From de2b05d4b4bdc8132abc4507b6d3e48eeba9340b Mon Sep 17 00:00:00 2001 From: beck <> Date: Sat, 6 May 2017 22:24:58 +0000 Subject: Bring in an SSL_HANDSHAKE structure and commence the great shovelling ok jsing@, gcc@, regress@ --- src/lib/libssl/d1_clnt.c | 24 ++++++++++++------------ src/lib/libssl/d1_srvr.c | 24 ++++++++++++------------ src/lib/libssl/s3_lib.c | 6 +++--- src/lib/libssl/ssl_both.c | 4 ++-- src/lib/libssl/ssl_clnt.c | 34 ++++++++++++++++----------------- src/lib/libssl/ssl_lib.c | 12 ++++++------ src/lib/libssl/ssl_locl.h | 24 +++++++++++++++--------- src/lib/libssl/ssl_pkt.c | 8 ++++---- src/lib/libssl/ssl_srvr.c | 48 +++++++++++++++++++++++------------------------ src/lib/libssl/t1_enc.c | 34 ++++++++++++++++----------------- src/lib/libssl/t1_lib.c | 14 +++++++------- 11 files changed, 119 insertions(+), 113 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index 8e4c2586a3..802aa5cde0 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.74 2017/02/07 02:08:38 beck Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.75 2017/05/06 22:24:57 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -268,7 +268,7 @@ dtls1_connect(SSL *s) if (D1I(s)->send_cookie) { s->internal->state = SSL3_ST_CW_FLUSH; - S3I(s)->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A; + S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A; } else s->internal->state = SSL3_ST_CR_SRVR_HELLO_A; @@ -324,7 +324,7 @@ dtls1_connect(SSL *s) break; } /* Check if it is anon DH. */ - if (!(S3I(s)->tmp.new_cipher->algorithm_auth & + if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) @@ -372,11 +372,11 @@ dtls1_connect(SSL *s) goto end; dtls1_stop_timer(s); if (S3I(s)->tmp.cert_req) - S3I(s)->tmp.next_state = SSL3_ST_CW_CERT_A; + S3I(s)->hs.next_state = SSL3_ST_CW_CERT_A; else - S3I(s)->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; + S3I(s)->hs.next_state = SSL3_ST_CW_KEY_EXCH_A; s->internal->init_num = 0; - s->internal->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->hs.next_state; break; case SSL3_ST_CW_CERT_A: @@ -435,7 +435,7 @@ dtls1_connect(SSL *s) s->internal->state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; - s->session->cipher = S3I(s)->tmp.new_cipher; + s->session->cipher = S3I(s)->hs.new_cipher; if (!tls1_setup_key_block(s)) { ret = -1; goto end; @@ -466,7 +466,7 @@ dtls1_connect(SSL *s) /* clear flags */ s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; if (s->internal->hit) { - S3I(s)->tmp.next_state = SSL_ST_OK; + S3I(s)->hs.next_state = SSL_ST_OK; if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { s->internal->state = SSL_ST_OK; s->s3->flags |= SSL3_FLAGS_POP_BUFFER; @@ -476,10 +476,10 @@ dtls1_connect(SSL *s) /* Allow NewSessionTicket if ticket expected */ if (s->internal->tlsext_ticket_expected) - S3I(s)->tmp.next_state = + S3I(s)->hs.next_state = SSL3_ST_CR_SESSION_TICKET_A; else - S3I(s)->tmp.next_state = + S3I(s)->hs.next_state = SSL3_ST_CR_FINISHED_A; } s->internal->init_num = 0; @@ -527,14 +527,14 @@ dtls1_connect(SSL *s) /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->hs.next_state; } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->hs.next_state; break; case SSL_ST_OK: diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 605f0a59ad..1ef8bce56b 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.86 2017/03/10 16:03:27 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.87 2017/05/06 22:24:57 beck Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -277,7 +277,7 @@ dtls1_accept(SSL *s) ret = ssl3_send_hello_request(s); if (ret <= 0) goto end; - S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; + S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A; s->internal->state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; @@ -335,7 +335,7 @@ dtls1_accept(SSL *s) if (ret <= 0) goto end; s->internal->state = SSL3_ST_SW_FLUSH; - S3I(s)->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; + S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A; /* HelloVerifyRequest resets Finished MAC */ if (!tls1_init_finished_mac(s)) { @@ -366,7 +366,7 @@ dtls1_accept(SSL *s) case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: /* Check if it is anon DH. */ - if (!(S3I(s)->tmp.new_cipher->algorithm_auth & + if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) { dtls1_start_timer(s); ret = ssl3_send_server_certificate(s); @@ -385,7 +385,7 @@ dtls1_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_A: case SSL3_ST_SW_KEY_EXCH_B: - alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; /* Only send if using a DH key exchange. */ if (alg_k & (SSL_kDHE|SSL_kECDHE)) { @@ -422,7 +422,7 @@ dtls1_accept(SSL *s) if (!(s->verify_mode & SSL_VERIFY_PEER) || ((s->session->peer != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - ((S3I(s)->tmp.new_cipher->algorithm_auth & + ((S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) && !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { /* no cert request */ @@ -446,7 +446,7 @@ dtls1_accept(SSL *s) ret = ssl3_send_server_done(s); if (ret <= 0) goto end; - S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; + S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A; s->internal->state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; break; @@ -457,14 +457,14 @@ dtls1_accept(SSL *s) /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->hs.next_state; } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->hs.next_state; break; case SSL3_ST_SR_CERT_A: @@ -590,7 +590,7 @@ dtls1_accept(SSL *s) case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: - s->session->cipher = S3I(s)->tmp.new_cipher; + s->session->cipher = S3I(s)->hs.new_cipher; if (!tls1_setup_key_block(s)) { ret = -1; goto end; @@ -625,10 +625,10 @@ dtls1_accept(SSL *s) goto end; s->internal->state = SSL3_ST_SW_FLUSH; if (s->internal->hit) { - S3I(s)->tmp.next_state = SSL3_ST_SR_FINISHED_A; + S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A; } else { - S3I(s)->tmp.next_state = SSL_ST_OK; + S3I(s)->hs.next_state = SSL_ST_OK; } s->internal->init_num = 0; break; diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 0f05b8f2fe..f728eb7648 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.141 2017/05/06 20:37:24 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.142 2017/05/06 22:24:57 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2504,7 +2504,7 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) int ret = 0; unsigned long alg_k; - alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; #ifndef OPENSSL_NO_GOST if ((alg_k & SSL_kGOST)) { @@ -2720,7 +2720,7 @@ ssl3_renegotiate_check(SSL *s) long ssl_get_algorithm2(SSL *s) { - long alg2 = S3I(s)->tmp.new_cipher->algorithm2; + long alg2 = S3I(s)->hs.new_cipher->algorithm2; if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c index d1a0879b72..13c39e85b2 100644 --- a/src/lib/libssl/ssl_both.c +++ b/src/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.7 2017/03/05 14:24:12 jsing Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.8 2017/05/06 22:24:57 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -224,7 +224,7 @@ ssl3_take_mac(SSL *s) * If no new cipher setup return immediately: other functions will * set the appropriate error. */ - if (S3I(s)->tmp.new_cipher == NULL) + if (S3I(s)->hs.new_cipher == NULL) return; if (s->internal->state & SSL_ST_CONNECT) { diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 6fb5eca4b3..f6ca3e7f3c 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.12 2017/04/10 06:09:32 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.13 2017/05/06 22:24:57 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -292,7 +292,7 @@ ssl3_connect(SSL *s) break; } /* Check if it is anon DH/ECDH. */ - if (!(S3I(s)->tmp.new_cipher->algorithm_auth & + if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) @@ -417,7 +417,7 @@ ssl3_connect(SSL *s) s->internal->state = SSL3_ST_CW_FINISHED_A; s->internal->init_num = 0; - s->session->cipher = S3I(s)->tmp.new_cipher; + s->session->cipher = S3I(s)->hs.new_cipher; if (!tls1_setup_key_block(s)) { ret = -1; goto end; @@ -453,7 +453,7 @@ ssl3_connect(SSL *s) /* clear flags */ s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; if (s->internal->hit) { - S3I(s)->tmp.next_state = SSL_ST_OK; + S3I(s)->hs.next_state = SSL_ST_OK; if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { s->internal->state = SSL_ST_OK; @@ -463,11 +463,11 @@ ssl3_connect(SSL *s) } else { /* Allow NewSessionTicket if ticket expected */ if (s->internal->tlsext_ticket_expected) - S3I(s)->tmp.next_state = + S3I(s)->hs.next_state = SSL3_ST_CR_SESSION_TICKET_A; else - S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A; + S3I(s)->hs.next_state = SSL3_ST_CR_FINISHED_A; } s->internal->init_num = 0; break; @@ -512,7 +512,7 @@ ssl3_connect(SSL *s) goto end; } s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->hs.next_state; break; case SSL_ST_OK: @@ -899,7 +899,7 @@ ssl3_get_server_hello(SSL *s) SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); goto f_err; } - S3I(s)->tmp.new_cipher = cipher; + S3I(s)->hs.new_cipher = cipher; if (!tls1_handshake_hash_init(s)) goto err; @@ -908,7 +908,7 @@ ssl3_get_server_hello(SSL *s) * Don't digest cached records if no sigalgs: we may need them for * client authentication. */ - alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && !tls1_digest_cached_records(s)) { al = SSL_AD_INTERNAL_ERROR; @@ -1116,7 +1116,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) long alg_a; int al; - alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; + alg_a = S3I(s)->hs.new_cipher->algorithm_auth; sc = SSI(s)->sess_cert; if (*nn < 0) @@ -1283,7 +1283,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) int nid; int al; - alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; + alg_a = S3I(s)->hs.new_cipher->algorithm_auth; sc = SSI(s)->sess_cert; if (*nn < 0) @@ -1368,8 +1368,8 @@ ssl3_get_server_key_exchange(SSL *s) const EVP_MD *md = NULL; RSA *rsa = NULL; - alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; - alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_a = S3I(s)->hs.new_cipher->algorithm_auth; /* * Use same message size as in ssl3_get_certificate_request() @@ -1590,7 +1590,7 @@ ssl3_get_certificate_request(SSL *s) } /* TLS does not like anon-DH with client cert */ - if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) { + if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); goto err; @@ -2274,7 +2274,7 @@ ssl3_send_client_key_exchange(SSL *s) memset(&cbb, 0, sizeof(cbb)); if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) { - alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; if ((sess_cert = SSI(s)->sess_cert) == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, @@ -2558,8 +2558,8 @@ ssl3_check_cert_and_algorithm(SSL *s) SESS_CERT *sc; DH *dh; - alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; - alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + alg_a = S3I(s)->hs.new_cipher->algorithm_auth; /* We don't have a certificate. */ if (alg_a & SSL_aNULL) diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index c49b79df0b..76b2f8a8c4 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.159 2017/05/06 20:37:25 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.160 2017/05/06 22:24:57 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2088,7 +2088,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) { - const SSL_CIPHER *cs = S3I(s)->tmp.new_cipher; + const SSL_CIPHER *cs = S3I(s)->hs.new_cipher; unsigned long alg_a; alg_a = cs->algorithm_auth; @@ -2116,9 +2116,9 @@ ssl_get_server_send_pkey(const SSL *s) int i; c = s->cert; - ssl_set_cert_masks(c, S3I(s)->tmp.new_cipher); + ssl_set_cert_masks(c, S3I(s)->hs.new_cipher); - alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; + alg_a = S3I(s)->hs.new_cipher->algorithm_auth; if (alg_a & SSL_aECDSA) { i = SSL_PKEY_ECC; @@ -2189,9 +2189,9 @@ ssl_get_auto_dh(SSL *s) if (s->cert->dh_tmp_auto == 2) { keylen = 1024; - } else if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) { + } else if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) { keylen = 1024; - if (S3I(s)->tmp.new_cipher->strength_bits == 256) + if (S3I(s)->hs.new_cipher->strength_bits == 256) keylen = 3072; } else { if ((cpk = ssl_get_server_send_pkey(s)) == NULL) diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index b52b03149a..410fc04688 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.179 2017/05/06 20:37:25 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.180 2017/05/06 22:24:58 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -431,6 +431,18 @@ typedef struct ssl_session_internal_st { } SSL_SESSION_INTERNAL; #define SSI(s) (s->session->internal) +typedef struct ssl_handshake_st { + /* used when SSL_ST_FLUSH_DATA is entered */ + int next_state; + + /* new_cipher is the cipher being negotiated in this handshake. */ + const SSL_CIPHER *new_cipher; + + /* key_block is the record-layer key block for TLS 1.2 and earlier. */ + int key_block_len; + unsigned char *key_block; +} SSL_HANDSHAKE; + typedef struct ssl_ctx_internal_st { uint16_t min_version; uint16_t max_version; @@ -824,6 +836,8 @@ typedef struct ssl3_state_internal_st { int in_read_app_data; + SSL_HANDSHAKE hs; + struct { /* actually only needs to be 16+20 */ unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; @@ -837,17 +851,12 @@ typedef struct ssl3_state_internal_st { unsigned long message_size; int message_type; - /* used to hold the new cipher we are going to use */ - const SSL_CIPHER *new_cipher; DH *dh; EC_KEY *ecdh; /* holds short lived ECDH key */ uint8_t *x25519; - /* used when SSL_ST_FLUSH_DATA is entered */ - int next_state; - int reuse_message; /* used for certificate requests */ @@ -856,9 +865,6 @@ typedef struct ssl3_state_internal_st { char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; - int key_block_length; - unsigned char *key_block; - const EVP_CIPHER *new_sym_enc; const EVP_AEAD *new_aead; const EVP_MD *new_hash; diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index f49cc45efd..953f3c118f 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.10 2017/02/07 02:08:38 beck Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.11 2017/05/06 22:24:58 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1235,7 +1235,7 @@ start: } /* Check we have a cipher to change to */ - if (S3I(s)->tmp.new_cipher == NULL) { + if (S3I(s)->hs.new_cipher == NULL) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); goto f_err; @@ -1360,14 +1360,14 @@ ssl3_do_change_cipher_spec(SSL *s) else i = SSL3_CHANGE_CIPHER_CLIENT_READ; - if (S3I(s)->tmp.key_block == NULL) { + if (S3I(s)->hs.key_block == NULL) { if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); return (0); } - s->session->cipher = S3I(s)->tmp.new_cipher; + s->session->cipher = S3I(s)->hs.new_cipher; if (!tls1_setup_key_block(s)) return (0); } diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index ea1aed26b3..35a9ace527 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.15 2017/04/29 23:38:49 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.16 2017/05/06 22:24:58 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -275,7 +275,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_hello_request(s); if (ret <= 0) goto end; - S3I(s)->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C; + S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C; s->internal->state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; @@ -324,7 +324,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH. */ - if (!(S3I(s)->tmp.new_cipher->algorithm_auth & + if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) { ret = ssl3_send_server_certificate(s); if (ret <= 0) @@ -342,7 +342,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_A: case SSL3_ST_SW_KEY_EXCH_B: - alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; /* * Only send if using a DH key exchange. @@ -385,7 +385,7 @@ ssl3_accept(SSL *s) if (!(s->verify_mode & SSL_VERIFY_PEER) || ((s->session->peer != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - ((S3I(s)->tmp.new_cipher->algorithm_auth & + ((S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) && !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { /* No cert request */ @@ -413,7 +413,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_server_done(s); if (ret <= 0) goto end; - S3I(s)->tmp.next_state = SSL3_ST_SR_CERT_A; + S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A; s->internal->state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; break; @@ -438,7 +438,7 @@ ssl3_accept(SSL *s) } s->internal->rwstate = SSL_NOTHING; - s->internal->state = S3I(s)->tmp.next_state; + s->internal->state = S3I(s)->hs.next_state; break; case SSL3_ST_SR_CERT_A: @@ -457,7 +457,7 @@ ssl3_accept(SSL *s) ret = ssl3_get_client_key_exchange(s); if (ret <= 0) goto end; - alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; if (ret == 2) { /* * For the ECDH ciphersuites when @@ -579,7 +579,7 @@ ssl3_accept(SSL *s) case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: - s->session->cipher = S3I(s)->tmp.new_cipher; + s->session->cipher = S3I(s)->hs.new_cipher; if (!tls1_setup_key_block(s)) { ret = -1; goto end; @@ -613,13 +613,13 @@ ssl3_accept(SSL *s) if (s->internal->hit) { if (S3I(s)->next_proto_neg_seen) { s->s3->flags |= SSL3_FLAGS_CCS_OK; - S3I(s)->tmp.next_state = + S3I(s)->hs.next_state = SSL3_ST_SR_NEXT_PROTO_A; } else - S3I(s)->tmp.next_state = + S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A; } else - S3I(s)->tmp.next_state = SSL_ST_OK; + S3I(s)->hs.next_state = SSL_ST_OK; s->internal->init_num = 0; break; @@ -1024,15 +1024,15 @@ ssl3_get_client_hello(SSL *s) SSLerror(s, SSL_R_NO_SHARED_CIPHER); goto f_err; } - S3I(s)->tmp.new_cipher = c; + S3I(s)->hs.new_cipher = c; } else { - S3I(s)->tmp.new_cipher = s->session->cipher; + S3I(s)->hs.new_cipher = s->session->cipher; } if (!tls1_handshake_hash_init(s)) goto err; - alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || !(s->verify_mode & SSL_VERIFY_PEER)) { if (!tls1_digest_cached_records(s)) { @@ -1050,7 +1050,7 @@ ssl3_get_client_hello(SSL *s) * ssl version is set - sslv3 * s->session - The ssl session has been setup. * s->internal->hit - session reuse flag - * s->tmp.new_cipher - the new cipher to use. + * s->hs.new_cipher - the new cipher to use. */ /* Handles TLS extensions that we couldn't check earlier */ @@ -1134,7 +1134,7 @@ ssl3_send_server_hello(SSL *s) /* Cipher suite. */ if (!CBB_add_u16(&cbb, - ssl3_cipher_get_value(S3I(s)->tmp.new_cipher))) + ssl3_cipher_get_value(S3I(s)->hs.new_cipher))) goto err; /* Compression method. */ @@ -1207,7 +1207,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) if (dhp == NULL && s->cert->dh_tmp_cb != NULL) dhp = s->cert->dh_tmp_cb(s, 0, - SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher)); + SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher)); if (dhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; @@ -1282,7 +1282,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) ecdhp = EC_KEY_new_by_curve_name(nid); } else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) { ecdhp = s->cert->ecdh_tmp_cb(s, 0, - SSL_C_PKEYLENGTH(S3I(s)->tmp.new_cipher)); + SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher)); } if (ecdhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; @@ -1458,7 +1458,7 @@ ssl3_send_server_key_exchange(SSL *s) EVP_MD_CTX_init(&md_ctx); if (s->internal->state == SSL3_ST_SW_KEY_EXCH_A) { - type = S3I(s)->tmp.new_cipher->algorithm_mkey; + type = S3I(s)->hs.new_cipher->algorithm_mkey; buf = s->internal->init_buf; @@ -1480,9 +1480,9 @@ ssl3_send_server_key_exchange(SSL *s) if (!CBB_finish(&cbb, ¶ms, ¶ms_len)) goto err; - if (!(S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL)) { + if (!(S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL)) { if ((pkey = ssl_get_sign_pkey( - s, S3I(s)->tmp.new_cipher, &md)) == NULL) { + s, S3I(s)->hs.new_cipher, &md)) == NULL) { al = SSL_AD_DECODE_ERROR; goto f_err; } @@ -2028,7 +2028,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n) int ret = 0; /* Get our certificate private key*/ - alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; + alg_a = S3I(s)->hs.new_cipher->algorithm_auth; if (alg_a & SSL_aGOST01) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; @@ -2105,7 +2105,7 @@ ssl3_get_client_key_exchange(SSL *s) p = (unsigned char *)s->internal->init_msg; - alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; if (alg_k & SSL_kRSA) { if (ssl3_get_client_kex_rsa(s, p, n) != 1) diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index ce57235cea..9598613516 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.108 2017/04/10 16:48:43 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.109 2017/05/06 22:24:58 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -152,9 +152,9 @@ int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len, void tls1_cleanup_key_block(SSL *s) { - freezero(S3I(s)->tmp.key_block, S3I(s)->tmp.key_block_length); - S3I(s)->tmp.key_block = NULL; - S3I(s)->tmp.key_block_length = 0; + freezero(S3I(s)->hs.key_block, S3I(s)->hs.key_block_len); + S3I(s)->hs.key_block = NULL; + S3I(s)->hs.key_block_len = 0; } int @@ -417,10 +417,10 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, aead_ctx->fixed_nonce_len = iv_len; aead_ctx->variable_nonce_len = 8; /* always the case, currently. */ aead_ctx->variable_nonce_in_record = - (S3I(s)->tmp.new_cipher->algorithm2 & + (S3I(s)->hs.new_cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0; aead_ctx->xor_fixed_nonce = - S3I(s)->tmp.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305; + S3I(s)->hs.new_cipher->algorithm_enc == SSL_CHACHA20POLY1305; aead_ctx->tag_len = EVP_AEAD_max_overhead(aead); if (aead_ctx->xor_fixed_nonce) { @@ -464,7 +464,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, mac_type = S3I(s)->tmp.new_mac_pkey_type; if (is_read) { - if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) + if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC) s->internal->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; else s->internal->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; @@ -481,7 +481,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, goto err; s->read_hash = mac_ctx; } else { - if (S3I(s)->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) + if (S3I(s)->hs.new_cipher->algorithm2 & TLS1_STREAM_MAC) s->internal->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; else s->internal->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; @@ -528,15 +528,15 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, mac_secret_size, (unsigned char *)mac_secret); } - if (S3I(s)->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) { + if (S3I(s)->hs.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) { int nid; - if (S3I(s)->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) + if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; else nid = NID_id_tc26_gost_28147_param_Z; EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0); - if (S3I(s)->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC) + if (S3I(s)->hs.new_cipher->algorithm_mac == SSL_GOST89MAC) EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0); } @@ -591,7 +591,7 @@ tls1_change_cipher_state(SSL *s, int which) if (aead != NULL) { key_len = EVP_AEAD_key_length(aead); - iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->tmp.new_cipher); + iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.new_cipher); } else { key_len = EVP_CIPHER_key_length(cipher); iv_len = EVP_CIPHER_iv_length(cipher); @@ -603,7 +603,7 @@ tls1_change_cipher_state(SSL *s, int which) mac_secret_size = s->s3->tmp.new_mac_secret_size; - key_block = S3I(s)->tmp.key_block; + key_block = S3I(s)->hs.key_block; client_write_mac_secret = key_block; key_block += mac_secret_size; server_write_mac_secret = key_block; @@ -627,7 +627,7 @@ tls1_change_cipher_state(SSL *s, int which) iv = server_write_iv; } - if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) { + if (key_block - S3I(s)->hs.key_block != S3I(s)->hs.key_block_len) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err2; } @@ -663,7 +663,7 @@ tls1_setup_key_block(SSL *s) const EVP_MD *mac = NULL; int ret = 0; - if (S3I(s)->tmp.key_block_length != 0) + if (S3I(s)->hs.key_block_len != 0) return (1); if (s->session->cipher && @@ -703,8 +703,8 @@ tls1_setup_key_block(SSL *s) } key_block_len = (mac_secret_size + key_len + iv_len) * 2; - S3I(s)->tmp.key_block_length = key_block_len; - S3I(s)->tmp.key_block = key_block; + S3I(s)->hs.key_block_len = key_block_len; + S3I(s)->hs.key_block = key_block; if (!tls1_generate_key_block(s, key_block, key_block_len)) goto err; diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index a42e414dec..2cb47a215c 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.115 2017/02/07 02:08:38 beck Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.116 2017/05/06 22:24:58 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -998,8 +998,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) unsigned char *ret = p; int next_proto_neg_seen; - alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; - alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; + alg_a = S3I(s)->hs.new_cipher->algorithm_auth; + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && SSI(s)->tlsext_ecpointformatlist != NULL; @@ -1107,8 +1107,8 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) } #endif - if (((S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x80 || - (S3I(s)->tmp.new_cipher->id & 0xFFFF) == 0x81) && + if (((S3I(s)->hs.new_cipher->id & 0xFFFF) == 0x80 || + (S3I(s)->hs.new_cipher->id & 0xFFFF) == 0x81) && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) { static const unsigned char cryptopro_ext[36] = { 0xfd, 0xe8, /*65000*/ @@ -1986,8 +1986,8 @@ ssl_check_serverhello_tlsext(SSL *s) * suite, then if server returns an EC point formats lists extension * it must contain uncompressed. */ - unsigned long alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; - unsigned long alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; + unsigned long alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + unsigned long alg_a = S3I(s)->hs.new_cipher->algorithm_auth; if ((s->internal->tlsext_ecpointformatlist != NULL) && (s->internal->tlsext_ecpointformatlist_length > 0) && (SSI(s)->tlsext_ecpointformatlist != NULL) && -- cgit v1.2.3-55-g6feb