diff options
| author |   jsing <jsing@openbsd.org> | 2021-03-21 18:36:34 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2021-03-21 18:36:34 +0000 |
| commit | d4edc922de00e0977a67ceb1c4b74ab035533c7e (patch) | |
| tree | 3197dd6f6f75325215a27d268f794d3633bf34ac /lib/libssl/s3_lib.c | |
| parent | Use new terminology of RFC 8981 and (mechanically) replace "privacy" (diff) | |
| download | wireguard-openbsd-d4edc922de00e0977a67ceb1c4b74ab035533c7e.tar.xz wireguard-openbsd-d4edc922de00e0977a67ceb1c4b74ab035533c7e.zip | |
Move the TLSv1.3 handshake struct inside the shared handshake struct.
There are currently three different handshake structs that are in use -
the SSL_HANDSHAKE struct (as S3I(s)->hs), the SSL_HANDSHAKE_TLS13 struct
(as S3I(s)->hs_tls13 or ctx->hs in the TLSv1.3 code) and the infamous
'tmp' embedded in SSL3_STATE_INTERNAL (as S3I(s)->tmp)).
This is the first step towards cleaning up the handshake structs so that
shared data is in the SSL_HANDSHAKE struct, with sub-structs for TLSv1.2
and TLSv1.3 specific information. Place SSL_HANDSHAKE_TLS13 inside
SSL_HANDSHAKE and change ctx->hs to refer to the SSL_HANDSHAKE struct
instead of the SSL_HANDSHAKE_TLS13 struct. This allows the TLSv1.3 code
to access the shared handshake data without needing the SSL struct.
ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl/s3_lib.c')
| -rw-r--r-- | lib/libssl/s3_lib.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 75f71c4c7d3..5e39907d9c6 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.204 2021/02/07 15:26:32 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.205 2021/03/21 18:36:34 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1565,10 +1565,10 @@ ssl3_free(SSL *s) EC_KEY_free(S3I(s)->tmp.ecdh); freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); - tls13_key_share_free(S3I(s)->hs_tls13.key_share); - tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); - freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); - tls13_clienthello_hash_clear(&S3I(s)->hs_tls13); + tls13_key_share_free(S3I(s)->hs.tls13.key_share); + tls13_secrets_destroy(S3I(s)->hs.tls13.secrets); + freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len); + tls13_clienthello_hash_clear(&S3I(s)->hs.tls13); sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); @@ -1605,15 +1605,15 @@ ssl3_clear(SSL *s) S3I(s)->hs.sigalgs = NULL; S3I(s)->hs.sigalgs_len = 0; - tls13_key_share_free(S3I(s)->hs_tls13.key_share); - S3I(s)->hs_tls13.key_share = NULL; + tls13_key_share_free(S3I(s)->hs.tls13.key_share); + S3I(s)->hs.tls13.key_share = NULL; - tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); - S3I(s)->hs_tls13.secrets = NULL; - freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); - S3I(s)->hs_tls13.cookie = NULL; - S3I(s)->hs_tls13.cookie_len = 0; - tls13_clienthello_hash_clear(&S3I(s)->hs_tls13); + tls13_secrets_destroy(S3I(s)->hs.tls13.secrets); + S3I(s)->hs.tls13.secrets = NULL; + freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len); + S3I(s)->hs.tls13.cookie = NULL; + S3I(s)->hs.tls13.cookie_len = 0; + tls13_clienthello_hash_clear(&S3I(s)->hs.tls13); S3I(s)->hs.extensions_seen = 0; @@ -1678,8 +1678,8 @@ _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key) } else if (sc->peer_x25519_tmp != NULL) { if (!ssl_kex_dummy_ecdhe_x25519(pkey)) goto err; - } else if (S3I(s)->hs_tls13.key_share != NULL) { - if (!tls13_key_share_peer_pkey(S3I(s)->hs_tls13.key_share, + } else if (S3I(s)->hs.tls13.key_share != NULL) { + if (!tls13_key_share_peer_pkey(S3I(s)->hs.tls13.key_share, pkey)) goto err; } else { |