From f6cad3f00ad53e59ae0066a0554855dba18b6a13 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 23 Jan 2020 10:48:37 +0000 Subject: Remove the ssl_get_message function pointer from SSL_METHOD_INTERNAL. ssl_get_message is essentially a switch between ssl3_get_message and dtls1_get_message, both only used by the legacy stack. Instead, use SSL_IS_DTLS() in ssl3_get_message to call the DTLS function when necessary. ok beck@ inoguchi@ tb@ --- src/lib/libssl/d1_clnt.c | 5 ++--- src/lib/libssl/ssl_both.c | 7 +++++-- src/lib/libssl/ssl_clnt.c | 24 +++++++++++------------- src/lib/libssl/ssl_locl.h | 4 +--- src/lib/libssl/ssl_methods.c | 23 +++-------------------- src/lib/libssl/ssl_srvr.c | 11 +++++------ 6 files changed, 27 insertions(+), 47 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index ee21a1bebc..b660589d06 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.82 2018/11/05 05:45:15 jsing Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.83 2020/01/23 10:48:37 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -136,9 +136,8 @@ dtls1_get_hello_verify(SSL *s) uint16_t ssl_version; CBS hello_verify_request, cookie; - n = s->method->internal->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, + n = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok); - if (!ok) return ((int)n); diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c index 6bd5f08111..8ec94542c2 100644 --- a/src/lib/libssl/ssl_both.c +++ b/src/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.15 2019/03/25 16:35:48 jsing Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.16 2020/01/23 10:48:37 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -248,7 +248,7 @@ ssl3_get_finished(SSL *s, int a, int b) CBS cbs; /* should actually be 36+4 :-) */ - n = s->method->internal->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok); + n = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok); if (!ok) return ((int)n); @@ -447,6 +447,9 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) CBS cbs; uint8_t u8; + if (SSL_IS_DTLS(s)) + return (dtls1_get_message(s, st1, stn, mt, max, ok)); + if (S3I(s)->tmp.reuse_message) { S3I(s)->tmp.reuse_message = 0; if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 90aa80f522..22e02735c8 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.61 2019/03/31 15:49:03 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.62 2020/01/23 10:48:37 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -811,7 +811,7 @@ ssl3_get_server_hello(SSL *s) long n; s->internal->first_packet = 1; - n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, + n = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); if (!ok) return ((int)n); @@ -1048,9 +1048,8 @@ ssl3_get_server_certificate(SSL *s) SESS_CERT *sc; EVP_PKEY *pkey = NULL; - n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A, + n = ssl3_get_message(s, SSL3_ST_CR_CERT_A, SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); - if (!ok) return ((int)n); @@ -1443,7 +1442,7 @@ ssl3_get_server_key_exchange(SSL *s) * Use same message size as in ssl3_get_certificate_request() * as ServerKeyExchange message may be skipped. */ - n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A, + n = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); @@ -1611,9 +1610,8 @@ ssl3_get_certificate_request(SSL *s) const unsigned char *q; STACK_OF(X509_NAME) *ca_sk = NULL; - n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A, + n = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A, SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok); - if (!ok) return ((int)n); @@ -1765,7 +1763,7 @@ ssl3_get_new_session_ticket(SSL *s) long n; CBS cbs, session_ticket; - n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, + n = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok); if (!ok) return ((int)n); @@ -1841,10 +1839,9 @@ ssl3_get_cert_status(SSL *s) long n; uint8_t status_type; - n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A, + n = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A, SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS, 16384, &ok); - if (!ok) return ((int)n); @@ -1913,12 +1910,12 @@ ssl3_get_server_done(SSL *s) int ok, ret = 0; long n; - n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A, + n = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A, SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, 30, /* should be very small, like 0 :-) */ &ok); - if (!ok) return ((int)n); + if (n > 0) { /* should contain no data */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); @@ -2796,10 +2793,11 @@ ssl3_check_finished(SSL *s) return (1); /* this function is called when we really expect a Certificate * message, so permit appropriate message length */ - n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A, + n = ssl3_get_message(s, SSL3_ST_CR_CERT_A, SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); + S3I(s)->tmp.reuse_message = 1; if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) || (S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 6703e8feee..cd6f13d127 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.255 2020/01/23 10:40:59 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.256 2020/01/23 10:48:37 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -393,8 +393,6 @@ typedef struct ssl_method_internal_st { int (*ssl_renegotiate)(SSL *s); int (*ssl_renegotiate_check)(SSL *s); - long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, - long max, int *ok); int (*ssl_pending)(const SSL *s); int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, int peek); diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c index 8e4b678d3a..208de33c01 100644 --- a/src/lib/libssl/ssl_methods.c +++ b/src/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.10 2020/01/23 05:08:30 jsing Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.11 2020/01/23 10:48:37 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,7 +74,6 @@ static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = dtls1_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, @@ -127,7 +126,6 @@ static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = dtls1_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, @@ -178,7 +176,6 @@ static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = dtls1_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, @@ -230,11 +227,10 @@ static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl_undefined_function, .ssl_renegotiate_check = ssl_ok, - .ssl_get_message = ssl3_get_message, .ssl_pending = tls13_legacy_pending, .ssl_read_bytes = tls13_legacy_read_bytes, .ssl_write_bytes = tls13_legacy_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, + .ssl3_enc = &TLSv1_3_enc_data, }; static const SSL_METHOD TLS_client_method_data = { @@ -262,7 +258,6 @@ static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl_undefined_function, .ssl_renegotiate_check = ssl_ok, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, @@ -293,7 +288,6 @@ static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, @@ -324,7 +318,6 @@ static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, @@ -355,7 +348,6 @@ static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, @@ -440,7 +432,6 @@ static const SSL_METHOD_INTERNAL TLS_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl_undefined_function, .ssl_renegotiate_check = ssl_ok, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, @@ -471,7 +462,6 @@ static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, @@ -502,7 +492,6 @@ static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, @@ -533,7 +522,6 @@ static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, @@ -607,11 +595,10 @@ static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl_undefined_function, .ssl_renegotiate_check = ssl_ok, - .ssl_get_message = ssl3_get_message, .ssl_pending = tls13_legacy_pending, .ssl_read_bytes = tls13_legacy_read_bytes, .ssl_write_bytes = tls13_legacy_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, + .ssl3_enc = &TLSv1_3_enc_data, }; static const SSL_METHOD TLS_server_method_data = { @@ -639,7 +626,6 @@ static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl_undefined_function, .ssl_renegotiate_check = ssl_ok, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, @@ -670,7 +656,6 @@ static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, @@ -701,7 +686,6 @@ static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, @@ -732,7 +716,6 @@ static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = { .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_get_message = ssl3_get_message, .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 26b24f4f22..6b49afe6a8 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.69 2020/01/23 08:04:50 beck Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.70 2020/01/23 10:48:37 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -815,7 +815,7 @@ ssl3_get_client_hello(SSL *s) } s->internal->first_packet = 1; - n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, + n = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) @@ -2060,7 +2060,7 @@ ssl3_get_client_key_exchange(SSL *s) long n; /* 2048 maxlen is a guess. How long a key does that permit? */ - n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A, + n = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A, SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok); if (!ok) return ((int)n); @@ -2122,7 +2122,7 @@ ssl3_get_cert_verify(SSL *s) EVP_MD_CTX_init(&mctx); - n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, + n = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) return ((int)n); @@ -2345,9 +2345,8 @@ ssl3_get_client_certificate(SSL *s) const unsigned char *q; STACK_OF(X509) *sk = NULL; - n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, + n = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, -1, s->internal->max_cert_list, &ok); - if (!ok) return ((int)n); -- cgit v1.2.3-55-g6feb