From af6a663711d3d3993dad528fa53865494ffaca28 Mon Sep 17 00:00:00 2001 From: guenther <> Date: Sun, 11 Oct 2020 12:45:52 +0000 Subject: SSL3_ENC_METHOD is just a flag word; merge it into SSL_METHOD_INTERNAL with #defines for the per-version initializers instead of extern globals. Add SSL_USE_SHA256_PRF() to complete the abstraction. ok tb@ jsing@ --- src/lib/libssl/s3_lib.c | 4 ++-- src/lib/libssl/ssl_locl.h | 31 +++++++++++++++++-------------- src/lib/libssl/ssl_methods.c | 14 +++++++------- src/lib/libssl/t1_lib.c | 15 +-------------- src/lib/libssl/tls13_legacy.c | 6 +----- 5 files changed, 28 insertions(+), 42 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 01afc72ebd..3bd7d65522 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.199 2020/10/11 01:13:04 guenther Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.200 2020/10/11 12:45:51 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2731,7 +2731,7 @@ ssl_get_algorithm2(SSL *s) { long alg2 = S3I(s)->hs.new_cipher->algorithm2; - if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && + if (SSL_USE_SHA256_PRF(s) && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 5d41417df8..f2e1cb97f8 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.303 2020/10/11 02:44:27 tb Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.304 2020/10/11 12:45:52 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -319,15 +319,19 @@ __BEGIN_HIDDEN_DECLS /* See if we use signature algorithms extension. */ #define SSL_USE_SIGALGS(s) \ - (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) + (s->method->internal->enc_flags & SSL_ENC_FLAG_SIGALGS) + +/* See if we use SHA256 default PRF. */ +#define SSL_USE_SHA256_PRF(s) \ + (s->method->internal->enc_flags & SSL_ENC_FLAG_SHA256_PRF) /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ #define SSL_USE_TLS1_2_CIPHERS(s) \ - (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) + (s->method->internal->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) /* Allow TLS 1.3 ciphersuites only. */ #define SSL_USE_TLS1_3_CIPHERS(s) \ - (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS) + (s->method->internal->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS) #define SSL_PKEY_RSA 0 #define SSL_PKEY_ECC 1 @@ -379,7 +383,7 @@ typedef struct ssl_method_internal_st { int peek); int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); - struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ + unsigned int enc_flags; /* SSL_ENC_FLAG_* */ } SSL_METHOD_INTERNAL; typedef struct ssl_session_internal_st { @@ -1063,10 +1067,6 @@ typedef struct sess_cert_st { /*#define SSL_DEBUG */ /*#define RSA_DEBUG */ -typedef struct ssl3_enc_method { - unsigned int enc_flags; -} SSL3_ENC_METHOD; - /* * Flag values for enc_flags. */ @@ -1083,6 +1083,14 @@ typedef struct ssl3_enc_method { /* Allow TLS 1.3 ciphersuites only. */ #define SSL_ENC_FLAG_TLS1_3_CIPHERS (1 << 5) +#define TLSV1_ENC_FLAGS 0 +#define TLSV1_1_ENC_FLAGS 0 +#define TLSV1_2_ENC_FLAGS (SSL_ENC_FLAG_SIGALGS | \ + SSL_ENC_FLAG_SHA256_PRF | \ + SSL_ENC_FLAG_TLS1_2_CIPHERS) +#define TLSV1_3_ENC_FLAGS (SSL_ENC_FLAG_SIGALGS | \ + SSL_ENC_FLAG_TLS1_3_CIPHERS) + /* * ssl_aead_ctx_st contains information about an AEAD that is being used to * encrypt an SSL connection. @@ -1123,11 +1131,6 @@ int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher, const SSL_METHOD *tls_legacy_method(void); const SSL_METHOD *ssl_get_method(uint16_t version); -extern SSL3_ENC_METHOD TLSv1_enc_data; -extern SSL3_ENC_METHOD TLSv1_1_enc_data; -extern SSL3_ENC_METHOD TLSv1_2_enc_data; -extern SSL3_ENC_METHOD TLSv1_3_enc_data; - void ssl_clear_cipher_state(SSL *s); void ssl_clear_cipher_read_state(SSL *s); void ssl_clear_cipher_write_state(SSL *s); diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c index 23c7e97b57..e2d5766e0f 100644 --- a/src/lib/libssl/ssl_methods.c +++ b/src/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.19 2020/10/11 12:45:52 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,7 +74,7 @@ static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .ssl3_enc = &TLSv1_1_enc_data, + .enc_flags = TLSV1_1_ENC_FLAGS, }; static const SSL_METHOD DTLSv1_method_data = { @@ -138,7 +138,7 @@ static const SSL_METHOD_INTERNAL TLS_method_internal_data = { .ssl_pending = tls13_legacy_pending, .ssl_read_bytes = tls13_legacy_read_bytes, .ssl_write_bytes = tls13_legacy_write_bytes, - .ssl3_enc = &TLSv1_3_enc_data, + .enc_flags = TLSV1_3_ENC_FLAGS, }; static const SSL_METHOD TLS_method_data = { @@ -166,7 +166,7 @@ static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, + .enc_flags = TLSV1_2_ENC_FLAGS, }; static const SSL_METHOD TLS_legacy_method_data = { @@ -193,7 +193,7 @@ static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_enc_data, + .enc_flags = TLSV1_ENC_FLAGS, }; static const SSL_METHOD TLSv1_method_data = { @@ -220,7 +220,7 @@ static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_1_enc_data, + .enc_flags = TLSV1_1_ENC_FLAGS, }; static const SSL_METHOD TLSv1_1_method_data = { @@ -247,7 +247,7 @@ static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, + .enc_flags = TLSV1_2_ENC_FLAGS, }; static const SSL_METHOD TLSv1_2_method_data = { diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 5635c8ff43..10ca80c4fe 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.177 2020/10/07 08:43:34 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.178 2020/10/11 12:45:52 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -125,19 +125,6 @@ static int tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess); -SSL3_ENC_METHOD TLSv1_enc_data = { - .enc_flags = 0, -}; - -SSL3_ENC_METHOD TLSv1_1_enc_data = { - .enc_flags = 0, -}; - -SSL3_ENC_METHOD TLSv1_2_enc_data = { - .enc_flags = SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF| - SSL_ENC_FLAG_TLS1_2_CIPHERS, -}; - int tls1_new(SSL *s) { diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index a9a7fff3e0..463d56372e 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.17 2020/10/11 02:59:47 jsing Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.18 2020/10/11 12:45:52 guenther Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -20,10 +20,6 @@ #include "ssl_locl.h" #include "tls13_internal.h" -SSL3_ENC_METHOD TLSv1_3_enc_data = { - .enc_flags = SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_TLS1_3_CIPHERS, -}; - static ssize_t tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len) { -- cgit v1.2.3-55-g6feb