summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/d1_clnt.c5
-rw-r--r--lib/libssl/ssl_both.c7
-rw-r--r--lib/libssl/ssl_clnt.c24
-rw-r--r--lib/libssl/ssl_locl.h4
-rw-r--r--lib/libssl/ssl_methods.c23
-rw-r--r--lib/libssl/ssl_srvr.c11
6 files changed, 27 insertions, 47 deletions
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index ee21a1bebc3..b660589d06d 100644
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.82 2018/11/05 05:45:15 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.83 2020/01/23 10:48:37 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -136,9 +136,8 @@ dtls1_get_hello_verify(SSL *s)
uint16_t ssl_version;
CBS hello_verify_request, cookie;
- n = s->method->internal->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
+ n = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok);
-
if (!ok)
return ((int)n);
diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index 6bd5f08111a..8ec94542c22 100644
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.15 2019/03/25 16:35:48 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.16 2020/01/23 10:48:37 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -248,7 +248,7 @@ ssl3_get_finished(SSL *s, int a, int b)
CBS cbs;
/* should actually be 36+4 :-) */
- n = s->method->internal->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
+ n = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
if (!ok)
return ((int)n);
@@ -447,6 +447,9 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
CBS cbs;
uint8_t u8;
+ if (SSL_IS_DTLS(s))
+ return (dtls1_get_message(s, st1, stn, mt, max, ok));
+
if (S3I(s)->tmp.reuse_message) {
S3I(s)->tmp.reuse_message = 0;
if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 90aa80f5220..22e02735c8b 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.61 2019/03/31 15:49:03 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.62 2020/01/23 10:48:37 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -811,7 +811,7 @@ ssl3_get_server_hello(SSL *s)
long n;
s->internal->first_packet = 1;
- n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
+ n = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
if (!ok)
return ((int)n);
@@ -1048,9 +1048,8 @@ ssl3_get_server_certificate(SSL *s)
SESS_CERT *sc;
EVP_PKEY *pkey = NULL;
- n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A,
+ n = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
-
if (!ok)
return ((int)n);
@@ -1443,7 +1442,7 @@ ssl3_get_server_key_exchange(SSL *s)
* Use same message size as in ssl3_get_certificate_request()
* as ServerKeyExchange message may be skipped.
*/
- n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
+ n = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok);
if (!ok)
return ((int)n);
@@ -1611,9 +1610,8 @@ ssl3_get_certificate_request(SSL *s)
const unsigned char *q;
STACK_OF(X509_NAME) *ca_sk = NULL;
- n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
+ n = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A,
SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok);
-
if (!ok)
return ((int)n);
@@ -1765,7 +1763,7 @@ ssl3_get_new_session_ticket(SSL *s)
long n;
CBS cbs, session_ticket;
- n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
+ n = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
if (!ok)
return ((int)n);
@@ -1841,10 +1839,9 @@ ssl3_get_cert_status(SSL *s)
long n;
uint8_t status_type;
- n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
+ n = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
16384, &ok);
-
if (!ok)
return ((int)n);
@@ -1913,12 +1910,12 @@ ssl3_get_server_done(SSL *s)
int ok, ret = 0;
long n;
- n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
+ n = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
30, /* should be very small, like 0 :-) */ &ok);
-
if (!ok)
return ((int)n);
+
if (n > 0) {
/* should contain no data */
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
@@ -2796,10 +2793,11 @@ ssl3_check_finished(SSL *s)
return (1);
/* this function is called when we really expect a Certificate
* message, so permit appropriate message length */
- n = s->method->internal->ssl_get_message(s, SSL3_ST_CR_CERT_A,
+ n = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
if (!ok)
return ((int)n);
+
S3I(s)->tmp.reuse_message = 1;
if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) ||
(S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 6703e8feeeb..cd6f13d127d 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.255 2020/01/23 10:40:59 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.256 2020/01/23 10:48:37 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -393,8 +393,6 @@ typedef struct ssl_method_internal_st {
int (*ssl_renegotiate)(SSL *s);
int (*ssl_renegotiate_check)(SSL *s);
- long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
- long max, int *ok);
int (*ssl_pending)(const SSL *s);
int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,
int peek);
diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c
index 8e4b678d3af..208de33c017 100644
--- a/lib/libssl/ssl_methods.c
+++ b/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.10 2020/01/23 05:08:30 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.11 2020/01/23 10:48:37 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -74,7 +74,6 @@ static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = dtls1_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = dtls1_read_bytes,
.ssl_write_bytes = dtls1_write_app_data_bytes,
@@ -127,7 +126,6 @@ static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = dtls1_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = dtls1_read_bytes,
.ssl_write_bytes = dtls1_write_app_data_bytes,
@@ -178,7 +176,6 @@ static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = dtls1_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = dtls1_read_bytes,
.ssl_write_bytes = dtls1_write_app_data_bytes,
@@ -230,11 +227,10 @@ static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl_undefined_function,
.ssl_renegotiate_check = ssl_ok,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = tls13_legacy_pending,
.ssl_read_bytes = tls13_legacy_read_bytes,
.ssl_write_bytes = tls13_legacy_write_bytes,
- .ssl3_enc = &TLSv1_2_enc_data,
+ .ssl3_enc = &TLSv1_3_enc_data,
};
static const SSL_METHOD TLS_client_method_data = {
@@ -262,7 +258,6 @@ static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl_undefined_function,
.ssl_renegotiate_check = ssl_ok,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
@@ -293,7 +288,6 @@ static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
@@ -324,7 +318,6 @@ static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
@@ -355,7 +348,6 @@ static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
@@ -440,7 +432,6 @@ static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl_undefined_function,
.ssl_renegotiate_check = ssl_ok,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
@@ -471,7 +462,6 @@ static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
@@ -502,7 +492,6 @@ static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
@@ -533,7 +522,6 @@ static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
@@ -607,11 +595,10 @@ static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl_undefined_function,
.ssl_renegotiate_check = ssl_ok,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = tls13_legacy_pending,
.ssl_read_bytes = tls13_legacy_read_bytes,
.ssl_write_bytes = tls13_legacy_write_bytes,
- .ssl3_enc = &TLSv1_2_enc_data,
+ .ssl3_enc = &TLSv1_3_enc_data,
};
static const SSL_METHOD TLS_server_method_data = {
@@ -639,7 +626,6 @@ static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl_undefined_function,
.ssl_renegotiate_check = ssl_ok,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
@@ -670,7 +656,6 @@ static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
@@ -701,7 +686,6 @@ static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
@@ -732,7 +716,6 @@ static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_get_message = ssl3_get_message,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 26b24f4f22a..6b49afe6a81 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.69 2020/01/23 08:04:50 beck Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.70 2020/01/23 10:48:37 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -815,7 +815,7 @@ ssl3_get_client_hello(SSL *s)
}
s->internal->first_packet = 1;
- n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
+ n = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
SSL3_RT_MAX_PLAIN_LENGTH, &ok);
if (!ok)
@@ -2060,7 +2060,7 @@ ssl3_get_client_key_exchange(SSL *s)
long n;
/* 2048 maxlen is a guess. How long a key does that permit? */
- n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
+ n = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
if (!ok)
return ((int)n);
@@ -2122,7 +2122,7 @@ ssl3_get_cert_verify(SSL *s)
EVP_MD_CTX_init(&mctx);
- n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
+ n = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
if (!ok)
return ((int)n);
@@ -2345,9 +2345,8 @@ ssl3_get_client_certificate(SSL *s)
const unsigned char *q;
STACK_OF(X509) *sk = NULL;
- n = s->method->internal->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
+ n = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
-1, s->internal->max_cert_list, &ok);
-
if (!ok)
return ((int)n);
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.