diff options
Diffstat (limited to 'lib/libssl/tls13_server.c')
| -rw-r--r-- | lib/libssl/tls13_server.c | 92 |
1 files changed, 46 insertions, 46 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 29c63bcd06b..658aef2cfee 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.71 2021/03/10 18:27:02 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.72 2021/03/21 18:36:34 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -29,12 +29,12 @@ tls13_server_init(struct tls13_ctx *ctx) { SSL *s = ctx->ssl; - if (!ssl_supported_tls_version_range(s, &S3I(s)->hs.our_min_tls_version, - &S3I(s)->hs.our_max_tls_version)) { + if (!ssl_supported_tls_version_range(s, &ctx->hs->our_min_tls_version, + &ctx->hs->our_max_tls_version)) { SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); return 0; } - s->version = S3I(s)->hs.our_max_tls_version; + s->version = ctx->hs->our_max_tls_version; tls13_record_layer_set_retry_after_phh(ctx->rl, (s->internal->mode & SSL_MODE_AUTO_RETRY) != 0); @@ -163,7 +163,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) goto err; return tls13_use_legacy_server(ctx); } - S3I(s)->hs.negotiated_tls_version = TLS1_3_VERSION; + ctx->hs->negotiated_tls_version = TLS1_3_VERSION; /* Add decoded values to the current ClientHello hash */ if (!tls13_clienthello_hash_init(ctx)) { @@ -198,7 +198,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) } /* Finalize first ClientHello hash, or validate against it */ - if (!ctx->hs->hrr) { + if (!ctx->hs->tls13.hrr) { if (!tls13_clienthello_hash_finalize(ctx)) { ctx->alert = TLS13_ALERT_INTERNAL_ERROR; goto err; @@ -208,7 +208,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; goto err; } - tls13_clienthello_hash_clear(ctx->hs); + tls13_clienthello_hash_clear(&ctx->hs->tls13); } if (!tls13_client_hello_required_extensions(ctx)) { @@ -226,13 +226,13 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) } /* Store legacy session identifier so we can echo it. */ - if (CBS_len(&session_id) > sizeof(ctx->hs->legacy_session_id)) { + if (CBS_len(&session_id) > sizeof(ctx->hs->tls13.legacy_session_id)) { ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER; goto err; } - if (!CBS_write_bytes(&session_id, ctx->hs->legacy_session_id, - sizeof(ctx->hs->legacy_session_id), - &ctx->hs->legacy_session_id_len)) { + if (!CBS_write_bytes(&session_id, ctx->hs->tls13.legacy_session_id, + sizeof(ctx->hs->tls13.legacy_session_id), + &ctx->hs->tls13.legacy_session_id_len)) { ctx->alert = TLS13_ALERT_INTERNAL_ERROR; goto err; } @@ -249,7 +249,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE; goto err; } - S3I(s)->hs.new_cipher = cipher; + ctx->hs->new_cipher = cipher; sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers = ciphers; @@ -293,7 +293,7 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) * has been enabled. This would probably mean using either an * INITIAL | WITHOUT_HRR state, or another intermediate state. */ - if (ctx->hs->key_share != NULL) + if (ctx->hs->tls13.key_share != NULL) ctx->handshake_stage.hs_type |= NEGOTIATED | WITHOUT_HRR; /* XXX - check this is the correct point */ @@ -314,7 +314,7 @@ tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr) SSL *s = ctx->ssl; uint16_t cipher; - cipher = SSL_CIPHER_get_value(S3I(s)->hs.new_cipher); + cipher = SSL_CIPHER_get_value(ctx->hs->new_cipher); server_random = s->s3->server_random; if (hrr) { @@ -328,8 +328,8 @@ tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr) goto err; if (!CBB_add_u8_length_prefixed(cbb, &session_id)) goto err; - if (!CBB_add_bytes(&session_id, ctx->hs->legacy_session_id, - ctx->hs->legacy_session_id_len)) + if (!CBB_add_bytes(&session_id, ctx->hs->tls13.legacy_session_id, + ctx->hs->tls13.legacy_session_id_len)) goto err; if (!CBB_add_u16(cbb, cipher)) goto err; @@ -358,20 +358,20 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx) SSL *s = ctx->ssl; int ret = 0; - if (!tls13_key_share_derive(ctx->hs->key_share, + if (!tls13_key_share_derive(ctx->hs->tls13.key_share, &shared_key, &shared_key_len)) goto err; - s->session->cipher = S3I(s)->hs.new_cipher; + s->session->cipher = ctx->hs->new_cipher; - if ((ctx->aead = tls13_cipher_aead(S3I(s)->hs.new_cipher)) == NULL) + if ((ctx->aead = tls13_cipher_aead(ctx->hs->new_cipher)) == NULL) goto err; - if ((ctx->hash = tls13_cipher_hash(S3I(s)->hs.new_cipher)) == NULL) + if ((ctx->hash = tls13_cipher_hash(ctx->hs->new_cipher)) == NULL) goto err; if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL) goto err; - ctx->hs->secrets = secrets; + ctx->hs->tls13.secrets = secrets; /* XXX - pass in hash. */ if (!tls1_transcript_hash_init(s)) @@ -388,7 +388,7 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx) goto err; /* Handshake secrets. */ - if (!tls13_derive_handshake_secrets(ctx->hs->secrets, shared_key, + if (!tls13_derive_handshake_secrets(ctx->hs->tls13.secrets, shared_key, shared_key_len, &context)) goto err; @@ -418,16 +418,16 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb) { int nid; - ctx->hs->hrr = 1; + ctx->hs->tls13.hrr = 1; if (!tls13_synthetic_handshake_message(ctx)) return 0; - if (ctx->hs->key_share != NULL) + if (ctx->hs->tls13.key_share != NULL) return 0; if ((nid = tls1_get_shared_curve(ctx->ssl)) == NID_undef) return 0; - if ((ctx->hs->server_group = tls1_ec_nid2curve_id(nid)) == 0) + if ((ctx->hs->tls13.server_group = tls1_ec_nid2curve_id(nid)) == 0) return 0; if (!tls13_server_hello_build(ctx, cbb, 1)) @@ -444,7 +444,7 @@ tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx) * we MUST send a dummy CCS following our first handshake message. * See RFC 8446 Appendix D.4. */ - if (ctx->hs->legacy_session_id_len > 0) + if (ctx->hs->tls13.legacy_session_id_len > 0) ctx->send_dummy_ccs_after = 1; return 1; @@ -462,7 +462,7 @@ tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs) if (s->method->internal->version < TLS1_3_VERSION) return 0; - ctx->hs->hrr = 0; + ctx->hs->tls13.hrr = 0; return 1; } @@ -483,14 +483,14 @@ tls13_servername_process(struct tls13_ctx *ctx) int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) { - if (ctx->hs->key_share == NULL) + if (ctx->hs->tls13.key_share == NULL) return 0; - if (!tls13_key_share_generate(ctx->hs->key_share)) + if (!tls13_key_share_generate(ctx->hs->tls13.key_share)) return 0; if (!tls13_servername_process(ctx)) return 0; - ctx->hs->server_group = 0; + ctx->hs->tls13.server_group = 0; if (!tls13_server_hello_build(ctx, cbb, 0)) return 0; @@ -507,7 +507,7 @@ tls13_server_hello_sent(struct tls13_ctx *ctx) * See RFC 8446 Appendix D.4. */ if ((ctx->handshake_stage.hs_type & WITHOUT_HRR) && - ctx->hs->legacy_session_id_len > 0) + ctx->hs->tls13.legacy_session_id_len > 0) ctx->send_dummy_ccs_after = 1; return tls13_server_engage_record_protection(ctx); @@ -633,8 +633,8 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) goto err; } - ctx->hs->cpk = cpk; - ctx->hs->sigalg = sigalg; + ctx->hs->tls13.cpk = cpk; + ctx->hs->tls13.sigalg = sigalg; if ((chain = cpk->chain) == NULL) chain = s->ctx->extra_certs; @@ -705,9 +705,9 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) memset(&sig_cbb, 0, sizeof(sig_cbb)); - if ((cpk = ctx->hs->cpk) == NULL) + if ((cpk = ctx->hs->tls13.cpk) == NULL) goto err; - if ((sigalg = ctx->hs->sigalg) == NULL) + if ((sigalg = ctx->hs->tls13.sigalg) == NULL) goto err; pkey = cpk->privatekey; @@ -721,8 +721,8 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) goto err; if (!CBB_add_u8(&sig_cbb, 0)) goto err; - if (!CBB_add_bytes(&sig_cbb, ctx->hs->transcript_hash, - ctx->hs->transcript_hash_len)) + if (!CBB_add_bytes(&sig_cbb, ctx->hs->tls13.transcript_hash, + ctx->hs->tls13.transcript_hash_len)) goto err; if (!CBB_finish(&sig_cbb, &sig_content, &sig_content_len)) goto err; @@ -773,7 +773,7 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) int tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) { - struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; struct tls13_secret context = { .data = "", .len = 0 }; struct tls13_secret finished_key = { .data = NULL, .len = 0 } ; uint8_t transcript_hash[EVP_MAX_MD_SIZE]; @@ -831,14 +831,14 @@ tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb) int tls13_server_finished_sent(struct tls13_ctx *ctx) { - struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; struct tls13_secret context = { .data = "", .len = 0 }; /* * Derive application traffic keys. */ - context.data = ctx->hs->transcript_hash; - context.len = ctx->hs->transcript_hash_len; + context.data = ctx->hs->tls13.transcript_hash; + context.len = ctx->hs->tls13.transcript_hash_len; if (!tls13_derive_application_secrets(secrets, &context)) return 0; @@ -984,8 +984,8 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; if (!CBB_add_u8(&cbb, 0)) goto err; - if (!CBB_add_bytes(&cbb, ctx->hs->transcript_hash, - ctx->hs->transcript_hash_len)) + if (!CBB_add_bytes(&cbb, ctx->hs->tls13.transcript_hash, + ctx->hs->tls13.transcript_hash_len)) goto err; if (!CBB_finish(&cbb, &sig_content, &sig_content_len)) goto err; @@ -1042,7 +1042,7 @@ tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs) int tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) { - struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secrets *secrets = ctx->hs->tls13.secrets; struct tls13_secret context = { .data = "", .len = 0 }; struct tls13_secret finished_key; uint8_t *verify_data = NULL; @@ -1069,8 +1069,8 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len, ctx->hash, NULL)) goto err; - if (!HMAC_Update(hmac_ctx, ctx->hs->transcript_hash, - ctx->hs->transcript_hash_len)) + if (!HMAC_Update(hmac_ctx, ctx->hs->tls13.transcript_hash, + ctx->hs->tls13.transcript_hash_len)) goto err; verify_data_len = HMAC_size(hmac_ctx); if ((verify_data = calloc(1, verify_data_len)) == NULL) |