size_t)(limit - ret) <
878 6 + s->internal->alpn_client_proto_list_len) 878 6 + s->internal->alpn_client_proto_list_len)
879 return (NULL); 879 return (NULL);
@@ -955,8 +955,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
955 unsigned char *ret = p; 955 unsigned char *ret = p;
956 int next_proto_neg_seen; 956 int next_proto_neg_seen;
957 957
958 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 958 alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
959 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 959 alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
960 using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && 960 using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) &&
961 SSI(s)->tlsext_ecpointformatlist != NULL; 961 SSI(s)->tlsext_ecpointformatlist != NULL;
962 962
@@ -973,7 +973,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
973 s2n(0, ret); 973 s2n(0, ret);
974 } 974 }
975 975
976 if (s->s3->send_connection_binding) { 976 if (S3I(s)->send_connection_binding) {
977 int el; 977 int el;
978 978
979 if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { 979 if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
@@ -1068,8 +1068,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1068 } 1068 }
1069#endif 1069#endif
1070 1070
1071 if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 || 1071 if (((S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x80 ||
1072 (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) && 1072 (S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x81) &&
1073 (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) { 1073 (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
1074 static const unsigned char cryptopro_ext[36] = { 1074 static const unsigned char cryptopro_ext[36] = {
1075 0xfd, 0xe8, /*65000*/ 1075 0xfd, 0xe8, /*65000*/
@@ -1085,8 +1085,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1085 ret += sizeof(cryptopro_ext); 1085 ret += sizeof(cryptopro_ext);
1086 } 1086 }
1087 1087
1088 next_proto_neg_seen = s->s3->next_proto_neg_seen; 1088 next_proto_neg_seen = S3I(s)->next_proto_neg_seen;
1089 s->s3->next_proto_neg_seen = 0; 1089 S3I(s)->next_proto_neg_seen = 0;
1090 if (next_proto_neg_seen && s->ctx->internal->next_protos_advertised_cb) { 1090 if (next_proto_neg_seen && s->ctx->internal->next_protos_advertised_cb) {
1091 const unsigned char *npa; 1091 const unsigned char *npa;
1092 unsigned int npalen; 1092 unsigned int npalen;
@@ -1101,13 +1101,13 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1101 s2n(npalen, ret); 1101 s2n(npalen, ret);
1102 memcpy(ret, npa, npalen); 1102 memcpy(ret, npa, npalen);
1103 ret += npalen; 1103 ret += npalen;
1104 s->s3->next_proto_neg_seen = 1; 1104 S3I(s)->next_proto_neg_seen = 1;
1105 } 1105 }
1106 } 1106 }
1107 1107
1108 if (s->s3->alpn_selected != NULL) { 1108 if (S3I(s)->alpn_selected != NULL) {
1109 const unsigned char *selected = s->s3->alpn_selected; 1109 const unsigned char *selected = S3I(s)->alpn_selected;
1110 unsigned int len = s->s3->alpn_selected_len; 1110 unsigned int len = S3I(s)->alpn_selected_len;
1111 1111
1112 if ((long)(limit - ret - 4 - 2 - 1 - len) < 0) 1112 if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
1113 return (NULL); 1113 return (NULL);
@@ -1175,13 +1175,13 @@ tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
1175 CBS_data(&alpn), CBS_len(&alpn), 1175 CBS_data(&alpn), CBS_len(&alpn),
1176 s->ctx->internal->alpn_select_cb_arg); 1176 s->ctx->internal->alpn_select_cb_arg);
1177 if (r == SSL_TLSEXT_ERR_OK) { 1177 if (r == SSL_TLSEXT_ERR_OK) {
1178 free(s->s3->alpn_selected); 1178 free(S3I(s)->alpn_selected);
1179 if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { 1179 if ((S3I(s)->alpn_selected = malloc(selected_len)) == NULL) {
1180 *al = SSL_AD_INTERNAL_ERROR; 1180 *al = SSL_AD_INTERNAL_ERROR;
1181 return (-1); 1181 return (-1);
1182 } 1182 }
1183 memcpy(s->s3->alpn_selected, selected, selected_len); 1183 memcpy(S3I(s)->alpn_selected, selected, selected_len);
1184 s->s3->alpn_selected_len = selected_len; 1184 S3I(s)->alpn_selected_len = selected_len;
1185 } 1185 }
1186 1186
1187 return (1); 1187 return (1);
@@ -1205,9 +1205,9 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1205 1205
1206 s->servername_done = 0; 1206 s->servername_done = 0;
1207 s->tlsext_status_type = -1; 1207 s->tlsext_status_type = -1;
1208 s->s3->next_proto_neg_seen = 0; 1208 S3I(s)->next_proto_neg_seen = 0;
1209 free(s->s3->alpn_selected); 1209 free(S3I(s)->alpn_selected);
1210 s->s3->alpn_selected = NULL; 1210 S3I(s)->alpn_selected = NULL;
1211 s->srtp_profile = NULL; 1211 s->srtp_profile = NULL;
1212 1212
1213 if (data == end) 1213 if (data == end)
@@ -1529,8 +1529,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1529 } 1529 }
1530 } 1530 }
1531 else if (type == TLSEXT_TYPE_next_proto_neg && 1531 else if (type == TLSEXT_TYPE_next_proto_neg &&
1532 s->s3->tmp.finish_md_len == 0 && 1532 S3I(s)->tmp.finish_md_len == 0 &&
1533 s->s3->alpn_selected == NULL) { 1533 S3I(s)->alpn_selected == NULL) {
1534 /* We shouldn't accept this extension on a 1534 /* We shouldn't accept this extension on a
1535 * renegotiation. 1535 * renegotiation.
1536 * 1536 *
@@ -1542,21 +1542,21 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1542 * anything like that, but this might change). 1542 * anything like that, but this might change).
1543 1543
1544 * A valid sign that there's been a previous handshake 1544 * A valid sign that there's been a previous handshake
1545 * in this connection is if s->s3->tmp.finish_md_len > 1545 * in this connection is if S3I(s)->tmp.finish_md_len >
1546 * 0. (We are talking about a check that will happen 1546 * 0. (We are talking about a check that will happen
1547 * in the Hello protocol round, well before a new 1547 * in the Hello protocol round, well before a new
1548 * Finished message could have been computed.) */ 1548 * Finished message could have been computed.) */
1549 s->s3->next_proto_neg_seen = 1; 1549 S3I(s)->next_proto_neg_seen = 1;
1550 } 1550 }
1551 else if (type == 1551 else if (type ==
1552 TLSEXT_TYPE_application_layer_protocol_negotiation && 1552 TLSEXT_TYPE_application_layer_protocol_negotiation &&
1553 s->ctx->internal->alpn_select_cb != NULL && 1553 s->ctx->internal->alpn_select_cb != NULL &&
1554 s->s3->tmp.finish_md_len == 0) { 1554 S3I(s)->tmp.finish_md_len == 0) {
1555 if (tls1_alpn_handle_client_hello(s, data, 1555 if (tls1_alpn_handle_client_hello(s, data,
1556 size, al) != 1) 1556 size, al) != 1)
1557 return (0); 1557 return (0);
1558 /* ALPN takes precedence over NPN. */ 1558 /* ALPN takes precedence over NPN. */
1559 s->s3->next_proto_neg_seen = 0; 1559 S3I(s)->next_proto_neg_seen = 0;
1560 } 1560 }
1561 1561
1562 /* session ticket processed earlier */ 1562 /* session ticket processed earlier */
@@ -1624,9 +1624,9 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1624 int tlsext_servername = 0; 1624 int tlsext_servername = 0;
1625 int renegotiate_seen = 0; 1625 int renegotiate_seen = 0;
1626 1626
1627 s->s3->next_proto_neg_seen = 0; 1627 S3I(s)->next_proto_neg_seen = 0;
1628 free(s->s3->alpn_selected); 1628 free(S3I(s)->alpn_selected);
1629 s->s3->alpn_selected = NULL; 1629 S3I(s)->alpn_selected = NULL;
1630 1630
1631 if (data == end) 1631 if (data == end)
1632 goto ri_check; 1632 goto ri_check;
@@ -1714,7 +1714,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1714 s->tlsext_status_expected = 1; 1714 s->tlsext_status_expected = 1;
1715 } 1715 }
1716 else if (type == TLSEXT_TYPE_next_proto_neg && 1716 else if (type == TLSEXT_TYPE_next_proto_neg &&
1717 s->s3->tmp.finish_md_len == 0) { 1717 S3I(s)->tmp.finish_md_len == 0) {
1718 unsigned char *selected; 1718 unsigned char *selected;
1719 unsigned char selected_len; 1719 unsigned char selected_len;
1720 1720
@@ -1742,7 +1742,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1742 } 1742 }
1743 memcpy(s->internal->next_proto_negotiated, selected, selected_len); 1743 memcpy(s->internal->next_proto_negotiated, selected, selected_len);
1744 s->internal->next_proto_negotiated_len = selected_len; 1744 s->internal->next_proto_negotiated_len = selected_len;
1745 s->s3->next_proto_neg_seen = 1; 1745 S3I(s)->next_proto_neg_seen = 1;
1746 } 1746 }
1747 else if (type == 1747 else if (type ==
1748 TLSEXT_TYPE_application_layer_protocol_negotiation) { 1748 TLSEXT_TYPE_application_layer_protocol_negotiation) {
@@ -1773,14 +1773,14 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1773 *al = TLS1_AD_DECODE_ERROR; 1773 *al = TLS1_AD_DECODE_ERROR;
1774 return (0); 1774 return (0);
1775 } 1775 }
1776 free(s->s3->alpn_selected); 1776 free(S3I(s)->alpn_selected);
1777 s->s3->alpn_selected = malloc(len); 1777 S3I(s)->alpn_selected = malloc(len);
1778 if (s->s3->alpn_selected == NULL) { 1778 if (S3I(s)->alpn_selected == NULL) {
1779 *al = TLS1_AD_INTERNAL_ERROR; 1779 *al = TLS1_AD_INTERNAL_ERROR;
1780 return (0); 1780 return (0);
1781 } 1781 }
1782 memcpy(s->s3->alpn_selected, data + 3, len); 1782 memcpy(S3I(s)->alpn_selected, data + 3, len);
1783 s->s3->alpn_selected_len = len; 1783 S3I(s)->alpn_selected_len = len;
1784 1784
1785 } else if (type == TLSEXT_TYPE_renegotiate) { 1785 } else if (type == TLSEXT_TYPE_renegotiate) {
1786 if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) 1786 if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
@@ -1948,8 +1948,8 @@ ssl_check_serverhello_tlsext(SSL *s)
1948 * suite, then if server returns an EC point formats lists extension 1948 * suite, then if server returns an EC point formats lists extension
1949 * it must contain uncompressed. 1949 * it must contain uncompressed.
1950 */ 1950 */
1951 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1951 unsigned long alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey;
1952 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1952 unsigned long alg_a = S3I(s)->tmp.new_cipher->algorithm_auth;
1953 if ((s->tlsext_ecpointformatlist != NULL) && 1953 if ((s->tlsext_ecpointformatlist != NULL) &&
1954 (s->tlsext_ecpointformatlist_length > 0) && 1954 (s->tlsext_ecpointformatlist_length > 0) &&
1955 (SSI(s)->tlsext_ecpointformatlist != NULL) && 1955 (SSI(s)->tlsext_ecpointformatlist != NULL) &&
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 00:22:20 +0000