diff options
| author |   jsing <jsing@openbsd.org> | 2021-03-24 18:40:03 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2021-03-24 18:40:03 +0000 |
| commit | 48b0de1ecd65d8ed698b1f33b26d4371fa34bf53 (patch) | |
| tree | 8bedc538080d41970f2f1205491d37b958752d97 /lib | |
| parent | Improve the tap detection mechanism. (diff) | |
| download | wireguard-openbsd-48b0de1ecd65d8ed698b1f33b26d4371fa34bf53.tar.xz wireguard-openbsd-48b0de1ecd65d8ed698b1f33b26d4371fa34bf53.zip | |
Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data.
Move TLSv1.2 specific components over from SSL_HANDSHAKE.
ok inoguchi@ tb@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 14 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 33 | ||||
| -rw-r--r-- | lib/libssl/ssl_pkt.c | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 18 | ||||
| -rw-r--r-- | lib/libssl/t1_enc.c | 19 |
5 files changed, 48 insertions, 40 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 06941530c6e..0f602bef7e4 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.86 2021/03/11 17:14:46 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.87 2021/03/24 18:40:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -278,7 +278,7 @@ ssl3_connect(SSL *s) if (SSL_is_dtls(s) && D1I(s)->send_cookie) { S3I(s)->hs.state = SSL3_ST_CW_FLUSH; - S3I(s)->hs.next_state = SSL3_ST_CR_SRVR_HELLO_A; + S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A; } else S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; @@ -509,14 +509,14 @@ ssl3_connect(SSL *s) /* clear flags */ if (s->internal->hit) { - S3I(s)->hs.next_state = SSL_ST_OK; + S3I(s)->hs.tls12.next_state = SSL_ST_OK; } else { /* Allow NewSessionTicket if ticket expected */ if (s->internal->tlsext_ticket_expected) - S3I(s)->hs.next_state = + S3I(s)->hs.tls12.next_state = SSL3_ST_CR_SESSION_TICKET_A; else - S3I(s)->hs.next_state = + S3I(s)->hs.tls12.next_state = SSL3_ST_CR_FINISHED_A; } s->internal->init_num = 0; @@ -567,14 +567,14 @@ ssl3_connect(SSL *s) /* If the write error was fatal, stop trying */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; } } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; break; case SSL_ST_OK: diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 33eb3bba7df..5f953b8e64e 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.328 2021/03/21 18:36:34 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.329 2021/03/24 18:40:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -416,6 +416,15 @@ typedef struct cert_pkey_st { STACK_OF(X509) *chain; } CERT_PKEY; +typedef struct ssl_handshake_tls12_st { + /* Used when SSL_ST_FLUSH_DATA is entered. */ + int next_state; + + /* Record-layer key block for TLS 1.2 and earlier. */ + unsigned char *key_block; + size_t key_block_len; +} SSL_HANDSHAKE_TLS12; + typedef struct ssl_handshake_tls13_st { int use_legacy; int hrr; @@ -466,27 +475,25 @@ typedef struct ssl_handshake_st { */ uint16_t negotiated_tls_version; - SSL_HANDSHAKE_TLS13 tls13; - - /* state contains one of the SSL3_ST_* values. */ + /* + * Current handshake state - contains one of the SSL3_ST_* values and + * is used by the TLSv1.2 state machine, as well as being updated by + * the TLSv1.3 stack due to it being exposed externally. + */ int state; - /* used when SSL_ST_FLUSH_DATA is entered */ - int next_state; - - /* new_cipher is the cipher being negotiated in this handshake. */ + /* Cipher being negotiated in this handshake. */ const SSL_CIPHER *new_cipher; - /* key_block is the record-layer key block for TLS 1.2 and earlier. */ - size_t key_block_len; - unsigned char *key_block; - /* Extensions seen in this handshake. */ uint32_t extensions_seen; /* sigalgs offered in this handshake in wire form */ - size_t sigalgs_len; uint8_t *sigalgs; + size_t sigalgs_len; + + SSL_HANDSHAKE_TLS12 tls12; + SSL_HANDSHAKE_TLS13 tls13; } SSL_HANDSHAKE; struct tls12_record_layer; diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index 5b1af504fb5..37bee9e69f0 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.37 2021/03/10 18:27:02 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.38 2021/03/24 18:40:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1163,7 +1163,7 @@ ssl3_do_change_cipher_spec(SSL *s) else i = SSL3_CHANGE_CIPHER_CLIENT_READ; - if (S3I(s)->hs.key_block == NULL) { + if (S3I(s)->hs.tls12.key_block == NULL) { if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 19fedde87ab..3dc87a00c80 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.97 2021/03/11 17:14:47 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.98 2021/03/24 18:40:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -290,9 +290,9 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; if (SSL_is_dtls(s)) - S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A; + S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; else - S3I(s)->hs.next_state = SSL3_ST_SW_HELLO_REQ_C; + S3I(s)->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C; S3I(s)->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; @@ -365,7 +365,7 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; S3I(s)->hs.state = SSL3_ST_SW_FLUSH; - S3I(s)->hs.next_state = SSL3_ST_SR_CLNT_HELLO_A; + S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A; /* HelloVerifyRequest resets Finished MAC. */ tls1_transcript_reset(s); @@ -488,7 +488,7 @@ ssl3_accept(SSL *s) ret = ssl3_send_server_done(s); if (ret <= 0) goto end; - S3I(s)->hs.next_state = SSL3_ST_SR_CERT_A; + S3I(s)->hs.tls12.next_state = SSL3_ST_SR_CERT_A; S3I(s)->hs.state = SSL3_ST_SW_FLUSH; s->internal->init_num = 0; break; @@ -510,14 +510,14 @@ ssl3_accept(SSL *s) /* If the write error was fatal, stop trying. */ if (!BIO_should_retry(s->wbio)) { s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; } } ret = -1; goto end; } s->internal->rwstate = SSL_NOTHING; - S3I(s)->hs.state = S3I(s)->hs.next_state; + S3I(s)->hs.state = S3I(s)->hs.tls12.next_state; break; case SSL3_ST_SR_CERT_A: @@ -674,10 +674,10 @@ ssl3_accept(SSL *s) goto end; S3I(s)->hs.state = SSL3_ST_SW_FLUSH; if (s->internal->hit) { - S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A; + S3I(s)->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A; tls1_transcript_free(s); } else - S3I(s)->hs.next_state = SSL_ST_OK; + S3I(s)->hs.tls12.next_state = SSL_ST_OK; s->internal->init_num = 0; break; diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 05a5b1d9534..5d889fa6654 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.133 2021/02/27 14:20:50 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.134 2021/03/24 18:40:03 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -152,9 +152,9 @@ int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len, void tls1_cleanup_key_block(SSL *s) { - freezero(S3I(s)->hs.key_block, S3I(s)->hs.key_block_len); - S3I(s)->hs.key_block = NULL; - S3I(s)->hs.key_block_len = 0; + freezero(S3I(s)->hs.tls12.key_block, S3I(s)->hs.tls12.key_block_len); + S3I(s)->hs.tls12.key_block = NULL; + S3I(s)->hs.tls12.key_block_len = 0; } void @@ -351,7 +351,7 @@ tls1_change_cipher_state(SSL *s, int which) mac_secret_size = S3I(s)->tmp.new_mac_secret_size; - key_block = S3I(s)->hs.key_block; + key_block = S3I(s)->hs.tls12.key_block; client_write_mac_secret = key_block; key_block += mac_secret_size; server_write_mac_secret = key_block; @@ -375,7 +375,8 @@ tls1_change_cipher_state(SSL *s, int which) iv = server_write_iv; } - if (key_block - S3I(s)->hs.key_block != S3I(s)->hs.key_block_len) { + if (key_block - S3I(s)->hs.tls12.key_block != + S3I(s)->hs.tls12.key_block_len) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } @@ -410,7 +411,7 @@ tls1_setup_key_block(SSL *s) const EVP_MD *mac_hash = NULL; int ret = 0; - if (S3I(s)->hs.key_block_len != 0) + if (S3I(s)->hs.tls12.key_block_len != 0) return (1); if (s->session->cipher && @@ -451,8 +452,8 @@ tls1_setup_key_block(SSL *s) } key_block_len = (mac_secret_size + key_len + iv_len) * 2; - S3I(s)->hs.key_block_len = key_block_len; - S3I(s)->hs.key_block = key_block; + S3I(s)->hs.tls12.key_block_len = key_block_len; + S3I(s)->hs.tls12.key_block = key_block; if (!tls1_generate_key_block(s, key_block, key_block_len)) goto err; |