This cuts down on a lot of unchecked ssl->s3->hs accesses. Next is probably the mass of extensions callbacks, and then we can play whack-a-mole with git grep. Change-Id: I81c506ea25c2569a51ceda903853465b8b567b0f Reviewed-on: https://boringssl-review.googlesource.com/12237 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>kris/onging/CECPQ3_patch15
@@ -170,21 +170,21 @@ | |||
#include "internal.h" | |||
static int ssl3_send_client_hello(SSL *ssl); | |||
static int dtls1_get_hello_verify(SSL *ssl); | |||
static int ssl3_get_server_hello(SSL *ssl); | |||
static int ssl3_get_server_certificate(SSL *ssl); | |||
static int ssl3_get_cert_status(SSL *ssl); | |||
static int ssl3_verify_server_cert(SSL *ssl); | |||
static int ssl3_get_server_key_exchange(SSL *ssl); | |||
static int ssl3_get_certificate_request(SSL *ssl); | |||
static int ssl3_get_server_hello_done(SSL *ssl); | |||
static int ssl3_send_client_certificate(SSL *ssl); | |||
static int ssl3_send_client_key_exchange(SSL *ssl); | |||
static int ssl3_send_cert_verify(SSL *ssl); | |||
static int ssl3_send_next_proto(SSL *ssl); | |||
static int ssl3_send_channel_id(SSL *ssl); | |||
static int ssl3_get_new_session_ticket(SSL *ssl); | |||
static int ssl3_send_client_hello(SSL_HANDSHAKE *hs); | |||
static int dtls1_get_hello_verify(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_server_hello(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_server_certificate(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_cert_status(SSL_HANDSHAKE *hs); | |||
static int ssl3_verify_server_cert(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_server_key_exchange(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_certificate_request(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_server_hello_done(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_client_certificate(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_client_key_exchange(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_cert_verify(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_next_proto(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_channel_id(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_new_session_ticket(SSL_HANDSHAKE *hs); | |||
int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
@@ -216,7 +216,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_CW_CLNT_HELLO_A: | |||
case SSL3_ST_CW_CLNT_HELLO_B: | |||
ret = ssl3_send_client_hello(ssl); | |||
ret = ssl3_send_client_hello(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -231,7 +231,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: | |||
assert(SSL_is_dtls(ssl)); | |||
ret = dtls1_get_hello_verify(ssl); | |||
ret = dtls1_get_hello_verify(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -244,7 +244,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
break; | |||
case SSL3_ST_CR_SRVR_HELLO_A: | |||
ret = ssl3_get_server_hello(ssl); | |||
ret = ssl3_get_server_hello(hs); | |||
if (ssl->state == SSL_ST_TLS13) { | |||
break; | |||
} | |||
@@ -261,7 +261,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_CR_CERT_A: | |||
if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { | |||
ret = ssl3_get_server_certificate(ssl); | |||
ret = ssl3_get_server_certificate(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -273,7 +273,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_CR_CERT_STATUS_A: | |||
if (hs->certificate_status_expected) { | |||
ret = ssl3_get_cert_status(ssl); | |||
ret = ssl3_get_cert_status(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -285,7 +285,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_VERIFY_SERVER_CERT: | |||
if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { | |||
ret = ssl3_verify_server_cert(ssl); | |||
ret = ssl3_verify_server_cert(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -296,7 +296,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
break; | |||
case SSL3_ST_CR_KEY_EXCH_A: | |||
ret = ssl3_get_server_key_exchange(ssl); | |||
ret = ssl3_get_server_key_exchange(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -305,7 +305,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_CR_CERT_REQ_A: | |||
if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { | |||
ret = ssl3_get_certificate_request(ssl); | |||
ret = ssl3_get_certificate_request(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -316,7 +316,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
break; | |||
case SSL3_ST_CR_SRVR_DONE_A: | |||
ret = ssl3_get_server_hello_done(ssl); | |||
ret = ssl3_get_server_hello_done(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -328,7 +328,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_CW_CERT_B: | |||
case SSL3_ST_CW_CERT_C: | |||
if (hs->cert_request) { | |||
ret = ssl3_send_client_certificate(ssl); | |||
ret = ssl3_send_client_certificate(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -340,7 +340,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_CW_KEY_EXCH_A: | |||
case SSL3_ST_CW_KEY_EXCH_B: | |||
ret = ssl3_send_client_key_exchange(ssl); | |||
ret = ssl3_send_client_key_exchange(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -351,7 +351,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_CW_CERT_VRFY_B: | |||
case SSL3_ST_CW_CERT_VRFY_C: | |||
if (hs->cert_request) { | |||
ret = ssl3_send_cert_verify(ssl); | |||
ret = ssl3_send_cert_verify(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -379,7 +379,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_CW_NEXT_PROTO_A: | |||
case SSL3_ST_CW_NEXT_PROTO_B: | |||
if (hs->next_proto_neg_seen) { | |||
ret = ssl3_send_next_proto(ssl); | |||
ret = ssl3_send_next_proto(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -392,7 +392,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_CW_CHANNEL_ID_A: | |||
case SSL3_ST_CW_CHANNEL_ID_B: | |||
if (ssl->s3->tlsext_channel_id_valid) { | |||
ret = ssl3_send_channel_id(ssl); | |||
ret = ssl3_send_channel_id(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -404,7 +404,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_CW_FINISHED_A: | |||
case SSL3_ST_CW_FINISHED_B: | |||
ret = ssl3_send_finished(ssl, SSL3_ST_CW_FINISHED_A, | |||
ret = ssl3_send_finished(hs, SSL3_ST_CW_FINISHED_A, | |||
SSL3_ST_CW_FINISHED_B); | |||
if (ret <= 0) { | |||
goto end; | |||
@@ -444,7 +444,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_CR_SESSION_TICKET_A: | |||
if (hs->ticket_expected) { | |||
ret = ssl3_get_new_session_ticket(ssl); | |||
ret = ssl3_get_new_session_ticket(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -468,7 +468,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
break; | |||
case SSL3_ST_CR_FINISHED_A: | |||
ret = ssl3_get_finished(ssl); | |||
ret = ssl3_get_finished(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -494,7 +494,7 @@ int ssl3_connect(SSL_HANDSHAKE *hs) { | |||
break; | |||
case SSL_ST_TLS13: | |||
ret = tls13_handshake(ssl); | |||
ret = tls13_handshake(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -720,7 +720,8 @@ int ssl_write_client_hello(SSL *ssl) { | |||
return 0; | |||
} | |||
static int ssl3_send_client_hello(SSL *ssl) { | |||
static int ssl3_send_client_hello(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_CW_CLNT_HELLO_B) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -781,7 +782,8 @@ static int ssl3_send_client_hello(SSL *ssl) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
static int dtls1_get_hello_verify(SSL *ssl) { | |||
static int dtls1_get_hello_verify(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int al; | |||
CBS hello_verify_request, cookie; | |||
uint16_t server_version; | |||
@@ -823,7 +825,8 @@ f_err: | |||
return -1; | |||
} | |||
static int ssl3_get_server_hello(SSL *ssl) { | |||
static int ssl3_get_server_hello(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
CERT *ct = ssl->cert; | |||
int al = SSL_AD_INTERNAL_ERROR; | |||
CBS server_hello, server_random, session_id; | |||
@@ -886,7 +889,7 @@ static int ssl3_get_server_hello(SSL *ssl) { | |||
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) { | |||
ssl->state = SSL_ST_TLS13; | |||
ssl->s3->hs->do_tls13_handshake = tls13_client_handshake; | |||
hs->do_tls13_handshake = tls13_client_handshake; | |||
return 1; | |||
} | |||
@@ -1027,7 +1030,8 @@ err: | |||
return -1; | |||
} | |||
static int ssl3_get_server_certificate(SSL *ssl) { | |||
static int ssl3_get_server_certificate(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int ret = | |||
ssl->method->ssl_get_message(ssl, SSL3_MT_CERTIFICATE, ssl_hash_message); | |||
if (ret <= 0) { | |||
@@ -1071,7 +1075,8 @@ err: | |||
return -1; | |||
} | |||
static int ssl3_get_cert_status(SSL *ssl) { | |||
static int ssl3_get_cert_status(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int al; | |||
CBS certificate_status, ocsp_response; | |||
uint8_t status_type; | |||
@@ -1112,7 +1117,8 @@ f_err: | |||
return -1; | |||
} | |||
static int ssl3_verify_server_cert(SSL *ssl) { | |||
static int ssl3_verify_server_cert(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!ssl_verify_cert_chain(ssl, &ssl->s3->new_session->verify_result, | |||
ssl->s3->new_session->x509_chain)) { | |||
return -1; | |||
@@ -1121,7 +1127,8 @@ static int ssl3_verify_server_cert(SSL *ssl) { | |||
return 1; | |||
} | |||
static int ssl3_get_server_key_exchange(SSL *ssl) { | |||
static int ssl3_get_server_key_exchange(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int al; | |||
EVP_PKEY *pkey = NULL; | |||
DH *dh = NULL; | |||
@@ -1184,7 +1191,7 @@ static int ssl3_get_server_key_exchange(SSL *ssl) { | |||
* empty hint. Having different capabilities is odd, so we interpret empty | |||
* and missing as identical. */ | |||
if (CBS_len(&psk_identity_hint) != 0 && | |||
!CBS_strdup(&psk_identity_hint, &ssl->s3->hs->peer_psk_identity_hint)) { | |||
!CBS_strdup(&psk_identity_hint, &hs->peer_psk_identity_hint)) { | |||
al = SSL_AD_INTERNAL_ERROR; | |||
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); | |||
goto f_err; | |||
@@ -1227,11 +1234,11 @@ static int ssl3_get_server_key_exchange(SSL *ssl) { | |||
goto err; | |||
} | |||
SSL_ECDH_CTX_init_for_dhe(&ssl->s3->hs->ecdh_ctx, dh); | |||
SSL_ECDH_CTX_init_for_dhe(&hs->ecdh_ctx, dh); | |||
dh = NULL; | |||
/* Save the peer public key for later. */ | |||
if (!CBS_stow(&dh_Ys, &ssl->s3->hs->peer_key, &ssl->s3->hs->peer_key_len)) { | |||
if (!CBS_stow(&dh_Ys, &hs->peer_key, &hs->peer_key_len)) { | |||
goto err; | |||
} | |||
} else if (alg_k & SSL_kECDHE) { | |||
@@ -1257,12 +1264,12 @@ static int ssl3_get_server_key_exchange(SSL *ssl) { | |||
} | |||
/* Initialize ECDH and save the peer public key for later. */ | |||
if (!SSL_ECDH_CTX_init(&ssl->s3->hs->ecdh_ctx, group_id) || | |||
!CBS_stow(&point, &ssl->s3->hs->peer_key, &ssl->s3->hs->peer_key_len)) { | |||
if (!SSL_ECDH_CTX_init(&hs->ecdh_ctx, group_id) || | |||
!CBS_stow(&point, &hs->peer_key, &hs->peer_key_len)) { | |||
goto err; | |||
} | |||
} else if (alg_k & SSL_kCECPQ1) { | |||
SSL_ECDH_CTX_init_for_cecpq1(&ssl->s3->hs->ecdh_ctx); | |||
SSL_ECDH_CTX_init_for_cecpq1(&hs->ecdh_ctx); | |||
CBS key; | |||
if (!CBS_get_u16_length_prefixed(&server_key_exchange, &key)) { | |||
al = SSL_AD_DECODE_ERROR; | |||
@@ -1270,7 +1277,7 @@ static int ssl3_get_server_key_exchange(SSL *ssl) { | |||
goto f_err; | |||
} | |||
if (!CBS_stow(&key, &ssl->s3->hs->peer_key, &ssl->s3->hs->peer_key_len)) { | |||
if (!CBS_stow(&key, &hs->peer_key, &hs->peer_key_len)) { | |||
goto err; | |||
} | |||
} else if (!(alg_k & SSL_kPSK)) { | |||
@@ -1375,7 +1382,8 @@ err: | |||
return -1; | |||
} | |||
static int ssl3_get_certificate_request(SSL *ssl) { | |||
static int ssl3_get_certificate_request(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int msg_ret = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message); | |||
if (msg_ret <= 0) { | |||
return msg_ret; | |||
@@ -1406,8 +1414,8 @@ static int ssl3_get_certificate_request(SSL *ssl) { | |||
return -1; | |||
} | |||
if (!CBS_stow(&certificate_types, &ssl->s3->hs->certificate_types, | |||
&ssl->s3->hs->num_certificate_types)) { | |||
if (!CBS_stow(&certificate_types, &hs->certificate_types, | |||
&hs->num_certificate_types)) { | |||
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); | |||
return -1; | |||
} | |||
@@ -1436,13 +1444,14 @@ static int ssl3_get_certificate_request(SSL *ssl) { | |||
return -1; | |||
} | |||
ssl->s3->hs->cert_request = 1; | |||
sk_X509_NAME_pop_free(ssl->s3->hs->ca_names, X509_NAME_free); | |||
ssl->s3->hs->ca_names = ca_sk; | |||
hs->cert_request = 1; | |||
sk_X509_NAME_pop_free(hs->ca_names, X509_NAME_free); | |||
hs->ca_names = ca_sk; | |||
return 1; | |||
} | |||
static int ssl3_get_server_hello_done(SSL *ssl) { | |||
static int ssl3_get_server_hello_done(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int ret = ssl->method->ssl_get_message(ssl, SSL3_MT_SERVER_HELLO_DONE, | |||
ssl_hash_message); | |||
if (ret <= 0) { | |||
@@ -1459,7 +1468,8 @@ static int ssl3_get_server_hello_done(SSL *ssl) { | |||
return 1; | |||
} | |||
static int ssl3_send_client_certificate(SSL *ssl) { | |||
static int ssl3_send_client_certificate(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_CW_CERT_A) { | |||
/* Call cert_cb to update the certificate. */ | |||
if (ssl->cert->cert_cb) { | |||
@@ -1489,7 +1499,7 @@ static int ssl3_send_client_certificate(SSL *ssl) { | |||
} | |||
if (!ssl_has_certificate(ssl)) { | |||
ssl->s3->hs->cert_request = 0; | |||
hs->cert_request = 0; | |||
/* Without a client certificate, the handshake buffer may be released. */ | |||
ssl3_free_handshake_buffer(ssl); | |||
@@ -1513,7 +1523,8 @@ static int ssl3_send_client_certificate(SSL *ssl) { | |||
OPENSSL_COMPILE_ASSERT(sizeof(size_t) >= sizeof(unsigned), | |||
SIZE_T_IS_SMALLER_THAN_UNSIGNED); | |||
static int ssl3_send_client_key_exchange(SSL *ssl) { | |||
static int ssl3_send_client_key_exchange(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_CW_KEY_EXCH_B) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -1541,9 +1552,9 @@ static int ssl3_send_client_key_exchange(SSL *ssl) { | |||
char identity[PSK_MAX_IDENTITY_LEN + 1]; | |||
memset(identity, 0, sizeof(identity)); | |||
psk_len = ssl->psk_client_callback( | |||
ssl, ssl->s3->hs->peer_psk_identity_hint, identity, sizeof(identity), | |||
psk, sizeof(psk)); | |||
psk_len = | |||
ssl->psk_client_callback(ssl, hs->peer_psk_identity_hint, identity, | |||
sizeof(identity), psk, sizeof(psk)); | |||
if (psk_len == 0) { | |||
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND); | |||
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | |||
@@ -1620,15 +1631,14 @@ static int ssl3_send_client_key_exchange(SSL *ssl) { | |||
} else if (alg_k & (SSL_kECDHE|SSL_kDHE|SSL_kCECPQ1)) { | |||
/* Generate a keypair and serialize the public half. */ | |||
CBB child; | |||
if (!SSL_ECDH_CTX_add_key(&ssl->s3->hs->ecdh_ctx, &body, &child)) { | |||
if (!SSL_ECDH_CTX_add_key(&hs->ecdh_ctx, &body, &child)) { | |||
goto err; | |||
} | |||
/* Compute the premaster. */ | |||
uint8_t alert; | |||
if (!SSL_ECDH_CTX_accept(&ssl->s3->hs->ecdh_ctx, &child, &pms, &pms_len, | |||
&alert, ssl->s3->hs->peer_key, | |||
ssl->s3->hs->peer_key_len)) { | |||
if (!SSL_ECDH_CTX_accept(&hs->ecdh_ctx, &child, &pms, &pms_len, &alert, | |||
hs->peer_key, hs->peer_key_len)) { | |||
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); | |||
goto err; | |||
} | |||
@@ -1637,10 +1647,10 @@ static int ssl3_send_client_key_exchange(SSL *ssl) { | |||
} | |||
/* The key exchange state may now be discarded. */ | |||
SSL_ECDH_CTX_cleanup(&ssl->s3->hs->ecdh_ctx); | |||
OPENSSL_free(ssl->s3->hs->peer_key); | |||
ssl->s3->hs->peer_key = NULL; | |||
ssl->s3->hs->peer_key_len = 0; | |||
SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx); | |||
OPENSSL_free(hs->peer_key); | |||
hs->peer_key = NULL; | |||
hs->peer_key_len = 0; | |||
} else if (alg_k & SSL_kPSK) { | |||
/* For plain PSK, other_secret is a block of 0s with the same length as | |||
* the pre-shared key. */ | |||
@@ -1710,7 +1720,8 @@ err: | |||
return -1; | |||
} | |||
static int ssl3_send_cert_verify(SSL *ssl) { | |||
static int ssl3_send_cert_verify(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_CW_CERT_VRFY_C) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -1812,7 +1823,8 @@ err: | |||
return -1; | |||
} | |||
static int ssl3_send_next_proto(SSL *ssl) { | |||
static int ssl3_send_next_proto(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_CW_NEXT_PROTO_B) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -1839,7 +1851,8 @@ static int ssl3_send_next_proto(SSL *ssl) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
static int ssl3_send_channel_id(SSL *ssl) { | |||
static int ssl3_send_channel_id(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_CW_CHANNEL_ID_B) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -1868,7 +1881,8 @@ static int ssl3_send_channel_id(SSL *ssl) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
static int ssl3_get_new_session_ticket(SSL *ssl) { | |||
static int ssl3_get_new_session_ticket(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int ret = ssl->method->ssl_get_message(ssl, SSL3_MT_NEW_SESSION_TICKET, | |||
ssl_hash_message); | |||
if (ret <= 0) { | |||
@@ -1890,7 +1904,7 @@ static int ssl3_get_new_session_ticket(SSL *ssl) { | |||
/* RFC 5077 allows a server to change its mind and send no ticket after | |||
* negotiating the extension. The value of |ticket_expected| is checked in | |||
* |ssl_update_cache| so is cleared here to avoid an unnecessary update. */ | |||
ssl->s3->hs->ticket_expected = 0; | |||
hs->ticket_expected = 0; | |||
return 1; | |||
} | |||
@@ -171,19 +171,19 @@ | |||
#include "../crypto/internal.h" | |||
static int ssl3_get_client_hello(SSL *ssl); | |||
static int ssl3_send_server_hello(SSL *ssl); | |||
static int ssl3_send_server_certificate(SSL *ssl); | |||
static int ssl3_send_certificate_status(SSL *ssl); | |||
static int ssl3_send_server_key_exchange(SSL *ssl); | |||
static int ssl3_send_certificate_request(SSL *ssl); | |||
static int ssl3_send_server_hello_done(SSL *ssl); | |||
static int ssl3_get_client_certificate(SSL *ssl); | |||
static int ssl3_get_client_key_exchange(SSL *ssl); | |||
static int ssl3_get_cert_verify(SSL *ssl); | |||
static int ssl3_get_next_proto(SSL *ssl); | |||
static int ssl3_get_channel_id(SSL *ssl); | |||
static int ssl3_send_new_session_ticket(SSL *ssl); | |||
static int ssl3_get_client_hello(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_server_hello(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_server_certificate(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_certificate_status(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_server_key_exchange(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_certificate_request(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_server_hello_done(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_client_certificate(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_next_proto(SSL_HANDSHAKE *hs); | |||
static int ssl3_get_channel_id(SSL_HANDSHAKE *hs); | |||
static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs); | |||
int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
@@ -227,7 +227,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SR_CLNT_HELLO_C: | |||
case SSL3_ST_SR_CLNT_HELLO_D: | |||
case SSL3_ST_SR_CLNT_HELLO_E: | |||
ret = ssl3_get_client_hello(ssl); | |||
ret = ssl3_get_client_hello(hs); | |||
if (ssl->state == SSL_ST_TLS13) { | |||
break; | |||
} | |||
@@ -240,7 +240,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SW_SRVR_HELLO_A: | |||
case SSL3_ST_SW_SRVR_HELLO_B: | |||
ret = ssl3_send_server_hello(ssl); | |||
ret = ssl3_send_server_hello(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -254,7 +254,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SW_CERT_A: | |||
case SSL3_ST_SW_CERT_B: | |||
if (ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { | |||
ret = ssl3_send_server_certificate(ssl); | |||
ret = ssl3_send_server_certificate(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -267,7 +267,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SW_CERT_STATUS_A: | |||
case SSL3_ST_SW_CERT_STATUS_B: | |||
if (hs->certificate_status_expected) { | |||
ret = ssl3_send_certificate_status(ssl); | |||
ret = ssl3_send_certificate_status(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -285,7 +285,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
/* PSK ciphers send ServerKeyExchange if there is an identity hint. */ | |||
if (ssl_cipher_requires_server_key_exchange(ssl->s3->tmp.new_cipher) || | |||
((alg_a & SSL_aPSK) && ssl->psk_identity_hint)) { | |||
ret = ssl3_send_server_key_exchange(ssl); | |||
ret = ssl3_send_server_key_exchange(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -299,7 +299,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SW_CERT_REQ_A: | |||
case SSL3_ST_SW_CERT_REQ_B: | |||
if (hs->cert_request) { | |||
ret = ssl3_send_certificate_request(ssl); | |||
ret = ssl3_send_certificate_request(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -311,7 +311,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SW_SRVR_DONE_A: | |||
case SSL3_ST_SW_SRVR_DONE_B: | |||
ret = ssl3_send_server_hello_done(ssl); | |||
ret = ssl3_send_server_hello_done(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -321,7 +321,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SR_CERT_A: | |||
if (hs->cert_request) { | |||
ret = ssl3_get_client_certificate(ssl); | |||
ret = ssl3_get_client_certificate(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -331,7 +331,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SR_KEY_EXCH_A: | |||
case SSL3_ST_SR_KEY_EXCH_B: | |||
ret = ssl3_get_client_key_exchange(ssl); | |||
ret = ssl3_get_client_key_exchange(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -339,7 +339,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
break; | |||
case SSL3_ST_SR_CERT_VRFY_A: | |||
ret = ssl3_get_cert_verify(ssl); | |||
ret = ssl3_get_cert_verify(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -363,7 +363,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SR_NEXT_PROTO_A: | |||
if (hs->next_proto_neg_seen) { | |||
ret = ssl3_get_next_proto(ssl); | |||
ret = ssl3_get_next_proto(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -375,7 +375,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SR_CHANNEL_ID_A: | |||
if (ssl->s3->tlsext_channel_id_valid) { | |||
ret = ssl3_get_channel_id(ssl); | |||
ret = ssl3_get_channel_id(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -386,7 +386,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
break; | |||
case SSL3_ST_SR_FINISHED_A: | |||
ret = ssl3_get_finished(ssl); | |||
ret = ssl3_get_finished(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -412,7 +412,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SW_SESSION_TICKET_A: | |||
case SSL3_ST_SW_SESSION_TICKET_B: | |||
if (hs->ticket_expected) { | |||
ret = ssl3_send_new_session_ticket(ssl); | |||
ret = ssl3_send_new_session_ticket(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -437,7 +437,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
case SSL3_ST_SW_FINISHED_A: | |||
case SSL3_ST_SW_FINISHED_B: | |||
ret = ssl3_send_finished(ssl, SSL3_ST_SW_FINISHED_A, | |||
ret = ssl3_send_finished(hs, SSL3_ST_SW_FINISHED_A, | |||
SSL3_ST_SW_FINISHED_B); | |||
if (ret <= 0) { | |||
goto end; | |||
@@ -464,7 +464,7 @@ int ssl3_accept(SSL_HANDSHAKE *hs) { | |||
break; | |||
case SSL_ST_TLS13: | |||
ret = tls13_handshake(ssl); | |||
ret = tls13_handshake(hs); | |||
if (ret <= 0) { | |||
goto end; | |||
} | |||
@@ -653,7 +653,8 @@ unsupported_protocol: | |||
return 0; | |||
} | |||
static int ssl3_get_client_hello(SSL *ssl) { | |||
static int ssl3_get_client_hello(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
uint8_t al = SSL_AD_INTERNAL_ERROR; | |||
int ret = -1; | |||
SSL_SESSION *session = NULL; | |||
@@ -709,7 +710,7 @@ static int ssl3_get_client_hello(SSL *ssl) { | |||
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) { | |||
ssl->state = SSL_ST_TLS13; | |||
ssl->s3->hs->do_tls13_handshake = tls13_server_handshake; | |||
hs->do_tls13_handshake = tls13_server_handshake; | |||
return 1; | |||
} | |||
} | |||
@@ -805,12 +806,12 @@ static int ssl3_get_client_hello(SSL *ssl) { | |||
if (session != NULL) { | |||
/* Use the old session. */ | |||
ssl->s3->hs->ticket_expected = renew_ticket; | |||
hs->ticket_expected = renew_ticket; | |||
ssl->session = session; | |||
session = NULL; | |||
ssl->s3->session_reused = 1; | |||
} else { | |||
ssl->s3->hs->ticket_expected = tickets_supported; | |||
hs->ticket_expected = tickets_supported; | |||
ssl_set_session(ssl, NULL); | |||
if (!ssl_get_new_session(ssl, 1 /* server */)) { | |||
goto err; | |||
@@ -834,8 +835,8 @@ static int ssl3_get_client_hello(SSL *ssl) { | |||
ssl->s3->new_session->cipher = ssl->s3->tmp.new_cipher; | |||
/* On new sessions, stash the SNI value in the session. */ | |||
if (ssl->s3->hs->hostname != NULL) { | |||
ssl->s3->new_session->tlsext_hostname = BUF_strdup(ssl->s3->hs->hostname); | |||
if (hs->hostname != NULL) { | |||
ssl->s3->new_session->tlsext_hostname = BUF_strdup(hs->hostname); | |||
if (ssl->s3->new_session->tlsext_hostname == NULL) { | |||
al = SSL_AD_INTERNAL_ERROR; | |||
goto f_err; | |||
@@ -843,18 +844,18 @@ static int ssl3_get_client_hello(SSL *ssl) { | |||
} | |||
/* Determine whether to request a client certificate. */ | |||
ssl->s3->hs->cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER); | |||
hs->cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER); | |||
/* Only request a certificate if Channel ID isn't negotiated. */ | |||
if ((ssl->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) && | |||
ssl->s3->tlsext_channel_id_valid) { | |||
ssl->s3->hs->cert_request = 0; | |||
hs->cert_request = 0; | |||
} | |||
/* CertificateRequest may only be sent in certificate-based ciphers. */ | |||
if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) { | |||
ssl->s3->hs->cert_request = 0; | |||
hs->cert_request = 0; | |||
} | |||
if (!ssl->s3->hs->cert_request) { | |||
if (!hs->cert_request) { | |||
/* OpenSSL returns X509_V_OK when no certificates are requested. This is | |||
* classed by them as a bug, but it's assumed by at least NGINX. */ | |||
ssl->s3->new_session->verify_result = X509_V_OK; | |||
@@ -873,7 +874,7 @@ static int ssl3_get_client_hello(SSL *ssl) { | |||
} | |||
/* Release the handshake buffer if client authentication isn't required. */ | |||
if (!ssl->s3->hs->cert_request) { | |||
if (!hs->cert_request) { | |||
ssl3_free_handshake_buffer(ssl); | |||
} | |||
@@ -889,7 +890,8 @@ err: | |||
return ret; | |||
} | |||
static int ssl3_send_server_hello(SSL *ssl) { | |||
static int ssl3_send_server_hello(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_SW_SRVR_HELLO_B) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -949,7 +951,8 @@ static int ssl3_send_server_hello(SSL *ssl) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
static int ssl3_send_server_certificate(SSL *ssl) { | |||
static int ssl3_send_server_certificate(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_SW_CERT_B) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -966,7 +969,8 @@ static int ssl3_send_server_certificate(SSL *ssl) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
static int ssl3_send_certificate_status(SSL *ssl) { | |||
static int ssl3_send_certificate_status(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_SW_CERT_STATUS_B) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -988,7 +992,8 @@ static int ssl3_send_certificate_status(SSL *ssl) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
static int ssl3_send_server_key_exchange(SSL *ssl) { | |||
static int ssl3_send_server_key_exchange(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_SW_KEY_EXCH_C) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -1036,13 +1041,13 @@ static int ssl3_send_server_key_exchange(SSL *ssl) { | |||
goto err; | |||
} | |||
SSL_ECDH_CTX_init_for_dhe(&ssl->s3->hs->ecdh_ctx, dh); | |||
SSL_ECDH_CTX_init_for_dhe(&hs->ecdh_ctx, dh); | |||
if (!CBB_add_u16_length_prefixed(&cbb, &child) || | |||
!BN_bn2cbb_padded(&child, BN_num_bytes(params->p), params->p) || | |||
!CBB_add_u16_length_prefixed(&cbb, &child) || | |||
!BN_bn2cbb_padded(&child, BN_num_bytes(params->g), params->g) || | |||
!CBB_add_u16_length_prefixed(&cbb, &child) || | |||
!SSL_ECDH_CTX_offer(&ssl->s3->hs->ecdh_ctx, &child)) { | |||
!SSL_ECDH_CTX_offer(&hs->ecdh_ctx, &child)) { | |||
goto err; | |||
} | |||
} else if (alg_k & SSL_kECDHE) { | |||
@@ -1056,25 +1061,24 @@ static int ssl3_send_server_key_exchange(SSL *ssl) { | |||
ssl->s3->new_session->key_exchange_info = group_id; | |||
/* Set up ECDH, generate a key, and emit the public half. */ | |||
if (!SSL_ECDH_CTX_init(&ssl->s3->hs->ecdh_ctx, group_id) || | |||
if (!SSL_ECDH_CTX_init(&hs->ecdh_ctx, group_id) || | |||
!CBB_add_u8(&cbb, NAMED_CURVE_TYPE) || | |||
!CBB_add_u16(&cbb, group_id) || | |||
!CBB_add_u8_length_prefixed(&cbb, &child) || | |||
!SSL_ECDH_CTX_offer(&ssl->s3->hs->ecdh_ctx, &child)) { | |||
!SSL_ECDH_CTX_offer(&hs->ecdh_ctx, &child)) { | |||
goto err; | |||
} | |||
} else if (alg_k & SSL_kCECPQ1) { | |||
SSL_ECDH_CTX_init_for_cecpq1(&ssl->s3->hs->ecdh_ctx); | |||
SSL_ECDH_CTX_init_for_cecpq1(&hs->ecdh_ctx); | |||
if (!CBB_add_u16_length_prefixed(&cbb, &child) || | |||
!SSL_ECDH_CTX_offer(&ssl->s3->hs->ecdh_ctx, &child)) { | |||
!SSL_ECDH_CTX_offer(&hs->ecdh_ctx, &child)) { | |||
goto err; | |||
} | |||
} else { | |||
assert(alg_k & SSL_kPSK); | |||
} | |||
if (!CBB_finish(&cbb, &ssl->s3->hs->server_params, | |||
&ssl->s3->hs->server_params_len)) { | |||
if (!CBB_finish(&cbb, &hs->server_params, &hs->server_params_len)) { | |||
goto err; | |||
} | |||
} | |||
@@ -1083,8 +1087,7 @@ static int ssl3_send_server_key_exchange(SSL *ssl) { | |||
CBB body; | |||
if (!ssl->method->init_message(ssl, &cbb, &body, | |||
SSL3_MT_SERVER_KEY_EXCHANGE) || | |||
!CBB_add_bytes(&body, ssl->s3->hs->server_params, | |||
ssl->s3->hs->server_params_len)) { | |||
!CBB_add_bytes(&body, hs->server_params, hs->server_params_len)) { | |||
goto err; | |||
} | |||
@@ -1123,11 +1126,13 @@ static int ssl3_send_server_key_exchange(SSL *ssl) { | |||
uint8_t *transcript_data; | |||
size_t transcript_len; | |||
if (!CBB_init(&transcript, | |||
2*SSL3_RANDOM_SIZE + ssl->s3->hs->server_params_len) || | |||
!CBB_add_bytes(&transcript, ssl->s3->client_random, SSL3_RANDOM_SIZE) || | |||
!CBB_add_bytes(&transcript, ssl->s3->server_random, SSL3_RANDOM_SIZE) || | |||
!CBB_add_bytes(&transcript, ssl->s3->hs->server_params, | |||
ssl->s3->hs->server_params_len) || | |||
2 * SSL3_RANDOM_SIZE + hs->server_params_len) || | |||
!CBB_add_bytes(&transcript, ssl->s3->client_random, | |||
SSL3_RANDOM_SIZE) || | |||
!CBB_add_bytes(&transcript, ssl->s3->server_random, | |||
SSL3_RANDOM_SIZE) || | |||
!CBB_add_bytes(&transcript, hs->server_params, | |||
hs->server_params_len) || | |||
!CBB_finish(&transcript, &transcript_data, &transcript_len)) { | |||
CBB_cleanup(&transcript); | |||
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); | |||
@@ -1163,9 +1168,9 @@ static int ssl3_send_server_key_exchange(SSL *ssl) { | |||
goto err; | |||
} | |||
OPENSSL_free(ssl->s3->hs->server_params); | |||
ssl->s3->hs->server_params = NULL; | |||
ssl->s3->hs->server_params_len = 0; | |||
OPENSSL_free(hs->server_params); | |||
hs->server_params = NULL; | |||
hs->server_params_len = 0; | |||
ssl->state = SSL3_ST_SW_KEY_EXCH_C; | |||
return ssl->method->write_message(ssl); | |||
@@ -1213,7 +1218,8 @@ static int add_cert_types(SSL *ssl, CBB *cbb) { | |||
return 1; | |||
} | |||
static int ssl3_send_certificate_request(SSL *ssl) { | |||
static int ssl3_send_certificate_request(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_SW_CERT_REQ_B) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -1254,7 +1260,8 @@ err: | |||
return -1; | |||
} | |||
static int ssl3_send_server_hello_done(SSL *ssl) { | |||
static int ssl3_send_server_hello_done(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_SW_SRVR_DONE_B) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -1271,8 +1278,9 @@ static int ssl3_send_server_hello_done(SSL *ssl) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
static int ssl3_get_client_certificate(SSL *ssl) { | |||
assert(ssl->s3->hs->cert_request); | |||
static int ssl3_get_client_certificate(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
assert(hs->cert_request); | |||
int msg_ret = ssl->method->ssl_get_message(ssl, -1, ssl_hash_message); | |||
if (msg_ret <= 0) { | |||
@@ -1370,7 +1378,8 @@ err: | |||
return -1; | |||
} | |||
static int ssl3_get_client_key_exchange(SSL *ssl) { | |||
static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int al; | |||
CBS client_key_exchange; | |||
uint32_t alg_k; | |||
@@ -1553,8 +1562,7 @@ static int ssl3_get_client_key_exchange(SSL *ssl) { | |||
} else if (alg_k & (SSL_kECDHE|SSL_kDHE|SSL_kCECPQ1)) { | |||
/* Parse the ClientKeyExchange. */ | |||
CBS peer_key; | |||
if (!SSL_ECDH_CTX_get_key(&ssl->s3->hs->ecdh_ctx, &client_key_exchange, | |||
&peer_key) || | |||
if (!SSL_ECDH_CTX_get_key(&hs->ecdh_ctx, &client_key_exchange, &peer_key) || | |||
CBS_len(&client_key_exchange) != 0) { | |||
al = SSL_AD_DECODE_ERROR; | |||
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); | |||
@@ -1563,7 +1571,7 @@ static int ssl3_get_client_key_exchange(SSL *ssl) { | |||
/* Compute the premaster. */ | |||
uint8_t alert; | |||
if (!SSL_ECDH_CTX_finish(&ssl->s3->hs->ecdh_ctx, &premaster_secret, | |||
if (!SSL_ECDH_CTX_finish(&hs->ecdh_ctx, &premaster_secret, | |||
&premaster_secret_len, &alert, CBS_data(&peer_key), | |||
CBS_len(&peer_key))) { | |||
al = alert; | |||
@@ -1571,7 +1579,7 @@ static int ssl3_get_client_key_exchange(SSL *ssl) { | |||
} | |||
/* The key exchange state may now be discarded. */ | |||
SSL_ECDH_CTX_cleanup(&ssl->s3->hs->ecdh_ctx); | |||
SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx); | |||
} else if (alg_k & SSL_kPSK) { | |||
/* For plain PSK, other_secret is a block of 0s with the same length as the | |||
* pre-shared key. */ | |||
@@ -1639,7 +1647,8 @@ err: | |||
return -1; | |||
} | |||
static int ssl3_get_cert_verify(SSL *ssl) { | |||
static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int al, ret = 0; | |||
CBS certificate_verify, signature; | |||
X509 *peer = ssl->s3->new_session->x509_peer; | |||
@@ -1755,7 +1764,8 @@ err: | |||
/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It | |||
* sets the next_proto member in s if found */ | |||
static int ssl3_get_next_proto(SSL *ssl) { | |||
static int ssl3_get_next_proto(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int ret = | |||
ssl->method->ssl_get_message(ssl, SSL3_MT_NEXT_PROTO, ssl_hash_message); | |||
if (ret <= 0) { | |||
@@ -1781,7 +1791,8 @@ static int ssl3_get_next_proto(SSL *ssl) { | |||
} | |||
/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */ | |||
static int ssl3_get_channel_id(SSL *ssl) { | |||
static int ssl3_get_channel_id(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int msg_ret = ssl->method->ssl_get_message(ssl, SSL3_MT_CHANNEL_ID, | |||
ssl_dont_hash_message); | |||
if (msg_ret <= 0) { | |||
@@ -1795,7 +1806,8 @@ static int ssl3_get_channel_id(SSL *ssl) { | |||
return 1; | |||
} | |||
static int ssl3_send_new_session_ticket(SSL *ssl) { | |||
static int ssl3_send_new_session_ticket(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == SSL3_ST_SW_SESSION_TICKET_B) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -889,7 +889,7 @@ struct ssl_handshake_st { | |||
/* do_tls13_handshake runs the TLS 1.3 handshake. On completion, it returns | |||
* |ssl_hs_ok|. Otherwise, it returns a value corresponding to what operation | |||
* is needed to progress. */ | |||
enum ssl_hs_wait_t (*do_tls13_handshake)(SSL *ssl); | |||
enum ssl_hs_wait_t (*do_tls13_handshake)(SSL_HANDSHAKE *hs); | |||
int state; | |||
@@ -1034,12 +1034,12 @@ void ssl_handshake_free(SSL_HANDSHAKE *hs); | |||
/* tls13_handshake runs the TLS 1.3 handshake. It returns one on success and <= | |||
* 0 on error. */ | |||
int tls13_handshake(SSL *ssl); | |||
int tls13_handshake(SSL_HANDSHAKE *hs); | |||
/* The following are implementations of |do_tls13_handshake| for the client and | |||
* server. */ | |||
enum ssl_hs_wait_t tls13_client_handshake(SSL *ssl); | |||
enum ssl_hs_wait_t tls13_server_handshake(SSL *ssl); | |||
enum ssl_hs_wait_t tls13_client_handshake(SSL_HANDSHAKE *hs); | |||
enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs); | |||
/* tls13_post_handshake processes a post-handshake message. It returns one on | |||
* success and zero on failure. */ | |||
@@ -1730,7 +1730,7 @@ void ssl_get_compatible_server_ciphers(SSL *ssl, uint32_t *out_mask_k, | |||
int ssl_verify_alarm_type(long type); | |||
int ssl3_get_finished(SSL *ssl); | |||
int ssl3_get_finished(SSL_HANDSHAKE *hs); | |||
int ssl3_send_change_cipher_spec(SSL *ssl); | |||
int ssl3_send_alert(SSL *ssl, int level, int desc); | |||
int ssl3_get_message(SSL *ssl, int msg_type, | |||
@@ -1745,7 +1745,7 @@ void ssl3_release_current_message(SSL *ssl, int free_buffer); | |||
int ssl3_cert_verify_hash(SSL *ssl, const EVP_MD **out_md, uint8_t *out, | |||
size_t *out_len, uint16_t signature_algorithm); | |||
int ssl3_send_finished(SSL *ssl, int a, int b); | |||
int ssl3_send_finished(SSL_HANDSHAKE *hs, int a, int b); | |||
int ssl3_supports_cipher(const SSL_CIPHER *cipher); | |||
int ssl3_dispatch_alert(SSL *ssl); | |||
int ssl3_read_app_data(SSL *ssl, int *out_got_handshake, uint8_t *buf, int len, | |||
@@ -260,7 +260,8 @@ int ssl3_write_message(SSL *ssl) { | |||
return 1; | |||
} | |||
int ssl3_send_finished(SSL *ssl, int a, int b) { | |||
int ssl3_send_finished(SSL_HANDSHAKE *hs, int a, int b) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->state == b) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
@@ -309,7 +310,8 @@ int ssl3_send_finished(SSL *ssl, int a, int b) { | |||
return ssl->method->write_message(ssl); | |||
} | |||
int ssl3_get_finished(SSL *ssl) { | |||
int ssl3_get_finished(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
int ret = ssl->method->ssl_get_message(ssl, SSL3_MT_FINISHED, | |||
ssl_dont_hash_message); | |||
if (ret <= 0) { | |||
@@ -34,9 +34,8 @@ | |||
* without being able to return application data. */ | |||
static const uint8_t kMaxKeyUpdates = 32; | |||
int tls13_handshake(SSL *ssl) { | |||
SSL_HANDSHAKE *hs = ssl->s3->hs; | |||
int tls13_handshake(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
for (;;) { | |||
/* Resolve the operation the handshake was waiting on. */ | |||
switch (hs->wait) { | |||
@@ -95,7 +94,7 @@ int tls13_handshake(SSL *ssl) { | |||
} | |||
/* Run the state machine again. */ | |||
hs->wait = hs->do_tls13_handshake(ssl); | |||
hs->wait = hs->do_tls13_handshake(hs); | |||
if (hs->wait == ssl_hs_error) { | |||
/* Don't loop around to avoid a stray |SSL_R_SSL_HANDSHAKE_FAILURE| the | |||
* first time around. */ | |||
@@ -50,8 +50,8 @@ enum client_hs_state_t { | |||
static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0}; | |||
static enum ssl_hs_wait_t do_process_hello_retry_request(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_process_hello_retry_request(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->s3->tmp.message_type != SSL3_MT_HELLO_RETRY_REQUEST) { | |||
hs->state = state_process_server_hello; | |||
return ssl_hs_ok; | |||
@@ -142,9 +142,8 @@ static enum ssl_hs_wait_t do_process_hello_retry_request(SSL *ssl, | |||
return ssl_hs_ok; | |||
} | |||
static enum ssl_hs_wait_t do_send_second_client_hello(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
if (!ssl_write_client_hello(ssl)) { | |||
static enum ssl_hs_wait_t do_send_second_client_hello(SSL_HANDSHAKE *hs) { | |||
if (!ssl_write_client_hello(hs->ssl)) { | |||
return ssl_hs_error; | |||
} | |||
@@ -152,13 +151,13 @@ static enum ssl_hs_wait_t do_send_second_client_hello(SSL *ssl, | |||
return ssl_hs_write_message; | |||
} | |||
static enum ssl_hs_wait_t do_flush_second_client_hello(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_flush_second_client_hello(SSL_HANDSHAKE *hs) { | |||
hs->state = state_process_server_hello; | |||
return ssl_hs_flush_and_read_message; | |||
} | |||
static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_process_server_hello(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!tls13_check_message_type(ssl, SSL3_MT_SERVER_HELLO)) { | |||
return ssl_hs_error; | |||
} | |||
@@ -321,8 +320,8 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
return ssl_hs_read_message; | |||
} | |||
static enum ssl_hs_wait_t do_process_encrypted_extensions(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_process_encrypted_extensions(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!tls13_check_message_type(ssl, SSL3_MT_ENCRYPTED_EXTENSIONS)) { | |||
return ssl_hs_error; | |||
} | |||
@@ -347,8 +346,8 @@ static enum ssl_hs_wait_t do_process_encrypted_extensions(SSL *ssl, | |||
return ssl_hs_read_message; | |||
} | |||
static enum ssl_hs_wait_t do_process_certificate_request(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_process_certificate_request(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
/* CertificateRequest may only be sent in non-resumption handshakes. */ | |||
if (ssl->s3->session_reused) { | |||
hs->state = state_process_server_finished; | |||
@@ -391,9 +390,9 @@ static enum ssl_hs_wait_t do_process_certificate_request(SSL *ssl, | |||
return ssl_hs_error; | |||
} | |||
ssl->s3->hs->cert_request = 1; | |||
sk_X509_NAME_pop_free(ssl->s3->hs->ca_names, X509_NAME_free); | |||
ssl->s3->hs->ca_names = ca_sk; | |||
hs->cert_request = 1; | |||
sk_X509_NAME_pop_free(hs->ca_names, X509_NAME_free); | |||
hs->ca_names = ca_sk; | |||
if (!ssl_hash_current_message(ssl)) { | |||
return ssl_hs_error; | |||
@@ -403,8 +402,8 @@ static enum ssl_hs_wait_t do_process_certificate_request(SSL *ssl, | |||
return ssl_hs_read_message; | |||
} | |||
static enum ssl_hs_wait_t do_process_server_certificate(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_process_server_certificate(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!tls13_check_message_type(ssl, SSL3_MT_CERTIFICATE) || | |||
!tls13_process_certificate(ssl, 0 /* certificate required */) || | |||
!ssl_hash_current_message(ssl)) { | |||
@@ -416,7 +415,8 @@ static enum ssl_hs_wait_t do_process_server_certificate(SSL *ssl, | |||
} | |||
static enum ssl_hs_wait_t do_process_server_certificate_verify( | |||
SSL *ssl, SSL_HANDSHAKE *hs) { | |||
SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!tls13_check_message_type(ssl, SSL3_MT_CERTIFICATE_VERIFY) || | |||
!tls13_process_certificate_verify(ssl) || | |||
!ssl_hash_current_message(ssl)) { | |||
@@ -427,8 +427,8 @@ static enum ssl_hs_wait_t do_process_server_certificate_verify( | |||
return ssl_hs_read_message; | |||
} | |||
static enum ssl_hs_wait_t do_process_server_finished(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_process_server_finished(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!tls13_check_message_type(ssl, SSL3_MT_FINISHED) || | |||
!tls13_process_finished(ssl) || | |||
!ssl_hash_current_message(ssl) || | |||
@@ -443,9 +443,10 @@ static enum ssl_hs_wait_t do_process_server_finished(SSL *ssl, | |||
return ssl_hs_ok; | |||
} | |||
static enum ssl_hs_wait_t do_certificate_callback(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_certificate_callback(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
/* The peer didn't request a certificate. */ | |||
if (!ssl->s3->hs->cert_request) { | |||
if (!hs->cert_request) { | |||
hs->state = state_send_channel_id; | |||
return ssl_hs_ok; | |||
} | |||
@@ -468,8 +469,8 @@ static enum ssl_hs_wait_t do_certificate_callback(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
return ssl_hs_ok; | |||
} | |||
static enum ssl_hs_wait_t do_send_client_certificate(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
/* Call client_cert_cb to update the certificate. */ | |||
int should_retry; | |||
if (!ssl_do_client_cert_cb(ssl, &should_retry)) { | |||
@@ -488,9 +489,9 @@ static enum ssl_hs_wait_t do_send_client_certificate(SSL *ssl, | |||
return ssl_hs_write_message; | |||
} | |||
static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL *ssl, | |||
SSL_HANDSHAKE *hs, | |||
static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs, | |||
int is_first_run) { | |||
SSL *const ssl = hs->ssl; | |||
/* Don't send CertificateVerify if there is no certificate. */ | |||
if (!ssl_has_certificate(ssl)) { | |||
hs->state = state_send_channel_id; | |||
@@ -514,7 +515,8 @@ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL *ssl, | |||
return ssl_hs_error; | |||
} | |||
static enum ssl_hs_wait_t do_send_channel_id(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_send_channel_id(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!ssl->s3->tlsext_channel_id_valid) { | |||
hs->state = state_send_client_finished; | |||
return ssl_hs_ok; | |||
@@ -540,8 +542,8 @@ static enum ssl_hs_wait_t do_send_channel_id(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
return ssl_hs_write_message; | |||
} | |||
static enum ssl_hs_wait_t do_send_client_finished(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
if (!tls13_prepare_finished(ssl)) { | |||
static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) { | |||
if (!tls13_prepare_finished(hs->ssl)) { | |||
return ssl_hs_error; | |||
} | |||
@@ -549,7 +551,8 @@ static enum ssl_hs_wait_t do_send_client_finished(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
return ssl_hs_write_message; | |||
} | |||
static enum ssl_hs_wait_t do_flush(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_flush(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!tls13_set_traffic_key(ssl, evp_aead_open, hs->server_traffic_secret_0, | |||
hs->hash_len) || | |||
!tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_traffic_secret_0, | |||
@@ -562,60 +565,58 @@ static enum ssl_hs_wait_t do_flush(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
return ssl_hs_flush; | |||
} | |||
enum ssl_hs_wait_t tls13_client_handshake(SSL *ssl) { | |||
SSL_HANDSHAKE *hs = ssl->s3->hs; | |||
enum ssl_hs_wait_t tls13_client_handshake(SSL_HANDSHAKE *hs) { | |||
while (hs->state != state_done) { | |||
enum ssl_hs_wait_t ret = ssl_hs_error; | |||
enum client_hs_state_t state = hs->state; | |||
switch (state) { | |||
case state_process_hello_retry_request: | |||
ret = do_process_hello_retry_request(ssl, hs); | |||
ret = do_process_hello_retry_request(hs); | |||
break; | |||
case state_send_second_client_hello: | |||
ret = do_send_second_client_hello(ssl, hs); | |||
ret = do_send_second_client_hello(hs); | |||
break; | |||
case state_flush_second_client_hello: | |||
ret = do_flush_second_client_hello(ssl, hs); | |||
ret = do_flush_second_client_hello(hs); | |||
break; | |||
case state_process_server_hello: | |||
ret = do_process_server_hello(ssl, hs); | |||
ret = do_process_server_hello(hs); | |||
break; | |||
case state_process_encrypted_extensions: | |||
ret = do_process_encrypted_extensions(ssl, hs); | |||
ret = do_process_encrypted_extensions(hs); | |||
break; | |||
case state_process_certificate_request: | |||
ret = do_process_certificate_request(ssl, hs); | |||
ret = do_process_certificate_request(hs); | |||
break; | |||
case state_process_server_certificate: | |||
ret = do_process_server_certificate(ssl, hs); | |||
ret = do_process_server_certificate(hs); | |||
break; | |||
case state_process_server_certificate_verify: | |||
ret = do_process_server_certificate_verify(ssl, hs); | |||
ret = do_process_server_certificate_verify(hs); | |||
break; | |||
case state_process_server_finished: | |||
ret = do_process_server_finished(ssl, hs); | |||
ret = do_process_server_finished(hs); | |||
break; | |||
case state_certificate_callback: | |||
ret = do_certificate_callback(ssl, hs); | |||
ret = do_certificate_callback(hs); | |||
break; | |||
case state_send_client_certificate: | |||
ret = do_send_client_certificate(ssl, hs); | |||
ret = do_send_client_certificate(hs); | |||
break; | |||
case state_send_client_certificate_verify: | |||
ret = do_send_client_certificate_verify(ssl, hs, 1 /* first run */); | |||
ret = do_send_client_certificate_verify(hs, 1 /* first run */); | |||
break; | |||
case state_complete_client_certificate_verify: | |||
ret = do_send_client_certificate_verify(ssl, hs, 0 /* complete */); | |||
ret = do_send_client_certificate_verify(hs, 0 /* complete */); | |||
break; | |||
case state_send_channel_id: | |||
ret = do_send_channel_id(ssl, hs); | |||
ret = do_send_channel_id(hs); | |||
break; | |||
case state_send_client_finished: | |||
ret = do_send_client_finished(ssl, hs); | |||
ret = do_send_client_finished(hs); | |||
break; | |||
case state_flush: | |||
ret = do_flush(ssl, hs); | |||
ret = do_flush(hs); | |||
break; | |||
case state_done: | |||
ret = ssl_hs_ok; | |||
@@ -87,7 +87,8 @@ static int resolve_ecdhe_secret(SSL *ssl, int *out_need_retry, | |||
return ok; | |||
} | |||
static enum ssl_hs_wait_t do_process_client_hello(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_process_client_hello(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!tls13_check_message_type(ssl, SSL3_MT_CLIENT_HELLO)) { | |||
return ssl_hs_error; | |||
} | |||
@@ -173,7 +174,8 @@ static const SSL_CIPHER *choose_tls13_cipher( | |||
return best; | |||
} | |||
static enum ssl_hs_wait_t do_select_parameters(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_select_parameters(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
/* Call |cert_cb| to update server certificates if required. */ | |||
if (ssl->cert->cert_cb != NULL) { | |||
int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg); | |||
@@ -317,8 +319,8 @@ static enum ssl_hs_wait_t do_select_parameters(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
return ssl_hs_ok; | |||
} | |||
static enum ssl_hs_wait_t do_send_hello_retry_request(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_send_hello_retry_request(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
CBB cbb, body, extensions; | |||
uint16_t group_id; | |||
if (!ssl->method->init_message(ssl, &cbb, &body, | |||
@@ -338,14 +340,13 @@ static enum ssl_hs_wait_t do_send_hello_retry_request(SSL *ssl, | |||
return ssl_hs_write_message; | |||
} | |||
static enum ssl_hs_wait_t do_flush_hello_retry_request(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_flush_hello_retry_request(SSL_HANDSHAKE *hs) { | |||
hs->state = state_process_second_client_hello; | |||
return ssl_hs_flush_and_read_message; | |||
} | |||
static enum ssl_hs_wait_t do_process_second_client_hello(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_process_second_client_hello(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!tls13_check_message_type(ssl, SSL3_MT_CLIENT_HELLO)) { | |||
return ssl_hs_error; | |||
} | |||
@@ -377,7 +378,8 @@ static enum ssl_hs_wait_t do_process_second_client_hello(SSL *ssl, | |||
return ssl_hs_ok; | |||
} | |||
static enum ssl_hs_wait_t do_send_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
CBB cbb, body, extensions; | |||
if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_SERVER_HELLO) || | |||
!CBB_add_u16(&body, ssl->version) || | |||
@@ -399,8 +401,8 @@ err: | |||
return ssl_hs_error; | |||
} | |||
static enum ssl_hs_wait_t do_send_encrypted_extensions(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_send_encrypted_extensions(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!tls13_set_handshake_traffic(ssl)) { | |||
return ssl_hs_error; | |||
} | |||
@@ -418,16 +420,16 @@ static enum ssl_hs_wait_t do_send_encrypted_extensions(SSL *ssl, | |||
return ssl_hs_write_message; | |||
} | |||
static enum ssl_hs_wait_t do_send_certificate_request(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_send_certificate_request(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
/* Determine whether to request a client certificate. */ | |||
ssl->s3->hs->cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER); | |||
hs->cert_request = !!(ssl->verify_mode & SSL_VERIFY_PEER); | |||
/* CertificateRequest may only be sent in non-resumption handshakes. */ | |||
if (ssl->s3->session_reused) { | |||
ssl->s3->hs->cert_request = 0; | |||
hs->cert_request = 0; | |||
} | |||
if (!ssl->s3->hs->cert_request) { | |||
if (!hs->cert_request) { | |||
/* Skip this state. */ | |||
hs->state = state_send_server_certificate; | |||
return ssl_hs_ok; | |||
@@ -466,8 +468,8 @@ err: | |||
return ssl_hs_error; | |||
} | |||
static enum ssl_hs_wait_t do_send_server_certificate(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_send_server_certificate(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->s3->session_reused) { | |||
hs->state = state_send_server_finished; | |||
return ssl_hs_ok; | |||
@@ -486,10 +488,9 @@ static enum ssl_hs_wait_t do_send_server_certificate(SSL *ssl, | |||
return ssl_hs_write_message; | |||
} | |||
static enum ssl_hs_wait_t do_send_server_certificate_verify(SSL *ssl, | |||
SSL_HANDSHAKE *hs, | |||
static enum ssl_hs_wait_t do_send_server_certificate_verify(SSL_HANDSHAKE *hs, | |||
int is_first_run) { | |||
switch (tls13_prepare_certificate_verify(ssl, is_first_run)) { | |||
switch (tls13_prepare_certificate_verify(hs->ssl, is_first_run)) { | |||
case ssl_private_key_success: | |||
hs->state = state_send_server_finished; | |||
return ssl_hs_write_message; | |||
@@ -506,8 +507,8 @@ static enum ssl_hs_wait_t do_send_server_certificate_verify(SSL *ssl, | |||
return ssl_hs_error; | |||
} | |||
static enum ssl_hs_wait_t do_send_server_finished(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
if (!tls13_prepare_finished(ssl)) { | |||
static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) { | |||
if (!tls13_prepare_finished(hs->ssl)) { | |||
return ssl_hs_error; | |||
} | |||
@@ -515,7 +516,8 @@ static enum ssl_hs_wait_t do_send_server_finished(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
return ssl_hs_write_message; | |||
} | |||
static enum ssl_hs_wait_t do_flush(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_flush(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
/* Update the secret to the master secret and derive traffic keys. */ | |||
if (!tls13_advance_key_schedule(ssl, kZeroes, hs->hash_len) || | |||
!tls13_derive_application_secrets(ssl) || | |||
@@ -528,9 +530,9 @@ static enum ssl_hs_wait_t do_flush(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
return ssl_hs_flush_and_read_message; | |||
} | |||
static enum ssl_hs_wait_t do_process_client_certificate(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
if (!ssl->s3->hs->cert_request) { | |||
static enum ssl_hs_wait_t do_process_client_certificate(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!hs->cert_request) { | |||
/* OpenSSL returns X509_V_OK when no certificates are requested. This is | |||
* classed by them as a bug, but it's assumed by at least NGINX. */ | |||
ssl->s3->new_session->verify_result = X509_V_OK; | |||
@@ -560,7 +562,8 @@ static enum ssl_hs_wait_t do_process_client_certificate(SSL *ssl, | |||
} | |||
static enum ssl_hs_wait_t do_process_client_certificate_verify( | |||
SSL *ssl, SSL_HANDSHAKE *hs) { | |||
SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (ssl->s3->new_session->x509_peer == NULL) { | |||
/* Skip this state. */ | |||
hs->state = state_process_channel_id; | |||
@@ -577,7 +580,8 @@ static enum ssl_hs_wait_t do_process_client_certificate_verify( | |||
return ssl_hs_read_message; | |||
} | |||
static enum ssl_hs_wait_t do_process_channel_id(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_process_channel_id(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!ssl->s3->tlsext_channel_id_valid) { | |||
hs->state = state_process_client_finished; | |||
return ssl_hs_ok; | |||
@@ -593,8 +597,8 @@ static enum ssl_hs_wait_t do_process_channel_id(SSL *ssl, SSL_HANDSHAKE *hs) { | |||
return ssl_hs_read_message; | |||
} | |||
static enum ssl_hs_wait_t do_process_client_finished(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_process_client_finished(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
if (!tls13_check_message_type(ssl, SSL3_MT_FINISHED) || | |||
!tls13_process_finished(ssl) || | |||
!ssl_hash_current_message(ssl) || | |||
@@ -618,8 +622,8 @@ static enum ssl_hs_wait_t do_process_client_finished(SSL *ssl, | |||
* client makes several connections before getting a renewal. */ | |||
static const int kNumTickets = 2; | |||
static enum ssl_hs_wait_t do_send_new_session_ticket(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_send_new_session_ticket(SSL_HANDSHAKE *hs) { | |||
SSL *const ssl = hs->ssl; | |||
/* If the client doesn't accept resumption with PSK_DHE_KE, don't send a | |||
* session ticket. */ | |||
if (!hs->accept_psk_mode) { | |||
@@ -671,75 +675,72 @@ err: | |||
return ssl_hs_error; | |||
} | |||
static enum ssl_hs_wait_t do_flush_new_session_tickets(SSL *ssl, | |||
SSL_HANDSHAKE *hs) { | |||
static enum ssl_hs_wait_t do_flush_new_session_tickets(SSL_HANDSHAKE *hs) { | |||
hs->state = state_done; | |||
return ssl_hs_flush; | |||
} | |||
enum ssl_hs_wait_t tls13_server_handshake(SSL *ssl) { | |||
SSL_HANDSHAKE *hs = ssl->s3->hs; | |||
enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs) { | |||
while (hs->state != state_done) { | |||
enum ssl_hs_wait_t ret = ssl_hs_error; | |||
enum server_hs_state_t state = hs->state; | |||
switch (state) { | |||
case state_process_client_hello: | |||
ret = do_process_client_hello(ssl, hs); | |||
ret = do_process_client_hello(hs); | |||
break; | |||
case state_select_parameters: | |||
ret = do_select_parameters(ssl, hs); | |||
ret = do_select_parameters(hs); | |||
break; | |||
case state_send_hello_retry_request: | |||
ret = do_send_hello_retry_request(ssl, hs); | |||
ret = do_send_hello_retry_request(hs); | |||
break; | |||
case state_flush_hello_retry_request: | |||
ret = do_flush_hello_retry_request(ssl, hs); | |||
ret = do_flush_hello_retry_request(hs); | |||
break; | |||
case state_process_second_client_hello: | |||
ret = do_process_second_client_hello(ssl, hs); | |||
ret = do_process_second_client_hello(hs); | |||
break; | |||
case state_send_server_hello: | |||
ret = do_send_server_hello(ssl, hs); | |||
ret = do_send_server_hello(hs); | |||
break; | |||
case state_send_encrypted_extensions: | |||
ret = do_send_encrypted_extensions(ssl, hs); | |||
ret = do_send_encrypted_extensions(hs); | |||
break; | |||
case state_send_certificate_request: | |||
ret = do_send_certificate_request(ssl, hs); | |||
ret = do_send_certificate_request(hs); | |||
break; | |||
case state_send_server_certificate: | |||
ret = do_send_server_certificate(ssl, hs); | |||
ret = do_send_server_certificate(hs); | |||
break; | |||
case state_send_server_certificate_verify: | |||
ret = do_send_server_certificate_verify(ssl, hs, 1 /* first run */); | |||
ret = do_send_server_certificate_verify(hs, 1 /* first run */); | |||
break; | |||
case state_complete_server_certificate_verify: | |||
ret = do_send_server_certificate_verify(ssl, hs, 0 /* complete */); | |||
ret = do_send_server_certificate_verify(hs, 0 /* complete */); | |||
break; | |||
case state_send_server_finished: | |||
ret = do_send_server_finished(ssl, hs); | |||
ret = do_send_server_finished(hs); | |||
break; | |||
case state_flush: | |||
ret = do_flush(ssl, hs); | |||
ret = do_flush(hs); | |||
break; | |||
case state_process_client_certificate: | |||
ret = do_process_client_certificate(ssl, hs); | |||
ret = do_process_client_certificate(hs); | |||
break; | |||
case state_process_client_certificate_verify: | |||
ret = do_process_client_certificate_verify(ssl, hs); | |||
ret = do_process_client_certificate_verify(hs); | |||
break; | |||
case state_process_channel_id: | |||
ret = do_process_channel_id(ssl, hs); | |||
ret = do_process_channel_id(hs); | |||
break; | |||
case state_process_client_finished: | |||
ret = do_process_client_finished(ssl, hs); | |||
ret = do_process_client_finished(hs); | |||
break; | |||
case state_send_new_session_ticket: | |||
ret = do_send_new_session_ticket(ssl, hs); | |||
ret = do_send_new_session_ticket(hs); | |||
break; | |||
case state_flush_new_session_tickets: | |||
ret = do_flush_new_session_tickets(ssl, hs); | |||
ret = do_flush_new_session_tickets(hs); | |||
break; | |||
case state_done: | |||
ret = ssl_hs_ok; | |||