From 19ec1b6acc3e3c1c1156d9578424119a3a98dd63 Mon Sep 17 00:00:00 2001 From: tb <> Date: Fri, 3 Jul 2020 04:12:51 +0000 Subject: Improve argument order for the internal tlsext API Move is_server and msg_type right after the SSL object so that CBS and CBB and alert come last. This brings these functions more in line with other internal functions and separates state from data. requested by jsing --- src/lib/libssl/ssl_clnt.c | 6 +++--- src/lib/libssl/ssl_srvr.c | 6 +++--- src/lib/libssl/ssl_tlsext.c | 22 +++++++++++----------- src/lib/libssl/ssl_tlsext.h | 10 +++++----- src/lib/libssl/tls13_client.c | 14 +++++++------- src/lib/libssl/tls13_internal.h | 4 ++-- src/lib/libssl/tls13_lib.c | 6 +++--- src/lib/libssl/tls13_server.c | 10 +++++----- 8 files changed, 39 insertions(+), 39 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 0a1b6ea241..b6dcb8888d 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.69 2020/06/05 17:53:26 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.70 2020/07/03 04:12:50 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -775,7 +775,7 @@ ssl3_send_client_hello(SSL *s) goto err; /* TLS extensions */ - if (!tlsext_client_build(s, &client_hello, SSL_TLSEXT_MSG_CH)) { + if (!tlsext_client_build(s, SSL_TLSEXT_MSG_CH, &client_hello)) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } @@ -1024,7 +1024,7 @@ ssl3_get_server_hello(SSL *s) goto f_err; } - if (!tlsext_client_parse(s, &cbs, &al, SSL_TLSEXT_MSG_SH)) { + if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) { SSLerror(s, SSL_R_PARSE_TLSEXT); goto f_err; } diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 706ad1453b..67671f276c 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.79 2020/06/05 17:53:26 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.80 2020/07/03 04:12:50 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s) goto f_err; } - if (!tlsext_server_parse(s, &cbs, &al, SSL_TLSEXT_MSG_CH)) { + if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)) { SSLerror(s, SSL_R_PARSE_TLSEXT); goto f_err; } @@ -1233,7 +1233,7 @@ ssl3_send_server_hello(SSL *s) goto err; /* TLS extensions */ - if (!tlsext_server_build(s, &server_hello, SSL_TLSEXT_MSG_SH)) { + if (!tlsext_server_build(s, SSL_TLSEXT_MSG_SH, &server_hello)) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index f6943c83ae..2b91a087af 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.75 2020/06/06 01:40:09 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.76 2020/07/03 04:12:51 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -2009,7 +2009,7 @@ tlsext_funcs(struct tls_extension *tlsext, int is_server) } static int -tlsext_build(SSL *s, CBB *cbb, int is_server, uint16_t msg_type) +tlsext_build(SSL *s, int is_server, uint16_t msg_type, CBB *cbb) { struct tls_extension_funcs *ext; struct tls_extension *tlsext; @@ -2087,7 +2087,7 @@ tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs) } static int -tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type) +tlsext_parse(SSL *s, int is_server, uint16_t msg_type, CBS *cbs, int *alert) { struct tls_extension_funcs *ext; struct tls_extension *tlsext; @@ -2175,19 +2175,19 @@ tlsext_server_reset_state(SSL *s) } int -tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type) +tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { - return tlsext_build(s, cbb, 1, msg_type); + return tlsext_build(s, 1, msg_type, cbb); } int -tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type) +tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { /* XXX - this should be done by the caller... */ if (msg_type == SSL_TLSEXT_MSG_CH) tlsext_server_reset_state(s); - return tlsext_parse(s, cbs, alert, 1, msg_type); + return tlsext_parse(s, 1, msg_type, cbs, alert); } static void @@ -2199,17 +2199,17 @@ tlsext_client_reset_state(SSL *s) } int -tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type) +tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { - return tlsext_build(s, cbb, 0, msg_type); + return tlsext_build(s, 0, msg_type, cbb); } int -tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type) +tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { /* XXX - this should be done by the caller... */ if (msg_type == SSL_TLSEXT_MSG_SH) tlsext_client_reset_state(s); - return tlsext_parse(s, cbs, alert, 0, msg_type); + return tlsext_parse(s, 0, msg_type, cbs, alert); } diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index 15e0257e63..e2aafa7815 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.h,v 1.23 2020/05/23 17:13:24 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.h,v 1.24 2020/07/03 04:12:51 tb Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -118,11 +118,11 @@ int tlsext_srtp_server_build(SSL *s, CBB *cbb); int tlsext_srtp_server_parse(SSL *s, CBS *cbs, int *alert); #endif -int tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type); -int tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type); +int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb); +int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type); -int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type); +int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb); +int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); struct tls_extension *tls_extension_find(uint16_t, size_t *); int tlsext_extension_seen(SSL *s, uint16_t); diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index e2f61f6c08..bd72db8be0 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.65 2020/06/04 18:41:42 tb Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.66 2020/07/03 04:12:51 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -118,7 +118,7 @@ tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) if (!CBB_add_u8(&compression_methods, 0)) goto err; - if (!tlsext_client_build(s, cbb, SSL_TLSEXT_MSG_CH)) + if (!tlsext_client_build(s, SSL_TLSEXT_MSG_CH, cbb)) goto err; if (!CBB_flush(cbb)) @@ -265,7 +265,7 @@ tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs) ctx->hs->hrr = 1; } - if (!tlsext_client_parse(s, cbs, &alert_desc, tlsext_msg_type)) { + if (!tlsext_client_parse(s, tlsext_msg_type, cbs, &alert_desc)) { ctx->alert = alert_desc; goto err; } @@ -504,7 +504,7 @@ tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs) { int alert_desc; - if (!tlsext_client_parse(ctx->ssl, cbs, &alert_desc, SSL_TLSEXT_MSG_EE)) { + if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_EE, cbs, &alert_desc)) { ctx->alert = alert_desc; goto err; } @@ -540,7 +540,7 @@ tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs) if (CBS_len(&cert_request_context) != 0) goto err; - if (!tlsext_client_parse(ctx->ssl, cbs, &alert_desc, SSL_TLSEXT_MSG_CR)) { + if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_CR, cbs, &alert_desc)) { ctx->alert = alert_desc; goto err; } @@ -580,8 +580,8 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data)) goto err; - if (!tlsext_client_parse(ctx->ssl, &cert_list, &alert_desc, - SSL_TLSEXT_MSG_CT)) { + if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_CT, + &cert_list, &alert_desc)) { ctx->alert = alert_desc; goto err; } diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index a18184f505..f35f09bbb1 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.84 2020/06/06 01:40:09 beck Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.85 2020/07/03 04:12:51 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck * Copyright (c) 2018 Theo Buehler @@ -383,7 +383,7 @@ int tls13_server_finished_sent(struct tls13_ctx *ctx); void tls13_error_clear(struct tls13_error *error); int tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert, - int(*build_extensions)(SSL *s, CBB *cbb, uint16_t msg_type)); + int(*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb)); int tls13_synthetic_handshake_message(struct tls13_ctx *ctx); int tls13_clienthello_hash_init(struct tls13_ctx *ctx); diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index b5939aecab..8fef39a12f 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.51 2020/06/06 01:40:09 beck Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.52 2020/07/03 04:12:51 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * Copyright (c) 2019 Bob Beck @@ -415,7 +415,7 @@ tls13_ctx_free(struct tls13_ctx *ctx) int tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert, - int(*build_extensions)(SSL *s, CBB *cbb, uint16_t msg_type)) + int(*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb)) { CBB cert_data; uint8_t *data; @@ -431,7 +431,7 @@ tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert, if (i2d_X509(cert, &data) != cert_len) return 0; if (build_extensions != NULL) { - if (!build_extensions(ctx->ssl, cbb, SSL_TLSEXT_MSG_CT)) + if (!build_extensions(ctx->ssl, SSL_TLSEXT_MSG_CT, cbb)) return 0; } else { CBB cert_exts; diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 12601fa33d..a5c03b610c 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.60 2020/06/25 07:35:05 tb Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.61 2020/07/03 04:12:51 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -191,7 +191,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) goto err; } - if (!tlsext_server_parse(s, cbs, &alert_desc, SSL_TLSEXT_MSG_CH)) { + if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, cbs, &alert_desc)) { ctx->alert = alert_desc; goto err; } @@ -330,7 +330,7 @@ tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr) goto err; if (!CBB_add_u8(cbb, 0)) goto err; - if (!tlsext_server_build(s, cbb, tlsext_msg_type)) + if (!tlsext_server_build(s, tlsext_msg_type, cbb)) goto err; if (!CBB_flush(cbb)) @@ -511,7 +511,7 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb) { - if (!tlsext_server_build(ctx->ssl, cbb, SSL_TLSEXT_MSG_EE)) + if (!tlsext_server_build(ctx->ssl, SSL_TLSEXT_MSG_EE, cbb)) goto err; return 1; @@ -526,7 +526,7 @@ tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb) if (!CBB_add_u8_length_prefixed(cbb, &certificate_request_context)) goto err; - if (!tlsext_server_build(ctx->ssl, cbb, SSL_TLSEXT_MSG_CR)) + if (!tlsext_server_build(ctx->ssl, SSL_TLSEXT_MSG_CR, cbb)) goto err; if (!CBB_flush(cbb)) -- cgit v1.2.3-55-g6feb